Search code examples
ansibleinfoblox

How to fix "Infoblox IPAM is misconfigured?"

I'm calling infoblox from ansible using the following playbook:

- hosts: localhost
  gather_facts: false
  tasks: 
    - name: Include infoblox_vault
      include_vars: 
        file: 'infoblox_vault.yml'
    - name: Install infoblox-client for DDI
      pip:
        name: infoblox-client
      environment:
        HTTP_PROXY: http://our_internal_proxy.net:8080
        HTTPS_PROXY: http://our_internal_proxy.net:8080
      delegate_to: localhost
    - debug:
        msg: can I decrypt username?--> "{{ vault_infoblox_username }}"

    - name: Check if DNS Record exists
      set_fact:
        miqCreateVM_ddiRecord: "{{ lookup('nios', 'record:a', filter={'name': 'infoblox-devtest.net' }, provider={'host': 'ddi-qa.net', 'username': vault_infoblox_username, 'password': vault_infoblox_password }) }}"
    - debug: 
        msg: check var miqCreateVM_ddiRecord "{{ miqCreateVM_ddiRecord }}"
    - debug:
        msg: test to see amazing vm_name!  "{{ vm_name }}"
... code snipped

When the job runs, I get:

Vault password: 
PLAY [localhost] ***************************************************************
TASK [Include infoblox_vault] **************************************************
ok: [127.0.0.1]
TASK [Install infoblox-client for DDI] *****************************************
ok: [127.0.0.1 -> localhost]
TASK [debug] *******************************************************************
ok: [127.0.0.1] => {
    "msg": "can I decrypt username?--> \"manageiq-ddi\""
}
TASK [Check if DNS Record exists] **********************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'nios'. Error was a <type 'exceptions.Exception'>, original message: Infoblox IPAM is misconfigured: infoblox_username and infoblox_password are incorrect."}
PLAY RECAP *********************************************************************
127.0.0.1                  : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Here's the main part: "An unhandled exception occurred while running the lookup plugin 'nios'. Error was a <type 'exceptions.Exception'>, original message: Infoblox IPAM is misconfigured: infoblox_username and infoblox_password are incorrect."

This playbook used to work in the past. I haven't worked on it for a few months. Not sure why it's broken.

I confirmed that I can log into infoblox client manually using the credentials. I also tried manually logging the username to ensure it's decrypting the creds from the ansible-vault file. That worked fine. So it's not the credentials, not the vault decryption. It's something else.

I found the following three related topics online, but none of them seem to resolve the problem: This one (which references adding certs to the request. Anyone know how to do this? I can't find instructions) This one (which mentions problems from upgrading. I showed the versions mentioned in that post to our networking folks and they said the version numbers didn't correlate at all with what we have in our environment, so it's hard to evaluate whether that's relevant.) Last one (which calls for using a property 'http_request_timeout' : None that doesn't strike me as being the problem as I can't get it to work at all.)

How do I solve this problem?

Solution

  • This might not solve it for others, but this solved it for me:

    1. Got a new password for Ansible to use to log into Infoblox.
    2. Create a new ansible vault file containing the new infoblox password. I made a new password for the vault file encryption also.
    3. I created a new credential object in ansible to enable ansible to be able to read the new vault file.
    4. I updated the playbook to use the new vault.

    It works now. Something was wrong with the encryption.