Closed mlowcher61 closed 6 years ago
@mlowcher61 the ability to connect to the remote device is more than just curling the ip. It depends on whether the REST API can be reached at /mgmt/tm/sys
The slice of page that you show there is the BIG-IP configuration Redirect page. This suggests that the device is not yet ready to take configuration.
What is the output of curling the url I mention?
lowcher@ansible:~$ curl -sk -u admin:admin https://10.0.0.167/mgmt/tm/sys | jq .items [ { "reference": { "link": "https://localhost/mgmt/tm/sys/application?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/crypto?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/daemon-log-settings?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/diags?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/disk?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/dynad?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/ecm?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/file?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/fpga?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/icall?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/ipfix?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/log-config?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/pfman?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/sflow?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/software?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/turboflex?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/url-db?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/aom?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/autoscale-group?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/cluster?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/config?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/daemon-ha?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/datastor?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/db?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/dns?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/feature-module?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/folder?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/global-settings?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/ha-group?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/httpd?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/icontrol-soap?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/log-rotate?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/management-dhcp?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/management-ip?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/management-ovsdb?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/management-proxy-config?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/management-route?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/ntp?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/outbound-smtp?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/provision?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/scriptd?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/service?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/smtp-server?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/snmp?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/sshd?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/state-mirroring?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/syslog?ver=13.1.0.3" } }, { "reference": { "link": "https://localhost/mgmt/tm/sys/ucs?ver=13.1.0.3" } } ] lowcher@ansible:~$
Mark Lowcher CISSP CCSP | F5 Systems Engineer – AT&T Cloud and Managed Services
F5 Networks
P 888.88.BIG.IP
M 512.745.6263
m.lowcher@f5.commailto:m.lowcher@f5.com
www.f5.comhttp://www.f5.com/
From: Tim Rupp [mailto:notifications@github.com] Sent: Tuesday, March 6, 2018 11:12 AM To: F5Networks/f5-ansible f5-ansible@noreply.github.com Cc: Mark Lowcher M.Lowcher@F5.com; Mention mention@noreply.github.com Subject: Re: [F5Networks/f5-ansible] All my playbooks fail with v13.1.0.3 build 0.0.5 point release 3 (#655)
EXTERNAL MAIL: noreply@github.commailto:noreply@github.com
@mlowcher61https://github.com/mlowcher61 the ability to connect to the remote device is more than just curling the ip. It depends on whether the REST API can be reached at /mgmt/tm/sys
The slice of page that you show there is the BIG-IP configuration Redirect page. This suggests that the device is not yet ready to take configuration.
What is the output of curling the url I mention?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/f5-ansible/issues/655#issuecomment-370855398, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ASzoTXTG0dQYWFx9wOtuR61ayDpiHOAaks5tbsNFgaJpZM4SfD6X.
@mlowcher61 can you view the web ui? does it show a standard login screen? or does it show a "configuration loading" screen?
Yes, login page is fine.
additionally, try replacing your bigip.py in your module_utils/network/f5/ directory with the one found here
https://github.com/F5Networks/f5-ansible/blob/devel/library/module_utils/network/f5/bigip.py
it will hopefully provide more debugging
@mlowcher61 replied
The verbiage of the error message is different now but essentially the same.
lowcher@ansible:~/app_svc_L4-7/ansible/playbooks$ ansible-playbook default_config.yml
PLAY [bigip] *****
TASK [Gathering Facts] *** ok: [10.0.0.167] ok: [10.0.0.168]
TASK [Reset the BIG-IP configuration, for example, to RMA the device] **** [DEPRECATION WARNING]: Param 'server' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Param 'user' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Param 'password' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Param 'validate_certs' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. fatal: [10.0.0.168 -> localhost]: FAILED! => {"changed": false, "msg": "Unable to connect to bigip on port 443. The reported error was \"HTTPSConnectionPool(host='bigip', port=443): Max retries exceeded with url: /mgmt/shared/authn/login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f65d4cfeb90>: Failed to establish a new connection: [Errno 113] No route to host',))\"."} fatal: [10.0.0.167 -> localhost]: FAILED! => {"changed": false, "msg": "Unable to connect to bigip on port 443. The reported error was \"HTTPSConnectionPool(host='bigip', port=443): Max retries exceeded with url: /mgmt/shared/authn/login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f72e43b3b90>: Failed to establish a new connection: [Errno 111] Connection refused',))\"."}
PLAY RECAP *** 10.0.0.167 : ok=1 changed=0 unreachable=0 failed=1 10.0.0.168 : ok=1 changed=0 unreachable=0 failed=1
I’m going to try again but change “bigip” to the ip of one device “10.0.0.167”
do you have an entry in your /etc/hosts file for "bigip"? or does it resolve via dns?
