fortinet-solutions-cse / 40ansible Goto Github PK
View Code? Open in Web Editor NEWAnsible modules and examples for Fortinet products using the REST API
Home Page: https://fndn.fortinet.net
License: Apache License 2.0
Ansible modules and examples for Fortinet products using the REST API
Home Page: https://fndn.fortinet.net
License: Apache License 2.0
- hosts: localhost
vars_files:
- /home/centos/ansible/40ansible/vars/main.yml
gather_facts: no
tasks:
- name: backup system config
fortiosconfig:
config: "system config backup"
action: "backup"
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "global"
config_parameters:
filename: "backup_config_001"
Error:
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767 `" && echo ansible-tmp-1544694017.59-81219007331767="` echo /root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767 `" ) && sleep 0'
Using module file /home/centos/ansible/40ansible/library/fortiosconfig.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-4545fKpH0J/tmpWKs7jH TO /root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/AnsiballZ_fortiosconfig.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/ /root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/AnsiballZ_fortiosconfig.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 /root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/AnsiballZ_fortiosconfig.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/AnsiballZ_fortiosconfig.py", line 113, in <module>
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/AnsiballZ_fortiosconfig.py", line 105, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1544694017.59-81219007331767/AnsiballZ_fortiosconfig.py", line 48, in invoke_module
imp.load_module('__main__', mod, module, MOD_DESC)
File "/tmp/ansible_fortiosconfig_payload_417Zzw/__main__.py", line 845, in <module>
File "/tmp/ansible_fortiosconfig_payload_417Zzw/__main__.py", line 833, in main
File "/tmp/ansible_fortiosconfig_payload_417Zzw/__main__.py", line 720, in fortigate_config_backup
File "/usr/lib/python2.7/site-packages/fortiosapi/fortiosapi.py", line 191, in monitor
return self.formatresponse(res, vdom=vdom)
File "/usr/lib/python2.7/site-packages/fortiosapi/fortiosapi.py", line 87, in formatresponse
resp = json.loads(res.content.decode('utf-8'))[0]
File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 366, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 384, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: No JSON object could be decoded
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1544692684.03-2 7946625238735/AnsiballZ_fortiosconfig.py\", line 113, in <module>\n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1544692684.03-27946625238735/ AnsiballZ_fortiosconfig.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp -1544692684.03-27946625238735/AnsiballZ_fortiosconfig.py\", line 48, in invoke_module\n imp.load_module('__main__', mod, module, MOD_DESC)\n File \"/tmp/an sible_fortiosconfig_payload_WnNTvM/__main__.py\", line 845, in <module>\n File \"/tmp/ansible_fortiosconfig_payload_WnNTvM/__main__.py\", line 833, in main\n File \"/tmp/ansible_fortiosconfig_payload_WnNTvM/__main__.py\", line 720, in fortigate_config_backup\n File \"/usr/lib/python2.7/site-packages/fortiosapi/for tiosapi.py\", line 191, in monitor\n return self.formatresponse(res, vdom=vdom)\n File \"/usr/lib/python2.7/site-packages/fortiosapi/fortiosapi.py\", line 91, in formatresponse\n resp = json.loads(res.content.decode('utf-8'))\n File \"/usr/lib64/python2.7/json/__init__.py\", line 338, in loads\n return _de fault_decoder.decode(s)\n File \"/usr/lib64/python2.7/json/decoder.py\", line 366, in decode\n obj, end = self.raw_decode(s, idx=_w(s, 0).end())\n File \" /usr/lib64/python2.7/json/decoder.py\", line 384, in raw_decode\n raise ValueError(\"No JSON object could be decoded\")\nValueError: No JSON object could be decoded\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
Working with @JonTheNiceGuy on Fortigate Playbooks:
I have built a FortiGate NGFW - Single VM on Azure using the marketplace and selecting the "BYOL 6.0.3" model.
I then execute the following playbook:
`
vars:
host1: "<removed>:8443"
username: "<removed>"
password: "<removed>"
vdom: "root"
https: "true"
tasks:
The verbose output from the failure step is as follows:
TASK [configures local memory logging] **************************************************************************************************************************************************************************************************************************************************************************************echo /home/tohillm/.ansible/tmp/ansible-tmp-1549365329.73-215581636446446
" && echo ansible-tmp-1549365329.73-215581636446446="echo /home/tohillm/.ansible/tmp/ansible-tmp-1549365329.73-215581636446446
" ) && sleep 0'fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File "/home/tohillm/.ansible/tmp/ansible-tmp-1549365329.73-215581636446446/AnsiballZ_fortiosconfig.py", line 113, in \n _ansiballz_main()\n File "/home/tohillm/.ansible/tmp/ansible-tmp-1549365329.73-215581636446446/AnsiballZ_fortiosconfig.py", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/home/tohillm/.ansible/tmp/ansible-tmp-1549365329.73-215581636446446/AnsiballZ_fortiosconfig.py", line 48, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File "/tmp/ansible_fortiosconfig_payload_CUwU8c/main.py", line 859, in \n File "/tmp/ansible_fortiosconfig_payload_CUwU8c/main.py", line 847, in main\n File "/tmp/ansible_fortiosconfig_payload_CUwU8c/main.py", line 519, in fortigate_config_set\n File "/tmp/ansible_fortiosconfig_payload_CUwU8c/main.py", line 469, in login\n File "/usr/lib/python2.7/site-packages/fortiosapi/fortiosapi.py", line 118, in login\n data='username=' + username + '&secretkey=' + password + "&ajax=1")\n File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 507, in post\n return self.request('POST', url, data=data, json=json, **kwargs)\n File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request\n resp = self.send(prep, **send_kwargs)\n File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send\n r = adapter.send(request, **kwargs)\n File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 415, in send\n raise ConnectionError(err, request=request)\nrequests.exceptions.ConnectionError: ('Connection aborted.', error(101, 'Network is unreachable'))\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
to retry, use: --limit @/home/tohillm/playbooks/AF-1137-FW-locallog-Mgmt/AF-1137-FW-locallog-Mgmt-part1.retry
PLAY RECAP ******************************************************************************************************************************************************************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 `
Can anyone give me advice as to what I am doing wrong?
