Need help for getting a root shell on my custom network appliance

My network appliance needs a non_root ssh login, followed by an “enable” command, followed by an “su” command, followed by the root password. Here’s the sequence for my root login:

$ ssh admin@10.0.34.210
admin@10.0.34.210's password: ...
My_Device>
My_Device>enable
My_Device#
My_Device#su
Password: ......
[root@My_Hostname:/tmp]$
[root@My_Hostname:/tmp]$ exit
logout
My_Device#
My_Device#exit
My_Device>
My_Device>logout
Connection to 10.0.34.210 closed.
$

I am able to get non-root shell (CLI) commands working, but not able to get a shell for root shell commands. Here the playbook:

- name: Test_Playbook
  hosts: all
  gather_facts: false  #Set to false, since our device does not have python.
  vars:
    ansible_connection: network_cli
    ansible_host_key_checking: false
    ansible_user: admin
    ansible_password: "{{ admin_password }}"
    ansible_network_os: ios
    ansible_become: true
    ansible_become_method: su  #Using "su" since "enable" only enters privileged mode, but does not become root.
    ansible_become_password: "{{ su_password }}"  #Comment out if "enable" is used, since it does not need password.
    ansible_network_become_errors: warn  #Set to warn, since our CLI does not have "show privilege".

  tasks:
    - name: Test_CLI
      tags: cli
      register: results_test
      ios_command:
        commands:
          - show boot
    - name: Debug_CLI
      tags: cli
      debug:
        var: results_test.stdout_lines

    - name: Test_Root
      tags: root
      register: results_root
      cli_command:
        command: id
    - name: Debug_Root
      tags: root
      debug:
        var: results_root.stdout_lines

Here’s the output:

$ ansible-playbook -i 10.0.34.210, -e admin_password=... -e su_password=...... try.yaml

PLAY [Test_Playbook] ******************************************************************

TASK [Test_CLI] ***********************************************************************
ok: [10.0.34.210]

TASK [Debug_CLI] **********************************************************************
[WARNING]: on_become: privilege escalation failed
ok: [10.0.34.210] => {
    "results_test.stdout_lines": [
        [
            "Boot from   : disk\tpartition 1 ",
            "Next Boot   : disk\tpartition 1"
        ]
    ]
}

TASK [Test_Root] **********************************************************************
fatal: [10.0.34.210]: FAILED! => {"changed": false, "msg": \
"id\r\n        ^\r\n% Invalid input detected at '^' marker\r\nMy_Device#"}

PLAY RECAP ****************************************************************************
10.0.34.210 : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
$

Can you provide the info about exact device used? That way someone can possibly confirm if that particular device is supported using connection methods already preset in Ansible or not.

In case the device is not supported with available connection methods in Ansible, it would require a development of a custom connection plugin.

Thanks, and I know our custom device is not already supported. It follows closely to cisco ios CLI, as a subset, and with an exception of how the root shell is obtained. Hence this query. I was hopeful that someone would know how to club 2 CLI commands (enable; su) in succession, as a become method, with the network_cli plugin. From your answer, it seems writing custom connection plugin is the way to go…

Tough luck then . Maybe there is some trick to do it but you’ll have to “hunt down” some experienced network automation Ansible guru . Custom connection plugin is the obvious solution.