I believe the two blocks of code below aren't required. They appear to be validating the Virtual Service exists and is running, persumably to allow the HTTP-01 validation to succeed. If we are using DNS-01 there should be no reason to need these checks.

https://github.com/avinetworks/devops/blob/master/cert_mgmt/letsencrypt_mgmt_profile_with_dns.py#L243-L253
https://github.com/avinetworks/devops/blob/master/cert_mgmt/letsencrypt_mgmt_profile_with_dns.py#L325-L375

It is possible to plublish Grafana Dashbord in Prometheus form. You hava push for influxdb but not for grafana.
Now in avi we have : /api/analytics/prometheus-metrics/virtualservice
THks

letsencrypt_mgmt_profile

We are using this script for a year now. Currently on version 0.97. It was working fine. Just recently, after upgrading from AVI version 20.1.4 to 21.1.4-2p6 we got rate limited by LE "...too many registrations for this IP..." and eventually, they are blocking further requests.

We checked the logs and every time a cert renew is triggered, the message "....\nDEBUG: API Host is '172.17.0.1'\nAccount key not found. Generating account key...\nParsing account key........" appears, followed by "...\nRegistering account...\nRegistered!...." and then further down the actual error:
".... Response Code: 429 Response: {'type': 'urn:ietf:params:acme:error:rateLimited', 'detail': 'Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/too-many-registrations-for-this-ip/', 'status': 429} Error in sys.excepthook: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/avi_traceback/avi_exception_hook.py", line 51, in avi_excepthook os.makedirs(output_dir) File "/usr/lib/python3.8/os.py", line 223, in makedirs mkdir(name, mode) OSError: [Errno 30] Read-only file system: '/var/lib/avi/python_crash' Original exception was: Traceback (most recent call last): File "/run/shm/cs/lets-encrypt-certificate-mgmt", line 554, in cert = certificate_request(csr, common_name, kwargs) File "/run/shm/cs/lets-encrypt-certificate-mgmt", line 530, in certificate_request signed_crt = get_crt(user, password, tenant, api_version, csr_temp_file.name, File "/run/shm/cs/lets-encrypt-certificate-mgmt", line 222, in get_crt account, code, acct_headers = _send_signed_request(directory['newAccount'], reg_payload, "Error registering") File "/run/shm/cs/lets-encrypt-certificate-mgmt", line 121, in _send_signed_request return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth) File "/run/shm/cs/lets-encrypt-certificate-mgmt", line 107, in _do_request raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data)) ValueError: Error registering: Url: https://acme-staging-v02.api.letsencrypt.org/acme/new-acct Data: b'{"protected":..."

Now I am wondering, why suddenly, after the version upgrade, it starts behaving like this.

i want to add license usage and expiration details in exporter. how can we add those metrics?

I refer to the following: https://github.com/avinetworks/devops/blob/master/cert_mgmt/letsencrypt_mgmt_profile.py/

Is this supported to work with both VS and EVH setups? I am a novice in the coding space, however I do see references to parent / child within the script which suggests it does.

In my case I get the following error (assuming vs.domain.com is the child object):
Error` from certificate management service: STDOUT - "Running version 0.9.6 dry_run is: False disable_check is: False directory_url is https://acme-v02.api.letsencrypt.org/directory Account key not found. Generating account key... Parsing account key... Parsing CSR... Found domains: vs.domain.com Getting directory... Directory found! Registering account... Registered! Creating new order... Order created! Verifying vs.domain.com... Warning: Could not find a VSVIP with fqdn = vs.domain.com ". STDERR - "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py:853: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings warnings.warn(( /usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py:853: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings warnings.warn(( /usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py:853: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings warnings.warn(( Traceback (most recent call last): File "/run/shm/cs/LetsEncrypt_EVH", line 550, in <module> cert = certificate_request(csr, common_name, kwargs) File "/run/shm/cs/LetsEncrypt_EVH", line 522, in certificate_request signed_crt = get_crt(user, password, tenant, api_version, csr_temp_file.name, File "/run/shm/cs/LetsEncrypt_EVH", line 264, in get_crt raise Exception("Could not find a VS with fqdn = {}".format(domain)) Exception: Could not find a VS with fqdn = vs.domain.com Error in sys.excepthook: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/avi_traceback/avi_exception_hook.py", line 51, in avi_excepthook os.makedirs(output_dir) File "/usr/lib/python3.8/os.py", line 223, in makedirs mkdir(name, mode) OSError: [Errno 30] Read-only file system: '/var/lib/avi/python_crash' Original exception was: Traceback (most recent call last): File "/run/shm/cs/LetsEncrypt_EVH", line 550, in <module> cert = certificate_request(csr, common_name, kwargs) File "/run/shm/cs/LetsEncrypt_EVH", line 522, in certificate_request signed_crt = get_crt(user, password, tenant, api_version, csr_temp_file.name, File "/run/shm/cs/LetsEncrypt_EVH", line 264, in get_crt raise Exception("Could not find a VS with fqdn = {}".format(domain)) Exception: Could not find a VS with fqdn = vs.domain.com "..

