search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
375 stars 229 forks source link

bigip_command tries to connect to inventory_hostname #2375

Open rh-iwalker opened 10 months ago

rh-iwalker commented 10 months ago
COMPONENT NAME

bigip_command

Environment

ANSIBLE VERSION
ansible-playbook [core 2.15.5]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.9.16 (main, May 31 2023, 12:21:58) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/usr/bin/python3.9)
  jinja version = 3.1.2
  libyaml = True
BIGIP VERSION

N/A

CONFIGURATION

N/A

OS / ENVIRONMENT

Collections:

# /runner/collections/ansible_collections
Collection                  Version
--------------------------- -------
ansible.netcommon           5.2.0
ansible.utils               2.11.0
f5networks.f5_modules       1.27.0

# /usr/share/ansible/collections/ansible_collections
Collection                  Version
--------------------------- -------
amazon.aws                  6.4.0
ansible.controller          4.4.2
ansible.netcommon           5.1.1
ansible.network             2.0.0
ansible.posix               1.5.4
ansible.scm                 1.0.7
ansible.security            1.1.0
ansible.snmp                1.0.1
ansible.utils               2.9.0
ansible.windows             1.14.0
ansible.yang                1.0.0
arista.eos                  6.0.1
cisco.asa                   4.0.1
cisco.ios                   4.6.1
cisco.iosxr                 5.0.2
cisco.nxos                  4.3.0
cloud.common                2.1.2
cloud.terraform             1.1.1
frr.frr                     2.0.2
ibm.qradar                  2.1.0
junipernetworks.junos       5.1.0
kubernetes.core             2.4.0
microsoft.ad                1.1.0
openvswitch.openvswitch     2.1.1
redhat.amq_broker           1.3.0
redhat.eap                  1.3.1
redhat.insights             1.0.7
redhat.openshift            2.3.0
redhat.redhat_csp_download  1.2.2
redhat.rhel_idm             1.10.0
redhat.rhel_system_roles    1.21.1
redhat.rhv                  2.4.2
redhat.runtimes_common      1.0.2
redhat.sap_install          1.2.1
redhat.satellite            3.10.0
redhat.satellite_operations 1.3.0
redhat.sso                  1.2.1
sap.sap_operations          1.0.4
servicenow.itsm             2.1.0
splunk.es                   2.1.0
trendmicro.deepsec          2.0.0
vmware.vmware_rest          2.3.1
vyos.vyos                   4.0.2
SUMMARY

As of Ansible Core 2.15, the BIG-IP modules seem to try to connect to inventory_hostname, instead of what is defined in provider.

Running bigip_command with Ansible 2.15 and the cli transport results in a Name or service not known error when run with paramiko. With libssh, ssh connection failed: ssh connect failed: Failed to resolve hostname inventory_hostname (Name or service not known) error occurs.

Running the same playbook with Ansible 2.14 works OK.

Seems to be related to #2348 (Ansible 2.13 with libssh), which suggested setting $ANSIBLE_NETWORK_CLI_SSH_TYPE=paramiko, but that does not seem to work anymore.

The issue seems to be caused by paramiko connection now uses the correct source of data, a change to Ansible 2.15 which makes the paramiko connection plugin behave more like the libssh plugin.

STEPS TO REPRODUCE

Playbook:

---
- name: Test
  hosts: all
  gather_facts: false
  vars:
    provider:
     server: 127.0.0.1
     user: root
     password: secret
     validate_certs: no
     transport: cli
     server_port: 22
  tasks:
    - name: test
      bigip_command:
        commands:
          - show sys version
        provider: "{{ provider }}"

Run playbook with ansible-playbook -i localhost, -vvvvv playbook.yaml.

EXPECTED RESULTS

Ansible connects to the host defined in provider and runs the commands.

ACTUAL RESULTS

Ansible tries to connect to inventory_hostname which results in the following error when run with paramiko:

The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/ansible/executor/task_executor.py", line 165, in run
    res = self._execute()
  File "/usr/lib/python3.9/site-packages/ansible/executor/task_executor.py", line 660, in _execute
    result = self._handler.run(task_vars=vars_copy)
  File "/runner/collections/ansible_collections/f5networks/f5_modules/plugins/action/bigip.py", line 90, in run
    out = conn.get_prompt()
  File "/usr/lib/python3.9/site-packages/ansible/module_utils/connection.py", line 200, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
ansible.module_utils.connection.ConnectionError: [Errno -2] Name or service not known
fatal: [localhost]: FAILED! => {
    "msg": "Unexpected failure during module execution: [Errno -2] Name or service not known",
    "stdout": ""
}

You get the following error when run with libssh:

The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/ansible/executor/task_executor.py", line 165, in run
    res = self._execute()
  File "/usr/lib/python3.9/site-packages/ansible/executor/task_executor.py", line 660, in _execute
    result = self._handler.run(task_vars=vars_copy)
  File "/runner/collections/ansible_collections/f5networks/f5_modules/plugins/action/bigip.py", line 90, in run
    out = conn.get_prompt()
  File "/usr/lib/python3.9/site-packages/ansible/module_utils/connection.py", line 200, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
ansible.module_utils.connection.ConnectionError: ssh connection failed: ssh connect failed: Failed to resolve hostname inventory_hostname (Name or service not known)
fatal: [localhost]: FAILED! => {
    "msg": "Unexpected failure during module execution: ssh connection failed: ssh connect failed: Failed to resolve hostname inventory_hostname (Name or service not known)",
    "stdout": ""
}
pgouband commented 10 months ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1377.

jbollineni commented 5 months ago

Hi @pgouband Could you share if this bug is considered for a fix and when the fix will be available. Thank you.

pgouband commented 5 months ago

Hi @jbollineni,

This bug is in our backlog but it's not a priority. I don't have ETA.

pgouband commented 3 months ago

Hi,

This issue is under development.

urohit011 commented 3 months ago

Hello, I have raised an issue on ansible.netcommon, once that issue is fixed then I'll be able to make changes on our side to fix this issue.

Issue raised on ansible.netcommon: https://github.com/ansible-collections/ansible.netcommon/issues/641

dafmendo commented 2 weeks ago

@pgouband I am documenting what we have been checking via mail, it's my understanding that the issue is driven due to the connection plugin used, and the playbooks are working well, when using network_cli. As this should be the definitive fix. Are we good recommending the use of network_cli for all big_ip playbooks?

urohit011 commented 14 hours ago

Hi, for ansible-core version >= 2.15.0 it's recommended to use network_cli plugin as follows:

---
- name: Test
  hosts: f5test
  gather_facts: false
  connection: network_cli

  vars:
    ansible_network_os: bigip
    ansible_user: user
    ansible_password: passwd

    provider:
     server: "1.2.3.4"
     user: user
     password: passwd
     validate_certs: no
     server_port: 22
     transport: cli

  tasks:
    - name: test
      f5networks.f5_modules.bigip_command:
        commands:
          - show sys version
        provider: "{{ provider }}"