weixin_39930711
weixin_39930711
2020-12-02 10:26

bigip_firewall_address_list.py - inconsistent handling of IP/CIDR variables

ISSUE TYPE
  • Bug Report
COMPONENT NAME

bigip_firewall_address_list.py (replaces bigip_security_address_list.py & alias support)

ANSIBLE VERSION

ansible 2.5.0
  config file = /home/pp2854/ansible-vepdg_fw/ansible.cfg
  configured module search path = [u'/home/pp2854/ansible-vepdg_fw/library/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
PYTHON VERSION

Python 2.7.6
BIGIP VERSION

Sys::Version
Main Package
  Product     BIG-IP
  Version     12.1.2
  Build       1.49.271
  Edition     Engineering Hotfix HF1
  Date        Fri May 19 13:49:47 PDT 2017
LIBRARY VERSIONS

bigsuds==1.0.6
f5-sdk==3.0.18
CONFIGURATION

Standard ansible.cfg

OS / ENVIRONMENT

Ubuntu 16.04TS

SUMMARY

bigip_security_address_list.py was renamed to bigip_security_address_list.py. Alias supported to still call old name, however when running playbook with alias I get one issue, whereas with not using alias I get different issue;

Issue 1. Call alias - errors kick back when using address/cidr notation variables into playbook, example; 10.10.10.10/32 or 2606:ae00:2e10:104::5/128

Resolved: - change variables to be just 10.10.10.10 and 2606:ae00:2e10:104::5 then play runs clean

Issue 2. Call bigip_security_address_list module directly no alias - errors kick back stating that incorrect address/cidr notation provided. Attempt to flip the variables back to using /32 and /128 as example, still errors out.

Ref #818

STEPS TO REPRODUCE

- name: Create Address-List - Single Entries
  bigip_security_address_list:
    description: "{{ item.description }}"
    name: "{{ item.name }}"
    addresses: "{{ item.address }}"
    server: "{{ ansible_host }}"
    user: "{{ username }}"
    password: "{{ password }}"
    validate_certs: "no"
  delegate_to: localhost
  with_items: "{{ address_list }}"

VARS;

address_list:
  - index: 0
    name: Test1
    description: 'test1'
    address: '2606:ae00:2e10:104::4'
  - index: 1
    name: test2
    description: 'test2'
    address: '166.209.84.99'

or 

address_list:
  - index: 0
    name: Test1
    description: 'test1'
    address: '2606:ae00:2e10:104::4/128'
  - index: 1
    name: test2
    description: 'test2'
    address: '166.209.84.99/32'

EXPECTED RESULTS
ACTUAL RESULTS

pp2854-factory:~/ansible-vepdg_fw$ sudo ansible-playbook base.yml --ask-vault-pass --tags address_list -vvv
ansible-playbook 2.5.0
  config file = /home/pp2854/ansible-vepdg_fw/ansible.cfg
  configured module search path = [u'/home/pp2854/ansible-vepdg_fw/library/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /home/pp2854/ansible-vepdg_fw/ansible.cfg as config file
Vault password: 
Parsed /home/pp2854/ansible-vepdg_fw/hosts inventory source with ini plugin
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_template/f5_template.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_provision/f5_afm_nominal.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_provision/f5_ltm_none.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_db/f5_sys_db.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_software/f5_sys_update_autocheck.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_profile/f5_profile_client_ssl.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_command/f5_profile_server_ssl.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_global/f5_sys_global.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_hostname/f5_hostname.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_sshd/f5_ssh.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_httpd/f5_httpd.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_snmp_trap/f5_snmp_trap.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_snmp/f5_snmp.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_snmp/f5_snmp_community.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_manageroute/f5_mgmt_route.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_ntp/f5_ntp.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_vlan/f5_vlan.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_route/f5_route_remove.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_interface/f5_interface.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_route/f5_route_add.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_monitor/f5_monitor_jsa.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_pool/f5_pool_jsa.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_hsl/f5_dest_hsl.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_hsl/f5_dest_sys.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_hsl/f5_pub_sys.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_command/f5_log_profile.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_command/f5_log_profile_global.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_config/f5_config_save.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_command/f5_gtac.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_timerpolicy/f5_timerpolicy.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_servicepolicy/f5_servicepolicy.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_portlist.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_addresslist.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_addresslist_multi.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_rulelist_icmp.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_rulelist_diameter.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_rulelist_dns.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_rulelist_gtp_pdg.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_rulelist_gtp_pgw.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_policy.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_irule/f5_irule.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_datagroup/f5_datagroup.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_hc_untrust.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_hc_trust.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_diam_untrust_v6.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_diam_untrust_v4.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_dns_untrust_v4.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_gtp_untrust_v6.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_gtp_untrust_v4.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_gtp_trust_v6.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_gtp_trust_v4.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_catch_untrust_v4.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_catch_trust_v4.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_catch_untrust_v6.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_virtual_server/f5_virt_catch_trust_v6.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_command/f5_gtac_apply.yml
statically imported: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_config/f5_config_save.yml