Thanks, Mark
Hello,
I have ssh customized ports for my Fortigates, im wondering if i could change that. On the playbooks examples doesnt specify.
Thanks you.
FS
Hi all,
is there a way to define the path where ansible is storing the Fortigate Configuration files?
best Regards,
ISSUE TYPE
Hello,
Using Ansible via Tower, we are not able to create an object on Fortigate 240D firewall using fortios_firewall_adress module.
Playbook ends each time with same error (see below).
COMPONENT NAME
Ansible: 2.9.6
Python 3.6
FortiosAPI: 1.0.1
Ansible module : fortios_firewall_adress
Fortigate firewall is 240D running on 6.0.6
ANSIBLE VERSION
Ansible version is 2.9.6
OS / ENVIRONMENT
Tower is running on CentOS Linux release 7.7.1908
STEPS TO REPRODUCE
To reproduce you can play playbook below
EXPECTED RESULTS
Object to be created in the firewall.
ACTUAL RESULTS
PLAY [localhost] ***************************************************************
TASK [fortios_tasks : CREATE OBJECT ON FORTIGATE] ******************************
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "/opt/my-envs/Ansible2.9P3/lib/python3.6/site-packages/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.109.109.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\\n InsecureRequestWarning,\nTraceback (most recent call last):\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1586426295.6123304-22106732036127/AnsiballZ_fortios_firewall_address.py\", line 102, in \n _ansiballz_main()\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1586426295.6123304-22106732036127/AnsiballZ_fortios_firewall_address.py\", line 94, in ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1586426295.6123304-22106732036127/AnsiballZ_fortios_firewall_address.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.fortios.fortios_firewall_address', init_globals=None, run_name='main', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in run_code\n exec(code, run_globals)\n File \"/tmp/ansible_fortios_firewall_address_payload_o04mvvs/ansible_fortios_firewall_address_payload.zip/ansible/modules/network/fortios/fortios_firewall_address.py\", line 570, in \n File \"/tmp/ansible_fortios_firewall_address_payload_o04mvvs/ansible_fortios_firewall_address_payload.zip/ansible/modules/network/fortios/fortios_firewall_address.py\", line 560, in main\n File \"/tmp/ansible_fortios_firewall_address_payload_o04mvvs/ansible_fortios_firewall_address_payload.zip/ansible/modules/network/fortios/fortios_firewall_address.py\", line 462, in fortios_firewall\n File \"/tmp/ansible_fortios_firewall_address_payload_o04mvvs/ansible_fortios_firewall_address_payload.zip/ansible/modules/network/fortios/fortios_firewall_address.py\", line 445, in firewall_address\n File \"/opt/my-envs/Ansible2.9P3/lib/python3.6/site-packages/fortiosapi/fortiosapi/fortiosapi.py\", line 422, in set\n mkey = self.get_mkey(path, name, data, vdom=vdom)\n File \"/opt/my-envs/Ansible2.9P3/lib/python3.6/site-packages/fortiosapi/fortiosapi/fortiosapi.py\", line 233, in get_mkey\n keyname = self.get_mkeyname(path, name, vdom)\n File \"/opt/my-envs/Ansible2.9P3/lib/python3.6/site-packages/fortiosapi/fortiosapi/fortiosapi.py\", line 222, in get_mkeyname\n schema = self.schema(path, name, vdom=vdom)\n File \"/opt/my-envs/Ansible2.9P3/lib/python3.6/site-packages/fortiosapi/fortiosapi/fortiosapi.py\", line 322, in schema\n url = self.cmdb_url(path, name, vdom=vdom) + \"&action=schema\"\n File \"/opt/my-envs/Ansible2.9P3/lib/python3.6/site-packages/fortiosapi/fortiosapi/fortiosapi.py\", line 257, in cmdb_url\n self.check_session()\n File \"/opt/my-envs/Ansible2.9P3/lib/python3.6/site-packages/fortiosapi/fortiosapi/fortiosapi.py\", line 131, in check_session\n raise NotLogged()\nfortiosapi.fortiosapi.exceptions.NotLogged: Not logged on a session, please login.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
[
PLAY RECAP *********************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Hello, I'm having trouble to make this module working.
I've tried the fortigate_ssh.yml and it works like a charm.
