How to fix "Infoblox IPAM is misconfigured?" - ansible

I'm calling infoblox from ansible using the following playbook:
- hosts: localhost
gather_facts: false
tasks:
- name: Include infoblox_vault
include_vars:
file: 'infoblox_vault.yml'
- name: Install infoblox-client for DDI
pip:
name: infoblox-client
environment:
HTTP_PROXY: http://our_internal_proxy.net:8080
HTTPS_PROXY: http://our_internal_proxy.net:8080
delegate_to: localhost
- debug:
msg: can I decrypt username?--> "{{ vault_infoblox_username }}"
- name: Check if DNS Record exists
set_fact:
miqCreateVM_ddiRecord: "{{ lookup('nios', 'record:a', filter={'name': 'infoblox-devtest.net' }, provider={'host': 'ddi-qa.net', 'username': vault_infoblox_username, 'password': vault_infoblox_password }) }}"
- debug:
msg: check var miqCreateVM_ddiRecord "{{ miqCreateVM_ddiRecord }}"
- debug:
msg: test to see amazing vm_name! "{{ vm_name }}"
... code snipped
When the job runs, I get:
Vault password:
PLAY [localhost] ***************************************************************
TASK [Include infoblox_vault] **************************************************
ok: [127.0.0.1]
TASK [Install infoblox-client for DDI] *****************************************
ok: [127.0.0.1 -> localhost]
TASK [debug] *******************************************************************
ok: [127.0.0.1] => {
"msg": "can I decrypt username?--> \"manageiq-ddi\""
}
TASK [Check if DNS Record exists] **********************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'nios'. Error was a <type 'exceptions.Exception'>, original message: Infoblox IPAM is misconfigured: infoblox_username and infoblox_password are incorrect."}
PLAY RECAP *********************************************************************
127.0.0.1 : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Here's the main part: "An unhandled exception occurred while running the lookup plugin 'nios'. Error was a <type 'exceptions.Exception'>, original message: Infoblox IPAM is misconfigured: infoblox_username and infoblox_password are incorrect."
This playbook used to work in the past. I haven't worked on it for a few monhths. Not sure why it's broken.
I confirmed that I can log into infoblox client manually using the credentials. I also tried manually logging the username to ensure it's decrypting the creds from the ansible-vault file. That worked fine. So it's not the credentials, not the vault decryption. It's something else.
I found the following three related topics online, but none of them seem to resolve the problem:
This one (which references adding certs to the request. Anyone know how to do this? I can't find instructions)
This one (which mentions problems from upgrading. I showed the versions mentioned in that post to our networking folks and they said the version numbers didn't correlate at all with what we have in our environment, so it's hard to evaluate whether that's relevant.)
Last one (which calls for using a property 'http_request_timeout' : None that doesn't strike me as being the problem as I can't get it to work at all.)
Any theories? Thanks!

This might not solve it for others, but this solved it for me:
Got a new password for Ansible to use to log into Infoblox.
Create a new ansible vault file containing the new infoblox password. I made a new password for the vault file encryption also.
I created a new credential object in ansible to enable ansible to be able to read the new vault file.
I updated the playbook to use the new vault.
It works now. Something was wrong with the encryption.

