search

IBM-Security / isam-ansible-roles

Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Apache License 2.0
24 stars 43 forks source link

Commit handler fails on Dockerized ISAM #89

Open kalemontes opened 6 years ago

kalemontes commented 6 years ago

Hi, am working with ISAM for Docker and all my tasks fail due to the Commit Changes handler.

image

RUNNING HANDLER [start_config : Commit Changes] ************************************************************************
fatal: [CQYV0097]: FAILED! => {"changed": false, "log": "[2018-08-25 15:05:10,777] [PID:1124 TID:140023558964992] [INFO] [ibmsecurity.appliance.ibmappliance] [_log_desc():30] *** Retrieving version ***\n[2018-08-25 15:05:10,789] [PID:1124 TID:140023558964992] [CRITICAL] [ibmsecurity.appliance.ibmappliance] [_process_connection_error():83] Failed to connect to server.\n[2018-08-25 15:05:10,789] [PID:1124 TID:140023558964992] [INFO] [ibmsecurity.appliance.ibmappliance] [_log_desc():30] *** Retrieving firmware ***\n[2018-08-25 15:05:10,798] [PID:1124 TID:140023558964992] [CRITICAL] [ibmsecurity.appliance.ibmappliance] [_process_connection_error():83] Failed to connect to server.\n[2018-08-25 15:05:10,802] [PID:1124 TID:140023558964992] [INFO] [ibmsecurity.appliance.ibmappliance] [_log_desc():30] *** Get Setup Complete Settings ***\n[2018-08-25 15:05:10,802] [PID:1124 TID:140023558964992] [CRITICAL] [ibmsecurity.appliance.ibmappliance] [_process_connection_error():83] Failed to connect to server.\n[2018-08-25 15:05:10,809] [PID:1124 TID:140023558964992] [INFO] [ibmsecurity.appliance.ibmappliance] [_log_desc():30] *** Get pending changes ***\n[2018-08-25 15:05:10,810] [PID:1124 TID:140023558964992] [CRITICAL] [ibmsecurity.appliance.ibmappliance] [_process_connection_error():83] Failed to connect to server.\n", "msg": "('HTTP Return code: 502', 'Failed to connect to server')", "name": "ibmsecurity.isam.appliance.commit"}
        to retry, use: --limit @/app/site.retry

My configuration is been correctly push to the appliance, and i dont have any pending commit messages so i suppose there is some kind of auto-commit when working with the Dockerized ISAM and it's REST API ?

Is there a proper way to commit or is there a specific isam-ansible-roles for Dockerized ISAM ?

Thanks for your support.

ram-ibm commented 6 years ago

'HTTP Return code: 502', 'Failed to connect to server'

Can you re-create this using LMI? The ansible framework uses the same REST API interface. So if you added definitions/clients and are trying to commit - I would expect to see the same issues happen with LMI.

Eskotus commented 6 years ago

Has anyone been able to get this working with dockerized ISAM? There are differences like endpoint /core/docker/publish that I couldn't find from roles and reverse proxy instances are separate docker containers

ram-ibm commented 6 years ago

Hoping someone who has used it in Docker environment can respond - I hope to get to this in the next few months.

kalemontes commented 5 years ago

'HTTP Return code: 502', 'Failed to connect to server'

Can you re-create this using LMI? The ansible framework uses the same REST API interface. So if you added definitions/clients and are trying to commit - I would expect to see the same issues happen with LMI.

I'll try to make some more tests on this and post my results here.

Eskotus commented 5 years ago

Are you using a different port than 443 for LMI? If you are it might be caused by this issue: https://github.com/IBM-Security/isam-ansible-roles/issues/101