Problems with asa_config

Archives Ansible Project
1

I am having problems running the following play:

  • hosts: cil-fw
    gather_facts: no
    connection: local
    vars_files:
  • ./cilfu-vars.yml
  • ./cil-vault.yml
    vars:
    cli:
    host: “{{ inventory_hostname }}”
    username: “{{ cil_admin_username }}”
    password: “{{ cil_admin_password }}”
    transport: cli

tasks:

  • name: Get Version
    asa_command:
    commands:

  • show version
    provider: “{{ cli }}”

  • name: Add Context
    asa_config:
    lines:

  • context cilfu

  • allocate-interface Port-channel1.102

  • allocate-interface Port-channel1.703

  • config-url disk0:/cilfu.cfg
    context: system
    provider: “{{ cli }}”

  • name: Configure the outside interface
    asa_config:
    lines:

  • nameif outside
    context: cilfu
    parents: [‘interface Port-channel1.102’]
    provider: “{{ cli }}”

The first problem was with authentication. Originally, I had “authorize” and “auth_pass” set, but it did not seem to be able to enable properly:

TASK [Add Context] *************************************************************
fatal: [csn-sjc18-asa1]: FAILED! => {“changed”: false, “failed”: true, “msg”: "matched error in response: changeto system\r\n^\r\nERROR: % Invalid input detected at ‘^’ marker.\r\n\rcsn-sjc18-asa1/admin> "}

I got around this problem by giving the admin user auto-exec. The next play seems to run:

PLAY [cil-fw] ******************************************************************

TASK [Get Version] *************************************************************
ok: [csn-sjc18-asa1]

TASK [Add Context] *************************************************************
changed: [csn-sjc18-asa1]

TASK [Configure the outside interface] *****************************************
fatal: [csn-sjc18-asa1]: FAILED! => {“changed”: false, “commands”: [“configure terminal”, “interface Port-channel1.102”, “nameif outside”, “end”], “failed”: true, “msg”: "matched error in response: bal\r\nCryptochecksum:45e26010ee904847ecd150979e737e47\r\n: end\r\n\rcsn-sjc18-asa1/cilfu# Port-channel1.102\r\n ^\r\nERROR: % Invalid input detected at ‘^’ marker.\r\n\rcsn-sjc18-asa1/cilfu# "}
to retry, use: --limit @/Users/stevenca/Box Sync/csn/cil/ansible/cilfu-asa.retry

PLAY RECAP *********************************************************************
csn-sjc18-asa1 : ok=2 changed=1 unreachable=0 failed=1

Task “Add Context” seems to complete, but the context does not show up in the config. When I add it manually and try to configure nameif under the interface, I get the failure that I see above. Is this module still in the works or am I doing something wrong (or both)? In either case, I am happy to do some testing on it.

Thanks,

Steven.