Hello Ansible gurus, I am new to Ansible and have installed from Git source branch. I am not changing anything at this time. I am investigating ways to use Ansible with Mikrotik RouterOS (www.mt.lv or www.mikrotik.com). My test environment is a Ubuntu 18.xx linux box on a local area network. The two devices are on the same ethernet switch.

`

dev1@s5:~/TTLLC_ansible$ uname -a
Linux s5 5.0.0-15-generic #16-Ubuntu SMP Mon May 6 17:41:33 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

dev1@s5:~/TTLLC_ansible$ ansible --version
22073 1559065845.13968: starting run
ansible 2.9.0.dev0
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/home/dev1/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /home/dev1/src/ansible/lib/ansible
executable location = /home/dev1/src/ansible/bin/ansible
python version = 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0]
dev1@s5:~/TTLLC_ansible$

`

I have SSH private-key and public-key setup to allow me to access the Mikrotik RouterOS session without an interactive password from the Ubuntu box. For now, I am testing DSA file private key/public key

`

dev1@s5:~/.ssh$ ls -l
total 16
-rw------- 1 dev1 dev1 1373 May 26 23:10 3101_dsa
-rw-r–r-- 1 dev1 dev1 597 May 26 23:10 3101_dsa.pub

dev1@s5:~/.ssh$ file *
3101_dsa: OpenSSH private key
3101_dsa.pub: OpenSSH DSA public key

`

Here is the proof that SSH works from the command line.

`

dev1@s5:~/TTLLC_ansible$ ssh -i ~/.ssh/3101_dsa ttadmins@10.0.0.99 -p 22222

MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 6.43.2 (c) 1999-2018 http://www.mikrotik.com/

[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments

[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options

/ Move up to base level
… Move up one level
/command Use command at the base level

`

Here is my problem (the full debug output is at the end of this message, sorry for the length) - Ansible reports the SSH module complains it is an Invalid key.

`

The full traceback is:
Traceback (most recent call last):
File “/home/dev1/src/ansible/bin/ansible-connection”, line 104, in start
self.connection._connect()
File “/home/dev1/src/ansible/lib/ansible/plugins/connection/network_cli.py”, line 327, in _connect
ssh = self.paramiko_conn._connect()
File “/home/dev1/src/ansible/lib/ansible/plugins/connection/paramiko_ssh.py”, line 245, in _connect
self.ssh = SSH_CONNECTION_CACHE[cache_key] = self._connect_uncached()
File “/home/dev1/src/ansible/lib/ansible/plugins/connection/paramiko_ssh.py”, line 368, in _connect_uncached
raise AnsibleConnectionFailure(msg)
AnsibleConnectionFailure: Invalid key

22502 1559065909.68461: done running TaskExecutor() for 10.0.0.99/TASK: Gathering Facts [8851fb63-ee9d-cebc-7778-00000000000c]
22502 1559065909.68478: sending task result for task 8851fb63-ee9d-cebc-7778-00000000000c
22502 1559065909.68512: done sending task result for task 8851fb63-ee9d-cebc-7778-00000000000c
22502 1559065909.68518: WORKER PROCESS EXITING
22489 1559065909.68718: marking 10.0.0.99 as failed
22489 1559065909.68731: marking host 10.0.0.99 failed, current state: HOST STATE: block=0, task=0, rescue=0, always=0, run_state=ITERATING_SETUP, fail_state=FAILED_NONE, pending_setup=True, tasks child state? (None), rescue child state? (None), always child state? (None), did rescue? False, did start at task? False
22489 1559065909.68736: ^ failed state is now: HOST STATE: block=0, task=0, rescue=0, always=0, run_state=ITERATING_COMPLETE, fail_state=FAILED_SETUP, pending_setup=True, tasks child state? (None), rescue child state? (None), always child state? (None), did rescue? False, did start at task? False
22489 1559065909.68741: getting the next task for host 10.0.0.99
22489 1559065909.68746: host 10.0.0.99 is done iterating, returning
fatal: [10.0.0.99]: FAILED! => {
“msg”: “Invalid key”
}

`

I would have assumed the following script would work - but it doesn’t, what am I doing wrong - how am I messing up the key definition?

