Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cisco.nxos.nxos_command send "show version" command #863

Open
tonytjo opened this issue May 30, 2024 · 0 comments
Open

cisco.nxos.nxos_command send "show version" command #863

tonytjo opened this issue May 30, 2024 · 0 comments

Comments

@tonytjo
Copy link

tonytjo commented May 30, 2024

SUMMARY

In one of our customers environment, their security team needs to allow individually each command issued to Cisco NXOS.

We are using cisco.nxos.nxos_command to issue command.

However, we find that Ansible will issue "show version" command to the switch before the actually commands specified in our Ansible nxos_command playbook.

The security team of the customer is challenging us why extra commands are executed.

Also in the customer's environment, the show version and show inventory commands will cause a command timeout error when execute the playbook and so none of the commands could be issued on the switch.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

nxos_command

ANSIBLE VERSION

ansible --version

ansible [core 2.14.5]

  config file = /home/user/.ansible.cfg

  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible

  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections

  executable location = /usr/local/bin/ansible

  python version = 3.9.16 (main, May 31 2023, 12:21:58) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/bin/python3.9)

  jinja version = 3.1.2

  libyaml = True
COLLECTION VERSION

ansible-galaxy collection list cisco.nxos
 
# /home/user/.ansible/collections/ansible_collections

Collection Version

---------- -------

cisco.nxos 5.2.1
 
# /usr/local/lib/python3.9/site-packages/ansible_collections

Collection Version

---------- -------

cisco.nxos 4.3.0
CONFIGURATION

ansible-config dump --only-changed

CONFIG_FILE() = /home/user/.ansible.cfg

DEFAULT_STDOUT_CALLBACK(/home/user/.ansible.cfg) = json

HOST_KEY_CHECKING(/home/user/.ansible.cfg) = False
OS / ENVIRONMENT

Red Hat 8.8

Cisco Nexus 9K 10.1.2

STEPS TO REPRODUCE

We have developed a frontend for the customer to manage the switches.

In the backend we will manipulate the switches.

For example in the frontend, the customer can disable port-security of an interface:

- name: Disable port-security

  cisco.nxos.nxos_command:

   commands:

      - "configure terminal"

      - "interface {{interfaceName}}"

      - "no switchport port-security"

      - "end"
EXPECTED RESULTS

Only the specified commands in the playbook are executed in the switch.

ACTUAL RESULTS

Before the specified commands in the playbook are executed, "show version" command is executed in the switch.

Module failure returned with message:
"command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."

We have tried changing ansible_network_cli_ssh_type to paramiko, the message becomes:
"timeout value 30 seconds reached while trying to send command b'show version'"

Meanwhile if we manually SSH directly to the switch and execute the commands (without "show version" or "show inventory") in the playbook, the commands are executable successfully without error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tonytjo