Unable to generate CSR via bigip_command [if City name is München, Baden-Württemberg]

[f5killer]

COMPONENT NAME

bigip_command

Environment

Prod

ANSIBLE VERSION

**ansible [core 2.15.1]
python version = 3.11.9
jinja version = 3.1.2**
ansible.netcommon      6.0.0  
ansible.posix          1.5.4  
ansible.utils          3.1.0  
arista.eos             7.0.0  
cisco.aci              2.8.0  
cisco.asa              5.0.1  
cisco.ios              6.1.2  
cisco.iosxr            7.1.0  
cisco.nxos             6.0.3  
community.general      8.4.0  
community.hashi_vault  6.1.0  
f5networks.f5_bigip    3.6.2  
f5networks.f5_modules  1.30.1 
fortinet.fortios       2.3.5  
netbox.netbox          3.17.0 
openstack.cloud        1.10.0

BIGIP VERSION

Sys::Version Main Package Product BIG-IP Version 16.1.4.1 Build 0.132.5

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

BIGIP Ansible command module(bigip_command) is failing to generate CSR via ansible input, when use unicode charater in city name or, state name i.e city name: 'München' or State Name: 'Baden-Württemberg'. however tmos command and web ui works well.

STEPS TO REPRODUCE

---
- hosts: all
  gather_facts: false
  vars_files: vars/lba_provider_vars.yaml
  connection: local
  vars: 
    - cust_obj: "www.example.com"
    - keySize: 2048
    - country: "DE"
    - subject_alternative_name: "DNS:*.abc.com"
    - state: "München"
    - my_commonName: "*.example.com"
    - ou: "IT"
    - city: "Ulm"
    - organization: "Microsoft"

  tasks:
    - name: Create command tmsh Command dynamically
      ansible.builtin.set_fact:
        create_tmos_command: >-
          create sys crypto key '{{ cust_obj }}' key-size {{ keySize }}
          gen-csr country '{{ country }}'
          city '{{ city }}'
          state '{{ state }}'
          organization '{{ organization }}'
          ou '{{ ou }}'
          common-name '{{ my_commonName }}'
          subject-alternative-name '{{ subject_alternative_name }}'
        delegate_to: localhost

    - name: "Generate the CSR On Device"
      f5networks.f5_modules.bigip_command:
        provider: "{{ provider }}"
        commands:
          - "{{ create_tmos_command }}"
      delegate_to: localhost

EXPECTED RESULTS

ACTUAL RESULTS

"changed": false, "invocation": { "module_args": { "chdir": null, "commands": [ "create sys crypto key 'www.example.com' key-size 2048 gen-csr country 'DE' city 'Ulm' state 'München' organization 'Microsoft' ou 'IT' common-name '.example.com' subject-alternative-name 'DNS:.abc.com'" ], "interval": 1, "match": "all", "provider": { "auth_provider": null, "no_f5_teem": true, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "server": "10.10.20.90", "server_port": 443, "ssh_keyfile": null, "timeout": null, "transport": "rest", "user": "unix", "validate_certs": false }, "retries": 10, "wait_for": null, "warn": true } }, "msg": "double quotes are not balanced" }

[pgouband]

Hi @f5killer,

Have you tried using bigip_ssl_csr module from declarative collection? https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/modules_2_0/bigip_ssl_csr_module.html#bigip-ssl-csr-module-2

[f5killer]

Issue is still same in that module 'bigip_ssl_csr' too. I have opened the f5 case.

[pgouband]

Can you share the support case number?

[f5killer]

case No: 00678133

[pgouband]

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1657.