search

Commvault / ansiblev2

Ansible Collection for Commvault v2
Apache License 2.0
7 stars 6 forks source link

commvault.ansible.deployment.install_software module is failing if option force_https: true isused. #15

Open bhupendersb opened 1 month ago

bhupendersb commented 1 month ago

commvault.ansible.deployment.install_software module is failing if option force_https: true is used. SSL certs are ok and CA signed.

The above task verifies the ssl certs are ok.

Error stack: -

{ "module_stdout": "", "module_stderr": "Traceback (most recent call last):\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 710, in urlopen\n chunked=chunked,\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 386, in _make_request\n self._validate_conn(conn)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 1042, in _validate_conn\n conn.connect()\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connection.py\", line 424, in connect\n tls_in_tls=tls_in_tls,\n File \"/opt/ansible/provisionesxi/lib/python3.6/site-packages/urllib3/util/ssl.py\", line 450, in ssl_wrap_socket\n sock, context, tls_in_tls, server_hostname=server_hostname\n File \"/opt/ansible/provisionesxi/lib/python3.6/site-packages/urllib3/util/ssl.py\", line 493, in _ssl_wrap_socket_impl\n return ssl_context.wrap_socket(sock, server_hostname=server_hostname)\n File \"/usr/lib64/python3.6/ssl.py\", line 365, in wrap_socket\n _context=self, _session=session)\n File \"/usr/lib64/python3.6/ssl.py\", line 810, in init\n self.do_handshake()\n File \"/usr/lib64/python3.6/ssl.py\", line 1070, in do_handshake\n self._sslobj.do_handshake()\n File \"/usr/lib64/python3.6/ssl.py\", line 648, in do_handshake\n self._sslobj.do_handshake()\nssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/adapters.py\", line 450, in send\n timeout=timeout\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 788, in urlopen\n method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/util/retry.py\", line 592, in increment\n raise MaxRetryError(_pool, url, error or ResponseError(cause))\nurllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='XXXXXXXXXX', port=443): Max retries exceeded with url: /webconsole/api/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/modules/deployment/install_software.py\", line 252, in main\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/module_utils/cv_ansible_module.py\", line 101, in init\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/module_utils/cv_ansible_module.py\", line 146, in _login\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/commcell.py\", line 530, in init\n if self._cvpysdk_object._is_valid_service():\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/cvpysdk.py\", line 130, in _is_valid_service\n raise error\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/cvpysdk.py\", line 124, in _is_valid_service\n timeout=184\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/cvpysdk.py\", line 280, in _request\n return requests.request(kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/api.py\", line 61, in request\n return session.request(method=method, url=url, kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/sessions.py\", line 529, in request\n resp = self.send(prep, send_kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/sessions.py\", line 645, in send\n r = adapter.send(request, kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/adapters.py\", line 517, in send\n raise SSLError(e, request=request)\nrequests.exceptions.SSLError: HTTPSConnectionPool(host='XXXXXXXXX', port=443): Max retries exceeded with url: /webconsole/api/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1717751703.9120986-89-8967811766434/AnsiballZ_install_software.py\", line 100, in \n _ansiballz_main()\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1717751703.9120986-89-8967811766434/AnsiballZ_install_software.py\", line 92, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1717751703.9120986-89-8967811766434/AnsiballZ_install_software.py\", line 41, in invoke_module\n run_name='main', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/modules/deployment/install_software.py\", line 331, in \n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/modules/deployment/install_software.py\", line 326, in main\nUnboundLocalError: local variable 'module' referenced before assignment\n", "exception": "Traceback (most recent call last):\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 710, in urlopen\n chunked=chunked,\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 386, in _make_request\n self._validate_conn(conn)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 1042, in _validate_conn\n conn.connect()\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connection.py\", line 424, in connect\n tls_in_tls=tls_in_tls,\n File \"/opt/ansible/provisionesxi/lib/python3.6/site-packages/urllib3/util/ssl.py\", line 450, in ssl_wrap_socket\n