search

dell / dellemc-openmanage-ansible-modules

Dell OpenManage Ansible Modules
GNU General Public License v3.0
329 stars 162 forks source link

iDRAC: change BIOS settings error #279

Closed artemoz2021 closed 3 years ago

artemoz2021 commented 3 years ago

Hello.

What i have:

iDRAC8, FW: 2.70.70.70, BIOS: 2.3.4, PowerEdge R530 iDRAC9, FW: 4.40.00.00, BIOS: 2.10.2, PowerEdge R740xd Python: 3.8.2 ansible: 2.10.4, 2.9.18 (also tryed) dellemc-openmanage-ansible-modules: collections branch (current), master branch (also tryed) A user with the following privileges: image

What i'm trying to do:

  1. Change some bios settings (UEFI, PXE, etc.)
  2. Power on/off the servers

The problem

The power on/off feature is worked correctly, but if i'm trying to change BIOS settings like set Uefi instead of Bios or activate PXE on some of the NICs - the role execution fails with the following errors:

master branch:

TASK [server_power_control : Enable UEFI instead of BIOS] ******************************************************************************************
task path: /Users/someuser/somepath/tasks/dell.yml:5
Using module file /Users/someuser/Library/Python/3.8/lib/python/site-packages/ansible/modules/remote_management/dellemc/dellemc_configure_bios.py
Pipelining is enabled.
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: someuser
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
fatal: [localhost]: FAILED! => changed=false 
  invocation:
    module_args:
      attributes:
        BootMode: Bios
        BootSeqRetry: Enabled
        OneTimeBootMode: Enabled
      boot_mode: null
      boot_sequence: null
      boot_sources: null
      idrac_ip: someip
      idrac_password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      idrac_port: 443
      idrac_user: someuser
      nvme_mode: null
      onetime_boot_mode: null
      secure_boot_mode: null
      share_mnt: null
      share_name: null
      share_password: null
      share_user: null
  msg: 'Error: returned status code doesn''t match with the expected success code'
    to retry, use: --limit @/Users/someuser/.ansble-retry/server_power_control.retry

collections branch

TASK [server_power_control : Enable UEFI instead of BIOS] ******************************************************************************************
task path: /Users/someuser/somepath/dell.yml:5
Using module file /Users/someuser/.ansible/collections/ansible_collections/dellemc/openmanage/plugins/modules/idrac_bios.py
Pipelining is enabled.
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: someuser
<localhost> EXEC /bin/sh -c '/usr/bin/env python3 && sleep 0'
fatal: [localhost]: FAILED! => changed=false 
  module_stderr: |-
    10.112.1.235 : 'NoneType' object has no attribute 'BIOS'
    10.112.1.235 : 'NoneType' object has no attribute 'BIOS'
    Traceback (most recent call last):
      File "<stdin>", line 102, in <module>
      File "<stdin>", line 94, in _ansiballz_main
      File "<stdin>", line 40, in invoke_module
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/runpy.py", line 206, in run_module
        return _run_module_code(code, init_globals, run_name, mod_spec)
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/runpy.py", line 96, in _run_module_code
        _run_code(code, mod_globals, init_globals,
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/runpy.py", line 86, in _run_code
        exec(code, run_globals)
      File "/var/folders/qc/nl8xrkcs6jx512jytxm_gl6c0000gp/T/ansible_dellemc.openmanage.idrac_bios_payload_ankxda7b/ansible_dellemc.openmanage.idrac_bios_payload.zip/ansible_collections/dellemc/openmanage/plugins/modules/idrac_bios.py", line 418, in <module>
      File "/var/folders/qc/nl8xrkcs6jx512jytxm_gl6c0000gp/T/ansible_dellemc.openmanage.idrac_bios_payload_ankxda7b/ansible_dellemc.openmanage.idrac_bios_payload.zip/ansible_collections/dellemc/openmanage/plugins/modules/idrac_bios.py", line 399, in main
      File "/var/folders/qc/nl8xrkcs6jx512jytxm_gl6c0000gp/T/ansible_dellemc.openmanage.idrac_bios_payload_ankxda7b/ansible_dellemc.openmanage.idrac_bios_payload.zip/ansible_collections/dellemc/openmanage/plugins/modules/idrac_bios.py", line 301, in run_server_bios_config
      File "/Users/someuser/Library/Python/3.8/lib/python/site-packages/omdrivers/lifecycle/iDRAC/iDRACConfig.py", line 2675, in apply_changes
        return self._commit_scp(None, reboot=reboot)
      File "/Users/someuser/Library/Python/3.8/lib/python/site-packages/omdrivers/lifecycle/iDRAC/iDRACConfig.py", line 2683, in _commit_scp
        content = self._sysconfig.ModifiedXML
    AttributeError: 'NoneType' object has no attribute 'ModifiedXML'
  module_stdout: |-
    WARN: Changing isFolder to false, as it is not directory
    response.status_code:403, success_code:[202]
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
  rc: 1
    to retry, use: --limit @/Users/someuser/.ansble-retry/server_power_control.retry

Looks like there is 403 status code that means the access is denied for the user. But if i log in to the iDRAC via browser with the same credentials (operator) and try to change this BIOS settings manually - it works successfully (changes successfully). So, why i can't change the settings via ansible, but can via the browser (with the same credentials)?

What i've tryed:

different versions of ansible different versions of python different branches of dellemc-openmanage-ansible-modules

My example playbook

---
- name: Enable UEFI instead of BIOS
  dellemc.openmanage.idrac_bios:
    idrac_ip: "{{ ip }}"
    idrac_user: "{{ user }}"
    idrac_password: "{{ pass }}"
    attributes:
      BootMode: "Bios"
      OneTimeBootMode: "Enabled"
      BootSeqRetry: "Enabled"

- name: Enable PXE
  dellemc_configure_bios:
    idrac_ip: "{{ ip }}"
    idrac_user: "{{ user }}"
    idrac_password: "{{ pass }}"
    attributes:
      PxeDev1EnDis: "Enabled"

- name: Change server powerstate
  dellemc.openmanage.redfish_powerstate:
    baseuri: "{{ target_ibmc_url }}"
    username: "{{ ibmc_user }}"
    password: "{{ ibmc_pass }}"
    reset_type: "{{ desired_powerstate_dell }}"

Please help me.

jagadeeshnv commented 3 years ago

@artemoz2021 The module requires administrator privilege level. Operator privilege level in not sufficient

artemoz2021 commented 3 years ago

Thank you for the reply. In my case there's a many engineers who need to use this role, but don't have admin privileges. Also we can't use the one ADMIN user because of the company policies. I've implemented the solution via redfish modules that is included into standard ansible module library.