kasadasi commented 3 years ago

Issue Report Describe the issue

While trying to enable cloud_gaurd getting following error.

fatal: [OMCSMAU-IAM]: FAILED! => {"changed": false, "msg": "Updating resource failed with exception: Cloud Guard does not support the selected reporting region : None"}

I have noticed that the cloud_guard facts returned null value when gathered from the tenancy.

TASK [oci_collection_enable_cloud_guard : debug] ** Monday 15 March 2021 11:28:35 +0000 (0:00:04.570) 0:00:18.594 ** ok: [OMCSMAU-IAM] => { "msg": { "changed": false, "configuration": { "reporting_region": null, "self_manage_resources": null, "status": "DISABLED" }, "failed": false } }

Expected behavior

The playbook will enable the cloud guard service if it is disabled .

Environment

OS version: Oracle Linux Server release 7.9

Ansible version:

ansible 2.9.9 config file = /root/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /root/.local/lib/python2.7/site-packages/ansible executable location = /root/bin/ansible python version = 2.7.5 (default, Nov 13 2020, 02:52:00) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44.0.3)]

OCI Python SDK version:

2.23.5

OCI Ansible Modules version:

oci==2.23.5 oci-cli==2.10.4

Ansible playbook to reproduce the issue

tasks file for oci_collection_enable_cloud_guard

name: 'OCI Cloud Guard - Gather Facts - [ OCI ].' collections:
- 'oracle.oci' delegate_to: 'localhost' when: > inventory_hostname is defined and inventory_hostname != '' and inventoryhostname is match("^([A-Z]|[0-9]|)*-IAM$") oci_cloud_guard_configuration_facts: compartment_id: '{{ oci_config_tenancy }}' config_file_location: '{{ oci_local_homedir }}/.oci/config' config_profile_name: '{{ ocitenancy }}{{ oci_datacenter }}' register: 'oci_cloud_guard_facts'
name: 'OCI Cloud Guard - Enable Service - [ OCI ].' collections:
- 'oracle.oci' delegate_to: 'localhost' when: > inventory_hostname is defined and inventory_hostname != '' and inventoryhostname is match("^([A-Z]|[0-9]|)*-IAM$") and oci_cloud_guard_facts is defined and oci_cloud_guard_facts != '' and oci_cloud_guard_facts.configuration is defined and oci_cloud_guard_facts.configuration != '' and oci_cloud_guard_facts.configuration.reporting_region is defined and oci_cloud_guard_facts.configuration.reporting_region != '' and oci_cloud_guard_facts.configuration.status is defined and oci_cloud_guard_facts.configuration.status != '' and oci_cloud_guard_facts.configuration.status|upper == 'DISABLED' oci_cloud_guard_configuration: compartment_id: '{{ oci_config_tenancy }}' config_file_location: '{{ oci_local_homedir }}/.oci/config' config_profile_name: '{{ ocitenancy }}{{ oci_datacenter }}' reporting_region: '{{ oci_cloud_guard_facts.configuration.reporting_region|trim }}' status: 'ENABLED' register: 'oci_cloud_guard_enable'
name: 'OCI Cloud Guard - Refresh Facts - [ OCI ].' collections:
- 'oracle.oci' delegate_to: 'localhost' when: > inventory_hostname is defined and inventory_hostname != '' and inventoryhostname is match("^([A-Z]|[0-9]|)*-IAM$") and oci_cloud_guard_enable is defined and oci_cloud_guard_enable != '' and oci_cloud_guard_enable.configuration is defined and oci_cloud_guard_enable.configuration != '' and oci_cloud_guard_enable.configuration.status is defined and oci_cloud_guard_enable.configuration.status != '' and oci_cloud_guard_enable.configuration.status|upper == 'ENABLED' oci_cloud_guard_configuration_facts: compartment_id: '{{ oci_config_tenancy }}' config_file_location: '{{ oci_local_homedir }}/.oci/config' config_profile_name: '{{ ocitenancy }}{{ oci_datacenter }}' register: 'oci_cloud_guard_facts'

rohnigam commented 3 years ago

@kasadasi We'd recommend upgrading to the latest oci ansible collection and oci sdk versions.

To get more insights into the issue, can you provide us the logs by running the playbook with -vvv to get more detailed logging.

kasadasi commented 3 years ago

@rohnigam

Thanks for your quick response.

I did tested the same with latest collection module and sdk, still facing the same issue.

Please find the logs which I ran -vvv.

