Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

system_authorized_keys broken #6

Open
ghost opened this issue Jan 31, 2023 · 4 comments
Open

system_authorized_keys broken #6

ghost opened this issue Jan 31, 2023 · 4 comments

Comments

@ghost
Copy link

ghost commented Jan 31, 2023

Hello,

trying to manage ssh keys, adapted from https://github.com/opengear/opengear.om/blob/master/playbooks/system_config.yaml

- hosts:
    - om1200
  remote_user: root
  collections:
    - opengear.om·
  connection: httpapi
  become: false
  gather_facts: false
  vars:
    ansible_python_interpreter: /usr/bin/python3
    ansible_network_os: opengear.om.om
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_password: <password>
  tasks:
    - name: Add SSH Keys
      opengear.om.om_system:
        config:
          system_authorized_keys:
            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTRO6c/1JnaA/Mi3MKONqQJUe75rZC36Z0tH+BefpR2li3F/x7TWQnW0aBSA4y7bGOxS5B+nFd86m6+QWqZMxqIpraG11KKVh2c+ElIliVvPbpN7cL9QKbzDZPCn5TZ28znHDuUSzc7Kt0+33On+7HkMhapKiXkA2ardK89DlpKbE4mSiIZoWG0zepyWsXa86fiKTORqEN8FhRtxnBMcl+WODjQfuBzPNr/zYv75eLaZ0LwUOz6/xm8RkwEhd/kF1ntrXYrwOqhFsR7g0cfqQ5T9vLcUXqe+VDvD16KBkooSL92OTxC907F7HPk7XvQaY4bEWK7ca/vbVhsVzdDhbF test
              username: test
              id: users_ssh_authorized_keys-42
        state:
          deleted

results in:

TASK [Add SSH Keys] *************************************************************************************************************************************************************************** 
Tuesday 31 January 2023  16:19:42 +0100 (0:00:00.023)       0:00:00.023 *******·                                                                                                                
fatal: [bre1-michael-t1]: FAILED! => changed=false·                                                                                                                                             
  msg: 'Unsupported parameters for (basic.py) module: config.system_authorized_keys.multi_field_identifier. Supported parameters include: state, config.'

state: overriden, merged and gathered

ogcli get system/system_authorized_key "username 4096 SHA256:2j3GeCKDjiM/wZ5sfdsffsdXqLdzLGxMbbiCkpXHB4 test@test (RSA)"                                                                        
  id="users_ssh_authorized_keys-130"                                                                                                                                                            
  key="ssh-rsa AAAAB3[...]"                                                                                                                                                                     
  key_fingerprint="4096 SHA256:2j3GeCKDjiM/wZ5sfdsffsdXqLdzLGxMbbiCkpXHB4 test@test (RSA)"                                                                                                      
  multi_field_identifier="test 4096 SHA256:2j3GeCKDjiM/wZ5sfdsffsdXqLdzLGxMbbiCkpXHB4 test@test (RSA)"                                                                                          
  username="test"

I run version "22.11.0" and the multi_field_identifier was not there in 22.06.0 and the ansible collection was working.
@mattwit
Copy link
Member

mattwit commented Feb 3, 2023

Can you post a verbose output? I think -vvv would be enough to start.

@ghost
Copy link
Author

ghost commented Feb 4, 2023

Hey @mattwit
thanks for taking a look. For reproducibility I did a factory_reset of the OM1200 running

# cat /etc/version 
22.11.0

after the factory reset, I only changed the root password.

playbook is:

---
- hosts:
    - om1200-test
  remote_user: root
  collections:
    - opengear.om
  connection: httpapi
  become: false
  gather_facts: false
  vars:
    ansible_python_interpreter: /usr/bin/python3
    ansible_network_os: opengear.om.om
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_password: testpassword
  tasks:
    - name: Add SSH Keys
      opengear.om.om_system:
        config:
          system_authorized_keys:
            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbCQvx2Y6ewjgbqQr8ZBQVN99F2lNc0WfrYnL4sN+uwfOQqGZ3IEbtvZa1gorH4ucxIcEEQnjCfwD7HGFW/NIu8VwFU2fTedyqcfXEqvXUykqxmVjtaaoTgaoH16Ws32AHVbj7/vcQv5fQryigcwHJGEUfU7a/gso9aSopGUyeAa475XxPEJmSYxc/4As+7E+OA9Ty5o03tmeCr3yM/cDjbBXB9kO0Bcr9BU354CYIrrUxoFYK403VhErjC/csm6G26cj364sMwL1F64jm0PcmPhzGqrOLUo/EsrQptaqyai29J/jmCtAHlhwGysYSd6TTudchnUNc0oCdM5AO+7FWPSm191Qim+rsc4flD+rg/op/GNYtx3hSH/GEQKpFS8P/32N0Ui0i13TVsYSgPrIe69DHuhMpFVnDNb9fmhEtZbtpplx21oVVJMjBj4G2NHzPTOmd2kII80PUFRh6IdF9Cyru7fK5+TeWK4WuDTddTXzfbko+lVBvjvurhLvrmn8= test@test
              username: root
              id: users_ssh_authorized_keys-42
        state:
          merged

TASK [Add SSH Keys] ****************************************************************************************************************************************************************************
task path: /home/mrhode/git/oob-automation/test.yml:17
Saturday 04 February 2023  07:46:53 +0100 (0:00:00.023)       0:00:00.023 ***** 
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<om1200-test> ESTABLISH LOCAL CONNECTION FOR USER: mrhode
<om1200-test> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/mrhode/.ansible/tmp/ansible-local-668900qbozog `"&& mkdir "` echo /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/ansible-tmp-1675493214.08702-6705-50906566664049 `" && echo ansible-tmp-1675493214.08702-6705-50906566664049="` echo /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/ansible-tmp-1675493214.08702-6705-50906566664049 `" ) && sleep 0'
Using module file /home/mrhode/git/oob-automation/collections/ansible_collections/opengear/om/plugins/modules/om_system.py
<om1200-test> PUT /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/tmp8fn11ppx TO /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/ansible-tmp-1675493214.08702-6705-50906566664049/AnsiballZ_om_system.py
<om1200-test> EXEC /bin/sh -c 'chmod u+x /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/ansible-tmp-1675493214.08702-6705-50906566664049/ /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/ansible-tmp-1675493214.08702-6705-50906566664049/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c '/usr/bin/python3 /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/ansible-tmp-1675493214.08702-6705-50906566664049/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c 'rm -f -r /home/mrhode/.ansible/tmp/ansible-local-668900qbozog/ansible-tmp-1675493214.08702-6705-50906566664049/ > /dev/null 2>&1 && sleep 0'
fatal: [om1200-test]: FAILED! => changed=false 
  invocation:
    module_args:
      config:
        admin_info:
          contact: support@opengear.com
          hostname: om1208-8e-l
          location: Unspecified (Configure under System Administration)
        banner: |2-
  