But if I try another playbook it fails with this error.
ansible-playbook -vvv fortigate_backup_config.yml -i hosts
ansible-playbook 2.9.1
config file = /Users/user.name/Documents/Work/Network/ansible/ansible.cfg
configured module search path = ['/Users/user.name/Documents/Work/Network/ansible/ntc-ansible/library', '/Users/user.name/.ansible/plugins/modules', '/Users/user.name/Documents/Work/Dev/Ansible/textfsm/textfsm']
ansible python module location = /Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/ansible
executable location = /Users/user.name/anaconda2/envs/Ansible/bin/ansible-playbook
python version = 3.7.4 (default, Aug 13 2019, 15:17:50) [Clang 4.0.1 (tags/RELEASE_401/final)]
Using /Users/user.name/Documents/Work/Network/ansible/ansible.cfg as config file
host_list declined parsing /Users/user.name/Documents/Work/Dev/Ansible/40ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
script declined parsing /Users/user.name/Documents/Work/Dev/Ansible/40ansible/hosts as it did not pass its verify_file() method
auto declined parsing /Users/user.name/Documents/Work/Dev/Ansible/40ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
yaml declined parsing /Users/user.name/Documents/Work/Dev/Ansible/40ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
ini declined parsing /Users/user.name/Documents/Work/Dev/Ansible/40ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
toml declined parsing /Users/user.name/Documents/Work/Dev/Ansible/40ansible/hosts as it did not pass its verify_file() method
[WARNING]: Unable to parse /Users/user.name/Documents/Work/Dev/Ansible/40ansible/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAYBOOK: fortigate_backup_config.yml *********************************************************************************************************************************************************************
1 plays in fortigate_backup_config.yml
PLAY [localhost] ******************************************************************************************************************************************************************************************
META: ran handlers
TASK [Set static route on the fortigate] ******************************************************************************************************************************************************************
task path: /Users/user.name/Documents/Work/Dev/Ansible/40ansible/fortigate_backup_config.yml:40
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: user.name
<127.0.0.1> EXEC /bin/sh -c 'echo ~user.name && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310
" && echo ansible-tmp-1578998634.726859-108948252877310="echo /Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310
" ) && sleep 0'
Using module file /Users/user.name/Documents/Work/Dev/Ansible/40ansible/library/fortiosconfig.py
<127.0.0.1> PUT /Users/user.name/.ansible/tmp/ansible-local-58103cafufrkx/tmp97p0_yhg TO /Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/AnsiballZ_fortiosconfig.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/ /Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/AnsiballZ_fortiosconfig.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/Users/user.name/anaconda2/envs/Ansible/bin/python /Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/AnsiballZ_fortiosconfig.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning,\n/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning,\n/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning,\nTraceback (most recent call last):\n File "/Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/AnsiballZ_fortiosconfig.py", line 102, in \n _ansiballz_main()\n File "/Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/AnsiballZ_fortiosconfig.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/Users/user.name/.ansible/tmp/ansible-tmp-1578998634.726859-108948252877310/AnsiballZ_fortiosconfig.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.fortiosconfig', init_globals=None, run_name='main', alter_sys=True)\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/runpy.py", line 205, in run_module\n return run_module_code(code, init_globals, run_name, mod_spec)\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/runpy.py", line 96, in run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/runpy.py", line 85, in run_code\n exec(code, run_globals)\n File "/var/folders/2/05fdldc10392hfr9f__zlrdh000_y7/T/ansible_fortiosconfig_payload_e_ehzfk0/ansible_fortiosconfig_payload.zip/ansible/modules/fortiosconfig.py", line 948, in \n File "/var/folders/2/05fdldc10392hfr9f__zlrdh000_y7/T/ansible_fortiosconfig_payload_e_ehzfk0/ansible_fortiosconfig_payload.zip/ansible/modules/fortiosconfig.py", line 936, in main\n File "/var/folders/2/05fdldc10392hfr9f__zlrdh000_y7/T/ansible_fortiosconfig_payload_e_ehzfk0/ansible_fortiosconfig_payload.zip/ansible/modules/fortiosconfig.py", line 575, in fortigate_set\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/fortiosapi/fortiosapi.py", line 417, in set\n mkey = self.get_mkey(path, name, data, vdom=vdom)\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/fortiosapi/fortiosapi.py", line 228, in get_mkey\n keyname = self.get_mkeyname(path, name, vdom)\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/fortiosapi/fortiosapi.py", line 217, in get_mkeyname\n schema = self.schema(path, name, vdom=vdom)\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/fortiosapi/fortiosapi.py", line 317, in schema\n url = self.cmdb_url(path, name, vdom=vdom) + "&action=schema"\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/fortiosapi/fortiosapi.py", line 252, in cmdb_url\n self.check_session()\n File "/Users/user.name/anaconda2/envs/Ansible/lib/python3.7/site-packages/fortiosapi/fortiosapi.py", line 126, in check_session\n raise NotLogged()\nfortiosapi.exceptions.NotLogged: Not logged on a session, please login.\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
PLAY RECAP ************************************************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Duplicate of:
"Unsupported parameters for (fortios_config) module: #43
using example playbook https://github.com/fortinet-solutions-cse/40ansible/blob/master/examples/fortigate_backup_config.yml, receive this error.
Ansible 2.9.1. I ran declare -x ANSIBLE_LIBRARY=/etc/ansible/library (all files from the 40ansible/library folder were copied into it).