[root@localhost vm_mgmt]# ansible-playbook cloudgurad.yml --limit OMCSMAU-IAM -vvv /usr/lib/python2.7/site-packages/ansible/parsing/vault/init.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release. from cryptography.exceptions import InvalidSignature ansible-playbook 2.10.6 config file = /srv/vm_mgmt/ansible.cfg configured module search path = [u'/root/.ansible/roles/oracle.oci_ansible_modules/library', u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /bin/ansible-playbook python version = 2.7.5 (default, Nov 13 2020, 02:52:00) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44.0.3)] Using /srv/vm_mgmt/ansible.cfg as config file host_list declined parsing /srv/vm_mgmt/inventory/aucalva01 as it did not pass its verify_file() method script declined parsing /srv/vm_mgmt/inventory/aucalva01 as it did not pass its verify_file() method auto declined parsing /srv/vm_mgmt/inventory/aucalva01 as it did not pass its verify_file() method Parsed /srv/vm_mgmt/inventory/aucalva01 inventory source with ini plugin host_list declined parsing /srv/vm_mgmt/inventory/auchban01 as it did not pass its verify_file() method script declined parsing /srv/vm_mgmt/inventory/auchban01 as it did not pass its verify_file() method auto declined parsing /srv/vm_mgmt/inventory/auchban01 as it did not pass its verify_file() method Parsed /srv/vm_mgmt/inventory/auchban01 inventory source with ini plugin host_list declined parsing /srv/vm_mgmt/inventory/aucpayc01 as it did not pass its verify_file() method script declined parsing /srv/vm_mgmt/inventory/aucpayc01 as it did not pass its verify_file() method auto declined parsing /srv/vm_mgmt/inventory/aucpayc01 as it did not pass its verify_file() method Parsed /srv/vm_mgmt/inventory/aucpayc01 inventory source with ini plugin host_list declined parsing /srv/vm_mgmt/inventory/aucuhca01 as it did not pass its verify_file() method script declined parsing /srv/vm_mgmt/inventory/aucuhca01 as it did not pass its verify_file() method auto declined parsing /srv/vm_mgmt/inventory/aucuhca01 as it did not pass its verify_file() method Parsed /srv/vm_mgmt/inventory/aucuhca01 inventory source with ini plugin host_list declined parsing /srv/vm_mgmt/inventory/bkp_aucuhca01 as it did not pass its verify_file() method script declined parsing /srv/vm_mgmt/inventory/bkp_aucuhca01 as it did not pass its verify_file() method auto declined parsing /srv/vm_mgmt/inventory/bkp_aucuhca01 as it did not pass its verify_file() method Parsed /srv/vm_mgmt/inventory/bkp_aucuhca01 inventory source with ini plugin host_list declined parsing /srv/vm_mgmt/inventory/bkp_aucuhca01_nonrfc1918 as it did not pass its verify_file() method script declined parsing /srv/vm_mgmt/inventory/bkp_aucuhca01_nonrfc1918 as it did not pass its verify_file() method auto declined parsing /srv/vm_mgmt/inventory/bkp_aucuhca01_nonrfc1918 as it did not pass its verify_file() method Parsed /srv/vm_mgmt/inventory/bkp_aucuhca01_nonrfc1918 inventory source with ini plugin host_list declined parsing /srv/vm_mgmt/inventory/omcsmau as it did not pass its verify_file() method script declined parsing /srv/vm_mgmt/inventory/omcsmau as it did not pass its verify_file() method auto declined parsing /srv/vm_mgmt/inventory/omcsmau as it did not pass its verify_file() method Parsed /srv/vm_mgmt/inventory/omcsmau inventory source with ini plugin redirecting (type: callback) ansible.builtin.profile_tasks to ansible.posix.profile_tasks Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: cloudgurad.yml ** 1 plays in cloudgurad.yml [WARNING]: Could not match supplied host pattern, ignoring: occs

PLAY [!occs:*-IAM] **** META: ran handlers

TASK [oci_collection_authenticate : What is my number] **** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:3 Monday 15 March 2021 13:10:44 +0000 (0:00:00.034) 0:00:00.034 **

ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813844.8-1462-113137203971889 `" && echo ansible-tmp-1615813844.8-1462-113137203971889="` echo /root/.ansible/tmp/ansible-tmp-1615813844.8-1462-113137203971889 `" ) && sleep 0' Using module file /usr/lib/python2.7/site-packages/ansible/modules/command.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpamqRm1 TO /root/.ansible/tmp/ansible-tmp-1615813844.8-1462-113137203971889/AnsiballZ_command.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813844.8-1462-113137203971889/ /root/.ansible/tmp/ansible-tmp-1615813844.8-1462-113137203971889/AnsiballZ_command.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813844.8-1462-113137203971889/AnsiballZ_command.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813844.8-1462-113137203971889/ > /dev/null 2>&1 && sleep 0' ok: [OMCSMAU-IAM] => { "changed": false, "cmd": "cat /proc/$$/loginuid\n", "delta": "0:00:00.002650", "end": "2021-03-15 13:10:45.031222", "invocation": { "module_args": { "_raw_params": "cat /proc/$$/loginuid\n", "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true, "warn": true } }, "rc": 0, "start": "2021-03-15 13:10:45.028572", "stderr": "", "stderr_lines": [], "stdout": "1000", "stdout_lines": [ "1000" ] } TASK [oci_collection_authenticate : What is my name] ****************************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:11 Monday 15 March 2021 13:10:45 +0000 (0:00:00.303) 0:00:00.337 ********** ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813845.1-1484-74437740896546 `" && echo ansible-tmp-1615813845.1-1484-74437740896546="` echo /root/.ansible/tmp/ansible-tmp-1615813845.1-1484-74437740896546 `" ) && sleep 0' Using module file /usr/lib/python2.7/site-packages/ansible/modules/getent.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpvzH7No TO /root/.ansible/tmp/ansible-tmp-1615813845.1-1484-74437740896546/AnsiballZ_getent.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813845.1-1484-74437740896546/ /root/.ansible/tmp/ansible-tmp-1615813845.1-1484-74437740896546/AnsiballZ_getent.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813845.1-1484-74437740896546/AnsiballZ_getent.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813845.1-1484-74437740896546/ > /dev/null 2>&1 && sleep 0' ok: [OMCSMAU-IAM] => { "ansible_facts": { "getent_passwd": { "vagrant": [ "x", "1000", "1000", "", "/home/vagrant", "/bin/bash" ] } }, "changed": false, "invocation": { "module_args": { "database": "passwd", "fail_key": true, "key": "1000", "service": null, "split": null } } } TASK [oci_collection_authenticate : What is user provided name] ******************************************************************************* task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:18 Monday 15 March 2021 13:10:45 +0000 (0:00:00.295) 0:00:00.633 ********** skipping: [OMCSMAU-IAM] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [oci_collection_authenticate : Remember our name] **************************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:27 Monday 15 March 2021 13:10:45 +0000 (0:00:00.040) 0:00:00.674 ********** ok: [OMCSMAU-IAM] => { "ansible_facts": { "oci_local_username": "vagrant" }, "changed": false } TASK [oci_collection_authenticate : Remember our home directory] ****************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:33 Monday 15 March 2021 13:10:45 +0000 (0:00:00.038) 0:00:00.713 ********** ok: [OMCSMAU-IAM] => { "ansible_facts": { "oci_local_homedir": "/home/vagrant" }, "changed": false } TASK [oci_collection_authenticate : Does the user have /home/vagrant/.oci/config?] ************************************************************ task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:41 Monday 15 March 2021 13:10:45 +0000 (0:00:00.063) 0:00:00.776 ********** ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813845.52-1512-112870033337567 `" && echo ansible-tmp-1615813845.52-1512-112870033337567="` echo /root/.ansible/tmp/ansible-tmp-1615813845.52-1512-112870033337567 `" ) && sleep 0' Using module file /usr/lib/python2.7/site-packages/ansible/modules/stat.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpaAJ1eE TO /root/.ansible/tmp/ansible-tmp-1615813845.52-1512-112870033337567/AnsiballZ_stat.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813845.52-1512-112870033337567/ /root/.ansible/tmp/ansible-tmp-1615813845.52-1512-112870033337567/AnsiballZ_stat.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813845.52-1512-112870033337567/AnsiballZ_stat.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813845.52-1512-112870033337567/ > /dev/null 2>&1 && sleep 0' ok: [OMCSMAU-IAM] => { "changed": false, "failed_when_result": false, "invocation": { "module_args": { "checksum_algorithm": "sha1", "follow": false, "get_attributes": true, "get_checksum": true, "get_md5": false, "get_mime": true, "path": "/home/vagrant/.oci/config" } }, "stat": { "atime": 1615807635.6014078, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 16, "charset": "us-ascii", "checksum": "c147b27dbdd944834cf6edc3b9cf0c319cc41ba8", "ctime": 1615807629.8012915, "dev": 64512, "device_type": 0, "executable": true, "exists": true, "gid": 1000, "gr_name": "vagrant", "inode": 1559582, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0755", "mtime": 1615807629.8002913, "nlink": 