Cross posted from stackoverflow
I’m setting up a root CA on a Cisco IOS router and trying to use the ios_command module to run the command crypto pki server my-ca start.
On running it, the following happens:
GW1(config)#do crypto pki server my-ca start
%Some server settings cannot be changed after CA certificate generation.
% Please enter a passphrase to protect the private key
% or type Return to exit
Password:
Re-enter password:
% Certificate Server enabled.
GW1(config)#
When trying to automate this in ansible, this is what I’ve been trying:
- name: Respond to double-password prompt
ios_command:
commands:
- command: crypto pki server my-ca start
prompt: 'assword:'
answer: "mypassword\r"
The output when running the playbook is as follows:
"stdout_lines": [
[
"%Some server settings cannot be changed after CA certificate generation.",
"% Please enter a passphrase to protect the private key",
"% or type Return to exit",
"Password: ",
"",
"Re-enter password: ",
"% Aborted."
]
]
It looks like the second prompt causes it to just cancel out by submitting “\r” rather than submitting “mypassword\r” again like it does at the first prompt.
I gave the ios_command prompt string ‘assword:’ so it should have matched both "Password: " and "Re-enter password: " but that didn’t make a difference.
Is there a way to make the ios_command module handle this double-prompt? As far as I can tell, I can’t put the password into the crypto pki server my-ca start command.