I'm also not entirely clear where this backup config would be placed if this worked, does it store it locally on the fortigate? our goal is to copy it to the ansible host (and then store in a bitbucket repo)
Hello,
Good job about this helpful module.
Nevertheless, I get the error below while a backup task. (Fortigate 3000D in v6.0.2).
"UnicodeEncodeError: 'ascii' codec can't encode character u'\xe9' in position 690830: ordinal not in range(128)".
I can see the "Config system file has been downloaded by xxxx" event on the FGT. So the problem seems occuring during the file transfert or its writing.
Thank for your help.
Regards
Patrice
I've reviewed the code of fortiosconfig.py and the ansible_fgt_modules and I can't find an example of a rename action.
From the CLI you can do
configure firewall address
rename hosta to hostb
end
Is it possible to so something like this with the API?
Hi,
Great module, i'm really enjoying it!
Would it be possible to add support for custom SSH ports (non 22)?
Hello,
I am receiving the following error when running a playbook to create a VIP on an FG-VM-64.
fatal: [th-lab-fgvm64]: FAILED! => {"changed": false, "meta": {"http_status": 500, "status": "error"}, "msg": "Error in repo"}
The playbook is as follows:
- name: Set vip on the fortigate
gather_facts: false
connection: local
hosts: all
tasks:
- fortiosconfig:
action: "set"
host: "172.16.31.254"
username: "admin"
password: ""
config: "firewall vip"
config_parameters:
name: "vip-1"
extip: "1.1.1.1"
mappedip: "10.10.10.10"
type: "static"
extintf: "any"
I have confirmed that the firewall is reachable from my Ansible machine, and that the credentials are correct. My pip list is below.
ansible (2.5.0)
asn1crypto (0.24.0)
bcrypt (3.1.4)
certifi (2018.1.18)
cffi (1.11.5)
chardet (3.0.4)
cryptography (2.2.2)
enum34 (1.1.6)
fortiosapi (0.9.91)
idna (2.6)
ipaddress (1.0.19)
Jinja2 (2.10)
MarkupSafe (1.0)
ntlm-auth (1.1.0)
paramiko (2.4.1)
pip (9.0.3)
pyasn1 (0.4.2)
pycparser (2.18)
pyfg (0.50)
PyNaCl (1.2.1)
pywinrm (0.3.0)
PyYAML (3.12)
requests (2.18.4)
requests-ntlm (1.1.0)
setuptools (33.1.1.post20170517)
six (1.11.0)
urllib3 (1.22)
xmltodict (0.11.0)
Thank you very much for your assistance.
Hello,
Thanks for fortiosconfig module !
I am using fortigate_ssh.yml and I wonder if it is possible with fortiosconfig:
Regards
Nicolas
I am using the following tasks to configure snmp communities on a virtual fortigate appliance:
---
- name: Get community
connection: local
fortiosconfig:
https: False
action: "get"
host: "{{ fw_vars['ip'] }}"
username: "{{ fw_username }}"
password: "{{ fw_password }}"
config: "system.snmp community"
https: False
register: config
- debug:
var: config
- name: Edit community 1
connection: local
fortiosconfig:
https: False
action: "set"
host: "{{ fw_vars['ip'] }}"
username: "{{ fw_username }}"
password: "{{ fw_password }}"
config: "system.snmp community"
https: False
mkey: 1
config_parameters:
name: "{{ fw_vars['ans_snmp_ro'] }}"
I have manually created two entries in the snmp community table. On the appliance side of things I can see the following:
config system snmp community
edit 1
set name "test"
next
edit 2
set name "number 2"
next
end
And from the Ansible debug statement I see:
ok: [localhost] => {
"config": {
"changed": false,
"failed": false,
"meta": {
"results": [
{
"events": "cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open faz-disconnect wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high",
"hosts": [],
"hosts6": [],
"id": 1,
"name": "test",
"q_origin_key": 1,
"query-v1-port": 161,
"query-v1-status": "enable",
"query-v2c-port": 161,
"query-v2c-status": "enable",
"status": "enable",
"trap-v1-lport": 162,
"trap-v1-rport": 162,
"trap-v1-status": "enable",
"trap-v2c-lport": 162,
"trap-v2c-rport": 162,
"trap-v2c-status": "enable"
},
{
"events": "cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open faz-disconnect wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high",
"hosts": [],
"hosts6": [],
"id": 2,
"name": "number 2",
"q_origin_key": 2,
"query-v1-port": 161,
"query-v1-status": "enable",
"query-v2c-port": 161,
"query-v2c-status": "enable",
"status": "enable",
"trap-v1-lport": 162,
"trap-v1-rport": 162,
"trap-v1-status": "enable",
"trap-v2c-lport": 162,
"trap-v2c-rport": 162,
"trap-v2c-status": "enable"
}
],
"status": "success",
"version": "v6.0.3"
}
}
}
I would ideally like to edit one of the entries and based on fortios api reference doc I read, I figured that specifying the mkey would be the same as referencing the id. Here I'm trying to change the name of the first entry from "test" to the variable fw_vars['ans_snmp_ro'] however I get the following error on the Edit Community 1 task:
File \"/usr/local/lib/python2.7/dist-packages/fortiosapi/fortiosapi.py\", line 440, in set\n mkey = self.get_mkey(path, name, data, vdom=vdom)\n File \"/usr/local/lib/python2.7/dist-packages/fortiosapi/fortiosapi.py\", line 259, in get_mkey\n LOG.warning(\"mkey %s not set in the data\", mkey)\nUnboundLocalError: local variable 'mkey' referenced before assignment\n"
However, when I do not try to use the mkey and instead add the line id: 1 under the config_parameters section the module does what I expect it to (change the name of the entry).
