Our deployment Apache Httpd(WAS Plugin) + WLP cluster, the access log of Apache Httpd shows the correct front-end user IP, but in the access log of WLP, the IP of HTTP request is the Apache Httpd server IP instead of front-end user IP.
I turned on the WAS WebServer Plug-in DEBUG log level, and saw $WSRA was set correctly in http_plugin.log as follows:
[24/Nov/2016:02:42:13.63592] 00001a55 9e5f6700 - DETAIL: mod_was_ap24_http: cb_get_headers: Skipping header name '$WSRA'; This is a restricted WebSphere header
7483 [24/Nov/2016:02:42:13.63594] 00001a55 9e5f6700 - DEBUG: Set header |$WSAT| to |openid-connect|
7484 [24/Nov/2016:02:42:13.63596] 00001a55 9e5f6700 - DEBUG: Set header |$WSIS| to |true|
7485 [24/Nov/2016:02:42:13.63598] 00001a55 9e5f6700 - DEBUG: Set header |$WSSC| to |https|
7486 [24/Nov/2016:02:42:13.63600] 00001a55 9e5f6700 - DEBUG: Set header |$WSPR| to |HTTP/1.1|
7487 [24/Nov/2016:02:42:13.63602] 00001a55 9e5f6700 - DEBUG: Set header |$WSRA| to |9.125.233.196|
7488 [24/Nov/2016:02:42:13.63604] 00001a55 9e5f6700 - DEBUG: Set header |$WSRH| to |9.125.233.196|
7489 [24/Nov/2016:02:42:13.63606] 00001a55 9e5f6700 - DEBUG: Set header |$WSRU| to xxxxxx
7490 [24/Nov/2016:02:42:13.63608] 00001a55 9e5f6700 - DEBUG: Set header |$WSSN| to |9.115.114.76|
7491 [24/Nov/2016:02:42:13.63610] 00001a55 9e5f6700 - DEBUG: Set header |$WSSP| to |443|
Meanwhile in the backend WLP server, I have a JSP to print out the HTTP headers, $WSRA is still correct.
But in WLP access.log, something was wrong, it used the proxy server IP(which is same to $WSSN) instead of $WSRA.
9.115.114.76 xxxxxxx "GET /test/ HTTP/1.1" ...
We would like to log $WSRA the real remote user IP in the access.log. thanks.
Finally, I was able to use a custom WAS access log format " %{WSRA}i %u %{t}W "%r" %s %b " to print the real remote user IP address to the access log
Related
I'm having an issue using the routeros_command module. I keep getting an error:
ConnectionError: timeout value 30 seconds reached while trying to send command: b'/system resource print'
I read that it must have something to do with the username, because of the dash. But changing the username is not an option for me.
I'm trying to find a different way to access the router while still making sure that the password won't show without using the no_logs option.
- name: Router OS check
vars:
ansible_connection: network_cli
ansible_network_os: routeros
ansible_user: test-router
ansible_password: testing-router12
routeros_command:
commands:
- /system resource print
I have an inventory report which is generated every day on our Cisco DNA Center. I would like to download this report with ansible to my ansible control node.
My playbook so far is:
---
- hosts: DNA
vars_files:
- /root/ansible/credentials.yaml
gather_facts: no
tasks:
- name: Get all Reports
cisco.dnac.reports_executions_info:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
reportId: a13236797-7a85-4774-98bd-552b41a3s5v7
headers:
custom: text/csv
saveFile: true
dirPath: /root/ansible/outputs
register: result
- name: debug
debug:
msg: "{{ result.dnac_response }}"
In the documentation for this module it tells the following:
Returns report content.
Save the response to a file by converting the response data as a blob and setting the file format available from content-disposition response header.
https://github.com/cisco-en-programmability/dnacenter-ansible/blob/main/plugins/modules/reports_executions_info.py
Is this a misunderstanding from my side? I just want to transfer the generated report from the DNAC machine to my ansible machine.
The executionID was missing, thats why the content wasn't downloaded. There were no errors thats why it was confusing to me.
I made a Connections 6.5 headless installation which itself works, but couldn't start adminctl in the
# cd /opt/IBM/HTTPServer/bin/
# ./adminctl start
Syntax error on line 7 of /opt/IBM/HTTPServer/conf/admin.conf:
Port must be specified
Line 7 seems like an variable, that doesn't got parsed properly when configuring the IHS
# grep Listen ../conf/admin.conf
Listen ##AdminPort##
There are also other such ## variables in the config file:
# grep ## ../conf/admin.conf
Listen ##AdminPort##
User ##SetupadmUser##
Group ##SetupadmGroup##
ServerName cnx65.internal:##AdminPort##
Why are those values not correctly replaced? For example to Listen 8008 (default IHS admin port).
