cancel
Showing results for 
Search instead for 
Did you mean: 

BIGIP device certificate - Ansible Error

Sayali
Altocumulus
Altocumulus

Hi,

 

I am trying to use bigip Ansible module for managing self-signed device certificates `bigip_device_certificate`

 

Here is the snippet of task:

- name: Device HTTPs certificate  bigip_device_certificate:   cert_name: "server.crt"   key_name: "server.key"   days_valid: 365   key_size: 4096   force: no   new_cert: no   issuer:    country: "{{ device_cert.issuer_country }}"    state: "{{ device_cert.issuer_state }}"    organization: "{{ device_cert.issuer_org }}"    division: "{{ device_cert.issuer_division }}"    email: "{{ device_cert.issuer_email }}"    locality: "{{ device_cert.issuer_locality }}"    common_name: "{{ device_cert.common_name }}"   provider:    server: "{{ ansible_host }}"    user: "{{ bigip_username }}"    password: "{{ bigip_password }}"    transport: cli    server_port: 22    ssh_keyfile: ~/.ssh/id_rsa  delegate_to: localhost

 

So, the certificate on bigip isn't expired. But, for some reason, the above task fails for one of the devices (have two - worked on 1 of them) with below error:

"/tmp/ansible_bigip_device_certificate_payload_lazf97h6/ansible_bigip_device_certificate_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_certificate.py\", line 452, in expired\nTypeError: '>' not supported between instances of 'int' and 'NoneType'\n",   "module_stdout": "",   "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",   "rc": 1 }

 

I tried toggling the values for `force` and `new_cert` without any success.

As per the error , seems something fails at `bigip_device_certificate.py` line 452. Below is the snippet of function around it:

 

  def expired(self):     self.have = self.read_current_certificate()     current_epoch = int(datetime.now().timestamp())     if current_epoch > self.have.epoch:       return True     return False

 

Any ideas?

0 REPLIES 0