f5-common-python
f5-common-python copied to clipboard
Published
20 hours ago •
F5Networks
F5Networks
ClusterManager create fails if the password contains a $ character
Hello,
I discovered that using the ClusterManager module to create a device cluster will fail if the password contains a $ character, as the iApp that gets deployed to perform the operation does not escape the character and the shell treats it as a variable. I haven't tested but this may also affect passwords using other special characters.
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/multi_device/cluster/__init__.py", line 167, in create
partition=kwargs['device_group_partition']
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/multi_device/trust_domain.py", line 145, in create
self._add_trustee(device)
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/multi_device/trust_domain.py", line 166, in _add_trustee
self._modify_trust(self.devices[0], self._get_add_trustee_cmd, device)
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/multi_device/trust_domain.py", line 205, in _modify_trust
self._deploy_iapp(iapp_name, iapp_actions, truster)
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/multi_device/trust_domain.py", line 244, in _deploy_iapp
template='/%s/%s' % (self.partition, iapp_name)
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/bigip/resource.py", line 1008, in create
return self._create(**kwargs)
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/bigip/tm/sys/application.py", line 114, in _create
return super(Service, self)._create(**kwargs)
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/f5/bigip/resource.py", line 970, in _create
response = session.post(_create_uri, json=kwargs, **requests_params)
File "/home/xxxxxxxxxxx/f5scripts/venv/lib64/python3.4/site-packages/icontrol/session.py", line 284, in wrapper
raise iControlUnexpectedHTTPError(error_message, response=response)
icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://10.x.x.x:443/mgmt/tm/sys/application/service/
Text: '{"code":400,"message":"script did not successfully complete: (can\'t read \\"PPPPP\\": no such variable\\n while executing\\n\\"tmsh::modify cm trust-domain Root ca-devices add \\\\{ 10.x.x.x \\\\} name bigip1 username admin password aaaaaa$PPPPP\\" line:1)","errorStack":[],"apiError":3}'
Here is an example of the code I'm using.
from f5.bigip import ManagementRoot
from f5.multi_device.cluster import DeviceGroup, ClusterManager
mgmt1 = ManagementRoot(mgmtIp1, username, password, debug=True)
mgmt2 = ManagementRoot(mgmtIp2, username, password, debug=True)
bigip_list = [mgmt1, mgmt2]
cluster_mgr = ClusterManager()
cluster_mgr.create(
devices=bigip_list,
device_group_name = "MyDscName",
device_group_type = 'sync-failover',
device_group_partition = 'Common'
)
device_group = DeviceGroup( devices = bigip_list, device_group_name="MyDscName",
device_group_type='sync-failover', device_group_partition='Common')
print(device_group.ensure_all_devices_in_sync())
I worked around this problem by modifying _get_add_trustee_cmd in f5/multi_device/trust_domain.py. I imported "re", then added re.escape() to escape the password value. In this case it modifies the password from the example of aaaaaa$PPPPP to aaaaaa$PPPPP.
