Forum Discussion

Blue_whale's avatar
Blue_whale
Icon for Cirrocumulus rankCirrocumulus
Feb 07, 2022

curl command not giving full output when used in Ansible f5 module .

Hi Experts ,    Below comand is not giving the complete output when we run this command from f5 Ansible Module .. Anyone knowns any workaround ?    curl -vk https://example.com     
application delivery
bash
devops
TMSH
Blue_whale's avatar
Blue_whale
Icon for Cirrocumulus rankCirrocumulus

We tried beow 2 scripts but we are getting the output but with error at the end ...output does not completes. 

 

- name: Run curl command
raw: curl -vvvk "https://{{VIP_IP[1]}}:{{VIP_PORT}}"
register: curl_result
failed_when: '"Connected" not in curl_result.stderr'
ignore_errors: yes

or

- name: Run curl command
shell: curl -vvvk "https://{{VIP_IP[1]}}:{{VIP_PORT}}"
register: curl_result
failed_when: '"Connected" not in curl_result.stderr'
ignore_errors: yes

 

+++++++++++++++++++++++++++++++++++++++++++++++++

OUTPUT :


* Rebuilt URL to: https://192.168.12.135:443/
* Trying 192.168.12.135...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

 

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 192.168.12.135 (192.168.12.135) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [81 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [956 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [527 bytes data]
* TLSv1.2 (OUT), TLS alert, handshake failure (552):
} [2 bytes data]
* error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

 

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

chrros95's avatar
chrros95
Icon for Altostratus rankAltostratus
Feb 10, 2022

To me it looks like you're not using an f5-ansible module but the built-in ansible.builtin.raw module. Furthermore the output looks more or less complete as the error is the last thing that curl will print on failure. 

You can try to use curls --ciphers option to avoid this error (e.g. curl -vvvk --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' "https://{{VIP_IP[1]}}:{{VIP_PORT}}" ).

As well, you can consider to use the f5networks.f5_modules.bigip_command as it is F5s way to execute commands.

  • Blue_whale's avatar
    Blue_whale
    Icon for Cirrocumulus rankCirrocumulus
    Feb 10, 2022

    but when we un this command directly on f5 cli , we get complete output ..

      • Blue_whale's avatar
        Blue_whale
        Icon for Cirrocumulus rankCirrocumulus
        Feb 10, 2022

        can you please tell me what exactly --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' this command does ..

    • chrros95's avatar
      chrros95
      Icon for Altostratus rankAltostratus
      Feb 14, 2022

      The raw command does what it says - it does it as raw as possible so it's basically a ssh user@bigip curl -vvk "https://{{VIP_IP[1]}}:{{VIP_PORT}}". May be it's a missing environment variable or so. But as I can't reproduce it, I'm not completely sure.