Connection Refused error when running Ansible Playbook
I'm trying to run an Ansible playbook to create a new local user account on a Big-IP VE running 13.1.3.4 using the bigip_user module.I'm able to run tasks using bigip_device_info and bigip_config modules successfully, but whenever I try to run a playbook with a module to change settings (i.e. bigip_user or bigip_snmp_community) it errors out with the message:"An exception occurred during task execution. To see the full traceback, use -vvv. The error was: urllib.error.URLError: <urlopen error [Errno 111] Connection refused>" I'm new to Ansible on Big-IP platform.Any help on this is greatly appreciated. Playbook: --- - name: Add users playbook hosts: "{{ devices }}" strategy: free order: sorted connection: local gather_facts: no become: no become_method: enable ignore_errors: no collections: - f5networks.f5_modules vars: provider: server: "{{ ansible_host }}" user: <username> password: <password> validate_certs: no server_port: 443 tasks: - name: Add or update the user bigip_user: provider: "{{ provider }}" username_credential: user password_credential: password update_password: always full_name: User shell: bash partition_access: - all:admin state: present delegate_to: localhost Error: The full traceback is: Traceback (most recent call last): File "/usr/local/lib/python3.7/urllib/request.py", line 1350, in do_open encode_chunked=req.has_header('Transfer-encoding')) File "/usr/local/lib/python3.7/http/client.py", line 1277, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/local/lib/python3.7/http/client.py", line 1323, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/local/lib/python3.7/http/client.py", line 1272, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/local/lib/python3.7/http/client.py", line 1032, in _send_output self.send(msg) File "/usr/local/lib/python3.7/http/client.py", line 972, in send self.connect() File "/usr/local/lib/python3.7/http/client.py", line 1439, in connect super().connect() File "/usr/local/lib/python3.7/http/client.py", line 944, in connect (self.host,self.port), self.timeout, self.source_address) File "/usr/local/lib/python3.7/socket.py", line 728, in create_connection raise err File "/usr/local/lib/python3.7/socket.py", line 716, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused Thanks, -Edson
Extract content of Certificate key file with REST or Ansible
Hi Community, I'm working on an automation for renewing Certificates on multiple BIG-IP's using Ansible. As not all available Ansible F5 modules provide what is required, I'm currently using a mix of modules and REST calls (which is call from Ansible). F5 Module Index What works so far is: Create new CSR/Key on BIG-IP Get new "CA based" Cert and upload to the BIG-IP Upload the same Cert to other BIG-IP's Update SSL profiles on multiple BIG-IP's and some others tasks, like irules..etc Anyhow, what doesnt work so far is to get the content of the key which was created on the first device together with the CSR. Basically I dont have the key which needs to be uploaded to the other BIG-IP's as well. From the CLI, the following gives me what I need: cat/config/filestore/files_d/Common_d/certificate_key_d/*name.key* The problem with this is, I cant integrate it in Ansible using the bigip_command – Run TMSH and BASH commands on F5 devices module. Looks like only tmsh commands are supported even though it states BASH as well. Plus I try to avoid using this module whenever possible in a first place. Through the GUI, simple export and import on an other device - done, but obviously not automated. I have tried all possible Ansible modules as well as REST calls, but dont get the content out of the .key file. I thought that this would/should be a simple tasks. If anyone's done this using any approach please share. I could create a new key and get a cert for each device, but first try to find out if there's another way. Thanks in advance, StefanError Running Ansible tasks on the active BIG-IP K10531487
I'm getting an error running code from K10531487: Running Ansible tasks on the active BIG-IP in a device group. This appears to be an auth error on the active device, however the play runs cleanly getting facts on the device, and this environment runs other ansible scripts on the same F5's as well. Any ideas for next steps? I appreciate your help. Error: TASK [Display bigip facts f5bm.express-scripts.com] ****************************************** ok: [f5bm.express-scripts.com] => {} MSG: [u'Hostname: f5bm.express-scripts.com', u'Status: HA_STATE_ACTIVE'] TASK [Create pool] ************************************************************************************ fatal: [f5bm.express-scripts.com -> localhost]: FAILED! => { "changed": false } MSG: Unable to connect to f5bm.express-scripts.com on port 443. The reported error was "Unexpected **kwargs: {'verify': False}". to retry, use: --limit @/home/eh7305/scripts/ansible/f5tst.retry PLAY RECAP ******************************************************************************************** f5am.express-scripts.com : ok=2 changed=0 unreachable=0 failed=0 f5bm.express-scripts.com : ok=2 changed=0 unreachable=0 failed=1 ` Playbook: `--- - name: "Syncing F5 Active config to group" hosts: "drhaf5" serial: 1 vars_files: - "vars/main.yml" - "vars/vault.yml" gather_facts: "no" roles: - "f5syncactive" tasks: - name: "Get bigip facts" bigip_facts: server: "{{inventory_hostname}}" user: "admin" password: "{{adminpass}}" include: - "device" - "system_info" validate_certs: False check_mode: no delegate_to: "localhost" - name: "Display bigip facts {{inventory_hostname}}" debug: msg: - "Hostname: {{ system_info.system_information.host_name }}" - "Status: {{ device['/Common/' + system_info.system_information.host_name].failover_state }}" - name: "Create pool" bigip_pool: server: "{{inventory_hostname}}" user: "admin" password: "{{adminpass}}" lb_method: "round-robin" monitors: http name: "pool1" validate_certs: False notify: - "Save the running configuration to disk" - "Sync configuration from device to group" delegate_to: "localhost" when: device['/Common/' + system_info.system_information.host_name].failover_state == "HA_STATE_ACTIVE" handlers: - name: "Save the running {{inventory_hostname}} configuration to disk" bigip_config: save: "yes" server: "{{inventory_hostname}}" user: "admin" password: "{{adminpass}}" validate_certs: False delegate_to: localhost - name: "Handler Sync configuration from {{inventory_hostname}} to group" bigip_configsync_action: device_group: "sync-failover-group" sync_device_to_group: "yes" server: "{{inventory_hostname}}" user: "admin" password: "{{adminpass}}" validate_certs: False delegate_to: localhost
F5 automation using pure iControl REST API and Ansible - Series: Introduction
Introduction : There are many articles covering F5 and ansible integration using F5 ansible modules. But no articles/details on using Ansible with pure iControl REST API. May be it was intended to use bigip ansible modules with Ansible. This series will be helpful where there is no solution available with existing F5 ansible modules to configure a specific object. There are pros and cons of using direct F5 ansible modules. Pros : 1) No need to understand iControl REST API structure 2) Easy to use api with specific parameters to create a specific object Cons : 1) For some modules there is limited functionality based on what is available in any specific Module 2) F5 password has to be put in each and every tasks 3) To create a specific object depends on F5 modules availablity Note: This series is intended for administrator who should have some hands on coding experience or atleast know the coding concepts Purpose : The intended goal of this series is to make the ansible code generic enough that object creation is data driven and not code driven. Change the input data and the ansible scripts should take care of configuring only the required objects. Details : Admininstrator should have basic knowledge of below to start with 1) Ansible a) Installation b) Running playbook c) Ansible Tasks and Roles d) Ansible variables and scope e) Ansible Inventory f) Ansible uri module 2) iControl REST API a) Understandings of iControl REST API b) How to retrieve objects using GET c) How to create/update object using POST/PUT d) How to navigate through REST APIs References: 1) Install Ansible and F5 dependendies https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/getting_started.html 2) Run your first BIG-IP playbook with F5 ansible modules https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/playbook_tutorial.html https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/connection-local-or-delegate-to.html 3) Understanding variables and Inventory in Ansibles https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html 4) Understanding of uri module https://docs.ansible.com/ansible/latest/modules/uri_module.htmluri-module 5) Understanding of iControl REST API iControl REST Home page contains all the required links to understand iControl REST in details. No need to go over the code samples presenented in the series https://devcentral.f5.com/wiki/iControlREST.HomePage.ashx iControl REST API Guide for 12.0.0 https://devcentral.f5.com/d/the-user-guide-for-the-icontrol-rest-interface-in-big-ip-version-120 iControl API Reference properties of each object with which parameter is mandatory and which is optional https://devcentral.f5.com/wiki/iControlREST.APIRef_tm_ltm.ashx 4) Integrations of F5 and ansible This articles covers the link to all articles including how to install ansible and how to start using ansible with existing simple modules https://devcentral.f5.com/articles/automate-big-ip-in-customer-environments-using-ansible-27601 5) On demand F5 related videos in Ansible a) https://www.ansible.com/resources/webinars-training/automating-f5-big-ip-using-ansible b) https://www.ansible.com/resources/webinars-training/fast-application-deployment-custer-use-case-with-ansible-f5-big-ip c) https://www.ansible.com/resources/webinars-training/wwt-building-a-f5-solution-with-ansible-tower d) https://www.ansible.com/resources/webinars-training/tackling-big-ip-blue-green-deployments-in-private-cloud-f5
