Open rht-jbittner opened 1 week ago
Basic workaround for this issue is to use dellemc.openmanage.idrac_certificates
and when it fails run direct Red fish API command to download CSR fro iDrac:
- name: Download CSR via Redfish API
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}/redfish/v1/CertificateService/Actions/Oem/DellCertificateService.GetLastGeneratedCSR"
method: POST
status_code:
- 200
return_content: true
headers:
Content-Type: application/json
body: "{{ {'CertificateCollection': {'@odata.id': '/redfish/v1/Managers/iDRAC.Embedded.1/NetworkProtocol/HTTPS/Certificates'}} | to_json }}"
body_format: json
user: "{{ idrac_user }}"
password: "{{ idrac_user_pw }}"
validate_certs: false
delegate_to: localhost
register: idrac_csr_request
until: idrac_csr_request.json.CSRString is defined
retries: 10
delay: 5
Bug Description
CSR generation with key length of 4096 takes longer than for 2048 which is expected, however, module returns failure instead of waiting for finish. Changing timeout did not help. I think (guessing here) that the problem is that iDrac returns unexpected text (info about longer processing time) and module is not ready for that.
Component or Module Name
dellemc.openmanage.idrac_certificates
Ansible Version
Ansible 2.15.2
Python Version
Python 3.11.8
iDRAC/OME/OME-M version
Latest
Operating System
RHEL 9
Playbook Used
Logs
{ "msg": "HTTP Error 503: Service Unavailable", "error_info": { "error": { "@Message.ExtendedInfo": [ { "Message": "The Generate CSR operation is taking longer duration than expected. Wait few minutes for the operation to complete and perform the Download CSR operation. For more information, see the iDRAC Redfish API Guide available on the support site.", "MessageArgs": [ " " ], "MessageArgs@odata.count": 1, "MessageId": "IDRAC.2.8.SYS537", "RelatedProperties": [], "RelatedProperties@odata.count": 0, "Resolution": "No response action is required.", "Severity": "Informational" } ], "code": "Base.1.12.GeneralError", "message": "A general error has occurred. See ExtendedInfo for more information" } },
Steps to Reproduce
Set iDrac to use 4096 RSA keys for CSR.
You can do that via command line
racadm set iDRAC.Security.CsrKeySize 4096
Run Ansible task to request CSR (
dellemc.openmanage.idrac_certificates
).Expected Behavior
Generate CSR
Actual Behavior
Return info about the fact that it is gonna take more time. CSR is actually generated, but it takes longer.
Screenshots
No response
Additional Information
No response