dellemc-openmanage-ansible-modules icon indicating copy to clipboard operation
dellemc-openmanage-ansible-modules copied to clipboard

Published 20 hours ago verified publisher icon dell

[BUG]: ome_application_certificate doesn't support uploading certificate chain

Open MallocArray opened this issue 4 months ago • 1 comments

Bug Description

When migrating from OME 3.10 to OME 4.x appliances, a requirement is that the full certificate chain is uploaded to the appliance instead of just the standard cert. In the oem_appliacation_certificate module, even if the upload_file contains the full certificate chain, it is not imported as the full chain, and causes the migration to be blocked.

Another parameter should be added to import either the Certificate or Certificate Chain, with a default of Certificate image

I lost about 3 hours of work generating and importing certs, only to find out that if I used the GUI to import the same certificate I was providing to the Ansible module and selected Certificate Chain, it worked as expected

Component or Module Name

ome_application_certificate

Ansible Version

2.16

Python Version

3.10

iDRAC/OME/OME-M version

OME 3.10.2 and OME 4.0.1

Operating System

N/A

Playbook Used

    - name: Upload the signed certificate
      dellemc.openmanage.ome_application_certificate:
        hostname: "{{ inventory_hostname }}"
        username: "{{ dell_ome_username }}"
        password: "{{ dell_ome_password }}"
        validate_certs: "{{ dell_validate_certs | default(omit) }}"
        ca_path: "{{ dell_ca_path | default(omit) }}"
        command: "upload"
        upload_file: "/tmp/{{ inventory_hostname }}.cer"
      delegate_to: localhost
      tags:
        - upload

Logs

N/A

Steps to Reproduce

Create a .cer file that contains the full certificate chain and use the ansible module to upload the certificate chain file

Observe no errors and new cert is used in OME, but is not imported as the Certificate Chain, causing a validation error failure in the Migrate Out/In steps

Expected Behavior

If a full chain is provided, it will be uplaoded as the full chain, or a parameter added to specify if the file being provided is a certificate or a certificate chain

Actual Behavior

Observe no errors and new cert is used in OME, but is not imported as the Certificate Chain, causing a validation error failure in the Migrate Out/In steps

Screenshots

image

Additional Information

No response

MallocArray avatar Apr 24 '24 16:04 MallocArray