Open jalbai opened 2 years ago
@jalbai - Please provide the playbook that is failing to retry this issue.
hi
The playbook is in the main message
@jalbai - I dont see the is_bundle
option.
This is the option in the certificate
On Wed, 9 Mar 2022, 19:38 Trinath Somanchi, @.***> wrote:
@jalbai https://github.com/jalbai - I dont see the is_bundle option.
— Reply to this email directly, view it on GitHub https://github.com/F5Networks/f5-ansible/issues/2184#issuecomment-1063185766, or unsubscribe https://github.com/notifications/unsubscribe-auth/AECPKNPBI6SGLN7YXOTUO2LU7DO3BANCNFSM5QC7EDTQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
I am also having this issue in collection 1.17 with bigip_ssl_certificate
and bigip_ssl_key
Hi, internal ID to track this item is: INFRAANO-983, thanks!
I have tested with the latest devel and i see no issue:
{
"kind": "tm:sys:file:ssl-cert:ssl-certstate",
"name": "test_bundle",
"partition": "Common",
"fullPath": "/Common/test_bundle",
"generation": 2462,
"selfLink": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~test_bundle?ver=16.1.3.3",
"certificateKeyCurveName": "none",
"certificateKeySize": 2048,
"checksum": "SHA1:8134:9fbb071e91ed77960d197fc5714c4adbfd085e96",
"createTime": "2024-02-08T08:58:26Z",
"createdBy": "admin",
"expirationDate": 1738918407,
"expirationString": "Feb 7 08:53:27 2025 GMT",
"fingerprint": "SHA256/90:F0:D6:21:16:1E:47:C5:E7:15:84:EB:93:FB:CD:F0:A1:93:C0:3F:2C:27:82:2F:4B:7C:CE:68:F2:59:1A:34",
"isBundle": "true",
"issuer": "C=US",
"keyType": "rsa-public",
"lastUpdateTime": "2024-02-08T08:58:26Z",
"mode": 33188,
"revision": 1,
"serialNumber": "ed:8b:48:57:c2:68:d2:fc",
"size": 8134,
"subject": "C=US",
"updatedBy": "admin",
"version": 1,
"bundleCertificatesReference": {
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~test_bundle/bundle-certificates?ver=16.1.3.3",
"isSubcollection": true
},
"certValidatorsReference": {
"link": "https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~test_bundle/cert-validators?ver=16.1.3.3",
"isSubcollection": true
}
}
Playbook task:
- name: Delete bundled cert
bigip_ssl_certificate:
state: absent
name: test_bundle
true_names: yes
provider: "{{ provider }}"
Playbook run:
changed: [bigip_16_1] => {
"changed": true,
"invocation": {
"module_args": {
"content": null,
"issuer_cert": null,
"name": "test_bundle",
"partition": "Common",
"provider": {
"auth_provider": null,
"no_f5_teem": true,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "<redacted>",
"server_port": <redacted>,
"timeout": null,
"transport": "rest",
"user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"validate_certs": false
},
"state": "absent",
"true_names": true
}
}
}
PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************************************************
bigip_16_1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Verified in API after playbook run:
{
"code": 404,
"message": "01020036:3: The requested Certificate File (/Common/test_bundle) was not found.",
"errorStack": [],
"apiError": 3
}
COMPONENT NAME
bigip_ssl_certificate
ANSIBLE VERSION
ansible-playbook [core 2.12.1] python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 3.0.3 libyaml = True
BIGIP VERSION
Sys::Version Main Package Product BIG-IP Version 13.1.1.5 Build 0.0.4 Edition Point Release 5 Date Wed Apr 24 21:26:13 PDT 2019
CONFIGURATION
OS / ENVIRONMENT
CentOS Stream release 8
SUMMARY
The module deletes SSL certificates only if they have the option is_bundle : no.
If option is 'is_bundle': 'yes', the certificate is not deleted.
STEPS TO REPRODUCE
PLAY [Start Playbook ] ****
TASK [Delete expired SSL certificates] **** ok: [1.1.1.1 -> localhost]
PLAY RECAP **** 1.1.1.1 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0