search

vmware / ansible-for-nsxt

Ansible delivers simple IT automation that ends repetitive tasks and frees up DevOps teams for more strategic work. This project is to enable this automation for NSX-T installation.
Other
171 stars 145 forks source link

Rest API - Put/Patch/Post Logic Causes Failures #422

Open steve-sander-chtr opened 2 years ago

steve-sander-chtr commented 2 years ago

Describe the bug

Lines in code 219 - 234 it looks like the module is attempting to determine the current version prior to issuing the requested put/post/patch operation by sending a GET to the target URL (with payload). Since not every URL supports GET ( or errors on the payload), the requested action of put/post/patch is not completed. Maybe use try logic here - so if the GET fails, then the requested action is still performed ?

Reproduction steps

RUN THIS PLAYBOOK:
- hosts: 127.0.0.1
  connection: local
  become: yes
  vars_files:
    - deploy_nsx_cluster_vars.yml
  tasks:  
    - name: Create Cluster IP
      ansible.builtin.uri:
        #hostname: "{{ nsx_node1.mgmt_ip }}"
        url_username: "{{ nsx_username }}"
        url_password: "{{ nsx_password }}"
        validate_certs: false
        method: post
        force_basic_auth: yes
        url: "https://{{ nsx_node1.mgmt_ip }}/api/v1/cluster/api-virtual-ip?action=set_virtual_ip&ip_address={{nsx_cluster_ip}}"

    - name: Cluster IP Rest 
      vmware.ansible_for_nsxt.nsxt_rest:
        hostname: "{{ nsx_node1.mgmt_ip }}"
        username: "{{ nsx_username }}"
        password: "{{ nsx_password }}"
        validate_certs: false
        method: post
        path: /api/v1/cluster/api-virtual-ip?action=set_virtual_ip&ip_address={{nsx_cluster_ip}}

Expected behavior

Both API calls should succeed:

PLAY [127.0.0.1] ***

TASK [Gathering Facts] ***** ok: [127.0.0.1]

TASK [Create Cluster IP] *** ok: [127.0.0.1]

TASK [Cluster IP Rest] ***** fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "error_code: 405, error_message: Method is not allowed."}

PLAY RECAP ***** 127.0.0.1 : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

The 405 error is on the preceding GET ( method not allowed ). And the post is never issued.

Additional context

Other URL which failed with REST API: POST - /policy/api/v1/aaa/role-bindings PUT - /api/v1/node/services/snmp ( GET with payload not supported ) POST - /api/v1/node/services/syslog/exporters

smesguich-orange commented 2 years ago

Hello

I confirm the bug. I've found a workaround (but very dirty). Works on my side but I'm not using a lot of function of this ansible collection.

I've change https://github.com/vmware/ansible-for-nsxt/blob/9245e164c776300f4d370e65c6638dc8f924a931/plugins/modules/nsxt_rest.py#L214-L224

into

    def execute(self):
        if self.method == "get" or self.method == "post":
            resp = self.operate_nsxt(method=self.method)
            self.module.exit_json(changed=False, body=resp)

        if self.method == "put" or self.method == "patch":
            before_resp = self.operate_nsxt(method="get", ignore_errors=True)
            if before_resp:
                before_revision = before_resp["_revision"]
            else:
                before_revision = ""
smesguich-orange commented 2 years ago

@steve-sander-chtr Are you running NSX-T under 3.2 ? We are affected by this bug in 3.1.2. The _revision setting is available in 3.2 on affected request.

steve-sander-chtr commented 2 years ago

I’ll did download a newer version recently – I just pushed in with the native Ansible API module.

I’ll be able to confirm next week when my lab is available again.

Steve

From: Samuel MESGUICH @.> Reply-To: vmware/ansible-for-nsxt @.> Date: Wednesday, November 23, 2022 at 9:15 AM To: vmware/ansible-for-nsxt @.> Cc: "Sander, Steve A" @.>, Mention @.***> Subject: [EXTERNAL] Re: [vmware/ansible-for-nsxt] Rest API - Put/Patch/Post Logic Causes Failures (Issue #422)

CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.

@steve-sander-chtrhttps://github.com/steve-sander-chtr Are you running NSX-T under 3.2 ? We are affected by this bug in 3.1.2. The _revision setting is available in 3.2 on affected request.

— Reply to this email directly, view it on GitHubhttps://github.com/vmware/ansible-for-nsxt/issues/422#issuecomment-1325326060, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AYJJRTS5BL4YECD77ENQTUTWJY7KTANCNFSM5RCCXX3A. You are receiving this because you were mentioned.Message ID: @.***>

smesguich-orange commented 2 years ago

On my side, I confirm that this bug is not present in NSX-T 3.2.

So on my side, VMware should not announced that the ansible collection tagged NSX-T 3.2 IS NOT fully compatible back in 3.1

smesguich-orange commented 1 year ago

Correction : Issue PERSIST in NSX-T 3.2.

Workaround mentioned in https://github.com/vmware/ansible-for-nsxt/issues/422#issuecomment-1324718713 still work

smesguich-orange commented 1 year ago

@steve-sander-chtr : can you confirm that this code correct you issues ? https://github.com/vmware/ansible-for-nsxt/pull/461