🕌

Ansibleを試してみた(ハマった編)

2024/12/31に公開

多分に自分のスキル不足なのだがまぁあくまで初Ansibleで勉強中なのでそんなこともあるよね。という生暖かい目で

タイポでハマる

せっかく作ったshow_conf_jがうまくいかない・・・

ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j

PLAY [Junos Configure] ******************************************************************************************************************

PLAY RECAP ******************************************************************************************************************************

ban@UoVb:~/ansible$

全然実行してくれない・・・。
どこまで何が出来てて、何が出来てないのかを追うために -vvvオプションを付けてみる

ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j -vvv
ansible-playbook [core 2.13.5]
  config file = /home/ban/ansible/ansible.cfg
  configured module search path = ['/home/ban/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ban/.local/lib/python3.8/site-packages/ansible
  ansible collection location = /home/ban/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ban/.local/bin/ansible-playbook
  python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True
Using /home/ban/ansible/ansible.cfg as config file
host_list declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
script declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
auto declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
Parsed /home/ban/ansible/inventory.ini inventory source with ini plugin
redirecting (type: modules) ansible.builtin.junos_command to junipernetworks.junos.junos_command
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: junos_config.yml **************************************************************************************************************
1 plays in junos_config.yml

PLAY [Junos Configure] ******************************************************************************************************************
META: ran handlers
META: ran handlers
META:
META:
META:
META:
META:
META:
META: ran handlers
META: ran handlers
META: ran handlers
META: ran handlers

PLAY RECAP ******************************************************************************************************************************

ban@UoVb:~/ansible$

なにやらjunos_config.ymlまでは読み込んでるけどrole配下のmain.ymlを読みに行ってくれない
syntaxエラーが出てるわけでもないので構文は間違えてなさそう
試しに他のtagを実行してみる

ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_ver_j

PLAY [Junos Configure] ******************************************************************************************************************

TASK [show_ver_j : show_ver] ************************************************************************************************************
ok: [vsrx1]
ok: [vsrx2]

TASK [show_ver_j : output] **************************************************************************************************************
changed: [vsrx1]
changed: [vsrx2]

PLAY RECAP ******************************************************************************************************************************
vsrx1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
vsrx2                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

ban@UoVb:~/ansible$

うまくいく

その後、1時間くらいウダウダ調べたりなんだりしてもまったく手がかり掴めず・・・
なんで出来ないんだよぉぉぉ!と叫んだ時にふとtreeコマンドを眺めてみると

ban@UoVb:~/ansible$ tree --charset=C
.
|-- after
|-- ansible.cfg
|-- before
|-- group_vars
|-- inventory.ini
|-- junos_config.yml
|-- log
`-- roles
    |-- set_int_j
    |   `-- tasks
    |       `-- main.yml
    |-- show_conf_j
    |   |-- task
    |   |   `-- main.yml
    |   `-- vars
    |       `-- main.yml
    `-- show_ver_j
        |-- tasks
        |   `-- main.yml
        `-- vars
            `-- main.yml

13 directories, 8 files
ban@UoVb:~/ansible$

ん?あれ?これもしかしてshow_conf_j配下のtasksディレクトリがtaskになってね?と気付く
慌ててディレクトリ名をtask ⇒ tasksに直して再度実行してみる

ban@UoVb:~/ansible$ tree --charset=C
.
|-- after
|-- ansible.cfg
|-- before
|-- group_vars
|-- inventory.ini
|-- junos_config.yml
|-- log
`-- roles
    |-- set_int_j
    |   `-- tasks
    |       `-- main.yml
    |-- show_conf_j
    |   |-- tasks
    |   |   `-- main.yml
    |   `-- vars
    |       `-- main.yml
    `-- show_ver_j
        |-- tasks
        |   `-- main.yml
        `-- vars
            `-- main.yml

13 directories, 8 files
ban@UoVb:~/ansible$

うまくいった・・・

ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j

PLAY [Junos Configure] ******************************************************************************************************************

TASK [show_conf_j : show_conf] **********************************************************************************************************
ok: [vsrx2]
ok: [vsrx1]

TASK [show_conf_j : output] *************************************************************************************************************
changed: [vsrx2]
changed: [vsrx1]

PLAY RECAP ******************************************************************************************************************************
vsrx1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
vsrx2                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

ban@UoVb:~/ansible$

junos_configにハマる

set_int_jでshow系だけじゃなく設定変更をしようと思ったらハマる

ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags set_int_j

PLAY [Junos Configure] ******************************************************************************************************************

TASK [set_int_j : config interface] *****************************************************************************************************
fatal: [vsrx2]: FAILED! => {"changed": false, "module_stderr": "'NoneType' object has no attribute 'text'", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}
fatal: [vsrx1]: FAILED! => {"changed": false, "module_stderr": "'NoneType' object has no attribute 'text'", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}

PLAY RECAP ******************************************************************************************************************************
vsrx1                      : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
vsrx2                      : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

ban@UoVb:~/ansible$

role/set_int_j/main.ymlの中身

ban@UoVb:~/ansible$ cat roles/set_int_j/tasks/main.yml
---
- name: config interface
  junipernetworks.junos.junos_config:
          lines:
                - set interfaces ge-0/0/3 description fromACT
          backup: yes
          backup_options:
                  filename: before.log
                  dir_path: /home/ban/ansible/log
  register: result

