Ansible get_url fails to download a protected by basic auth - ansible

I'm trying to download a protected file using HTTP from a remote server with the get_url module but the username password does not seem to get passed in the request and the task therefore fails.
I'm using Ansible 1.9.2
Here is the get_url definition I'm using:
- name: Downloading Artifact
get_url:
url: "http://myserver/somefile.tar.gz"
dest: "/home/jdoe/somefile.tar.gz"
url_username: "jdoe"
url_password: "mysecret"
mode: 0600
Here is the error I get:
failed: [myserver] => {"dest": "/home/jdoe/somefile.tar.gz", "failed": true,
"response": "HTTP Error 403: Forbidden", "state": "absent",
"status_code": 403, "url": "http://myserver/somefile.tar.gz"}
msg: Request failed
FATAL: all hosts have already failed -- aborting
Now, I tried to download the file using cURL and it works.
Any help is appreciated as I've struggling with this for 2 days.

You can use the uri module:
---
- hosts: hostname
tasks:
- name: "download file"
uri:
url: "http://somedomain.com/file.json"
method: GET
user: "{{ somedomain.user }}"
password: "{{ somedomain.password }}"
force_basic_auth: yes
dest: /tmp/somedomain.file.json
return_content: yes
If this doesn't work, probably it will have something to do with the httplib2 library version.

The problem is that your server does not return 401 status so that the httplib2 library can send over the BASIC authentication credentials afterwards. The solution is to upgrade to ansible >= 2.0 and use force_basic_auth: True so that the BASIC authentication credentials from the beginning.

I've had a similar issue in ansible 2.9.
Turns out curl was also getting HTTP 403 but showing content anyway. GET_URL module is just more strict.
For me, the issue was solved by switching from the default Apache welcome page to the smth custom made.

Related

Error deleting obsolete flush agents using ansible aem_agent module

Can anyone help me with the error deleting obsolete replication agents using the aem_agent module (https://github.com/lean-delivery/ansible-modules-aem/blob/master/aem_agent.py)?
I face an error:
"msg": "failed to delete agent: 405 - "
Here is a task:
- name: Remove dispatcher flush agents
aem_agent:
name: "{{ obsolete_dispatcher }}"
state: absent
folder: 'agents.publish'
admin_user: '{{ admin_login }}'
admin_password: '{{ admin_password }}'
host: 'http://localhost'
port: '4502'
From the error.log:
XX.XX.XXXX XX:XX:XX.XXX *ERROR* [127.0.0.1 [XXXXXXXXXXXXX] DELETE /etc/replication/agents.publish/ip-XX-XX-XXX-XXX-XX-XXXX-X-compute-internal-dispatcher HTTP/1.1] org.apache.sling.servlets.resolver.internal.SlingServletResolver handleError: Recursive invocation. Not further handling status 405(Method DELETE not supported)
The HTTP DELETE method isn't supported when you disable the WebDav bundles per the security checklist.
You can either re-enable WebDAV or modify the code in the Ansible aemagent project to delete using the Sling POST servlet instead. The request would be a POST with parameter ":operation=delete" to the path.
For examples, see the Sling documentation.
As was advised, I modified a code (delete_agent function). Changes:
request method from delete => post
added data to the request: {':operation': 'delete'}
also, I've created PR to add these changes in the code.
It works for me. Thank you, Andrew Khoury, very much!

Ansible get_url module: Unable to find a checksum for file

I'm trying to fetch ActiveMQ Artemis using the following:
- name: Download the ActiveMQ Artemis artifact
get_url:
url: "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz&action=download"
dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
#with fixed checksumm it works but breaks the idea of the version to be a variable.
#checksum: "sha512:4990a6b742b08bff6a4c7b310d2610565b08a2a02e1a7aec065460d16f8a6fe3d4fe91a8040839f93d7c2eab09fd6a79848fb130f9820559ee3e81dcf8d51ead"
#Getting "Unable to find a checksum for file 'closer.cgi' in 'https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz.sha512'"
checksum: "sha512:https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz.sha512"
#Also getting: fatal: [dev-broker-01]: FAILED! => {"changed": false, "dest": "/tmp/apache-artemis-2.16.0-bin.tar.gz", "elapsed": 0, "msg": "Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>", "url": "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz&action=download"}
validate_certs: no
and getting: "Unable to find a checksum for file 'closer.cgi' in 'https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz.sha512'"
It's not picking up the filename from dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
Also having some issue validating the certificate.
Any ideas how can I solve both problems?
The error seems to suggest that it is looking for checksum of file closer.cgi rather than the actual tar.gz file. And the filename in the checksum URL is: apache-artemis-2.16.0-bin.tar.gz.
The other way to specify the checksum, is to just supply the checksum string (without filename). Although for that we need to come up with a couple of tasks prior to get it.
Something like below:
- uri:
url: "https://downloads.apache.org/activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz.sha512"
return_content: true
register: url_sha512
- set_fact:
artemis_checksum: "{{ url_sha512.content.split(' ')[0] }}" # there are 2 spaces
- get_url:
url: "https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/{{ artemis_version }}/apache-artemis-{{ artemis_version }}-bin.tar.gz&action=download"
dest: "/tmp/apache-artemis-{{ artemis_version }}-bin.tar.gz"
checksum: "sha512:{{ artemis_checksum }}"
# I was able to download without having below parameter
# validate_certs: no
Update:
This kind of approach can be useful when site directory cannot be browsed, and file must be obtained from a mirrored URL.