sock, context, tls_in_tls, server_hostname=server_hostname\n File \"/opt/ansible/provisionesxi/lib/python3.6/site-packages/urllib3/util/ssl.py\", line 493, in _ssl_wrap_socket_impl\n return ssl_context.wrap_socket(sock, server_hostname=server_hostname)\n File \"/usr/lib64/python3.6/ssl.py\", line 365, in wrap_socket\n _context=self, _session=session)\n File \"/usr/lib64/python3.6/ssl.py\", line 810, in init\n self.do_handshake()\n File \"/usr/lib64/python3.6/ssl.py\", line 1070, in do_handshake\n self._sslobj.do_handshake()\n File \"/usr/lib64/python3.6/ssl.py\", line 648, in do_handshake\n self._sslobj.do_handshake()\nssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/adapters.py\", line 450, in send\n timeout=timeout\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 788, in urlopen\n method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/urllib3/util/retry.py\", line 592, in increment\n raise MaxRetryError(_pool, url, error or ResponseError(cause))\nurllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='XXXXXXXX', port=443): Max retries exceeded with url: /webconsole/api/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/modules/deployment/install_software.py\", line 252, in main\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/module_utils/cv_ansible_module.py\", line 101, in init\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/module_utils/cv_ansible_module.py\", line 146, in _login\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/commcell.py\", line 530, in init\n if self._cvpysdk_object._is_valid_service():\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/cvpysdk.py\", line 130, in _is_valid_service\n raise error\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/cvpysdk.py\", line 124, in _is_valid_service\n timeout=184\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/cvpysdk/cvpysdk.py\", line 280, in _request\n return requests.request(kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/api.py\", line 61, in request\n return session.request(method=method, url=url, kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/sessions.py\", line 529, in request\n resp = self.send(prep, send_kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/sessions.py\", line 645, in send\n r = adapter.send(request, kwargs)\n File \"/opt/ansible/provision_esxi/lib/python3.6/site-packages/requests/adapters.py\", line 517, in send\n raise SSLError(e, request=request)\nrequests.exceptions.SSLError: HTTPSConnectionPool(host='XXXXXXXXX', port=443): Max retries exceeded with url: /webconsole/api/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1717751703.9120986-89-8967811766434/AnsiballZ_install_software.py\", line 100, in \n _ansiballz_main()\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1717751703.9120986-89-8967811766434/AnsiballZ_install_software.py\", line 92, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1717751703.9120986-89-8967811766434/AnsiballZ_install_software.py\", line 41, in invoke_module\n run_name='main', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/modules/deployment/install_software.py\", line 331, in \n File \"/tmp/ansible_commvault.ansible.deployment.install_software_payload_fy2emc3a/ansible_commvault.ansible.deployment.install_software_payload.zip/ansible_collections/commvault/ansible/plugins/modules/deployment/install_software.py\", line 326, in main\nUnboundLocalError: local variable 'module' referenced before assignment\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1, "_ansible_no_log": false, "changed": false }

kevinjojeejoseph commented 4 weeks ago

Hi @bhupendersb We use the requests module's verify_ssl which seems to be failing here saying that the certificate cannot be verified. Furthermore, from SP36+, Commcell forces https and hence this option "force_https" is not valid anymore and has been removed If you are using a self-signed certificate, please provide the certificate_path to the bundle else you can disable SSL verification with the parameter "ssl_verify" Doc Link

bhupendersb commented 3 weeks ago

seems to be working ok when I specify the cert, but it is not taking "ssl_verfy" as a valid option.

error stack: -

fatal: [localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "auth_token": null, "certificate_path": null, "commcell_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "commcell_username": "XXXXXXXXXXXXX", "force_https": true, "session_id": null, "verify_ssl": false, "webserver_hostname": "XXXXXXXXXXXXX", "webserver_password": null, "webserver_username": null } }, "msg": "Unsupported parameters for (commvault.ansible.login) module: verify_ssl. Supported parameters include: force_https, session_id, certificate_path, commcell_username, webserver_password, auth_token, webserver_username, commcell_password, webserver_hostname." }

kevinjojeejoseph commented 3 weeks ago

Hi @bhupendersb Please update your ansible (1.0.0 on ansible-galaxy) and SDK version(11.36) and you will get these options