Category: juniper

Ansible SSH Errors when connecting to local vagrant juniper vqfx10k box

When recently running ansible on a local virtual switch from juniper vqfx10k, I got the following error:

$ ansible local -m ping
[WARNING]: sftp transfer mechanism failed on [127.0.0.1]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [127.0.0.1]. Use ANSIBLE_DEBUG=1 to see detailed information
vqfx1 | FAILED! => {
    "changed": false,
    "module_stderr": "Connection to 127.0.0.1 closed.\r\n",
    "module_stdout": "\r\nerror: unknown command: /bin/sh\r\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 0
}

That error was not good enough to figure out what the hell was going on. So I ran the command in verbose mode with ANSIBLE_DEBUG=1:

$ ANSIBLE_DEBUG=1 ansible local -m ping -vvvv
...
 99919 1615908883.42088: _low_level_execute_command() done: rc=0, stdout=
error: unknown command: /bin/sh
, stderr=OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/stephen/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 98168
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 0

So we have this annoying logout of the shared session.
Github had an issue and solution

Which I tried by setting in ansible.cfg:

[ssh_connection]
ssh_args =

It was successful in moving on to connecting via SSH, but now I got another issue:

debug3: Ignored env _
debug1: Sending command: /bin/sh -c '/usr/local/bin/python '"'"'error: unknown command: /bin/sh/AnsiballZ_ping.py'"'"' && sleep 0'
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Connection to 127.0.0.1 closed.
Transferred: sent 2888, received 2360 bytes, in 0.2 seconds
Bytes per second: sent 15168.1, received 12395.0
debug1: Exit status 0

Boiling down to:

So I found the issue on juniper and realised my issue:

I forgot to specify netconf as the connection:

vqfx1 ansible_host=127.0.0.1 ansible_port=2222 ansible_user='vagrant' ansible_ssh_private_key_file='/Users/stephen/.vagrant.d/insecure_private_key' ansible_network_os=junos ansible_connection=netconf

You can also remove the above ssh_args as now it is connecting with netconf which now does not need that connection story.

Ansible Juniper Junos modules do not work on old Juniper SRX versions

I tested some ansible junos modules on an old SRX version.

Model: srx220h2
Version: 12.1X44-D35.5

I have found that junos_command works, but the others always give a timeout error.

Even with a 240 second ansible_command_timeout.
The error is:

The error was:

ansible.module_utils.connection.ConnectionError: b'command timeout triggered, timeout value is 240 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide.'