18 December 2014

Overview

Read first the previous post. Here you will find some notes after few weeks in production.

Improvments

Login with password

In the previous previous post we assumed the login by ssh keys. But howto do the first setup with password? There is very simple solution, use sshpass.

- hosts: all
  connection: local
  gather_facts: no

  vars_prompt:
  - name: user
    prompt: "nazov uzivatela"
    private: no
  - name: pass
    prompt: enter password"
    private: yes

  tasks:
  - name: "task with ssh and password"
    action: command sshpass -p '{{ pass }}' ssh -l {{ user }}...

  - name: "task with scp and password"
    action: command sshpass -p '{{ pass }}' scp ...

Logining pure with the keys

In this case ansible is not responsible to login to the device, so if you are trying to use the keys only login without passing the password use the BatchMode, otherwise the ssh or scp hangs on the password prompt. If you will reach the --forks limit, the execution of the playbook will hang.

 action: command ssh -o BatchMode=yes ....

Saving the output

The problem is the error handling of the command output running on the mikrotik routers. The tasks ends always with rc=0 if you are able to login into device. I will took an example form previous post.

- name: "import script on device"
  action: command ssh -p {{ ansible_ssh_port }} {{ ansible_ssh_user }}@{{ ansible_ssh_host }} "/import verbose=yes ansible_{{ template }}.rsc"
  tags: import
  register: import_result

- name: "saving output"
  action: copy content='{{ import_result.stdout }}' dest="template_configs/{{ inventory_hostname }}_{{ template }}.log"
  tags: import

Unresolved problems

Ansible retry file

Ansible is generating retry file, which could be used by --limit @<retry file>. The filename and the location of this retry file is fixed.

Consider to have one playbook based on vars_prompt. You can enter these variables also on the command line using the –extra-vars=EXTRA_VARS. For example the template playbook from previous post. If you want to run this playbook with 2 diffrent template files ansible will save the failed hosts into the same retry file ;(

I wrote small patch and created pull request to fix this problem.