ansible and python pexpect for unconventional ssh interfaces

I’ve been working a lot with ansible over the last months. When you need to deal with some appliances using unconventional ssh interfaces. Well, It’s been quite a challenge. Then, I started to create my own python tool for those cases.

The victim in this opportunity is VSC (Nuage Virtualized Services Controller), that’s a control plane based in SROS. In a few words, it’s like a router that works with some specific commands thru a terminal. It’s a pretty nice piece of software encapsulating the famous Alcatel-Lucent SROS. Tried to use of course ansible SROS module. However, I couldn’t make it work. Maybe because VSC is a different animal to a 7750.

pexpect is the answer to your prays

Straight to the point. I using pexpect Python library. In this case, this file will create a TLS profile in VSC for NSGs (Gateways used at branches for a SD-WAN solution). Check the following file.

#ansible and python pexpect for unconventional ssh interfaces

import pexpect
import time
import sys
import argparse

parser = argparse.ArgumentParser()
parser.add_argument('vsc_host', type=str)
parser.add_argument('vsc_ip', type=str)
parser.add_argument('passwd', type=str)
parser.add_argument('cert_name', type=str)
args =  parser.parse_args()

try:
  child = pexpect.spawn('ssh admin@%s' % args.vsc_ip)
#  child.logfile = sys.stdout  # uncomment to debug
  child.expect ('password:')
  child.sendline (args.passwd)
  child.expect (args.vsc_host)
  child.sendline ('configure system security tls-profile "ex-tls-profile" create')
  child.expect (args.vsc_host)
  child.sendline (r'own-key "cf1:\%s-Key.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline (r'own-certificate "cf1:\%s.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline (r'ca-certificate "cf1:\%s-CA.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline ('no shutdown')
  child.expect (args.vsc_host)
  child.sendline ('exit all')
  child.expect (args.vsc_host)
  child.sendline ('configure vswitch-controller open-flow tls-profile "ex-tls-profile"')
  child.expect (args.vsc_host)
  child.sendline ('configure vswitch-controller xmpp tls-profile "ex-tls-profile"')
  child.expect (args.vsc_host)

except Exception as e:
   msg = "Exception is:\n %s \n" % e
   print msg

As you can notice I am using arguments to re-use this file as many times as I want.

Using it in my ansible playbook

I am storing this python file into “files” folder into the role to call it later from some tasks. the way that I managing this is shown at follow.

- name: "Create TLS profile at VSC"
  local_action: command python {{playbook_dir}}/roles/util-deploy/files/nuage_tls_profile.py {{ vsc1_fqdn }} {{ vsc1_host }} {{ vsc1_passwd }} {{ vsc1_cert_name }}
  register: output

- name: Verification Result Failure Status
  fail: msg={{ output.stdout }}
  when: output.stdout != "success"

If everything goes well, then the output will be “success”. Otherwise, the task will fail and you will get the output. Well, I hope this post ansible and python pexpect for unconventional ssh interfaces” could be helpful for you.

See ya!

ansible and python pexpect for unconventional ssh interfaces

pexpect is the answer to your prays

Using it in my ansible playbook

Leave a Reply Cancel reply

Related Post

Turn off auto indent when pasting code into vimTurn off auto indent when pasting code into vim

Script for TLS SRL and GNMI certificates, non-interactiveScript for TLS SRL and GNMI certificates, non-interactive

Install GNMI client in Centos or Red Hat LinuxInstall GNMI client in Centos or Red Hat Linux