Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'CSR_ORIGIN_LOCAL' is not defined. #39

Open
cbrister78 opened this issue Aug 3, 2023 · 9 comments
Open

'CSR_ORIGIN_LOCAL' is not defined. #39

cbrister78 opened this issue Aug 3, 2023 · 9 comments
Labels
bug Something isn't working

Comments

@cbrister78
Copy link

PROBLEM SUMMARY

We are getting a 'CSR_ORIGIN_LOCAL' is not defined message on the Enroll Venafi certificate on remote host task. We have recently upgraded from Ansible Automation Platform 1 to 2 when these issues started.
image

We noticed in the Venafi_Credentials.py file is being defaulted to ‘CSR_ORIGIN_LOCAL’:
image

I have it set to “Service” in the code:
image

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

ENVIRONMENT DETAILS

COMMENTS/WORKAROUNDS
@cbrister78 cbrister78 added the bug Something isn't working label Aug 3, 2023
@dwebr
Copy link

dwebr commented Aug 25, 2023

I am having the same issue, setting certificate_csr_origin role variable to "service" does not resolve the issue.

@luispresuelVenafi
Copy link

A colleague's answer on this:

This issue normally happens when you install the collection but not its dependencies. Venafi ansible collection depends on vcert library. https://pypi.org/project/vcert/
If you are running ansible locally, make sure to install vcert in your global or virtual environment.
If you are running ansible in an platform like Automation Platform, make sure that your runner has the library installed before running the playbook

@cbrister78 , @dwebr , could you confirm VCert Python library is installed among your dependencies?

@lastusrnameon3
Copy link

lastusrnameon3 commented Oct 20, 2023
edited
Loading

I have the same issue and can confirm that vCert is installed.
What's odd about this issue is that " CSR_ORIGIN_LOCAL" should be set by default by roles/certificate/tasks/main.yml as a variable named: *"certificate_csr_origin": (see below)

https://github.com/Venafi/ansible-collection-venafi/blob/f20c4ed0913813fdd2fabe46573c5224f88fabbd/roles/certificate/defaults/main.yml#L28C1-L32C32

Also, it looks like the original post shows that the "Certificate_remote_execution" is set to false
(see below) same as mine
image

So that would mean that in main/roles/certificate/tasks/main.yml the ansible.builtin.import_tasks: local-certificate.yml would be used. (link below)

ansible-collection-venafi/roles/certificate/tasks/main.yml

Line 13 in f20c4ed

when: not certificate_remote_execution

And as seen in line 25 of the roles/certificate/tasks/local-certificate.yml, the "certificate_csr_origin": from the runbook ('service') is set to a new variable named csr_origin
https://github.com/Venafi/ansible-collection-venafi/blob/f20c4ed0913813fdd2fabe46573c5224f88fabbd/roles/certificate/tasks/local-certificate.yml#L25C7-L25C7

but I don't see where the csr_origin variable is called to be transformed into "CSR_ORIGIN_SERVICE based on the variable's value (currently set to 'service')
image

and if it wasn't set to service, it should at least be set to Local, as shown above.

@Fantomace74
Copy link

Found the bug due to version of python lib with vcert (lib ruamel.yaml version <=0.17.31 to work, bug with version 0.18.5)
“pip install --upgrade vcert” solved it

@rvelaVenafi
Copy link
Contributor

@cbrister78 Is @Fantomace74 fix working for you?

@Fantomace74 What version of python are you using? Starting with vcert 0.16.0 support for python 3.6 has been dropped. Minimum python version is 3.9
latest version of ruamel.yaml also dont support python 3.6

@Fantomace74
Copy link

Fantomace74 commented Dec 1, 2023
edited
Loading

I’m using python version 3.11.5 and vcert 0.16.2, which downgraded the ruamel.yaml from 0.18.5 to version 0.17.31
but in the source of vcert-python project there is ruamel.yaml==0.18.5
https://github.com/Venafi/vcert-python/blob/v0.16.2/requirements.txt
and
when installing upgrade of ruamel.yaml, I get the dependecy conflict message:
vcert 0.16.2 requires ruamel.yaml==0.17.31, but you have ruamel-yaml 0.18.5 which is incompatible

@rvelaVenafi
Copy link
Contributor

rvelaVenafi commented Dec 7, 2023
edited
Loading

@Fantomace74 definitely something we need to fix. The ruamel dependency was updated on the requirements file but not on the setup.py file

@EduardoVV EduardoVV mentioned this issue Dec 7, 2023
Merged
@DaDenniX
Copy link

Hey there,
do you have any update on this issue? Thanks in advance :)

@Fantomace74
Copy link

Fantomace74 commented Dec 22, 2023
edited
Loading

@DaDenniX did you try at last update on your controler (no other python module upgrade after)
pip install --upgrade vcert

If you are running the role in a play on localhost (controler with vcert)
Check your settings of variables below.
certificate_csr_origin: service
certificate_remote_execution: false
If true you have to set correct python interpreter with vcert installed aswell on the remote hosts.

This more a vcert and python deps bug than an ansible collection bug.

See project vcert-python (waiting for merge) Venafi/vcert-python#143

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@DaDenniX @lastusrnameon3 @Fantomace74 @rvelaVenafi @luispresuelVenafi @dwebr @cbrister78