Ansible raw module ASA

Good Morning,

I have been trying for months to get Ansible raw module and playbooks to work with Cisco ASAs. Finally after burning down my Ansible platforms and building new linux platforms I made some progress. I had to rebuild everything several times as it gets trashed with all the changes I try to make searching forums for no success.

Finally this build of Ubuntu, I am able to get my playbooks to run on ASAs but still with the -m RAW module any command issued just hangs. I hit control c after letting it sit for as long as 30 minutes and it end with execution interrupted.

Any help or advise would be appreciated. I been trying to resolve this for months.

(base) ajn@lab-lnx-wks1:~$ ansible asa -m raw -a “show ver” -u netadmin -k
SSH password:
^C [ERROR]: User interrupted execution
(base) ajn@lab-lnx-wks1:~$

User netadmin logged in to devnet-asa1
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help or ‘?’ for a list of available commands.
devnet-asa1# debug ssh 16
debug ssh enabled at level 16
devnet-asa1# Device ssh opened successfully.
SSH1: SSH client: IP = ‘192.168.1.39’ interface # = 4
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-2.0-Cisco-1.25

SSH1: send SSH message: outdata is NULL

server version string:SSH-2.0-Cisco-1.25
SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2

client version string:SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2

SSH2 1: SSH2_MSG_KEXINIT sent
SSH2 1: SSH2_MSG_KEXINIT received
SSH2: kex: client->server aes128-ctr hmac-sha2-256 none
SSH2: kex: server->client aes128-ctr hmac-sha2-256 none
SSH2: chose kex: diffie-hellman-group14-sha1.
SSH2 1: expecting SSH2_MSG_KEXDH_INIT
SSH2 1: SSH2_MSG_KEXDH_INIT received
SSH2 1: signature length 143 dh_len 256
SSH2: kex_derive_keys complete
SSH2 1: newkeys: mode 1
SSH2 1: SSH2_MSG_NEWKEYS sent
SSH2 1: waiting for SSH2_MSG_NEWKEYS
SSH2 1: newkeys: mode 0
SSH2 1: SSH2_MSG_NEWKEYS receivedSSH(netadmin): user authen method is ‘use AAA’, aaa server group ID = 1
SSH(netadmin): user authen method is ‘use AAA’, aaa server group ID = 1

SSH2 1: authentication successful for netadmin
SSH2 1: channel open request
SSH2 1: pty-req request
SSH2 1: requested tty: xterm-256color, height 0, width 0

SSH2 1: env request
SSH2 1: exec request
SSH2 1: exec message received
ci_cons_shell: thread->name: ssh, tid: 0x00007efca69f57c0 thread vcid : 0 ci_vcid : 507

SSH2 1: ssh_send unsuccessfulSSH1: Session disconnected by SSH server - error 0x00 “Internal error”

I am not sure why we need the raw module for this task. There is a cisco.asa Ansible Collection that specifically caters to managing ASA appliances. Have you tried any of the modules in there?

Hi,

Is there any specific requirement for using Ansible raw modules instead of available Ansible ASA collections modules which are specifically built for Cisco ASA and you can use any of the available ASA modules to configure your Cisco ASA device.
For getting the show version to run over your ASA box you can use the following play:

- name: Show the ASA version
cisco.asa.asa_command:
commands:
- show version

ref: asa_command module: https://github.com/ansible-collections/cisco.asa/blob/main/plugins/modules/asa_command.py

Regards,
Sumit

I use the raw module on most of my devices if I just want to issue a single command to one device. I could run a playbook. But find this easier. I use playbooks if I need to pull multiple devices.