PyEZ not taking ssh key in Juniper Ansible docker environment #721
Description
Add ssh key to ssh agent
bash-5.0# ssh-add -l
3072 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (RSA)
bash-5.0# ssh 10.14.248.71 -l hli ssh to Juniper switch was successful
The authenticity of host '10.14.248.71 (10.14.248.71)' can't be established.
ECDSA key fingerprint is SHA256:x4nqYaEyWTG9+rC8YJUpEtFhxM1OYQSlF8Zk2c6zwoQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.14.248.71' (ECDSA) to the list of known hosts.
Last login: Tue Jan 14 04:31:52 2025 from 10.0.1.146
--- JUNOS 23.4R2-S2.1 Kernel 64-bit JNPR-12.1-20240604.39c9257_buil
{master:0}
hli@R301-U42-QFX5120A.bedford> exit
Connection to 10.14.248.71 closed.
Connection was not able to set up by using ssh key
bash-5.0# ansible-playbook -i bedford-switches pb_get_uptime_juniper.yaml -k -vvv
ansible-playbook 2.10.8
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.8/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.5 (default, Jul 20 2020, 23:11:29) [GCC 9.3.0]
No config file found; using defaults
SSH password: ----Input ssh key passphrase here
host_list declined parsing /project/bedford-switches as it did not pass its verify_file() method
auto declined parsing /project/bedford-switches as it did not pass its verify_file() method
Parsed /project/bedford-switches inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: pb_get_uptime_juniper.yaml **********************************************************************************************************************************************************************************
1 plays in pb_get_uptime_juniper.yaml
PLAY [Get device uptime] **********************************************************************************************************************************************************************************************
META: ran handlers
TASK [Get uptime using galaxy module] *********************************************************************************************************************************************************************************
task path: /project/pb_get_uptime_juniper.yaml:23
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
redirecting (type: terminal) ansible.builtin.junos to junipernetworks.junos.junos
redirecting (type: cliconf) ansible.builtin.junos to junipernetworks.junos.junos
<10.14.248.71> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.14.248.71> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-9f8wg6m04"&& mkdir "echo /root/.ansible/tmp/ansible-local-9f8wg6m04/ansible-tmp-1739561522.9656456-16-274647208113212" && echo ansible-tmp-1739561522.9656456-16-274647208113212="echo /root/.ansible/tmp/ansible-local-9f8wg6m04/ansible-tmp-1739561522.9656456-16-274647208113212" ) && sleep 0'
Using module file /root/.ansible/roles/Juniper.junos/library/juniper_junos_command.py
<10.14.248.71> PUT /root/.ansible/tmp/ansible-local-9f8wg6m04/tmp7_ej6zwd TO /root/.ansible/tmp/ansible-local-9f8wg6m04/ansible-tmp-1739561522.9656456-16-274647208113212/AnsiballZ_juniper_junos_command.py
<10.14.248.71> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-9f8wg6m04/ansible-tmp-1739561522.9656456-16-274647208113212/ /root/.ansible/tmp/ansible-local-9f8wg6m04/ansible-tmp-1739561522.9656456-16-274647208113212/AnsiballZ_juniper_junos_command.py && sleep 0'
<10.14.248.71> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-9f8wg6m04/ansible-tmp-1739561522.9656456-16-274647208113212/AnsiballZ_juniper_junos_command.py && sleep 0'
<10.14.248.71> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-9f8wg6m04/ansible-tmp-1739561522.9656456-16-274647208113212/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
File "/tmp/ansible_juniper_junos_command_payload_fnoxa94a/ansible_juniper_junos_command_payload.zip/ansible/module_utils/juniper_junos_common.py", line 1300, in open
self.dev.open()
File "/usr/lib/python3.8/site-packages/jnpr/junos/device.py", line 1366, in open
raise EzErrors.ConnectAuthError(self)
fatal: [R301-U42-5120A.bos13]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"attempts": null,
"baud": null,
"commands": [
"show system uptime"
],
"console": null,
"cs_passwd": null,
"cs_user": null,
"dest": null,
"dest_dir": null,
"formats": null,
"host": "10.14.248.71",
"ignore_warning": null,
"level": null,
"logdir": null,
"logfile": null,
"mode": null,
"passwd": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 830,
"provider": null,
"return_output": true,
"ssh_config": null,
"ssh_private_key_file": "/root/.ssh/id_rsa",
"timeout": 30,
"user": "hli"
}
},
"msg": "Unable to make a PyEZ connection: ConnectAuthError(10.14.248.71)"
}
PLAY RECAP ************************************************************************************************************************************************************************************************************
R301-U42-5120A.bos13 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
It's working when using username/password
bash-5.0# ansible-playbook -i bedford-switches pb_get_uptime_juniper.yaml -k
SSH password: I put password not ssh key passphrase here
PLAY [Get device uptime] **********************************************************************************************************************************************************************************************
TASK [Get uptime using galaxy module] *********************************************************************************************************************************************************************************
ok: [R301-U42-5120A.bos13]
TASK [display uptime] *************************************************************************************************************************************************************************************************
ok: [R301-U42-5120A.bos13] => {
"uptime": {
"changed": false,
"command": "show system uptime",
"failed": false,
"format": "text",
"msg": "The command executed successfully.",
"stdout": "\nlocalre:\n--------------------------------------------------------------------------\nCurrent time: 2025-02-15 03:42:15 UTC\nTime Source: LOCAL CLOCK \nSystem booted: 2024-11-16 06:46:48 UTC (12w6d 20:55 ago)\nProtocols started: 2024-11-16 06:48:23 UTC (12w6d 20:53 ago)\nLast configured: 2025-02-14 23:57:02 UTC (03:45:13 ago) by hli\n 3:42AM up 90 days, 20:55, 1 users, load averages: 0.21, 0.19, 0.21\n",
"stdout_lines": [
"",
"localre:",
"--------------------------------------------------------------------------",
"Current time: 2025-02-15 03:42:15 UTC",
"Time Source: LOCAL CLOCK ",
"System booted: 2024-11-16 06:46:48 UTC (12w6d 20:55 ago)",
"Protocols started: 2024-11-16 06:48:23 UTC (12w6d 20:53 ago)",
"Last configured: 2025-02-14 23:57:02 UTC (03:45:13 ago) by hli",
" 3:42AM up 90 days, 20:55, 1 users, load averages: 0.21, 0.19, 0.21"
]
}
}
PLAY RECAP ************************************************************************************************************************************************************************************************************
R301-U42-5120A.bos13 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Playbook
hli@hli-macbook juniper % cat bedford-switches
[bedford_switches]
R301-U42-5120A.bos13 ansible_hostname=R301-U42-5120A.bos13 ansible_host=10.14.248.71 ansible_user=hli ansible_ssh_private_key_file=/root/.ssh/id_rsa
#R301-U41-5120B.bos13 ansible_hostname=R301-U41-5120B.bos13 ansible_host=10.14.248.73 ansible_user=hli ansible_ssh_private_key_file=/Users/hli/.ssh/id_rsa
Vars
(ansible-venv-juniper) hli@hli-macbook juniper % cat group_vars/all.yaml
ansible_user is not necessary, by default ansible uses the default user on your machine
#ansible_user: 'XXXXXXX'
To use password, not ssh key
ansible_ssh_pass: 'XXXXXXXXXX'
ansible_network_os: 'junos'
ansible_connection: 'network_cli'
#------ Juniper Ansible ssh key not working -----#
ansible_ssh_private_key_file: ~/.ssh/id_rsa
ansible_host_key_checking: false
ansible_python_interpreter: /usr/bin/python3