ansible-collections/cisco.ios

Unable to complete MD5 verification for .bin file using ios_command module

nareid25 opened this issue · 0 comments

SUMMARY

Running into issues when trying to verify the integrity of .bin file through Ansible. I can see from the 'show history all' on the Cisco 9k switch that the command issues correctly, but it appears to hang at this point until the timeout value selected is reached.

FAILED! => {"changed": false, "msg": "command timeout triggered, timeout value is 240 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."}

ISSUE TYPE
  • Bug Report
COMPONENT NAME

cisco.ios.ios_command

ANSIBLE VERSION
ansible [core 2.17.1]
  config file = /app/ansible/ansible.cfg
  configured module search path = ['/opt/app-root/src/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/app-root/lib64/python3.11/site-packages/ansible
  ansible collection location = /opt/app-root/src/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/app-root/bin/ansible
  python version = 3.11.7 (main, Jan 26 2024, 15:26:41) [GCC 8.5.0 20210514 (Red Hat 8.5.0-21)] (/opt/app-root/bin/python3.11)
  jinja version = 3.1.4
  libyaml = True

COLLECTION VERSION
# /opt/app-root/src/.ansible/collections/ansible_collections
Collection Version
---------- -------
cisco.ios  9.0.0

CONFIGURATION
CACHE_PLUGIN(/app/ansible/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/app/ansible/ansible.cfg) = /app/ansible/playbooks/prod/show/gatherfacts/cached_facts
CONFIG_FILE() = /app/ansible/ansible.cfg
DEFAULT_FORKS(/app/ansible/ansible.cfg) = 15
DEFAULT_HOST_LIST(/app/ansible/ansible.cfg) = ['/app/ansible/inventory.py']
DEFAULT_LOG_PATH(/app/ansible/ansible.cfg) = /app/ansible/logs/ansiblelog.txt
DEFAULT_TIMEOUT(/app/ansible/ansible.cfg) = 15
DEPRECATION_WARNINGS(/app/ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/app/ansible/ansible.cfg) = False
INVENTORY_ENABLED(/app/ansible/ansible.cfg) = ['script', 'yaml']

OS / ENVIRONMENT

Target Devices: Cisco 9300 Switch
IOS Version: 17.09.05

STEPS TO REPRODUCE

Using a command prompt in the YAML playbook it asks for input of the .bin file within flash: to be checked. The md5checksum is stored as a variable within the playbook. The playbook has two tasks, first to run the ios_command to verify MD5 and store the output in a variable. The second task is to debug the variable stored, but it never makes it to this part.

---
- name: Check .bin file integrity with MD5
  hosts: all
  gather_facts: no
  vars:
    ansible_ssh_user: "{{ test_user }}"
    ansible_ssh_pass: "{{ test_pass }}"
    ansible_command_timeout: 240
    md5_checksum: 5ca91b99bee3591fd75c17274ab26d1a

  vars_prompt:
  - name: bin_file
    prompt: The full name of the .bin file you want to check (e.g cat9k_iosxe.17.09.05.SPA.bin)
    private: no

  tasks:
    - name: 
      cisco.ios.ios_command:
        commands: 
          - command: 'verify /md5 flash:{{ bin_file }} {{ md5_checksum}}'
      register: output

    - debug:
        var: output
EXPECTED RESULTS

I would expect it to check the md5 sum against the checksum value and return output on last line like the following:

Verified (flash:cat9k_iosxe.17.09.05.SPA.bin) = 5ca91b99bee3591fd75c17274ab26d1a

ACTUAL RESULTS

What actually happens is it hangs once the ios_command is successfully inputted to the device. Logs show that the Ansible server logs in and correctly issues the command.

TASK [cisco.ios.ios_command] *************************************************************************************************************************************************************************
task path: /app/ansible/playbooks/dev/nate/test.yml:17
Trying secret <ansible.parsing.vault.PromptVaultSecret object at 0x7f0e53b09250> for vault_id=default
Loading collection ansible.netcommon from /opt/app-root/src/.ansible/collections/ansible_collections/ansible/netcommon
Loading collection ansible.utils from /opt/app-root/src/.ansible/collections/ansible_collections/ansible/utils
Trying secret <ansible.parsing.vault.PromptVaultSecret object at 0x7f0e53b09250> for vault_id=default
Trying secret <ansible.parsing.vault.PromptVaultSecret object at 0x7f0e53b09250> for vault_id=default
<172.0.0.1> Using network group action cisco.ios.ios for cisco.ios.ios_command
<172.0.0.1> attempting to start connection
<172.0.0.1> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /opt/app-root/bin/ansible-connection
<172.0.0.1> local domain socket does not exist, starting it
<172.0.0.1> control socket path is /opt/app-root/src/.ansible/pc/cb60071595
<172.0.0.1> Loading collection ansible.builtin from
<172.0.0.1> Loading collection ansible.netcommon from /opt/app-root/src/.ansible/collections/ansible_collections/ansible/netcommon
<172.0.0.1> Loading collection ansible.utils from /opt/app-root/src/.ansible/collections/ansible_collections/ansible/utils
<172.0.0.1> Loading collection cisco.ios from /opt/app-root/src/.ansible/collections/ansible_collections/cisco/ios
<172.0.0.1> local domain socket listeners started successfully
<172.0.0.1> loaded cliconf plugin ansible_collections.cisco.ios.plugins.cliconf.ios from path /opt/app-root/src/.ansible/collections/ansible_collections/cisco/ios/plugins/cliconf/ios.py for network_os cisco.ios.ios
<172.0.0.1> ssh type is set to auto
<172.0.0.1> autodetecting ssh_type
<172.0.0.1> ssh type is now set to libssh
<172.0.0.1> Loading collection ansible.builtin from
<172.0.0.1> local domain socket path is /opt/app-root/src/.ansible/pc/cb60071595
<172.0.0.1> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<172.0.0.1> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.ios.ios_command  at /opt/app-root/src/.ansible/collections/ansible_collections/cisco/ios/plugins/modules/ios_command.py
<172.0.0.1> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.ios.ios_command
<172.0.0.1> ANSIBLE_NETWORK_IMPORT_MODULES: complete
The full traceback is:
  File "/opt/app-root/src/.ansible/collections/ansible_collections/cisco/ios/plugins/module_utils/network/ios/ios.py", line 105, in run_commands
    return connection.run_commands(commands=commands, check_rc=check_rc)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/app-root/lib64/python3.11/site-packages/ansible/module_utils/connection.py", line 199, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [TEST-9300]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "commands": [
                {
                    "answer": null,
                    "check_all": false,
                    "command": "verify /md5 flash:cat9k_iosxe.17.09.05.SPA.bin 5ca91b99bee3591fd75c17274ab26d1a",
                    "newline": true,
                    "output": null,
                    "prompt": null,
                    "sendonly": false
                }
            ],
            "interval": 1,
            "match": "all",
            "retries": 9,
            "wait_for": null
        }
    },
    "msg": "command timeout triggered, timeout value is 240 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."
}

PLAY RECAP *******************************************************************************************************************************************************************************************
TEST-9300    : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0