Related

Using Netbox Ansible Modules

I've been wanting to try out Ansible modules available for Netbox [1].
However, I find myself stuck right in the beginning.
Here's what I've tried:
Add prefix/VLAN to netbox [2]:
cat setup-vlans.yml
---
- hosts: netbox
tasks:
- name: Create prefix 192.168.10.0/24 in Netbox
netbox_prefix:
netbox_token: "{{ netbox_token }}"
netbox_url: "{{ netbox_url }}"
data:
prefix: 192.168.10.0/24
state: present
That gives me the following error:
ansible-playbook setup-vlans.yml
PLAY [netbox] *********************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************
ok: [NETBOX]
TASK [Create prefix 192.168.10.0/24 in Netbox] ************************************************************************************************
fatal: [NETBOX]: FAILED! => {"changed": false, "msg": "Failed to establish connection to Netbox API"}
PLAY RECAP ************************************************************************************************************************************
NETBOX : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Can someone please point me where I am going wrong?
Note: The NetBox URL is an https://url setup with nginx and netbox-docker [3].
Thanks & Regards,
Sana
[1] https://github.com/netbox-community/ansible_modules
[2] https://docs.ansible.com/ansible/latest/modules/netbox_prefix_module.html
[3]
https://github.com/netbox-community/netbox-docker
I had the same. Apparently the pynetbox api has changed in instantiation (ssl_verify is now replaced by requests session parameters).
I had to force ansible galaxy to update to the latest netbox module with:
ansible-galaxy collection install netbox.netbox -f
The force option did the trick for me.
All playbooks using API modules like netbox (but this is the same for gcp or aws) must use as host not the target but the host that will execute the playbook to call the API. Most of the time this is localhost, but that can be also a dedicated node like a bastion.
You can see in the example on the documentation you linked that it uses hosts: localhost.
Hence I think your playbook should be
---
- hosts: localhost
connection: local
gather_facts: False
tasks:
- name: Create prefix 192.168.10.0/24 in Netbox
netbox_prefix:
netbox_token: "{{ netbox_token }}"
netbox_url: "{{ netbox_url }}"
data:
prefix: 192.168.10.0/24
state: present

Ansible facts: An error (1332) occurred while enumerating the group membership. The member's SID could not be resolved

I'm trying to register a CNAME inside our Microsoft DNS server using this playbook:
- hosts: windns
remote_user: "{{ lookup('env', 'USER') }}#MYDOMAIN.COM"
tasks:
- name: Create alias
win_dns_record:
computer_name: "{{ inventory_hostname }}"
name: "myalias"
type: "CNAME"
value: "myhost.mydomain.com"
zone: "MYDOMAIN.COM"
state: present
I'm stuck on this error when gather_facts: true
An error (1332) occurred while enumerating the group membership. The member's SID could not be resolved.
$ ansible-playbook --check dns_alias.yml --ask-vault-pass -k
SSH password:
Vault password:
PLAY [windns] ***********************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************
fatal: [windns]: FAILED! => {"ansible_facts": {}, "changed": false, "msg": "The following modules failed to execute: setup\n setup: Unhandled exception while executing module: An error (1332) occurred while enumerating the group membership. The member's SID could not be resolved.\n"}
PLAY RECAP ******************************************************************************************************************************
windns : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
If I set gather_fatcs: false it works.
CNAME is not created.. The user is domain admin.
Any hints?
After some research regarding the error message
An error (1332) occurred while enumerating the group membership. The member's SID could not be resolved.
and your hint
The user is domain admin
it seems according
How to overcome the "The member's SID could not be resolved" error when checking if user is a member of group?
Unable to add/remove objects to group due to orphaned SIDs: PrincipalOperationException: An error (1332) occurred
and others, 3, 4, 5, ...
that the issue is caused not by Ansible but the environment and deleted, renamed or orphaned accounts.

Ansible module bigip_pool_member for BIGIP always returning "Changed" status

I am trying to add pool members to a bigip pool using bigip_pool_member.
Tested on ansible version 2.5 and 2.6
Result - Returns changed ALWAYS, even when it is not making any changes.
Involcation command:
ansible-playbook -i test_inventory add_pool_members.yaml --extra-vars '{"hostgroup": "test-bigip"}'
I am wondering if anyone has insights into what could be going on ?
The contents of the playbook are as under
--
- hosts: "{{ hostgroup }}"
gather_facts: no"
tasks:
- name: Add servers to connection pool
bigip_pool_member:
user: username
password: password
server: "{{inventory_hostname}}"
validate_certs: no
state: present
partition: test
pool: testpool
host: 14.34.45.X
name: test-server
port: 80
description: test
delegate_to: localhost
Run Result
PLAY [f5-test] *****************************************************************************
TASK [Add servers to connection pool ] *****************************************************
changed: [f5-test -> localhost]
PLAY RECAP *********************************************************************************
f5-test : ok=1 changed=1 unreachable=0 failed=0
This could be related to this known bug in the module.
When running playbook with bigip_pool_member module with state: present against live device, each run results in change being made when in reality there's no need for a change.
I'm nor f5 neither network expert but from I understand that happen if you set a monitor to your pool.
There is a pull request already with fixes related to correct state of down machine. Check if it applies to you, else I would suggest to add a detailed comment on the bug.