1, "path": "/home/vagrant/.oci/config", "pw_name": "vagrant", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 5467, "uid": 1000, "version": "1738836456", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true } } TASK [oci_collection_authenticate : Read tenancy configuration] ******************************************************************************* task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:48 Monday 15 March 2021 13:10:45 +0000 (0:00:00.293) 0:00:01.070 ********** ok: [OMCSMAU-IAM] => { "ansible_facts": { "oci_config_fingerprint": "29:8e:fc:6b:4d:e8:12:ea:16:14:75:9c:5d:d4:0d:40", "oci_config_key_file": "/home/shyasing/.oci/oci_api_key.pem", "oci_config_region": "us-ashburn-1", "oci_config_tenancy": "ocid1.tenancy.oc1..aaaaaaaapcqvvd7czyrhin4aso5iznhf5jnpkdsbn5zjbxj5gpty2piragoq", "oci_config_user": "ocid1.user.oc1..aaaaaaaa6kv6xnz4jxsaephgx2gcujokvygsbwicj7a6agjkeuwqtp5zsy6a" }, "changed": false } TASK [oci_collection_authenticate : Fetch Region Facts] *************************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:56 Monday 15 March 2021 13:10:45 +0000 (0:00:00.048) 0:00:01.119 ********** ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813845.86-1537-60369041913449 `" && echo ansible-tmp-1615813845.86-1537-60369041913449="` echo /root/.ansible/tmp/ansible-tmp-1615813845.86-1537-60369041913449 `" ) && sleep 0' Using module file /root/.ansible/collections/ansible_collections/oracle/oci/plugins/modules/oci_identity_region_facts.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpnIAATV TO /root/.ansible/tmp/ansible-tmp-1615813845.86-1537-60369041913449/AnsiballZ_oci_identity_region_facts.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813845.86-1537-60369041913449/ /root/.ansible/tmp/ansible-tmp-1615813845.86-1537-60369041913449/AnsiballZ_oci_identity_region_facts.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813845.86-1537-60369041913449/AnsiballZ_oci_identity_region_facts.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813845.86-1537-60369041913449/ > /dev/null 2>&1 && sleep 0' ok: [OMCSMAU-IAM] => { "changed": false, "invocation": { "module_args": { "api_user": null, "api_user_fingerprint": null, "api_user_key_file": null, "api_user_key_pass_phrase": null, "auth_type": "api_key", "config_file_location": "/home/vagrant/.oci/config", "config_profile_name": "omcsmau_iad", "name": null, "region": null, "tenancy": null } }, "regions": [ { "key": "AMS", "name": "eu-amsterdam-1" }, { "key": "BOM", "name": "ap-mumbai-1" }, { "key": "CWL", "name": "uk-cardiff-1" }, { "key": "DXB", "name": "me-dubai-1" }, { "key": "FRA", "name": "eu-frankfurt-1" }, { "key": "GRU", "name": "sa-saopaulo-1" }, { "key": "HYD", "name": "ap-hyderabad-1" }, { "key": "IAD", "name": "us-ashburn-1" }, { "key": "ICN", "name": "ap-seoul-1" }, { "key": "JED", "name": "me-jeddah-1" }, { "key": "KIX", "name": "ap-osaka-1" }, { "key": "LHR", "name": "uk-london-1" }, { "key": "MEL", "name": "ap-melbourne-1" }, { "key": "NRT", "name": "ap-tokyo-1" }, { "key": "PHX", "name": "us-phoenix-1" }, { "key": "SCL", "name": "sa-santiago-1" }, { "key": "SJC", "name": "us-sanjose-1" }, { "key": "SYD", "name": "ap-sydney-1" }, { "key": "VCP", "name": "sa-vinhedo-1" }, { "key": "YNY", "name": "ap-chuncheon-1" }, { "key": "YUL", "name": "ca-montreal-1" }, { "key": "YYZ", "name": "ca-toronto-1" }, { "key": "ZRH", "name": "eu-zurich-1" } ] } TASK [oci_collection_authenticate : Fetch Tenancy Facts] ************************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:64 Monday 15 March 2021 13:10:49 +0000 (0:00:03.911) 0:00:05.030 ********** ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813849.78-1568-60729874299029 `" && echo ansible-tmp-1615813849.78-1568-60729874299029="` echo /root/.ansible/tmp/ansible-tmp-1615813849.78-1568-60729874299029 `" ) && sleep 0' Using module file /root/.ansible/collections/ansible_collections/oracle/oci/plugins/modules/oci_identity_tenancy_facts.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpBZdJ1j TO /root/.ansible/tmp/ansible-tmp-1615813849.78-1568-60729874299029/AnsiballZ_oci_identity_tenancy_facts.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813849.78-1568-60729874299029/ /root/.ansible/tmp/ansible-tmp-1615813849.78-1568-60729874299029/AnsiballZ_oci_identity_tenancy_facts.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813849.78-1568-60729874299029/AnsiballZ_oci_identity_tenancy_facts.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813849.78-1568-60729874299029/ > /dev/null 2>&1 && sleep 0' ok: [OMCSMAU-IAM] => { "changed": false, "invocation": { "module_args": { "api_user": null, "api_user_fingerprint": null, "api_user_key_file": null, "api_user_key_pass_phrase": null, "auth_type": "api_key", "config_file_location": "/home/vagrant/.oci/config", "config_profile_name": "omcsmau_iad", "name": null, "region": null, "tenancy": null, "tenancy_id": "ocid1.tenancy.oc1..aaaaaaaapcqvvd7czyrhin4aso5iznhf5jnpkdsbn5zjbxj5gpty2piragoq" } }, "tenancy": { "defined_tags": { "OMCS": { "COMPLIANCE": "False", "CSI": "13920780", "CUSTID": "OMCS", "CUSTOMER_NAME": "Oracle Managed Cloud Service", "MANAGED": "OMCS", "SERVICE": "Apps Unlimited", "STATUS": "Active", "TENANCY_TYPE": "Tech Refresh" } }, "description": "aucomcs01", "freeform_tags": {}, "home_region_key": "IAD", "id": "ocid1.tenancy.oc1..aaaaaaaapcqvvd7czyrhin4aso5iznhf5jnpkdsbn5zjbxj5gpty2piragoq", "name": "omcsmau", "upi_idcs_compatibility_layer_endpoint": null } } TASK [oci_collection_authenticate : Fetch Service Facts] ************************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:73 Monday 15 March 2021 13:10:53 +0000 (0:00:03.747) 0:00:08.778 ********** ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813853.53-1598-43750472302814 `" && echo ansible-tmp-1615813853.53-1598-43750472302814="` echo /root/.ansible/tmp/ansible-tmp-1615813853.53-1598-43750472302814 `" ) && sleep 0' Using module file /root/.ansible/collections/ansible_collections/oracle/oci/plugins/modules/oci_network_service_facts.