          ********************************************************************************
          UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  
          You must have explicit, authorized permission to access or configure this
          device.  Unauthorized attempts and actions to access or use this system may
          result in civil and/or criminal penalties.  All activities performed on this
          device are logged and monitored.
          ********************************************************************************
        cell_reliability_test: null
        cli_session_timeout: 0
        hostname: om1208-8e-l
        reboot: false
        ssh_port: 22
        system_authorized_keys:
        - id: users_ssh_authorized_keys-1
          key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbCQvx2Y6ewjgbqQr8ZBQVN99F2lNc0WfrYnL4sN+uwfOQqGZ3IEbtvZa1gorH4ucxIcEEQnjCfwD7HGFW/NIu8VwFU2fTedyqcfXEqvXUykqxmVjtaaoTgaoH16Ws32AHVbj7/vcQv5fQryigcwHJGEUfU7a/gso9aSopGUyeAa475XxPEJmSYxc/4As+7E+OA9Ty5o03tmeCr3yM/cDjbBXB9kO0Bcr9BU354CYIrrUxoFYK403VhErjC/csm6G26cj364sMwL1F64jm0PcmPhzGqrOLUo/EsrQptaqyai29J/jmCtAHlhwGysYSd6TTudchnUNc0oCdM5AO+7FWPSm191Qim+rsc4flD+rg/op/GNYtx3hSH/GEQKpFS8P/32N0Ui0i13TVsYSgPrIe69DHuhMpFVnDNb9fmhEtZbtpplx21oVVJMjBj4G2NHzPTOmd2kII80PUFRh6IdF9Cyru7fK5+TeWK4WuDTddTXzfbko+lVBvjvurhLvrmn8= test@test
          multi_field_identifier: root 3072 SHA256:5HiTlqmRSWTZui10IyoQq5qZd+XDyomDyBSlOdDhpDo test@test (RSA)
          username: root
        time: 06:46 Feb 04, 2023
        timezone: UTC
        webui_session_timeout: 20
      state: merged
  msg: 'Unsupported parameters for (basic.py) module: config.system_authorized_keys.multi_field_identifier. Supported parameters include: config, state.'

$ ansible --version
ansible [core 2.13.7]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/mrhode/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/mrhode/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0]
  jinja version = 3.0.3
  libyaml = True
  
$ ansible-galaxy collection list

# /usr/lib/python3/dist-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    3.5.0  
ansible.netcommon             3.1.3  
ansible.posix                 1.4.0  
ansible.utils                 2.8.0  
ansible.windows               1.12.0 
arista.eos                    5.0.1  
awx.awx                       21.10.0
azure.azcollection            1.14.0 
check_point.mgmt              2.3.0  
chocolatey.chocolatey         1.3.1  
cisco.aci                     2.3.0  
cisco.asa                     3.1.0  
cisco.dnac                    6.6.1  
cisco.intersight              1.0.22 
cisco.ios                     3.3.2  
cisco.iosxr                   3.3.1  
cisco.ise                     2.5.9  
cisco.meraki                  2.13.0 
cisco.mso                     2.1.0  
cisco.nso                     1.0.3  
cisco.nxos                    3.2.0  
cisco.ucs                     1.8.0  
cloud.common                  2.1.2  
cloudscale_ch.cloud           2.2.3  
community.aws                 3.6.0  
community.azure               1.1.0  
community.ciscosmb            1.0.5  
community.crypto              2.9.0  
community.digitalocean        1.22.0 
community.dns                 2.4.2  
community.docker              2.7.3  
community.fortios             1.0.0  
community.general             5.8.3  
community.google              1.0.0  
community.grafana             1.5.3  
community.hashi_vault         3.4.0  
community.hrobot              1.6.0  
community.libvirt             1.2.0  
community.mongodb             1.4.2  
community.mysql               3.5.1  
community.network             4.0.2  
community.okd                 2.2.0  
community.postgresql          2.3.1  
community.proxysql            1.4.0  
community.rabbitmq            1.2.3  
community.routeros            2.5.0  
community.sap                 1.0.0  
community.sap_libs            1.4.0  
community.skydive             1.0.0  
community.sops                1.5.0  
community.vmware              2.10.2 
community.windows             1.11.1 
community.zabbix              1.9.0  
containers.podman             1.10.1 
cyberark.conjur               1.2.0  
cyberark.pas                  1.0.14 
dellemc.enterprise_sonic      1.1.2  
dellemc.openmanage            5.5.0  
dellemc.os10                  1.1.1  
dellemc.os6                   1.0.7  
dellemc.os9                   1.0.4  
f5networks.f5_modules         1.21.0 
fortinet.fortimanager         2.1.7  
fortinet.fortios              2.2.1  
frr.frr                       2.0.0  
gluster.gluster               1.0.2  
google.cloud                  1.0.2  
hetzner.hcloud                1.9.0  
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.10.0 
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.4.1  
inspur.ispim                  1.2.0  
inspur.sm                     2.3.0  
junipernetworks.junos         3.1.0  
kubernetes.core               2.3.2  
lowlydba.sqlserver            1.2.0  
mellanox.onyx                 1.0.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.21.0
netapp.elementsw              21.7.0 
netapp.ontap                  21.24.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.3.1  
netbox.netbox                 3.9.0  
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.2  
openstack.cloud               1.10.0 
openvswitch.openvswitch       2.1.0  
ovirt.ovirt                   2.4.1  
purestorage.flasharray        1.15.0 
purestorage.flashblade        1.10.0 
purestorage.fusion            1.2.0  
sensu.sensu_go                1.13.1 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.31.4 
theforeman.foreman            3.7.0  
vmware.vmware_rest            2.2.0  
vultr.cloud                   1.3.1  
vyos.vyos                     3.0.1  
wti.remote                    1.0.4

