search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
376 stars 231 forks source link

bigip_provision module fails to provision the vcmp module #1236

Closed Cajga closed 5 years ago

Cajga commented 5 years ago
ISSUE TYPE
COMPONENT NAME

bigip_provision

ANSIBLE VERSION
[user@host f5]$ ansible --version
ansible 2.8.0.dev0
  config file = /home/user/EL7/local/ansible/f5/ansible.cfg
  configured module search path = [u'/home/user/EL7/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/user/repos/ansible/lib/ansible
  executable location = /home/user/repos/ansible/bin/ansible
  python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
[user@host f5]$
PYTHON VERSION
Python 2.7.5
BIGIP VERSION
[root@localhost:Active:Standalone] config # tmsh show sys version

Sys::Version
Main Package
  Product     BIG-IP
  Version     14.1.0.1
  Build       0.0.7
  Edition     Point Release 1
  Date        Tue Jan 15 19:49:59 PST 2019
CONFIGURATION

$ cat ansible.cfg [defaults] retry_files_enabled = False host_key_checking=False

OS / ENVIRONMENT

RHEL7.6

SUMMARY

I am trying to configure the vCMP host with ansible from scratch. Ansible fails to provision the vcmp module.

STEPS TO REPRODUCE

1) reset the LB config with the reset_config.yaml 2) change the admin user password from the web gui to q1w2e3!@# 3) run the provision_issue.yaml

$ cat reset_config.yaml 
- name: Reproducing problem with bigip_provision
  hosts: load_balancers
  connection: local

  vars:
    provider:
      user: admin
      password: q1w2e3!@#
      server: lbh01.example.com
      validate_certs: no
      server_port: 443

  tasks:
    - name: Reset to base configuration
      bigip_config:
        reset: yes
        provider: "{{ provider }}"

$ cat provision_issue.yaml 
---

- name: Reproducing problem with bigip_provision
  hosts: load_balancers
  connection: local

  vars:
    provider:
      user: admin
      password: q1w2e3!@#
      server: lbh01.example.com
      validate_certs: no
      server_port: 443

  tasks:
    - name: Disable the web setup utility
      bigip_sys_global:
        gui_setup: no
        state: present
        provider: "{{ provider }}"

    - name: Disable LTM module for hypervisors
      bigip_provision:
        module: ltm
        state: absent
        provider: "{{ provider }}"
      when: inventory_hostname in groups['vcmp_hypervisors']

    - name: Provision vCMP module for hypervisors
      bigip_provision:
        module: vcmp
        level: dedicated
        state: present
        provider: "{{ provider }}"
      when: inventory_hostname in groups['vcmp_hypervisors']

# vim: tabstop=2 expandtab
EXPECTED RESULTS

ltm module gets disabled but vcmp module gets provisioned.

ACTUAL RESULTS

Ansible fails to provision the vcmp module.

$ ansible-playbook -i inventory/provision_issue -vvvv provision_issue.yaml 
ansible-playbook 2.8.0.dev0
  config file = /home/user/EL7/local/ansible/f5/ansible.cfg
  configured module search path = [u'/home/user/EL7/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/user/repos/ansible/lib/ansible
  executable location = /home/user/repos/ansible/bin/ansible-playbook
  python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /home/user/EL7/local/ansible/f5/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/user/EL7/local/ansible/f5/inventory/provision_issue as it did not pass it's verify_file() method
script declined parsing /home/user/EL7/local/ansible/f5/inventory/provision_issue as it did not pass it's verify_file() method
auto declined parsing /home/user/EL7/local/ansible/f5/inventory/provision_issue as it did not pass it's verify_file() method
Parsed /home/user/EL7/local/ansible/f5/inventory/provision_issue inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /home/user/repos/ansible/lib/ansible/plugins/callback/default.pyc

PLAYBOOK: provision_issue.yaml ************************************************************************************************************************************************************************************
Positional arguments: provision_issue.yaml
become_method: sudo
inventory: (u'/home/user/EL7/local/ansible/f5/inventory/provision_issue',)
forks: 5
tags: (u'all',)
verbosity: 4
connection: smart
timeout: 10
1 plays in provision_issue.yaml

