Calling Netscaler CLI commands from Ansible

Question

I'm trying to use the "cli_command" module from Ansible to configure Netscaler appliances. For 2 of them, running version "12.0 - build 60.9.nc" a simple task like this works perfectly :

- name: call NS CLI
  cli_command:
    command: show nsconf
  register: cs_vserver
  delegate_to: netscaler_dmz

Changing, the "delegate_to" to an appliance running version "NS11.1: Build 56.19.nc", I get the error :

The full traceback is: WARNING: The below traceback may not be related to the actual failure. File "/tmp/ansible_cli_command_payload_4w503v/ansible_cli_command_payload.zip/ansible/modules/network/cli/cli_command.py", line 167, in main File "/tmp/ansible_cli_command_payload_4w503v/ansible_cli_command_payload.zip/ansible/module_utils/connection.py", line 185, in rpc raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code) fatal: [localhost -> 172.26.58.112]: FAILED! => { "changed": false, "invocation": { "module_args": { "answer": null, "check_all": false, "command": "show nsconf", "newline": true, "prompt": null, "sendonly": false } }, "msg": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide." }

Authentication uses RSA keys for all 3 devices, logs show welcome banner and connection is fine (manual connection using ssh works fine too), but soon after above error occurs. Strangely, Netscaler is not listed in the list of availiable network platforms (https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html#settings-by-platform) but using parameters as follow work fine on the two others Netscalers (inventory file) :

all:
  hosts:
    localhost:
      ansible_connection: local
    netscaler_dmz_int: <= OK
      ansible_host: 192.168.XXX.XXX
      ansible_connection: network_cli
      ansible_network_os: ios
      ansible_user: nsroot
    netscaler_dmz_prod: <= OK
      ansible_host: 192.168.XXX.XXX
      ansible_connection: network_cli
      ansible_network_os: ios
      ansible_user: nsroot
    netscaler_dc: <= KO
      ansible_host: 172.26.XXX.XXX
      ansible_connection: network_cli
      ansible_network_os: ios
      ansible_user: nsroot

Upgrading firmware is not feasible in the short terms. Does the problem come from the older version ? Is there a more adequate parameters to make it woorks on all 3 devices ? Thanks.

To be complete, authentication uses RSA keys for all 3 devices. — nihilist, Dec 30 '20 at 13:20
Please do not add necessary info to possibly answer your question in volatile comments: [edit your question](https://stackoverflow.com/posts/65507587/edit) instead. — Zeitounator, Dec 30 '20 at 18:09

score 1 · Answer 1 · answered Aug 06 '21 at 14:44

Problem solved thanks to 2 collegues : the fact that the prompt of the Citrix device, once connected, was only showing ">" instead of a more complexe one like "user_device_name>" was causing the paramiko module to wait indefinitly ending with a timeout.

Before :

The cli_command result :

2021-08-06 10:37:07,728 p=4783 u=xxxxx n=p=4783 u=xxxxx | paramiko [xxx.xx.xx.xxx] | Authentication (publickey) successful!
2021-08-06 10:37:34,487 p=4646 u=xxxxx n=ansible | persistent connection idle timeout triggered, timeout value is 30 secs.

It's possible to change this prompt for the specific user used for connection, "nsroot" here :

After :

The connection was sucessful afterward.

Calling Netscaler CLI commands from Ansible

1 Answers1