Hi,

I'm looking for a bit more detail regarding the parameters mentioned below in the avi_systemconfiguration and avi_sslkeyandcertificate modules, going through the community docs for both (https://docs.ansible.com/ansible/latest/collections/community/network/avi_systemconfiguration_module.html / https://docs.ansible.com/ansible/latest/collections/community/network/avi_sslkeyandcertificate_module.html), there isn't much detail regarding the below parameters in terms of what needs to be passed to the playbook:

avi_systemconfiguration

• Portalconfiguration (settings for systemconfiguration)
• Proxyconfiguration (settings for systemconfiguration)
• Snmpconfiguration (settings for systemconfiguration)

avi_sslkeyandcertificate_module

• Sslcertificate (settings for sslkeyandcertificate)

Any clarity here would be greatly appreciated
Regards
Jules

Recently, I created an Ansible playbook that uses the http get method to pull back cert data from an AVI load balancer. The load balancer in question has 12 pages of cert data. However, it appears the data being retrieved is only one page. Listed below is an example of my playbook:

• gather_facts: false
  hosts: local
  vars:
  env: dev
  tasks:

• name: Get SSL Cert Info
  avi_api_session:
  controller: controller.com
  tenant: DEV
  timeout: 1000
  path: sslkeyandcertificate
  http_method: get
  username: "{{ username }}"
  password: "{{ password }}"
  register: json

debug: var=json

Is there a module or command which can be used to pull multiple pages of data using the get http method? Or would I have to use a loop to complete my request?

Thanks.

Hello. I've been receiving the following error when trying to implement the LE Cert Management script. This error shows when I attempt to create a certificate. Any help is appreciated to track down what is causing this.

Error from certificate management service: STDOUT - "Running version 0.9.7 dry_run is: True disable_check is: False directory_url is https://acme-staging-v02.api.letsencrypt.org/directory ". STDERR - "Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ea57c0>: Failed to establish a new connection: [Errno 111] Connection refused')) Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ea5b50>: Failed to establish a new connection: [Errno 111] Connection refused')) Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ea5ee0>: Failed to establish a new connection: [Errno 111] Connection refused')) Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ecd2b0>: Failed to establish a new connection: [Errno 111] Connection refused')) giving up after 3 retries connection failure True Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 140, in _new_conn conn = connection.create_connection( File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 83, in create_connection raise err File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 598, in urlopen httplib_response = self._make_request(conn, method, url, File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 850, in _validate_conn conn.connect() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 284, in connect conn = self._new_conn() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 149, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ecd2b0>: Failed to establish a new connection: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 638, in urlopen retries = retries.increment(method, url, error=e, _pool=self, File "/usr/local/lib/python3.8/dist-packages/urllib3/util/retry.py", line 388, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ecd2b0>: Failed to establish a new connection: [Errno 111] Connection refused')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/run/shm/cs/LetsEncryptProfile", line 559, in cert = certificate_request(csr, common_name, kwargs) File "/run/shm/cs/LetsEncryptProfile", line 530, in certificate_request signed_crt = get_crt(user, password, tenant, api_version, csr_temp_file.name, File "/run/shm/cs/LetsEncryptProfile", line 137, in get_crt session = ApiSession(apiHost, user, password, tenant=tenant, api_version=api_version) File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 304, in init self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 544, in authenticate_session raise err File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 491, in authenticate_session rsp = super(ApiSession, self).post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ecd2b0>: Failed to establish a new connection: [Errno 111] Connection refused')) Error in sys.excepthook: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/avi_traceback/avi_exception_hook.py", line 51, in avi_excepthook os.makedirs(output_dir) File "/usr/lib/python3.8/os.py", line 223, in makedirs mkdir(name, mode) OSError: [Errno 30] Read-only file system: '/var/lib/avi/python_crash' Original exception was: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 140, in _new_conn conn = connection.create_connection( File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 83, in create_connection raise err File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 598, in urlopen httplib_response = self._make_request(conn, method, url, File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 850, in _validate_conn conn.connect() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 284, in connect conn = self._new_conn() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 149, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ecd2b0>: Failed to establish a new connection: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 638, in urlopen retries = retries.increment(method, url, error=e, _pool=self, File "/usr/local/lib/python3.8/dist-packages/urllib3/util/retry.py", line 388, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ecd2b0>: Failed to establish a new connection: [Errno 111] Connection refused')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/run/shm/cs/LetsEncryptProfile", line 559, in cert = certificate_request(csr, common_name, kwargs) File "/run/shm/cs/LetsEncryptProfile", line 530, in certificate_request signed_crt = get_crt(user, password, tenant, api_version, csr_temp_file.name, File "/run/shm/cs/LetsEncryptProfile", line 137, in get_crt session = ApiSession(apiHost, user, password, tenant=tenant, api_version=api_version) File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 304, in init self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 544, in authenticate_session raise err File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 491, in authenticate_session rsp = super(ApiSession, self).post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6f09ecd2b0>: Failed to establish a new connection: [Errno 111] Connection refused')) "