PLAYBOOK: base.yml *********************************************************************************************************************************************************************************************************************************************
1 plays in base.yml

PLAY [single] **************************************************************************************************************************************************************************************************************************************************
META: ran handlers

TASK [f5base : Create Address-List - Single Entries] ***********************************************************************************************************************************************************************************************************
task path: /home/pp2854/ansible-vepdg_fw/roles/f5base/tasks/bigip_afm/f5_afm_addresslist.yml:2
Using module file /home/pp2854/ansible-vepdg_fw/library/modules/bigip_firewall_address_list.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 942, in main
    results = mm.exec_module()
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 798, in exec_module
    changed = self.present()
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 821, in present
    return self.update()
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 834, in update
    if not self.should_update():
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 786, in should_update
    result = self._update_changed_options()
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 772, in _update_changed_options
    change = diff.compare(k)
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 708, in compare
    result = getattr(self, param)
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 724, in addresses
    if self.want.addresses is None:
  File "/tmp/ansible_Y0A79X/ansible_module_bigip_firewall_address_list.py", line 551, in addresses
    "Address {0} must be either an IPv4 or IPv6 address or network.".format(x)

failed: [zrdm5afpdg01pdgZZZ -> localhost] (item={u'index': 0, u'description': u'Covers ePDG Diameter on Untrusted Net', u'name': u'ePDG-SWm-V6', u'address': u'2606:ae00:2e10:104::4/128'}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "address_lists": null, 
            "address_ranges": null, 
            "addresses": [
                "2606:ae00:2e10:104::4/128"
            ], 
            "description": "Covers ePDG Diameter on Untrusted Net", 
            "fqdns": null, 
            "geo_locations": null, 
            "name": "ePDG-SWm-V6", 
            "partition": "Common", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.17.32.31", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "server": "172.17.32.31", 
            "server_port": null, 
            "state": "present", 
            "transport": null, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "address": "2606:ae00:2e10:104::4/128", 
        "description": "Covers ePDG Diameter on Untrusted Net", 
        "index": 0, 
        "name": "ePDG-SWm-V6"
    }, 
    "msg": "Address 2606:ae00:2e10:104::4/128 must be either an IPv4 or IPv6 address or network."
}
Using module file /home/pp2854/ansible-vepdg_fw/library/modules/bigip_firewall_address_list.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
ok: [zrdm5afpdg01pdgZZZ -> localhost] => (item={u'index': 1, u'description': u'Covers ePDG DNS on Untrusted Net', u'name': u'ePDG-DNS-V4', u'address': u'166.209.84.99/32'}) => {
    "changed": false, 
    "deprecations": [
        {
            "msg": "Param 'user' is deprecated. See the module docs for more information", 
            "version": 2.9
        }, 
        {
            "msg": "Param 'password' is deprecated. See the module docs for more information", 
            "version": 2.9
        }, 
        {
            "msg": "Param 'server' is deprecated. See the module docs for more information", 
            "version": 2.9
        }, 
        {
            "msg": "Param 'validate_certs' is deprecated. See the module docs for more information", 
            "version": 2.9
        }
    ], 
    "invocation": {
        "module_args": {
            "address_lists": null, 
            "address_ranges": null, 
            "addresses": [
                "166.209.84.99/32"
            ], 
            "description": "Covers ePDG DNS on Untrusted Net", 
            "fqdns": null, 
            "geo_locations": null, 
            "name": "ePDG-DNS-V4", 
            "partition": "Common", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.17.32.31", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "server": "172.17.32.31", 
            "server_port": null, 
            "state": "present", 
            "transport": null, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "address": "166.209.84.99/32", 
        "description": "Covers ePDG DNS on Untrusted Net", 
        "index": 1, 
        "name": "ePDG-DNS-V4"
    }
}
Using module file /home/pp2854/ansible-vepdg_fw/library/modules/bigip_firewall_address_list.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 951, in <module>
    main()
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 942, in main
    results = mm.exec_module()
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 798, in exec_module
    changed = self.present()
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 821, in present
    return self.update()
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 834, in update
    if not self.should_update():
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 786, in should_update
    result = self._update_changed_options()
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 772, in _update_changed_options
    change = diff.compare(k)
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 708, in compare
    result = getattr(self, param)
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 724, in addresses
    if self.want.addresses is None:
  File "/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py", line 546, in addresses
    result.append(str(ip_address(x)))
  File "/tmp/ansible_H7aUGa/ansible_modlib.zip/ansible/module_utils/compat/ipaddress.py", line 217, in ip_address