PLAY [Reproducing problem with bigip_provision] *******************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
task path: /home/user/EL7/local/ansible/f5/provision_issue.yaml:3
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: zachar
<localhost> EXEC /bin/sh -c 'echo ~zachar && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745310.44-77185821759148 `" && echo ansible-tmp-1550745310.44-77185821759148="` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745310.44-77185821759148 `" ) && sleep 0'
Using module file /home/user/repos/ansible/lib/ansible/modules/system/setup.py
<localhost> PUT /home/user/EL7/.ansible/tmp/ansible-local-9000UMMCzw/tmpLee7oj TO /home/user/EL7/.ansible/tmp/ansible-tmp-1550745310.44-77185821759148/AnsiballZ_setup.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/user/EL7/.ansible/tmp/ansible-tmp-1550745310.44-77185821759148/ /home/user/EL7/.ansible/tmp/ansible-tmp-1550745310.44-77185821759148/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /home/user/EL7/.ansible/tmp/ansible-tmp-1550745310.44-77185821759148/AnsiballZ_setup.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/user/EL7/.ansible/tmp/ansible-tmp-1550745310.44-77185821759148/ > /dev/null 2>&1 && sleep 0'
ok: [lbh01.example.com]
META: ran handlers

TASK [Disable the web setup utility] ******************************************************************************************************************************************************************************
task path: /home/user/EL7/local/ansible/f5/provision_issue.yaml:16
<localhost> connection transport is rest
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: zachar
<localhost> EXEC /bin/sh -c 'echo ~zachar && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745313.4-30017831551801 `" && echo ansible-tmp-1550745313.4-30017831551801="` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745313.4-30017831551801 `" ) && sleep 0'
Using module file /home/user/repos/ansible/lib/ansible/modules/network/f5/bigip_sys_global.py
<localhost> PUT /home/user/EL7/.ansible/tmp/ansible-local-9000UMMCzw/tmpE125w2 TO /home/user/EL7/.ansible/tmp/ansible-tmp-1550745313.4-30017831551801/AnsiballZ_bigip_sys_global.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/user/EL7/.ansible/tmp/ansible-tmp-1550745313.4-30017831551801/ /home/user/EL7/.ansible/tmp/ansible-tmp-1550745313.4-30017831551801/AnsiballZ_bigip_sys_global.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /home/user/EL7/.ansible/tmp/ansible-tmp-1550745313.4-30017831551801/AnsiballZ_bigip_sys_global.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/user/EL7/.ansible/tmp/ansible-tmp-1550745313.4-30017831551801/ > /dev/null 2>&1 && sleep 0'
changed: [lbh01.example.com] => {
    "changed": true, 
    "gui_setup": "no", 
    "invocation": {
        "module_args": {
            "auth_provider": null, 
            "banner_text": null, 
            "console_timeout": null, 
            "gui_setup": false, 
            "lcd_display": null, 
            "mgmt_dhcp": null, 
            "net_reboot": null, 
            "password": null, 
            "provider": {
                "auth_provider": null, 
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "proxy_to": null, 
                "server": "lbh01.example.com", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": null, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "quiet_boot": null, 
            "security_banner": null, 
            "server": null, 
            "server_port": null, 
            "state": "present", 
            "transport": null, 
            "user": null, 
            "validate_certs": null
        }
    }
}

TASK [Disable LTM module for hypervisors] *************************************************************************************************************************************************************************
task path: /home/user/EL7/local/ansible/f5/provision_issue.yaml:22
<localhost> connection transport is rest
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: zachar
<localhost> EXEC /bin/sh -c 'echo ~zachar && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745314.79-133745768186395 `" && echo ansible-tmp-1550745314.79-133745768186395="` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745314.79-133745768186395 `" ) && sleep 0'
Using module file /home/user/repos/ansible/lib/ansible/modules/network/f5/bigip_provision.py
<localhost> PUT /home/user/EL7/.ansible/tmp/ansible-local-9000UMMCzw/tmpUWl3Cc TO /home/user/EL7/.ansible/tmp/ansible-tmp-1550745314.79-133745768186395/AnsiballZ_bigip_provision.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/user/EL7/.ansible/tmp/ansible-tmp-1550745314.79-133745768186395/ /home/user/EL7/.ansible/tmp/ansible-tmp-1550745314.79-133745768186395/AnsiballZ_bigip_provision.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /home/user/EL7/.ansible/tmp/ansible-tmp-1550745314.79-133745768186395/AnsiballZ_bigip_provision.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/user/EL7/.ansible/tmp/ansible-tmp-1550745314.79-133745768186395/ > /dev/null 2>&1 && sleep 0'
changed: [lbh01.example.com] => {
    "changed": true, 
    "invocation": {
        "module_args": {
            "auth_provider": null, 
            "level": "nominal", 
            "module": "ltm", 
            "password": null, 
            "provider": {
                "auth_provider": null, 
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "proxy_to": null, 
                "server": "lbh01.example.com", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": null, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "server": null, 
            "server_port": null, 
            "state": "absent", 
            "transport": null, 
            "user": null, 
            "validate_certs": null
        }
    }
}

