bigip_device_info is not working when ICMP to the device is not allowed

mkyrc commented 2 years ago

COMPONENT NAME

f5networks.f5_bigip.bigip_device_info

Environment

ANSIBLE VERSION

ansible [core 2.12.7]
  config file = /home/horol/DEV/mvsr/mvdc-ansible/ansible.cfg
  configured module search path = ['/home/horol/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/horol/.local/lib/python3.8/site-packages/ansible
  ansible collection location = /home/horol/.ansible/collections/ansible_collections:/usr/share/ansible/collections
  executable location = /home/horol/.local/bin/ansible
  python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True

BIGIP VERSION

Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.3
  Build       0.0.12
  Edition     Final
  Date        Tue Jun  7 19:57:05 PDT 2022

CONFIGURATION

OS / ENVIRONMENT

Ubuntu 20.04.4 LTS

SUMMARY

Getting device info (f5networks.f5_bigip.bigip_device_info) finish with message:

TASK [> 01: Getting device facts] **********************************************
fatal: [dcb_bigip_aci_01]: FAILED! => {"changed": false, "module_stderr": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide.", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}
fatal: [dcb_bigip_aci_02]: FAILED! => {"changed": false, "module_stderr": "command timeout triggered, timeout value is 30 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide.", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}

We tested this on several hosts running ansible. Here is the result:

ansible host has allowed icmp and https to bigip device: getting device info is running
ansible host has https to bigip device, but icmp not (ping): getting device info is NOT running

STEPS TO REPRODUCE

    - name: "> 01: Getting device facts"
      f5networks.f5_bigip.bigip_device_info:
        gather_subset:
          - devices        
      # delegate_to: localhost
      # no_log: true
      register: device_facts
      tags: always

when ICMP to device is enabled, above task is working correctly, but when ICMP is disallowed, we get timeout and no response from bigip device.

EXPECTED RESULTS

It is nice to have result from bigip when icmp to the device is not allowed (only https connection is allowed). In some environments is ICMP disabled, but HTTPS is allowed for REST connections.

ACTUAL RESULTS

urohit011 commented 2 years ago

Hi @mkyrc , I tried reproducing this issue but in my case the module doesn't time out and I getting the desired output. I used echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all, to disable ICMP on my bigip host and verified that it's disabled by issuing a ping. Could you please tell me how you disable the ICMP so I could imitate it and try reproducing the issue.

KrithikaChidambaram commented 1 year ago

Hi, closing this request now. Please re-open if required or send an email to automation_ecosystem@f5.com. Thanks!

F5Networks / f5-ansible-bigip