search

IBM-Security / isam-ansible-roles

Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Apache License 2.0
24 stars 43 forks source link

get "add KeyError: ipv4" with "add_interfaces" and "add_network_ipv4" #87

Closed alwayslearning321 closed 6 years ago

alwayslearning321 commented 6 years ago

Need some help. After a new ISAM 9 VM been setup, tried to use yml below to add IP to 2nd interface

---
- name: Run some comands
  hosts: all
  connection: local
  vars:
    username: "admin"
    password: "admin"
    lmi_port: "443"
    log_level: "CRITICAL"
    force: True

  roles:
    - role: base/add_interfaces
      interfaces:
        - label: "1.2"
          addresses:
            - address: "192.168.114.233"
              maskOrPrefix: "24"
              allowManagement: false
              enabled: true

But keep getting error as below and couldn't work out what's wrong. Checked the example in "https://github.com/IBM-Security/isam-ansible-playbook-sample/blob/master/base/add_interfaces.yml" but there's nothing about "ipv4" mentioned. 

TASK [base/add_interfaces : add interfaces] ***********************************************************************************************************************************************************************
task path: /ansible/playbooks/roles/base/add_interfaces/tasks/main.yml:28
Using module file /etc/ansible/roles/isam-ansible-roles/start_config/library/isam.py
<192.168.114.188> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.168.114.188> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_7QxMpR/ansible_module_isam.py", line 143, in <module>
    main()
  File "/tmp/ansible_7QxMpR/ansible_module_isam.py", line 110, in main
    ret_obj = eval(func_call)
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/ibmsecurity/isam/base/network/interfaces_ipv4.py", line 25, in add
    ret_obj['ipv4']['overrideSubnetChecking'] = overrideSubnetChecking
KeyError: 'ipv4'

failed: [192.168.114.188] (item=({u'label': u'1.2'}, {u'allowManagement': False, u'address': u'192.168.114.233', u'enabled': True, u'maskOrPrefix': u'24'})) => {
    "changed": false, 
    "item": [
        {
            "label": "1.2"
        }, 
        {
            "address": "192.168.114.233", 
            "allowManagement": false, 
            "enabled": true, 
            "maskOrPrefix": "24"
        }
    ], 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_7QxMpR/ansible_module_isam.py\", line 143, in <module>\n    main()\n  File \"/tmp/ansible_7QxMpR/ansible_module_isam.py\", line 110, in main\n    ret_obj = eval(func_call)\n  File \"<string>\", line 1, in <module>\n  File \"/usr/lib/python2.7/site-packages/ibmsecurity/isam/base/network/interfaces_ipv4.py\", line 25, in add\n    ret_obj['ipv4']['overrideSubnetChecking'] = overrideSubnetChecking\nKeyError: 'ipv4'\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 1
}

Not sure if related, I was using docker image from "https://hub.docker.com/r/mludocker/isam-ansible/" to run ansible. As that image hasn't been updated for ages, I have to manually add the "add_interfaces" files to my local system.

Then tried the other "add_network_ipv4" with yml file as below:

---
- name: Run some comands
  hosts: all
  connection: local
  vars:
    username: "admin"
    password: "admin"
    lmi_port: "443"
    log_level: "CRITICAL"
    force: True

  roles:
     - role: add_network_ipv4
       add_network_ipv4_label: "1.2"
       add_network_ipv4_address: "192.168.114.233"
       add_network_ipv4_maskOrPrefix: "24"
       add_network_ipv4_allowManagement: false
       add_network_ipv4_enabled: true

The error is also similar as below. Please help. Thanks

TASK [add_network_ipv4 : Add IPv4 Address to Interface 1.2] *******************************************************************************************************************************************************
task path: /etc/ansible/roles/isam-ansible-roles/add_network_ipv4/tasks/main.yml:14
Using module file /etc/ansible/roles/isam-ansible-roles/start_config/library/isam.py
<192.168.114.188> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.168.114.188> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_LmcwXt/ansible_module_isam.py", line 143, in <module>
    main()
  File "/tmp/ansible_LmcwXt/ansible_module_isam.py", line 110, in main
    ret_obj = eval(func_call)
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/ibmsecurity/isam/base/network/interfaces_ipv4.py", line 25, in add
    ret_obj['ipv4']['overrideSubnetChecking'] = overrideSubnetChecking
KeyError: 'ipv4'

fatal: [192.168.114.188]: FAILED! => {
    "changed": false, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_LmcwXt/ansible_module_isam.py\", line 143, in <module>\n    main()\n  File \"/tmp/ansible_LmcwXt/ansible_module_isam.py\", line 110, in main\n    ret_obj = eval(func_call)\n  File \"<string>\", line 1, in <module>\n  File \"/usr/lib/python2.7/site-packages/ibmsecurity/isam/base/network/interfaces_ipv4.py\", line 25, in add\n    ret_obj['ipv4']['overrideSubnetChecking'] = overrideSubnetChecking\nKeyError: 'ipv4'\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 1
}
alwayslearning321 commented 6 years ago

Strangely, found that if change from

force: True

to

force: False

then it works..... Issue closed.

0bscur3 commented 6 years ago

@alwayslearning321 : When you are using this image you should update the ibmsecurity library, too. It is possible that the code utilized by these roles changed. Execute the following inside the container: pip install --upgrade git+https://github.com/ibm-security/ibmsecurity#egg=ibmsecurity