I'm not sure what the mkey value is functionally used for. I tried looking through the examples but I do not see any that use that parameter. If someone could add an example on how to use that parameter that would probably clear up my confusion on what it actually does. Thanks!
I need to explicitly enable HTTP on fortigate interface in order to avoid "Connection timed out" error
- hosts: localhost
vars_files:
- /home/centos/ansible/40ansible/vars/main.yml
gather_facts: no
tasks:
- name: Configure web content filtering in fortigate
fortios_webfilter:
host: "{{ host }}"
username: "{{ username}}"
password: "{{ password }}"
vdom: "{{ vdom }}"
webfilter_content:
id: "1"
name: "default"
comment: ""
entries:
- name: "bet-online"
pattern-type: "wildcard"
status: "enable"
lang: "western"
score: 40
action: "block"
- name: "tv-.*online"
pattern-type: "regexp"
status: "enable"
lang: "western"
score: 42
action: "block"
state: "present"
Errors:
The full traceback is:
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1544708418.34-194837611454630/AnsiballZ_fortios_webfilter.py", line 113, in
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1544708418.34-194837611454630/AnsiballZ_fortios_webfilter.py", line 105, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1544708418.34-194837611454630/AnsiballZ_fortios_webfilter.py", line 48, in invoke_module
imp.load_module('main', mod, module, MOD_DESC)
File "/tmp/ansible_fortios_webfilter_payload_QeJMZJ/main.py", line 548, in
File "/tmp/ansible_fortios_webfilter_payload_QeJMZJ/main.py", line 539, in main
File "/tmp/ansible_fortios_webfilter_payload_QeJMZJ/main.py", line 459, in fortios_webfilter
File "/usr/lib/python2.7/site-packages/fortiosapi/fortiosapi.py", line 127, in login
raise Exception('login failed')
Exception: login failed
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File "/root/.ansible/tmp/ansible-tmp-1544708418.34-194837611454630/AnsiballZ_fortios_webfilter.py", line 113, in \n _ansiballz_main()\n File "/root/.ansible/tmp/ansible-tmp-1544708418.34-194837611454630/AnsiballZ_fortios_webfilter.py", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/root/.ansible/tmp/ansible-tmp-1544708418.34-194837611454630/AnsiballZ_fortios_webfilter.py", line 48, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File "/tmp/ansible_fortios_webfilter_payload_QeJMZJ/main.py", line 548, in \n File "/tmp/ansible_fortios_webfilter_payload_QeJMZJ/main.py", line 539, in main\n File "/tmp/ansible_fortios_webfilter_payload_QeJMZJ/main.py", line 459, in fortios_webfilter\n File "/usr/lib/python2.7/site-packages/fortiosapi/fortiosapi.py", line 127, in login\n raise Exception('login failed')\nException: login failed\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
CentOS 7
ansible 2.7.4
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Better handling of return errors is needed here ..
To reproduce try to perform action on non existing vdom for expl
During an ansible play which references the fortiosconfig module in Ansible 2.7, I get a message indicating that the "no_log" option has not been set on a password field.
Could it be worth looking at using the native fortios modules in core Ansible to reduce your requirement to specify things like this: (e.g. https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/network/fortios/fortios.py#L45-L56) ?
Hi,
I'm trying to use this module in ansible to do the network automation for our fortigate. I found there is monitor action chocies, and I read the source code for monitor action. it looks like it will just use fortiosAPI to do a monitor API call.
When I use the following playbook
it tells me that I can only use the ones in the avalible_conf. I went through the AVAL_CONF, it looks like it's more about using the some common CMDB API.
Is monitor action function unfinished? or I'm using it in the wrong way.
btw:
I used fortiOSAPI to test my code, and it works fine.
After deleting the check for the config, I can get the result from the fortigate. You might want to do the check for the other actions, at least not for monitor API
Hey man! thanks for the great work to compile the ansible module for Fortigate FW!
I tried to run fortigate_mix.yml and met with the following errors:
"msg": "Unsupported parameters for (fortios_config) module: action,config,config_parameters,https Supported parameters include: backup,backup_filename,backup_path,config_file,file_mode,filter,host,password,src,timeout,username,vdom"
}
Please advise on how can I resolve this errors as im new to ansible.
Thank you in advance!
Cheers!
Hello,
Wanted to know if it is possible to load multiple licenses to multiple fortigates using the fortigate_upload_license.yml playbook?
Say I have a folder of licenses and wanted to deploy the licenses across multiple VMs.
Any ideas would be great.
Thanks
Hi,
I am having the exact same issue as #26. So please forgive me that I am not pasting in the output I am getting as it is the same.
My steps to reproduce:
Spin up a new PAYG VM on Azure and expose SSH/HTTP/HTTPS ports to outside on public IP.
