Closed jdteis7 closed 1 month ago
Hi @jdteis7,
Apologies but I am not really understanding the issue as you are explaining in combination with your versions provided. The latest release of the ACI collection is on 2.9.0 which was released last month, but you mention 3.x versions.
Could you please provide the following information:
Furthermore is you issue only there when running aci_aaa_user_certificate
task, from looking at the code I would suspect this would be on every task?
I apologize that was a typo. The version that works is 2.6 and the versions that do not are 2.7, 2.8, and 2.9 .
The python version I'm running on the server with the Ansible playbooks is 3.9.18, The Ansible version is 2.15.5, but I believe this is a problem on the APIC. I see log messages referencing Python version 2.7 which is not installed on the server with the playbooks. It is installed on the APIC though. The stack trace shows an ssh connection opened to the APIC and I believe the ACI.PY script is trying to run python commands on the APIC for this certificate module. I attached the stack trace.
When the playbook used for a APIC with 5.2.(4e) I see this is the log "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python"
When it is used for an APIC running 6.0. I see this
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/**python3"**
Other modules I've tested like aaaUserRole, aaaUserDomain, and aaaUser worked, but I noticed they do not open an ssh connection to the APIC like the cert module does.
This is the section that fails in the versions 2.7, 2.8, 2.9 ACI.PY file. It's lines 364 - 367
if self.params.get("port") is not None:
self.base_url = "{protocol}://{host}:{port}".format_map(self.params)
else:
self.base_url = "{protocol}://{host}".format_map(self.params)
This is what 2.6 looked like
if self.params.get("port") is not None:
url = "%(protocol)s://%(host)s:%(port)s/api/aaaLogin.json" % self.params
else:
url = "%(protocol)s://%(host)s/api/aaaLogin.json" % self.params
I don't think format_map is supported in Python 2.7 and since this appears to be run on the APIC, I have no way to change which version it defaults to.
Is there a difference in the ansible_connection settings for these tasks? Are they all set to local, or delegated to localhost?
Could you share these two tasks and your inventory / ansible connection settings?
Thanks! That was the problem. I didn't notice delegate to local host was missing
Community Note
Description
In ACI collections versions 2.7, 2.8, and 2.9 the module aaa_user_certificate does not work correctly with an APIC running version 5.2.(4e). It does work correctly with an APIC running version 6.
The playbook gets this error on an APIC running 5.2.(4e)
'str' object has no attribute 'format_map'
This playbook works correctly with ACI collection version 2.6. The file generating the error is
ansible_collections/cisco/aci/plugins/module_utils/aci.py
This file was changed to use the string attribute format_map in collection 2.7. The APICĀ running version 5.2.(4e) has Python 2.7.17 as the default version and has Python 3.7.6 also installed. The APIC running version 6.0.(4c) has Python 2.7.18 as default and Python 3.8.10 also installed. ACI collection version 2.6 works without problems but does not use the format_map attribute.
The full traceback.txt
Playbook info
Affected Module Name(s):
APIC version and APIC Platform
Collection versions
Output/ Error message
*
Expected Behavior
* Certificate should have been added for a user account.
Actual Behavior
* Certificate was not added
Playbook tasks to Reproduce
*
Important Factoids
References
0000