`

dev1@s5:~/TTLLC_ansible$ cat doAnsible.sh
#! /bin/bash

Specify the location for the log file

export ANSIBLE_LOG_PATH=/tmp/foo

Enable Debug

export ANSIBLE_DEBUG=True

cat /dev/null > /tmp/foo

Run with 4*v for connection level verbosity

ansible-playbook -u ttadmins -vvvv -i TTLLC_hosts ansibleRouterOS.yml

`

YAML file

`

dev1@s5:~/TTLLC_ansible$ cat ansibleRouterOS.yml

I have an update, after editing Hosts, Playbook and the script:

`

dev1@s5:~/TTLLC_ansible$ cat ansibleRouterOS.yml

(attachments)

ansible1.png3888×2592 114 KB

You’re using ansible from source.
Could you try again using a released stable version that has been out for some time?

For instance 2.7.10.

Dick

Hi,

Note that since 2.7, Ansible has some support for RouterOS built-in:
https://docs.ansible.com/ansible/latest/network/user_guide/platform_routeros.html

There are currently two modules which should work:
https://docs.ansible.com/ansible/latest/modules/routeros_command_module.html
https://docs.ansible.com/ansible/latest/modules/routeros_facts_module.html

Cheers,
Felix

Interesting suggestion and I will attempt to revert back to a stable release as suggested.

In the meantime, I can confirm the 2.9.0dev0 framework acts differently with routeros ssh connections (the key is invalid always), yet that same key (last night I changed from DSA to RSA) works fine with scripted SSH (example below). I am not strictly a developer type, so I can be happy with a stable version. Let the buyers beware. Is this is a bug worth reporting?

dev1@s5:~$ !1816

ssh -i /home/dev1/.ssh/3101_id_rsa -p 22222 -t ttadmins@10.0.0.99 << “ENDSSH”

/system resource pr

/ip route pr

/interface bridge pr

ENDSSH

Pseudo-terminal will not be allocated because stdin is not a terminal.

X11 forwarding request failed on channel 0

uptime: 1d9h39m10s

version: 6.43.2 (stable)

build-time: Sep/18/2018 12:12:48

factory-software: 6.41.3

free-memory: 469.6MiB

total-memory: 512.0MiB

cpu: ARMv7

cpu-count: 1

cpu-frequency: 800MHz

cpu-load: 17%

free-hdd-space: 3700.0KiB

total-hdd-space: 16.0MiB

write-sect-since-reboot: 1302

write-sect-total: 3568

bad-blocks: 0%

architecture-name: arm

board-name: CRS328-24P-4S+

platform: MikroTik

Flags: X - disabled, A - active, D - dynamic,

C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,

B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S ;;; 3101 default gw to Verizon Fios ONT

0.0.0.0/0 10.0.0.1 1

1 ADC 10.0.0.0/24 10.0.0.99 ether24 0

2 ADC 10.0.1.0/24 10.0.1.1 3101-bridge 0

Flags: X - disabled, R - running

0 R ;;; 26may19/SH/LAN for 3101

name=“3101-bridge” mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled

arp-timeout=auto mac-address=B8:69:F4:AC:F5:4D protocol-mode=rstp

fast-forward=no igmp-snooping=no auto-mac=yes ageing-time=5m

priority=0x8000 max-message-age=20s forward-delay=15s

transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no

update: I de-installed all components of the earlier from-source distribution and used the apt-get on Ubuntu to install a pre-packaged version - with not much different result. I upgraded the keys on the Mikrotik host to DSA and made sure plain ssh calls worked from the command line. But running the same ansible-playbook script did not work - what can I do to generate more debug info on the reason the system thinks it has an invalid key, when the Mikrotik log says nothing bad. Is the paramiko module not recognizing that it has already established the session? or, what is it expecting back?

`

uname -a; ansible --version

Linux s5 5.0.0-15-generic #16-Ubuntu SMP Mon May 6 17:41:33 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
ansible 2.8.1
config file = /home/dev1/TTLLC_ansible/ansible.cfg
configured module search path = [u’/home/dev1/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.16 (default, Apr 6 2019, 01:42:57) [GCC 8.3.0]
…

`

On the Ubuntu

`

2019-06-09 14:12:44,685 p=5254 u=dev1 | Parsed /home/dev1/TTLLC_ansible/TTLLC_hosts inventory source with ini
plugin
2019-06-09 14:12:44,887 p=5254 u=dev1 | Loading callback plugin default of type stdout, v2.0 from /usr/lib/pyt
hon2.7/dist-packages/ansible/plugins/callback/default.pyc
2019-06-09 14:12:44,927 p=5254 u=dev1 | PLAYBOOK: ansibleRouterOS.yml ****************************************