How I configure the IHS
The machine got provisioned using ansible, where the following shell command runs for IHS plugin configuration:
./wctcmd.sh -tool pct -createDefinition -defLocPathname /opt/IBM/WebSphere/Plugins -response /tmp/plugin-response-file.txt -defLocName webserver1
Response file /tmp/plugin-response-file.txt:
configType=remote
enableAdminServerSupport=true
enableUserAndPass=true
enableWinService=false
ihsAdminCreateUserAndGroup=true
ihsAdminPassword=adminihs
ihsAdminPort=8008
ihsAdminUnixUserGroup=ihsadmin
ihsAdminUnixUserID=ihsadmin
mapWebServerToApplications=true
wasMachineHostname=cnx65.internal
webServerConfigFile1=/opt/IBM/HTTPServer/conf/httpd.conf
webServerDefinition=webserver1
webServerHostName=cnx65.internal
webServerOS=Linux
webServerPortNumber=80
webServerSelected=IHS
As you can see, all required variables for substitution were present. So the tool should be able to replace ##AdminPort## by the value 8008.
wctcmd.sh just creates the WAS definition for the IHS, but doesn't prepare the admin server. We need to do this manually with postinst and setupadm as documented here. This seems not just required for zip installations. My installation was done using Installation Manager and the admin server doesn't work without those steps.
I automated it in Ansible like this:
- name: Check if admin config is properly parsed
become: yes
shell: grep ##AdminPort## {{ http_server.target }}/conf/admin.conf
register: admin_conf_check
# File not found raise rc = 2, rc = 0 found, rc = 1 not found but file exists
failed_when: admin_conf_check.rc != 0 and admin_conf_check.rc != 1
changed_when: False
- set_fact:
admin_conf_is_configured: "{{ admin_conf_check.rc == 1 }}"
- name: Parse IHS admin config
become: yes
# plugin_config_file is defined in http-plugin.yml
shell: |
./bin/postinst -i $PWD -t setupadm -v ADMINPORT={{ http_server.admin_port }} -v SETUPADMUSER=nobody -v SETUPADMGROUP=nobody
./bin/setupadm -usr nobody -grp nobody -cfg conf/httpd.conf -plg {{ plugin_config_file }} -adm conf/admin.conf
args:
chdir: "{{ http_server.target }}"
environment:
LANG: "{{ system_language }}"
register: ihs_setup
# setupadm returns 90 if it was successfull: "Script Completed RC(90)"
failed_when: ihs_setup.rc != 90
when: not admin_conf_is_configured
- name: Create htpasswd for admin config
become: yes
shell: ./bin/htpasswd -c conf/admin.passwd adminihs
args:
chdir: "{{ http_server.target }}"
creates: "{{ http_server.target }}/conf/admin.passwd"
environment:
LANG: "{{ system_language }}"
http_server.target is the IHS base path, e.g. /opt/IBM/HTTPServer
http_server.admin_port is the IBM default value 8008
plugin_config_file is set to /opt/IBM/WebSphere/Plugins/config/{{ http_server.name }}/plugin-cfg.xml where http_server.name matches the definition name in WAS (webserver1 in my example)
system_language is set to en_US.utf8 to make sure that we get english error message for output validation (when required), independent of the configured OS language
After running those configuration tools, we can see that all placeholders were replaced by their corresponding values:
# grep -i listen ../conf/admin.conf
Listen 8008
Running the admin server by executing ./adminctl start in the bin directory now works as expected.
I heard from folks in the lab at IBM that webServerSelected=IHS is not being regognized and it must be webServerSelected=ihs (lowercase)
https://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/tins_pctcl_using.html
webServerSelected
Specifies the web server to be configured
Specify only one web server to configure.
apache22
Apache Web Server Version 2.2
64-bit configuration not supported on Windows
apache24
Apache Web Server Version 2.4
64-bit configuration not supported on Windows
ihs
IBM® HTTP Server
64-bit configuration not supported on Windows
...
Hi I am using rest api post request to create one resource thru URI module in ansible... I want to check the status of the resource created or not in next task to execute it..can you please suggest me how can I do this.. here resource is new server I am creating and want to install packages
In next tasks when it is spin up and on.
Using failed_when: false the playbook execution will not fail on error codes. Then you can register the result and access the status code using the status key (follows an example.yml):
---
- hosts: localhost
tasks:
- name: Example uri module status
uri:
url: http://www.example.com
return_content: no
register: result
failed_when: false
- debug:
var: result.status
I have 3 instances running on centos 7
1. Ansible Server
2. Varnish Server
3. Apache httpd server
I want to restart the apache service when varnish service is up but varnish health status showing ""Sick" because apache service is stopped.
I have already created a playbook and defined the both hosts but not working
- name: Check Backend Nodes
shell: varnishadm backend.list | awk 'FNR==2{ print $4 }'
register: status1
- name: print backend status
debug:
msg: "{{status1.stdout_lines}}"
#tasks:
- include_tasks: /etc/ansible/apache/tasks/main.yml
when: status1.stdout_lines == 'Sick'
This is most likely because your when condition has a glitch, as you can see in the documentation, stdout_lines is always a list of string, when your condition do compare it to a string.
So your fix could actually be as simple as checking if the string Sick is among the list stdout_lines:
- include_tasks: /etc/ansible/apache/tasks/main.yml
when: “'Sick' in status1.stdout_lines”