search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
376 stars 231 forks source link

What can be the possible problem? #290

Closed UdhavPawar closed 7 years ago

UdhavPawar commented 7 years ago
ISSUE TYPE
COMPONENT NAME

bigip_command

ANSIBLE VERSION
ansible 2.4.0
  config file = /work/ansible.cfg
  configured module search path = [u'/home/upawar/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
PYTHON VERSION
Python 2.7.5
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     12.1.2
  Build       0.93.249
  Edition     Engineering Hotfix
  Date        Fri Jan 20 15:48:38 PST 2017

Hotfix List
ID624457-5    ID623119  ID639492-1  ID624023-3
CONFIGURATION
OS / ENVIRONMENT
SUMMARY

I have two load balancers, (10.1.254.248, and 10.0.254.248), both load balancer running same code. same yaml file works fine on 10.0.254.248, but it does not work on 10.1.254.248

STEPS TO REPRODUCE
[upawar@e8ab66aaed46 work]$ more testhost 
[testlb]
10.1.254.248

This is the playbook:
---
- name: test
  connection: local
  hosts: testlb
  gather_facts: no
  vars_files:
   - './password.yml'
   - './certname.yml'

  tasks:
    - name: run show version on remote devices
      bigip_command:
        commands:
          - create ltm profile client-ssl {{ certname }} cert {{ cert_certname }} key {{ key_certname }}  chain {{ bundle_certname }}  defaults-from clientssl_pfs
        user: "{{ bigip_username }}"
        password: "{{ bigip_password }}"
        server: "{{ inventory_hostname }}"
EXPECTED RESULTS
[upawar@e8ab66aaed46 work]$ ansible-playbook -i testhost showver.yml -vvvv
ansible-playbook 2.4.0
  config file = /work/ansible.cfg
  configured module search path = [u'/home/upawar/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible-playbook
  python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
Using /work/ansible.cfg as config file
setting up inventory plugins
Parsed /work/testhost inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc

PLAYBOOK: showver.yml ********************************************************************************************************************************************************************
1 plays in showver.yml
Read vars_file './password.yml'
Read vars_file './password.yml'

PLAY [run arbitrary command on F5 devices.] **********************************************************************************************************************************************
META: ran handlers
Read vars_file './password.yml'

TASK [show version] **********************************************************************************************************************************************************************
task path: /work/showver.yml:10
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/network_common.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/netcli.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/f5_utils.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/six/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/basic.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/_text.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/parsing/convert_bool.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/parsing/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/pycompat24.py
Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/f5/bigip_command.py
<10.0.254.248> ESTABLISH LOCAL CONNECTION FOR USER: upawar
<10.0.254.248> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.0.254.248> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/upawar/.ansible/tmp/ansible-tmp-1501275030.17-84680108073934 `" && echo ansible-tmp-1501275030.17-84680108073934="` echo /home/upawar/.ansible/tmp/ansible-tmp-1501275030.17-84680108073934 `" ) && sleep 0'
<10.0.254.248> PUT /tmp/tmp4QXjcF TO /home/upawar/.ansible/tmp/ansible-tmp-1501275030.17-84680108073934/bigip_command.py
<10.0.254.248> EXEC /bin/sh -c 'chmod u+x /home/upawar/.ansible/tmp/ansible-tmp-1501275030.17-84680108073934/ /home/upawar/.ansible/tmp/ansible-tmp-1501275030.17-84680108073934/bigip_command.py && sleep 0'
<10.0.254.248> EXEC /bin/sh -c '/usr/bin/python /home/upawar/.ansible/tmp/ansible-tmp-1501275030.17-84680108073934/bigip_command.py; rm -rf "/home/upawar/.ansible/tmp/ansible-tmp-1501275030.17-84680108073934/" > /dev/null 2>&1 && sleep 0'
changed: [10.0.254.248] => {
    "changed": true, 
    "failed": false, 
    "invocation": {
        "module_args": {
            "commands": [
                "show sys version"
            ], 
            "interval": 1, 
            "match": "all", 
            "partition": "Common", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "retries": 10, 
            "server": "10.0.254.248", 
            "server_port": 443, 
            "state": "present", 
            "user": "upawar", 
            "validate_certs": true, 
            "wait_for": null
        }
    }, 
    "stdout": [
        "\nSys::Version\nMain Package\n  Product     BIG-IP\n  Version     12.1.2\n  Build       0.93.249\n  Edition     Engineering Hotfix\n  Date        Fri Jan 20 15:48:38 PST 2017\n\nHotfix List\nID639492-1    ID623119  ID624457-5  ID624023-3\n\n"
    ], 
    "stdout_lines": [
        [
            "", 
            "Sys::Version", 
            "Main Package", 
            "  Product     BIG-IP", 
            "  Version     12.1.2", 
            "  Build       0.93.249", 
            "  Edition     Engineering Hotfix", 
            "  Date        Fri Jan 20 15:48:38 PST 2017", 
            "", 
            "Hotfix List", 
            "ID639492-1    ID623119  ID624457-5  ID624023-3", 
            "", 
            ""
        ]
    ]
}
META: ran handlers
META: ran handlers

