Coder Social home page Coder Social logo

Comments (9)

TyraelTLK avatar TyraelTLK commented on June 11, 2024 1

Finally I had time to look into this. Yep our bad. In our testing upstream pipeline we had a couple of playbook level becomes.
It is working fine on production since with 3.x and without crowdstrike-falconpy dep there was no issue.
Fixed. Thanks!

from ansible_collection_falcon.

TyraelTLK avatar TyraelTLK commented on June 11, 2024

Ok wait... I had the 3.x version installed system wide, now I removed it and the behavior has changed. Let me make more tests

from ansible_collection_falcon.

TyraelTLK avatar TyraelTLK commented on June 11, 2024

I'm getting ModuleNotFoundError: No module named 'falconpy' but crowdstrike-falconpy is installed in the controllor node

pip3 install --upgrade crowdstrike-falconpy
Collecting crowdstrike-falconpy
Using cached crowdstrike_falconpy-1.3.2-py3-none-any.whl (551 kB)
Requirement already satisfied, skipping upgrade: urllib3 in /usr/lib/python3/dist-packages (from crowdstrike-falconpy) (1.25.8)
Requirement already satisfied, skipping upgrade: requests in ./.local/lib/python3.8/site-packages (from crowdstrike-falconpy) (2.31.0)
Requirement already satisfied, skipping upgrade: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests->crowdstrike-falconpy) (2019.11.28)
Requirement already satisfied, skipping upgrade: idna<4,>=2.5 in /usr/lib/python3/dist-packages (from requests->crowdstrike-falconpy) (2.8)
Requirement already satisfied, skipping upgrade: charset-normalizer<4,>=2 in ./.local/lib/python3.8/site-packages (from requests->crowdstrike-falconpy) (3.1.0)
Installing collected packages: crowdstrike-falconpy
Successfully installed crowdstrike-falconpy-1.3.2

$ ansible localhost -c local -m community.general.python_requirements_info -a "dependencies=crowdstrike-falconpy"
localhost | SUCCESS => {
"changed": false,
"mismatched": {},
"not_found": [],
"python": "/usr/bin/python3",
"python_system_path": [
"/tmp/ansible_community.general.python_requirements_info_payload_sc0ry2ez/ansible_community.general.python_requirements_info_payload.zip",
"/usr/lib/python38.zip",
"/usr/lib/python3.8",
"/usr/lib/python3.8/lib-dynload",
"/home/crociani/.local/lib/python3.8/site-packages",
"/usr/local/lib/python3.8/dist-packages",
"/usr/lib/python3/dist-packages"
],
"python_version": "3.8.10 (default, Nov 26 2021, 20:14:08) \n[GCC 9.3.0]",
"python_version_info": {
"major": 3,
"micro": 10,
"minor": 8,
"releaselevel": "final",
"serial": 0
},
"valid": {
"crowdstrike-falconpy": {
"desired": null,
"installed": "1.3.2"
}
}
}