Need ansible inventory file details

Could someone please help me to write ansible inventory file to connect to bitbucket - clone a file and place into ansible machine.
Playbook
---
- hosts: bitbucketURL
tasks:
- git:
repo: https://p-bitbucket.com:5999/projects/VIT/repos/sample-playbooks/browse/hello.txt
dest: /home/xxx/demo/output/
Inventory file
[bitbucketURL]
p-bitbucket.com:5999
[bitbucketURL:vars]
ansible_connection=winrm
ansible_user=xxx
ansible_pass=<passwd>
I am getting error while using this playbook and inventory file
-bash-4.2$ ansible-playbook -i inv demo_draft1.yml
PLAY [bitbucketURL] *****************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
fatal: [p-bitbucket.nl.eu.abnamro.com]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth method ssl requires a password", "unreachable": true}
to retry, use: --limit #/home/c55016a/demo/demo_draft1.retry
PLAY RECAP **************************************************************************************************************************************************
p-bitbucket.nl.eu.abnamro.com : ok=0 changed=0 unreachable=1 failed=0
Please help me write a proper inventory file with correct parameters
You need no inventory at all. All you need to do is to set the play to execute on localhost:
---
- hosts: localhost
connection: local
gather_facts: false
tasks:
- git:
repo: https://p-bitbucket.com:5999/projects/VIT/repos/sample-playbooks/browse/hello.txt
dest: /home/xxx/demo/output/
That said, URL should point to Git repository, not a single file (if hello.txt is a single file).

ansible - consul kv listing recursive and compare the key values

I am getting error while trying to retrieve the key values from consul kv store.
we have key values are stored under config/app-name/ folder. there are many keys. I want to retrieve all the key values from the consul using ansible.
But getting following error:
PLAY [Adding host to inventory] **********************************************************************************************************************************************************
TASK [Adding new host to inventory] ******************************************************************************************************************************************************
changed: [localhost]
PLAY [Testing consul kv] *****************************************************************************************************************************************************************
TASK [show the lookups] ******************************************************************************************************************************************************************
fatal: [server1]: FAILED! => {"failed": true, "msg": "{{lookup('consul_kv','config/app-name/')}}: An unhandled exception occurred while running the lookup plugin 'consul_kv'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Error locating 'config/app-name/' in kv store. Error was 500 No known Consul servers"}
PLAY RECAP *******************************************************************************************************************************************************************************
server1 : ok=0 changed=0 unreachable=0 failed=1
localhost : ok=1 changed=1 unreachable=0 failed=0
Here is the code i am trying.
---
- name: Adding host to inventory
hosts: localhost
tasks:
- name: Adding new host to inventory
add_host:
name: "{{ target }}"
- name: Testing consul kv
hosts: "{{ target }}"
vars:
kv_info: "{{lookup('consul_kv','config/app-name/')}}"
become: yes
tasks:
- name: show the lookups
debug: msg="{{ kv_info }}"
but removing folder and adding folder are working well. but getting the key values from consul cluster is throwing error. please suggest some better way here.
- name: remove folder from the store
consul_kv:
key: 'config/app-name/'
value: 'removing'
recurse: true
state: absent
- name: add folder to the store
consul_kv:
key: 'config/app-name/'
value: 'adding'
I tried this but still the same error.
---
- name: Adding host to inventory
hosts: localhost
environment:
ANSIBLE_CONSUL_URL: "http://consul-1.abcaa.com"
tasks:
- name: Adding new host to inventory
add_host:
name: "{{ target }}"
- name: show the lookups
debug: kv_info= "{{lookup('consul_kv','config/app-name/')}}"
All lookup plugins in Ansible are always evaluated on localhost, see docs:
Note:
Lookups occur on the local computer, not on the remote computer.
I guess you expect kv_info to be populated by executing consul fetch from
{{ target }} server.
But this lookup is actually executed on your Ansible control host (localhost), and if you have no ANSIBLE_CONSUL_URL set, you get No known Consul servers error.
When you use consul_kv module (to create/delete folders), it is executed on {{ target }} host in contrast to consul_kv lookup plugin.

Resources