#ansible and #python pexpect for unconventional ssh interfaces

Eating some ansible last months. Love the way it works. However, when you need to deal with some appliances using unconventional ssh interfaces. Well, It’s been quite a challenge. Then, I started to create my own python tool for those cases.

The victim is VSC (Nuage Virtualized Services Controller). The secret weapon of Nuage SDN. It’s a pretty nice piece of software encapsulating the famous Alcatel-Lucent SROS. Tried to use of course ansible SROS module. However, I couldn’t make it work. Maybe because VSC is changing some part of the interaction.

pexpect is the answer to your prays

Straigth to the point. I using pexpect Python library. This case, this file will create a TLS profile in VSC for NSGs (Gateways used at branches for a SD-WAN solution). Openflow communications between VSC and NSG will be encrypted. Check the following file.

import pexpect
import time
import sys
import argparse

parser = argparse.ArgumentParser()
parser.add_argument('vsc_host', type=str)
parser.add_argument('vsc_ip', type=str)
parser.add_argument('passwd', type=str)
parser.add_argument('cert_name', type=str)
args =  parser.parse_args()

  child = pexpect.spawn('ssh admin@%s' % args.vsc_ip)
#  child.logfile = sys.stdout  # uncomment to debug
  child.expect ('password:')
  child.sendline (args.passwd)
  child.expect (args.vsc_host)
  child.sendline ('configure system security tls-profile "ex-tls-profile" create')
  child.expect (args.vsc_host)
  child.sendline (r'own-key "cf1:\%s-Key.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline (r'own-certificate "cf1:\%s.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline (r'ca-certificate "cf1:\%s-CA.pem"' % args.cert_name)
  child.expect (args.vsc_host)
  child.sendline ('no shutdown')
  child.expect (args.vsc_host)
  child.sendline ('exit all')
  child.expect (args.vsc_host)
  child.sendline ('configure vswitch-controller open-flow tls-profile "ex-tls-profile"')
  child.expect (args.vsc_host)
  child.sendline ('configure vswitch-controller xmpp tls-profile "ex-tls-profile"')
  child.expect (args.vsc_host)

except Exception as e:
   msg = "Exception is:\n %s \n" % e
   print msg

As you can notice I am using arguments to re-use this file as many times as I want.

Call it from your role tasks

I am storing this python file into “files” folder into the role to call it later from some task. the way that I managing this is shown at follow.

- name: "Create TLS profile at VSC"
  local_action: command python {{playbook_dir}}/roles/util-deploy/files/nuage_tls_profile.py {{ vsc1_fqdn }} {{ vsc1_host }} {{ vsc1_passwd }} {{ vsc1_cert_name }}
  register: output

- name: Verification Result Failure Status
  fail: msg={{ output.stdout }}
  when: output.stdout != "success"

If everything goes well, then the output will be “success”. Otherwise, the task will fail and you will get the output.

What do you need to run this? You can get the required libraries and applications using my Dockerfile. Just check up my last post.

See ya!

One thought on “#ansible and #python pexpect for unconventional ssh interfaces

  1. Hey Mau!
    Here is an example which uses the Ansible SROS module:

    – hosts: vsc01
    gather_facts: no
    connection: local
    username: admin
    password: admin
    – name: Show SROS version
    commands: show version
    provider: “{{ credentials }}”
    register: version

    Have fun with Ansible!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s