cancel
Showing results for 
Search instead for 
Did you mean: 

curl command not giving full output when used in Ansible f5 module .

Sarovani
Cirrostratus
Cirrostratus

Hi Experts , 

 

Below comand is not giving the complete output when we run this command from f5 Ansible Module .. Anyone knowns any workaround ? 

 

curl -vk https://example.com 

 

 

9 REPLIES 9

chrros95
Altostratus
Altostratus

Can you please elaborate which module and parameters you are using (e.g. by showing the playbook task)?
Maybe the ansible version would help as well.

from Ansible , We are trying to execute the below command but we are not getting the complete output ... 

curl -vk https://example.com  

We tried beow 2 scripts but we are getting the output but with error at the end ...output does not completes. 

 

- name: Run curl command
raw: curl -vvvk "https://{{VIP_IP[1]}}:{{VIP_PORT}}"
register: curl_result
failed_when: '"Connected" not in curl_result.stderr'
ignore_errors: yes

or

- name: Run curl command
shell: curl -vvvk "https://{{VIP_IP[1]}}:{{VIP_PORT}}"
register: curl_result
failed_when: '"Connected" not in curl_result.stderr'
ignore_errors: yes

 

+++++++++++++++++++++++++++++++++++++++++++++++++

OUTPUT :


* Rebuilt URL to: https://192.168.12.135:443/
* Trying 192.168.12.135...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

 

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 192.168.12.135 (192.168.12.135) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [81 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [956 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [527 bytes data]
* TLSv1.2 (OUT), TLS alert, handshake failure (552):
} [2 bytes data]
* error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

 

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

To me it looks like you're not using an f5-ansible module but the built-in ansible.builtin.raw module. Furthermore the output looks more or less complete as the error is the last thing that curl will print on failure. 

You can try to use curls --ciphers option to avoid this error (e.g. curl -vvvk --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' "https://{{VIP_IP[1]}}:{{VIP_PORT}}" ).

As well, you can consider to use the f5networks.f5_modules.bigip_command as it is F5s way to execute commands.

but when we un this command directly on f5 cli , we get complete output ..

thanks @chrros95 , below command worked .

 

curl -vvvk --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' https://192.168.100.13:9443 

can you please tell me what exactly --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' this command does ..

With this command the ciphers that curl is allowed to use are selected. First all possible ciphers are selected (ALL) and then some weak ciphers (!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4) are excluded. By excluding all Diffie-Hellman ciphers (!DH) we address the issue that curl is mentioning. The last thing (@STRENGTH) is to sort the ciphers according to their strength.

For more information about building cipher string read, for example https://www.openssl.org/docs/man1.0.2/man1/ciphers.html

The raw command does what it says - it does it as raw as possible so it's basically a ssh user@bigip curl -vvk "https://{{VIP_IP[1]}}:{{VIP_PORT}}". May be it's a missing environment variable or so. But as I can't reproduce it, I'm not completely sure.