ansible.module_utils.compat.ipaddress.AddressValueError: '166.209.84.100' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?

failed: [zrdm5afpdg01pdgZZZ -> localhost] (item={u'index': 2, u'description': u'Covers ePDG GTP-C on Untrusted Net', u'name': u'ePDG-S2b-V4', u'address': u'166.209.84.100'}) => {
    "changed": false, 
    "item": {
        "address": "166.209.84.100", 
        "description": "Covers ePDG GTP-C on Untrusted Net", 
        "index": 2, 
        "name": "ePDG-S2b-V4"
    }, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 951, in <module>\n    main()\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 942, in main\n    results = mm.exec_module()\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 798, in exec_module\n    changed = self.present()\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 821, in present\n    return self.update()\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 834, in update\n    if not self.should_update():\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 786, in should_update\n    result = self._update_changed_options()\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 772, in _update_changed_options\n    change = diff.compare(k)\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 708, in compare\n    result = getattr(self, param)\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 724, in addresses\n    if self.want.addresses is None:\n  File \"/tmp/ansible_H7aUGa/ansible_module_bigip_firewall_address_list.py\", line 546, in addresses\n    result.append(str(ip_address(x)))\n  File \"/tmp/ansible_H7aUGa/ansible_modlib.zip/ansible/module_utils/compat/ipaddress.py\", line 217, in ip_address\n    \nansible.module_utils.compat.ipaddress.AddressValueError: '166.209.84.100' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 1
}
Using module file /home/pp2854/ansible-vepdg_fw/library/modules/bigip_firewall_address_list.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 951, in <module>
    main()
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 942, in main
    results = mm.exec_module()
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 798, in exec_module
    changed = self.present()
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 821, in present
    return self.update()
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 834, in update
    if not self.should_update():
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 786, in should_update
    result = self._update_changed_options()
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 772, in _update_changed_options
    change = diff.compare(k)
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 708, in compare
    result = getattr(self, param)
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 724, in addresses
    if self.want.addresses is None:
  File "/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py", line 546, in addresses
    result.append(str(ip_address(x)))
  File "/tmp/ansible_z0mbKj/ansible_modlib.zip/ansible/module_utils/compat/ipaddress.py", line 217, in ip_address

ansible.module_utils.compat.ipaddress.AddressValueError: '2606:ae00:2e10:104::5' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?

failed: [zrdm5afpdg01pdgZZZ -> localhost] (item={u'index': 3, u'description': u'Covers ePDG GTP-U on Untrusted Net', u'name': u'ePDG-S2b-V6', u'address': u'2606:ae00:2e10:104::5'}) => {
    "changed": false, 
    "item": {
        "address": "2606:ae00:2e10:104::5", 
        "description": "Covers ePDG GTP-U on Untrusted Net", 
        "index": 3, 
        "name": "ePDG-S2b-V6"
    }, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 951, in <module>\n    main()\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 942, in main\n    results = mm.exec_module()\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 798, in exec_module\n    changed = self.present()\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 821, in present\n    return self.update()\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 834, in update\n    if not self.should_update():\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 786, in should_update\n    result = self._update_changed_options()\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 772, in _update_changed_options\n    change = diff.compare(k)\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 708, in compare\n    result = getattr(self, param)\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 724, in addresses\n    if self.want.addresses is None:\n  File \"/tmp/ansible_z0mbKj/ansible_module_bigip_firewall_address_list.py\", line 546, in addresses\n    result.append(str(ip_address(x)))\n  File \"/tmp/ansible_z0mbKj/ansible_modlib.zip/ansible/module_utils/compat/ipaddress.py\", line 217, in ip_address\n    \nansible.module_utils.compat.ipaddress.AddressValueError: '2606:ae00:2e10:104::5' does not appear to be an IPv4 or IPv6 address. Did you pass in a bytes (str in Python 2) instead of a unicode object?\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 1
}

PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************
zrdm5afpdg01pdgZZZ         : ok=0    changed=0    unreachable=0    failed=1   

</module></module></localhost></module></module></localhost></localhost></localhost></localhost>

该提问来源于开源项目:F5Networks/f5-ansible

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

10条回答

  • weixin_39838798 weixin_39838798 5月前

    seems there was a missing conversion in a module_utils file. Can you update both the module_utils files you have as well as the module itself. Also, there should not be a real difference between the alias and the module itself because one is literally a symlink to the other.

    What you were likely seeing was the missing conversion trickling through in python 2.7 specific environments. I think I have this fixed now. Lemme know.

    点赞 评论 复制链接分享
  • weixin_39930711 weixin_39930711 5月前

    Sorry for delay, working on pulling a regression test off the updated libraries. Will update shortly.

    Thanks in advance,

    点赞 评论 复制链接分享
  • weixin_39930711 weixin_39930711 5月前

    So tested this and if I leverage addresses without a CIDR notation in vars it works fine, however looking at the allowed syntax rules on the module it states following;

    
      addresses:
        description:
          - Individual addresses that you want to add to the list. These addresses differ
            from ranges, and lists of lists such as what can be used in C(address_ranges)
            and C(address_lists) respectively.
          - This list can also include networks that have CIDR notation.
    

    Here is what works;

    
    ---
    - name: Create Address-List - Single Entries
      bigip_security_address_list:
        name: "{{ item.name }}"
        addresses: "{{ item.address }}"
        server: "{{ ansible_host }}"
        user: "{{ username }}"
        password: "{{ password }}"
        validate_certs: "no"
      delegate_to: localhost
      with_items: "{{ address_list }}"
    
    address_list:
      - index: 0
        name: ePDG-SWm-V6
        address: '2606:ae00:2e10:104::4'
      - index: 1
        name: ePDG-DNS-V4
        address: '166.209.84.99'
      - index: 2
        name: ePDG-S2b-V4
        address: '166.209.84.100'
      - index: 3
        name: ePDG-S2b-V6
        address: '2606:ae00:2e10:104::5'
    

    What doesn't work is following in vars to same playbook;

    
    address_list:
      - index: 0
        name: ePDG-SWm-V6
        address: '2606:ae00:2e10:104::4/128'
      - index: 1
        name: ePDG-DNS-V4
        address: '166.209.84.99/32'
      - index: 2
        name: ePDG-S2b-V4
        address: '166.209.84.100/32'
      - index: 3
        name: ePDG-S2b-V6
        address: '2606:ae00:2e10:104::5/128'
    
    点赞 评论 复制链接分享
  • weixin_39838798 weixin_39838798 5月前

    can you post the error with -vvvv?

    点赞 评论 复制链接分享
  • weixin_39930711 weixin_39930711 5月前

    here you go...

    
    Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/f5/bigip_security_address_list.py
    <localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
    The full traceback is:
    Traceback (most recent call last):
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 944, in <module>
        main()
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 935, in main
        results = mm.exec_module()
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 789, in exec_module
        changed = self.present()
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 812, in present
        return self.update()
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 825, in update
        if not self.should_update():
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 777, in should_update
        result = self._update_changed_options()
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 763, in _update_changed_options
        change = diff.compare(k)
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 699, in compare
        result = getattr(self, param)
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 715, in addresses
        if self.want.addresses is None:
      File "/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py", line 538, in addresses
        netaddr.IPAddress(x)
      File "/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py", line 280, in __init__
        % self.__class__.__name__)
    ValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.
    
