Token Timeout Reached

[boomsfib]

I've got a playbook that synchronizes network objects from our IPAM database server (NetBox) into FMC and either updates the existing object or creates it if it does not exist. However during the tasks, I'm hitting the 30 minute timeout mark for the access token:

'Server returned an error trying to execute upsertNetworkObject operation. Status code: 401. Server response: Access token invalid.'

Is there anyway around this? Should the module recognize this error and perform a token refresh?

Thanks

[205101-retr0]

Thank you for bringing this issue to our attention. I would appreciate it if you could provide the code snippet that is causing the error. I have attempted to reproduce the issue on three different versions of FMC, but have not had any success yet. It's possible that a specific parameter being passed may be causing the problem.

If the issue has already been resolved, please let me know via a comment here. However, if the issue persists, could you please share the code block so that I can take a closer look?

Thank you.

[boomsfib]

Hello,

Issue is still occurring. We are running FMC version 7.2.2. I'm running ansible-core 2.12.6 in a python3.8.10 virtual environment and fmcansible version 0.9.0. Below is my playbook. Super simple, uses netbox.netbox.nb_lookup to query prefixes filtering for all that are assigned to vlan vid 69 with a status of active or reserved. I then loop through this list using key parts to update or create a network object in FMC. At 30 minutes exactly, the task starts to fail with access token invalid. There's about 77 objects and it seems to take roughly 1 minute for an object to get checked and then updated or created.

---
- name: FMC Ansible Test
  hosts: vmfc
  connection: httpapi
  gather_facts: no
  vars_files:
    - ~/projects/ansible/secret.yml

  tasks:
    - name: Gather Wifi Management Network Prefixes from Netbox
      set_fact:
        wifimgmt_prefixes: "{{ query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_vid=69 status=active status=reserved', api_endpoint=netbox.netbox_url, token=netbox.netbox_token, validate_certs=False) }}"
      delegate_to: localhost

    - name: Get Domain UUID from FMC
      cisco.fmcansible.fmc_configuration:
        operation: getAllDomain
        register_as: domain

    - name: Create Network Objects
      cisco.fmcansible.fmc_configuration:
        operation: upsertNetworkObject
        data:
          name: "{{ item.value.site.name }}_Wifi_Mgmt"
          value: "{{ item.value.prefix }}"
          type: Network
          description: "{{ item.value.description }}"
        path_params:
          domainUUID: '{{ domain[0].uuid }}'
      loop: "{{ wifimgmt_prefixes }}"

[205101-retr0]

I shall be honest I wasn't able to get the exact error msg as you are getting, but during my testing I did find that using loop for making these requests is not that great. Because it's making individual requests, FMC starts rate limiting at the 30th request. In my case, the request goes through but the object isn't created. Maybe in this case, it fails to go through in the first place, hence the error (just a speculation, not sure)

But here, try using createMultipleNetworkObject operation.

Note This creates all objects at once essentially. Downside to this is you have to delete all network objects that are already created as this is not a upsert operation.

- name: Include object lists from file
include_vars:
file: list.yml

• name: Get Domain UUID from FMC cisco.fmcansible.fmc_configuration: operation: getAllDomain register_as: domain

• name: make 150 network objects cisco.fmcansible.fmc_configuration: operation: createMultipleNetworkObject data: "{{ object_lists }}" query_params: bulk: true path_params: domainUUID: '{{ domain[0].uuid }}' register_as: debug_hist

  where the list.yml is:

  object_lists:

  • name: site1 value: 10.16.1.0/24 description: "Site 1 network"
  • name: site2 value: 10.16.2.0/24 description: "Site 2 network"
  • name: site3 value: 10.16.3.0/24 description: "Site 3 network" ...

    
    the bulk parameter is required here when you want all objects to be made at once.

Let us know if this worked for you. and in case it doesn't work, I'd like a favor. could you add these lines and share the output, if it's not much trouble.

- name: Create Network Objects
      cisco.fmcansible.fmc_configuration:
        operation: upsertNetworkObject
        data:
          name: "{{ item.value.site.name }}_Wifi_Mgmt"
          value: "{{ item.value.prefix }}"
          type: Network
          description: "{{ item.value.description }}"
        path_params:
          domainUUID: '{{ domain[0].uuid }}'
        register_as: dbug ####
      ignore_errors: yes ####
      loop: "{{ wifimgmt_prefixes }}"
####
- name: debug
  debug:
    var: dbug

[boomsfib]

Yeah, once I saw how long it was taking for the loop to create a single object I started looking for another method. It was creating the objects, but once I hit that 30 minute mark, like clockwork, the token expired and I got the token invalid error for all remaining objects in the list.

I've been trying the createMutlipleNetworkObject operation and it does work. But as you pointed out, it only works if I delete any objects that exist already in FMC that may be in my list. I'm working on sorting that out.

I did however hit the issue that trevoramaco reported about the HTTPS Request Timeout when using this operation. The objects did get created, but the task failed with the read operation timeout error. Just like him, if I edit the timeout value in the _send_request of the client.py file, the task succeeds.

[205101-retr0]

ok glad to know that it worked. As far as the https timeout is concerned, don't worry about it. The PR review for that is in the works, so it shouldn't be long before it's totally fixed.

[jeroenwittock]

Closing this, fix will go into version 1.0, planned to be released this month.