Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API & Integration, DevOps,NetOps,SecOps

Reply

Bug(?) in Ansible 2.8 with options in nios_fixed_address

Authority
Posts: 30
9276     1

Hello,

 

I noticed some strange behavior in the nios_fixed_address module of Ansible 2.8.6

I try to create a fixed address and want to supply the host-name option. This is done with:

 

[snip]

- options:

  - name: host-name

    value: "the_hostname_I_want_to_set"

[snip]

 

Ansible fails with:

fatal: [localhost]: FAILED! => {"changed": false, "code": "Client.Ibap.Proto", "msg": "Option host-name can not have a use_option flag", "operation": "create_object", "type": "AdmConProtoError"} 

 

I did not set use_options at all!

And when I try to add "use_options" with either true or false or yes or no, this will produce the same error message.

The documentations say that use_option defaults to "yes". But when this is really the case this means that no options without "use_options" can be set. And this is a bug.

 

I also tried with "num: 12" instead of "name: host-name". This produces the same results.

 

Do you know a workaround? How can I set the host-name options with Ansible?

Who can fix this bug (if it is one) in Ansible?

 

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

Authority
Posts: 30
9276     1

I created an issue on github for this:

https://github.com/ansible/ansible/issues/64034

 

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

Adviser
Posts: 181
9276     1

Hi,

 

I've created a pull request to fix this issue: https://github.com/ansible/ansible/pull/65369

 

Thanks and Regards,

Krishna Vasudevan

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

Authority
Posts: 30
9276     1

Thanks. It looks it's currently not in any Ansible release.

I'll try to apply your PR manually and give it a try.

 

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

[ Edited ]
Authority
Posts: 30
9276     1

Hello,

 

I applied your patch manually and found that it's only working with "name" options, but not with "num" options.

Looks like you missed it in this code block in nios_fixed_address.py:

    for item in module.params['options']:
        opt = dict([(k, v) for k, v in iteritems(item) if v is not None])
        if 'name' not in opt and 'num' not in opt:
            module.fail_json(msg='one of `name` or `num` is required for option value')
        if opt['name'] not in special_options:
            del opt['use_option']
        options.append(opt)
    return options

See? You only delete the use_option when opt has a name. Ansible even throws a traceback error when num is used:

The full traceback is:
Traceback (most recent call last):
  File "/home/XXX/.ansible/tmp/ansible-tmp-1581012201.35-244539456118516/AnsiballZ_nios_fixed_address.py", line 102, in <module>
    _ansiballz_main()
  File "/home/XXX/.ansible/tmp/ansible-tmp-1581012201.35-244539456118516/AnsiballZ_nios_fixed_address.py", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/vXXX/.ansible/tmp/ansible-tmp-1581012201.35-244539456118516/AnsiballZ_nios_fixed_address.py", line 40, in invoke_module
    runpy.run_module(mod_name='ansible.modules.net_tools.nios.nios_fixed_address', init_globals=None, run_name='__main__', alter_sys=True)
  File "/usr/lib/python2.7/runpy.py", line 188, in run_module
    fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 82, in _run_module_code
    mod_name, mod_fname, mod_loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/tmp/ansible_nios_fixed_address_payload_HVTHzC/ansible_nios_fixed_address_payload.zip/ansible/modules/net_tools/nios/nios_fixed_address.py", line 269, in <module>
  File "/tmp/ansible_nios_fixed_address_payload_HVTHzC/ansible_nios_fixed_address_payload.zip/ansible/modules/net_tools/nios/nios_fixed_address.py", line 263, in main
  File "/tmp/ansible_nios_fixed_address_payload_HVTHzC/ansible_nios_fixed_address_payload.zip/ansible/module_utils/net_tools/nios/api.py", line 264, in run
  File "/tmp/ansible_nios_fixed_address_payload_HVTHzC/ansible_nios_fixed_address_payload.zip/ansible/modules/net_tools/nios/nios_fixed_address.py", line 197, in options
KeyError: 'name'

At first glance I'm fine with that because I am able to work with the name option now. But you should fix that in the long run since it is documented to work...

 

Thanks and regards,

 

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

[ Edited ]
Authority
Posts: 30
9276     1

A colleague of mine wrote a quick fix which is working also with num options.

This is the complete function:

def options(module):
    ''' Transforms the module argument into a valid WAPI struct
    This function will transform the options argument into a structure that
    is a valid WAPI structure in the format of:
        {
            name: <value>,
            num: <value>,
            value: <value>,
            use_option: <value>,
            vendor_class: <value>
        }
    It will remove any options that are set to None since WAPI will error on
    that condition.  The use_option field only applies
    to special options that are displayed separately from other options and
    have a use flag. This function removes the use_option flag from all
    other options. It will also verify that either `name` or `num` is
    set in the structure but does not validate the values are equal.
    The remainder of the value validation is performed by WAPI
    '''
    special_options = {'routers': 3, 'router-templates': 1, 'domain-name-servers': 6,
                       'domain-name': 15, 'broadcast-address': 28, 'broadcast-address-offset': 1,
                       'dhcp-lease-time': 51, 'dhcp6.name-servers': 23}
    options = list()
    for item in module.params['options']:
        opt = dict([(k, v) for k, v in iteritems(item) if v is not None])
        if 'name' not in opt and 'num' not in opt:
            module.fail_json(msg='one of `name` or `num` is required for option value')
        if opt.has_key('name') and opt['name'] not in special_options.keys() or opt.has_key('num') and opt['num'] not in special_options.values():
            del opt['use_option']
        options.append(opt)
    return options

I was not able to find all the option numbers, that's because there are "None"s and also a None "handling". You probably have to add or fix some numbers.

It would be great if you could submit this to the Ansible project...

 

Thanks!

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

New Member
Posts: 1
9277     1

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

Authority
Posts: 30
9277     1

Thanks. I'll look into it.

 

Sadly even the old fix is not yet available in any official Ansible release.

 

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

New Member
Posts: 1
9277     1

https://github.com/infobloxopen/infoblox-ansible/issues/25

For this is a issue opend in the collection repo on github.

I had the same issue and we make contact with support and they opend the issue i tryed to describe the resolution mentioned in this Thread. 

Thank you for the code snippet.

 

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

Authority
Posts: 30
9277     1

Really sad that this fix got lost somehow while moving out nearly all the modules to external collections. It seems it was also not added to the infoblox collection. Infoblox staff should care a bit more here!

I added a comment to the issue too. Maybe we should simply add the fix again...

 

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

New Member
Posts: 3
9277     1

Dear All,

 

We are also affected by the same problem, this is a 30 minute task for the developer.

Infoblox - can you help us hier? My focuse on on network module.

Re: Bug(?) in Ansible 2.8 with options in nios_fixed_address

New Member
Posts: 2
9277     1

I saw this as an issue in GitHub: https://github.com/infobloxopen/infoblox-ansible/issues/25

I sent a pull request to fix it: https://github.com/infobloxopen/infoblox-ansible/pull/104

Just need someone from Infoblox development to approve and merge.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You