    failed: [zrdm8afcgi01cgi002 -> localhost] (item=[{u'description': u'Mobile Device Ranges for IPv4', u'name': u'MOBILE-RANGE', u'address': u'10.0.0.0/8'}, u'NONHTTP1']) => {
        "changed": false, 
        "item": [
            {
                "address": "10.0.0.0/8", 
                "description": "Mobile Device Ranges for IPv4", 
                "name": "MOBILE-RANGE"
            }, 
            "NONHTTP1"
        ], 
        "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 944, in <module>\n    main()\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 935, in main\n    results = mm.exec_module()\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 789, in exec_module\n    changed = self.present()\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 812, in present\n    return self.update()\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 825, in update\n    if not self.should_update():\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 777, in should_update\n    result = self._update_changed_options()\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 763, in _update_changed_options\n    change = diff.compare(k)\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 699, in compare\n    result = getattr(self, param)\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 715, in addresses\n    if self.want.addresses is None:\n  File \"/tmp/ansible__dyMIG/ansible_module_bigip_security_address_list.py\", line 538, in addresses\n    netaddr.IPAddress(x)\n  File \"/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py\", line 280, in __init__\n    % self.__class__.__name__)\nValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.\n", 
        "module_stdout": "", 
        "msg": "MODULE FAILURE", 
        "rc": 1
    }
    <localhost> connection transport is rest
    Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/f5/bigip_security_address_list.py
    <localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
    The full traceback is:
    Traceback (most recent call last):
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 944, in <module>
        main()
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 935, in main
        results = mm.exec_module()
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 789, in exec_module
        changed = self.present()
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 812, in present
        return self.update()
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 825, in update
        if not self.should_update():
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 777, in should_update
        result = self._update_changed_options()
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 763, in _update_changed_options
        change = diff.compare(k)
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 699, in compare
        result = getattr(self, param)
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 715, in addresses
        if self.want.addresses is None:
      File "/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py", line 538, in addresses
        netaddr.IPAddress(x)
      File "/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py", line 280, in __init__
        % self.__class__.__name__)
    ValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.
    
    failed: [zrdm8afcgi01cgi002 -> localhost] (item=[{u'description': u'Mobile Device Ranges for IPv4', u'name': u'MOBILE-RANGE', u'address': u'10.0.0.0/8'}, u'NONHTTP2']) => {
        "changed": false, 
        "item": [
            {
                "address": "10.0.0.0/8", 
                "description": "Mobile Device Ranges for IPv4", 
                "name": "MOBILE-RANGE"
            }, 
            "NONHTTP2"
        ], 
        "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 944, in <module>\n    main()\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 935, in main\n    results = mm.exec_module()\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 789, in exec_module\n    changed = self.present()\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 812, in present\n    return self.update()\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 825, in update\n    if not self.should_update():\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 777, in should_update\n    result = self._update_changed_options()\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 763, in _update_changed_options\n    change = diff.compare(k)\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 699, in compare\n    result = getattr(self, param)\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 715, in addresses\n    if self.want.addresses is None:\n  File \"/tmp/ansible_wqC_bm/ansible_module_bigip_security_address_list.py\", line 538, in addresses\n    netaddr.IPAddress(x)\n  File \"/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py\", line 280, in __init__\n    % self.__class__.__name__)\nValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.\n", 
        "module_stdout": "", 
        "msg": "MODULE FAILURE", 
        "rc": 1
    }
    <localhost> connection transport is rest
    Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/f5/bigip_security_address_list.py
    <localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
    The full traceback is:
    Traceback (most recent call last):
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 944, in <module>
        main()
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 935, in main
        results = mm.exec_module()
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 789, in exec_module
        changed = self.present()
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 812, in present
        return self.update()
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 825, in update
        if not self.should_update():
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 777, in should_update
        result = self._update_changed_options()
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 763, in _update_changed_options
        change = diff.compare(k)
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 699, in compare
        result = getattr(self, param)
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 715, in addresses
        if self.want.addresses is None:
      File "/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py", line 538, in addresses
        netaddr.IPAddress(x)
      File "/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py", line 280, in __init__
        % self.__class__.__name__)
    ValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.
    
