BIGIP device certificate - Ansible Error

Sayali · ‎19-Aug-2020

Hi,

I am trying to use bigip Ansible module for managing self-signed device certificates `bigip_device_certificate`

Here is the snippet of task:

- name: Device HTTPs certificate
 bigip_device_certificate:
  cert_name: "server.crt"
  key_name: "server.key"
  days_valid: 365
  key_size: 4096
  force: no
  new_cert: no
  issuer:
   country: "{{ device_cert.issuer_country }}"
   state: "{{ device_cert.issuer_state }}"
   organization: "{{ device_cert.issuer_org }}"
   division: "{{ device_cert.issuer_division }}"
   email: "{{ device_cert.issuer_email }}"
   locality: "{{ device_cert.issuer_locality }}"
   common_name: "{{ device_cert.common_name }}"
  provider:
   server: "{{ ansible_host }}"
   user: "{{ bigip_username }}"
   password: "{{ bigip_password }}"
   transport: cli
   server_port: 22
   ssh_keyfile: ~/.ssh/id_rsa
 delegate_to: localhost

So, the certificate on bigip isn't expired. But, for some reason, the above task fails for one of the devices (have two - worked on 1 of them) with below error:


"/tmp/ansible_bigip_device_certificate_payload_lazf97h6/ansible_bigip_device_certificate_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_certificate.py\", line 452, in expired\nTypeError: '>' not supported between instances of 'int' and 'NoneType'\n",
  "module_stdout": "",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
  "rc": 1
}

I tried toggling the values for `force` and `new_cert` without any success.

As per the error , seems something fails at `bigip_device_certificate.py` line 452. Below is the snippet of function around it:

  def expired(self):
    self.have = self.read_current_certificate()
    current_epoch = int(datetime.now().timestamp())
    if current_epoch > self.have.epoch:
      return True
    return False

Any ideas?

DevCentral

BIGIP device certificate - Ansible Error

Khoros Kudos Award 2022