search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
375 stars 229 forks source link

bigip_device_certificate module failure (Socket Path) #1643

Closed gullanetworkcode closed 4 years ago

gullanetworkcode commented 4 years ago
ISSUE TYPE
COMPONENT NAME

bigip_device_certificate

ANSIBLE VERSION
ansible 2.9.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/paulh/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]
PYTHON VERSION
Python 3.6.9
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     12.1.5
  Build       0.0.6
  Edition     Final
  Date        Fri Aug  2 14:49:14 PDT 2019
CONFIGURATION
OS / ENVIRONMENT
SUMMARY

bigip_device_certificate module fails with error below

STEPS TO REPRODUCE

Example playbook

---

- name: Playbook testing against Galaxy role
  hosts: PLL_F5N_IT_GTMS
  connection: local
  gather_facts: no

  tasks:
    - name: Create a new custom named certificate to replace not expired certificate
      bigip_device_certificate:
        days_valid: 365
        new_cert: yes
        force: yes    
        issuer:
          common_name: pllaplitgtm001.mgmt.cig.local
          division: Infrastructure
          organization: Acme-Corp
          locality: City
          state: State
          country: United Kingdom
          email: it@acmecorp.co.uk
        provider: "{{ f5n_provider }}"
      delegate_to: localhost
EXPECTED RESULTS

Module to create device certificate

ACTUAL RESULTS

Module fails

paulh@paulh-code-workstation:~/tfs/NetworkAutomation/Ansible/Prod$ ansible-playbook -i inv_lv f5_device_cert_test.yml --vault-id @prompt --limit pllaplitgtm001.mgmt.cig.local -vvv
ansible-playbook 2.9.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/paulh/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/dist-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]
Using /etc/ansible/ansible.cfg as config file
Vault password (default): 
host_list declined parsing /home/paulh/tfs/NetworkAutomation/Ansible/Prod/inv_lv as it did not pass its verify_file() method
script declined parsing /home/paulh/tfs/NetworkAutomation/Ansible/Prod/inv_lv as it did not pass its verify_file() method
auto declined parsing /home/paulh/tfs/NetworkAutomation/Ansible/Prod/inv_lv as it did not pass its verify_file() method
Parsed /home/paulh/tfs/NetworkAutomation/Ansible/Prod/inv_lv inventory source with ini plugin

PLAYBOOK: f5_device_cert_test.yml *****************************************************************************************************************************************************
1 plays in f5_device_cert_test.yml

PLAY [Playbook testing against Galaxy role] *******************************************************************************************************************************************
META: ran handlers

TASK [Create a new custom named certificate to replace not expired certificate] *******************************************************************************************************
task path: /home/paulh/tfs/NetworkAutomation/Ansible/Prod/f5_device_cert_test.yml:9
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: paulh
<localhost> EXEC /bin/sh -c 'echo ~paulh && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744 `" && echo ansible-tmp-1581081544.261912-198614953936744="` echo /home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/network/f5/bigip_device_certificate.py
<localhost> PUT /home/paulh/.ansible/tmp/ansible-local-2979dy9ufoyf/tmpe4zw7tg8 TO /home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/ /home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python3 /home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py", line 102, in <module>
    _ansiballz_main()
  File "/home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py", line 40, in invoke_module
    runpy.run_module(mod_name='ansible.modules.network.f5.bigip_device_certificate', init_globals=None, run_name='__main__', alter_sys=True)
  File "/usr/lib/python3.6/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py", line 627, in <module>
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py", line 620, in main
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py", line 420, in exec_module
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py", line 429, in present
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py", line 463, in expired
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py", line 537, in read_current_certificate
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/module_utils/connection.py", line 91, in exec_command
  File "/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/module_utils/connection.py", line 121, in __init__
AssertionError: socket_path must be a value

fatal: [pllaplitgtm001.mgmt.cig.local -> localhost]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/paulh/.ansible/tmp/ansible-tmp-1581081544.261912-198614953936744/AnsiballZ_bigip_device_certificate.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible.modules.network.f5.bigip_device_certificate', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py\", line 627, in <module>\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py\", line 620, in main\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py\", line 420, in exec_module\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py\", line 429, in present\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py\", line 463, in expired\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/modules/network/f5/bigip_device_certificate.py\", line 537, in read_current_certificate\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/module_utils/connection.py\", line 91, in exec_command\n  File \"/tmp/ansible_bigip_device_certificate_payload_p_y89ylq/ansible_bigip_device_certificate_payload.zip/ansible/module_utils/connection.py\", line 121, in __init__\nAssertionError: socket_path must be a value\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

PLAY RECAP ****************************************************************************************************************************************************************************
pllaplitgtm001.mgmt.cig.local : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
wojtek0806 commented 4 years ago

device certificate only uses CLI as transport, which is most likely your issue, check if your provider is set to have CLI as transport and provide valid SHH user/pass to the unit.