f5-ansible
f5-ansible copied to clipboard
F5Networks
bigip_ssl_key_cert error when replacing existing cert
COMPONENT NAME
module: bigip_ssl_key_cert
Environment
ANSIBLE VERSION
ansible 2.10.11
config file = /opt/test/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/venvs/ansible-3.1.0/lib/python3.6/site-packages/ansible
executable location = /opt/venvs/ansible-3.1.0/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
BIGIP VERSION
Sys::Version
Main Package
Product BIG-IP
Version 16.0.1
Build 0.0.3
Edition Final
Date Tue Oct 20 13:27:21 PDT 2020
CONFIGURATION
default
OS / ENVIRONMENT
Ansible server: CentOS Linux release 8.3.2011
SUMMARY
module bigip_ssl_key_cert has error trying to replace existing certificate.
stack trace reports "KeyError: 'sourcePath'"
STEPS TO REPRODUCE
Requires 2 certificate key pairs to use to reproduce the error. Playbook provided is to highlight the issue. I discovered this as part of a larger playbook that automates the cetificate renewal from LetsEncrypt and upload to the bigip to replace expiring certs.
---
- name: certificate upload test
hosts: bigip
connection: local
gather_facts: false
collections:
- f5networks.f5_modules
vars_files:
- bigip_vars.yml
tasks:
- name: setup provider
set_fact:
provider:
server: "{{ bigip }}"
user: "{{ bigip_user }}"
password: "{{ bigip_pass }}"
validate_certs: "{{ bigip_certs }}"
server_port: "{{ bigip_port }}"
- name: Wait for BIG-IP to be available
bigip_wait:
timeout: 300
provider: "{{ provider }}"
delegate_to: localhost
register: status
until: status is success
retries: 10
delay: 6
- name: Collect BIG-IP information
bigip_device_info:
gather_subset: devices
provider: "{{ provider }}"
register: devices
delegate_to: localhost
- name: Upload key and cert #1 as le-ssl.key and le-ssl.crt
bigip_ssl_key_cert:
key_name: "le-ssl.key"
key_content: "{{ lookup('file', 'ssl_1.key') }}"
cert_name: "le-ssl.crt"
cert_content: "{{ lookup('file', 'ssl_1.crt') }}"
state: present
provider: "{{ provider }}"
delegate_to: localhost
- name: Upload key and cert #2 as le-ssl.key and le-ssl.crt to replace key and cert #1
bigip_ssl_key_cert:
key_name: "le-ssl.key"
key_content: "{{ lookup('file', 'ssl_2.key') }}"
cert_name: "le-ssl.crt"
cert_content: "{{ lookup('file', 'ssl_2.crt') }}"
state: present
provider: "{{ provider }}"
delegate_to: localhost
EXPECTED RESULTS
expected results are that the certificate and key pair #2 are uploaded successfully to the bigip.
ACTUAL RESULTS
Actual results are the module bigip_ssl_key_cert throws an exception reporting "KeyError: 'soucePath'"
ansible-playbook test.yml -i hosts.yml
PLAY [certificate upload test] ***********************************************************************************************************************************************************************************************************************
TASK [setup provider] ****************************************************************************************************************************************************************************************************************
ok: [bigip]
TASK [Wait for BIG-IP to be available] ***********************************************************************************************************************************************************************************************
ok: [bigip]
TASK [Collect BIG-IP information] ****************************************************************************************************************************************************************************************************
ok: [bigip]
TASK [Upload key and cert #1 as le-ssl.key and le-ssl.crt] ****************************************************************************************************************************************************************************************************
changed: [bigip]
TASK [Upload key and cert #2 as le-ssl.key and le-ssl.crt to replace key and cert #1] ****************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'sourcePath'
fatal: [bigip]: FAILED! => changed=false
module_stderr: |-
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1624416910.3263419-178908-218471607356078/AnsiballZ_bigip_ssl_key_cert.py", line 102, in <module>
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1624416910.3263419-178908-218471607356078/AnsiballZ_bigip_ssl_key_cert.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1624416910.3263419-178908-218471607356078/AnsiballZ_bigip_ssl_key_cert.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_ssl_key_cert', init_globals=None, run_name='__main__', alter_sys=True)
File "/usr/lib64/python3.6/runpy.py", line 205, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code
mod_name, mod_spec, pkg_name, script_name)
File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/tmp/ansible_bigip_ssl_key_cert_payload_zb172a23/ansible_bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 799, in <module>
File "/tmp/ansible_bigip_ssl_key_cert_payload_zb172a23/ansible_bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 792, in main
File "/tmp/ansible_bigip_ssl_key_cert_payload_zb172a23/ansible_bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 395, in exec_module
File "/tmp/ansible_bigip_ssl_key_cert_payload_zb172a23/ansible_bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 409, in present
File "/tmp/ansible_bigip_ssl_key_cert_payload_zb172a23/ansible_bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 425, in update
File "/tmp/ansible_bigip_ssl_key_cert_payload_zb172a23/ansible_bigip_ssl_key_cert_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py", line 725, in read_current_from_device
KeyError: 'sourcePath'
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
PLAY RECAP ***************************************************************************************************************************************************************************************************************************
bigip : ok=3 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I've resolved this locally byusing Postman to validate what is being returned from the API calls to the BIGIP and found that there is no key in the JSON matching sourcePath. Closest I could find was fullPath and that appears to be what I needed to use.
Modifying the method read_current_from_device in the file f5_modules/plugins/modules/bigip_ssl_key_cert.py on lines 725 and 747 to replace sourcePath with fullPath resolved my issue locally.
Hi @fairytaletrash , when I used postman to see the response I saw both sourcePath and fullPath in the response object, also when I ran the playbook it worked without any error. Could you please run the playbook without changing sourcePath to fullPath in the module code and see if it's running fine now?
@fairytaletrash - We are unable to reproduce this issue. Please provide more info to reproduce the same.
