On Thu, Jul 28, 2022 at 9:26 AM [email protected] <[email protected]> wrote: > > Hi, > For connectivity to Cisco XR devices, i need to use one or more jumphosts. > I am using: > ansible_ssh_common_args: -o StrictHostKeyChecking=no -o > UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -W %h:%p -q jumphost" > > but also tried some other order of the arguments as was suggested in this > thread (to no avail): > https://groups.google.com/g/ansible-project/c/ny63wqcGv7Y > > vars: > connection: network_cli > ansible_network_os: cisco.iosxr.iosxr > ssh_type: libssh > > Running: > ansible 3.4.0 > ansible-base 2.10.17 > ansible-pylibssh 0.3.0 > paramiko 2.10.5
Start upstream, yoink those obsolete versions of ansible and ansible-base, and install ansible-core by itself. Add modules only if and as needed from the ansible galaxy collection, rather than relying on the quite large and sometimes fragile suite of more than 100 modules in what I would call the mislabeled "ansible" tarball. Put the SSH settings to disable the known_hosts file in the .~/ssh/config file of the staging account and the ansible server's account, stop trying to force those through complex remote environments. known_hosts has been a problem since SSH was created, especially in bulky remote environments where IP addresses may be re-assigned to hosts with quite distinct SSH host keys. > As soon as i switch to ansible version 4.0,0 the ansible_ssh_common_args is > not being read/loaded and the task: > - task > - name: run show version on remote device > cisco.iosxr.iosxr_command: > commands: show version Where are you finding ansible 4.0.0? I'd not expect such an old ansible to have a contemporary cisco iosxr module, nor rely on a contemporary version of the module it to be compatible with such an old ansible-base. It's helpful to remember that the modern "ansible" package, well, it isn't ansible. It's a bulky collection of ansible galaxy collection modules, and all the key functional tools are in the "ansible-core" package, formerly labeled ansible-bae. See above. Deal with the minimum suite of tools, including a supported version of ansible-core and the relevant galaxy tools. > This task fails > "msg": "ssh connection failed: ssh connect failed: Network is > unreachable", > as it tries to connect to the host directly. > The same results are yielded when running ansible 5.0.x and 6.0.x So... those seem to include the cisco.iosxr module Why not install and review just that module,? I'd yoink the "ansible" package entirely, and update the ansible-core to the most recent version for debugging. Debug the Ansible to your nearer hosts to validate your basic SSH usage, then activate the more complex module as appropriate. > When I use the default connection: ssh in combination with iosxr_command > "changed": false, > "msg": "Connection type ssh is not valid for this module" > So as jumphosts are quite normal to use as it is best practice, there must be > a way to get this to work. > I must be missing something, but after reading heaps of sources, i am unable > to figure out how to get this to work in current non-EOL ansible. "jumphosts" are an effective tool to solve certain exposure issues. But there are quite a few distinct ways to run jumphosts, and I'm afraid your description is missing enough details to provide a lot more help. I urge you to start from scratch in a clean contemporary test environment. > Thanx in advance. > Regards > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/45bce891-c282-487b-9e96-391d28aee48fn%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOCN9rx3wa%2BJ%2BXqKoXS2W7CrSLbEeZVZa8OhysQR7cK2QOxTUg%40mail.gmail.com.