TASK [crowdstrike.falcon.falcon_install : CrowdStrike Falcon | Authenticate to CrowdStrike API] **********************************************************************************************
task path: /home/crociani/.ansible/collections/ansible_collections/crowdstrike/falcon/roles/falcon_install/tasks/auth.yml:2
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: crociani
<localhost> EXEC /bin/sh -c 'echo ~crociani && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/crociani/.ansible/tmp `"&& mkdir "` echo /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555 `" && echo ansible-tmp-1695825960.1791728-9905-131749156302555="` echo /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555 `" ) && sleep 0'
Including module_utils file ansible/__init__.py
Including module_utils file ansible/module_utils/__init__.py
Including module_utils file ansible/module_utils/basic.py
Including module_utils file ansible/module_utils/_text.py
Including module_utils file ansible/module_utils/common/_collections_compat.py
Including module_utils file ansible/module_utils/common/__init__.py
Including module_utils file ansible/module_utils/common/_json_compat.py
Including module_utils file ansible/module_utils/common/_utils.py
Including module_utils file ansible/module_utils/common/arg_spec.py
Including module_utils file ansible/module_utils/common/file.py
Including module_utils file ansible/module_utils/common/locale.py
Including module_utils file ansible/module_utils/common/parameters.py
Including module_utils file ansible/module_utils/common/collections.py
Including module_utils file ansible/module_utils/common/process.py
Including module_utils file ansible/module_utils/common/sys_info.py
Including module_utils file ansible/module_utils/common/text/converters.py
Including module_utils file ansible/module_utils/common/text/__init__.py
Including module_utils file ansible/module_utils/common/text/formatters.py
Including module_utils file ansible/module_utils/common/validation.py
Including module_utils file ansible/module_utils/common/warnings.py
Including module_utils file ansible/module_utils/compat/selectors.py
Including module_utils file ansible/module_utils/compat/__init__.py
Including module_utils file ansible/module_utils/compat/_selectors2.py
Including module_utils file ansible/module_utils/compat/selinux.py
Including module_utils file ansible/module_utils/distro/__init__.py
Including module_utils file ansible/module_utils/distro/_distro.py
Including module_utils file ansible/module_utils/errors.py
Including module_utils file ansible/module_utils/parsing/convert_bool.py
Including module_utils file ansible/module_utils/parsing/__init__.py
Including module_utils file ansible/module_utils/pycompat24.py
Including module_utils file ansible/module_utils/six/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/common_args.py
Including module_utils file ansible_collections/__init__.py
Including module_utils file ansible_collections/crowdstrike/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/falconpy_utils.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/version.py
Using module file /home/crociani/.ansible/collections/ansible_collections/crowdstrike/falcon/plugins/modules/auth.py
<localhost> PUT /home/crociani/.ansible/tmp/ansible-local-9794kgru42_u/tmppsl_474h TO /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/AnsiballZ_auth.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/ /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/AnsiballZ_auth.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=pwvihwwuwvzlnnuqkxbdvpjvfunoults] password:" -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-pwvihwwuwvzlnnuqkxbdvpjvfunoults ; /usr/bin/python3 /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/AnsiballZ_auth.py'"'"' && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_crowdstrike.falcon.auth_payload_0tines9u/ansible_crowdstrike.falcon.auth_payload.zip/ansible_collections/crowdstrike/falcon/plugins/modules/auth.py", line 105, in <module>
ModuleNotFoundError: No module named 'falconpy'
fatal: [ksx-t2-redhat9-postinstall.cos.is.keysight.com -> localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_token": null,
            "action": "generate",
            "client_id": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "client_secret": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "cloud": "us-1",
            "ext_headers": null,
            "member_cid": null,
            "user_agent": null
        }
    },
    "msg": "Failed to import the required Python library (falconpy) on 5CG9425LL1's Python /usr/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"
}

from ansible_collection_falcon.

carlosmmatos avatar carlosmmatos commented on June 11, 2024

@TyraelTLK sorry just getting back from vacation.. So looking at this, you are running this as user: crociani but are running the authentication command with sudo? If that is the case, then you would need to ensure that the python files are installed for the root user as sudo will cause the command to execute as the root user.

First try doing the following as a test:
as user crociani:

ansible localhost -c local -m crowdstrike.falcon.auth -a 'client_id=xxxx client_secret=yyyy' -vvv

If that works, then you can try appending the -b to the ansible command to run as sudo and see what happens there.

from ansible_collection_falcon.

TyraelTLK avatar TyraelTLK commented on June 11, 2024

Hi Carlos,
don't worry. I'm not installing on localhost but on a remote host.

from ansible_collection_falcon.

TyraelTLK avatar TyraelTLK commented on June 11, 2024

is the API authentication trying to run on the controller node with sudo permission?

from ansible_collection_falcon.

carlosmmatos avatar carlosmmatos commented on June 11, 2024

Yes - the authentication happens on the controller node (aka delegated to local host). It would be nasty to have to install crowdstrike-falconpy all over your environment. It's best practice to delegate these to the localhost to run these API calls on behalf of the remote systems. Can you get these installed on the controller node?

from ansible_collection_falcon.

TyraelTLK avatar TyraelTLK commented on June 11, 2024

Sorry for late reply, vacations and now I'm working on a site move.

It's best practice to delegate these to the localhost to run these API calls on behalf of the remote systems.
Yes, I agree, but why should it escalate privileges on localhost?

from ansible_collection_falcon.

carlosmmatos avatar carlosmmatos commented on June 11, 2024

It shouldn't escalate privileges. You can see that we don't call become: yes for that task (neither the task itself or from the main.yml). So unless you happen to be doing it from the playbook perspective, it shouldn't try to escalate privs.

from ansible_collection_falcon.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.