0

我是 Ansible 和 Networking 的新手,但是我在网络公司开始了一份工作,在那里我们开始使用 Ansible 来自动化网络节点的配置。瞻博网络设备显示没有问题,但 Arista 交换机在尝试中继简单命令时会出现问题。

所以我想要实现的是使用 Ansible 在 Arista 交换机上创建 vlan。我正在使用使用 https 的 eapi 连接(敏感数据替换为 xxx):

show management api http-commands
Enabled:        Yes
HTTPS server:   running, set to use port 443
HTTP server:    shutdown, set to use port 80
VRF:            MGMT
Hits:           318
Last hit:       766 seconds ago
Bytes in:       25241
Bytes out:      3985523
Requests:       40
Commands:       80
Duration:       79.082 seconds
   User       Hits       Bytes in       Bytes out    Last hit        
---------- ---------- -------------- --------------- --------------- 
   xxx       40         25241          3985523      766 seconds ago 

URLs                                  
------------------------------------- 
Vlan2       : https://xxx

这是我的任务:

     - name: create vlan
       eos_vlan:
          vlan_id: "{{ vlan_id }}"
          name: "{{ vlan_descr }}"
          state: present
          authorize: yes
          auth_pass: "{{ auth_password }}"
          transport: "{{ transport }}"
          username: "{{ username }}"
          password: "{{ password }}"
          validate_certs: false
          ssh_keyfile: "{{ ssh_keyfile }}"

如您所见,我使用授权密码,所有变量都存储在另一个文件中。问题是我收到此错误:

changed": false, "code": 1002, "msg": "CLI command 2 of 2 'vlan 777' failed: invalid command"

此服务器运行在:

     CPE OS Name: cpe:/o:centos:centos:7
     Kernel: Linux 3.10.0-957.21.2.el7.x86_64
     Architecture: x86-64

使用 Ansible:

  config file = /opt/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, May  2 2019, 20:40:44) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

阿里斯塔版本:

Arista DCS-7050QX-32-F
Hardware version:    02.00
Software image version: 4.13.5F
Architecture:           i386

我已经使用相同的任务在测试环境中尝试过这个,但是不同的 ansible VM 和 arista 图像:

Arista vEOS
Hardware version:    
Serial number:       
Software image version: 4.21.1.1F
Architecture:           i386
Internal build version: 4.21.1.1F-10146868.42111F

一切似乎都很好,使用相同的文档来设置用户等等。

我相信这可能是由于用户没有权限,但我包括管理员密码,并且 eapi 和 ansible 用户都具有网络管理员角色。

这是更详细的输出:

fatal: [x.x.x.x]: FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "code": 1002,
    "invocation": {
        "module_args": {
            "aggregate": null,
            "associated_interfaces": null,
            "auth_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "authorize": true,
            "delay": 10,
            "host": "x.x.x.x",
            "interfaces": null,
            "name": null,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "provider": {
                "auth_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "authorize": true,
                "host": "x.x.x.x",
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "port": 443,
                "ssh_keyfile": "/root/.ssh/id_rsa.pub",
                "timeout": 45,
                "transport": "eapi",
                "use_proxy": true,
                "use_ssl": true,
                "username": "eapi",
                "validate_certs": false
            },
            "purge": false,
            "ssh_keyfile": "/root/.ssh/id_rsa.pub",
            "state": "present",
            "timeout": 45,
            "transport": "eapi",
            "url_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "url_username": "eapi",
            "use_ssl": true,
            "username": "eapi",
            "validate_certs": false,
            "vlan_id": 777
        }
    },
    "msg": "CLI command 2 of 2 'vlan 777' failed: invalid command"
}

另一件值得注意的事情是,如果我使用已经存在的 vlan,并且不包含描述(这样就不会进行任何更改),Ansible 会返回成功:

ok: [x.x.x.x] => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "commands": [],
    "invocation": {
        "module_args": {
            "aggregate": null,
            "associated_interfaces": null,
            "auth_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "authorize": true,
            "delay": 10,
            "host": "x.x.x.x",
            "interfaces": null,
            "name": null,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "provider": {
                "auth_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "authorize": true,
                "host": "x.x.x.x",
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "port": 443,
                "ssh_keyfile": "/root/.ssh/id_rsa.pub",
                "timeout": 45,
                "transport": "eapi",
                "use_proxy": true,
                "use_ssl": true,
                "username": "eapi",
                "validate_certs": false
            },
            "purge": false,
            "ssh_keyfile": "/root/.ssh/id_rsa.pub",
            "state": "present",
            "timeout": 45,
            "transport": "eapi",
            "url_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "url_username": "eapi",
            "use_ssl": true,
            "username": "eapi",
            "validate_certs": false,
            "vlan_id": 777
        }
    }
}

有人可以指出我应该寻找答案的地方吗?或者有什么建议吗?我将非常感激。

谢谢

4

1 回答 1

0

答案一直在我的问题中:原来是由于软件版本:

   Arista DCS-7050QX-32-F 
   Hardware version: 02.00 
   Software image version: 4.13.5F 
   Architecture: i386

你至少需要4.15.5Ftu 运行Ansible 2.8.1

于 2019-06-20T08:25:15.043 回答