Closed liamwh closed 3 years ago
@liamwh, are you experiencing this timeout issue with OME AD accounts or with a OME local account as well?
We've experienced this issue using AD authentication, however we've identified the issue only occurs when running our Ansible Docker image (RedHat ubi8) on OSX, the issue does not occur when using the same docker image running on Windows... so it's most likely not a direct issue with OpenManage/the Ansible collection itself.
However, it is strange that all other ansible collections & modules are working completely fine from this image on OSX and it's only the OpenManage collection that has an issue... 🤔
Not sure how you want to proceed with this one, but if we can confirm that the Ansible code will run successfully from our pipeline agents then we can move on and workaround the issue.
@liamwh, that is indeed interesting. Any chance you could open a support request with us so that the support team can investigate and collect diagnostics logs to help troubleshoot the issue?
However, it is strange that all other ansible collections & modules are working completely fine from this image on OSX and it's only the OpenManage collection that has an issue... 🤔
Are other ansible collections and modules that you are using from this image on OSX use REST APIs (i.e. run locally on the Ansible control node) or use SSH to login and execute tasks remotely on target nodes?
Everything via API, no SSH. Also communicating to vCenter, iDRAC, iLO, OneView etc all totally fine.
I'm a bit busy for a support request at the moment but if you send me instructions on how to collect the logs I'll be happy to share them with you.
@liamwh, thanks for sharing that information. So from what you just described, this issue manifests only when authenticating to OME using an AD account using Ansible modules running in a RHEL UBI container on OSX. I checked internally and they haven't seen this issue with OME Ansible modules.
I am not sure about what logs you need to collect on OME, but one test you could do is to check whether you are able to create a session for the AD user using ansible.builtin.uri
module and OME REST API. You will want to run this playbook on the docker container on your OSX box. If this also times out, then it could be an issue with the network latency though I am not sure.
ome_user.yml
---
- hosts: ome
connection: local
gather_facts: no
vars:
ansible_python_interpreter: "/usr/bin/env python"
tasks:
- name: create user session
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}/api/SessionService/Sessions"
user: "{{ ome_ad_user }}"
password: "{{ ome_ad_password }}"
method: "POST"
force_basic_auth: yes
validate_certs: no
headers:
Accept: "application/json"
Content-Type: "application/json"
body:
UserName: "{{ ome_ad_user }}"
Password: "{{ ome_ad_password }}"
SessionType: "API"
body_format: json
status_code: [200, 201]
delegate_to: localhost
register: result
$ ansible-playbook -vvv ome_user.yml -i hosts
ok: [192.168.10.10] => {
"access_control_allow_origin": "*",
"changed": false,
"connection": "close",
"content_length": "298",
"content_security_policy": "default-src 'self' 'unsafe-eval'; connect-src *; style-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data:",
"content_type": "application/json; odata.metadata=minimal",
"cookies": {},
"cookies_string": "",
"date": "Thu, 09 Sep 2021 11:07:51 GMT",
"elapsed": 1,
"invocation": {
"module_args": {
"attributes": null,
"body": {
"Password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"SessionType": "API",
"UserName": "<ome_ad_user>"
},
"body_format": "json",
"client_cert": null,
"client_key": null,
"creates": null,
"dest": null,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": true,
"group": null,
"headers": {
"Accept": "application/json",
"Content-Type": "application/json"
},
"http_agent": "ansible-httpget",
"method": "POST",
"mode": null,
"owner": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"remote_src": false,
"removes": null,
"return_content": false,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
200,
201
],
"timeout": 30,
"unix_socket": null,
"unsafe_writes": false,
"url": "https://192.168.10.10/api/SessionService/Sessions",
"url_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"url_username": "<ome_ad_user>",
"use_proxy": true,
"user": "admin",
"validate_certs": false
}
},
"json": {
"Description": "admin",
"DirectoryGroup": [],
"Id": "27b34b05-663f-471c-a355-828dbc4d0c1b",
"IpAddress": "192.168.20.20",
"LastAccessedTimeStamp": "2021-09-09 11:07:51.646",
"Name": "API",
"Password": null,
"Roles": [
"ADMINISTRATOR"
],
"StartTimeStamp": "2021-09-09 11:07:51.646",
"UserId": 10052,
"UserName": "<ome_ad_user>"
},
"location": "https://192.168.10.10/api/SessionService/Sessions('27b34b05-663f-471c-a355-828dbc4d0c1b')",
"msg": "OK (298 bytes)",
"odata_version": "4.0",
"redirected": false,
"server": "Apache",
"set_cookie": "rememberMe=deleteMe; Path=/api; Max-Age=0; Expires=Wed, 08-Sep-2021 11:07:51 GMT; SameSite=lax, JSESSIONID=deleteMe; Path=/api; Max-Age=0; Expires=Wed, 08-Sep-2021 11:07:51 GMT; SameSite=lax, rememberMe=deleteMe; Path=/api; Max-Age=0; Expires=Wed, 08-Sep-2021 11:07:52 GMT; SameSite=lax",
"status": 201,
"strict_transport_security": "max-age=31536000; includeSubDomains",
"url": "https://100.69.127.50/api/SessionService/Sessions",
"x_auth_token": "957ddafb-05c6-4dc0-bf62-921446c933f4",
"x_content_type_options": "nosniff",
"x_frame_options": "DENY",
"x_xss_protection": "1; mode=block"
}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
192.168.10.10 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
@anupamaloke, thanks so much for your support. I was able to validate it was actually an invalid username/password configuration and bad luck that myself and another engineer made the same mistake. I apologise very much for wasting your time, and would advise including a bad auth response from OME if the username and password is incorrect!
Summary
HTTP request fails for all ansible modules to OME on version 3.7.0 build 82 from Ansible version 2.10.11 using versions 4.0.0 and 3.5.0 of dellemc.openmanage.
All ansible modules were working when OME was using version 3.5.0. Stopped working after upgrade to 3.7.0.
Component Name
dellemc.openmanage.ome_template_info: Using version 4.0.0
Ansible Version
iDRAC or OpenManage Enterprise version
OpenManage Enterprise version Version 3.7.0 (Build 82)
Steps to Reproduce
Expected Results
Returned variable information for variable "openmanage_template_info".
Actual Results
Community Note