Where do i need to put the FQDN in the newest version of AVI Virtual Service so that the script finds that VS and uses it for the HTTPPolicy?
Currently my workaround is:

index 85fad46..ea9b827 100644
--- a/1
+++ b/2
@@ -245,7 +245,7 @@ def get_crt(user, password, tenant, api_version, csr, CA=DEFAULT_CA, disable_che
         if overwrite_vs == None:

             # Get VSVIPs/VSs, based on FQDN
-            rsp = _do_request_avi("vsvip/?search=(fqdn,{})".format(domain), "GET").json()
+            rsp = _do_request_avi("vsvip/?search={}".format(domain), "GET").json()
             if debug:
                 print ("Found {} matching VSVIP FQDNs".format(rsp["count"]))
             if rsp["count"] == 0:

I want to send my metrics directly to opensearch and the authentication should be controlled via an instance profile.

Hi see below the error :

Error from certificate management service: STDOUT - "Running version 0.9.7 dry_run is: True disable_check is: False directory_url is https://acme-staging-v02.api.letsencrypt.org/directory Contact set to: ['mailto:[email protected]'] ". STDERR - "Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda3883b790>: Failed to establish a new connection: [Errno 111] Connection refused')) Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda3883bb20>: Failed to establish a new connection: [Errno 111] Connection refused')) Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda3883beb0>: Failed to establish a new connection: [Errno 111] Connection refused')) Connection error retrying HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda38860280>: Failed to establish a new connection: [Errno 111] Connection refused')) giving up after 3 retries connection failure True Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 140, in _new_conn conn = connection.create_connection( File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 83, in create_connection raise err File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 598, in urlopen httplib_response = self._make_request(conn, method, url, File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 850, in _validate_conn conn.connect() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 284, in connect conn = self._new_conn() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 149, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7fda38860280>: Failed to establish a new connection: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 638, in urlopen retries = retries.increment(method, url, error=e, _pool=self, File "/usr/local/lib/python3.8/dist-packages/urllib3/util/retry.py", line 388, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda38860280>: Failed to establish a new connection: [Errno 111] Connection refused')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/run/shm/cs/use_letsencrypt", line 564, in <module> cert = certificate_request(csr, common_name, kwargs) File "/run/shm/cs/use_letsencrypt", line 530, in certificate_request signed_crt = get_crt(user, password, tenant, api_version, csr_temp_file.name, File "/run/shm/cs/use_letsencrypt", line 137, in get_crt session = ApiSession(apiHost, user, password, tenant=tenant, api_version=api_version) File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 304, in __init__ self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 544, in authenticate_session raise err File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 491, in authenticate_session rsp = super(ApiSession, self).post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda38860280>: Failed to establish a new connection: [Errno 111] Connection refused')) Error in sys.excepthook: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/avi_traceback/avi_exception_hook.py", line 51, in avi_excepthook os.makedirs(output_dir) File "/usr/lib/python3.8/os.py", line 223, in makedirs mkdir(name, mode) OSError: [Errno 30] Read-only file system: '/var/lib/avi/python_crash' Original exception was: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 140, in _new_conn conn = connection.create_connection( File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 83, in create_connection raise err File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 73, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 598, in urlopen httplib_response = self._make_request(conn, method, url, File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 850, in _validate_conn conn.connect() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 284, in connect conn = self._new_conn() File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 149, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7fda38860280>: Failed to establish a new connection: [Errno 111] Connection refused During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py", line 638, in urlopen retries = retries.increment(method, url, error=e, _pool=self, File "/usr/local/lib/python3.8/dist-packages/urllib3/util/retry.py", line 388, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda38860280>: Failed to establish a new connection: [Errno 111] Connection refused')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/run/shm/cs/use_letsencrypt", line 564, in <module> cert = certificate_request(csr, common_name, kwargs) File "/run/shm/cs/use_letsencrypt", line 530, in certificate_request signed_crt = get_crt(user, password, tenant, api_version, csr_temp_file.name, File "/run/shm/cs/use_letsencrypt", line 137, in get_crt session = ApiSession(apiHost, user, password, tenant=tenant, api_version=api_version) File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 304, in __init__ self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 545, in authenticate_session self.authenticate_session() File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 544, in authenticate_session raise err File "/opt/avi/python/lib/avi/sdk/avi_api.py", line 491, in authenticate_session rsp = super(ApiSession, self).post( File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 578, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.8/dist-packages/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /login (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fda38860280>: Failed to establish a new connection: [Errno 111] Connection refused')) "..

