search

IBM-Security / isam-ansible-roles

DEPRECATED Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Apache License 2.0
24 stars 43 forks source link

set_federation handler start_config : Reload Liberty Runtime return 404 #175

Open nka11 opened 4 years ago

nka11 commented 4 years ago

Hello,

I have the following output after successfully setup a federation on ISAM docker (failure in handler)

TASK [set_federation : Set a Federation - ISAMRP] *************************************************************************************************************************************************************************
changed: [xride01p]

RUNNING HANDLER [start_config : Commit Changes] ***************************************************************************************************************************************************************************
changed: [xride01p]

RUNNING HANDLER [start_config : Reload Liberty Runtime] *******************************************************************************************************************************************************************
fatal: [xride01p]: FAILED! => {"changed": false, "log": "[2019-12-19 11:31:05,720] [PID:44 TID:140737354073920] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: {\"firmware_label\":\"isam_9.0.7.0_20190612-0509\",\"firmware_build\":\"20190612-0509\",\"firmware_version\":\"9.0.7.0\",\"product_description\":\"IBM Security Access Manager\",\"deployment_model\":\"Docker\",\"product_name\":\"isam\"}\n[2019-12-19 11:31:07,184] [PID:44 TID:140737354073920] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: { \"configured\": true}\n[2019-12-19 11:31:08,627] [PID:44 TID:140737354073920] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: [{\"name\":\"ISAM Base Appliance\",\"description\":\"IBM Security Access Manager Base Appliance\",\"id\":\"wga\",\"enabled\":\"True\"}, {\"name\":\"ISAM Advanced Access Control\",\"description\":\"IBM Security Access Manager Advanced Access Control\",\"id\":\"mga\",\"enabled\":\"True\"}, {\"name\":\"ISAM Federation\",\"description\":\"IBM Security Access Manager Federation\",\"id\":\"federation\",\"enabled\":\"True\"}]\n", "msg": "('HTTP Return code: 404', u'')", "name": "ibmsecurity.isam.base.runtime.process.execute"}
nka11 commented 4 years ago

occurd also when adding a partner :


RUNNING HANDLER [start_config : Reload Liberty Runtime] *******************************************************************************************************************************************************************
task path: /etc/ansible/roles/isam-ansible-roles/start_config/handlers/main.yml:102
Using module file /etc/ansible/roles/isam-ansible-roles/start_config/library/isam.py
<xride01p> ESTABLISH LOCAL CONNECTION FOR USER: root
<xride01p> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
  File "/tmp/ansible_isam_payload_MmJ7HN/__main__.py", line 131, in main
    ret_obj = eval(func_call)
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/ibmsecurity/isam/base/runtime/process.py", line 31, in execute
    if force is True or _check(isamAppliance, operation) is True:
  File "/usr/lib/python2.7/site-packages/ibmsecurity/isam/base/runtime/process.py", line 48, in _check
    ret_obj = get(isamAppliance)
  File "/usr/lib/python2.7/site-packages/ibmsecurity/isam/base/runtime/process.py", line 17, in get
    requires_modules=requires_modules, requires_version=requires_version)
  File "/usr/lib/python2.7/site-packages/ibmsecurity/appliance/isamappliance.py", line 425, in invoke_get
    requires_version=requires_version, warnings=warnings)
  File "/usr/lib/python2.7/site-packages/ibmsecurity/appliance/isamappliance.py", line 342, in _invoke_request
    self._process_response(return_obj=return_obj, http_response=r, ignore_error=ignore_error)
  File "/usr/lib/python2.7/site-packages/ibmsecurity/appliance/isamappliance.py", line 66, in _process_response
    raise IBMError("HTTP Return code: {0}".format(http_response.status_code), http_response.text)

fatal: [xride01p]: FAILED! => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "action": "ibmsecurity.isam.base.runtime.process.execute", 
            "adminProxyApplianceShortName": false, 
            "adminProxyHostname": null, 
            "adminProxyPort": 443, 
            "adminProxyProtocol": "https", 
            "appliance": "xride01p", 
            "force": false, 
            "isamapi": {
                "operation": "reload"
            }, 
            "lmi_port": 443, 
            "log": "DEBUG", 
            "omitAdminProxy": false, 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "username": "admin"
        }
    }, 
    "log": "[2019-12-19 14:14:33,487] [PID:35 TID:140737354073920] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: {\"firmware_label\":\"isam_9.0.7.0_20190612-0509\",\"firmware_build\":\"20190612-0509\",\"firmware_version\":\"9.0.7.0\",\"product_description\":\"IBM Security Access Manager\",\"deployment_model\":\"Docker\",\"product_name\":\"isam\"}\n[2019-12-19 14:14:34,889] [PID:35 TID:140737354073920] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: { \"configured\": true}\n[2019-12-19 14:14:36,345] [PID:35 TID:140737354073920] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: [{\"name\":\"ISAM Base Appliance\",\"description\":\"IBM Security Access Manager Base Appliance\",\"id\":\"wga\",\"enabled\":\"True\"}, {\"name\":\"ISAM Advanced Access Control\",\"description\":\"IBM Security Access Manager Advanced Access Control\",\"id\":\"mga\",\"enabled\":\"True\"}, {\"name\":\"ISAM Federation\",\"description\":\"IBM Security Access Manager Federation\",\"id\":\"federation\",\"enabled\":\"True\"}]\n", 
    "msg": "('HTTP Return code: 404', u'')", 
    "name": "ibmsecurity.isam.base.runtime.process.execute"
}
META: ran handlers

NO MORE HOSTS LEFT ********************************************************************************************************************************************************************************************************

PLAY RECAP ****************************************************************************************************************************************************************************************************************
xride01p                   : ok=3    changed=2    unreachable=0    failed=1   
``
ram-ibm commented 4 years ago

We are working on making the framework Docker friendly.

ram-ibm commented 4 years ago

Ansible facts provides the "model" - you could leverage it to decide which handlers to fire for a temporary workaround.

nka11 commented 4 years ago

It has to be coded in the handlers of start_config

I was about to suggest you the same check regarding the facts in this file : https://github.com/IBM-Security/isam-ansible-roles/blob/master/start_config/handlers/main.yml

"ansible_facts": {
        "activations": [
            "wga", 
            "mga", 
            "federation"
        ], 
        "firmware_build": "20190612-0509", 
        "firmware_label": "isam_9.0.7.0_20190612-0509", 
        "model": "Docker", 
        "product_description": "IBM Security Access Manager", 
        "product_name": "isam", 
        "version": "9.0.7.0"
    },
ram-ibm commented 4 years ago

Exactly - if you want you can wait for me to make the change or if your need is more immediate go ahead and make it temporarily.

nka11 commented 4 years ago

Hi, Here is PR #176 where first steps and some handlers are becoming docker friendly