Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ansible.netcommon.httpapi remote_user not set to logged in user by default #499

Open
netgab opened this issue Jan 9, 2023 · 0 comments
Open

ansible.netcommon.httpapi remote_user not set to logged in user by default #499

netgab opened this issue Jan 9, 2023 · 0 comments
Assignees
@Qalthos

Comments

@netgab
Copy link

netgab commented Jan 9, 2023

SUMMARY

When using the ansible.netcommon.httpapi connection plugin for RESTCONF, authentication against the remote device fails. It's suspected, that the logged in Linux username is not used by default as stated in the ansible.netcommon.httpapi documentation

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ansible.netcommon.httpapi

ANSIBLE VERSION
$ ansible --version
ansible [core 2.14.1]
  config file = /home/student01/module03-3/ansible/ansible.cfg
  configured module search path = ['/home/student01/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible
  ansible collection location = /home/student01/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/student01/module03-3/venv/bin/ansible
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] (/home/student01/module03-3/venv/bin/python3)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
$ ansible-galaxy collection list ansible.netcommon

# /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible_collections
Collection        Version
----------------- -------
ansible.netcommon 4.1.0
CONFIGURATION
$ ansible-config dump --only-changed -t all
CONFIG_FILE() = /home/student01/module03-3/ansible/ansible.cfg
HOST_KEY_CHECKING(/home/student01/module03-3/ansible/ansible.cfg) = False

CONNECTION:
==========

paramiko_ssh:
____________
host_key_checking(/home/student01/module03-3/ansible/ansible.cfg) = False

ssh:
___
host_key_checking(/home/student01/module03-3/ansible/ansible.cfg) = False
OS / ENVIRONMENT

Debian Linux 11 (Ansible control node)
Cisco IOS-XE 17.9 (Catalyst 8000V)

STEPS TO REPRODUCE

Inventory

c8k_student01-1 ansible_host=10.21.128.202

Playbook:

- name: "RESTCONF test playbook"
  hosts: "all"
  gather_facts: false

  tasks:
    - name: get list of resource modules for given network_os
      vars:
        ansible_connection: ansible.netcommon.httpapi
        ansible_network_os: ansible.netcommon.restconf
        ansible_httpapi_use_ssl: true
        ansible_httpapi_validate_certs: false
        ansible_httpapi_port: 443
        ansible_httpapi_restconf_root: /restconf/data/
      ansible.netcommon.restconf_get:
        path: /ietf-interfaces:interfaces
      register: "test_var"

Run:

ansible-playbook -i inventory.ini play_restconf_test.yml -k
EXPECTED RESULTS

It's expected, that when the playbook is started, the user is prompted for the password, because of the -k CLI parameter. Because no remote_user (variable ansible_user) is set explicitly, the logged in username should be used as stated in the documentation (https://docs.ansible.com/ansible/latest/collections/ansible/netcommon/httpapi_connection.html)

remote_user: The username used to authenticate to the remote device when the API connection is first established. If the remote_user is not specified, the connection will use the username of the logged in user.

However, the task fails with a HTTP 401 error.

If setting the ansible_user variable or setting the user via the --user CLI variable, the task runs successfully.
Example working task vars (added the ansible_user variable:

      vars:
        ansible_connection: ansible.netcommon.httpapi
        ansible_network_os: ansible.netcommon.restconf
        ansible_httpapi_use_ssl: true
        ansible_httpapi_validate_certs: false
        ansible_httpapi_port: 443
        ansible_httpapi_restconf_root: /restconf/data/
        ansible_user: "{{ lookup('env', 'USER') }}"
ACTUAL RESULTS
$ ansible-playbook -i inventory.ini play_restconf_test.yml -k -vvvv
ansible-playbook [core 2.14.1]
  config file = /home/student01/module03-3/ansible/ansible.cfg
  configured module search path = ['/home/student01/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible
  ansible collection location = /home/student01/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/student01/module03-3/venv/bin/ansible-playbook
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] (/home/student01/module03-3/venv/bin/python3)
  jinja version = 3.1.2
  libyaml = True
Using /home/student01/module03-3/ansible/ansible.cfg as config file
SSH password: 
setting up inventory plugins
host_list declined parsing /home/student01/module03-3/ansible/inventory.ini as it did not pass its verify_file() method
script declined parsing /home/student01/module03-3/ansible/inventory.ini as it did not pass its verify_file() method
auto declined parsing /home/student01/module03-3/ansible/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /home/student01/module03-3/ansible/inventory.ini as it did not pass its verify_file() method
Parsed /home/student01/module03-3/ansible/inventory.ini inventory source with ini plugin
Loading collection ansible.netcommon from /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible_collections/ansible/netcommon
Loading callback plugin default of type stdout, v2.0 from /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: play_restconf_test.yml ***************************************************************************************************************************************************************************************************************************************************
Positional arguments: play_restconf_test.yml
verbosity: 4
connection: smart
timeout: 10
ask_pass: True
become_method: sudo
tags: ('all',)
inventory: ('/home/student01/module03-3/ansible/inventory.ini',)
forks: 5
1 plays in play_restconf_test.yml

