Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eos_user: sends user secret first on user creation fixes #31680 #32162

Merged
merged 4 commits into from
Oct 26, 2017
Merged

eos_user: sends user secret first on user creation fixes #31680 #32162

merged 4 commits into from
Oct 26, 2017

Conversation

dathelen
Copy link
Contributor

@dathelen dathelen commented Oct 25, 2017
edited by trishnaguha

SUMMARY

fixes #31680
When using the eos_user module to create a new user and setting the privilege level the play would fail because the privilege level would set before the user would be created. This fix insures the correct order of commands

fix the order commands are sent allowing for user attributes to be se…

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

eos_user

ANSIBLE VERSION
ansible 2.4.0.0
  config file = None
  configured module search path = [u'/Users/dt/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.11 (default, Nov 13 2016, 20:35:45) [GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)]
ADDITIONAL INFORMATION

Before the change

fatal: [mn100]: FAILED! => {
    "changed": false,
    "code": 1000,
    "failed": true,
    "invocation": {
        "module_args": {
            "aggregate": null,
            "auth_pass": null,
            "authorize": false,
            "configured_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "host": "mn100",
            "name": "dt",
            "nopassword": null,
            "password": "",
            "port": 443,
            "privilege": 15,
            "provider": {
                "auth_pass": null,
                "authorize": false,
                "host": "mn100",
                "password": "",
                "port": 443,
                "ssh_keyfile": null,
                "timeout": 10,
                "transport": "eapi",
                "use_ssl": true,
                "username": "admin",
                "validate_certs": false
            },
            "purge": false,
            "role": null,
            "ssh_keyfile": null,
            "sshkey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCUoCOc+YSyGj9/5K1dYDodwzNJ+7wFkgTyZ3NppTyBiQ96XqmjyEMI/mX58mfS8rm/1W4uPqUZiGmgPSPxmOOE5C9w5q3RRFoIMwrlmoEYFkax5Rn5A3egRrPg1SG2Ybi4lSikpzjLuA/fhGH5915AtApSM57r4v7mYyYrQuqdBGA+h8FlemfWrHqm5LkJMO+fD22A8yXNCS0Rzoo9mL0ZzQY/n5isp1giKJQjvqd2ONl7IohWTAQ7ZHmq9t8294FdepIzund6Iv3akbJ59PkGak1e1VF7jTYMX3bDoYUvA1zFl9YEHkQbgJIei2K1jFRFBZ+pTR8z/nTxT6+VECMZWW5vq25LQqLAqyH/tuXRDN8NLWV1Hkn984wX4UY9nbnjOrLih4gcMpeCHOxgFJmr6OUP6+CEJGi07tTFg1p9NQnCkq8zBEIxzT89ayS1EWutF4dbXMj5N1EEkffwQakGVMDDeqFZIEc98OajJRGf6xREUOMimvxLKCwHQeTVocHl7oTR8Ku2Tsjr5Kugf9X7gcH9tn4UTIS/oSAA/2rxFGww7ViUrBHNrnQDpFgRlZD4eTr8X4BhHvoFMhH94xz7R68BIwYq7HPudyKR01iWLWvnpvGv21/xcNDE8c9Qr0mqtJbdrGMNGNyCEPe55Z6ZU1/GmT4LcNzpM3W44Js7HQ== mcroff@wish.com",
            "state": "present",
            "timeout": 10,
            "transport": "cli",
            "update_password": "on_create",
            "url_password": "",
            "url_username": "admin",
  1 ---
            "use_ssl": true,
            "username": "admin",
            "validate_certs": false
        }
    },
    "msg": "CLI command 3 of 5 'username  willfail  privilege 15' failed: could not run command"
}

After the change

23:36:20 [dt:~/eosplus/cloud-deployment/ansible] develop(+6/-6)+* ± ansible-playbook -i hosts user.yaml  -vvvvv
ansible-playbook 2.4.0.0
  config file = None
  configured module search path = [u'/Users/dt/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 2.7.11 (default, Nov 13 2016, 20:35:45) [GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)]
No config file found; using defaults
setting up inventory plugins
Parsed /Users/dt/eosplus/cloud-deployment/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/local/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc

PLAYBOOK: user.yaml *********************************************************************************************************************************************************************************
1 plays in user.yaml

PLAY [mn100] ****************************************************************************************************************************************************************************************
META: ran handlers