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpd2Gvlb TO /root/.ansible/tmp/ansible-tmp-1615813853.53-1598-43750472302814/AnsiballZ_oci_network_service_facts.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813853.53-1598-43750472302814/ /root/.ansible/tmp/ansible-tmp-1615813853.53-1598-43750472302814/AnsiballZ_oci_network_service_facts.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813853.53-1598-43750472302814/AnsiballZ_oci_network_service_facts.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813853.53-1598-43750472302814/ > /dev/null 2>&1 && sleep 0' ok: [OMCSMAU-IAM] => { "changed": false, "invocation": { "module_args": { "api_user": null, "api_user_fingerprint": null, "api_user_key_file": null, "api_user_key_pass_phrase": null, "auth_type": "api_key", "config_file_location": "/home/vagrant/.oci/config", "config_profile_name": "omcsmau_iad", "name": null, "region": null, "service_id": null, "tenancy": null } }, "services": [ { "cidr_block": "oci-iad-objectstorage", "description": "OCI IAD Object Storage", "id": "ocid1.service.oc1.iad.aaaaaaaa74z6sqsezqf6znyomdp5jkvfwb4j2ol33abgosvnhxcqphyl3eaq", "name": "OCI IAD Object Storage" }, { "cidr_block": "all-iad-services-in-oracle-services-network", "description": "All IAD Services In Oracle Services Network", "id": "ocid1.service.oc1.iad.aaaaaaaam4zfmy2rjue6fmglumm3czgisxzrnvrwqeodtztg7hwa272mlfna", "name": "All IAD Services In Oracle Services Network" } ] } TASK [oci_collection_authenticate : Remember our facts] *************************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:81 Monday 15 March 2021 13:10:57 +0000 (0:00:03.985) 0:00:12.763 ********** redirecting filter ansible.builtin.json_query to community.general.json_query redirecting filter ansible.builtin.json_query to community.general.json_query redirecting filter ansible.builtin.json_query to community.general.json_query redirecting filter ansible.builtin.json_query to community.general.json_query redirecting filter ansible.builtin.json_query to community.general.json_query ok: [OMCSMAU-IAM] => { "ansible_facts": { "config_file_location": "/home/vagrant/.oci/config", "config_profile_name": "omcsmau_iad", "oci_region_facts": { "changed": false, "failed": false, "regions": [ { "key": "AMS", "name": "eu-amsterdam-1" }, { "key": "BOM", "name": "ap-mumbai-1" }, { "key": "CWL", "name": "uk-cardiff-1" }, { "key": "DXB", "name": "me-dubai-1" }, { "key": "FRA", "name": "eu-frankfurt-1" }, { "key": "GRU", "name": "sa-saopaulo-1" }, { "key": "HYD", "name": "ap-hyderabad-1" }, { "key": "IAD", "name": "us-ashburn-1" }, { "key": "ICN", "name": "ap-seoul-1" }, { "key": "JED", "name": "me-jeddah-1" }, { "key": "KIX", "name": "ap-osaka-1" }, { "key": "LHR", "name": "uk-london-1" }, { "key": "MEL", "name": "ap-melbourne-1" }, { "key": "NRT", "name": "ap-tokyo-1" }, { "key": "PHX", "name": "us-phoenix-1" }, { "key": "SCL", "name": "sa-santiago-1" }, { "key": "SJC", "name": "us-sanjose-1" }, { "key": "SYD", "name": "ap-sydney-1" }, { "key": "VCP", "name": "sa-vinhedo-1" }, { "key": "YNY", "name": "ap-chuncheon-1" }, { "key": "YUL", "name": "ca-montreal-1" }, { "key": "YYZ", "name": "ca-toronto-1" }, { "key": "ZRH", "name": "eu-zurich-1" } ] }, "oci_service_facts": { "changed": false, "failed": false, "services": [ { "cidr_block": "oci-iad-objectstorage", "description": "OCI IAD Object Storage", "id": "ocid1.service.oc1.iad.aaaaaaaa74z6sqsezqf6znyomdp5jkvfwb4j2ol33abgosvnhxcqphyl3eaq", "name": "OCI IAD Object Storage" }, { "cidr_block": "all-iad-services-in-oracle-services-network", "description": "All IAD Services In Oracle Services Network", "id": "ocid1.service.oc1.iad.aaaaaaaam4zfmy2rjue6fmglumm3czgisxzrnvrwqeodtztg7hwa272mlfna", "name": "All IAD Services In Oracle Services Network" } ] }, "oci_service_ocid": "ocid1.service.oc1.iad.aaaaaaaa74z6sqsezqf6znyomdp5jkvfwb4j2ol33abgosvnhxcqphyl3eaq", "oci_tenancy_facts": { "changed": false, "failed": false, "tenancy": { "defined_tags": { "OMCS": { "COMPLIANCE": "False", "CSI": "13920780", "CUSTID": "OMCS", "CUSTOMER_NAME": "Oracle Managed Cloud Service", "MANAGED": "OMCS", "SERVICE": "Apps Unlimited", "STATUS": "Active", "TENANCY_TYPE": "Tech Refresh" } }, "description": "aucomcs01", "freeform_tags": {}, "home_region_key": "IAD", "id": "ocid1.tenancy.oc1..aaaaaaaapcqvvd7czyrhin4aso5iznhf5jnpkdsbn5zjbxj5gpty2piragoq", "name": "omcsmau", "upi_idcs_compatibility_layer_endpoint": null } } }, "changed": false } TASK [oci_collection_enable_cloud_guard : OCI Cloud Guard - Gather Facts - [ OCI ].] ********************************************************** task path: /srv/vm_mgmt/roles/oci_collection_enable_cloud_guard/tasks/main.yml:3 Monday 15 March 2021 13:10:57 +0000 (0:00:00.163) 0:00:12.926 ********** ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813857.68-1631-29796937432100 `" && echo ansible-tmp-1615813857.68-1631-29796937432100="` echo /root/.ansible/tmp/ansible-tmp-1615813857.68-1631-29796937432100 `" ) && sleep 0' Using module file /root/.ansible/collections/ansible_collections/oracle/oci/plugins/modules/oci_cloud_guard_configuration_facts.