Ansible playbook error
Hi, Need help in Ansible playbook. Trying to run a basic playbook to fetch facts and command, but it keeps popping error. Can please anyone help. Playbook 1 - name: Collect bigip_device_facts: gather_subset: - interfaces - vlans provider: server: x.x.x.x user: <username> password: <password> Error [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' ERROR! 'bigip_device_facts' is not a valid attribute for a Play The error appears to have been in '/ansible-01/playbook.yml': line 1, column 3, but may be elsewhere in the file depending on the exact syntax problem. The offending line appears to be: - name: Collect ^ here Playbook 2 - name: run show version bigip_command: commands: show sys version provider: server: x.x.x.x user: <username> password: <password> Error [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' ERROR! 'bigip_command' is not a valid attribute for a Play The error appears to have been in '/ansible-01/playbook1.yml': line 1, column 3, but may be elsewhere in the file depending on the exact syntax problem. The offending line appears to be: - name: run show version ^ here Thanks, AdityaConnecting to F5 using SSH via Ansible
I am in the process of writing a playbook which uses SSH to connect to F5 and run a bash command (ntpdate -d time_server) to confirm NTP connectivity across the environment. For SSH I am using root. Here is the task that I have in the playbook. - name: "Check NTP on {{override_host}}" vars: ansible_connection: ssh ansible_user: "root" ansible_password: "{{root_pwd}}" ansible_ssh_private_key_file: "~/.ssh/f5-ansible-ssh" command: cmd: ntpdate -d {{item}} loop: "{{new_ntp_servers}}" register: ntp_status The error message that I get is as follows MSG: The module failed to execute correctly, you probably need to set the interpreter. See stdout/stderr for the exact error MODULE_STDOUT: /bin/sh: /usr/local/bin/python3.9: No such file or directory MODULE_STDERR: ******************************* IMPORTANT NOTE ****************************** Banner ***************************************************************************** Shared connection to ltm closed. Any help would be greatly appreciated...
Basic Question on Ansible - Creating Nodes
Hello all I know this is basic but I'm starting off learning about Ansible and F5s. I'm following this lab guide: https://github.com/ansible/workshops/tree/devel/exercises/ansible_f5/1.2-add-node I have configured a basic inventory as such: [lb] f5 ansible_host=X.X.X.X ansible_user=admin private_ip=X.X.X.X ansible_ssh_pass=XXXXXXXX [webservers] host1 ansible_host=X.X.X.X host2 ansible_host=X.X.X.X I then have my YAML file as follows: --- - name: BIG-IP SETUP hosts: lb connection: local gather_facts: false tasks: - name: CREATE NODES bigip_node: provider: server: X.X.X.X user: XXXX password: XXXXXXX server_port: 443 validate_certs: false host: "{{hostvars[webservers].ansible_host}}" name: "{{hostvars[webservers].inventory_hostname}}" loop: "{{ groups[webservers] }}" When I try to run this playbook I get the following error: devlin@ubuntu-v20:~/ansible/f5/lab2$ ansible-playbook -i inventory bigip-node.yaml PLAY [BIG-IP SETUP] ***************************************************************************************************************** TASK [CREATE NODES] ***************************************************************************************************************** fatal: [f5]: FAILED! => {"msg": "'webservers' is undefined"} PLAY RECAP ************************************************************************************************************************** f5: ok=0changed=0unreachable=0failed=1skipped=0rescued=0ignored=0 What does it mean "webservers is undefined"? Thank you?
F5 APM/LTM Ansible module - which to use for changing apm access profile attached to VS?
I would like to use the ansible f5 modules to basically remove or add an access policy attached to a virtual server list. Which ansible f5 module would I use for that? Would it be the bigip_asm_policy module? If so, I don't see where I see the association with the virtual servers access policy drop down list in the GUI. bigip_asm_policy: name:"{{ans_f5_access_profile}}" partition:"{{ans_f5_partition}}" active:yes state:present provider: server:"{{ans_f5_endpoint_url}}" user:"{{ans_f5_userid}}" password:"{{ans_f5_password}}" validate_certs:no