PLAY RECAP *******************************************************************************************************************************************************************************
10.0.254.248               : ok=1    changed=1    unreachable=0    failed=0
ACTUAL RESULTS
[upawar@e8ab66aaed46 work]$ ansible-playbook -i testhost showver.yml -vvvv
ansible-playbook 2.4.0
  config file = /work/ansible.cfg
  configured module search path = [u'/home/upawar/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible-playbook
  python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
Using /work/ansible.cfg as config file
setting up inventory plugins
Parsed /work/testhost inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc

PLAYBOOK: showver.yml ********************************************************************************************************************************************************************
1 plays in showver.yml
Read vars_file './password.yml'
Read vars_file './password.yml'

PLAY [run arbitrary command on F5 devices.] **********************************************************************************************************************************************
META: ran handlers
Read vars_file './password.yml'

TASK [show version] **********************************************************************************************************************************************************************
task path: /work/showver.yml:10
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/network_common.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/netcli.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/f5_utils.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/six/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/basic.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/_text.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/parsing/convert_bool.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/parsing/__init__.py
Using module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/pycompat24.py
Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/f5/bigip_command.py
<10.1.254.248> ESTABLISH LOCAL CONNECTION FOR USER: upawar
<10.1.254.248> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.1.254.248> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/upawar/.ansible/tmp/ansible-tmp-1501274892.83-63923378065537 `" && echo ansible-tmp-1501274892.83-63923378065537="` echo /home/upawar/.ansible/tmp/ansible-tmp-1501274892.83-63923378065537 `" ) && sleep 0'
<10.1.254.248> PUT /tmp/tmpcPSQun TO /home/upawar/.ansible/tmp/ansible-tmp-1501274892.83-63923378065537/bigip_command.py
<10.1.254.248> EXEC /bin/sh -c 'chmod u+x /home/upawar/.ansible/tmp/ansible-tmp-1501274892.83-63923378065537/ /home/upawar/.ansible/tmp/ansible-tmp-1501274892.83-63923378065537/bigip_command.py && sleep 0'
<10.1.254.248> EXEC /bin/sh -c '/usr/bin/python /home/upawar/.ansible/tmp/ansible-tmp-1501274892.83-63923378065537/bigip_command.py; rm -rf "/home/upawar/.ansible/tmp/ansible-tmp-1501274892.83-63923378065537/" > /dev/null 2>&1 && sleep 0'
fatal: [10.1.254.248]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "module_stderr": "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n  InsecureRequestWarning)\n/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n  InsecureRequestWarning)\n/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n  InsecureRequestWarning)\nTraceback (most recent call last):\n  File \"/tmp/ansible_8wNAu8/ansible_module_bigip_command.py\", line 374, in <module>\n    main()\n  File \"/tmp/ansible_8wNAu8/ansible_module_bigip_command.py\", line 367, in main\n    results = mm.exec_module()\n  File \"/tmp/ansible_8wNAu8/ansible_module_bigip_command.py\", line 240, in exec_module\n    raise F5ModuleError(str(e))\nansible.module_utils.f5_utils.F5ModuleError: 400 Unexpected Error: Bad Request for uri: https://10.1.254.248:443/mgmt/tm/util/bash/\nText: u'{\"code\":400,\"message\":\"\\\\\"bash\\\\\" unexpected argument\",\"errorStack\":[],\"apiError\":26214401}'\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 0
}
    to retry, use: --limit @/work/showver.retry

PLAY RECAP *******************************************************************************************************************************************************************************
10.1.254.248               : ok=0    changed=0    unreachable=0    failed=1
caphrim007 commented 7 years ago

What role does the upawar user have on the bigip that's failing?

fwissue commented 7 years ago

admin with advance shell, ssh to 10.1.254.248 directly, it works fine, and ran the same yaml file from another computer, it works fine

fwissue commented 7 years ago

something related to his account on LTM, tested with different user account on the same computer it works fine.

caphrim007 commented 7 years ago

Everything happens over http with F5 modules. Even things that look like ssh

caphrim007 commented 7 years ago

I can provide some debug code to assist if you're still interested in the underlying problem.

fwissue commented 7 years ago

Thanks Tim

That will be great.

Sent from my iPhone

On Jul 28, 2017, at 6:11 PM, Tim Rupp notifications@github.com<mailto:notifications@github.com> wrote:

I can provide some debug code to assist if you're still interested in the underlying problem.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/f5-ansible/issues/290#issuecomment-318793364, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AbzU5ydYCA1f60SIrJ-IYQWeBgBRM3j8ks5sSobHgaJpZM4OnEXi.

caphrim007 commented 7 years ago

@fwissue see this method here

https://gist.github.com/caphrim007/0ba1531401f51d1d9f5b6213dedd7848

Overwrite your own copy of that method.

