Using Ansible to delete old usernames across entire company network devices

Question

Created below test yml file against test switches to nail down configs, error below. I defined provider in last task with no luck as well

---
  - hosts: aus2-mdf-testswitches
  gather_facts: no
  connection: local

  tasks:
  - name: OBTAIN LOGIN CREDENTIALS
    include_vars: secret.yml

  - name: DEFINE PROVIDER
    set_fact:
      provider:
        host: "{{ inventory_hostname }}"
        username: "{{ creds['username'] }}"
        password: "{{ creds['password'] }}"
        auth_pass: "{{ creds['auth_pass'] }}"

  - name: Delete users with aggregate
    ios_user:
     aggregate:
       - name: chase
     state: absent

Error that was presented. Please keep in mind that I am new with ansible and this problem might be super easy for this group but I appreciate any help. FYI, reading from https://docs.ansible.com/ansible/2.4/ios_user_module.html

[ansible@dc1netansible automation]$ ansible-playbook -i inventories/prod/hosts playbooks/deleteUsername.yml

PLAY [aus2-mdf-testswitches] ********************************************************************************************************************************************

TASK [OBTAIN LOGIN CREDENTIALS] *****************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]

TASK [DEFINE PROVIDER] **************************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]

TASK [Delete users with aggregate] **************************************************************************************************************************************
fatal: [aus2-mdf-testsw1]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
fatal: [aus2-mdf-testsw2]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
        to retry, use: --limit @/home/ansible/automation/playbooks/deleteUsername.retry

PLAY RECAP **************************************************************************************************************************************************************
aus2-mdf-testsw1           : ok=2    changed=0    unreachable=0    failed=1   
aus2-mdf-testsw2           : ok=2    changed=0    unreachable=0    failed=1

****updated error with new yml config****

  ---
- hosts: aus2-mdf-testswitches
  gather_facts: no
  connection: local

  tasks:
  - name: OBTAIN LOGIN CREDENTIALS
    include_vars: secret.yml

  - name: DEFINE PROVIDER
    set_fact:
      provider:
        host: "{{ inventory_hostname }}"
        username: "{{ creds['username'] }}"
        password: "{{ creds['password'] }}"
        auth_pass: "{{ creds['auth_pass'] }}"

  - name: Delete users with aggregate
    ios_user:
      users:
        - name: chase
      authorize: yes
      provider: "{{ provider }}"
      state: absent
    register: result 


[ansible@dc1netansible automation]$ ansible-playbook -i inventories/prod/hosts playbooks/deleteUsername.yml

PLAY [aus2-mdf-testswitches] ********************************************************************************************************************************************

TASK [OBTAIN LOGIN CREDENTIALS] *****************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]

TASK [DEFINE PROVIDER] **************************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]

TASK [Delete users with aggregate] **************************************************************************************************************************************
fatal: [aus2-mdf-testsw1]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
fatal: [aus2-mdf-testsw2]: FAILED! => {"changed": false, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}
        to retry, use: --limit @/home/ansible/automation/playbooks/deleteUsername.retry

PLAY RECAP **************************************************************************************************************************************************************
aus2-mdf-testsw1           : ok=2    changed=0    unreachable=0    failed=1   
aus2-mdf-testsw2           : ok=2    changed=0    unreachable=0    failed=1

Could be my IOS version is too old, as I am using 12x train on a Cisco switch. Ansible mentions this is tested on the 15x train.

****last update****

PLAY [aus2-mdf-testswitches] ********************************************************************************************************************************************

TASK [OBTAIN LOGIN CREDENTIALS] *****************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]

TASK [DEFINE PROVIDER] **************************************************************************************************************************************************
ok: [aus2-mdf-testsw1]
ok: [aus2-mdf-testsw2]

TASK [Delete users with aggregate] **************************************************************************************************************************************
fatal: [aus2-mdf-testsw2]: FAILED! => {"changed": false, "msg": "unable to retrieve current config", "stderr": "show running-config | section username\r\n                                       ^\r\n% Invalid input detected at '^' marker.\r\n\r\naus2-mdf-testsw2#", "stderr_lines": ["show running-config | section username", "                                       ^", "% Invalid input detected at '^' marker.", "", "aus2-mdf-testsw2#"]}
fatal: [aus2-mdf-testsw1]: FAILED! => {"changed": false, "msg": "unable to retrieve current config", "stderr": "show running-config | section username\r\n                                       ^\r\n% Invalid input detected at '^' marker.\r\n\r\naus2-mdf-testsw1#", "stderr_lines": ["show running-config | section username", "                                       ^", "% Invalid input detected at '^' marker.", "", "aus2-mdf-testsw1#"]}
        to retry, use: --limit @/home/ansible/automation/playbooks/deleteUsername.retry

Configs listed here do not work on the IOS I have on my Cisco switch.

I will preface this by saying I am not familiar with this module. Looking through the docs however, a couple of things stick out. 1) Your first attempt (aggregate) looks right. The second attempt appears wrong, so go back to the 1st. 2) according to the docs, auth_pass does nothing, unless you also specify 'authorize: yes', so it until you do, it will not be entering into privileged mode. This still may not resolve your issue - if not, please check the logs on the device to see if they give any clues around login problems. Also let us know the versions of Ansible & IOS. — clockworknet, Dec 13 '18 at 20:55
Are you sure that your file is a valid yaml? Some indentation look off (e.g aggregate chunk below `ios_user:`) . — AHT, Dec 14 '18 at 09:13
Yes, I tried to run the commands that ansible listed and they are for newer versions...The version of IOS I have is just too old — Chase Mitchell, Dec 14 '18 at 15:46

Using Ansible to delete old usernames across entire company network devices

0 Answers0