How to connect to Rally from Ansible

I am trying to connect to Rally from Ansible. For this I am using uri module and also created an API key from Rally. My task:-
tasks:
- name: Get data
uri:
url: 'https://rally1.rallydev.com/slm/webservice/v2.0/subscription'
# headers:
# api_key: "myapikey"
user: myapikey
password:
follow_redirects: all
return_content: yes
status_code: 200
method: GET
register: get_data
- debug: var=get_data
But I am still getting error:-
"msg": "Status code was 401 and not [200]: HTTP Error 401: Full authentication is required to access this resource",
Not sure what I am doing wrong.
A simple way to prove that you have access would be to use curl on the command line and then script it via your favourite language to do something similar to the following:
curl --config options.txt
Where options.txt contains:
url https://rally1.rallydev.com/slm/webservice/v2.0/workspace?query=&fetch=true&start=1&pagesize=20
header = "ZSESSIONID: YOURAPIKEY"
You will see that the API key is used in a header variable ZSESSIONID. It works on my machine.....

How to fix IP Whitelist error in URI module of Ansible?

I am getting "IP not in white-list!" error when I run below playbook. How can I fix this error?
tasks:
- name: Create AD groups
uri:
url: https://server.uk.db.com:6001/governance/sims/users/jyotsnaparasjain#db.com/groups
method: POST
body: '{"nar":"123456-5", "env_list": ["PROD"], "roles": ["L1"], "approver3": "jyotsnaparasjain#gmail.com"}'
user: jyotsnaparasjain#gmail.com
body_format: json
status_code: 200
force_basic_auth: yes
headers:
X-Auth-Token: "token_comes_here"
validate_certs: no
register: create_ad_group
- name: Response of AD Group
debug:
var: create_ad_group.json
Error:
\"EXCEPTION\": \"IP not in white-list!!\"\n}\n"
It looks like this error message is an answer from a remote server. Try to talk to the administrator of the server server.uk.db.com to grant the access for your IP.
Otherwise, to get a better answer, please, provide the full error instead of small excerpt.

Ansible Fatal Error when trying to delete an App on Marathon

I am trying to Post an app on marathon using Ansible and then I am trying to delete the same app with my Playbook. Everything works fine, the only problem is that I am getting below error when I am running my playbook for delete.
fatal: [localhost]: FAILED! =>
{
"cache_control":"no-cache, no-store, must-revalidate",
"changed":false,
"connection":"close",
"content":"{\"version\":\"2016-10-12T16:51:47.641Z\",\"deploymentId\":\"46edbf12-e837-45c5-9360-9824a4143868\"}",
"content_length":"92",
"content_type":"application/json; qs=2",
"date":"Wed, 12 Oct 2016 16:51:02 GMT",
"expires":"0",
"failed":true,
"json":{
"deploymentId":"46edbf12-e837-45c5-9360-9824a4143868",
"version":"2016-10-12T16:51:47.641Z"
},
"msg":"Status code was not [201]: OK (92 bytes)",
"pragma":"no-cache",
"redirected":false,
"server":"openresty/1.7.10.2",
"status":200,
"url":"http://mywebsite.com:19092/v2/apps/demoansible",
"x_marathon_leader":"http://10.201.160.1:31392"
}
As you can see above, the json shows successful response and status is 200, also when I check on Marathon UI, the app is deleted. But the only problem is the fatal:[ localhost]: FAILED! => error. Is there any way, I can remove that error?
here is my playbook for delete:
---
- hosts: local
gather_facts: false
tasks:
-
uri:
body: "{{ lookup('file','app.json') }}"
body_format: json
force_basic_auth: true
method: DELETE
password: password
status_code: 201
url: "url/v2/apps/demoansible"
user: user1
What I see from your playbook is that, you are using it for deleting an app on your marathon, and you have already given your app id in the url, I dont think you need a body in your playbook. Please remove the body and also the status code, and I think it should work fine.
The reason, you dont need body is that you are using it for deleting. And for deleting a running app on marathon, app id is more than sufficient, you dont need to pass your app.json file to delete an app. This will remove the fatal error which you are facing.
Hope this helps.

Resources