@ghost
Copy link
Author

ghost commented Feb 4, 2023
edited by ghost
Loading

interestingly the key is actually deployed:

# ogcli get system/system_authorized_keys
ogcli get system/system_authorized_key "root 3072 SHA256:5HiTlqmRSWTZui10IyoQq5qZd+XDyomDyBSlOdDhpDo test@test (RSA)"
  id="users_ssh_authorized_keys-1"
  key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbCQvx2Y6ewjgbqQr8ZBQVN99F2lNc0WfrYnL4sN+uwfOQqGZ3IEbtvZa1gorH4ucxIcEEQnjCfwD7HGFW/NIu8VwFU2fTedyqcfXEqvXUykqxmVjtaaoTgaoH16Ws32AHVbj7/vcQv5fQryigcwHJGEUfU7a/gso9aSopGUyeAa475XxPEJmSYxc/4As+7E+OA9Ty5o03tmeCr3yM/cDjbBXB9kO0Bcr9BU354CYIrrUxoFYK403VhErjC/csm6G26cj364sMwL1F64jm0PcmPhzGqrOLUo/EsrQptaqyai29J/jmCtAHlhwGysYSd6TTudchnUNc0oCdM5AO+7FWPSm191Qim+rsc4flD+rg/op/GNYtx3hSH/GEQKpFS8P/32N0Ui0i13TVsYSgPrIe69DHuhMpFVnDNb9fmhEtZbtpplx21oVVJMjBj4G2NHzPTOmd2kII80PUFRh6IdF9Cyru7fK5+TeWK4WuDTddTXzfbko+lVBvjvurhLvrmn8= test@test"
  key_fingerprint="3072 SHA256:5HiTlqmRSWTZui10IyoQq5qZd+XDyomDyBSlOdDhpDo test@test (RSA)"
  multi_field_identifier="root 3072 SHA256:5HiTlqmRSWTZui10IyoQq5qZd+XDyomDyBSlOdDhpDo test@test (RSA)"
  username="root"

but now running other playbooks fail (slightly adapted system_config.yml playbook):

---
- hosts: om1200-test
remote_user: root
collections:
  - opengear.om
connection: httpapi
become: false
gather_facts: false
vars:
  ansible_python_interpreter: /usr/bin/python3
  ansible_network_os: opengear.om.om
  ansible_httpapi_use_ssl: true
  ansible_httpapi_validate_certs: false
  ansible_httpapi_password: testpassword
tasks:
  - name: Change Admin Infro
    opengear.om.om_system:
      config:
        admin_info:
          hostname: om1000
          contact: avankatw@digi.com.au
          location: AUS

  - name: Change Timezone
    opengear.om.om_system:
      config:
        timezone: Australia/Brisbane