TASK [Provision vCMP module for hypervisors] **********************************************************************************************************************************************************************
task path: /home/user/EL7/local/ansible/f5/provision_issue.yaml:29
<localhost> connection transport is rest
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: zachar
<localhost> EXEC /bin/sh -c 'echo ~zachar && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842 `" && echo ansible-tmp-1550745467.82-37322629646842="` echo /home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842 `" ) && sleep 0'
Using module file /home/user/repos/ansible/lib/ansible/modules/network/f5/bigip_provision.py
<localhost> PUT /home/user/EL7/.ansible/tmp/ansible-local-9000UMMCzw/tmpF0iZG7 TO /home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/ /home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py", line 114, in <module>
    _ansiballz_main()
  File "/home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py", line 106, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py", line 49, in invoke_module
    imp.load_module('__main__', mod, module, MOD_DESC)
  File "/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py", line 897, in <module>
  File "/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py", line 890, in main
  File "/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py", line 237, in exec_module
  File "/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py", line 249, in present
  File "/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py", line 310, in update
  File "/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py", line 415, in update_on_device
  File "/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py", line 484, in provision_dedicated_on_device
  File "/tmp/ansible_bigip_provision_payload_RraVHL/ansible_bigip_provision_payload.zip/ansible/module_utils/network/f5/icontrol.py", line 283, in __exit__
AttributeError: 'F5RestClient' object has no attribute 'request'

fatal: [lbh01.example.com]: FAILED! => {
    "changed": false, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py\", line 114, in <module>\n    _ansiballz_main()\n  File \"/home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py\", line 106, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/user/EL7/.ansible/tmp/ansible-tmp-1550745467.82-37322629646842/AnsiballZ_bigip_provision.py\", line 49, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py\", line 897, in <module>\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py\", line 890, in main\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py\", line 237, in exec_module\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py\", line 249, in present\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py\", line 310, in update\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py\", line 415, in update_on_device\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/__main__.py\", line 484, in provision_dedicated_on_device\n  File \"/tmp/ansible_bigip_provision_payload_RraVHL/ansible_bigip_provision_payload.zip/ansible/module_utils/network/f5/icontrol.py\", line 283, in __exit__\nAttributeError: 'F5RestClient' object has no attribute 'request'\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", 
    "rc": 1
}

PLAY RECAP ********************************************************************************************************************************************************************************************************
lbh01.example.com          : ok=3    changed=2    unreachable=0    failed=1    skipped=0
wojtek0806 commented 5 years ago

As per https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/filing-issues.html please download the latest ansible galaxy role retest and post results with the role in use.

Once this information is provided we will re-open

Cajga commented 5 years ago

Hi @wojtek0806,

Sry. for not trying it first with the role. Seems, with the role, it works fine. Do you have a rough schedule (in few days/weeks/months) when this will be released to the ansible github repo? Which firmware version would you recommend to use for the F5's in order to get a stable configuration environment with ansible (we are planning to use the "stable f5 modules" from he ansible github repo)?

Thank for the support and for the modules, Balazs

wojtek0806 commented 5 years ago

@Cajga The role is a wrapper for our development code and it is updated daily, so you can use it in the meantime without having to explicitly clone the repository. As far as ansible core development branch is concerned I do upstream the changes into ansible core every 2-3 weeks. For official ansible release to have those changes you need to wait for 2.8 to release in May.

Also closer to 2.8 release I will be marking some modules as stable so when they are merged finally into 2.8 you can be sure the interface will not change much without prior warning.

For the version, in all honesty any long term stability version starting from 12.x is fine, although we have tested all of these modules on 12.x and 13.x, 14.x is on the to do list before 2.8 is released.

One thing to note here that bigip_provision has some issues when APM/ASM/AVR modules are provisioned together, this is down to the fact that these modules take a long time to provision and sometimes platforms like Virtual Editions tend to respond to rest calls too early while the httpd and the entire api is not fully up.

See here: https://github.com/F5Networks/f5-ansible/issues/1105

Cajga commented 5 years ago

@wojtek0806,

Thank you very much for the valuable information. For now we will stick to version 14.1 and the ansible core development branch and do the resource provisioning manually until the module changes appear there.