Dynamic ios command prompts for cisco switches + output message.

• Hello Team,
  I am running ios_command as ansible tasks, which basically copying the files from remote machine onto local cisco switch and have observed that while executing the copy command from cli (directly on cisco) the prompts are random and also sometimes randomly shown in ansible tasks.
  Note: Twice i am being able to successfully test the copy file tasks, but later after removing / deleting the file on cisco switch and again running the copy tasks the prompts has changed.

Need your help for below queries:

1. How to handle the dynamic prompts in ansible tasks.
2. In the output below, the debug output is truncating the full message, need to show completed prompts / output

Cisco cli command:

#copy scp://<IP address of remote host>/cat9k_iosxe.17.09.07.SPA.bin flash: vrf Mgmt-vrf
  Address or name of remote host --> <prompt initially asked>
  Source username ? --> <usually asked>
  Source filename ? --> <random prompts>
  Destination filename ? --> <usually asked>
  Password:  --> <always asked>

Ansible code:

   - name: Execute SCP copy command
     cisco.ios.ios_command:
         commands:
           - command: "copy scp://{{ remote_host }}/{{ new_file }} flash:{{ new_file }} vrf Mgmt-vrf"
             prompt:
               - 'Address or name of remote host \[{{ remote_host }}\]\?'
               - 'Source username \[{{ source_username }}\]\?'
               - 'Source filename \[{{ new_file }}\]\?'
               - 'Destination filename \[{{ new_file }}\]\?'
               - 'Password:'
             answer:
               - ''                     	##"{{ remote_host }}"  # Address
               - ''                     	##"{{ source_username }}"  # Correct username
               - ''                     	##"{{ new_file }}"  # Correct source filename
               - ''                     	##"{{ new_file }}"  # Correct destination filename
               - "{{ srv_net_password }}"  	## Correct password
             check_all: True
         wait_for: 
          - result[0] contains "bytes copied"
         match: any
     register: sftp_output

Ansible output:

   TASK [switch-upgrade : Execute SCP copy command] *******************************
   fatal: [nwswitch]: FAILED! => changed=false 
   msg: |-
   	rf Mgmt-vrf
   	Source username [service-net.ansible]?
   	Destination filename [cat9k_iosxe.17.09.07.SPA.bin]?
   	Password:
   
   	% Authentication failed.
   
   	%Error opening scp://*@10.21.11.9/cat9k_iosxe.17.09.07.SPA.bin (Permission denied)
   	nwslab-lon2-csw-0601#
...ignoring

If you add the username to the scp command, IOS-XE only cares about the destination filename and password, so something like this should work:

- name: Execute SCP copy command
  ansible.netcommon.cli_command:
    command: >-
      copy scp://{{ source_username }}@{{ remote_host }}/{{ new_file }} flash:/{{ new_file }} vrf Mgmt-vrf
    prompt:
      - "Destination filename"
      - "Password"
    answer:
      - "{{ new_file }}"
      - "{{ srv_net_password }}"
    check_all: true
  no_log: true  # So password is not exposed.
  vars:
    ansible_command_timeout: 3600
    ansible_connect_timeout: 3600

Thanks for suggestion Jorn,
i already tried this and it was working but my query was related to (dynamic) prompts sometimes changes, do we have anything to handle them, if any?

• Will it make any difference using these modules?
  cisco.ios.ios_command
ansible.netcommon.cli_command

• Additionally: after successfully coping the file the below ‘stdout’ output gets stuck and doesnt proceed with next tasks, any suggestions?

  sftp_output:
    changed: false
    failed: false
    stdout:
    - |-
      Source username [service-net.ansible]?
      Destination filename [cat9k_iosxe.17.09.07.SPA.bin]?
      Password:

@harshit.sheth Welcome to the Ansible Forum.

I haven’t used it, though there is the net_put module created by Red Hat

There is also a net_get module to copy files from the network device to the Ansible Controller

No, Ansible does not have conditional logic for prompts.

i did tried that too to copy file from Ansible onto switch but failed with below error. Later i moved to cli copy command which is working for me.

FAILED! => changed=false 
  destination: flash:/
  msg: 'Exception received: Socket is closed'

can someone suggest me take back up to same ansible host server then ftp server.
i have tried couple of times with different mentods, but it did not work.

