Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redfish Session Auth with Dell iDRAC9 #5886

Closed
1 task done
sseekamp opened this issue Jan 24, 2023 · 3 comments · Fixed by #5903
Closed
1 task done

Redfish Session Auth with Dell iDRAC9 #5886

sseekamp opened this issue Jan 24, 2023 · 3 comments · Fixed by #5903
Labels
bug This issue/PR relates to a bug module module plugins plugin (any type) remote_management

Comments

@sseekamp
Copy link
Contributor

Summary

When attempting to create a Redfish Session as documented here:

community.general/plugins/modules/redfish_command.py

Lines 874 to 875 in fe520a6

elif command == "CreateSession":
result = rf_utils.create_session()

Dell iDRAC9's (version 5.x or 6.x, does not appear to impact iDRAC8) return an error:

fatal: [x.x.x.x]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "HTTP Error 415 on POST request to 'https://REDACTED/redfish/v1/SessionService/Sessions', extended message: 'A general error has occurred. See Resolution for information on how to resolve the error.'"}

Testing manually (outside of Ansible) also returns an error:

{
    "error": {
        "code": "Base.1.5.GeneralError",
        "message": "A general error has occurred. See ExtendedInfo for more information.",
        "@Message.ExtendedInfo": {
            "@odata.type": "#Message.v1_0_0.Message",
            "MessageId": "Base.1.5.GeneralError",
            "Message": "A general error has occurred. See Resolution for information on how to resolve the error.",
            "Resolution": "Redfish request contains unsupported media type. Correct the request body and resubmit.",
            "Severity": "Warning"
        }
    }
}

This appears to stem from the ansible module setting force_basic_auth = True as specified here:

community.general/plugins/module_utils/redfish_utils.py

Line 60 in a7783c4

force_basic_auth = True

iDRAC9's for unknown reasons will fail the session creation if basic_auth is enabled for the POST request. Ideally Dell would handle that differently, but is it possible to disable that flag for just the session creation task?

Issue Type

Bug Report

Component Name

redfish_utils.py

Ansible Version

Tested with:

$ ansible --version

ansible [core 2.13.3]
  config file = /.ansible.cfg
  configured module search path = ['.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = .local/share/virtualenvs/ansitest-cGU-0QPt/lib/python3.8/site-packages/ansible
  ansible collection location = /GitHub/ansible/collections
  executable location = .local/share/virtualenvs/ansitest-cGU-0QPt/bin/ansible
  python version = 3.8.14 (default, Oct 14 2022, 09:34:47) [Clang 14.0.0 (clang-1400.0.29.102)]
  jinja version = 3.1.2
  libyaml = False

and

ansible 2.10.17
  config file = /Users/sseekamp/GitHub/firmware_updater/ansible.cfg
  configured module search path = ['.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location =.local/share/virtualenvs/firmware_updater-aX3uA6gG/lib/python3.8/site-packages/ansible
  executable location = .local/share/virtualenvs/firmware_updater-aX3uA6gG/bin/ansible
  python version = 3.8.14 (default, Oct 14 2022, 09:34:47) [Clang 14.0.0 (clang-1400.0.29.102)]

Community.general Version

Tested with:

$ ansible-galaxy collection list community.general

# GitHub/ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 6.2.0  

# .local/share/virtualenvs/ansitest-cGU-0QPt/lib/python3.8/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 4.1.0

Configuration

$ ansible-config dump --only-changed

COLLECTIONS_PATHS(.ansible.cfg) = ['GitHub/ansible/collections']

OS / Environment

OSX 13.1
Ubuntu Focal

Steps to Reproduce

---
- name: Session test
  gather_facts: false
  hosts: localhost

  tasks:
  - name: Create Redfish session
    community.general.redfish_command:
      category: Sessions
      command: CreateSession
      baseuri: "{{ bmc_address }}"
      username: "{{ bmc_username }}"
      password: "{{ bmc_password }}"
    register: rfsession

  - debug:
      var: rfsession

Expected Results

on an iDRAC 8 node:

PLAY [Manager test] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

TASK [Create Redfish session] ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true, "msg": "Action was successful", "return_values": {}, "session": {"token": "REDACTED", "uri": "/redfish/v1/Sessions/8084"}}

TASK [debug] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "rfsession": {
        "changed": true,
        "failed": false,
        "msg": "Action was successful",
        "return_values": {},
        "session": {
            "token": "REDACTED",
            "uri": "/redfish/v1/Sessions/8084"
        }
    }
}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Actual Results

On an iDRAC9 node:

PLAY [Manager test] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

TASK [Create Redfish session] ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "HTTP Error 415 on POST request to 'https://REDACTED/redfish/v1/SessionService/Sessions', extended message: 'A general error has occurred. See Resolution for information on how to resolve the error.'"}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@ansibullbot
Copy link
Collaborator

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link
Collaborator

cc @Bhavya06 @mraineri @rajeevkallur @renxulei @tomasg2012 @xmadsen
click here for bot help

@ansibullbot ansibullbot added bug This issue/PR relates to a bug module module plugins plugin (any type) remote_management labels Jan 24, 2023
@mraineri
Copy link
Contributor

mraineri commented Jan 25, 2023
edited
Loading

I suspect based on your debugging so far that the presence of the Authorization header (due to force_basic_auth being set to true) causes some services to reject the request. Providing an Authorization header while also providing credentials in the request body to make the session is unexpected. I can see cases where some services will ignore the header, and others that will err on the side of caution to raise this as a potential conflict; allowing both to pass through can give nondeterministic behavior (which credentials are consumed, the header's or the body's?). We don't have anything in the Redfish Specification as far as I can tell to recommend best practices, but specifically for Ansible, I think we should disable the force_basic_auth flag when performing the session creation request.

@mraineri mraineri mentioned this issue Jan 27, 2023
Merged
This was referenced Jan 30, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug module module plugins plugin (any type) remote_management
Projects
None yet
Milestone
No milestone
3 participants
@mraineri @sseekamp @ansibullbot