ansible and python pexpect for unconventional ssh interfaces

I’ve been working a lot with ansible over the last months.  When you need to deal with some appliances using unconventional ssh interfaces. Well, It’s been quite a challenge. Then, I started to create my own python tool for those cases.

The victim in this opportunity is VSC (Nuage Virtualized Services Controller), that’s a control plane based in SROS. In a few words, it’s like a router that works with some specific commands thru a terminal. It’s a pretty nice piece of software encapsulating the famous Alcatel-Lucent SROS. Tried to use of course ansible SROS module. However, I couldn’t make it work. Maybe because VSC is a different animal to a 7750.

pexpect is the answer to your prays

Straight to the point. I using pexpect Python library. In this case, this file will create a TLS profile in VSC for NSGs (Gateways used at branches for a SD-WAN solution). Check the following file.

#ansible and python pexpect for unconventional ssh interfaces

import pexpect
import time
import sys
import argparse

parser = argparse.ArgumentParser()
parser.add_argument('vsc_host', type=str)
parser.add_argument('vsc_ip', type=str)
parser.add_argument('passwd', type=str)
parser.add_argument('cert_name', type=str)
args =  parser.parse_args()

try:
  child = pexpect.spawn('ssh admin@%s' % args.vsc_ip)
#  child.logfile = sys.stdout  # uncomment to debug
  child.expect ('password:')
  child.sendline (args.passwd)
  child.expect (args.vsc_host)
  child.sendline ('configure system security tls-profile "ex-tls-profile" create')
  child.expect (args.vsc_host)
  child.sendline (r'own-key "cf1:\%s-Key.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline (r'own-certificate "cf1:\%s.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline (r'ca-certificate "cf1:\%s-CA.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline ('no shutdown')
  child.expect (args.vsc_host)
  child.sendline ('exit all')
  child.expect (args.vsc_host)
  child.sendline ('configure vswitch-controller open-flow tls-profile "ex-tls-profile"')
  child.expect (args.vsc_host)
  child.sendline ('configure vswitch-controller xmpp tls-profile "ex-tls-profile"')
  child.expect (args.vsc_host)

except Exception as e:
   msg = "Exception is:\n %s \n" % e
   print msg

As you can notice I am using arguments to re-use this file as many times as I want.

Using it in my ansible playbook

I am storing this python file into “files” folder into the role to call it later from some tasks. the way that I managing this is shown at follow.

- name: "Create TLS profile at VSC"
  local_action: command python {{playbook_dir}}/roles/util-deploy/files/nuage_tls_profile.py {{ vsc1_fqdn }} {{ vsc1_host }} {{ vsc1_passwd }} {{ vsc1_cert_name }}
  register: output

- name: Verification Result Failure Status
  fail: msg={{ output.stdout }}
  when: output.stdout != "success"

If everything goes well, then the output will be “success”. Otherwise, the task will fail and you will get the output.  Well, I hope this post ansible and python pexpect for unconventional ssh interfaces” could be helpful for you.

See ya!

Leave a Reply

Your email address will not be published. Required fields are marked *