Anyone running ansible against NXOS (latest 7.x) and using NXAPI transport?
I am getting a weird issue in my lab whereby CLI transport works fine but NXAPI transport I get
1.) straight up connect fail using a login with priv 15
2.) 401 denied when using a login with role dev-ops
I haven’t put in any AAA config (just got admin/admin user on priv 15), is there something I’m missing? nothing seems to be formally documented anywhere re: speciifc user permissions and NXAPI
It also appears to be going to an url of http:///ins? ’
I have nxapi enabled of course and I can use the sandbox fine.
!!! DEBUG FOR USER WITH PRIVILEGE 15
failed: [spine1] (item={u’interface’: u’Ethernet1/1’, u’ip_mask’: 30, u’ip_address’: u’172.17.1.1’, u’description’: u’leaf1’}) => {“failed”: true, “item”: {“description”: “leaf1”, “interface”: “Ethernet1/1”, “ip_address”: “172.17.1.1”, “ip_mask”: 30}, “msg”: “Connection failure: timed out”, “status”: -1, “url”: “http://spine1:80/ins”}
!!! DEBUG FOR USER WITH ROLE DEV-OPS
failed: [spine2] (item={u’interface’: u’Ethernet1/4’, u’ip_mask’: 30, u’ip_address’: u’172.17.2.13’, u’description’: u’leaf4’}) => {“clierror”: “% Permission denied for the role\n\nCmd exec error.\n”, “code”: “401”, “failed”: true, “input”: “show interface status”, “item”: {“description”: “leaf4”, “interface”: “Ethernet1/4”, “ip_address”: “172.17.2.13”, “ip_mask”: 30}, “msg”: “Permission denied”, “output”: {“clierror”: “% Permission denied for the role\n\nCmd exec error.\n”, “code”: “401”, “input”: “show interface status”, “msg”: “Permission denied”}, “url”: “http://spine2:80/ins”}
since CLI transport works I know its not a general ansible syntax issue, just using a standard provider var and ports 80/22 fully open?
!!! PROVIDER VARS
vars:
provider:
host: “{{ inventory_hostname }}”
username: “{{ username }}”
password: “{{ password }}”
transport: nxapi
use_ssl: no
validate_certs: false
!!! NXOS DEVICE
spine1# show nxapi
nxapi enabled
HTTP Listen on port 80
HTTPS Listen on port 443
spine1# show ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2017, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
NX-OSv9K is a demo version of the Nexus Operating System
Software
BIOS: version
NXOS: version 7.0(3)I6(1)
BIOS compile time:
NXOS image file is: bootflash:///nxos.7.0.3.I6.1.bin
NXOS compile time: 5/16/2017 22:00:00 [05/17/2017 06:21:28]
Hardware
cisco NX-OSv Chassis
Intel(R) Xeon(R) CPU E5-2670 0 @ 2.60GHz with 8165132 kB of memory.
Processor Board ID 9OJA62VWWIS
Device name: spine1
bootflash: 3509454 kB
Kernel uptime is 0 day(s), 2 hour(s), 42 minute(s), 15 second(s)
Last reset
Reason: Unknown
System version:
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
spine1#