• name: Backup NQ Cisco Switch Config to FTP
  hosts: Tor-NQ-HUB-1
  gather_facts: no
  connection: network_cli

  tasks:

  • name: Get Current Date
    ansible.builtin.command:
    cmd: date +%Y-%b-%d
    register: date_output
    delegate_to: localhost

  • name: Get Current Time
    ansible.builtin.command:
    cmd: date +%H:%M
    register: time_output
    delegate_to: localhost

  • name: Retrieve running config
    ansible.builtin.command:
    commands: show running-config
    timeout: 60
    register: config_output

PLAY [Backup NQ Cisco Switch Config to FTP] ************************************14:37:46

2

3

TASK [Get Current Date] ********************************************************14:37:46

4

changed: [Tor-NQ-HUB-1 → localhost]

5

6

TASK [Get Current Time] ********************************************************14:37:48

7

changed: [Tor-NQ-HUB-1 → localhost]

8

9

TASK [Retrieve running config] *************************************************14:37:48

10

fatal: [Tor-NQ-HUB-1]: FAILED! => {“msg”: “the connection plugin ‘network_cli’ was not found”}

11

12

PLAY RECAP *********************************************************************14:37:48

13

Tor-NQ-HUB-1 : ok=2 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

i have this package already installed.
qosadmin@TORFSNQAWX01:~/awx-operator$ ansible-galaxy collection install -r requirements.yml
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/operator_sdk-util-0.5.0.tar.gz to /home/qosadmin/.ansible/tmp/ansible-local-928214yqireyxz/tmpvz_qpw_3/operator_sdk-util-0.5.0-tmxm0241
‘kubernetes.core:2.4.0’ is already installed, skipping.
‘ansible.netcommon:8.0.0’ is already installed, skipping.
‘ansible.posix:1.5.4’ is already installed, skipping.
‘community.general:10.6.0’ is already installed, skipping.
‘community.routeros:2.12.0’ is already installed, skipping.
‘community.network:5.0.2’ is already installed, skipping.
‘cisco.ios:10.0.0’ is already installed, skipping.
‘ansible.utils:6.0.0’ is already installed, skipping.
Installing ‘operator_sdk.util:0.5.0’ to ‘/home/qosadmin/.ansible/collections/ansible_collections/operator_sdk/util’
operator_sdk.util:0.5.0 was installed successfully
qosadmin@TORFSNQAWX01:~/awx-operator$ vi requirements.yml
qosadmin@TORFSNQAWX01:~/awx-operator$ ansible-doc -t become -l
ansible.builtin.runas Run As user
ansible.builtin.su Substitute User
ansible.builtin.sudo Substitute User DO
ansible.netcommon.enable Switch to elevated permissions on a network device
community.general.doas Do As user
community.general.dzdo Centrify’s Direct Authorize
community.general.ksu Kerberos substitute user
community.general.machinectl Systemd’s machinectl privilege escalation
community.general.pbrun PowerBroker run
community.general.pfexec profile based execution
community.general.pmrun Privilege Manager run
community.general.run0 Systemd’s run0
community.general.sesu CA Privileged Access Manager
community.general.sudosu Run tasks using sudo su -
containers.podman.podman_unshare Run tasks using podman unshare
qosadmin@TORFSNQAWX01:~/awx-operator$ ansible-galaxy collection list | grep cisco
cisco.ios 10.0.0
cisco.aci 2.8.0
cisco.asa 4.0.3
cisco.dnac 6.10.2
cisco.intersight 2.0.7
cisco.ios 5.3.0
cisco.iosxr 6.1.1
cisco.ise 2.7.0
cisco.meraki 2.17.2
cisco.mso 2.5.0
cisco.nxos 5.3.0
cisco.ucs 1.10.0
community.ciscosmb 1.0.7
qosadmin@TORFSNQAWX01:~/awx-operator$

without network_cli, i am getting following error.

[WARNING]: sftp transfer mechanism failed on [10.201.71.4]. Use ANSIBLE_DEBUG=1
to see detailed information
[WARNING]: scp transfer mechanism failed on [10.201.71.4]. Use ANSIBLE_DEBUG=1
to see detailed information
fatal: [Tor-NQ-HUB-1]: FAILED! => {“changed”: false, “module_stderr”: “Shared connection to 10.201.71.4 closed.\r\n”, “module_stdout”: “CC\r\n*********************************************************\r\n* Cisco 9500 TOR NQ HUB \r\n Unauthorized access prohibited \r\n \r\n********************************************************\r\nThis is a restricted system. All connections are logged.\r\nIf you are not authorized, log off now. Violators will be prosecuted.\r\n\r\n\r\nLine has invalid autocommand "/bin/sh -c ‘/usr/bin/python ‘"’"‘Line has invalid autocommand "/bin/sh -c ‘"’"’"’"‘"’"‘"’"‘( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c ‘"’"’"‘"’"‘"’"‘"’"‘"’"‘"’"‘"’"‘"’"‘"’"‘"’"‘"’"‘"’"‘"‘echo ~ciscosw && sleep 0’"’"‘"’"‘"’"‘"’"”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 0}
PLAY RECAP *********************************************************************
Tor-NQ-HUB-1 : ok=2 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0