Inconsistent results with vmware_host_config_manager

[nicholasrodriguez]

SUMMARY

When configuring multiple advanced options that are preceeded with UserVars. I get the following error

fatal: []: FAILED! => {"changed": false, "msg": "Failed to update option/s as one or more OptionValue contains an invalid value: A specified parameter was not correct: "}

If I change 1 UserVar at a time per play then the module works, examples below in a Test Actions section below

ISSUE TYPE

• Bug Report

COMPONENT NAME

vmware_host_config_manager

ANSIBLE VERSION

ansible 2.6.2
  config file = /root/code/vmware-ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

CONFIGURATION

[defaults]
host_key_checking = False
#remote_user = root
ansible_managed = This file is managed by Ansible
retry_files_enabled = False
#ask_vault_pass = True

#gathering = smart
#fact_caching = jsonfile
#fact_caching_connection = /tmp/facts_cache
#fact_caching_timeout = 3600

OS / ENVIRONMENT

Source Ansible environment CentOS 7 Target vCenter 6.7 Target ESXi hosts 6.7

STEPS TO REPRODUCE

vars yaml
esxi_advanced_options:
  'DCUI.Access': 'root'
  'Mem.ShareForceSalting': 2
  'Security.AccountLockFailures': 3
  'Security.AccountUnlockTime': 900
  'Security.PasswordQualityControl': 'retry=3 min=disabled,disabled,disabled,14,14'
  'UserVars.DcuiTimeOut': 1200
  'UserVars.ESXiShellInteractiveTimeOut': 1800
  'UserVars.ESXiShellTimeOut': 1800

task 
- name: 'Set ESXi advanced options'
  connection: 'local'
  vmware_host_config_manager:
   hostname: '{{ ansible_host }}'
   username: '{{ ansible_vcenter_username }}'
   password: '{{ ansible_vcenter_password }}'
   cluster_name: '{{ cluster_name }}'
   validate_certs: '{{ validate_certs }}'
   options:
     '{{ esxi_advanced_options }}'

EXPECTED RESULTS

All the options in esxi_advanced_options are set

ACTUAL RESULTS

ansible-playbook 2.6.2
  config file = <PLAYBOOK LOCATION>/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Using <PLAYBOOK LOCATION>/ansible.cfg as config file
Parsed <INVENTORY LOCATION>/hosts inventory source with ini plugin

PLAYBOOK: <PLAYBOOK NAME>.yaml *********************************************************************************************************************************************************************************************************************************
1 plays in <PLAYBOOK LOCATION>.yaml

PLAY [ESXi general settings] ***************************************************************************************************************************************************************************************************************************************************
META: ran handlers

TASK [configure_esxi_adv_settings : Set ESXi advanced options] *****************************************************************************************************************************************************************************************************************
task path: <ROLE LOCATION>/tasks/main.yml:1
<VCENTER FQDN> ESTABLISH LOCAL CONNECTION FOR USER: root
<VCENTER FQDN> EXEC /bin/sh -c 'echo ~root && sleep 0'
<VCENTER FQDN> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1535019021.44-246915896785433 `" && echo ansible-tmp-1535019021.44-246915896785433="` echo /root/.ansible/tmp/ansible-tmp-1535019021.44-246915896785433 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/vmware/vmware_host_config_manager.py
<VCENTER FQDN> PUT /root/.ansible/tmp/ansible-local-48521De9YEU/tmpK4PjFm TO /root/.ansible/tmp/ansible-tmp-1535019021.44-246915896785433/vmware_host_config_manager.py
<VCENTER FQDN> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1535019021.44-246915896785433/ /root/.ansible/tmp/ansible-tmp-1535019021.44-246915896785433/vmware_host_config_manager.py && sleep 0'
<VCENTER FQDN> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1535019021.44-246915896785433/vmware_host_config_manager.py && sleep 0'
<VCENTER FQDN> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1535019021.44-246915896785433/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_g4McEO/ansible_module_vmware_host_config_manager.py", line 115, in set_host_configuration_facts
    option_manager.UpdateOptions(changedValue=change_option_list)
  File "/usr/lib/python2.7/site-packages/pyVmomi/VmomiSupport.py", line 580, in <lambda>
    self.f(*(self.args + (obj,) + args), **kwargs)
  File "/usr/lib/python2.7/site-packages/pyVmomi/VmomiSupport.py", line 386, in _InvokeMethod
    return self._stub.InvokeMethod(self, info, args)
  File "/usr/lib/python2.7/site-packages/pyVmomi/SoapAdapter.py", line 1366, in InvokeMethod
    raise obj # pylint: disable-msg=E0702