TASK [Change Admin Infro] **********************************************************************************************************************************************************************
task path: /home/mrhode/git/oob-automation/system_config2.yaml:16
Saturday 04 February 2023  07:57:05 +0100 (0:00:00.023)       0:00:00.023 ***** 
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<om1200-test> ESTABLISH LOCAL CONNECTION FOR USER: mrhode
<om1200-test> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp `"&& mkdir "` echo /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/ansible-tmp-1675493825.813138-7177-87734492802720 `" && echo ansible-tmp-1675493825.813138-7177-87734492802720="` echo /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/ansible-tmp-1675493825.813138-7177-87734492802720 `" ) && sleep 0'
Using module file /home/mrhode/git/oob-automation/collections/ansible_collections/opengear/om/plugins/modules/om_system.py
<om1200-test> PUT /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/tmpvbu2w80w TO /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/ansible-tmp-1675493825.813138-7177-87734492802720/AnsiballZ_om_system.py
<om1200-test> EXEC /bin/sh -c 'chmod u+x /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/ansible-tmp-1675493825.813138-7177-87734492802720/ /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/ansible-tmp-1675493825.813138-7177-87734492802720/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c '/usr/bin/python3 /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/ansible-tmp-1675493825.813138-7177-87734492802720/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c 'rm -f -r /home/mrhode/.ansible/tmp/ansible-local-7161cmezghnp/ansible-tmp-1675493825.813138-7177-87734492802720/ > /dev/null 2>&1 && sleep 0'
fatal: [om1200-test]: FAILED! => changed=false 
  invocation:
    module_args:
      config:
        admin_info:
          contact: support@opengear.com
          hostname: om1208-8e-l
          location: Unspecified (Configure under System Administration)
        banner: |2-
  
          ********************************************************************************
          UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  
          You must have explicit, authorized permission to access or configure this
          device.  Unauthorized attempts and actions to access or use this system may
          result in civil and/or criminal penalties.  All activities performed on this
          device are logged and monitored.
          ********************************************************************************
        cell_reliability_test: null
        cli_session_timeout: 0
        hostname: om1208-8e-l
        reboot: false
        ssh_port: 22
        system_authorized_keys:
        - id: users_ssh_authorized_keys-1
          key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbCQvx2Y6ewjgbqQr8ZBQVN99F2lNc0WfrYnL4sN+uwfOQqGZ3IEbtvZa1gorH4ucxIcEEQnjCfwD7HGFW/NIu8VwFU2fTedyqcfXEqvXUykqxmVjtaaoTgaoH16Ws32AHVbj7/vcQv5fQryigcwHJGEUfU7a/gso9aSopGUyeAa475XxPEJmSYxc/4As+7E+OA9Ty5o03tmeCr3yM/cDjbBXB9kO0Bcr9BU354CYIrrUxoFYK403VhErjC/csm6G26cj364sMwL1F64jm0PcmPhzGqrOLUo/EsrQptaqyai29J/jmCtAHlhwGysYSd6TTudchnUNc0oCdM5AO+7FWPSm191Qim+rsc4flD+rg/op/GNYtx3hSH/GEQKpFS8P/32N0Ui0i13TVsYSgPrIe69DHuhMpFVnDNb9fmhEtZbtpplx21oVVJMjBj4G2NHzPTOmd2kII80PUFRh6IdF9Cyru7fK5+TeWK4WuDTddTXzfbko+lVBvjvurhLvrmn8= test@test
          multi_field_identifier: root 3072 SHA256:5HiTlqmRSWTZui10IyoQq5qZd+XDyomDyBSlOdDhpDo test@test (RSA)
          username: root
        time: 06:56 Feb 04, 2023
        timezone: UTC
        webui_session_timeout: 20
      state: merged
  msg: 'Unsupported parameters for (basic.py) module: config.system_authorized_keys.multi_field_identifier. Supported parameters include: config, state.'

