2017-10-08 98 views
-1

嘗試使用Ansible運行簡單的gather_ facts playbook。我可以使用用戶證書沒有問題通過SSH連接,但有原因的周圍劇本失敗,出現以下消息,我不能讓我的頭:如何在運行Ansible playbbok時識別加密問題?

2017-10-07 22:57:44,248 ncclient.transport.ssh Unknown exception: cannot import name aead 

操作系統:Ubuntu的(Ubuntu的LTS 16.04.3) 目的地路由器:香橙的virtualbox橄欖[12.1R1.9] Ansible版本:2.4.0.0

主機:

[all:vars] 
ansible_python_interpreter=/usr/bin/python 
ansible_connection = local 
[junos] 
lab.r1 

劇本:

--- 
- hosts: junos 
    gather_facts: no 

    tasks: 
    - name: obtain login credentials 
    include_vars: ../auth/secrets.yml 

    - name: Checking NETCONF connectivity 
    wait_for: host={{ inventory_hostname }} port=830 timeout=5 

    - name: Gather Facts 
    junos_facts: 
     host: "{{ inventory_hostname }}" 
     username: "{{ creds['username'] }}" 
     password: "{{ creds['password'] }}" 
    register: junos 

    - name: version 
    debug: msg="{{ junos.facts.version }}" 

劇本輸出:

$ ansible-playbook -vvvv junos-get_facts.yml 
ansible-playbook 2.4.0.0 
    config file = /etc/ansible/ansible.cfg 
    configured module search path = [u'/usr/local/lib/python2.7/dist-packages/ansible/modules'] 
    ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible 
    executable location = /usr/local/bin/ansible-playbook 
    python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609] 
Using /etc/ansible/ansible.cfg as config file 
setting up inventory plugins 
Parsed /etc/ansible/hosts inventory source with ini plugin 
Loading callback plugin default of type stdout, v2.0 from /usr/local/lib/python2.7/dist-packages/ansible/plugins/callback/__init__.pyc 

PLAYBOOK: junos-get_facts.yml ****************************************************************************************************************** 
1 plays in junos-get_facts.yml 

PLAY [junos] *********************************************************************************************************************************** 
META: ran handlers 

TASK [obtain login credentials] **************************************************************************************************************** 
task path: /usr/local/share/ansible/junos/junos-get_facts.yml:6 
Trying secret FileVaultSecret(filename='/usr/local/share/ansible/auth/vault/vault_pass.py') for vault_id=default 
ok: [lab.r1] => { 
    "ansible_facts": { 
     "creds": { 
      "password": "*******", 
      "username": "ansible" 
     } 
    }, 
    "ansible_included_var_files": [ 
     "/usr/local/share/ansible/junos/../auth/secrets.yml" 
    ], 
    "changed": false, 
    "failed": false 
} 

TASK [Checking NETCONF connectivity] *********************************************************************************************************** 
task path: /usr/local/share/ansible/junos/junos-get_facts.yml:9 
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/utilities/logic/wait_for.py 
<lab.r1> ESTABLISH LOCAL CONNECTION FOR USER: ansible 
<lab.r1> EXEC /bin/sh -c '(umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1507431462.1-117888621897412 `" && echo ansible-tmp-1507431462.1-117888621897412="` echo $HOME/.ansible/tmp/ansible-tmp-1507431462.1-117888621897412 `") && sleep 0' 
<lab.r1> PUT /tmp/tmpW193y0 TO /usr/local/share/ansible/.ansible/tmp/ansible-tmp-1507431462.1-117888621897412/wait_for.py 
<lab.r1> EXEC /bin/sh -c 'chmod u+x /usr/local/share/ansible/.ansible/tmp/ansible-tmp-1507431462.1-117888621897412/ /usr/local/share/ansible/.ansible/tmp/ansible-tmp-1507431462.1-117888621897412/wait_for.py && sleep 0' 
<lab.r1> EXEC /bin/sh -c '/usr/bin/python /usr/local/share/ansible/.ansible/tmp/ansible-tmp-1507431462.1-117888621897412/wait_for.py; rm -rf "/usr/local/share/ansible/.ansible/tmp/ansible-tmp-1507431462.1-117888621897412/" > /dev/null 2>&1 && sleep 0' 
ok: [lab.r1] => { 
    "changed": false, 
    "elapsed": 0, 
    "failed": false, 
    "invocation": { 
     "module_args": { 
      "active_connection_states": [ 
       "ESTABLISHED", 
       "FIN_WAIT1", 
       "FIN_WAIT2", 
       "SYN_RECV", 
       "SYN_SENT", 
       "TIME_WAIT" 
      ], 
      "connect_timeout": 5, 
      "delay": 0, 
      "exclude_hosts": null, 
      "host": "lab.r1", 
      "msg": null, 
      "path": null, 
      "port": 830, 
      "search_regex": null, 
      "sleep": 1, 
      "state": "started", 
      "timeout": 5 
     } 
    }, 
    "path": null, 
    "port": 830, 
    "search_regex": null, 
    "state": "started" 
} 