PLAY [RESTCONF test playbook] ******************************************************************************************************************************************************************************************************************************************************

TASK [get list of resource modules for given network_os] ***************************************************************************************************************************************************************************************************************************
task path: /home/student01/module03-3/ansible/play_restconf_test.yml:7
<10.21.128.202> attempting to start connection
<10.21.128.202> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /home/student01/module03-3/venv/bin/ansible-connection
<10.21.128.202> local domain socket does not exist, starting it
<10.21.128.202> control socket path is /home/student01/.ansible/pc/1c3550ebe3
<10.21.128.202> Loading collection ansible.netcommon from /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible_collections/ansible/netcommon
<10.21.128.202> local domain socket listeners started successfully
<10.21.128.202> loaded API plugin ansible_collections.ansible.netcommon.plugins.httpapi.restconf from path /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible_collections/ansible/netcommon/plugins/httpapi/restconf.py for platform type ansible.netcommon.restconf
<10.21.128.202> 
<10.21.128.202> local domain socket path is /home/student01/.ansible/pc/1c3550ebe3
<10.21.128.202> ESTABLISH LOCAL CONNECTION FOR USER: student01
<10.21.128.202> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/student01/.ansible/tmp/ansible-local-1929783zoorheb `"&& mkdir "` echo /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/ansible-tmp-1673249353.6277976-192997-49736109577898 `" && echo ansible-tmp-1673249353.6277976-192997-49736109577898="` echo /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/ansible-tmp-1673249353.6277976-192997-49736109577898 `" ) && sleep 0'
Using module file /home/student01/module03-3/venv/lib/python3.9/site-packages/ansible_collections/ansible/netcommon/plugins/modules/restconf_get.py
<10.21.128.202> PUT /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/tmpkkmvuf5e TO /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/ansible-tmp-1673249353.6277976-192997-49736109577898/AnsiballZ_restconf_get.py
<10.21.128.202> EXEC /bin/sh -c 'chmod u+x /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/ansible-tmp-1673249353.6277976-192997-49736109577898/ /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/ansible-tmp-1673249353.6277976-192997-49736109577898/AnsiballZ_restconf_get.py && sleep 0'
<10.21.128.202> EXEC /bin/sh -c '/home/student01/module03-3/venv/bin/python3 /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/ansible-tmp-1673249353.6277976-192997-49736109577898/AnsiballZ_restconf_get.py && sleep 0'
<10.21.128.202> EXEC /bin/sh -c 'rm -f -r /home/student01/.ansible/tmp/ansible-local-1929783zoorheb/ansible-tmp-1673249353.6277976-192997-49736109577898/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_ansible.netcommon.restconf_get_payload_8greruxe/ansible_ansible.netcommon.restconf_get_payload.zip/ansible_collections/ansible/netcommon/plugins/modules/restconf_get.py", line 111, in main
  File "/tmp/ansible_ansible.netcommon.restconf_get_payload_8greruxe/ansible_ansible.netcommon.restconf_get_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/restconf/restconf.py", line 32, in get
    return connection.send_request(
  File "/tmp/ansible_ansible.netcommon.restconf_get_payload_8greruxe/ansible_ansible.netcommon.restconf_get_payload.zip/ansible/module_utils/connection.py", line 200, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [c8k_student01-1]: FAILED! => {
    "changed": false,
    "code": -32603,
    "invocation": {
        "module_args": {
            "content": null,
            "output": "json",
            "path": "/ietf-interfaces:interfaces"
        }
    },
    "msg": "HTTP Error 401: Unauthorized"
}

PLAY RECAP *************************************************************************************************************************************************************************************************************************************************************************
c8k_student01-1            : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Qalthos Qalthos

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Qalthos @netgab