Comments (9)
Finally I had time to look into this. Yep our bad. In our testing upstream pipeline we had a couple of playbook level becomes.
It is working fine on production since with 3.x and without crowdstrike-falconpy dep there was no issue.
Fixed. Thanks!
from ansible_collection_falcon.
Ok wait... I had the 3.x version installed system wide, now I removed it and the behavior has changed. Let me make more tests
from ansible_collection_falcon.
I'm getting ModuleNotFoundError: No module named 'falconpy' but crowdstrike-falconpy is installed in the controllor node
pip3 install --upgrade crowdstrike-falconpy
Collecting crowdstrike-falconpy
Using cached crowdstrike_falconpy-1.3.2-py3-none-any.whl (551 kB)
Requirement already satisfied, skipping upgrade: urllib3 in /usr/lib/python3/dist-packages (from crowdstrike-falconpy) (1.25.8)
Requirement already satisfied, skipping upgrade: requests in ./.local/lib/python3.8/site-packages (from crowdstrike-falconpy) (2.31.0)
Requirement already satisfied, skipping upgrade: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests->crowdstrike-falconpy) (2019.11.28)
Requirement already satisfied, skipping upgrade: idna<4,>=2.5 in /usr/lib/python3/dist-packages (from requests->crowdstrike-falconpy) (2.8)
Requirement already satisfied, skipping upgrade: charset-normalizer<4,>=2 in ./.local/lib/python3.8/site-packages (from requests->crowdstrike-falconpy) (3.1.0)
Installing collected packages: crowdstrike-falconpy
Successfully installed crowdstrike-falconpy-1.3.2
$ ansible localhost -c local -m community.general.python_requirements_info -a "dependencies=crowdstrike-falconpy"
localhost | SUCCESS => {
"changed": false,
"mismatched": {},
"not_found": [],
"python": "/usr/bin/python3",
"python_system_path": [
"/tmp/ansible_community.general.python_requirements_info_payload_sc0ry2ez/ansible_community.general.python_requirements_info_payload.zip",
"/usr/lib/python38.zip",
"/usr/lib/python3.8",
"/usr/lib/python3.8/lib-dynload",
"/home/crociani/.local/lib/python3.8/site-packages",
"/usr/local/lib/python3.8/dist-packages",
"/usr/lib/python3/dist-packages"
],
"python_version": "3.8.10 (default, Nov 26 2021, 20:14:08) \n[GCC 9.3.0]",
"python_version_info": {
"major": 3,
"micro": 10,
"minor": 8,
"releaselevel": "final",
"serial": 0
},
"valid": {
"crowdstrike-falconpy": {
"desired": null,
"installed": "1.3.2"
}
}
}
TASK [crowdstrike.falcon.falcon_install : CrowdStrike Falcon | Authenticate to CrowdStrike API] **********************************************************************************************
task path: /home/crociani/.ansible/collections/ansible_collections/crowdstrike/falcon/roles/falcon_install/tasks/auth.yml:2
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: crociani
<localhost> EXEC /bin/sh -c 'echo ~crociani && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/crociani/.ansible/tmp `"&& mkdir "` echo /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555 `" && echo ansible-tmp-1695825960.1791728-9905-131749156302555="` echo /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555 `" ) && sleep 0'
Including module_utils file ansible/__init__.py
Including module_utils file ansible/module_utils/__init__.py
Including module_utils file ansible/module_utils/basic.py
Including module_utils file ansible/module_utils/_text.py
Including module_utils file ansible/module_utils/common/_collections_compat.py
Including module_utils file ansible/module_utils/common/__init__.py
Including module_utils file ansible/module_utils/common/_json_compat.py
Including module_utils file ansible/module_utils/common/_utils.py
Including module_utils file ansible/module_utils/common/arg_spec.py
Including module_utils file ansible/module_utils/common/file.py
Including module_utils file ansible/module_utils/common/locale.py
Including module_utils file ansible/module_utils/common/parameters.py
Including module_utils file ansible/module_utils/common/collections.py
Including module_utils file ansible/module_utils/common/process.py
Including module_utils file ansible/module_utils/common/sys_info.py
Including module_utils file ansible/module_utils/common/text/converters.py
Including module_utils file ansible/module_utils/common/text/__init__.py
Including module_utils file ansible/module_utils/common/text/formatters.py
Including module_utils file ansible/module_utils/common/validation.py
Including module_utils file ansible/module_utils/common/warnings.py
Including module_utils file ansible/module_utils/compat/selectors.py
Including module_utils file ansible/module_utils/compat/__init__.py
Including module_utils file ansible/module_utils/compat/_selectors2.py
Including module_utils file ansible/module_utils/compat/selinux.py
Including module_utils file ansible/module_utils/distro/__init__.py
Including module_utils file ansible/module_utils/distro/_distro.py
Including module_utils file ansible/module_utils/errors.py
Including module_utils file ansible/module_utils/parsing/convert_bool.py
Including module_utils file ansible/module_utils/parsing/__init__.py
Including module_utils file ansible/module_utils/pycompat24.py
