search

CiscoDevNet / FMCAnsible

GNU General Public License v3.0
20 stars 24 forks source link

Host Object Creation Issue #41

Closed kozhabergenova closed 1 year ago

kozhabergenova commented 1 year ago

Ansible Version

ansible [core 2.14.4] python version = 3.10.9

FMC Version

Version 7.2.2 (build 54) Secure Firewall Management Center for VMware

Affected Object

/api/fmc_config/v1/domain/{domainUUID}/object/hosts

Ansible Playbook - Sample for Host Creation

  connection: httpapi
  tasks:
    - name: Get Domain UUID
      tags:
        - host_creation
      cisco.fmcansible.fmc_configuration:
        operation: getAllDomain
        register_as: domain

    - name: Create a host object 
      tags: 
        - host_creation
      cisco.fmcansible.fmc_configuration:
        operation: createMultipleHostObject
        data:
          name: ansible_host_obj
          value: 10.10.20.10
          type: Host
        path_params:
          domainUUID: '{{ domain[0].uuid }}'

Debug Output

TASK [Create a host object] **************************************************************************************************************************************************************************************************************************************
task path: /Users/zhanerke/devnet/ansible-fmc-poc/host_creation.yaml:11
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<fmc_fqdn> ESTABLISH LOCAL CONNECTION FOR USER: ansible_sa
<fmc_fqdn> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf `"&& mkdir "` echo /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/ansible-tmp-1683735796.7440178-41725-51794418235061 `" && echo ansible-tmp-1683735796.7440178-41725-51794418235061="` echo /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/ansible-tmp-1683735796.7440178-41725-51794418235061 `" ) && sleep 0'
Using module file /Users/zhanerke/.ansible/collections/ansible_collections/cisco/fmcansible/plugins/modules/fmc_configuration.py
<fmc_fqdn> PUT /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/tmpfozedxx4 TO /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/ansible-tmp-1683735796.7440178-41725-51794418235061/AnsiballZ_fmc_configuration.py
<fmc_fqdn> EXEC /bin/sh -c 'chmod u+x /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/ansible-tmp-1683735796.7440178-41725-51794418235061/ /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/ansible-tmp-1683735796.7440178-41725-51794418235061/AnsiballZ_fmc_configuration.py && sleep 0'
<fmc_fqdn> EXEC /bin/sh -c '/usr/local/opt/python@3.10/bin/python3.10 /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/ansible-tmp-1683735796.7440178-41725-51794418235061/AnsiballZ_fmc_configuration.py && sleep 0'
<fmc_fqdn> EXEC /bin/sh -c 'rm -f -r /Users/zhanerke/.ansible/tmp/ansible-local-416059vd7wynf/ansible-tmp-1683735796.7440178-41725-51794418235061/ > /dev/null 2>&1 && sleep 0'
changed: [fmc_fqdn] => {
    "ansible_facts": {},
    "changed": true,
    "invocation": {
        "module_args": {
            "data": {
                "name": "ansible_host_obj",
                "type": "Host",
                "value": "10.10.20.10"
            },
            "filters": null,
            "operation": "createMultipleHostObject",
            "path_params": {
                "domainUUID": "m249jutb-e0k8-33e3-7698-6d9ed49b635m"
            },
            "query_params": null,
            "register_as": null
        }
    },
    "response": {
        "code": 429,
        "description": "The server is refusing to service the request because the user has sent too many requests in a given amount of time (\"rate limiting\")",
        "homeRef": "/",
        "reasonPhrase": "Too Many Requests",
        "uri": "http://tools.ietf.org/html/rfc6585#section-4"
    }
}

PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************
fmc_fqdn         : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

I encountered a problem while creating a host object using the FMC's module. Despite running the playbook with the -vvvv flag and attempting to capture logs from the FMC's side, I was unable to obtain any information. Additionally, I tried using the Terraform provider to gain insight into the requests being made, but unfortunately, it did not provide any helpful details.

P.S. We don't have any problems with host creation via Terraform or the GUI

205101-retr0 commented 1 year ago

Are you running this as a part of a bigger playbook or a main playbook, because according to the error msg you are getting rate limited. In that case, just putting in some timeout in between tasks will fix it.