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpnPOiwp TO /root/.ansible/tmp/ansible-tmp-1615813857.68-1631-29796937432100/AnsiballZ_oci_cloud_guard_configuration_facts.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813857.68-1631-29796937432100/ /root/.ansible/tmp/ansible-tmp-1615813857.68-1631-29796937432100/AnsiballZ_oci_cloud_guard_configuration_facts.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813857.68-1631-29796937432100/AnsiballZ_oci_cloud_guard_configuration_facts.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813857.68-1631-29796937432100/ > /dev/null 2>&1 && sleep 0' ok: [OMCSMAU-IAM] => { "changed": false, "configuration": { "reporting_region": null, "self_manage_resources": null, "status": "DISABLED" }, "invocation": { "module_args": { "api_user": null, "api_user_fingerprint": null, "api_user_key_file": null, "api_user_key_pass_phrase": null, "auth_type": "api_key", "compartment_id": "ocid1.tenancy.oc1..aaaaaaaapcqvvd7czyrhin4aso5iznhf5jnpkdsbn5zjbxj5gpty2piragoq", "config_file_location": "/home/vagrant/.oci/config", "config_profile_name": "omcsmau_iad", "region": null, "tenancy": null } } } TASK [oci_collection_enable_cloud_guard : debug] ********************************************************************************************** task path: /srv/vm_mgmt/roles/oci_collection_enable_cloud_guard/tasks/main.yml:16 Monday 15 March 2021 13:11:01 +0000 (0:00:03.983) 0:00:16.910 ********** ok: [OMCSMAU-IAM] => { "msg": { "changed": false, "configuration": { "reporting_region": null, "self_manage_resources": null, "status": "DISABLED" }, "failed": false } } TASK [oci_collection_enable_cloud_guard : OCI Cloud Guard - Enable Service - [ OCI ].] ******************************************************** task path: /srv/vm_mgmt/roles/oci_collection_enable_cloud_guard/tasks/main.yml:18 Monday 15 March 2021 13:11:01 +0000 (0:00:00.029) 0:00:16.939 ********** ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~root && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1615813861.69-1663-136725079700018 `" && echo ansible-tmp-1615813861.69-1663-136725079700018="` echo /root/.ansible/tmp/ansible-tmp-1615813861.69-1663-136725079700018 `" ) && sleep 0' Using module file /root/.ansible/collections/ansible_collections/oracle/oci/plugins/modules/oci_cloud_guard_configuration.py PUT /root/.ansible/tmp/ansible-local-1451Mr3cNE/tmpXai47G TO /root/.ansible/tmp/ansible-tmp-1615813861.69-1663-136725079700018/AnsiballZ_oci_cloud_guard_configuration.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1615813861.69-1663-136725079700018/ /root/.ansible/tmp/ansible-tmp-1615813861.69-1663-136725079700018/AnsiballZ_oci_cloud_guard_configuration.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1615813861.69-1663-136725079700018/AnsiballZ_oci_cloud_guard_configuration.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1615813861.69-1663-136725079700018/ > /dev/null 2>&1 && sleep 0' The full traceback is: WARNING: The below traceback may *not* be related to the actual failure. File "/tmp/ansible_oci_cloud_guard_configuration_payload_gxOktY/ansible_oci_cloud_guard_configuration_payload.zip/ansible_collections/oracle/oci/plugins/module_utils/oci_resource_utils.py", line 822, in update updated_resource = self.update_resource() File "/tmp/ansible_oci_cloud_guard_configuration_payload_gxOktY/ansible_oci_cloud_guard_configuration_payload.zip/ansible_collections/oracle/oci/plugins/module_utils/oci_audit_custom_helpers.py", line 35, in update_resource return super(ConfigurationHelperCustom, self).update_resource() File "/tmp/ansible_oci_cloud_guard_configuration_payload_gxOktY/ansible_oci_cloud_guard_configuration_payload.zip/ansible_collections/oracle/oci/plugins/modules/oci_cloud_guard_configuration.py", line 153, in update_resource File "/tmp/ansible_oci_cloud_guard_configuration_payload_gxOktY/ansible_oci_cloud_guard_configuration_payload.zip/ansible_collections/oracle/oci/plugins/module_utils/oci_wait_utils.py", line 993, in call_and_wait call_fn, *call_fn_args, **call_fn_kwargs File "/tmp/ansible_oci_cloud_guard_configuration_payload_gxOktY/ansible_oci_cloud_guard_configuration_payload.zip/ansible_collections/oracle/oci/plugins/module_utils/oci_common_utils.py", line 155, in call_with_backoff return fn(*args, **kwargs) File "/usr/lib/python2.7/site-packages/oci/cloud_guard/cloud_guard_client.py", line 7727, in update_configuration response_type="Configuration") File "/usr/lib/python2.7/site-packages/oci/retry/retry.py", line 272, in make_retrying_call return func_ref(*func_args, **func_kwargs) File "/usr/lib/python2.7/site-packages/oci/base_client.py", line 276, in call_api response = self.request(request) File "/usr/lib/python2.7/site-packages/oci/base_client.py", line 388, in request self.raise_service_error(request, response) File "/usr/lib/python2.7/site-packages/oci/base_client.py", line 558, in raise_service_error original_request=request) fatal: [OMCSMAU-IAM]: FAILED! => { "changed": false, "invocation": { "module_args": { "api_user": null, "api_user_fingerprint": null, "api_user_key_file": null, "api_user_key_pass_phrase": null, "auth_type": "api_key", "compartment_id": "ocid1.tenancy.oc1..aaaaaaaapcqvvd7czyrhin4aso5iznhf5jnpkdsbn5zjbxj5gpty2piragoq", "config_file_location": "/home/vagrant/.oci/config", "config_profile_name": "omcsmau_iad", "region": null, "reporting_region": "None", "self_manage_resources": null, "state": "present", "status": "ENABLED", "tenancy": null } }, "msg": "Updating resource failed with exception: Cloud Guard does not support the selected reporting region : None" } PLAY RECAP ************************************************************************************************************************************ OMCSMAU-IAM : ok=12 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0 Monday 15 March 2021 13:11:06 +0000 (0:00:04.549) 0:00:21.489 ********** =============================================================================== oci_collection_enable_cloud_guard : OCI Cloud Guard - Enable Service - [ OCI ]. -------------------------------------------------------- 4.55s /srv/vm_mgmt/roles/oci_collection_enable_cloud_guard/tasks/main.yml:18 ----------------------------------------------------------------------- oci_collection_authenticate : Fetch Service Facts -------------------------------------------------------------------------------------- 3.99s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:73 ----------------------------------------------------------------------------- oci_collection_enable_cloud_guard : OCI Cloud Guard - Gather Facts - [ OCI ]. ---------------------------------------------------------- 3.98s /srv/vm_mgmt/roles/oci_collection_enable_cloud_guard/tasks/main.yml:3 ------------------------------------------------------------------------ oci_collection_authenticate : Fetch Region Facts --------------------------------------------------------------------------------------- 3.91s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:56 ----------------------------------------------------------------------------- oci_collection_authenticate : Fetch Tenancy Facts -------------------------------------------------------------------------------------- 3.75s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:64 ----------------------------------------------------------------------------- oci_collection_authenticate : What is my number ---------------------------------------------------------------------------------------- 0.30s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:3 ------------------------------------------------------------------------------ oci_collection_authenticate : What is my name ------------------------------------------------------------------------------------------ 0.30s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:11 ----------------------------------------------------------------------------- oci_collection_authenticate : Does the user have /home/vagrant/.oci/config? ------------------------------------------------------------ 0.29s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:41 ----------------------------------------------------------------------------- oci_collection_authenticate : Remember our facts --------------------------------------------------------------------------------------- 0.16s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:81 ----------------------------------------------------------------------------- oci_collection_authenticate : Remember our home directory ------------------------------------------------------------------------------ 0.06s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:33 ----------------------------------------------------------------------------- oci_collection_authenticate : Read tenancy configuration ------------------------------------------------------------------------------- 0.05s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:48 ----------------------------------------------------------------------------- oci_collection_authenticate : What is user provided name ------------------------------------------------------------------------------- 0.04s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:18 ----------------------------------------------------------------------------- oci_collection_authenticate : Remember our name ---------------------------------------------------------------------------------------- 0.04s /srv/vm_mgmt/roles/oci_collection_authenticate/tasks/main.yml:27 ----------------------------------------------------------------------------- oci_collection_enable_cloud_guard : debug ---------------------------------------------------------------------------------------------- 0.03s /srv/vm_mgmt/roles/oci_collection_enable_cloud_guard/tasks/main.yml:16 ----------------------------------------------------------------------- [root@localhost vm_mgmt]# ansible-galaxy collection list /usr/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release. from cryptography.exceptions import InvalidSignature # /root/.ansible/collections/ansible_collections Collection Version ---------- ------- oracle.oci 2.16.0

