Error handling in ios_config module

Archives Ansible Project
1

Hello

I am using ios_config module to configure crypto map on the router.

When you configure the empty crypto map statement the router display the following note:

HQ(config)crypto map CMAP 10 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.

The problem here is that this error fails the task and ansible does not execute all commands in list. Is there anyway to tell the ansible to ignore this message?

This is my task:

  • name: Configure crypto map

ios_config:

host: “{{ ansible_ssh_host }}”

username: “{{ username }}”

password: “{{ password }}”

lines:

  • match address GRE-IPSEC

parents: [‘crypto map CMAP {{ item.0 + 1 }} ipsec-isakmp’]

before: [‘no crypto map CMAP {{ item.0 + 1 }} ipsec-isakmp’]

match: strict

with_indexed_items: ‘{{ groups.remote }}’

when: “inventory_hostname in groups.hq”

I also tried to add “ignore_errors: yes”. But still it does not execute all commands in the lines.

I was reading about failed_when attribute but I was not able to implement this in the correct way.

(failed_when: "‘FAILED’ in command_result.msg)

Any ideas?

BR,

Uros

2

Maybe you can try blocks Ansible Blocks, they work pretty similar to Python Try/Except/Finally.
Thanks.

3

Hello

Thanks for the answer. I tried your suggested solution but it does not help.

The problem is that if task fails in the block section, then the rescue section is initiated. But the task fails here as well.

Trying to find other solution… :slight_smile:

BR,

Uros

Dne sobota, 26. marec 2016 15.49.30 UTC+1 je oseba Roger Gomez napisala:

4

Its a bug in ios_config not properly handling the return prompt. Should have a fix committed soon to address this

5

Ok great. Just to note, it is the same problem with ios_command and ios_template.

BTW: Are you planning to add additional modules to networking section to handle for example access-list only, crypto settings, etc…? I mean like ios_access_list to handle ACLs from high level perspective.

BR,

Uros

Dne torek, 29. marec 2016 01.25.44 UTC+2 je oseba Peter Sprygada napisala:

6

​Should now be fixed in ansible/ansible devel.

no plan as of right now for higher order modules that scrap the cli. you should be able to accomplish most of these tasks with roles today using the current modules as the foundation​

7

Is there any update for this issue? i got similar thing need deal but not knowing how to…
Thanks in advance for any instructions.

Thanks
-Ian

8

This seems to still be broken all these years later. I’m hitting the exact same issue with “crypto map”. Is there a workaround?

ansible --version
ansible [core 2.15.4]
config file = /home/plrub160/git/isp_link_change/ansible.cfg
configured module search path = [‘/home/plrub160/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]
ansible python module location = /home/plrub160/VENV/ISP-LINK-CHANGE/lib/python3.11/site-packages/ansible
ansible collection location = /home/plrub160/git/isp_link_change/collections
executable location = /home/plrub160/VENV/ISP-LINK-CHANGE/bin/ansible
python version = 3.11.4 (main, Jul 5 2023, 14:15:25) [GCC 11.2.0] (/home/plrub160/VENV/ISP-LINK-CHANGE/bin/python)
jinja version = 3.1.2
libyaml = True