deleting the key:

# ogcli delete system/system_authorized_key "root 3072 SHA256:5HiTlqmRSWTZui10IyoQq5qZd+XDyomDyBSlOdDhpDo test@test (RSA)"
# ogcli get system/system_authorized_keys
  []

and running above playbook again:

TASK [Change Admin Infro] **********************************************************************************************************************************************************************
task path: /home/mrhode/git/oob-automation/system_config2.yaml:16
Saturday 04 February 2023  08:01:57 +0100 (0:00:00.023)       0:00:00.023 ***** 
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<om1200-test> ESTABLISH LOCAL CONNECTION FOR USER: mrhode
<om1200-test> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv `"&& mkdir "` echo /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494117.56177-7300-261705116047376 `" && echo ansible-tmp-1675494117.56177-7300-261705116047376="` echo /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494117.56177-7300-261705116047376 `" ) && sleep 0'
Using module file /home/mrhode/git/oob-automation/collections/ansible_collections/opengear/om/plugins/modules/om_system.py
<om1200-test> PUT /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/tmpvq1rzbto TO /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494117.56177-7300-261705116047376/AnsiballZ_om_system.py
<om1200-test> EXEC /bin/sh -c 'chmod u+x /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494117.56177-7300-261705116047376/ /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494117.56177-7300-261705116047376/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c '/usr/bin/python3 /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494117.56177-7300-261705116047376/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c 'rm -f -r /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494117.56177-7300-261705116047376/ > /dev/null 2>&1 && sleep 0'
changed: [om1200-test] => changed=true 
  after:
    admin_info:
      contact: avankatw@digi.com.au
      hostname: om1000
      location: AUS
    banner: |2-
  
      ********************************************************************************
      UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  
      You must have explicit, authorized permission to access or configure this
      device.  Unauthorized attempts and actions to access or use this system may
      result in civil and/or criminal penalties.  All activities performed on this
      device are logged and monitored.
      ********************************************************************************
    cell_reliability_test: null
    cli_session_timeout: 0
    hostname: om1000
    reboot: false
    ssh_port: 22
    system_authorized_keys: null
    time: 07:01 Feb 04, 2023
    timezone: UTC
    webui_session_timeout: 20
  before:
    admin_info:
      contact: support@opengear.com
      hostname: om1208-8e-l
      location: Unspecified (Configure under System Administration)
    banner: |2-
  
      ********************************************************************************
      UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  
      You must have explicit, authorized permission to access or configure this
      device.  Unauthorized attempts and actions to access or use this system may
      result in civil and/or criminal penalties.  All activities performed on this
      device are logged and monitored.
      ********************************************************************************
    cell_reliability_test: null
    cli_session_timeout: 0
    hostname: om1208-8e-l
    reboot: false
    ssh_port: 22
    system_authorized_keys: null
    time: 07:01 Feb 04, 2023
    timezone: UTC
    webui_session_timeout: 20
  commands:
  - data:
      system_admin_info:
        contact: avankatw@digi.com.au
        hostname: om1000
        location: AUS
    method: PUT
    path: system/admin_info
  invocation:
    module_args:
      config:
        admin_info:
          contact: avankatw@digi.com.au
          hostname: om1000
          location: AUS
        banner: null
        cell_reliability_test: null
        cli_session_timeout: null
        hostname: null
        reboot: null
        ssh_port: null
        system_authorized_keys: null
        time: null
        timezone: null
        webui_session_timeout: null
      state: merged

