I wrote below script to reload ASA firewall. The script reloads ASA firewall but the fact that reload has happened does not get passed back to ansible. So the script waits forever until command_timeout occurs. I tried some alternate solutions and none of them worked:
-
Changed connction type from network_cli to local but didn’t help.
-
Removed ASA_command module and used cli_command module with prompt options but didn’t work.
-
Changed commnand from “reload noconfirm” to “reload noconfirm in 01” but didn’t help.
-
Gave the ‘reload noconfirm’ using asa_config module but didn’t help.
-
Ran script with -vvvv option but didn’t provide any useful insight. Pasting output of the task when run with -vvvv below.
Please note prompt option doesn’t seem to exists for asa_command module (like it exists for ios_command module). So i had to use ‘reload noconfirm’ command.
- name: RELOAD
asa_command:
commands: “reload noconfirm”
vars:
ansible_command_timeout: 180
connection: local
- name: WAIT FOR FIREWALL TO REBOOT
wait_for:
host: “{{ ansible_host }}”
port: 22
delay: 180
timeout: 4800
delegate_to: localhost