TASK [new user] *************************************************************************************************************************************************************************************
task path: /Users/dt/eosplus/cloud-deployment/ansible/user.yaml:7
<mn100> connection transport is eapi
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/basic.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/network_common.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/eos.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/six/__init__.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/_text.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/parsing/convert_bool.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/parsing/__init__.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/pycompat24.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/connection.py
Using module_utils file /usr/local/lib/python2.7/site-packages/ansible/module_utils/urls.py
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/network/eos/eos_user.py
<mn100> ESTABLISH LOCAL CONNECTION FOR USER: dt
<mn100> EXEC /bin/sh -c 'echo ~ && sleep 0'
<mn100> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/dt/.ansible/tmp/ansible-tmp-1507865782.98-129193525012304 `" && echo ansible-tmp-1507865782.98-129193525012304="` echo /Users/dt/.ansible/tmp/ansible-tmp-1507865782.98-129193525012304 `" ) && sleep 0'
<mn100> PUT /var/folders/vw/2_f0pb_s40z3gxbzqs3s55980000gp/T/tmpJJS2DD TO /Users/dt/.ansible/tmp/ansible-tmp-1507865782.98-129193525012304/eos_user.py
<mn100> EXEC /bin/sh -c 'chmod u+x /Users/dt/.ansible/tmp/ansible-tmp-1507865782.98-129193525012304/ /Users/dt/.ansible/tmp/ansible-tmp-1507865782.98-129193525012304/eos_user.py && sleep 0'
<mn100> EXEC /bin/sh -c '/usr/bin/python /Users/dt/.ansible/tmp/ansible-tmp-1507865782.98-129193525012304/eos_user.py; rm -rf "/Users/dt/.ansible/tmp/ansible-tmp-1507865782.98-129193525012304/" > /dev/null 2>&1 && sleep 0'
changed: [mn100] => {
    "changed": true,
    "commands": [
        "username willfail secret ********",
        "username willfail privilege 15"
    ],
    "failed": false,
    "invocation": {
        "module_args": {
            "aggregate": null,
            "auth_pass": null,
            "authorize": false,
            "configured_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "host": "mn100",
            "name": "willfail",
            "nopassword": null,
            "password": "",
            "port": 443,
            "privilege": 15,
            "provider": {
                "auth_pass": null,
                "authorize": false,
                "host": "mn100",
                "password": "",
                "port": 443,
                "ssh_keyfile": null,
                "timeout": 10,
                "transport": "eapi",
                "use_ssl": true,
                "username": "admin",
                "validate_certs": false
            },
            "purge": false,
            "role": null,
            "ssh_keyfile": null,
            "sshkey": null,
            "state": "present",
            "timeout": 10,
            "transport": "cli",
            "update_password": "on_create",
            "url_password": "",
            "url_username": "admin",
            "use_ssl": true,
            "username": "admin",
            "validate_certs": false
        }
    },
    "session_name": "ansible_1507865786"

@dathelen dathelen mentioned this pull request Oct 25, 2017
Closed
@ansibot
Copy link
Contributor

ansibot commented Oct 25, 2017

cc @privateip @trishnaguha
click here for bot help

@ansibot ansibot added affects_2.5 This issue/PR affects Ansible v2.5 bugfix_pull_request core_review In order to be merged, this PR must follow the core review workflow. module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. networking Network category new_contributor This PR is the first contribution by a new community member. support:network This issue/PR relates to code supported by the Ansible Network Team. test This PR relates to tests. labels Oct 25, 2017
@dathelen
Copy link
Contributor Author

dathelen commented Oct 25, 2017
edited

@gundalow once we get the requite reviews done is it possible to put this in the cherry pick 2.4 list? We (Arista) have a customer that would like this fix in a 2.4 maintenance release

@jborean93 jborean93 removed the needs_triage Needs a first human triage before being processed. label Oct 25, 2017
@trishnaguha trishnaguha self-assigned this Oct 26, 2017
@trishnaguha trishnaguha added this to the 2.4.0 milestone Oct 26, 2017
@trishnaguha trishnaguha mentioned this pull request Oct 26, 2017
Closed
@trishnaguha trishnaguha added this to Nominated in 2.4.x Blocker List Oct 26, 2017
@trishnaguha trishnaguha merged commit 602a618 into ansible:devel Oct 26, 2017
@trishnaguha
Copy link
Member

trishnaguha commented Oct 26, 2017
edited

@dathelen thanks for the PR. Added in 2.4 Blocker list. The fix should be released with 2.4.2.

@trishnaguha trishnaguha moved this from Nominated to TODO: Blocker in 2.4.x Blocker List Oct 26, 2017
@trishnaguha trishnaguha moved this from TODO: Blocker to TODO: Nice to have in 2.4.x Blocker List Oct 26, 2017
abadger pushed a commit that referenced this pull request Oct 26, 2017
@dathelen @abadger
eos_user: sends user secret first on user creation fixes #31680 (#32162)
2340c7a 
* fix command order

* add integration test

* test cleanup

* remove redudant commands

(cherry picked from commit 602a618)
@abadger
Copy link
Contributor

abadger commented Oct 26, 2017

cherry-picked to stable-2.4 for the 2.4.2beta1 release.

@abadger abadger moved this from TODO: Nice to have to Done in 2.4.2 in 2.4.x Blocker List Oct 26, 2017
@dathelen dathelen mentioned this pull request Nov 1, 2017
Closed
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bugfix_pull_request labels Mar 6, 2018
@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@trishnaguha trishnaguha trishnaguha approved these changes

Assignees

@trishnaguha trishnaguha

Labels
affects_2.5 This issue/PR affects Ansible v2.5 bug This issue/PR relates to a bug. core_review In order to be merged, this PR must follow the core review workflow. module This issue/PR relates to a module. networking Network category new_contributor This PR is the first contribution by a new community member. support:network This issue/PR relates to code supported by the Ansible Network Team. test This PR relates to tests.
Projects
No open projects
2.4.x Blocker List
Done in 2.4.2
Milestone
2.4.0
Development

Successfully merging this pull request may close these issues.

eos_user fails when setting privilege on new user
5 participants
@dathelen @ansibot @trishnaguha @abadger @jborean93