ansible backups for cisco asa devices: ERROR: % Invalid input detected at '^' marker

Question

I have been tasked with backing up all of our network devices, so natuarally I chose ansible. I am no expert but I sure need help on this one! I have tried everything under the moon and cannot figure it out, neither has chat-gpt. The ansible ping module works successfully and the debug output shows its getting some of the data from 'sh run' however its still failing. I can login manually and run both commands with no errors. The two commands I am using are 'terminal pager 0' and 'sh run' I am using the cisco.asa.asa module. I havs also tried using the wait for directive, but maybe I did it wrong. Here is my yaml file with more details the cfg, debug output etc. Yamllint and --sytax-check show no errors. Thank you! Much appreciated!!

Errors:

[root@ho-lx-ansible01 networking]# play -vvvv mynewtest.zz.yml  > .out 2>&1

ansible-playbook [core 2.13.3]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.9.13 (main, Nov 16 2022, 15:11:16) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15.0.1)]
  jinja version = 3.1.2
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading collection community.general from /usr/share/ansible/collections/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading callback plugin community.general.yaml of type stdout, v2.0 from /usr/share/ansible/collections/ansible_collections/community/general/plugins/callback/yaml.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: mynewtest.zz.yml *****************************************************
Positional arguments: mynewtest.zz.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 10
1 plays in mynewtest.zz.yml
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'

PLAY [Backup ASA Configuration] ************************************************
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa

TASK [Show running config] *****************************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:21
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> attempting to start connection
<zzasaXXX.ad.XXX.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasaXXX.ad.XXX.com> local domain socket does not exist, starting it
<zzasaXXX.ad.XXX.com> control socket path is /root/.ansible/pc/f2e7921f36
<zzasaXXX.ad.XXX.com> redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
<zzasaXXX.ad.XXX.com> Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
<zzasaXXX.ad.XXX.com> Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
<zzasaXXX.ad.XXX.com> local domain socket listeners started successfully
<zzasaXXX.ad.XXX.com> loaded cliconf plugin ansible_collections.cisco.asa.plugins.cliconf.asa from path /root/.ansible/collections/ansible_collections/cisco/asa/plugins/cliconf/asa.py for network_os cisco.asa.asa
<zzasaXXX.ad.XXX.com> ssh type is set to libssh
<zzasaXXX.ad.XXX.com>
<zzasaXXX.ad.XXX.com> local domain socket path is /root/.ansible/pc/f2e7921f36
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.asa.asa_facts  at /root/.ansible/collections/ansible_collections/cisco/asa/plugins/modules/asa_facts.py
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.asa.asa_facts
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: complete
ok: [zzasaXXX] => changed=false
  ansible_facts:
    ansible_net_api: cliconf
    ansible_net_asatype: null
    ansible_net_config: |2-
                    Total TLS Proxy Sessions          : 2              perpetual
      Botnet Traffic Filter             : Disabled       perpetual
      Cluster                           : Disabled       perpetual

      This platform has a Base license.

      Serial Number: JAD203707VN
      Running Permanent Activation Key: 0xd221e25c 0x985012a5 0xa44219b4 0xb740ccb0 0x013303a6
      Configuration register is 0x1
      FPGA UPGRADE Version      : 3.0
      FPGA GOLDEN Version       : 3.0
      ROMMON Version            : 1.1.18
      Image type                : Release
      Key Version               : A
      Configuration last modified by XXX\alamonda at 11:24:47.301 EDT Wed May 3 2023
      ZZASAP01# running-config
                 ^
      ERROR: % Invalid input detected at '^' marker.
      ZZASAP01#
    ansible_net_device_mgr_version: 7.19(1)90
    ansible_net_gather_network_resources: []
    ansible_net_gather_subset:
    - default
    - config
    ansible_net_hostname: ZZASAP01
    ansible_net_image: disk0:/asa9-16-3-23-lfbff-k8.SPA
    ansible_net_python_version: 3.9.13
    ansible_net_serialnum: null
    ansible_net_system: asa
    ansible_net_version: 9.16(3)23
    ansible_network_resources: {}
  invocation:
    module_args:
      context: null
      gather_network_resources: null
      gather_subset:
      - config
      passwords: null
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'

TASK [show output] *************************************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:27
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> attempting to start connection
<zzasaXXX.ad.XXX.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasaXXX.ad.XXX.com> found existing local domain socket, using it!
<zzasaXXX.ad.XXX.com> invoked shell using ssh_type: libssh
<zzasaXXX.ad.XXX.com> ssh connection done, setting terminal
<zzasaXXX.ad.XXX.com> loaded terminal plugin for network_os cisco.asa.asa
<zzasaXXX.ad.XXX.com> firing event: on_open_shell()
[WARNING]: on_open_shell: failed to set terminal parameters
<zzasaXXX.ad.XXX.com> ssh connection has completed successfully
<zzasaXXX.ad.XXX.com> updating play_context for connection
<zzasaXXX.ad.XXX.com>
<zzasaXXX.ad.XXX.com> local domain socket path is /root/.ansible/pc/f2e7921f36
ok: [zzasaXXX] =>
  ansible_net_config:
    ansible_facts:
      ansible_net_api: cliconf
      ansible_net_asatype: null
      ansible_net_config: |2-
                      Total TLS Proxy Sessions          : 2              perpetual
        Botnet Traffic Filter             : Disabled       perpetual
        Cluster                           : Disabled       perpetual

        This platform has a Base license.

        Serial Number: JAD203707VN
        Running Permanent Activation Key: 0xd221e25c 0x985012a5 0xa44219b4 0xb740ccb0 0x013303a6
        Configuration register is 0x1
        FPGA UPGRADE Version      : 3.0
        FPGA GOLDEN Version       : 3.0
        ROMMON Version            : 1.1.18
        Image type                : Release
        Key Version               : A
        Configuration last modified by XXX\alamonda at 11:24:47.301 EDT Wed May 3 2023
        ZZASAP01# running-config
                   ^
        ERROR: % Invalid input detected at '^' marker.
        ZZASAP01#
      ansible_net_device_mgr_version: 7.19(1)90
      ansible_net_gather_network_resources: []
      ansible_net_gather_subset:
      - default
      - config
      ansible_net_hostname: ZZASAP01
      ansible_net_image: disk0:/asa9-16-3-23-lfbff-k8.SPA
      ansible_net_python_version: 3.9.13
      ansible_net_serialnum: null
      ansible_net_system: asa
      ansible_net_version: 9.16(3)23
      ansible_network_resources: {}
    changed: false
    failed: false
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'

TASK [Save running config to a file] *******************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:31
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> attempting to start connection
<zzasaXXX.ad.XXX.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasaXXX.ad.XXX.com> found existing local domain socket, using it!
<zzasaXXX.ad.XXX.com> updating play_context for connection
<zzasaXXX.ad.XXX.com>
<zzasaXXX.ad.XXX.com> local domain socket path is /root/.ansible/pc/f2e7921f36
<zzasaXXX.ad.XXX.com> ESTABLISH LOCAL CONNECTION FOR USER: root
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-4699c2_f7d2s `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680 `" && echo ansible-tmp-1683226209.4103367-4714-216689891930680="` echo /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680 `" ) && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/stat.py
<zzasaXXX.ad.XXX.com> PUT /root/.ansible/tmp/ansible-local-4699c2_f7d2s/tmppq9q72rm TO /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_stat.py
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/ /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_stat.py && sleep 0'
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c '/usr/bin/python3.9 /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_stat.py && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/file.py
<zzasaXXX.ad.XXX.com> PUT /root/.ansible/tmp/ansible-local-4699c2_f7d2s/tmpkjnfx3s1 TO /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_file.py
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/ /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_file.py && sleep 0'
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c '/usr/bin/python3.9 /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_file.py && sleep 0'
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/ > /dev/null 2>&1 && sleep 0'
ok: [zzasaXXX] => changed=false
  checksum: 5a6e3d377742ec32c0bb911561b81ade44373e96
  dest: /mnt/zzasaXXX.runcfg
  diff:
    after:
      path: /mnt/zzasaXXX.runcfg
    before:
      path: /mnt/zzasaXXX.runcfg
  gid: 0
  group: root
  invocation:
    module_args:
      _diff_peek: null
      _original_basename: tmpv40dwe82
      access_time: null
      access_time_format: '%Y%m%d%H%M.%S'
      attributes: null
      dest: /mnt/zzasaXXX.runcfg
      follow: true
      force: false
      group: null
      mode: null
      modification_time: null
      modification_time_format: '%Y%m%d%H%M.%S'
      owner: null
      path: /mnt/zzasaXXX.runcfg
      recurse: false
      selevel: null
      serole: null
      setype: null
      seuser: null
      src: null
      state: file
      unsafe_writes: false
  mode: '0644'
  owner: root
  path: /mnt/zzasaXXX.runcfg
  secontext: system_u:object_r:nfs_t:s0
  size: 1326
  state: file
  uid: 0
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers

PLAY RECAP *********************************************************************
zzasaXXX                   : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0


############
YAML and CFG:

---
- name: Backup ASA Configuration
  hosts: zzasaXXX
  gather_facts: false

  collections:
    - cisco.asa
    - cisco.asa.asa_facts
    - ansible.netcommon.net_get

  vars:
    # Encrypted variables
    ansible_user: "{{ vault_net_user }}"
    ansible_password: "{{ vault_net_pass }}"

  vars_files:
    - '/etc/ansible/group_vars/vault.yml'

  tasks:

    - name: Show running config
      cisco.asa.asa_facts:
        gather_subset:
          - config
      register: ansible_net_config

    - name: show output
      debug:
        var: ansible_net_config

    - name: Save running config to a file
      copy:
        content: "{{ ansible_net_config }}"
        dest: "/mnt/{{ inventory_hostname }}.runcfg"
...

[root@ho-lx-ansible01 networking]# ls -al /mnt
total 76
drwxrwxrwx.  1 root root    72 May  4 14:49 .
dr-xr-xr-x. 18 root root   235 May  2 13:10 ..
-rwxrwxrwx.  1 root root 67434 May  4 14:19 foo
-rw-r--r--.  1 root root  1326 May  4 14:49 zzasap01.runcfg


### 
SHOW VERSIONS on ASA
###

ZZASAP01# show version

Cisco Adaptive Security Appliance Software Version 9.16(3)23
SSP Operating System Version 2.10(1.214)
Device Manager Version 7.19(1)90

Compiled on Fri 09-Sep-22 18:14 GMT by builders
System image file is "disk0:/asa9-16-3-23-lfbff-k8.SPA"
Config file at boot was "startup-config"

ZZASAP01 up 82 days 23 hours

Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
                             Number of accelerators: 1

 1: Ext: GigabitEthernet1/1  : address is 00a2.eef9.d683, irq 255
 2: Ext: GigabitEthernet1/2  : address is 00a2.eef9.d684, irq 255
 3: Ext: GigabitEthernet1/3  : address is 00a2.eef9.d685, irq 255
 4: Ext: GigabitEthernet1/4  : address is 00a2.eef9.d686, irq 255
 5: Ext: GigabitEthernet1/5  : address is 00a2.eef9.d687, irq 255
 6: Ext: GigabitEthernet1/6  : address is 00a2.eef9.d688, irq 255
 7: Ext: GigabitEthernet1/7  : address is 00a2.eef9.d689, irq 255
 8: Ext: GigabitEthernet1/8  : address is 00a2.eef9.d68a, irq 255
 9: Int: Internal-Data1/1    : address is 00a2.eef9.d682, irq 255
10: Int: Internal-Data1/2    : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3    : address is 0000.0001.0003, irq 0
13: Ext: Management1/1       : address is 00a2.eef9.d682, irq 0
14: Int: Internal-Data1/4    : address is 0000.0100.0001, irq 0
The Running Activation Key feature: 2 security contexts exceed the limit on the platform, reduced to 0 security contexts.

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 5              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

Serial Number: JAXXXXX
Running Permanent Activation Key XXXXXXXXXXXXXXX
Configuration register is 0x1
FPGA UPGRADE Version      : 3.0
FPGA GOLDEN Version       : 3.0
ROMMON Version            : 1.1.18
Image type                : Release
Key Version               : A
Configuration last modified by mei\alamonda at 11:24:47.301 EDT Wed May 3 2023
ZZASAP01#

correct, i am using that however some devices such as asas can use aliases for example sh run is == to show running-config — dirman, May 04 '23 at 18:48

score 0 · Accepted Answer · answered May 03 '23 at 23:44

0

If you're using cisco.asa module, it is advised not to reinvent the wheel and use cisco.asa.asa_facts designed specifically for this very purpose.