@mlowcher61 replied
Ok, setting both to default using “bigip” which calls the /etc/ansible/hosts file now failed.
lowcher@ansible:~/app_svc_L4-7/ansible/playbooks$ ansible-playbook default_config.yml
PLAY [bigip] *****
TASK [Gathering Facts] *** ok: [10.0.0.168] ok: [10.0.0.167]
TASK [Reset the BIG-IP configuration, for example, to RMA the device] **** [DEPRECATION WARNING]: Param 'server' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Param 'user' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Param 'password' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: Param 'validate_certs' is deprecated. See the module docs for more information. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. fatal: [10.0.0.168 -> localhost]: FAILED! => {"changed": false, "msg": "Unable to connect to bigip on port 443. The reported error was \"HTTPSConnectionPool(host='bigip', port=443): Max retries exceeded with url: /mgmt/shared/authn/login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fa8bff1db90>: Failed to establish a new connection: [Errno 113] No route to host',))\"."} fatal: [10.0.0.167 -> localhost]: FAILED! => {"changed": false, "msg": "Unable to connect to bigip on port 443. The reported error was \"HTTPSConnectionPool(host='bigip', port=443): Max retries exceeded with url: /mgmt/shared/authn/login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fc701423b90>: Failed to establish a new connection: [Errno 111] Connection refused',))\"."}
PLAY RECAP *** 10.0.0.167 : ok=1 changed=0 unreachable=0 failed=1 10.0.0.168 : ok=1 changed=0 unreachable=0 failed=1
lowcher@ansible:~/app_svc_L4-7/ansible/playbooks$ ansible -m ping bigip 10.0.0.168 | SUCCESS => { "changed": false, "ping": "pong" } 10.0.0.167 | SUCCESS => { "changed": false, "ping": "pong" }
when you specify "bigip" in your task's server line, it's going to try to resolve that. That is presumably what is failing. If you specify the IP address there, it would presumably work.
Or if you add "bigip" to your /etc/hosts (the system static hosts, not the Ansible hosts) it should also work
specify more than one bigip in your Ansible hosts file and playbook hosts line
# inventory
bigip1
bigip2
# Playbook
hosts: "bigip1:bigip2"
@mlowcher61 replied
So this worked. I called the bigip at the hosts and did two reset tasks. I will try your way now and this took a long time.
hosts: bigip connection: local tasks:
name: Reset the BIG-IP configuration, for example, to RMA the device bigip_config: reset: yes save: yes server: bigip1 password: "{{ password }}" user: admin validate_certs: no delegate_to: localhost
name: Reset the BIG-IP configuration, for example, to RMA the device bigip_config: reset: yes save: yes server: bigip2 password: "{{ password }}" user: admin validate_certs: no delegate_to: localhost
lowcher@ansible:~/app_svc_L4-7/ansible/playbooks$ ansible-playbook default_config.yml
PLAY [bigip] *****
TASK [Gathering Facts] *** ok: [bigip1] ok: [bigip2]
TASK [Reset the BIG-IP configuration, for example, to RMA the device] **** changed: [bigip2 -> localhost] changed: [bigip1 -> localhost]
TASK [Reset the BIG-IP configuration, for example, to RMA the device] **** changed: [bigip1 -> localhost] changed: [bigip2 -> localhost]
PLAY RECAP *** bigip1 : ok=3 changed=2 unreachable=0 failed=0 bigip2 : ok=3 changed=2 unreachable=0 failed=0
The following should work
---
- hosts: "bigip1:bigip2"
connection: local
tasks:
- name: Reset the BIG-IP configuration, for example, to RMA the device
bigip_config:
reset: yes
save: yes
server: "{{ inventory_hostname }}"
password: "{{ password }}"
user: admin
validate_certs: no
@mlowcher61 replied
What if I have other items such as
[webserver]
Web1
Web2
[proxy]
proxy1
proxy2
Won’t that try those as well?
Yes. I did that
Thx
Sent from my iPhone
On Mar 8, 2018, at 12:39 PM, Tim Rupp notifications@github.com<mailto:notifications@github.com> wrote:
EXTERNAL MAIL: bounces+848413-c0af-m.lowcher=f5.com@sgmail.github.commailto:bounces+848413-c0af-m.lowcher=f5.com@sgmail.github.com
additionally, try replacing your bigip.py in your module_utils/network/f5/ directory with the one found here
https://github.com/F5Networks/f5-ansible/blob/devel/library/module_utils/network/f5/bigip.py
it will hopefully provide more debugging
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/F5Networks/f5-ansible/issues/655#issuecomment-371581982, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ASzoTcIe-uoubALxws6AFy282UJS1erGks5tcXrrgaJpZM4SfD6X.
The hosts: "bigip1:bigip2" limits the playbook to only be run on the hosts in the hosts line. So no.
@mlowcher61 replied
Tim,
Actually, below just worked as well. Which is much better if I’m trying to address a lot of devices at once such as a geolocation db update.
Thanks for your help!
---
- hosts: bigip
connection: local
tasks:
- name: Reset the BIG-IP configuration, for example, to RMA the device
bigip_config:
reset: yes
save: yes
server: "{{ inventory_hostname }}"
password: "{{ password }}"
user: admin
validate_certs: no
delegate_to: localhost
closing as this issue seems to be resolved now
ISSUE TYPE
COMPONENT NAME
all modules, all raw commands. Only ansible CLI ad-hoc works and ReST commands
ANSIBLE VERSION
PYTHON VERSION
BIGIP VERSION
LIBRARY VERSIONS
bigsuds==1.0.6 f5-sdk==3.0.12 -->
CONFIGURATION
OS / ENVIRONMENT
Ansible in on OS Ubuntu 16.0.4
SUMMARY
All modules are failing now. Only ansible ad-hoc and ReST commands work. For example See "playbooks or commands" below.
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
fatal: [10.0.0.168 -> localhost]: FAILED! => {"changed": false, "msg": "Unable to connect to bigip on port 443. Is \"validate_certs\" preventing this?"} fatal: [10.0.0.167 -> localhost]: FAILED! => {"changed": false, "msg": "Unable to connect to bigip on port 443. Is \"validate_certs\" preventing this?"}