Thanks for help,
Regards,

Hi,

It is possible to be provided an example of changing a follower site to become the leader site, I tried to use the below gslb task and it doesn't work. The only option / doc found it is https://avinetworks.com/docs/20.1/how-to-select-a-leader-site-manually/

We are using avi 20.1.6 with ansible 2.8
For the moment we have the old avi that is configured to be gslb site leader and the new avi as gslb site follower and we want to switch by making the avi as leader and old avi to be follower. We tried the below task but is not doing anything and we do not received any error.

    - name: Switch gslb site leaeder
      avi_gslb:
        controller: "new controler ip"
        username: "{{ avi_username }}"
        password: "{{ avi_password }}"
        api_version: "20.1.6"
        avi_api_update_method: patch
        avi_api_patch_op: replace
        state: present
        name: "AVI-gslb-{{ availability_zone }}"
        leader_cluster_uuid: "{{ cls_rtn_obj_new.obj.uuid }}"
        sites:
          - name: "{{ dc }}-gslb-{{ availability_zone }}-site_new"
            username: "{{ avi_username }}"
            password: "{{ avi_password }}"
            ip_addresses:
              - type: "V4"
                addr: "10.231.1.91"
              - type: "V4"
                addr: "10.231.2.170"
              - type: "V4"
                addr: "10.231.0.48"
            dns_vses:
              - dns_vs_uuid: "{{ vs_rtn_obj_new.obj.results.0.uuid }}"
            enabled: True
            member_type: "GSLB_ACTIVE_MEMBER"
            port: 443
            cluster_uuid: "{{ cls_rtn_obj_new.obj.uuid }}"
          - name: "{{ dc }}-gslb-{{ availability_zone }}-site_old"
            username: "{{ avi_username }}"
            password: "{{ avi_password }}"
            ip_addresses:
              - type: "V4"
                addr: "10.231.0.230"
              - type: "V4"
                addr: "10.231.2.135"
              - type: "V4"
                addr: "10.231.1.121"
            dns_vses:
              - dns_vs_uuid: "{{ vs_rtn_obj_old.obj.results.0.uuid }}"
            enabled: True
            member_type: "GSLB_ACTIVE_MEMBER"
            port: 443
            cluster_uuid: "{{ cls_rtn_obj_old.obj.uuid }}"

Please let us know if you need more details

Thank you,
Vlad

The IAM policies are hard coded to "aws" and will not work on GovCloud. Add a folder called aws-govcloud with the updated IAM policies.

For example:

"Resource": "arn:aws:sns:*:*:avi-asg-cloud-*"

#TO

"Resource": "arn:aws-us-gov:sns:*:*:avi-asg-cloud-*"

As an administrator I want to be able to send metrics from NSX ALB to CloudWatch with metricscollection.py.
https://docs.aws.amazon.com/code-samples/latest/catalog/python-cloudwatch-cloudwatch_basics.py.html