Login to HTTPS interface and set admin-https-redirect to disable and enable port1 for http management traffic.
Use playbook in mamunozgonzalez's reponse. Replacing host, username and password with my values.
I still get login failed. If I log into the appliance on the web interface I can call the api via the browser successfully so I know it is working.
Is there something I am missing in my configuration of the firewall? I've also tried the ansible fgt generator modules and they also give me login failed.
I tried packet capturing the http transmission and I can see my username and password in cleartext being sent over, so it isn't because I have put in the wrong credentials either.
A better handling of the json: format for policy rules (i.e. not visible from the user) can be done with a couple of cases switches..
Hi,
name: Backup current config
hosts: all
tasks:
The error below is shown:
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
The error appears to have been in '/etc/ansible/clients/firewalls/fortigate-firewall.yml': line 6, column 5, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
The module fortios_router_prefix_list does not actually add or modify router prefixes to FortiGate.
The underlying API call requires the parameter 'plugin : 1' for the changes to be accepted.
This is also reported in the Developer Network https://fndn.fortinet.net/index.php?/forums/topic/1995-fortios-rest-api-config-router-prefix-list-issuebug/
Guys, thank you very much for the libs!
I have not found any info about webfilter_profile feature in fortios_webfilter.
Would you add this feature to master?
In mutli vdom need to change the url with ?global=1 when global is the target ...
vdom=global can be used as naming a vdom global is forbiden
hi there
so I'm trying to backup the fortigate configuration per vdom according your example here:
fortios backup
however, the configuration backed up is always the full configuration of the firewall and not the one of the corresponding vdom.
On the other hand if I set the vdom parameter to some non existing the playbook fails. so it looks like the parameter is checked but does not invoke the correct backup command.
Am I doing something wrong?
Thanks.
Hi, All
Could you please add support custom API ports. In many production cases, admin API port is changed, due to not override SSL VPN port.
When trying to delete an existing object I get an error saying:
File "/Users/damani/.pyenv/versions/3.6.5/lib/python3.6/site-packages/fortiosapi/fortiosapi.py", line 329, in schema\n url = self.cmdb_url(path, name) + "?action=schema"\nTypeError: cmdb_url() missing 1 required positional argument: 'vdom'\n"
I'm running FortiOS v6.0.3
- hosts: localhost
# strategy: debug
vars:
host: "{{ lookup ('env', 'FORTIGATE_IP') }}"
username: "{{ lookup ('env', 'FORTIGATE_USER') }}"
password: "{{ lookup ('env', 'FORTIGATE_PASS') }}"
vdom: "root"
gaia_vpn_name: "{{ lookup ('env', 'GAIA_VPN_NAME') }}"
gaia_wan_interface: "{{ lookup ('env', 'GAIA_WAN_INTERFACE') }}"
gaia_local_gw: "{{ lookup ('env', 'GAIA_LOCAL_GW') }}"
gaia_remote_gw: "{{ lookup ('env', 'GAIA_REMOTE_GW') }}"
gaia_vpn_shared_secret: "{{ lookup ('env', 'GAIA_VPN_SHARED_SECRET') }}"
gaia_src_subnet: "{{ lookup ('env', 'GAIA_SRC_SUBNET') }}"
gaia_dst_subnet: "{{ lookup ('env', 'GAIA_DST_SUBNET') }}"
gaia_vpn_route_num_0: "{{ lookup ('env', 'GAIA_VPN_ROUTE_NUM_0') }}"
gaia_vpn_inbound_fw_id_0: "{{ lookup ('env', 'GAIA_INBOUND_FW_ID_0') }}"
gaia_vpn_outbound_fw_id_0: "{{ lookup ('env', 'GAIA_OUTBOUND_FW_ID_0') }}"
gaia_lan_interface: "{{ lookup ('env', 'GAIA_LAN_INTERFACE') }}"
tasks:
- name: Show Var(s)
debug:
msg:
- "host is: {{ host }}"
- "vdom is: {{ vdom }}"
- name: Remove Gaia outbound firewall policy
fortiosconfig:
config: "firewall policy"
action: "delete"
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
config_parameters:
policyid: "{{ gaia_vpn_outbound_fw_id_0 }}"
name: "{{ gaia_vpn_name }}_0_out"
action: "accept"
srcintf: [ {"name": "{{ gaia_lan_interface }}"} ]
dstintf: [ {"name": "{{ gaia_vpn_name }}"} ]
srcaddr: [ {"name": "all"} ]
dstaddr: [ {"name": "all"} ]
schedule: "always"
service: [ {"name":"ALL"} ]
tcp-mss-sender: "1350"
tcp-mss-receiver: "1350"
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "/Users/user1/.pyenv/versions/3.6.5/lib/python3.6/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is stronglyadvised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/Users/user1/.pyenv/versions/3.6.5/lib/python3.6/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\nTraceback (most recent call last):\n File \"/Users/user1/.ansible/tmp/ansible-tmp-1546309813.406816-137183293061395/AnsiballZ_fortiosconfig.py\", line 113, in <module>\n _ansiballz_main()\n File \"/Users/user1/.ansible/tmp/ansible-tmp-1546309813.406816-137183293061395/AnsiballZ_fortiosconfig.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/Users/user1/.ansible/tmp/ansible-tmp-1546309813.406816-137183293061395/AnsiballZ_fortiosconfig.py\", line 48, in invoke_module\n imp.load_module('__main__', mod, module, MOD_DESC)\n File \"/Users/user1/.pyenv/versions/3.6.5/lib/python3.6/imp.py\", line 235, in load_module\n return load_source(name, filename, file)\n File \"/Users/user1/.pyenv/versions/3.6.5/lib/python3.6/imp.py\", line 170, in load_source\n module = _exec(spec, sys.modules[name])\n File \"<frozen importlib._bootstrap>\", line 618, in _exec\n File \"<frozen importlib._bootstrap_external>\", line 678, in exec_module\n File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed\n File \"/var/folders/6k/19krd1hx19x54m6s_6d3v51r0000gq/T/ansible_fortiosconfig_payload_sglg06m3/__main__.py\", line 845, in <module>\n File \"/var/folders/6k/19krd1hx19x54m6s_6d3v51r0000gq/T/ansible_fortiosconfig_payload_sglg06m3/__main__.py\", line 833, in main\n File \"/var/folders/6k/19krd1hx19x54m6s_6d3v51r0000gq/T/ansible_fortiosconfig_payload_sglg06m3/__main__.py\", line 587, in fortigate_config_del\n File \"/Users/user1/.pyenv/versions/3.6.5/lib/python3.6/site-packages/fortiosapi/fortiosapi.py\", line 329, in schema\n url = self.cmdb_url(path, name) + \"?action=schema\"\nTypeError: cmdb_url() missing 1 required positional argument: 'vdom'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