fatal: [VCENTER FQDN]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "cluster_name": "<A CLUSTER>",
            "esxi_hostname": null,
            "hostname": "<VCENTER FQDN>",
            "options": {
                "UserVars.DcuiTimeOut": 1200,
                "UserVars.ESXiShellInteractiveTimeOut": 1800,
                "UserVars.ESXiShellTimeOut": 1800
            },
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "username": "<ACCOUNT>",
            "validate_certs": false
        }
    },
    "msg": "Failed to update option/s as one or more OptionValue contains an invalid value: A specified parameter was not correct: "
}

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************
VCENTER FQDN : ok=0    changed=0    unreachable=0    failed=1

TEST ACTIONS

The various combinations will work below

vars yaml
esxi_advanced_options:
  'DCUI.Access': 'root'
  'Mem.ShareForceSalting': 2
  'Security.AccountLockFailures': 3
  'Security.AccountUnlockTime': 900
  'Security.PasswordQualityControl': 'retry=3 min=disabled,disabled,disabled,14,14'
  'UserVars.DcuiTimeOut': 1200
  #'UserVars.ESXiShellInteractiveTimeOut': 1800
  #'UserVars.ESXiShellTimeOut': 1800

vars yaml
esxi_advanced_options:
  'DCUI.Access': 'root'
  'Mem.ShareForceSalting': 2
  'Security.AccountLockFailures': 3
  'Security.AccountUnlockTime': 900
  'Security.PasswordQualityControl': 'retry=3 min=disabled,disabled,disabled,14,14'
  #'UserVars.DcuiTimeOut': 1200
  'UserVars.ESXiShellInteractiveTimeOut': 1800
  #'UserVars.ESXiShellTimeOut': 1800

vars yaml
esxi_advanced_options:
  'DCUI.Access': 'root'
  'Mem.ShareForceSalting': 2
  'Security.AccountLockFailures': 3
  'Security.AccountUnlockTime': 900
  'Security.PasswordQualityControl': 'retry=3 min=disabled,disabled,disabled,14,14'
  #'UserVars.DcuiTimeOut': 1200
  #'UserVars.ESXiShellInteractiveTimeOut': 1800
  'UserVars.ESXiShellTimeOut': 1800

These additional combinations fail

vars yaml
esxi_advanced_options:
  'DCUI.Access': 'root'
  'Mem.ShareForceSalting': 2
  'Security.AccountLockFailures': 3
  'Security.AccountUnlockTime': 900
  'Security.PasswordQualityControl': 'retry=3 min=disabled,disabled,disabled,14,14'
  'UserVars.DcuiTimeOut': 1200
  'UserVars.ESXiShellInteractiveTimeOut': 1800
  #'UserVars.ESXiShellTimeOut': 1800

vars yaml
esxi_advanced_options:
  'DCUI.Access': 'root'
  'Mem.ShareForceSalting': 2
  'Security.AccountLockFailures': 3
  'Security.AccountUnlockTime': 900
  'Security.PasswordQualityControl': 'retry=3 min=disabled,disabled,disabled,14,14'
  #'UserVars.DcuiTimeOut': 1200
  'UserVars.ESXiShellInteractiveTimeOut': 1800
  'UserVars.ESXiShellTimeOut': 1800

vars yaml
esxi_advanced_options:
  'DCUI.Access': 'root'
  'Mem.ShareForceSalting': 2
  'Security.AccountLockFailures': 3
  'Security.AccountUnlockTime': 900
  'Security.PasswordQualityControl': 'retry=3 min=disabled,disabled,disabled,14,14'
  'UserVars.DcuiTimeOut': 1200
  #'UserVars.ESXiShellInteractiveTimeOut': 1800
  'UserVars.ESXiShellTimeOut': 1800

[ansibot]

Files identified in the description:

• lib/ansible/modules/cloud/vmware/vmware_host_config_manager.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibot]

cc @Akasurde @dav1x @warthog9 click here for bot help

[ansibot]

Hi @nicholasrodriguez,

Thank you for the issue, just so you are aware we have a dedicated Working Group for vmware. You can find other people interested in this in #ansible-vmware on Freenode IRC For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

[Akasurde]

@nicholasrodriguez Thanks for reporting this issue. Could you please try this https://github.com/ansible/ansible/pull/41343 and let me know if it works for you ? Thanks.

