In the imperative module "f5networks.f5_modules.bigip_ssl_key_cert", setting the parameter "true_names" to yes or true will result in a generic failure of the module. The error does not appear when set to no or false.
STEPS TO REPRODUCE
Execute the playbook
$ ansible-playbook playbooks/bigip-install-cert-only-playbook.yml
If the playbook is executed with "true_names: false", it will load the certificate/key into the F5 with the default .crt and .key suffix. That is the expected behavior.
If the playbook is executed with "true_names: true", it SHOULD load the certificate/key into the F5 without any extension for crt/key. This does not happen. The playbook fails to complete.
ACTUAL RESULTS
The playbook fails any time true_names is set to "true" or "yes". An example output is shown below.
$ ansible-playbook playbooks/bigip-install-cert-only-playbook.yml -vvvv
ansible-playbook 2.10.17
config file = /Users/username/code/platform.f5-automator/ansible.cfg
configured module search path = ['/Users/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/lib/python3.7/site-packages/ansible
executable location = /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/bin/ansible-playbook
python version = 3.7.9 (v3.7.9:13c94747c7, Aug 15 2020, 01:31:08) [Clang 6.0 (clang-600.0.57)]
Using /Users/username/code/platform.f5-automator/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 as it did not pass its verify_file() method
script declined parsing /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 as it did not pass its verify_file() method
auto declined parsing /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 as it did not pass its verify_file() method
Parsed /Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1 inventory source with ini plugin
Loading collection f5networks.f5_modules from /Users/username/code/platform.f5-automator/collections-galaxy/ansible_collections/f5networks/f5_modules
Loading callback plugin default of type stdout, v2.0 from /Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/lib/python3.7/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: bigip-install-cert-only-playbook.yml **********************************************************************************************************************
Positional arguments: playbooks/bigip-install-cert-only-playbook.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/Users/username/code/platform.f5-automator/inventories/shiplab/shiptst1',)
forks: 5
1 plays in playbooks/bigip-install-cert-only-playbook.yml
PLAY [f5_shiptst1_ext01] ********************************************************************************************************************************************
META: ran handlers
TASK [BigIP-Upload Certificate] *************************************************************************************************************************************
task path: /Users/username/code/platform.f5-automator/playbooks/bigip-install-cert-only-playbook.yml:15
File lookup using /Users/username/Downloads/bugtest.key.pem as file
File lookup using /Users/username/Downloads/bugtest.crt.pem as file
Loading collection ansible.netcommon from /Users/username/code/platform.f5-automator/collections-galaxy/ansible_collections/ansible/netcommon
<10.135.194.20> connection transport is rest
<10.135.194.20> ANSIBLE_NETWORK_IMPORT_MODULES: disabled
<10.135.194.20> ANSIBLE_NETWORK_IMPORT_MODULES: module execution time may be extended
<10.135.194.20> ESTABLISH LOCAL CONNECTION FOR USER: username
<10.135.194.20> EXEC /bin/sh -c 'echo ~username && sleep 0'
<10.135.194.20> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/username/.ansible/tmp `"&& mkdir "` echo /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384 `" && echo ansible-tmp-1690235675.5759869-62076-152668458724384="` echo /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384 `" ) && sleep 0'
<f5_shiptst1_ext01> Attempting python interpreter discovery
<10.135.194.20> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<f5_shiptst1_ext01> Python interpreter discovery fallback (unsupported platform for extended discovery: darwin)
Using module file /Users/username/code/platform.f5-automator/collections-galaxy/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py
<10.135.194.20> PUT /Users/username/.ansible/tmp/ansible-local-62072fbrovbko/tmph3nkrwhm TO /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py
<10.135.194.20> EXEC /bin/sh -c 'chmod u+x /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/ /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py && sleep 0'
<10.135.194.20> EXEC /bin/sh -c '/Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/bin/python3.7 /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py && sleep 0'
<10.135.194.20> EXEC /bin/sh -c 'rm -f -r /Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py", line 102, in <module>
_ansiballz_main()
File "/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_ssl_key_cert', init_globals=None, run_name='__main__', alter_sys=True)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 205, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 96, in _run_module_code
mod_name, mod_spec, pkg_name, script_name)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 822, in <module>
File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 815, in main
File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 410, in exec_module
File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 426, in present
File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 460, in create
File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 656, in create_on_device
File "/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 297, in __exit__
Exception
fatal: [f5_shiptst1_ext01]: FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/Users/username/.local/share/virtualenvs/platform.f5-automator-iM2GzHeM/bin/python3.7"
},
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py\", line 102, in <module>\n _ansiballz_main()\n File \"/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/Users/username/.ansible/tmp/ansible-tmp-1690235675.5759869-62076-152668458724384/AnsiballZ_bigip_ssl_key_cert.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_ssl_key_cert', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 822, in <module>\n File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 815, in main\n File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 410, in exec_module\n File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 426, in present\n File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 460, in create\n File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py\", line 656, in create_on_device\n File \"/var/folders/k_/00c5l5q17nd_rdqmfjmvw10c0000gn/T/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload_rfl_mjws/ansible_f5networks.f5_modules.bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py\", line 297, in __exit__\nException\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
PLAY RECAP **********************************************************************************************************************************************************
f5_shiptst1_ext01 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
COMPONENT NAME
f5networks.f5_modules.bigip_ssl_key_cert
Environment
ANSIBLE VERSION
BIGIP VERSION
CONFIGURATION
ansible.cfg Defaults
OS / ENVIRONMENT
Ansible Client: Mac OS 13.4.1
SUMMARY
In the imperative module "f5networks.f5_modules.bigip_ssl_key_cert", setting the parameter "true_names" to yes or true will result in a generic failure of the module. The error does not appear when set to no or false.
STEPS TO REPRODUCE
Execute the playbook $ ansible-playbook playbooks/bigip-install-cert-only-playbook.yml
The playbook is pasted here for reference:
EXPECTED RESULTS
If the playbook is executed with "true_names: false", it will load the certificate/key into the F5 with the default .crt and .key suffix. That is the expected behavior.
If the playbook is executed with "true_names: true", it SHOULD load the certificate/key into the F5 without any extension for crt/key. This does not happen. The playbook fails to complete.
ACTUAL RESULTS
The playbook fails any time true_names is set to "true" or "yes". An example output is shown below.