to retry, use: --limit @/Users/user1/Google Drive/Scripts/Gaia/gaia-util-Azure-Sandbox/gaia-util/tf-azure/40ansible/fortigate_remove_gaia_vpn_azure.retry
I'm trying to run some command through ssh, and It looks like I get the correct result. However, when I turn on the debug from ansible it says:
err": "<paramiko.ChannelFile from <paramiko.Channel 0 (closed) -> <paramiko.Transport at 0xb89cd860 (unconnected)>>>
is this err is expeteced since it's just the paramiko saying the connection is closed or it's a bug?
I have built a FortiGate NGFW - Single VM
on Azure using the marketplace and selecting the "BYOL 6.0.3" model. Following the build, I SSH in, and issue:
config system global
set admin-sport 443
end
exit
I then execute the following playbook:
---
- hosts: localhost
vars:
host_ip_address: 192.0.2.1
host_user: someuser
host_pass: 123_Somepass
tasks:
- name: Issue license
fortiosconfig:
host: "{{ host_ip_address }}"
username: "{{ host_user }}"
password: "{{ host_pass }}"
vdom: "{{ host_vdom | default('root') }}"
https: true
config: system vmlicense upload
action: upload
config_parameters:
filename: "./somefile.lic"
I get this as output:
(azure) vagrant@ubuntu:/HostHome/Documents/01 Projects - Ansible on Azure/Azure/2018-12-14_FGT_License$ ansible-playbook test.yml
[WARNING]: Unable to parse /etc/ansible/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ********************************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************************
ok: [localhost]
TASK [Issue license] ****************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: can not get following login
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1545039137.76-129793567464365/AnsiballZ_fortiosconfig.py\", line 113, in <module>\n _ansiballz_main()\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1545039137.76-129793567464365/AnsiballZ_fortiosconfig.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1545039137.76-129793567464365/AnsiballZ_fortiosconfig.py\", line 48, in invoke_module\n imp.load_module('__main__', mod, module, MOD_DESC)\n File \"/tmp/ansible_fortiosconfig_payload_nSoxNj/__main__.py\", line 845, in <module>\n File \"/tmp/ansible_fortiosconfig_payload_nSoxNj/__main__.py\", line 833, in main\n File \"/tmp/ansible_fortiosconfig_payload_nSoxNj/__main__.py\", line 756, in fortigate_config_upload\n File \"/tmp/ansible_fortiosconfig_payload_nSoxNj/__main__.py\", line 469, in login\n File \"/home/spriggsj/azure/local/lib/python2.7/site-packages/fortiosapi/fortiosapi.py\", line 130, in login\n raise Exception('can not get following login')\nException: can not get following login\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
PLAY RECAP **************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1
The verbose output from the failure step is as follows:
TASK [Issue license] ****************************************************************************************************************************************************
task path: /HostHome/Documents/01 Projects - Ansible on Azure/Azure/2018-12-14_FGT_License/test.yml:9
The full traceback is:
Traceback (most recent call last):
File "/home/vagrant/.ansible/tmp/ansible-tmp-1545041674.57-132789405945393/AnsiballZ_fortiosconfig.py", line 113, in <module>
_ansiballz_main()
File "/home/vagrant/.ansible/tmp/ansible-tmp-1545041674.57-132789405945393/AnsiballZ_fortiosconfig.py", line 105, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/vagrant/.ansible/tmp/ansible-tmp-1545041674.57-132789405945393/AnsiballZ_fortiosconfig.py", line 48, in invoke_module
imp.load_module('__main__', mod, module, MOD_DESC)
File "/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py", line 845, in <module>
File "/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py", line 833, in main
File "/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py", line 756, in fortigate_config_upload
File "/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py", line 469, in login
File "/home/spriggsj/azure/local/lib/python2.7/site-packages/fortiosapi/fortiosapi.py", line 130, in login
raise Exception('can not get following login')
Exception: can not get following login
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1545041674.57-132789405945393/AnsiballZ_fortiosconfig.py\", line 113, in <module>\n _ansiballz_main()\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1545041674.57-132789405945393/AnsiballZ_fortiosconfig.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/vagrant/.ansible/tmp/ansible-tmp-1545041674.57-132789405945393/AnsiballZ_fortiosconfig.py\", line 48, in invoke_module\n imp.load_module('__main__', mod, module, MOD_DESC)\n File \"/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py\", line 845, in <module>\n File \"/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py\", line 833, in main\n File \"/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py\", line 756, in fortigate_config_upload\n File \"/tmp/ansible_fortiosconfig_payload_nLR_hv/__main__.py\", line 469, in login\n File \"/home/spriggsj/azure/local/lib/python2.7/site-packages/fortiosapi/fortiosapi.py\", line 130, in login\n raise Exception('can not get following login')\nException: can not get following login\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
Does this mean that because the license isn't valid at the time we try to make the API call, we're unable to use the API to deploy a license? Thanks!