[nicholasrodriguez]

Using this version

https://github.com/Renlor/ansible/blob/b69ace756b77bc606be41a71c645b105b7abe937/lib/ansible/modules/cloud/vmware/vmware_host_config_manager.py

I'm getting a failure with a really odd result as I'm not even making any changes to Vpx.Vpxa.config.log.level

*
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'Vpx.Vpxa.config.log.level'
fatal: [<VCENTER SERVER>]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_767s6b/ansible_module_vmware_host_config_manager.py\", line 197, in <module>\n    main()\n  File \"/tmp/ansible_767s6b/ansible_module_vmware_host_config_manager.py\", line 193, in main\n    vmware_host_config.set_host_configuration_facts()\n  File \"/tmp/ansible_767s6b/ansible_module_vmware_host_config_manager.py\", line 129, in set_host_configuration_facts\n    host_facts[s_option.key].update(\nKeyError: 'Vpx.Vpxa.config.log.level'\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}

[Akasurde]

@nicholasrodriguez Could you please do following -

1. Use https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/vmware/vmware_host_config_manager.py
2. If you are getting same result, then paste output of https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/cloud/vmware/vmware_host_config_facts.py

Thanks,

[nicholasrodriguez]

Hi @Akasurde I got the same error as before except the error line is now 132. Output from facts is below, I've had to obfuscate some values

For readability add file to - https://github.com/Akasurde/ansible-reproducers/blob/master/44561/user_console.txt

[Akasurde]

Strange, I am able to run whole playbook given in reproducer

changed: [localhost] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "cluster_name": null,
            "esxi_hostname": "xx.xx.xx.xx",
            "hostname": "xx.xx.xx.xx",
            "options": {
                "DCUI.Access": "root",
                "Mem.ShareForceSalting": 2,
                "Security.AccountLockFailures": 3,
                "Security.AccountUnlockTime": 900,
                "Security.PasswordQualityControl": "retry=3 min=disabled,disabled,disabled,14,14",
                "UserVars.DcuiTimeOut": 1200,
                "UserVars.ESXiShellInteractiveTimeOut": 1800,
                "UserVars.ESXiShellTimeOut": 1800,
                "Vpx.Vpxa.config.log.level": "info"
            },
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "username": "administrator@vsphere.local",
            "validate_certs": false
        }
    }
}

This is ESXi 6.5

[nicholasrodriguez]

I'll rebuild a server with 6.5 and will test

[nicholasrodriguez]

I've tried the fix against a 6.5 host and got the same result.

As the play is also using a 6.7 vCenter I replaced the reference to vCenter with the direct connection details of the esxi host so that the play is targetting the host directly as below and it works against a 6.5;

I'm going to rebuild the host back to ESXi 6.7 and will try again but it looks to be vCenter 6.7 possibly causing the issue.

task 
- name: 'Set ESXi advanced options'
  connection: 'local'
  vmware_host_config_manager:
   hostname: '{{ ansible_host }}'
   username: '{{ esxi_root_account }}'
   password: '{{ esxi_password }}'
   cluster_name: '{{ cluster_name }}'
   validate_certs: '{{ validate_certs }}'
   options:
     '{{ esxi_advanced_options }}'

[nicholasrodriguez]

I've rebuilt three ESXi6.7 servers and have run several tests.

• Using the original module version directly against a ESXi host I get the same original issue
• Using the fixed module version directly against a ESXi host it works
• Using the fixed module version via a 6.7 vCenter is fails with the message "....KeyError: 'Vpx.Vpxa.config.log.level....." as above

Just to be clear, so I'm not using the module incorrectly, was the intention for it to be run against either a cluster in vCenter or directly against a ESXi host?

I don't have scope to downgrade my vCenter to 6.5 to test this variation but for now I'll use the fixed module but will target hosts directly rather than via a cluster in vCenter. This only involves a slight change to my playbook.

Thanks again for all the contributions to these modules.

[Akasurde]

@nicholasrodriguez I don't have access to 6.7 so won't be able to test this. So, to summarise, if you use direct ESXi host it will work but if you use cluster it won't work. Right? I will keep this open till I get access to 6.7.

