-1

I'm currently having a problem running an Ansible F5 playbook via an SSH Bastion host to configure an F5 Device, not sure where the issue could be at this stage.

BIGSUDS, SUDS, F5-SDK all installed via pip

My Playbook --- f5play.yml ----

---
- hosts: f5_devices
  gather_facts: false
  connection: local

  tasks:
  - name: f5 test
    bigip_facts:
      server: "{{ inventory_hostname }}"
      user: "{{ ansible_user }}"
      password: "{{ ansible_ssh_pass }}"
      include: "interface"
      validate_certs: false
    delegate_to: localhost
    register: out

  - debug: msg= "{{ out }}"

I have a "group_vars" directory with an "f5_devices" directory that contains my vault.yml and vars.yml

vars.yml contains my extra proxy info, to jump through an intermediate ssh host before jumping to the f5, It has been successfully used with this setup before to get to Cisco devices.

inventory file = ansible_hosts

[f5_devices]
F5-LTM1  ansible_user=admin

--vars.yml--

ansible_ssh_pass: "{{ vault_ansible_ssh_pass }}"
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -v bastion1" -o 
StrictHostKeyChecking=no'

ansible-playbook -i ansible_hosts f5play.yml --ask-vault-pass -vvv

UPDATE - added "delegate_to: localhost" now, still this error

            "session": false,
            "state": "present",
            "user": "admin",
            "validate_certs": false
        }
    },
    "msg": "received exception: <urlopen error [Errno -2] Name or service 
not known>\ntraceback: Traceback (most recent call last):\n  File 
\"/tmp/ansible_cdaERk/ansible_module_bigip_facts.py\", line 1664, in main\n    
saved_active_folder = f5.get_active_folder()\n  File 
\"/tmp/ansible_cdaERk/ansible_module_bigip_facts.py\", line 148, in 
get_active_folder\n    return self.api.System.Session.get_active_folder()\n  
File \"/home/mike/Proj/ansible/lib/python2.7/site-packages/bigsuds.py\", 
line 360, in __getattr__\n    client = self._client_creator('%s.%s' % 
(self._name, attr))\n  File \"/home/mike/Proj/ansible/lib/python2.7/site-
packages/bigsuds.py\", line 170, in _create_client\n    raise 
ConnectionError(str(e))\nConnectionError: <urlopen error [Errno -2] Name or 
service not known>\n"
}

I forgot to add, this is running in a virtual environment (virtualenv ansible)

Any help would be 'greatly' appreciated

MIke
  • 13
  • 4

1 Answers1

0

I'd guess, you should:

  • remove connection: local
  • remove ssh and proxy settings for f5_devices group
  • add bastion1 host to your inventory
  • then delegate_to: bastion1

this way Ansible will connect to your bastion host and execute bigip_facts module from there targeting your f5 devices.

Konstantin Suvorov
  • 65,183
  • 9
  • 162
  • 193
  • I commented out the ssh_common_args, removed the connection: local and delegated to Bastion1 and now have a new error fatal: [F5-LTM1]: UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: mux_client_request_session: out of sequence reply: my id 1 theirs 2\r\n", "unreachable": true } – MIke Aug 11 '17 at 00:03
  • I'm wondering if anyone has even tried this before or if it's even possible since you need to SSH through an intermediate host in order to communicate using the F5 iControl API?? – MIke Aug 13 '17 at 23:58
  • I just saw something about having bigsuds installed on the jump host which is a shame as I wanted to avoid having to touch the jumphost software. – MIke Aug 18 '17 at 06:45