Then, do pip install q

Finally, run the module, watch it fail, and then post the output of cat "$TMPDIR/q"

UdhavPawar commented 7 years ago

[root@e79f354e01e2 tmp]# cat q

0.0s execute_on_device: item['command']='tmsh show sys version'

[root@e79f354e01e2 work]# ansible-playbook -i privateiphost showver.yml

PLAY [run arbitrary command on F5 devices.] *****

TASK [show version] ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='~', port=443): Max retries exceeded with url: /mgmt/shared/authn/login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x28e36d0>: Failed to establish a new connection: [Errno -2] Name or service not known',)) fatal: [~]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_pjUFRL/ansible_module_bigip_command.py\", line 375, in \n main()\n File \"/tmp/ansible_pjUFRL/ansible_module_bigip_command.py\", line 363, in main\n f5_product_name=spec.f5_product_name\n File \"/tmp/ansible_pjUFRL/ansible_modlib.zip/ansible/module_utils/f5_utils.py\", line 237, in init\n File \"/tmp/ansible_pjUFRL/ansible_modlib.zip/ansible/module_utils/f5_utils.py\", line 262, in _get_mgmt_root\n File \"/usr/lib/python2.7/site-packages/f5/bigip/init.py\", line 124, in init\n self.post_configuration_setup()\n File \"/usr/lib/python2.7/site-packages/f5/bigip/init.py\", line 91, in post_configuration_setup\n self._get_tmos_version()\n File \"/usr/lib/python2.7/site-packages/f5/bigip/init.py\", line 96, in _get_tmos_version\n response = connect.get(base_uri)\n File \"/usr/lib/python2.7/site-packages/icontrol/session.py\", line 258, in wrapper\n response = method(self, REST_uri, kwargs)\n File \"/usr/lib/python2.7/site-packages/icontrol/session.py\", line 427, in get\n return self.session.get(uri, kwargs)\n File \"/usr/lib/python2.7/site-packages/requests/sessions.py\", line 515, in get\n return self.request('GET', url, kwargs)\n File \"/usr/lib/python2.7/site-packages/requests/sessions.py\", line 488, in request\n prep = self.prepare_request(req)\n File \"/usr/lib/python2.7/site-packages/requests/sessions.py\", line 431, in prepare_request\n hooks=merge_hooks(request.hooks, self.hooks),\n File \"/usr/lib/python2.7/site-packages/requests/models.py\", line 309, in prepare\n self.prepare_auth(auth, url)\n File \"/usr/lib/python2.7/site-packages/requests/models.py\", line 540, in prepare_auth\n r = auth(self)\n File \"/usr/lib/python2.7/site-packages/icontrol/authtoken.py\", line 203, in call\n self.get_new_token(netloc)\n File \"/usr/lib/python2.7/site-packages/icontrol/authtoken.py\", line 100, in get_new_token\n self.password))\n File \"/usr/lib/python2.7/site-packages/requests/api.py\", line 112, in post\n return request('post', url, data=data, json=json, kwargs)\n File \"/usr/lib/python2.7/site-packages/requests/api.py\", line 58, in request\n return session.request(method=method, url=url, kwargs)\n File \"/usr/lib/python2.7/site-packages/requests/sessions.py\", line 502, in request\n resp = self.send(prep, send_kwargs)\n File \"/usr/lib/python2.7/site-packages/requests/sessions.py\", line 612, in send\n r = adapter.send(request, **kwargs)\n File \"/usr/lib/python2.7/site-packages/requests/adapters.py\", line 504, in send\n raise ConnectionError(e, request=request)\nrequests.exceptions.ConnectionError: HTTPSConnectionPool(host='~', port=443): Max retries exceeded with url: /mgmt/shared/authn/login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x28e36d0>: Failed to establish a new connection: [Errno -2] Name or service not known',))\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0} fatal: [10.1.23.252]: FAILED! => {"changed": false, "failed": true, "module_stderr": "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\nTraceback (most recent call last):\n File \"/tmp/ansible_L3D8lK/ansible_module_bigip_command.py\", line 375, in \n main()\n File \"/tmp/ansible_L3D8lK/ansible_module_bigip_command.py\", line 368, in main\n results = mm.exec_module()\n File \"/tmp/ansible_L3D8lK/ansible_module_bigip_command.py\", line 240, in exec_module\n raise F5ModuleError(str(e))\nansible.module_utils.f5_utils.F5ModuleError: 400 Unexpected Error: Bad Request for uri: https://10.1.23.252:443/mgmt/tm/util/bash/\nText: u'{\"code\":400,\"message\":\"\\\"bash\\\" unexpected argument\",\"errorStack\":[],\"apiError\":26214401}'\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0} to retry, use: --limit @/work/showver.retry

PLAY RECAP ** 10.1.23.252 : ok=0 changed=0 unreachable=0 failed=1
~ : ok=0 changed=0 unreachable=0 failed=1

caphrim007 commented 7 years ago

@UdhavPawar I still maintain that something is screwy with whatever account you are using for this purpose. If you want to contact me offline at t.rupp@f5.com, I'd be happy to debug it with you further.

fwissue commented 7 years ago

Agreed, it works fine with another account, this issue can be closed