Ansibleを試してみた(ハマった編)
多分に自分のスキル不足なのだがまぁあくまで初Ansibleで勉強中なのでそんなこともあるよね。という生暖かい目で
タイポでハマる
せっかく作ったshow_conf_jがうまくいかない・・・
ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j
PLAY [Junos Configure] ******************************************************************************************************************
PLAY RECAP ******************************************************************************************************************************
ban@UoVb:~/ansible$
全然実行してくれない・・・。
どこまで何が出来てて、何が出来てないのかを追うために -vvvオプションを付けてみる
ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j -vvv
ansible-playbook [core 2.13.5]
config file = /home/ban/ansible/ansible.cfg
configured module search path = ['/home/ban/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/ban/.local/lib/python3.8/site-packages/ansible
ansible collection location = /home/ban/.ansible/collections:/usr/share/ansible/collections
executable location = /home/ban/.local/bin/ansible-playbook
python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
jinja version = 3.1.2
libyaml = True
Using /home/ban/ansible/ansible.cfg as config file
host_list declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
script declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
auto declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /home/ban/ansible/inventory.ini as it did not pass its verify_file() method
Parsed /home/ban/ansible/inventory.ini inventory source with ini plugin
redirecting (type: modules) ansible.builtin.junos_command to junipernetworks.junos.junos_command
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: junos_config.yml **************************************************************************************************************
1 plays in junos_config.yml
PLAY [Junos Configure] ******************************************************************************************************************
META: ran handlers
META: ran handlers
META:
META:
META:
META:
META:
META:
META: ran handlers
META: ran handlers
META: ran handlers
META: ran handlers
PLAY RECAP ******************************************************************************************************************************
ban@UoVb:~/ansible$
なにやらjunos_config.ymlまでは読み込んでるけどrole配下のmain.ymlを読みに行ってくれない
syntaxエラーが出てるわけでもないので構文は間違えてなさそう
試しに他のtagを実行してみる
ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_ver_j
PLAY [Junos Configure] ******************************************************************************************************************
TASK [show_ver_j : show_ver] ************************************************************************************************************
ok: [vsrx1]
ok: [vsrx2]
TASK [show_ver_j : output] **************************************************************************************************************
changed: [vsrx1]
changed: [vsrx2]
PLAY RECAP ******************************************************************************************************************************
vsrx1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
vsrx2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ban@UoVb:~/ansible$
うまくいく
その後、1時間くらいウダウダ調べたりなんだりしてもまったく手がかり掴めず・・・
なんで出来ないんだよぉぉぉ!と叫んだ時にふとtreeコマンドを眺めてみると
ban@UoVb:~/ansible$ tree --charset=C
.
|-- after
|-- ansible.cfg
|-- before
|-- group_vars
|-- inventory.ini
|-- junos_config.yml
|-- log
`-- roles
|-- set_int_j
| `-- tasks
| `-- main.yml
|-- show_conf_j
| |-- task
| | `-- main.yml
| `-- vars
| `-- main.yml
`-- show_ver_j
|-- tasks
| `-- main.yml
`-- vars
`-- main.yml
13 directories, 8 files
ban@UoVb:~/ansible$
ん?あれ?これもしかしてshow_conf_j配下のtasksディレクトリがtaskになってね?と気付く
慌ててディレクトリ名をtask ⇒ tasksに直して再度実行してみる
ban@UoVb:~/ansible$ tree --charset=C
.
|-- after
|-- ansible.cfg
|-- before
|-- group_vars
|-- inventory.ini
|-- junos_config.yml
|-- log
`-- roles
|-- set_int_j
| `-- tasks
| `-- main.yml
|-- show_conf_j
| |-- tasks
| | `-- main.yml
| `-- vars
| `-- main.yml
`-- show_ver_j
|-- tasks
| `-- main.yml
`-- vars
`-- main.yml
13 directories, 8 files
ban@UoVb:~/ansible$
うまくいった・・・
ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j
PLAY [Junos Configure] ******************************************************************************************************************
TASK [show_conf_j : show_conf] **********************************************************************************************************
ok: [vsrx2]
ok: [vsrx1]
TASK [show_conf_j : output] *************************************************************************************************************
changed: [vsrx2]
changed: [vsrx1]
PLAY RECAP ******************************************************************************************************************************
vsrx1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
vsrx2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ban@UoVb:~/ansible$
junos_configにハマる
set_int_jでshow系だけじゃなく設定変更をしようと思ったらハマる
ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags set_int_j
PLAY [Junos Configure] ******************************************************************************************************************
TASK [set_int_j : config interface] *****************************************************************************************************
fatal: [vsrx2]: FAILED! => {"changed": false, "module_stderr": "'NoneType' object has no attribute 'text'", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}
fatal: [vsrx1]: FAILED! => {"changed": false, "module_stderr": "'NoneType' object has no attribute 'text'", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}
PLAY RECAP ******************************************************************************************************************************
vsrx1 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
vsrx2 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
ban@UoVb:~/ansible$
role/set_int_j/main.ymlの中身
ban@UoVb:~/ansible$ cat roles/set_int_j/tasks/main.yml
---
- name: config interface
junipernetworks.junos.junos_config:
lines:
- set interfaces ge-0/0/3 description fromACT
backup: yes
backup_options:
filename: before.log
dir_path: /home/ban/ansible/log
register: result
- name: print
debug:
msg: "{{ result.stdout }}"
ban@UoVb:~/ansible$
ちゃんとjunos_configの配下でlineを指定してlist形式で書いてあるのに・・・
「オブジェクトには属性 text がありません」ってなんじゃ?
