Ansible 'expect' module like prompt response

RouterOS Scripting
1

I am trying to automize my routeros appliances.

I am doing it both ways - with SSH and with the SSL API. As I want to do something quickly I will focus on the SSH module first as the API needs to intricate certbot things I don’t want to program atm for all the certs for my AP-s.

But doing it with the routeros_command module via SSH I have stumbled upon an unexpected issue.

After changing settings via /ip/ssh and then wanting to regen the keys with more security. It pops up a prompt, but how do I respond to it?

I found only one link to this via paramiko and python scripting: http://forum.mikrotik.com/t/paramiko-regenerate-ssh-key-python-automation/160068/1

2

Well one workaround was this:

- name: generate new ssh keys
  expect:
    command: 'ssh {{ inventory_hostname }} "{{ routeros_ip_ssh_command }} regenerate-host-key"'
    responses:
      (.*)regenerate current SSH host keys(.*): 'y'
3

Hello,
i am struggling with sth similar. After resetting CHR to defaults any new cli shell prompts “Do you want to see the software license?”. I need to answer N with Ansible. But its not working.


- name: testExpect
  expect:
    command: "sshpass -p {{ ansible_ssh_pass }} ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }}"
    responses:
      '(.*)Do you want to see the software license\? \[Y\/n\]\:': 'n'
    echo: true
    timeout: 10
  delegate_to: localhost
  ignore_errors: true

the result is:

TASK [testExpect] *********************************************************************************************************************************
fatal: [t-Router_v7]: FAILED! => changed=true
  cmd: sshpass -p **** ssh -o StrictHostKeyChecking=no ansible@IP
  delta: '0:00:10.110704'
  end: '2024-03-24 12:00:08.925207'
  msg: non-zero return code
  rc: 255
  start: '2024-03-24 11:59:58.814503'
  stdout: |-
    [9999B[9999BZ  [6n
  stdout_lines: <omitted>
4

I was successfull wiht this, if anyone has the same problem:

- name: Confirm License if needed
  ansible.netcommon.cli_command:
    command: "sshpass -p {{ ansible_ssh_pass }} ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }}"
    prompt: Do you want to see the software license\?
    answer: n
5

Just registered to say: THANKS A LOT! I had the same problem - after a massive upgrade from RouterOS 6.4x to 7.18.1 ansible wouldn’t connect with routers using commmunity.routeros module, just because the “see the software license” question. The issue was solved by running above play before the play based on community.routeros, so the vision of connecting to every device just to click “n” manually luckily vanished :wink: Thanks a lot again.

6

Has anyone had success with any of the above on the more recent mikrotik routers that now immediately prompt to change the password to the device?

I’m trying this playbook with no luck on the stock routerOS 7.16.1 OOTB:

---
- name: first connection
  hosts: router-default
  connection: network_cli

  tasks:
    ansible.netcommon.cli_command:
      command: "sshpass -p {{ ansible_ssh_pass }} ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }}"
      prompt: Do you want to see the software license\?
      answer: n

The command simply times out after the default 30 seconds.

I’ve also tried the following to try and answer the default configuration prompt and give it a very basic ssh password:

---
- name: first connection
  hosts: router-default
  connection: network_cli

  tasks:
    ansible.netcommon.cli_command:
      command: "sshpass -p {{ ansible_ssh_pass }} ssh -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }}"
      check_all: true
      prompt: 
        - Do you want to see the software license\?
        - If you are connected using the above IP
        - new password
        - reset password
      answer: 
        - n
        - n
        - n
        - n