Closed TyraelTLK closed 1 month ago
@TyraelTLK - I'll try to look into it later today - but that task will only run if you are using provisioning tokens? The conditional should fail if you are not passing in a token:
- name: CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)
crowdstrike.falcon.falconctl:
cid: "{{ options.cid }}"
provisioning_token: "{{ options.provisioning_token }}"
state: present
when:
- falcon_remove_aid
- options.provisioning_token
Can you debug that for me - specifically I'm interested in knowing the output of the following task in the main.yml
task:
- name: Checks if any options are set
ansible.builtin.set_fact:
any_option_set: "{{ true if (options | dict2items | selectattr('value', 'ne', omit) | list | length > 0) else false }}"
TASK [crowdstrike.falcon.falcon_configure : CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)] ***
task path: /runner/requirements_collections/ansible_collections/crowdstrike/falcon/roles/falcon_configure/tasks/configure.yml:58
<> ESTABLISH SSH CONNECTION FOR USER:
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"' '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp `"&& mkdir "` echo /tmp/ansible-tmp-1726070780.3412554-560-143436587451144 `" && echo ansible-tmp-1726070780.3412554-560-143436587451144="` echo /tmp/ansible-tmp-1726070780.3412554-560-143436587451144 `" ) && sleep 0'"'"''
<> (0, b'ansible-tmp-1726070780.3412554-560-143436587451144=/tmp/ansible-tmp-1726070780.3412554-560-143436587451144\\n', b'')
Using module file /runner/requirements_collections/ansible_collections/crowdstrike/falcon/plugins/modules/falconctl.py
<> PUT /runner/.ansible/tmp/ansible-local-17fphrg_a5/tmp8bpzs9za TO /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py
<> SSH: EXEC sshpass -d12 sftp -o BatchMode=no -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"' '[]'
<> (0, b'sftp> put /runner/.ansible/tmp/ansible-local-17fphrg_a5/tmp8bpzs9za /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py\\n', b'')
<> ESTABLISH SSH CONNECTION FOR USER:
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"' '/bin/sh -c '"'"'chmod u+x /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/ /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py && sleep 0'"'"''
<> (0, b'', b'')
<> ESTABLISH SSH CONNECTION FOR USER:
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"' -tt '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=] password:" -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-; VAULT_TOKEN=hvs.VAULT_ADDR=https://vault.keysight.com /usr/bin/python3 /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/AnsiballZ_falconctl.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<> (1, b'\\r\\n\\r\\n{"failed": true, "msg": "ERROR: \\\\"\\\\" is not valid value for checksum CID (CCID)", "invocation": {"module_args": {"cid": "", "state": "present", "provisioning_token": null, "aid": null, "apd": null, "aph": null, "app": null, "trace": null, "feature": null, "message_log": null, "billing": null, "tags": null, "backend": null}}}\\r\\n', b'Shared connection to closed.\\r\\n')
<> Failed to connect to the host via ssh: Shared connection to closed.
<> ESTABLISH SSH CONNECTION FOR USER:
<> SSH: EXEC sshpass -d12 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User=""' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/3ce5c2e3c5"' '/bin/sh -c '"'"'rm -f -r /tmp/ansible-tmp-1726070780.3412554-560-143436587451144/ > /dev/null 2>&1 && sleep 0'"'"''
<> (0, b'', b'')
fatal: []: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"aid": null,
"apd": null,
"aph": null,
"app": null,
"backend": null,
"billing": null,
"cid": "",
"feature": null,
"message_log": null,
"provisioning_token": null,
"state": "present",
"tags": null,
"trace": null
}
},
"msg": "ERROR: \\"\\" is not valid value for checksum CID (CCID)"
}
TASK [crowdstrike.falcon.falcon_configure : Checks if any options are set] *****
task path: /runner/requirements_collections/ansible_collections/crowdstrike/falcon/roles/falcon_configure/tasks/main.yml:14
ok: [] => {
"ansible_facts": {
"any_option_set": true
},
"changed": false
}
Is this ok or do you need anything else?
@TyraelTLK Can you try running against the latest changes in the git repo? Merged in the changes but want to make sure you are good before creating a new release.
Hi, yes I can test it. I was FTO I'll send the result tomorrow
https://github.com/CrowdStrike/ansible_collection_falcon/pull/565 is working fine! Thank you
Hi, my pipeline that test the latest release of this collection started to fail with 4.6.0.
TASK [crowdstrike.falcon.falcon_configure : CrowdStrike Falcon | Master Image Prep | Set Provisioning Token (if applicable)] *** fatal: [ksx-t6-debian12-postinstall.cos.is.keysight.com]: FAILED! => {"changed": false, "msg": "ERROR: \"\" is not valid value for checksum CID (CCID)"}
it is running with these variables:
"falcon_option_set": false, "falcon_remove_aid": true, "falcon_cid": ""
With these pipeline I'm checking just the package installation without activating the hosts. I'm not sure what changes in 4.6.0 caused this and 4.5.2 worked fine.