search

F5Networks / f5-ansible-next

Collection for managing BIG-IP NEXT devices
1 stars 0 forks source link

HTTPAPI requires ansible_user and ansible_password or Authentication error #9

Open VDI-Tech-Guy opened 1 month ago

VDI-Tech-Guy commented 1 month ago
COMPONENT NAME

HTTPAPI

Environment

ANSIBLE VERSION
Using Execution Engine - https://quay.io/repository/f5_business_development/f5_next_ee_test

Image: f5_next_ee_test:latest (primary) (Information about ansible and ansible collections)                                                                                                                                                                       
 0│---
 1│ansible:
 2│  collections:
 3│    details:
 4│      ansible.netcommon: 4.1.0
 5│      ansible.posix: 1.5.4
 6│      ansible.utils: 5.0.0
 7│      cloud.common: 3.0.0
 8│      community.docker: 3.11.0
 9│      community.general: 9.2.0
10│      community.library_inventory_filtering_v1: 1.0.1
11│      community.vmware: 4.5.0
12│      containers.podman: 1.15.4
13│      f5networks.f5_bigip: 3.5.1
14│      f5networks.f5_modules: 1.29.0
15│      f5networks.next: 1.2.0
16│      vmware.vmware_rest: 3.0.1
17│  version:
18│    details: ansible [core 2.15.12]
BIGIP Next VERSION
CM Version - BIG-IP-Next-CentralManager-20.2.1-0.3.25
Instance Version - 20.2.1-2.430.2+0.0.48
SUMMARY

When trying to use BIG-IP Next with HTTPAPI it seems it requirees an inventory ansible_user and ansible_password for it to work correctly, the variables ansible_httpapi_username: "xxxxx" and ansible_httpapi_password: "xxxxxx" do not seem to work at all.

Documentation reflects that this should be possible but in testing doesnt seem like it is.

STEPS TO REPRODUCE
---

- name: BIG-IP Next Automation Join Next Instance to CM
  hosts: next-cm
  connection: httpapi
  gather_facts: true
  vars:
    ansible_httpapi_username: "admin"
    ansible_httpapi_password: '{{ cm_password }}'
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_network_os: f5networks.next.cm

  roles:
    # - roles/General-Roles/pause_5_min.
    - roles/F5-Roles/Next/cm_get_info
    - roles/F5-Roles/Next/cm_next_instance_join

From Git Repo - https://github.com/f5devcentral/f5-bd-ansible-day0-automation

EXPECTED RESULTS

Either Inventory Username and Password provide authentication or within code could utilize ansible_httpapi_username and ansible_httpapi_password would allow authentication to BIG-IP Next/CM code.

ACTUAL RESULTS

If the INVENTORY has ansible_user and ansible_password this will suceede the code, however if there is no inventory ansible_user and ansible_password it will fail even when ansible_httpapi_username and password are defined.

{
  "module_stdout": "",
  "module_stderr": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-local-10t1ds9fcb/ansible-tmp-1726598816.5301614-57-79672816296266/AnsiballZ_cm_device_info.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-local-10t1ds9fcb/ansible-tmp-1726598816.5301614-57-79672816296266/AnsiballZ_cm_device_info.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/root/.ansible/tmp/ansible-local-10t1ds9fcb/ansible-tmp-1726598816.5301614-57-79672816296266/AnsiballZ_cm_device_info.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.f5networks.next.plugins.modules.cm_device_info', init_globals=dict(_module_fqn='ansible_collections.f5networks.next.plugins.modules.cm_device_info', _modlib_path=modlib_path),\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 785, in <module>\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 771, in main\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 677, in exec_module\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 710, in execute_managers\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 350, in exec_module\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 356, in _exec_module\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 365, in read_facts\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 373, in read_collection_from_device\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/module_utils/client.py\", line 21, in wrap\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/module_utils/client.py\", line 44, in get\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible/module_utils/connection.py\", line 200, in __rpc__\nansible.module_utils.connection.ConnectionError: Authentication process failed, server returned: {'status': 401, 'message': 'failed to validate with provided credentials'}\n",
  "exception": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-local-10t1ds9fcb/ansible-tmp-1726598816.5301614-57-79672816296266/AnsiballZ_cm_device_info.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-local-10t1ds9fcb/ansible-tmp-1726598816.5301614-57-79672816296266/AnsiballZ_cm_device_info.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/root/.ansible/tmp/ansible-local-10t1ds9fcb/ansible-tmp-1726598816.5301614-57-79672816296266/AnsiballZ_cm_device_info.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.f5networks.next.plugins.modules.cm_device_info', init_globals=dict(_module_fqn='ansible_collections.f5networks.next.plugins.modules.cm_device_info', _modlib_path=modlib_path),\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 785, in <module>\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 771, in main\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 677, in exec_module\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 710, in execute_managers\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 350, in exec_module\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 356, in _exec_module\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 365, in read_facts\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/modules/cm_device_info.py\", line 373, in read_collection_from_device\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/module_utils/client.py\", line 21, in wrap\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible_collections/f5networks/next/plugins/module_utils/client.py\", line 44, in get\n  File \"/tmp/ansible_f5networks.next.cm_device_info_payload_pw6expxk/ansible_f5networks.next.cm_device_info_payload.zip/ansible/module_utils/connection.py\", line 200, in __rpc__\nansible.module_utils.connection.ConnectionError: Authentication process failed, server returned: {'status': 401, 'message': 'failed to validate with provided credentials'}\n",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
  "rc": 1,
  "_ansible_no_log": false,
  "changed": false
}
urohit011 commented 1 month ago

Hi @VDI-Tech-Guy , I faced no issues when using ansible_httpapi_password, the playbook(my own) ran fine without issues. About the variable ansible_httpapi_user, I don't think it should be used because as per this page the variable for the username should be ansible_user.

I did not find the mention of ansible_httpapi_user in the documentation of f5networks.next, but if you did please let me know, we'll rectify the docs.

VDI-Tech-Guy commented 1 month ago

Is there a reason to why httpapi_user is not used instead of ansible_user? I will double verify this as i think this might be an error on my end

urohit011 commented 1 month ago

It is because the httpapi plugin does not look for httpapi_user to find out the user name, for that purpose it looks for either ansible_user or remote_user, if either of those are provided then it's fine, but if none of those are provided and instead httpapi_user is provided then it'll complain because the variables required are not provided.