Including module_utils file ansible/module_utils/six/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/common_args.py
Including module_utils file ansible_collections/__init__.py
Including module_utils file ansible_collections/crowdstrike/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/__init__.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/falconpy_utils.py
Including module_utils file ansible_collections/crowdstrike/falcon/plugins/module_utils/version.py
Using module file /home/crociani/.ansible/collections/ansible_collections/crowdstrike/falcon/plugins/modules/auth.py
<localhost> PUT /home/crociani/.ansible/tmp/ansible-local-9794kgru42_u/tmppsl_474h TO /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/AnsiballZ_auth.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/ /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/AnsiballZ_auth.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=pwvihwwuwvzlnnuqkxbdvpjvfunoults] password:" -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-pwvihwwuwvzlnnuqkxbdvpjvfunoults ; /usr/bin/python3 /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/AnsiballZ_auth.py'"'"' && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/crociani/.ansible/tmp/ansible-tmp-1695825960.1791728-9905-131749156302555/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_crowdstrike.falcon.auth_payload_0tines9u/ansible_crowdstrike.falcon.auth_payload.zip/ansible_collections/crowdstrike/falcon/plugins/modules/auth.py", line 105, in <module>
ModuleNotFoundError: No module named 'falconpy'
fatal: [ksx-t2-redhat9-postinstall.cos.is.keysight.com -> localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"access_token": null,
"action": "generate",
"client_id": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"client_secret": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"cloud": "us-1",
"ext_headers": null,
"member_cid": null,
"user_agent": null
}
},
"msg": "Failed to import the required Python library (falconpy) on 5CG9425LL1's Python /usr/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"
}
from ansible_collection_falcon.
@TyraelTLK sorry just getting back from vacation.. So looking at this, you are running this as user: crociani but are running the authentication command with sudo? If that is the case, then you would need to ensure that the python files are installed for the root user as sudo will cause the command to execute as the root user.
First try doing the following as a test:
as user crociani:
ansible localhost -c local -m crowdstrike.falcon.auth -a 'client_id=xxxx client_secret=yyyy' -vvv
If that works, then you can try appending the -b
to the ansible command to run as sudo and see what happens there.
from ansible_collection_falcon.
Hi Carlos,
don't worry. I'm not installing on localhost but on a remote host.
from ansible_collection_falcon.
is the API authentication trying to run on the controller node with sudo permission?
from ansible_collection_falcon.
Yes - the authentication happens on the controller node (aka delegated to local host). It would be nasty to have to install crowdstrike-falconpy all over your environment. It's best practice to delegate these to the localhost to run these API calls on behalf of the remote systems. Can you get these installed on the controller node?
from ansible_collection_falcon.
Sorry for late reply, vacations and now I'm working on a site move.
It's best practice to delegate these to the localhost to run these API calls on behalf of the remote systems.
Yes, I agree, but why should it escalate privileges on localhost?
from ansible_collection_falcon.
It shouldn't escalate privileges. You can see that we don't call become: yes
for that task (neither the task itself or from the main.yml). So unless you happen to be doing it from the playbook perspective, it shouldn't try to escalate privs.
from ansible_collection_falcon.
Related Issues (20)
- new module - get host details using falcon hosts sc
- [falcon_install] Add ability to change permissions of the downloaded Falcon Sensor Installer HOT 3
- [falcon_configure] Add ability to prevent service falcon-sensor to start HOT 5
- [falcon_configure] Add ability to specify Customer ID and remove Agent ID HOT 4
- new module - query hidden hosts
- update sensor_download module to use new v2 endpoint
- update falcon_install role to take advantage of v2 sensor_download module
- new lookup plugin - get maintenance token
- new module - manage sensor update policies
- new module - manage prevention policies
- new module - manage filevantage policies
- new module - manage host groups
- new module - find|search for hosts to get list of AIDs HOT 1
- new plugin - lookup plugin for fetching host ids
- Consider adding /docs to the collection HOT 1
- New plugin - mssp children lookup HOT 1
- New module - mssp child info
- update uninstall role for handling maintenance tokens
- update fctl lookup plugin return value for gcid
- ansible partner - check if README needs to be updated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible_collection_falcon.