Hi,
Would it be possible for you to separate the library into a git sub-module, so I can just consume the submodule in my roles and playbooks, without needing the examples?
Here's an example of where I've done the same thing in another project:
https://github.com/e-and-cs/k5-skeleton-infrastructure has a submodule for the library to https://github.com/mohclips/k5-ansible-modules/tree/5cf49d5ad9f73f412ca6d7cc78596573167cc087
Happy to advise if further advice is required!
The character forward slash '/' cannot be used in object names, for example:
address_subnet:
- name: 'test-10.0.0.1/32'
subnet: '10.0.0.1 255.255.255.255'
When using the literal '/' this is regarded as an URL separator which makes the API PUT request fail with HTTP 400. See also httpsd debug log and packet capture:
slash-literal.txt
slash-literal.zip
When encoding the '/' as '%2F' the API PUT and POST requests actually go through, but the object is created with '%2F' in its name instead of '/'. See also httpsd debug log and packet capture:
slash-encoded.txt
slash-encoded.zip
Potentially this may be a bug at fortiosapi-level, I may raise there if you can confirm that this lies with that project.
Is it possible to specify what directory is used for the log, the system's /var/tmp wouldn't be allowed from my venv.
I tried setting no_log: true but that did not help.
Hi
I need help with this playbook
---------------------------------------results ----------------------
[root@aut-server ansible-fortinet]# ansible-playbook test-main.yml -vvv
ansible-playbook 2.9.7
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.6.8 (default, Aug 7 2019, 17:28:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
PLAYBOOK: test-main.yml ***********************************************************************************************************************************************************************************************
1 plays in test-main.yml
PLAY [localhost] ******************************************************************************************************************************************************************************************************
META: ran handlers
TASK [system config restore] ******************************************************************************************************************************************************************************************
task path: /root/ansible-fortinet/test-main.yml:6
<192.168.88.133> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.168.88.133> EXEC /bin/sh -c 'echo ~root && sleep 0'
<192.168.88.133> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp
"&& mkdir /root/.ansible/tmp/ansible-tmp-1587985203.5996234-114393-164317949494124 && echo ansible-tmp-1587985203.5996234-114393-164317949494124="echo /root/.ansible/tmp/ansible-tmp-1587985203.5996234-114393-164317949494124
" ) && sleep 0'
Using module file /root/ansible-fortinet/library/fortiosconfig.py
<192.168.88.133> PUT /root/.ansible/tmp/ansible-local-11438557ynznlj/tmpjmnfz2eq TO /root/.ansible/tmp/ansible-tmp-1587985203.5996234-114393-164317949494124/AnsiballZ_fortiosconfig.py
<192.168.88.133> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1587985203.5996234-114393-164317949494124/ /root/.ansible/tmp/ansible-tmp-1587985203.5996234-114393-164317949494124/AnsiballZ_fortiosconfig.py && sleep 0'
<192.168.88.133> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-tmp-1587985203.5996234-114393-164317949494124/AnsiballZ_fortiosconfig.py && sleep 0'
<192.168.88.133> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1587985203.5996234-114393-164317949494124/ > /dev/null 2>&1 && sleep 0'
changed: [localhost] => {
"changed": true,
"invocation": {
"module_args": {
"action": "restore",
"commands": null,
"config": "system config restore",
"config_parameters": {
"filename": "backup/backup_config_001"
},
"description": null,
"diff": false,
"host": "10.21.0.254",
"https": true,
"mkey": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ssl_verify": false,
"username": "ansible",
"vdom": "root"
}
},
"meta": {
"result": "[\n {\n "http_method":"POST",\n "results":{\n "error":"config_invalid_file",\n "config_restored":false\n },\n "vdom":"root",\n "path":"system",\n "name":"config",\n "action":"restore",\n "status":"success",\n "serial":"FG100ETK18010651",\n "version":"v6.0.7",\n "build":302\n }\n]",
"status": 200,
"version": "v6.0.7"
}
}
META: ran handlers
META: ran handlers
PLAY RECAP ************************************************************************************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@aut-server ansible-fortinet]#
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.