TASK [Change Timezone] *************************************************************************************************************************************************************************
task path: /home/mrhode/git/oob-automation/system_config2.yaml:24
Saturday 04 February 2023  08:02:06 +0100 (0:00:09.752)       0:00:09.775 ***** 
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<om1200-test> ESTABLISH HTTP(S) CONNECTFOR USER: root TO https://om1200-test:443
<om1200-test> ESTABLISH LOCAL CONNECTION FOR USER: mrhode
<om1200-test> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv `"&& mkdir "` echo /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494127.2333837-7330-36921882483783 `" && echo ansible-tmp-1675494127.2333837-7330-36921882483783="` echo /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494127.2333837-7330-36921882483783 `" ) && sleep 0'
Using module file /home/mrhode/git/oob-automation/collections/ansible_collections/opengear/om/plugins/modules/om_system.py
<om1200-test> PUT /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/tmp9n0jex0v TO /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494127.2333837-7330-36921882483783/AnsiballZ_om_system.py
<om1200-test> EXEC /bin/sh -c 'chmod u+x /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494127.2333837-7330-36921882483783/ /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494127.2333837-7330-36921882483783/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c '/usr/bin/python3 /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494127.2333837-7330-36921882483783/AnsiballZ_om_system.py && sleep 0'
<om1200-test> EXEC /bin/sh -c 'rm -f -r /home/mrhode/.ansible/tmp/ansible-local-72846gmq94jv/ansible-tmp-1675494127.2333837-7330-36921882483783/ > /dev/null 2>&1 && sleep 0'
changed: [om1200-test] => changed=true 
  after:
    admin_info:
      contact: avankatw@digi.com.au
      hostname: om1000
      location: AUS
    banner: |2-
  
      ********************************************************************************
      UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  
      You must have explicit, authorized permission to access or configure this
      device.  Unauthorized attempts and actions to access or use this system may
      result in civil and/or criminal penalties.  All activities performed on this
      device are logged and monitored.
      ********************************************************************************
    cell_reliability_test: null
    cli_session_timeout: 0
    hostname: om1000
    reboot: false
    ssh_port: 22
    system_authorized_keys: null
    time: 17:01 Feb 04, 2023
    timezone: Australia/Brisbane
    webui_session_timeout: 20
  before:
    admin_info:
      contact: avankatw@digi.com.au
      hostname: om1000
      location: AUS
    banner: |2-
  
      ********************************************************************************
      UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  
      You must have explicit, authorized permission to access or configure this
      device.  Unauthorized attempts and actions to access or use this system may
      result in civil and/or criminal penalties.  All activities performed on this
      device are logged and monitored.
      ********************************************************************************
    cell_reliability_test: null
    cli_session_timeout: 0
    hostname: om1000
    reboot: false
    ssh_port: 22
    system_authorized_keys: null
    time: 07:01 Feb 04, 2023
    timezone: UTC
    webui_session_timeout: 20
  commands:
  - data:
      system_timezone:
        timezone: Australia/Brisbane
    method: PUT
    path: system/timezone
  invocation:
    module_args:
      config:
        admin_info: null
        banner: null
        cell_reliability_test: null
        cli_session_timeout: null
        hostname: null
        reboot: null
        ssh_port: null
        system_authorized_keys: null
        time: null
        timezone: Australia/Brisbane
        webui_session_timeout: null
      state: merged
META: ran handlers
META: ran handlers


PLAY RECAP *************************************************************************************************************************************************************************************
om1200-test                : ok=2    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

success. \o/

@ghost
Copy link
Author

ghost commented Feb 4, 2023

above system_config.yml playbook succeeds with

    - name: Add SSH Keys
      opengear.om.om_system:
        config:
          system_authorized_keys:
            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTRO6c/1JnaA/Mi3MKONqQJUe75rZC36Z0tH+BefpR2li3F/x7TWQnW0aBSA4y7bGOxS5B+nFd86m6+QWqZMxqIpraG11KKVh2c+ElIliVvPbpN7cL9QKbzDZPCn5TZ28znHDuUSzc7Kt0+33On+7HkMhapKiXkA2ardK89DlpKbE4mSiIZoWG0zepyWsXa86fiKTORqEN8FhRtxnBMcl+WODjQfuBzPNr/zYv75eLaZ0LwUOz6/xm8RkwEhd/kF1ntrXYrwOqhFsR7g0cfqQ5T9vLcUXqe+VDvD16KBkooSL92OTxC907F7HPk7XvQaY4bEWK7ca/vbVhsVzdDhbF test
              username: root
              id: users_ssh_authorized_keys-1
        state:
          deleted

but with state: merged it results in

fatal: [om1200-test]: FAILED! => changed=false 
  invocation:
    module_args:
      config:
        admin_info:
          contact: avankatw@digi.com.au
          hostname: om1000
          location: AUS
        banner: |2-
  