If you are running this individually and facing this issue. then I'm lost and I would have to look into it. The connectivity with the FMC doesn't seem like an issue given that the domain id is registered. One thing you could try with CreateMultiple is add:

- name: Create a host object
      cisco.fmcansible.fmc_configuration:
        operation: createMultipleHostObject
        data:
          - name: ansible_host_obj
            value: 10.10.20.10
            type: Host
        path_params:
          domainUUID: '{{ domain[0].uuid }}'
        query_params:   ### Addition
          bulk: true          ### Addition

Bulk is a parameter for passing more than one object, it shouldn't be an issue generally but it might be interfering with normal operation in this case. in case that doesn't work, could you try this and tell me if it works (just to isolate the problem)

- name: Create a Host Object
      cisco.fmcansible.fmc_configuration:
        operation: upsertHostObject
        data:
          name: testObj
          value: 192.168.2.1
          type: host
        path_params:
          domainUUID: '{{ domain[0].uuid }}'
kozhabergenova commented 1 year ago

I used the host creation task as part of a larger playbook. However, to address the issue, I created a separate playbook. You can reproduce the issue by copying the task mentioned above(Create a host object ) if you have a working FMC with a version of 7.0.0 or higher.

I attempted to add the bulk parameter as you suggested, but it also did not work. The error message received was: "msg": "Server returned an error trying to execute createMultipleHostObject operation. Status code: 400. Server response: Invalid query parameter for the GETALL operation."

205101-retr0 commented 1 year ago

I booted up a 7.2.2-54 thinking that could be the problem. But for me, your script ran fine. and bulk parameter also didn't cause any issue, even was able to create multiple host objects.

If terraform code is running is fine then there is no problem with installation as well. It suggests no potential mishaps with the API. I'm trying stuff out but it might take some time to pin point the cause.

In the meantime, it also might be a problem with your ansible setup. Could you try out the same code with a different ansible install and check?

kozhabergenova commented 1 year ago

I ran the playbook inside a Docker container with Fedora and faced the same issue. Could you please share the output of your Ansible playbook and provide the version of Ansible Core/Python installed in your system?

205101-retr0 commented 1 year ago 
ansible --version
ansible [core 2.14.4]
  ansible python module location = /opt/homebrew/lib/python3.11/site-packages/ansible
  executable location = /opt/homebrew/bin/ansible
  python version = 3.11.3 (main, Apr  7 2023, 20:13:31) [Clang 14.0.0 (clang-1400.0.29.202)] (/opt/homebrew/opt/python@3.11/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True

ansible output:

ansible-playbook -i inventory/hosts.ini issue.yml

PLAY [vfmc] ************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************
ok: [3.16.105.62]

TASK [Get Domain UUID] *************************************************************************************************************************
ok: [3.16.105.62]

TASK [Create a host object] ********************************************************************************************************************
changed: [3.16.105.62]

PLAY RECAP *************************************************************************************************************************************
3.16.105.62                : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

I can see the python version isn't the latest one. can u upgrade that and try again?

kozhabergenova commented 1 year ago

Same output with:

ansible [core 2.14.4]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.3 (main, Apr  5 2023, 00:00:00) [GCC 13.0.1 20230401 (Red Hat 13.0.1-0)] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

JIC:

changed: [fmc_fqdn] => {
    "ansible_facts": {},
    "changed": true,
    "invocation": {
        "module_args": {
            "data": {
                "name": "ansible_host_obj",
                "type": "Host",
                "value": "10.10.20.10"
            },
            "filters": null,
            "operation": "createMultipleHostObject",
            "path_params": {
                "domainUUID": "m249jutb-e0k8-33e3-7698-6d9ed49b635m"
            },
            "query_params": null,
            "register_as": null
        }
    },
    "response": {
        "code": 429,
        "description": "The server is refusing to service the request because the user has sent too many requests in a given amount of time (\"rate limiting\")",
        "homeRef": "/",
        "reasonPhrase": "Too Many Requests",
        "uri": "http://tools.ietf.org/html/rfc6585#section-4"
    }
}

PLAY RECAP *********************************************************************************************************************************************
fmc_fqdn         : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
kgreeshm commented 1 year ago

Hi,

I tried reproducing the error but couldn't. I'm using the fedora container with the same versions of Ansible, python and fmcv in VMware as you and using the same script that you posted above and it is working absolutely fine. I don't see any error.

Screenshot 2023-07-24 at 4 05 40 PM

Make sure your proxy in the lab is not the reason for the error. If you are still facing errors please upload the container that you are using. I will take a look into it.

Thanks Greeshma

kozhabergenova commented 1 year ago

I updated the FMC to Version 7.2.4 (build 169), which resolved the issue. Thanks!

kgreeshm commented 1 year ago

Hi,

Good to know that your problem was solved. Before closing the issue just wanted to clear that the host object creation on fmcv 7.2.2 on vmware is working absolutely fine using ansible.

Closing this issue for now, Feel free to reopen it if anyone faces the same issue again. Happy to help :)

Thanks Greeshma