Can you add a param to the api and retry ?
sessionkey: {{ session_key }}
On Saturday, November 16, 2024, Jeroen Kleijer <jeroen.klei...@gmail.com>
wrote:
> Hi all,
>
> We've been using ACS (4.19 series) in our test and development environment
> for the last 6 months or so and written some ansible code to help with the
> deployment. For some parts we can use the native ngine_io.cloudstack
> modules, for others where we have to use the API calls made available to
> us, we have to use the modules ansible.builtin.uri.
>
> In order to use the uri module, we figured out that it needs a session_key
> and jsession_id so we authenticate with ACS:
> - name: Authenticate with Cloudstack
> ansible.builtin.uri:
> url: "{{ cloudstack_url }}"
> method: POST
> body_format: form-urlencoded
> body:
> command: "login"
> username: "{{ admin_username }}"
> password: "{{ vault_admin_password }}"
> response: "json"
> return_content: true
> register: login_response
>
> and get the response back in login_response:
> login_response": {
> "ansible_facts": {
> "discovered_interpreter_python":
> "/usr/libexec/platform-python"
> },
> "attempts": 1,
> "changed": false,
> "connection": "close",
> "content":
> "{\"loginresponse\":{\"username\":\"admin\",\"userid\
> ":\"b3160af1-a352-11ef-8180-525400a326e8\",\"domainid\":\"
> 9ad63ce2-a352-11ef-8180-525400a326e8\",\"timeout\":
> 1800,\"account\":\"admin\",\"firstname\":\"admin\",\"
> lastname\":\"cloud\",\"type\":\"1\",\"timezone\":\"UTC\",\"
> timezoneoffset\":\"0.0\",\"registered\":\"false\",\"sessionkey\":\"
> ViKNXl3dPKQRcMKXvAtfaOdC8RE\",\"is2faenabled\":\"false\",\"
> is2faverified\":\"true\",\"issuerfor2fa\":\"CloudStack\"}}",
> "content_length": "397",
> "content_security_policy": "1, default-src=none, script-src=self,
> connect-src=self, img-src=self, style-src=self",
> "content_type": "application/json;charset=utf-8",
> "cookies": {
> "JSESSIONID": "node01ey4k6vgfkn7s1oyy83nqivzzh33.node0",
> "sessionkey": "ViKNXl3dPKQRcMKXvAtfaOdC8RE"
> },
> "cookies_string":
> "JSESSIONID=node01ey4k6vgfkn7s1oyy83nqivzzh33.node0;
> sessionkey=ViKNXl3dPKQRcMKXvAtfaOdC8RE",
> "elapsed": 0,
> "expires": "Thu, 01 Jan 1970 00:00:00 GMT",
> "failed": false,
> "json": {
> "loginresponse": {
> "account": "admin",
> "domainid": "<redacted>",
> "firstname": "admin",
> "is2faenabled": "false",
> "is2faverified": "true",
> "issuerfor2fa": "CloudStack",
> "lastname": "cloud",
> "registered": "false",
> "sessionkey": "<redacted>",
> "timeout": 1800,
> "timezone": "UTC",
> "timezoneoffset": "0.0",
> "type": "1",
> "userid": "<redacted>",
> "username": "admin"
> }
> },
> "msg": "OK (397 bytes)",
> "redirected": false,
> "set_cookie": "JSESSIONID=<redacted>; Path=/client,
> sessionkey=<redacted>;HttpOnly;SameSite=Lax",
> "status": 200,
> "url": "<redacted>",
> "vary": "Accept-Encoding, User-Agent",
> "x_content_type_options": "nosniff",
> "x_xss_protection": "1;mode=block"
> }
> }
>
> We grab the sessionkey and jsession_id from this and then pass it along
> anytime we want to use the API via Ansible. For example:
> - name: Get API and Secret Key for admin
> ansible.builtin.uri:
> url: "{{ cloudstack_url }}"
> method: POST
> body_format: form-urlencoded
> headers:
> Cookie: "sessionkey={{ session_key }}; JSESSIONID={{ jsession_id }}"
> body:
> command: "getUserKeys"
> id: "{{ login_response['json']['loginresponse']['userid'] }}"
> response: json
> return_content: true
>
> Now this code worked perfectly fine, but when we now try to deploy it in
> our QA environment, the task "Get API and Secret Key for admin" fails with
> the message:
> TASK [authenticate-acs : Get API and Secret Key for admin]
> ************************************************************
> *****************************************************************
> fatal: [<redacted>]: FAILED! => {"changed": false, "connection": "close",
> "content":
> "{\"getuserkeysresponse\":{\"uuidList\":[],\"errorcode\":
> 401,\"errortext\":\"unable
> to verify user credentials\"}}", "content_length": "103",
> "content_security_policy": "style-src=self", "content_type":
> "application/json;charset=utf-8", "elapsed": 0, "json":
> {"getuserkeysresponse": {"errorcode": 401, "errortext": "unable to verify
> user credentials", "uuidList": []}}, "msg": "Status code was 401 and not
> [200]: HTTP Error 401: Unauthorized", "redirected": false, "status": 401,
> "url": "<redacted>", "x_content_type_options": "nosniff",
> "x_xss_protection": "1;mode=block"}
>
> We didn't make any modifications to this piece of code so we're quite
> surprised that it reacts this way when it worked perfectly fine before in
> our test and development environments.
>
> Has anyone run into this before and if so, were you able work around this?
>
> Kind regards,
>
> Jeroen
>