    failed: [zrdm8afcgi01cgi002 -> localhost] (item=[{u'description': u'Mobile Device Ranges for IPv6', u'name': u'MOBILE-RANGE-IPV6', u'address': u'2600::/64'}, u'NONHTTP1']) => {
        "changed": false, 
        "item": [
            {
                "address": "2600::/64", 
                "description": "Mobile Device Ranges for IPv6", 
                "name": "MOBILE-RANGE-IPV6"
            }, 
            "NONHTTP1"
        ], 
        "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 944, in <module>\n    main()\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 935, in main\n    results = mm.exec_module()\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 789, in exec_module\n    changed = self.present()\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 812, in present\n    return self.update()\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 825, in update\n    if not self.should_update():\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 777, in should_update\n    result = self._update_changed_options()\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 763, in _update_changed_options\n    change = diff.compare(k)\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 699, in compare\n    result = getattr(self, param)\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 715, in addresses\n    if self.want.addresses is None:\n  File \"/tmp/ansible_3zseWx/ansible_module_bigip_security_address_list.py\", line 538, in addresses\n    netaddr.IPAddress(x)\n  File \"/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py\", line 280, in __init__\n    % self.__class__.__name__)\nValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.\n", 
        "module_stdout": "", 
        "msg": "MODULE FAILURE", 
        "rc": 1
    }
    <localhost> connection transport is rest
    Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/f5/bigip_security_address_list.py
    <localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
    The full traceback is:
    Traceback (most recent call last):
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 944, in <module>
        main()
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 935, in main
        results = mm.exec_module()
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 789, in exec_module
        changed = self.present()
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 812, in present
        return self.update()
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 825, in update
        if not self.should_update():
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 777, in should_update
        result = self._update_changed_options()
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 763, in _update_changed_options
        change = diff.compare(k)
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 699, in compare
        result = getattr(self, param)
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 715, in addresses
        if self.want.addresses is None:
      File "/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py", line 538, in addresses
        netaddr.IPAddress(x)
      File "/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py", line 280, in __init__
        % self.__class__.__name__)
    ValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.
    
    failed: [zrdm8afcgi01cgi002 -> localhost] (item=[{u'description': u'Mobile Device Ranges for IPv6', u'name': u'MOBILE-RANGE-IPV6', u'address': u'2600::/64'}, u'NONHTTP2']) => {
        "changed": false, 
        "item": [
            {
                "address": "2600::/64", 
                "description": "Mobile Device Ranges for IPv6", 
                "name": "MOBILE-RANGE-IPV6"
            }, 
            "NONHTTP2"
        ], 
        "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 944, in <module>\n    main()\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 935, in main\n    results = mm.exec_module()\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 789, in exec_module\n    changed = self.present()\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 812, in present\n    return self.update()\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 825, in update\n    if not self.should_update():\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 777, in should_update\n    result = self._update_changed_options()\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 763, in _update_changed_options\n    change = diff.compare(k)\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 699, in compare\n    result = getattr(self, param)\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 715, in addresses\n    if self.want.addresses is None:\n  File \"/tmp/ansible_6hH53J/ansible_module_bigip_security_address_list.py\", line 538, in addresses\n    netaddr.IPAddress(x)\n  File \"/usr/local/lib/python2.7/dist-packages/netaddr/ip/__init__.py\", line 280, in __init__\n    % self.__class__.__name__)\nValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.\n", 
        "module_stdout": "", 
        "msg": "MODULE FAILURE", 
        "rc": 1
    }
    
    PLAY RECAP **************************************************************************************************************************************************************************************************
    zrdm8afcgi01cgi002         : ok=0    changed=0    unreachable=0    failed=1 
    </module></module></localhost></localhost></module></module></localhost></localhost></module></module></localhost></localhost></module></module></localhost>
    点赞 评论 复制链接分享
  • weixin_39930711 weixin_39930711 5月前

    Do you need any more details on this one? Would love to close this one up as we have several AFM related playbooks affected by this one.

    点赞 评论 复制链接分享
  • weixin_39838798 weixin_39838798 5月前

    the error there suggests it's still using the old module. It reports this

    /usr/lib/python2.7/dist-packages/ansible/modules/network/f5/bigip_security_address_list.py

    but in your environment I think you are putting the dev modules in a side-band location, right? If not, regardless, the "old" file was renamed to begin with an underscore. So it appears that it is not using the "old" file.

    We need to tell it to use bigip_firewall_address_list. I've uploaded a set of tests here that suggests it works on the devel code we have in the f5-ansible repo.

    https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/targets/bigip_firewall_address_list/tasks/issue-00871.yaml

    So I think we have a misconfiguration in your env that we need to sort out.

    点赞 评论 复制链接分享
  • weixin_39930711 weixin_39930711 5月前

    Ok will take another swag at the test, could be my fault here.

    点赞 评论 复制链接分享
  • weixin_39930711 weixin_39930711 5月前

    Please close this, your were right on the money, it was an issue with me leveraging the old module name, corrected this and it appears to be working just fine.

    点赞 评论 复制链接分享
  • weixin_39838798 weixin_39838798 5月前

    glad to hear. closing

    点赞 评论 复制链接分享

相关推荐