試しにsetコマンド全体をダブルクォーツで囲ったり、description 部分だけをダブルクォーツで囲ったりしたけどダメ
もう目薬いっこ消費するくらい ansible-doc junos_config を読んだし、なんかstrのパラメータが入ってないとダメなのかなと思って無駄に comment とか増やしてみてもダメ
いい加減、junos_configに疲れ果てたので、この際junos_configは捨ててnetwork_cliでやってみっかと変えてみた
ban@UoVb:~/ansible$ cat roles/set_int_j/vars/main.yml
---
ansible_become: true
ansible_become_method: enable
ansible_network_os: junos
ansible_password: ****
ansible_user: ban
ansible_connection: network_cli #コイツをnetconf ⇒ network_cliへ
ban@UoVb:~/ansible$
ban@UoVb:~/ansible$ cat roles/set_int_j/tasks/main.yml
---
- name: config interface
cli_config:
config: delete interfaces ge-0/0/3 description "fromACT"
backup: yes
backup_options:
filename: "{{ inventory_hostname }}_before_{{ lookup('pipe', 'date +%Y%m%d%H%M') }}"
dir_path: /home/ban/ansible/before
ban@UoVb:~/ansible$
こんな感じで成功
実行前
ban@vsrx1> show interfaces descriptions
ban@vsrx1>
ban@vsrx2> show interfaces descriptions
ban@vsrx2>
ban@UoVb:~/ansible$ ls before/
ban@UoVb:~/ansible$
実行
ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags set_int_j
PLAY [Junos Configure] ******************************************************************************************************************
TASK [set_int_j : config interface] *****************************************************************************************************
[WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the
running configuration on device including the indentation
changed: [vsrx2]
changed: [vsrx1]
PLAY RECAP ******************************************************************************************************************************
vsrx1 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
vsrx2 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ban@UoVb:~/ansible$
実行後
ban@vsrx1> show interfaces descriptions
Interface Admin Link Description
ge-0/0/3 up up fromACT
ban@vsrx1>
ban@vsrx2> show interfaces descriptions
Interface Admin Link Description
ge-0/0/3 up up fromACT
ban@vsrx2>
ban@UoVb:~/ansible$ ls before/
vsrx1_before_202210151216 vsrx2_before_202210151216
ban@UoVb:~/ansible$
configを比較してみる
configを取る
ban@UoVb:~/ansible$ ansible-playbook -i inventory.ini junos_config.yml --tags show_conf_j
PLAY [Junos Configure] ******************************************************************************************************************
TASK [show_conf_j : show_conf] **********************************************************************************************************
ok: [vsrx2]
ok: [vsrx1]
TASK [show_conf_j : output] *************************************************************************************************************
changed: [vsrx1]
changed: [vsrx2]
PLAY RECAP ******************************************************************************************************************************
vsrx1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
vsrx2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ban@UoVb:~/ansible$
diffってみる
ban@UoVb:~/ansible$ diff -u before/vsrx1_before_202210151216 log/vsrx1_conf_202210151218
+ ge-0/0/3 {
+ description fromACT;
+ }
ban@UoVb:~/ansible$ diff -u before/vsrx2_before_202210151216 log/vsrx2_conf_202210151218
ge-0/0/3 {
+ description fromACT;
unit 0 {
family inet;
}
いい感じになった
vsrxインストールでハマる
調子に乗って更にvsrxをインストールしようとしたところvagrant upしたら全然インストールが進まない
処理を見ると↓のところで止まってタイムアウトとなる
C:\Users\ban\vagrant3>vagrant up
Bringing machine 'vsrx3' up with 'virtualbox' provider...
Bringing machine 'vsrx4' up with 'virtualbox' provider...
==> vsrx3: Importing base box 'juniper/ffp-12.1X47-D15.4-packetmode'...
==> vsrx3: Matching MAC address for NAT networking...
==> vsrx3: Checking if box 'juniper/ffp-12.1X47-D15.4-packetmode' version '0.5.0' is up to date...
==> vsrx3: Setting the name of the VM: vagrant3_vsrx3_1666330878119_86120
==> vsrx3: Clearing any previously set network interfaces...
==> vsrx3: Preparing network interfaces based on configuration...
vsrx3: Adapter 1: nat
vsrx3: Adapter 2: intnet
vsrx3: Adapter 3: intnet
vsrx3: Adapter 4: intnet
==> vsrx3: Forwarding ports...
vsrx3: 22 (guest) => 2203 (host) (adapter 1)
==> vsrx3: Running 'pre-boot' VM customizations...
==> vsrx3: Booting VM...
==> vsrx3: Waiting for machine to boot. This may take a few minutes...
vsrx3: SSH address: 127.0.0.1:22
vsrx3: SSH username: root
vsrx3: SSH auth method: private key
コンソールから show interface ters でアドレス確認
↓
virtualboxのポートフォワーディング設定
で強引に紐づけてなんとか解決
Discussion