How to configure routeros with ansible?

Get Help
1

Hi, has anyone ever configured a MikroTik with Ansible? If so, it would be great if you could show me what the ansible.cfg should look like and which variables I need to specify in the playbook.
The Mikrotik is set up on PVE, where I have set up ansible in a .venv
I’ve tried many variations, but it always fails because the SSH connection doesn’t work. The MikroTik already has the public key from the PVE, it is also reachable via ping from the PVE, and SSH from the PVE to the MikroTik works via the terminal as well.
At the moment I have:

---
- name: Configure MTK
  gather_facts: false
  connection: ansible.netcommon.network_cli
  vars:
    ansible_network_os: community.network.routeros
    ansible_user: admin
    ansible_ssh_private_key_file: ~/.ssh/id_ed25519
    ansible_command_timeout: 120
    ansible_ssh_timeout: 120
    ansible_password: mypassword
    ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
    ansible_become: true
    ansible_become_method: enable
    ansible_become_password: mypassword
    # ansible_ssh_private_key_file: ~/.ssh/id_rsa
    # ansible_connection: ansible.netcommon.httpapi
    # ansible_httpapi_use_ssl: false
    # ansible_httpapi_validate_certs: false
    # ansible_python_interpreter: /usr/bin/python3
    # ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r"'
    
  hosts: router

  tasks:
    - name: set_interface_mikrotik
      community.network.routeros_command:
        commands:
          - /ip address add address={{ item.ipv4_address }} interface={{ item.interface }}
      loop: "{{ interfaces }}"
      loop_control:
        label: "{{ item.interface }}"
      tags: interfaces
      when: os == "mikrotik"

and ansible.cfg:

[defaults]
inventory = /home/user/ansible/inventories/
host_key_checking = False
deprecation_warnings = False
callback_plugins = ./callbacks
stdout_callback = yaml

[ssh_connection]
pipelining = False
ssh_args = -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ServerAliveInterval=10
control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
retries = 3

[persistent_connection]
ssh_type = libssh

and I get:

 msg: 'ssh connection failed: ssh connect failed: Socket error: Connection reset by peer'

the mtk-log is:


[admin@MikroTik] > /log print
 2025-02-22 11:15:19 system,info router rebooted
 2025-02-22 11:15:19 interface,info lo link up
 2025-02-22 11:15:19 interface,info ether2 link up
 2025-02-22 11:15:19 interface,info ether3 link up
 2025-02-22 11:15:19 interface,info ether4 link up
 2025-02-22 11:15:24 dhcp,info dhcp-client on ether1 got IP address 10.20.3
0.110
 2025-02-22 11:15:34 system,info,account user admin logged in from 10.20.30
.254 via ssh
 2025-02-22 11:15:34 system,info system identity changed by ssh-cmd:admin@1
0.20.30.254 (/system identity set name=MikroTik)
 2025-02-22 11:15:34 system,info user admin changed by ssh-cmd:admin@10.20.
30.254/action:0 (/user set admin)
 2025-02-22 11:15:34 system,info ip service changed by ssh-cmd:admin@10.20.
30.254/action:1 (/ip service set ssh disabled=no)
 2025-02-22 11:15:34 system,info,account user admin logged out from 10.20.3
0.254 via ssh
 2025-02-22 11:15:41 system,info,account user admin logged in from 10.20.30
.254 via ssh
 2025-02-22 11:15:41 system,info,account user admin logged out from 10.20.3
0.254 via ssh
 2025-02-22 11:15:43 system,info,account user admin logged in from 10.20.30
.254 via ssh
 2025-02-22 11:15:43 ssh,info 256bit public key imported, key-owner = user@
node1
 2025-02-22 11:15:43 system,info,account user admin logged out from 10.20.3
0.254 via ssh
 2025-02-22 11:15:43 ssh,info publickey accepted for user: admin
 2025-02-22 11:15:43 system,info,account user admin logged in from 10.20.30
.254 via ssh
 2025-02-22 11:15:43 system,info,account user admin logged out from 10.20.3
0.254 via ssh
 2025-02-22 11:15:43 ssh,info publickey accepted for user: admin
 2025-02-22 11:15:43 system,info,account user admin logged in from 10.20.30
.254 via ssh
 2025-02-22 11:15:43 interface,info p1r8v link up
 2025-02-22 11:15:43 system,info device added by ssh-cmd:admin@10.20.30.254
 (*8 = /interface vlan add interface=ether3 name=p1r8v vlan-id=810)
 2025-02-22 11:15:43 interface,info p1r9v link up
 2025-02-22 11:15:43 system,info device added by ssh-cmd:admin@10.20.30.254
 (*9 = /interface vlan add interface=ether2 name=p1r9v vlan-id=910)
 2025-02-22 11:15:43 system,info,account user admin logged out from 10.20.3
0.254 via ssh
 2025-02-22 11:15:53 system,info,account user admin logged in from fe80::51
6d:ee13:3f25:2555 via winbox
 2025-02-22 11:15:57 system,info,account user admin logged in from fe80::51
6d:ee13:3f25:2555 via winbox

At the moment when my create-mtk.sh stops and the playbook starts, nothing more appears in this mtk-log anymore.

2

I’m using Ansible to configure RouterOS. I have no special settings in ansible.cfg, the following variables set up in the inventory:

ansible_connection: ansible.netcommon.network_cli
ansible_network_os: community.routeros.routeros
ansible_network_cli_ssh_type: libssh
ansible_ssh_pass: "{{ router_password }}"
ansible_user: "{{ router_username }}+cte512w"
ansible_host: 192.168.1.1

I mostly use the API modules, I only use the SSH-based modules to ‘bootstrap’ a new device (enable API, install PKI, switch to right IP range).