search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
375 stars 229 forks source link

Module bigip_ssl_key_cert Fails When Using true_names = true #2346

Closed garygleckner closed 8 months ago

garygleckner commented 1 year ago
COMPONENT NAME

f5networks.f5_modules.bigip_ssl_key_cert

Environment

ANSIBLE VERSION
ansible 2.10.17
  config file = /Users/username/code/platform.f5-automator/ansible.cfg
  configured module search path = ['/Users/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/lib/python3.7/site-packages/ansible
  executable location = /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/bin/ansible
  python version = 3.7.9 (v3.7.9:13c94747c7, Aug 15 2020, 01:31:08) [Clang 6.0 (clang-600.0.57)]
BIGIP VERSION
F5: Sys::Version
Main Package
  Product     BIG-IP
  Version     15.1.8.2
  Build       0.0.17
  Edition     Point Release 2
  Date        Thu Mar 16 03:44:11 PDT 2023
CONFIGURATION

ansible.cfg Defaults

[defaults]
host_key_checking = False
roles_path = roles-galaxy:roles
collections_paths = collections-galaxy:collections
interpreter_python=auto_silent
OS / ENVIRONMENT

Ansible Client: Mac OS 13.4.1

SUMMARY

In the imperative module "f5networks.f5_modules.bigip_ssl_key_cert", setting the parameter "true_names" to yes or true will result in a generic failure of the module. The error does not appear when set to no or false.

STEPS TO REPRODUCE

Execute the playbook $ ansible-playbook playbooks/bigip-install-cert-only-playbook.yml

The playbook is pasted here for reference:

---
# ansible-playbook  playbooks/bigip-install-cert-only-playbook.yml
#
- hosts: f5_shiptst1_ext01
  gather_facts: false
  vars:
    provider:
      server: "{{ ansible_host }}"
      server_port: 443
      user: admin
      password: passwordGoesHere
      validate_certs: no
      timeout: 20
  tasks:
    - name: BigIP-Upload Certificate
      f5networks.f5_modules.bigip_ssl_key_cert:
        key_content: "{{ lookup('file', '/Users/username/Downloads/bugtest.key.pem') }}"
        key_name: "bugtest"
        cert_content: "{{ lookup('file', '/Users/username/Downloads/bugtest.crt.pem') }}"
        cert_name: "bugtest"
        state: present
        true_names: true
        provider: "{{ provider }}"
        partition: "Common"
EXPECTED RESULTS

If the playbook is executed with "true_names: false", it will load the certificate/key into the F5 with the default .crt and .key suffix. That is the expected behavior.

If the playbook is executed with "true_names: true", it SHOULD load the certificate/key into the F5 without any extension for crt/key. This does not happen. The playbook fails to complete.

ACTUAL RESULTS

The playbook fails any time true_names is set to "true" or "yes". An example output is shown below.

$ ansible-playbook  playbooks/bigip-install-cert-only-playbook.yml -vvvv
ansible-playbook 2.10.17
  config file = /Users/username/code/platform.f5-automator/ansible.cfg
  configured module search path = ['/Users/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/lib/python3.7/site-packages/ansible
  executable location = /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/bin/ansible-playbook
  python version = 3.7.9 (v3.7.9:13c94747c7, Aug 15 2020, 01:31:08) [Clang 6.0 (clang-600.0.57)]
Using /Users/username/code/platform.f5-automator/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 as it did not pass its verify_file() method
script declined parsing /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 as it did not pass its verify_file() method
auto declined parsing /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 as it did not pass its verify_file() method
Parsed /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 inventory source with ini plugin
Loading collection f5networks.f5_modules from /Users/username/code/platform.f5-automator/collections-galaxy/ansible_collections/f5networks/f5_modules
Loading callback plugin default of type stdout, v2.0 from /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/lib/python3.7/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: bigip-install-cert-only-playbook.yml **********************************************************************************************************************
Positional arguments: playbooks/bigip-install-cert-only-playbook.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1',)
forks: 5
1 plays in playbooks/bigip-install-cert-only-playbook.yml

PLAY [f5_shiptst1_ext01] ********************************************************************************************************************************************
META: ran handlers

TASK [BigIP-Upload Certificate] *************************************************************************************************************************************
task path: /Users/username/code/platform.f5-automator/playbooks/bigip-install-cert-only-playbook.yml:15
File lookup using /Users/username/Downloads/bugtest.key.pem as file
File lookup using /Users/username/Downloads/bugtest.crt.pem as file
Loading collection ansible.netcommon from /Users/username/code/platform.f5-automator/collections-galaxy/ansible_collections/ansible/netcommon
<10.135.194.20> connection transport is rest
<10.135.194.20> ANSIBLE_NETWORK_IMPORT_MODULES: disabled
<10.135.194.20> ANSIBLE_NETWORK_IMPORT_MODULES: module execution time may be extended
<10.135.194.20> ESTABLISH LOCAL CONNECTION FOR USER: username
<10.135.194.20> EXEC /bin/sh -c 'echo ~username && sleep 0'
<10.135.194.20> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/username/.ansible/tmp `"&& mkdir "` echo /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384 `" && echo ansible-tmp-1690235675.5759869-62076-152668458724384="` echo /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384 `" ) && sleep 0'
<f5_shiptst1_ext01> Attempting python interpreter discovery
<10.135.194.20> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<f5_shiptst1_ext01> Python interpreter discovery fallback (unsupported platform for extended discovery: darwin)
Using module file /Users/username/code/platform.f5-automator/collections-galaxy/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py
<10.135.194.20> PUT /Users/username/.ansible/tmp/ansible-local-62072fbrovbko/tmph3nkrwhm TO /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py
<10.135.194.20> EXEC /bin/sh -c 'chmod u+x /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/ /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py && sleep 0'
<10.135.194.20> EXEC /bin/sh -c '/Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/bin/python3.7 /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py && sleep 0'
<10.135.194.20> EXEC /bin/sh -c 'rm -f -r /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py", line 102, in <module>
    _ansiballz_main()
  File "/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py", line 40, in invoke_module
    runpy.run_module(mod_name='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_ssl_key_cert', init_globals=None, run_name='__main__', alter_sys=True)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 822, in <module>
  File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 815, in main
  File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 410, in exec_module
  File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 426, in present
  File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 460, in create
  File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 656, in create_on_device
  File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 297, in __exit__
Exception
fatal: [f5_shiptst1_ext01]: FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/bin/python3.7"
    },
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_ssl_key_cert', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 822, in <module>\n  File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 815, in main\n  File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 410, in exec_module\n  File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 426, in present\n  File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 460, in create\n  File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 656, in create_on_device\n  File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py\", line 297, in __exit__\nException\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

PLAY RECAP **********************************************************************************************************************************************************
f5_shiptst1_ext01          : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
pgouband commented 1 year ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1264.

wojtek0806 commented 8 months ago

Fixed with: https://github.com/F5Networks/f5-ansible/pull/2354