Help with Adding Items to 1Password via Ansible: Server Conflict Error 409

Hi everyone,

I’m using Ansible to add items to 1Password based on a list of users and inventory hosts. The task aims to create a login item for each user-host pair, such as host1-user1, host1-user2, host2-user1 ,'host2-user2, and so on. However, I’m running into an issue where I sometimes receive a 409 Conflict: Internal server conflict error. When I rerun the playbook, the error disappears, and the item is added successfully.

Here’s a snippet of my task:

- name: Create item in 1Password 
  shell: |
    /usr/bin/op item create --category login --title "{{ item.user_name }}-{{ inventory_hostname }}" --vault test --url "https://{{ ansible_host }}" "username={{ item.user_name }}" --generate-password='letters,digits,symbols,12' --tags idrac_ansible_managed </dev/null
  environment:
    OP_SERVICE_ACCOUNT_TOKEN: "{{ op_token }}"
  when: item.user_name + '-' + inventory_hostname not in op_item_check.stdout
  retries: 10
  delay: 10
  loop: "{{ users }}"

I’ve already increased the retries and delay parameters, but the issue still occasionally occurs. Has anyone encountered similar server conflict errors with 1Password and Ansible? Any advice on how to handle this more effectively would be greatly appreciated!

Thanks in advance!

A 409 is a return code from the web server itself. This isn’t an error from Ansible, it’s a warning that there’s a conflict within the web server’s actions:

The 409 (Conflict) status code indicates that the request could not be completed due to a conflict with the current state of the target resource. This code is used in situations where the user might be able to resolve the conflict and resubmit the request. The server SHOULD generate a payload that includes enough information for a user to recognize the source of the conflict.

Conflicts are most likely to occur in response to a PUT request. For example, if versioning were being used and the representation being PUT included changes to a resource that conflict with those made by an earlier (third-party) request, the origin server might use a 409 response to indicate that it can't complete the request. In this case, the response representation would likely contain information useful for merging the differences based on the revision history.

Per the spec above, the server is supposed to provide you some amount of information on the differences as to why the 409 occurred.

1 Like

Hello,

Thank you for your answer. So I should normally check with 1 password to resolve this issue?

I would enable verbose logging in Ansible and try to recreate the issue. When you are able to replicate the failure, note the date and time of the failure, what account you were updating, attach the Ansible job log, and send it to either your internal team that supports 1Password or 1Password themself.

1 Like

Ok , thank you very much :slight_smile:

Hello, I resolved the problem by adding serial: 1 in my playbook. I was making multiple requests at the same time to the 1 password server which caused conflict.