rohnigam commented 3 years ago

Thanks @kasadasi for sharing the logs.

I suspect that the Null value is coming from the api itself, and ansible may not be responsible for this,

Can you check getting the configuration via cli once, and share the result with us ?

kasadasi commented 3 years ago

@rohnigam

Please find result from cli

[root@localhost vm_mgmt]# oci cloud-guard configuration get --compartment-id ocid1.tenancy.oc1..aaaaaaaa7meajoxwl2eovwukpx2tq2zibxf7mdsjimf4qgbq6uba6g4qfafa --profile aucpaap01_iad --config-file /home/vagrant/.oci/config /usr/lib/python2.7/site-packages/oci/_vendor/httpsig_cffi/sign.py:10: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release. from cryptography.hazmat.backends import default_backend # noqa: F401 /usr/lib/python2.7/site-packages/arrow/arrow.py:28: DeprecationWarning: Arrow will drop support for Python 2.7 and 3.5 in the upcoming v1.0.0 release. Please upgrade to Python 3.6+ to continue receiving updates for Arrow. DeprecationWarning, { "data": { "reporting-region": null, "self-manage-resources": null, "status": "DISABLED" }, "etag": "ace392ae3836c863b580f24eaeb349879cdc454c4c87b8fa9cb6e919a95e0f9b" } [root@localhost vm_mgmt]#

rohnigam commented 3 years ago

Thanks @kasadasi for sharing the output.

As I had suspected before, the Null is originating from the service itself, that's why ansible is responding with None.

You may have to check with the service team, why is it returning Null.

rohnigam commented 3 years ago

Closing this ticket since the issue is not specific to OCI Ansible

oracle / oci-ansible-collection

Cloud Guard does not support the selected reporting region : None #55

tasks file for oci_collection_enable_cloud_guard