asa_config issue

[fwissue]

ISSUE TYPE

• Bug Report

COMPONENT NAME

asa_config

ANSIBLE VERSION

[root@1be66e998fd3 module_utils]# ansible --version
ansible 2.4.0
  config file =
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]

CONFIGURATION

n/a

OS / ENVIRONMENT

ASA 9.4(3)
also enable following on ASA, so user can be in enable mode after login.

SUMMARY

run asa_config with error

STEPS TO REPRODUCE

ansible-playbook -i labhost fwobject.yaml -vvvv

- name: Cisco ASA access-list config
  connection: local
  hosts: testfw
  gather_facts: false
  vars:
    cli:
      username: "xxx"
      password: "xxx"
      host: "10.0.203.251"
      authorize: no
      transport: cli

  tasks:
    - name: create object group
      asa_config:
        lines:
          - network-object host 10.1.0.1
          - network-object host 10.1.0.2
          - network-object host 10.1.0.3
        parents: ['object-group network dummy-group']
        provider: "{{ cli }}"

EXPECTED RESULTS

ACTUAL RESULTS

[root@1be66e998fd3 work]# ansible-playbook -i labhost fwobject.yaml -vvvv
ansible-playbook 2.4.0
config file =
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
No config file found; using defaults
setting up inventory plugins
Parsed /work/labhost inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/init.pyc

PLAYBOOK: fwobject.yaml *********************************************************************************************************************
1 plays in fwobject.yaml

PLAY [Cisco ASA access-list config] *********************************************************************************************************
META: ran handlers

TASK [create object group] ******************************************************************************************************************
task path: /work/fwobject.yaml:14
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/basic.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/asa.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/network.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/netcfg.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/_text.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/pycompat24.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/six/init.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/six/_six.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/shell.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/netcli.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/network_common.py
Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/asa/asa_config.py
<10.0.203.251> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.0.203.251> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.0.203.251> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-tmp-1496437577.05-213904690690345" && echo ansible-tmp-1496437577.05-213904690690345="echo /root/.ansible/tmp/ansible-tmp-1496437577.05-213904690690345" ) && sleep 0'
<10.0.203.251> PUT /tmp/tmpzHofGc TO /root/.ansible/tmp/ansible-tmp-1496437577.05-213904690690345/asa_config.py
<10.0.203.251> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1496437577.05-213904690690345/ /root/.ansible/tmp/ansible-tmp-1496437577.05-213904690690345/asa_config.py && sleep 0'
<10.0.203.251> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1496437577.05-213904690690345/asa_config.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1496437577.05-213904690690345/" > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 349, in
main()
File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 341, in main
run(module, result)
File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 271, in run
config = get_config(module)
File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 251, in get_config
contents = module.config.get_config(include=include)
File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/network.py", line 98, in get_config
File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/asa.py", line 107, in get_config
File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/shell.py", line 284, in
File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/shell.py", line 274, in execute
File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/shell.py", line 263, in to_command
TypeError: init() takes exactly 3 arguments (2 given)

fatal: [10.0.203.251]: FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "Traceback (most recent call last):\n File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 349, in \n main()\n File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 341, in main\n run(module, result)\n File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 271, in run\n config = get_config(module)\n File "/tmp/ansible_xPseWY/ansible_module_asa_config.py", line 251, in get_config\n contents = module.config.get_config(include=include)\n File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/network.py", line 98, in get_config\n File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/asa.py", line 107, in get_config\n File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/shell.py", line 284, in \n File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/shell.py", line 274, in execute\n File "/tmp/ansible_xPseWY/ansible_modlib.zip/ansible/module_utils/shell.py", line 263, in to_command\nTypeError: init() takes exactly 3 arguments (2 given)\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
}
to retry, use: --limit @/work/fwobject.retry

PLAY RECAP **********************************************************************************************************************************
10.0.203.251 : ok=0 changed=0 unreachable=0 failed=1

[ansibot]

cc @gundalow @ogenstad
click here for bot help

[Akasurde]

These lines seems to be culprit. ComplexDict requires module as second parameter.

[BobbyGR]

Hit the same issue, seems asa_config is dead in the water

[jmcgill298]

issue starts with this function line contents = module.config.get_config(include=include):

def get_config(module):
    contents = module.params['config']
    if not contents:
        if module.params['defaults']:
            include = 'defaults'
        elif module.params['passwords']:
            include = 'passwords'
        else:
            include = None
        contents = module.config.get_config(include=include)
    return NetworkConfig(indent=1, contents=contents)

I believe that eventually uses asa.py Cli(CliBase) return self.run_commands(cmd)[0]

    def get_config(self, include=None):
        if include not in [None, 'defaults', 'passwords']:
            raise ValueError('include must be one of None, defaults, passwords')
        cmd = 'show running-config'
        if include == 'passwords':
            cmd = 'more system:running-config'
        elif include == 'defaults':
            cmd = 'show running-config all'
        else:
            cmd = 'show running-config'
        return self.run_commands(cmd)[0]

CliBase.run_commands calls CliBase.execute

    def run_commands(self, x):
        return self.execute(to_list(x)

CliBase.execute call CliBase.to_command item = self.to_command(item):

    def execute(self, commands):
        try:
            responses = list()
            for item in to_list(commands):
                item = self.to_command(item)
                rc, out, err = self.shell.send(item)
                if rc != 0:
                    raise ShellError(err)
                responses.append(out)
            return responses
        except ShellError:
            exc = get_exception()
            raise NetworkError(to_native(exc))

CliBase.to_command instantiates a ComplexDict if the "obj" arg is not of classtype "Command" transform = ComplexDict(dict:

    def to_command(self, obj):
        if isinstance(obj, Command):
            cmdobj = dict()
            cmdobj['command'] = obj.command
            cmdobj['response'] = obj.response
            cmdobj['prompt'] = [p.pattern for p in to_list(obj.prompt)]
            return cmdobj

        elif not isinstance(obj, dict):
            transform = ComplexDict(dict(
                command=dict(key=True),
                prompt=dict(),
                answer=dict(),
                sendonly=dict(default=False)
            ))
            return transform(obj)

        else:
            return obj

The ComplexDict class requires the AnsibleModule instance to be passed when instantiated, but per above string of code, module is not being passed around, and probably would break other code that uses these methods:

class ComplexDict(object):
    def __init__(self, attrs, module):
        self._attributes = attrs
        self._module = module

[jmcgill298]

@ogenstad @gundalow hope the above helps

[ogenstad]

I've submitted PR #25680 which would solve parts of this. However I think it would be best to have some discussion and a plan for the shared module_utils and perhaps a coordinated effort to try to avoid these types of things in the future.

The PR won't solve all of the config issues but will make sure the base feature work. It should be cleaned up after the discussion and perhaps changed altogether (so that the module var doesn't have to be passed around everywhere)

[ansibot]

cc @privateip
click here for bot help

[ogenstad]

This should be solved now in the devel branch since:
ansible 2.4.0 (devel 21dbde0abe) last updated 2017/08/11

[calfonso]

@fwissue please test this and confirm it's fixed, thanks!

needs_info

[calfonso]

I'll assume this is fixed. Closing the issue, but if you still see the issue let us know!