You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, i'm using the following to loop through the cert kdb's and delete expired certs, however, on failure the play exits without displaying the current kdb id name. How do i code to output the kdb id on every query so i know where to focus troubleshooting? Thank you.
I can output the kdb id names on "Get All Cert KDB Names", yet when it 'changes', 'skips', or on 'failure' the output does not include the id kdb name. Here is an example error:
TASK [delete_certdb_personal_cert_cg : Get list of Personal Certificates in Keystore] *******************************************************************************************************
fatal: [hostname.com]: FAILED! => {"changed": false, "log": "[2019-11-25 13:43:51,195] [PID:9329 TID:140155918956352] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: {"firmware_label":"isam_9.0.4.0_20171201-2325","firmware_build":"20171201-2325","firmware_version":"9.0.4.0","product_description":"IBM Security Access Manager","deployment_model":"Appliance","product_name":"isam"}\n[2019-11-25 13:43:51,320] [PID:9329 TID:140155918956352] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: { "configured": true}\n[2019-11-25 13:43:51,454] [PID:9329 TID:140155918956352] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: [{"name":"ISAM Base Appliance","description":"IBM Security Access Manager Base Appliance","id":"wga","enabled":"True"}, {"name":"ISAM Advanced Access Control","description":"IBM Security Access Manager Advanced Access Control","id":"mga","enabled":"True"}, {"name":"ISAM Federation","description":"IBM Security Access Manager Federation","id":"federation","enabled":"True"}]\n[2019-11-25 13:43:52,112] [PID:9329 TID:140155918956352] [ERROR] [ibmsecurity.appliance.ibmappliance] [_process_response():64] text: {"message":"DPWAP0039E An error occured in the GSKKM_OpenKeyDbX(&dbInfo, &dbh) system function: GSKKM_ERR_NULL_PARAMETER"}\n", "msg": "('HTTP Return code: 500', u'{"message":"DPWAP0039E An error occured in the GSKKM_OpenKeyDbX(&dbInfo, &dbh) system function: GSKKM_ERR_NULL_PARAMETER"}')", "name": "ibmsecurity.isam.base.ssl_certificates.personal_certificate.get_all"}
Hi, i'm using the following to loop through the cert kdb's and delete expired certs, however, on failure the play exits without displaying the current kdb id name. How do i code to output the kdb id on every query so i know where to focus troubleshooting? Thank you.
I can output the kdb id names on "Get All Cert KDB Names", yet when it 'changes', 'skips', or on 'failure' the output does not include the id kdb name. Here is an example error:
TASK [delete_certdb_personal_cert_cg : Get list of Personal Certificates in Keystore] *******************************************************************************************************
fatal: [hostname.com]: FAILED! => {"changed": false, "log": "[2019-11-25 13:43:51,195] [PID:9329 TID:140155918956352] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: {"firmware_label":"isam_9.0.4.0_20171201-2325","firmware_build":"20171201-2325","firmware_version":"9.0.4.0","product_description":"IBM Security Access Manager","deployment_model":"Appliance","product_name":"isam"}\n[2019-11-25 13:43:51,320] [PID:9329 TID:140155918956352] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: { "configured": true}\n[2019-11-25 13:43:51,454] [PID:9329 TID:140155918956352] [DEBUG] [ibmsecurity.appliance.ibmappliance] [_process_response():80] Text: [{"name":"ISAM Base Appliance","description":"IBM Security Access Manager Base Appliance","id":"wga","enabled":"True"}, {"name":"ISAM Advanced Access Control","description":"IBM Security Access Manager Advanced Access Control","id":"mga","enabled":"True"}, {"name":"ISAM Federation","description":"IBM Security Access Manager Federation","id":"federation","enabled":"True"}]\n[2019-11-25 13:43:52,112] [PID:9329 TID:140155918956352] [ERROR] [ibmsecurity.appliance.ibmappliance] [_process_response():64] text: {"message":"DPWAP0039E An error occured in the GSKKM_OpenKeyDbX(&dbInfo, &dbh) system function: GSKKM_ERR_NULL_PARAMETER"}\n", "msg": "('HTTP Return code: 500', u'{"message":"DPWAP0039E An error occured in the GSKKM_OpenKeyDbX(&dbInfo, &dbh) system function: GSKKM_ERR_NULL_PARAMETER"}')", "name": "ibmsecurity.isam.base.ssl_certificates.personal_certificate.get_all"}
Create a Report on Junctions
###########################################################################################################
Set the timestamp variable to be used in create snapshot comment
###########################################################################################################
hosts: localhost
tasks:
timestamp: "{{ lookup('pipe', 'date +%m-%d-%Y') }}"
tags: ["setup"]
###########################################################################################################
Set the timestamp variable to be used in create snapshot comment
###########################################################################################################
hosts: primary
connection: local
roles:
create_snapshot_comment: "Prior to running delete expired certificates script {{hostvars['localhost']['timestamp']}}"
tags: ["snapshot"]
###########################################################################################################
Get a list of the certificate databases from the primary appliance.
###########################################################################################################
hosts: primary
no_log: False
connection: local
vars:
log_level: "CRITICAL"
roles:
role: start_config
role: get_cert_dbs_cg
###########################################################################################################
Check to see if personal certificates in KDB are expired and delete if expired.
###########################################################################################################
name: Get Personal Certificate Details
hosts: primary
connection: local
tasks:
include_role:
name: delete_certdb_personal_cert_cg
vars:
cert_db_id: "{{ outer_item['id'] }}"
with_items: "{{ certdbs_ret_obj['data'] | default([]) }}"
loop_control:
loop_var: outer_item
###########################################################################################################
Check to see if signer certificates in KDB are expired and delete if expired.
###########################################################################################################
name: Get Signer Certificate Details
hosts: primary
connection: local
tasks:
include_role:
name: delete_certdb_signer_cert_cg
vars:
cert_db_id: "{{ outer2_item['id'] }}"
with_items: "{{ certdbs_ret_obj['data'] | default([]) }}"
loop_control:
loop_var: outer2_item
here is the get_cert_dbs_cg
name: Get Certificate Databases ID/Names
isam:
appliance: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
lmi_port: "{{ lmi_port }}"
log: "{{ log_level }}"
force: "{{ force }}"
action: ibmsecurity.isam.base.ssl_certificates.certificate_databases.get_all
register: ret_obj
name: Set variable for use by rest of playbook
set_fact:
certdbs_ret_obj: "{{ ret_obj }}"
name: Output
debug: msg="{{ item['id'] }}"
with_items: "{{ certdbs_ret_obj['data'] }}"
The text was updated successfully, but these errors were encountered: