Sayali
Aug 19, 2020Altocumulus
BIGIP device certificate - Ansible Error
Hi,
I am trying to use bigip Ansible module for managing self-signed device certificates `bigip_device_certificate`
Here is the snippet of task:
- name: Device HTTPs certificate
bigip_device_certificate:
cert_name: "server.crt"
key_name: "server.key"
days_valid: 365
key_size: 4096
force: no
new_cert: no
issuer:
country: "{{ device_cert.issuer_country }}"
state: "{{ device_cert.issuer_state }}"
organization: "{{ device_cert.issuer_org }}"
division: "{{ device_cert.issuer_division }}"
email: "{{ device_cert.issuer_email }}"
locality: "{{ device_cert.issuer_locality }}"
common_name: "{{ device_cert.common_name }}"
provider:
server: "{{ ansible_host }}"
user: "{{ bigip_username }}"
password: "{{ bigip_password }}"
transport: cli
server_port: 22
ssh_keyfile: ~/.ssh/id_rsa
delegate_to: localhost
So, the certificate on bigip isn't expired. But, for some reason, the above task fails for one of the devices (have two - worked on 1 of them) with below error:
"/tmp/ansible_bigip_device_certificate_payload_lazf97h6/ansible_bigip_device_certificate_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_certificate.py\", line 452, in expired\nTypeError: '>' not supported between instances of 'int' and 'NoneType'\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
I tried toggling the values for `force` and `new_cert` without any success.
As per the error , seems something fails at `bigip_device_certificate.py` line 452. Below is the snippet of function around it:
def expired(self):
self.have = self.read_current_certificate()
current_epoch = int(datetime.now().timestamp())
if current_epoch > self.have.epoch:
return True
return False
Any ideas?