fmgr_device reporting skipped on device creation failure

petermcd commented 4 years ago

SUMMARY

When utilising the fmgr_device module to add a new device the module reports skipped when the API call failed due to the device not being available.

ISSUE TYPE

Bug Report

COMPONENT NAME

fmgr_device

ANSIBLE VERSION

The below version was also modified to include the correct fortimanager.py file to resolve the httpapi bug.

ansible 2.9.7 config file = None configured module search path = ['/home/peter/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/peter/.virtualenvs/ansibletest/lib/python3.6/site-packages/ansible executable location = /home/peter/.virtualenvs/ansibletest/bin/ansible python version = 3.6.9 (default, Nov 7 2019, 10:44:02) [GCC 8.3.0]

CONFIGURATION

No output (no custom configuration)

OS / ENVIRONMENT

Linux petermcd.dev 4.15.0-96-generic #97-Ubuntu SMP Wed Apr 1 03:25:46 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

STEPS TO REPRODUCE

1) Create the below playbook and call it device_create.playbook (this has details of a device that does not exist to purposely cause a failure):

- name: Add Fortinet Device
  hosts: FortiManager
  connection: httpapi
  gather_facts: False
  tasks:
    - name: Discover and add device
      register: command_output
      vars:
        ansible_command_timeout: 60
      fmgr_device:
        adom: "root"
        device_username: "dfghjfgjmfgh"
        device_password: "sfjrgkr"
        device_ip: "192.168.1.1"
        device_unique_name: "xhgmgkhyj"
        mode: "add"
        blind_add: "disable"
    - debug: msg="{{ command_output }}"

2) create a host group called FortiManager with valid credentials associated

3) perform the following call:

ansible-playbook device_create.playbook

EXPECTED RESULTS

PLAY [Add Fortinet Device] *****

TASK [Gathering Facts] ***** ok: [device-name]

TASK [Discover and add device] *****************************************************************************************************************************************************
[WARNING]: Found internal 'results' key in module return, renamed to 'ansible_module_results'.
failed: [device-name] -> {FAILURE MESSAGE}

PLAY RECAP *************************************************************************************************************************************************************************
device-name       : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

ACTUAL RESULTS

The task is marked as skipped with no error being output for the call. As can be seen from the error in the -vvvv call below the device could not be added to the FortiManager as the probe failed.

ansible-playbook 2.9.7
  config file = None
  configured module search path = ['/home/peter/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/peter/.virtualenvs/ansibletest/lib/python3.6/site-packages/ansible
  executable location = /home/peter/.virtualenvs/ansibletest/bin/ansible-playbook
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]
No config file found; using defaults
setting up inventory plugins
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /home/peter/.virtualenvs/ansibletest/lib/python3.6/site-packages/ansible/plugins/callback/default.py

PLAYBOOK: fortinet-add-device-novars.playbook **************************************************************************************************************************************
Positional arguments: fortinet-add-device-novars.playbook
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 5
1 plays in fortinet-add-device-novars.playbook