TASK [Gather Facts] **************************************************************************************************************************** 
task path: /usr/local/share/ansible/junos/junos-get_facts.yml:12 
<lab.r1> using connection plugin netconf 
<lab.r1> socket_path: None 
fatal: [lab.r1]: FAILED! => { 
    "changed": false, 
    "failed": true, 
    "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell" 
} 
     to retry, use: --limit @/usr/local/share/ansible/junos/junos-get_facts.retry 

PLAY RECAP ************************************************************************************************************************************* 
lab.r1      : ok=2 changed=0 unreachable=0 failed=1 

詳細日誌輸出顯示以下內容:

2017-10-07 23:19:51,177 p=2906 u=ansible | TASK [Gather Facts] **************************************************************************************************************************** 
2017-10-07 23:19:51,180 p=2906 u=ansible | task path: /usr/local/share/ansible/junos/junos-get_facts.yml:12 
2017-10-07 23:19:52,739 p=2937 u=ansible | creating new control socket for host lab.r1:830 as user ansible 
2017-10-07 23:19:52,740 p=2937 u=ansible | control socket path is /usr/local/share/ansible/.ansible/pc/b52ae79c72 
2017-10-07 23:19:52,740 p=2937 u=ansible | current working directory is /usr/local/share/ansible/junos 
2017-10-07 23:19:52,741 p=2937 u=ansible | using connection plugin netconf 
2017-10-07 23:19:52,937 p=2937 u=ansible | network_os is set to junos 
2017-10-07 23:19:52,951 p=2937 u=ansible | ssh connection done, stating ncclient 
2017-10-07 23:19:52,982 p=2937 u=ansible | failed to create control socket for host lab.r1 
2017-10-07 23:19:52,985 p=2937 u=ansible | Traceback (most recent call last): 
    File "/usr/local/bin/ansible-connection", line 316, in main 
    server = Server(socket_path, pc) 
    File "/usr/local/bin/ansible-connection", line 112, in __init__ 
    self.connection._connect() 
    File "/usr/local/lib/python2.7/dist-packages/ansible/plugins/connection/netconf.py", line 158, in _connect 
    ssh_config=ssh_config 
    File "/usr/local/lib/python2.7/dist-packages/ncclient/manager.py", line 154, in connect 
    return connect_ssh(*args, **kwds) 
    File "/usr/local/lib/python2.7/dist-packages/ncclient/manager.py", line 116, in connect_ssh 
    session.load_known_hosts() 
    File "/usr/local/lib/python2.7/dist-packages/ncclient/transport/ssh.py", line 299, in load_known_hosts 
    self._host_keys.load(filename) 
    File "/usr/local/lib/python2.7/dist-packages/paramiko/hostkeys.py", line 97, in load 
    e = HostKeyEntry.from_line(line, lineno) 
    File "/usr/local/lib/python2.7/dist-packages/paramiko/hostkeys.py", line 358, in from_line 
    key = ECDSAKey(data=decodebytes(key), validate_point=False) 
    File "/usr/local/lib/python2.7/dist-packages/paramiko/ecdsakey.py", line 156, in __init__ 
    self.verifying_key = numbers.public_key(backend=default_backend()) 
    File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend 
    from cryptography.hazmat.backends.openssl.backend import backend 
    File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module> 
    from cryptography.hazmat.backends.openssl.backend import backend 
    File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 23, in <module> 
    from cryptography.hazmat.backends.openssl import aead 
ImportError: cannot import name aead 

2017-10-07 23:20:02,775 p=2906 u=ansible | fatal: [lab.r1]: FAILED! => { 
    "changed": false, 
    "failed": true, 
    "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell" 
} 

任何幫助理解。

+0

什麼版本的'pycrypto'的你已經安裝了? – techraf

+0

感謝您的反饋。 產品名稱:pycrypto 版本:2.6.1 –

+1

'aead'由後端導入,但也無法找到。這聽起來像是它可能試圖導入兩個不同版本的'cryptography'。 'pycrypto'在這裏是不相關的(這是一個不相關的包)。首先,我會建議升級'cryptography',但是自從那個aead在2.0中加入以後,你可能需要確保你沒有通過pip和通過你的發行包管理器安裝加密。 –

回答

0

答案是:

通過「保羅Kehrer」回答
aead正在由後端的進口,也無法找到。這聽起來像它可能試圖導入兩個不同版本的cryptographypycrypto在這裏是無關的(這是一個不相關的包)。首先,我建議升級cryptography,但由於aead是2.0版本添加的,您可能需要確保您沒有cryptography通過點和通過您的發行包管理器安裝。

一旦我通過畫中畫劇本去除pycryptocryptography跑預期:

TASK [version] ************************************************************************************************************************************************* 
task path: /usr/local/share/ansible/junos/junos-get_facts.yml:25 
ok: [lab.r1] => { 
    "msg": "olive" 
} 
META: ran handlers 
META: ran handlers 

PLAY RECAP ***************************************************************************************************************************************************** 
lab.r1      : ok=5 changed=0 unreachable=0 failed=0