- name: print
  debug:
          msg: "{{ result.stdout }}"
ban@UoVb:~/ansible$

ちゃんとjunos_configの配下でlineを指定してlist形式で書いてあるのに・・・
「オブジェクトには属性 text がありません」ってなんじゃ?
試しにsetコマンド全体をダブルクォーツで囲ったり、description 部分だけをダブルクォーツで囲ったりしたけどダメ
もう目薬いっこ消費するくらい ansible-doc junos_config を読んだし、なんかstrのパラメータが入ってないとダメなのかなと思って無駄に comment とか増やしてみてもダメ
いい加減、junos_configに疲れ果てたので、この際junos_configは捨ててnetwork_cliでやってみっかと変えてみた

ban@UoVb:~/ansible$ cat roles/set_int_j/vars/main.yml
---
ansible_become: true
ansible_become_method: enable
ansible_network_os: junos
ansible_password: ****
ansible_user: ban
ansible_connection: network_cli #コイツをnetconf ⇒ network_cliへ

ban@UoVb:~/ansible$
ban@UoVb:~/ansible$ cat roles/set_int_j/tasks/main.yml
---
- name: config interface
  cli_config:
          config: delete interfaces ge-0/0/3 description "fromACT"
          backup: yes
          backup_options:
                  filename: "{{ inventory_hostname }}_before_{{ lookup('pipe', 'date +%Y%m%d%H%M') }}"
                  dir_path: /home/ban/ansible/before

ban@UoVb:~/ansible$

こんな感じで成功

実行前

ban@vsrx1> show interfaces descriptions

ban@vsrx1>
ban@vsrx2> show interfaces descriptions

ban@vsrx2>
ban@UoVb:~/ansible$ ls before/
ban@UoVb:~/ansible$

実行

ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags set_int_j

PLAY [Junos Configure] ******************************************************************************************************************

TASK [set_int_j : config interface] *****************************************************************************************************
[WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the
running configuration on device including the indentation
changed: [vsrx2]
changed: [vsrx1]

PLAY RECAP ******************************************************************************************************************************
vsrx1                      : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
vsrx2                      : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

ban@UoVb:~/ansible$

実行後

ban@vsrx1> show interfaces descriptions
Interface       Admin Link Description
ge-0/0/3        up    up   fromACT

ban@vsrx1>
ban@vsrx2> show interfaces descriptions
Interface       Admin Link Description
ge-0/0/3        up    up   fromACT

ban@vsrx2>
ban@UoVb:~/ansible$ ls before/
vsrx1_before_202210151216  vsrx2_before_202210151216
ban@UoVb:~/ansible$

configを比較してみる

configを取る

ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j

PLAY [Junos Configure] ******************************************************************************************************************

TASK [show_conf_j : show_conf] **********************************************************************************************************
ok: [vsrx2]
ok: [vsrx1]

TASK [show_conf_j : output] *************************************************************************************************************
changed: [vsrx1]
changed: [vsrx2]

PLAY RECAP ******************************************************************************************************************************
vsrx1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
vsrx2                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

ban@UoVb:~/ansible$

diffってみる

ban@UoVb:~/ansible$ diff -u before/vsrx1_before_202210151216 log/vsrx1_conf_202210151218

+    ge-0/0/3 {
+        description fromACT;
+    }
ban@UoVb:~/ansible$ diff -u before/vsrx2_before_202210151216 log/vsrx2_conf_202210151218

     ge-0/0/3 {
+        description fromACT;
         unit 0 {
             family inet;
         }

いい感じになった

vsrxインストールでハマる

調子に乗って更にvsrxをインストールしようとしたところvagrant upしたら全然インストールが進まない
処理を見ると↓のところで止まってタイムアウトとなる

C:\Users\ban\vagrant3>vagrant up
Bringing machine 'vsrx3' up with 'virtualbox' provider...
Bringing machine 'vsrx4' up with 'virtualbox' provider...
==> vsrx3: Importing base box 'juniper/ffp-12.1X47-D15.4-packetmode'...
==> vsrx3: Matching MAC address for NAT networking...
==> vsrx3: Checking if box 'juniper/ffp-12.1X47-D15.4-packetmode' version '0.5.0' is up to date...
==> vsrx3: Setting the name of the VM: vagrant3_vsrx3_1666330878119_86120
==> vsrx3: Clearing any previously set network interfaces...
==> vsrx3: Preparing network interfaces based on configuration...
    vsrx3: Adapter 1: nat
    vsrx3: Adapter 2: intnet
    vsrx3: Adapter 3: intnet
    vsrx3: Adapter 4: intnet
==> vsrx3: Forwarding ports...
    vsrx3: 22 (guest) => 2203 (host) (adapter 1)
==> vsrx3: Running 'pre-boot' VM customizations...
==> vsrx3: Booting VM...
==> vsrx3: Waiting for machine to boot. This may take a few minutes...
    vsrx3: SSH address: 127.0.0.1:22
    vsrx3: SSH username: root
    vsrx3: SSH auth method: private key

コンソールから show interface ters でアドレス確認

virtualboxのポートフォワーディング設定
で強引に紐づけてなんとか解決

Discussion