juniper_junos_config does not work with bastion configuration

[btiquet]

Issue Type

- Bug Report

Module Name

juniper_junos_config

Pip Freeze

#pip freeze
ansible==2.8.4
asn1crypto==0.24.0
astroid==1.4.8
backports.functools-lru-cache==1.2.1
backports.shutil-get-terminal-size==1.0.0
bcrypt==3.1.7
certifi==2019.6.16
cffi==1.12.3
chardet==3.0.4
configparser==3.5.0
cryptography==2.7
decorator==4.0.11
enum34==1.1.6
flake8==3.0.4
idna==2.7
ipaddress==1.0.22
ipython==5.4.1
ipython-genutils==0.2.0
isort==4.2.5
Jinja2==2.10.1
junos-eznc==2.2.1
jxmlease==1.0.1
lazy-object-proxy==1.2.2
lxml==4.4.1
MarkupSafe==1.1.1
mccabe==0.5.2
ncclient==0.6.6
netaddr==0.7.19
paramiko==2.6.0
pathlib2==2.3.0
pep8==1.7.0
pexpect==4.2.1
pickleshare==0.7.4
prompt-toolkit==1.0.14
ptyprocess==0.5.2
pycodestyle==2.0.0
pycparser==2.19
pyflakes==1.3.0
Pygments==2.2.0
pylint==1.6.4
PyNaCl==1.3.0
pyserial==3.4
PyYAML==5.1.2
requests==2.20.0
scandir==1.5
scp==0.13.2
selectors2==2.0.1
simplegeneric==0.8.1
six==1.10.0
traitlets==4.3.2
update-service-ip-route-client==0.1.1
urllib3==1.24.3
wcwidth==0.1.7
wrapt==1.10.8
xmltodict==0.12.0

Ansible Roles Version

• Juniper.junos, 2.1.0

OS / Environment

Red Hat Enterprise Linux Server release 7.4 (Maipo)

Junos Version

JUNOS 14.1X53-D45.3

Summary

On my network, the connections to the network and security devices are allowed through a bastion.
The module juniper_junos_config does not established the connection through the bastion. The connection is executed from the local server

Steps to reproduce:

####inventory file

[ all:vars]
ansible_python_interpreter: '~/conda/envs/py2-env/bin/python'
ansible_network_os: 'junos'
ansible_connection: 'netconf'
ansible_netconf_ssh_config: '/home/myuser/.ssh/through_bastion_config'

[qfx]
qfx1

####/.ssh/through_bastion_config file:
Host *
ProxyCommand ssh -W %h:%p bastion.mycompany.xx

####playbook file:
- name: load set config file
hosts:
- all
roles:
- Juniper.junos······
gather_facts: no

vars_prompt:
- name: config_file
prompt: config file
private: no

tasks:
- name: load configuration from files
juniper_junos_config:
lines:
-set system root-authentication encrypted-password "$5$sQvDYTSP$HBBaRItgMXi7rwOEpRYnr.0FPAJvDOqNEuW8wDYQ6H7"

  register: response
 - name: Print response
  debug:
    var: response

Behaviour

When running the playbook, the connection failed because the connection is not allowed from the ansible server.
To illustrate this, allow the connection to the device from the bastion AND the ansible server and then monitor the connection on you device:

qfx1# monitor start /var/log/interactive-commands
myuser@ex1-lab.frun> Sep 4 18:10:46 qfx1 mgd[90525]: UI_AUTH_EVENT: Authenticated user 'myuser' at permission level 'j-admin'
Sep 4 18:10:46 qfx1 mgd[90525]: UI_LOGIN_EVENT: User 'myuser' login, class 'j-admin' [90525], ssh-connection 'bastion_ip 34558 a.b.c.d 830', client-mode 'cli'
Sep 4 18:10:46 qfx1 mgd[90525]: UI_CMDLINE_READ_LINE: User 'myuser', command 'xml-mode netconf need-trailer '
Sep 4 18:10:46 qfx1 mgd[90525]: UI_LOGOUT_EVENT: User 'myuser' logout
Sep 4 18:10:48 qfx1 file[90524]: UI_AUTH_EVENT: Authenticated user 'myuser' at permission level 'j-admin'
Sep 4 18:10:48 qfx1 file[90524]: UI_LOGIN_EVENT: User 'myuser' login, class 'j-admin' [90524], ssh-connection 'bastion_ip 34558 a.b.c.d 830', client-mode 'netconf'
Sep 4 18:10:49 qfx1 mgd[90530]: UI_AUTH_EVENT: Authenticated user 'myuser' at permission level 'j-admin'
Sep 4 18:10:49 qfx1 mgd[90530]: UI_LOGIN_EVENT: User 'myuser' login, class 'j-admin' [90530], ssh-connection 'ansible_server_ip 49488 a.b.c.d 830', client-mode 'cli'
Sep 4 18:10:49 qfx1 mgd[90530]: UI_CMDLINE_READ_LINE: User 'myuser', command 'xml-mode netconf need-trailer '
Sep 4 18:10:49 qfx1 mgd[90530]: UI_LOGOUT_EVENT: User 'myuser' logout
Sep 4 18:10:51 qfx1 file[90529]: UI_AUTH_EVENT: Authenticated user 'myuser' at permission level 'j-admin'
Sep 4 18:10:51 qfx1 file[90529]: UI_LOGIN_EVENT: User 'myuser' login, class 'j-admin' [90529], ssh-connection 'ansible_server_ip 49488 a.b.c.d 830', client-mode 'netconf'
Sep 4 18:10:51 qfx1 file[90529]: UI_NETCONF_CMD: User 'myuser' used NETCONF client to run command 'lock-configuration'
Sep 4 18:10:51 qfx1 file[90529]: UI_NETCONF_CMD: User 'myuser' used NETCONF client to run command 'commit-configuration check'
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT: User 'myuser' requested 'commit' operation (comment: none)
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: start loading commit script changes
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: no commit script changes
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: no transient commit script changes
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished loading commit script changes
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: copying juniper.db to juniper.data+
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished copying juniper.db to juniper.data+
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: exporting juniper.conf
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding interface-ranges
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding interface-ranges
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding groups
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding groups
Sep 4 18:10:51 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: setup foreign files
Sep 4 18:10:52 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: update license counters
Sep 4 18:10:52 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finish license counters
Sep 4 18:10:52 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: propagating foreign files
Sep 4 18:10:52 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: complete foreign files
Sep 4 18:10:52 qfx1 file[90529]: UI_CHILD_START: Starting child '/usr/sbin/ffp'
Sep 4 18:10:52 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90534, status 0
Sep 4 18:10:52 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90534, status 0
Sep 4 18:10:52 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: daemons checking new configuration
Sep 4 18:10:52 qfx1 file[90529]: UI_CHILD_START: Starting child '/usr/sbin/ffp'
Sep 4 18:10:52 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90543, status 0
Sep 4 18:10:52 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90543, status 0
Sep 4 18:10:52 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Alarm control process', pid 1348, signal 30, status 0 with notification errors enabled
Sep 4 18:10:52 qfx1 file[90529]: UI_NETCONF_CMD: User 'myuser' used NETCONF client to run command 'get-configuration compare="rollback" rollback="0" format="text"'
Sep 4 18:10:53 qfx1 file[90529]: UI_NETCONF_CMD: User 'myuser' used NETCONF client to run command 'commit-configuration'
Sep 4 18:10:53 qfx1 file[90529]: UI_COMMIT: User 'myuser' requested 'commit' operation (comment: none)
Sep 4 18:10:53 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: updating commit revision
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: start loading commit script changes
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: no commit script changes
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: no transient commit script changes
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished loading commit script changes
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: copying juniper.db to juniper.data+
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished copying juniper.db to juniper.data+
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: exporting juniper.conf
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding interface-ranges
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding interface-ranges
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: expanding groups
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finished expanding groups
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: setup foreign files
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: update license counters
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finish license counters
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: propagating foreign files
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: complete foreign files
Sep 4 18:10:54 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: dropping unchanged foreign files
Sep 4 18:10:54 qfx1 file[90529]: UI_CHILD_START: Starting child '/usr/sbin/ffp'
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90549, status 0
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90549, status 0
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: daemons checking new configuration
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_START: Starting child '/usr/sbin/ffp'
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90558, status 0
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90558, status 0
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: commit wrapup...
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: start ffp activate
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_START: Starting child '/usr/sbin/ffp'
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90559, status 0
Sep 4 18:10:55 qfx1 file[90529]: UI_CHILD_STATUS: Cleanup child '/usr/sbin/ffp', PID 90559, status 0
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/etc/pam.conf'
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/etc/pam_radius.conf'
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/etc/pam_tacplus.conf'
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/etc/issue'
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/etc/certs'
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: executing foreign_commands
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: not executing ui_commit in rc.ui
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: finish ffp activate
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: copying configuration to juniper.save
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: db_check_constraint_ids_clear start
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: db_check_constraint_ids_clear done
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: db_groups_info_clear start
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: db_groups_info_clear done
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/run/db/juniper.data'
Sep 4 18:10:55 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: Rotate backup configs
Sep 4 18:10:56 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Simple Network Management Protocol process', pid 1353, signal 31, status 0 with notification errors enabled
Sep 4 18:10:56 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying daemons of new configuration
Sep 4 18:10:56 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: commit complete
Sep 4 18:10:56 qfx1 file[90529]: UI_COMMIT_COMPLETED: commit complete
Sep 4 18:10:56 qfx1 file[90529]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Alarm control process', pid 1348, signal 30, status 0 with notification errors enabled
Sep 4 18:10:56 qfx1 file[90529]: UI_NETCONF_CMD: User 'myuser' used NETCONF client to run command 'unlock-configuration'
Sep 4 18:10:56 qfx1 file[90529]: UI_NETCONF_CMD: User 'myuser' used NETCONF client to run command 'close-session'
Sep 4 18:10:56 qfx1 file[90529]: UI_LOGOUT_EVENT: User 'myuser' logout
Sep 4 18:10:57 qfx1 file[90524]: UI_NETCONF_CMD: User 'myuser' used NETCONF client to run command 'close-session'
Sep 4 18:10:57 qfx1 file[90524]: UI_LOGOUT_EVENT: User 'myuser' logout

[rsmekala]

@btiquet This requires an enhancement directly in PyEZ. In the above-described case, PyEZ is not reading the ssh config file to its entirety, i.e the ProxyCommand part is never read.

There is already an issue in PyEZ tracking this Juniper/py-junos-eznc#920, Juniper/py-junos-eznc#648