          ********************************************************************************
          UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
  
          You must have explicit, authorized permission to access or configure this
          device.  Unauthorized attempts and actions to access or use this system may
          result in civil and/or criminal penalties.  All activities performed on this
          device are logged and monitored.
          ********************************************************************************
        cell_reliability_test: null
        cli_session_timeout: 0
        hostname: om1000
        reboot: false
        ssh_port: 22
        system_authorized_keys:
        - id: users_ssh_authorized_keys-2
          key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTRO6c/1JnaA/Mi3MKONqQJUe75rZC36Z0tH+BefpR2li3F/x7TWQnW0aBSA4y7bGOxS5B+nFd86m6+QWqZMxqIpraG11KKVh2c+ElIliVvPbpN7cL9QKbzDZPCn5TZ28znHDuUSzc7Kt0+33On+7HkMhapKiXkA2ardK89DlpKbE4mSiIZoWG0zepyWsXa86fiKTORqEN8FhRtxnBMcl+WODjQfuBzPNr/zYv75eLaZ0LwUOz6/xm8RkwEhd/kF1ntrXYrwOqhFsR7g0cfqQ5T9vLcUXqe+VDvD16KBkooSL92OTxC907F7HPk7XvQaY4bEWK7ca/vbVhsVzdDhbF test
          multi_field_identifier: root 2048 SHA256:CNem+rkDme6jInbmuzNxmHz46TP3mA37I2XfEGUuDs8 test (RSA)
          username: root
        time: 17:06 Feb 04, 2023
        timezone: Australia/Brisbane
        webui_session_timeout: 20
      state: merged
  msg: 'Unsupported parameters for (basic.py) module: config.system_authorized_keys.multi_field_identifier. Supported parameters include: state, config.'

but the key is deployed:

# ogcli get system/system_authorized_keys
ogcli get system/system_authorized_key "root 2048 SHA256:CNem+rkDme6jInbmuzNxmHz46TP3mA37I2XfEGUuDs8 test (RSA)"
id="users_ssh_authorized_keys-2"
key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTRO6c/1JnaA/Mi3MKONqQJUe75rZC36Z0tH+BefpR2li3F/x7TWQnW0aBSA4y7bGOxS5B+nFd86m6+QWqZMxqIpraG11KKVh2c+ElIliVvPbpN7cL9QKbzDZPCn5TZ28znHDuUSzc7Kt0+33On+7HkMhapKiXkA2ardK89DlpKbE4mSiIZoWG0zepyWsXa86fiKTORqEN8FhRtxnBMcl+WODjQfuBzPNr/zYv75eLaZ0LwUOz6/xm8RkwEhd/kF1ntrXYrwOqhFsR7g0cfqQ5T9vLcUXqe+VDvD16KBkooSL92OTxC907F7HPk7XvQaY4bEWK7ca/vbVhsVzdDhbF test"
key_fingerprint="2048 SHA256:CNem+rkDme6jInbmuzNxmHz46TP3mA37I2XfEGUuDs8 test (RSA)"
multi_field_identifier="root 2048 SHA256:CNem+rkDme6jInbmuzNxmHz46TP3mA37I2XfEGUuDs8 test (RSA)"
username="root"

and the Change Admin Infro tasks fails again when running the playbook again.

@Disco402 Disco402 mentioned this issue Jan 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mattwit