[nicholasrodriguez]

Hi @Akasurde , correct. Let me know if there are any further detailed tests I could run that might help.

[ansibot]

cc @ckotte click here for bot help

[dandunckelman]

I just hit this on ansible v2.7.6.

This error occurs when going thru vcenter 6.7, because the list of settings from vmware_host_config_facts doesn't include Vpx.Vpxa.config.log.level.

[ivgivanov]

I just hit this on ansible v2.7.6.

This error occurs when going thru vcenter 6.7, because the list of settings from vmware_host_config_facts doesn't include Vpx.Vpxa.config.log.level.

Same here, I hope this will get fixed soon

[mariolenz]

I think the problem is here:

option_manager = host.configManager.advancedOption
host_facts = {}
for option in option_manager.QueryOptions():
  host_facts[option.key] = dict(value=option.value)

for s_option in option_manager.supportedOption:
  host_facts[s_option.key].update(
    option_type=s_option.optionType,
  )

option_manager.supportedOption returns Vpx.Vpxa.config.log.level but option_manager.QueryOptions() doesn't. The effect is that the code tries to update host_fachts['Vpx.Vpxa.config.log.level'] which doesn't exist.

We have this problem with newly installed ESXi 6.7U1 hosts but not with those we upgraded from 6.5. I think this is because this setting existed there and was inherited from the 6.7 hosts when upgraded.

btw: Can anyone please add the affects_2.7 label?

[ansibot]

cc @lparkes click here for bot help

[Akasurde]

@ivgivanov @nicholasrodriguez @dandunckelman Could you please check if this PR works for you ? I don't have 6.7 setup so can't test but code wise lgtm.

@mariolenz Thanks for debugging and sending PR.

[ansibot]

cc @Tomorrow9 click here for bot help

[dandunckelman]

@Akasurde @mariolenz

It did not work. Here's what I did:

• Updated requirements.txt with this:

  -e git://github.com/mariolenz/ansible.git@devel#egg=ansible

• Installed the module:

  pip install -r requirements.txt

• Created this playbook:

  • hosts: ESX_HOSTNAME tasks:
    • name: set esxi shell timeout delegate_to: localhost vmware_host_config_manager: hostname: '{{ vcenter_host }}' username: '{{ vcenter_user }}' password: '{{ vcenter_password }}' esxi_hostname: '{{ ansible_nodename }}' options: 'UserVars.ESXiShellTimeOut': 1800 validate_certs: false

• I then ran ansible-playbook and got this error:

  File \"/root/.ansible/tmp/ansible-tmp-1550859701.04-44669256113758/AnsiballZ_vmware_host_config_manager.py\", line 113, in _ansiballz_main() File \"/root/.ansible/tmp/ansible-tmp-1550859701.04-44669256113758/AnsiballZ_vmware_host_config_manager.py\", line 105, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File \"/root/.ansible/tmp/ansible-tmp-1550859701.04-44669256113758/AnsiballZ_vmware_host_config_manager.py\", line 48, in invoke_module imp.load_module('main', mod, module, MOD_DESC) File \"/tmp/ansible_vmware_host_config_manager_payload_iqoNvS/main.py\", line 220, in File \"/tmp/ansible_vmware_host_config_manager_payload_iqoNvS/main.py\", line 216, in main File \"/tmp/ansible_vmware_host_config_manager_payload_iqoNvS/main.py\", line 136, in set_host_configuration_facts KeyError: 'Vpx.Vpxa.config.log.level'

• Here's the output from vmware_host_config_facts: https://gist.github.com/dandunckelman/8f23665bff96f0b411da33962456cd80

[mariolenz]

Are you sure you're testing my code?

  File \"/tmp/ansible_vmware_host_config_manager_payload_iqoNvS/__main__.py\", line 136, in set_host_configuration_facts
  KeyError: 'Vpx.Vpxa.config.log.level'

In my commit, line 136 looks like this:

if option.key in host_facts:

I don't see how this can trigger a KeyError. It looks like you're still using the old code where line 136 looks like this:

host_facts[s_option.key].update(

[dandunckelman]

@mariolenz blarg. I'm guessing when I ran pip install, it didn't really overwrite what I had.

Retrying completely fresh. I'll update ASAP.

[dandunckelman]

@mariolenz it worked as expected!

I retested, and this time I confirmed that I had the right code (checking that line 136). Did what it was supposed to do.