- name: Gather only the config and default facts
  cisco.asa.asa_facts:
    gather_subset:
    - config

You will then have current configuration in ansible_net_config.

answered May 03 '23 at 23:44

Peter Zhabin

2,696
9
10

Mmm Ok great! thank you for that information. I must of overlooked it on github. Anyway I tried what you suggested and its failing with python code errors, specifically "ModuleNotFoundError: No module named 'ansible_collections.ansible.netcommon.plugins.module_utils.network.common.network_template' fatal: [zzasaxxx]: FAILED! => msg: Unexpected failure during module execution. stdout: '' So I reinstalled using ansible-galaxy collection install network.common then reren the playbook and got the same errors. – dirman May 04 '23 at 00:21
This looks like using old template version against a newer netcommon, please ensure that your cisco.asa collection is the latest (4.0.0) – Peter Zhabin May 04 '23 at 00:31
I removed the older version, reinstalled 4.0 with a --force and it still thinks the module is missing. from my galaxty collection list command: [WARNING]: Collection at '/root/.ansible/collections/ansible_collections/cisco/asa' does not have a MANIFEST.json file, nor has it galaxy.yml: cannot detect version. My verify of asa comes back clean too. /root/.ansible/collections/ansible_collections/cisco/asa/ansible_collections cisco.asa 4.0.0 /root/.ansible/collections/ansible_collections cisco.asa * – dirman May 04 '23 at 01:20
Looks like your symlink at `root/.ansible/collections/ansible_collections cisco.asa` is still pointing to old ASA module that has been removed. – Peter Zhabin May 04 '23 at 06:34
OK im confused b/c the output of the playbook is not a full sh running-config, nor is it fully working at least in my case. Ill re-post the current msgs, output. – dirman May 04 '23 at 17:18
OK i think i figured out what you meant about the ansible_net_config. I see it now with the CODE register: ansible_net_config - name: show output debug: var: ansible_net_config END I wrote this to a file, but its not the full running-config I normally see. This is no where near of the amount of data compared to a sh runnning-config output. Is that OK for a restore if when a disaster occurs? I am not a network admin so escuse my ignorance. I am a Linux/AIX/ANSIBLE guy. – dirman May 04 '23 at 17:50
Does the user you're trying to connect to ASA as have necessary privilege level for the show running-config? It looks like some portions of commands you submit to ASA are being ignored.. – Peter Zhabin May 04 '23 at 18:09
yes I can run termianl pager 0 and sh run manually and it works fine. true it is a locked down "backup user". when I used the cisco.asa.asa_config module backup: true in another yaml file, it does write a file out to my NFS share however its only 1.5k in size compared to when I copy-paste the manual sh run output from the asa the file size is 65k and has a lot more data. – dirman May 04 '23 at 18:21
Can you add `-vvvv` to the playbook command and share the complete log? It seems something is really broken here.. – Peter Zhabin May 04 '23 at 18:38
The problem here is that the output you see in `ansible_net_config` variable is actually last lines of the output of `show version` command followed by truncated input "running-config" on the command prompt by itself.. The same was true for your original attempt to use `show run` as cli_command, but I was attributing that to some logic you might had in your play before trying to get the command output. Can you please show the output of `show version` on your platform so that we can look for clues that make asa module unhappy? – Peter Zhabin May 04 '23 at 19:22
ill post it above. thank you! – dirman May 04 '23 at 19:34
Well, I don't see anything wrong that would trigger ASA module to interrupt parsing of `show version` it does before doing any actual work, but according to trace this is the case. It should stop on regex and nothing in your `show version` output matches these regexes.. You can open an issue here to see if the maintainer of the module could be of any help: https://github.com/ansible-collections/cisco.asa – Peter Zhabin May 04 '23 at 20:26
ok i submitted a bug report under cisco.asa #196. question. is there any reason why I couldnt use a "generic" ansible network module, such as cisco.iso to send the show running-config command? What module would you recommend besides the one thats is broke, is there one? – dirman May 04 '23 at 22:32
It is ain't that simple, as most of vendor-specific Ansible modules (like cisco.*) do some magic like `sho ver` before trying to do anything just to be on the safe side. But there are two options you can pursue: 1) Use `cli_command` module interface as described [here](https://www.ansible.com/blog/deep-dive-on-cli-command-for-network-automation?extIdCarryOver=true&sc_cid=701f2000001OH7YAAW) 2) Use available platform [features](https://community.cisco.com/t5/network-security/asa-backup-config-on-change/td-p/3029506) to do the backup. For IOS you can even do this on change, but not for ASA.. – Peter Zhabin May 05 '23 at 19:45
FYI: I was able to use ansible.netcommon.cli_command for the asa's however in my copy I had to use content: "{{ ansible_net_config.stdout | replace('\r\n', '\n') }}" so that the data was not on one-line in my dest. file – dirman May 10 '23 at 14:07

ansible backups for cisco asa devices: ERROR: % Invalid input detected at '^' marker

1 Answers1