Closed chilu49 closed 7 years ago
my guess is that you're not delegating to localhost. The BIG-IP modules must run on the Ansible controller. Try adding either of the following to your playbook.
connection: local
at the play level
or
delegate_to: localhost
at the task level
i have already mentioned that in the playbook, but still getting the same "unreachable" error. One thing i want to mention is that, my role on F5 is "operator" not admin.
name: Test bigip pool member status change hosts: test
tasks:
@chilu49 right, but the error is due to a failure of SSH trying to connect to 10.48.120.149. That's not a bigip module related error.
After you added delegation, what was the error?
Its the same error.
fatal: [10.48.120.149]: UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying options for \r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/root/.ansible/cp/28c65d1b29\" does not exist\r\ndebug2: ssh_connect: needpriv 0\r\ndebug1: Connecting to 10.48.120.149 [10.48.120.149] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ed25519 type -1\r\ndebug1: identity file /root/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_6.6.1\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_5.3\r\ndebug1: match: OpenSSH_5.3 pat OpenSSH_5 compat 0x0c000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug3: load_hostkeys: loading entries for host \"10.48.120.149\" from file \"/root/.ssh/known_hosts\"\r\ndebug3: load_hostkeys: found key type RSA in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\ndebug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss\r\ndebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se\r\ndebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se\r\ndebug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2: kex_parse_kexinit: zlib@openssh.com,zlib,none\r\ndebug2: kex_parse_kexinit: zlib@openssh.com,zlib,none\r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: first_kex_follows 0 \r\ndebug2: kex_parse_kexinit: reserved 0 \r\ndebug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\ndebug2: kex_parse_kexinit: ssh-rsa,ssh-dss\r\ndebug2: kex_parse_kexinit: aes128-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes192-cbc,3des-cbc\r\ndebug2: kex_parse_kexinit: aes128-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes192-cbc,3des-cbc\r\ndebug2: kex_parse_kexinit: hmac-sha1\r\ndebug2: kex_parse_kexinit: hmac-sha1\r\ndebug2: kex_parse_kexinit: none,zlib@openssh.com\r\ndebug2: kex_parse_kexinit: none,zlib@openssh.com\r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: first_kex_follows 0 \r\ndebug2: kex_parse_kexinit: reserved 0 \r\ndebug2: mac_setup: setup hmac-sha1\r\ndebug1: kex: server->client aes128-ctr hmac-sha1 zlib@openssh.com\r\ndebug2: mac_setup: setup hmac-sha1\r\ndebug1: kex: client->server aes128-ctr hmac-sha1 zlib@openssh.com\r\ndebug1: kex: ecdh-sha2-nistp256 need=20 dh_need=20\r\ndebug1: kex: ecdh-sha2-nistp256 need=20 dh_need=20\r\ndebug1: sending SSH2_MSG_KEX_ECDH_INIT\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug1: Server host key: RSA ed:91:ef:a4:64:b0:db:34:b1:63:a1:cf:ac:7a:29:bf\r\ndebug3: load_hostkeys: loading entries for host \"10.48.120.149\" from file \"/root/.ssh/known_hosts\"\r\ndebug3: load_hostkeys: found key type RSA in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys\r\ndebug1: Host '10.48.120.149' is known and matches the RSA host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:1\r\ndebug1: ssh_rsa_verify: signature correct\r\ndebug2: kex_derive_keys\r\ndebug2: set_newkeys: mode 1\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug2: set_newkeys: mode 0\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug1: SSH2_MSG_SERVICE_REQUEST sent\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug2: key: /root/.ssh/id_rsa ((nil)),\r\ndebug2: key: /root/.ssh/id_dsa ((nil)),\r\ndebug2: key: /root/.ssh/id_ecdsa ((nil)),\r\ndebug2: key: /root/.ssh/id_ed25519 ((nil)),\r\ndebug1: Authentications that can continue: publickey,keyboard-interactive,hostbased\r\ndebug3: start over, passed a different list publickey,keyboard-interactive,hostbased\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup hostbased\r\ndebug3: remaining preferred: publickey\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: \r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Trying private key: /root/.ssh/id_rsa\r\ndebug3: no such identity: /root/.ssh/id_rsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_dsa\r\ndebug3: no such identity: /root/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ecdsa\r\ndebug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ed25519\r\ndebug3: no such identity: /root/.ssh/id_ed25519: No such file or directory\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\nPermission denied (publickey,keyboard-interactive,hostbased).\r\n", "unreachable": true } to retry, use: --limit @/etc/ansible/playbooks/non-prod-F5pool-memberoffline-Mobility-Test.retry
PLAY RECAP ** 10.48.120.149 : ok=0 changed=0 unreachable=1 failed=0
I tried different playbook with different network module and its working fine. PLAYBOOK:
name: Test bigip_facts hosts: test connection: local
tasks:
PLAYBOOK: bigip_facts.yaml ** 1 plays in bigip_facts.yaml
PLAY [Test bigip_facts] *****
TASK [Gathering Facts] **
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/setup.py
<10.48.120.149> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.48.120.149> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.48.120.149> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-tmp-1503510171.95-44454372803600
" && echo ansible-tmp-1503510171.95-44454372803600="echo /root/.ansible/tmp/ansible-tmp-1503510171.95-44454372803600
" ) && sleep 0'
<10.48.120.149> PUT /tmp/tmpiuuD4W TO /root/.ansible/tmp/ansible-tmp-1503510171.95-44454372803600/setup.py
<10.48.120.149> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1503510171.95-44454372803600/ /root/.ansible/tmp/ansible-tmp-1503510171.95-44454372803600/setup.py && sleep 0'
<10.48.120.149> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1503510171.95-44454372803600/setup.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1503510171.95-44454372803600/" > /dev/null 2>&1 && sleep 0'
ok: [10.48.120.149]
META: ran handlers
TASK [Get all of the facts from my BIG-IP] **
task path: /etc/ansible/playbooks/bigip_facts.yaml:6
Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/f5/bigip_facts.py
<10.48.120.149> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.48.120.149> EXEC /bin/sh -c 'echo ~ && sleep 0'
<10.48.120.149> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-tmp-1503510172.71-154989222006778
" && echo ansible-tmp-1503510172.71-154989222006778="echo /root/.ansible/tmp/ansible-tmp-1503510172.71-154989222006778
" ) && sleep 0'
<10.48.120.149> PUT /tmp/tmpJ_rtdb TO /root/.ansible/tmp/ansible-tmp-1503510172.71-154989222006778/bigip_facts.py
<10.48.120.149> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1503510172.71-154989222006778/ /root/.ansible/tmp/ansible-tmp-1503510172.71-154989222006778/bigip_facts.py && sleep 0'
<10.48.120.149> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1503510172.71-154989222006778/bigip_facts.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1503510172.71-154989222006778/" > /dev/null 2>&1 && sleep 0'
ok: [10.48.120.149] => {
"ansible_facts": {
"system_info": {
your second playbook is using connection: local
where as your first playbook used delegate_to: localhost
.
@chilu49 does the failing example work if you change connection
to local
?
Thanks for the suggestion. I made the change you suggested and it worked
name: Test bigip pool member status change hosts: test connection: local
tasks:
But i still recevied an error. It says i do not have "create access to object (pool_member)". But i am able to access through F5 User Interface and make the members of the pool offline/disable. Can you think of any reason as to why this is happening.
fatal: [X.X.X>X]: FAILED! => { "changed": false, "failed": true, "invocation": { "module_args": { "connection_limit": null, "description": null, "host": "X.X.X.X", "monitor_state": "disabled", "partition": "Unix", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "pool": "Pool-ACC-Test", "port": 8444, "preserve_node": false, "rate_limit": null, "ratio": null, "server": "X.X.X.X", "server_port": 443, "session_state": "disabled", "state": "present", "user": "rchiluve", "validate_certs": false } }, "msg": "received exception: Server raised fault: 'Exception caught in LocalLB::urn:iControl:LocalLB/Pool::add_member_v2()\nException: Common::OperationFailed\n\tprimary_error_code : 17238050 (0x01070822)\n\tsecondary_error_code : 0\n\terror_string : 01070822:3: Access Denied: user (xxxxxxx) does not have create access to object (pool_member)'" } to retry, use: --limit @/etc/ansible/playbooks/non-prod-F5pool-memberoffline-Mobility-Test.retry
PLAY RECAP ** X.X.X.X : ok=1 changed=0 unreachable=0 failed=1
@chilu49 the reason it is working is because connection: local
forces ansible to never SSH to anything...even the Ansible controller
delegate_to: localhost
causes the Ansible controller to SSH to itself first, but what runs on the delegate_to
host is run in the "context" of the current node. Your issue is because you are unable to ssh to yourself (your ansible controller) from your ansible controller.
@chilu49 I'm not sure if permissions are handled differently in SOAP vs TMUI. If they are, I wouldn't entirely be surprised as TMUI does not use any public interfaces to the BIG-IP control plane.
The error that is being raised there is coming from SOAP itself, not the F5 Ansible modules.
ISSUE TYPE
COMPONENT NAME
bigip_pool_member
ANSIBLE VERSION
PYTHON VERSION
BIGIP VERSION
CONFIGURATION
OS / ENVIRONMENT
oracle linux 7
SUMMARY
I am trying to execute the playbook which disables a member in an F5 pool. I am able to collect the facts from the same F5 but when I try to execute the playbook to disable pool memeber, i am getting UNREACHABLE error. fatal: [X.X.X.X]: UNREACHABLE! =>
STEPS TO REPRODUCE
EXPECTED RESULTS
N/A
ACTUAL RESULTS
N/A