Cisco command that requires user input is stopping the playbook

aaqron · November 10, 2023, 8:07am

Hi all, I am trying to run ansible-playbook to my cisco switch. However, whenever I am trying to use command like “copy run start” or “clear counter” my playbook would just stucked and wont process further.

Can I get your advise on how do I create a playbook that can cater for command that might prompt for user input?

---
- name: Execute Cisco Commands
  hosts: cisco_node
  gather_facts: false
  vars_prompt:
    - name: cisco_commands
      prompt: "Enter the Cisco commands you want to execute (comma-separated)"
      private: no  # Set to yes if the commands may contain sensitive information

  tasks:
    - name: Convert input to list
      set_fact:
        commands_list: "{{ cisco_commands.split(',') }}"

    - name: Run Cisco Commands
      ios_command:
        commands: "{{ commands_list }}"
      register: result

    - name: Display Command Outputs
      debug:
        msg:
          - "Input Commands: {{ commands_list }}"
          - "Command Outputs: {{ result.stdout_lines }}"

kurokobo · November 10, 2023, 1:52pm

You can pass a dict containing command, answer and prompt for commands param for cisco.ios.ios_command.

See the docs:

If a command sent to the device requires answering a prompt, it is possible to pass a dict containing command , answer and prompt . Common answers are ‘y’ or “\r” (carriage return, must be double quotes). See examples.
cisco.ios.ios_command module – Module to run commands on remote devices. — Ansible Documentation

and its examples:

- name: Run commands that require answering a prompt
  cisco.ios.ios_command:
    commands:
      - command: "clear counters GigabitEthernet2"
        prompt: 'Clear "show interface" counters on this interface \[confirm\]'
        answer: "y"
      - command: "clear counters GigabitEthernet3"
        prompt: "[confirm]"
        answer: "\r"

cisco.ios.ios_command module – Module to run commands on remote devices. — Ansible Documentation

Similar tasks can be achieved by ansible.netcommon.cli_command. It does not accept a list of commands, but it does support multiple prompts. See the docs: ansible.netcommon.cli_command module – Run a cli command on cli-based network devices — Ansible Documentation

However, it may be a bit difficult to allow users to execute arbitrary commands, since it is obviously inconvenient to have them type in vars_prompt, including prompts and answers

IPvSean · November 10, 2023, 3:48pm

I got a video here on how to do this with cli_command->

this will work for Cisco IOS as well

aaqron · November 14, 2023, 3:21am

Hi @IPvSean,

Thanks for the video, it helps a lot!

However, if the user decided to use a different command each time, it is quite hard to maintain a long list of “prompt” right?

aaqron · November 14, 2023, 3:23am

Hi @kurokobo

Thanks for the idea, if the command that the user are using is quite different everytime, then I think there will be difficulties maintain a long list of expecting prompt…

IPvSean · November 14, 2023, 7:11pm

I would keep a dictionary of prompt responses based on command, not just have a massive list of responses for any conceivable command. Prompts are way less common then you would think, most use-cases are solved with a couple playbooks, and usually you are simply setting up something else to automate in a more regular good practice (where a prompt wouldn’t be involved).

So for my example the prompt and answer would be a dictionary lookup instead of putting the commands in the task, e.g.

Some file with vars->

prompt_commands:
  reset_password_juniper:
    commands: 
       - "configure"
       - "rollback"
       - "set system root-authentication plain-text-password"
       - "commit"
    prompts:
       - "New password"
       - "Retype new password"
    answers:
        - "{{ admin_password }}1"
        - "{{ admin_password }}1"

Now the playbook would look like this (not tested… make sure to test this out)

---
- name: change password to workshop default
  ansible.netcommon.cli_command:
    command: "{{ item }}"
    prompt: "{{ prompt_commands.reset_password_juniper.prompts }}"
    answer: "{{ prompt_commands.reset_password_juniper.answers }}"
    check_all: true
  loop: "{{ prompt_commands.reset_password_juniper.commands }}"
  register: change_password
  until: change_password is success

aaqron · November 22, 2023, 3:49am

Actually I have found out a way which is by using ios_config to suppress the prompt. However, I found out only prompt from some of the command can be suppressed.