PLAY [Add Fortinet Device] *********************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************
task path: /home/peter/fmgr/playbooks/fortinet-add-device-novars.playbook:1
<192.168.100.14> attempting to start connection
<192.168.100.14> using connection plugin httpapi
<192.168.100.14> local domain socket does not exist, starting it
<192.168.100.14> control socket path is /home/peter/.ansible/pc/12048f59c1
<192.168.100.14> local domain socket listeners started successfully
<192.168.100.14> loaded API plugin fortimanager from path /home/peter/.virtualenvs/ansibletest/lib/python3.6/site-packages/ansible/plugins/httpapi/fortimanager.py for network_os fortimanager
<192.168.100.14> 
<192.168.100.14> local domain socket path is /home/peter/.ansible/pc/12048f59c1
<192.168.100.14> ESTABLISH LOCAL CONNECTION FOR USER: peter
<192.168.100.14> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2 `"&& mkdir /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130759.962827-29485-8335701645719 && echo ansible-tmp-1587130759.962827-29485-8335701645719="` echo /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130759.962827-29485-8335701645719 `" ) && sleep 0'
<labi-sis-fman-eus-01> Attempting python interpreter discovery
<192.168.100.14> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<192.168.100.14> EXEC /bin/sh -c '/usr/bin/python3.6 && sleep 0'
Using module file /home/peter/.virtualenvs/ansibletest/lib/python3.6/site-packages/ansible/modules/system/setup.py
<192.168.100.14> PUT /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/tmpx69yu972 TO /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130759.962827-29485-8335701645719/AnsiballZ_setup.py
<192.168.100.14> EXEC /bin/sh -c 'chmod u+x /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130759.962827-29485-8335701645719/ /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130759.962827-29485-8335701645719/AnsiballZ_setup.py && sleep 0'
<192.168.100.14> EXEC /bin/sh -c '/usr/bin/python3 /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130759.962827-29485-8335701645719/AnsiballZ_setup.py && sleep 0'
<192.168.100.14> EXEC /bin/sh -c 'rm -f -r /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130759.962827-29485-8335701645719/ > /dev/null 2>&1 && sleep 0'
ok: [labi-sis-fman-eus-01]
META: ran handlers

TASK [Discover and add device] *****************************************************************************************************************************************************
task path: /home/peter/fmgr/playbooks/fortinet-add-device-novars.playbook:5
<192.168.100.14> attempting to start connection
<192.168.100.14> using connection plugin httpapi
<192.168.100.14> found existing local domain socket, using it!
<192.168.100.14> 
<192.168.100.14> local domain socket path is /home/peter/.ansible/pc/12048f59c1
<192.168.100.14> ESTABLISH LOCAL CONNECTION FOR USER: peter
<192.168.100.14> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2 `"&& mkdir /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130762.5106516-29556-109900753628818 && echo ansible-tmp-1587130762.5106516-29556-109900753628818="` echo /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130762.5106516-29556-109900753628818 `" ) && sleep 0'
Using module file /home/peter/.virtualenvs/ansibletest/lib/python3.6/site-packages/ansible/modules/network/fortimanager/fmgr_device.py
<192.168.100.14> PUT /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/tmp9_0_pwed TO /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130762.5106516-29556-109900753628818/AnsiballZ_fmgr_device.py
<192.168.100.14> EXEC /bin/sh -c 'chmod u+x /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130762.5106516-29556-109900753628818/ /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130762.5106516-29556-109900753628818/AnsiballZ_fmgr_device.py && sleep 0'
<192.168.100.14> EXEC /bin/sh -c '/usr/bin/python3 /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130762.5106516-29556-109900753628818/AnsiballZ_fmgr_device.py && sleep 0'
[WARNING]: Found internal 'results' key in module return, renamed to 'ansible_module_results'.
<192.168.100.14> EXEC /bin/sh -c 'rm -f -r /home/peter/.ansible/tmp/ansible-local-294793g3x7rx2/ansible-tmp-1587130762.5106516-29556-109900753628818/ > /dev/null 2>&1 && sleep 0'
skipping: [device-name] => {
    "ansible_facts": {
        "ansible_params": {
            "adom": "root",
            "blind_add": "disable",
            "device_ip": "192.168.1.1",
            "device_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "device_unique_name": "xhgmgkhyj",
            "device_username": "dfghjfgjmfgh",
            "mode": "add"
        },
        "connected_fmgr": {
            "Admin Domain Configuration": "Disabled",
            "BIOS version": "04000002",
            "Branch Point": "1050",
            "Build": "1050",
            "Current Time": "Fri Apr 17 06:58:53 PDT 2020",
            "Daylight Time Saving": "Yes",
            "FIPS Mode": "Disabled",
            "HA Mode": "HA Master",
            "Hostname": "FMG-VM64",
            "License Status": "Valid",
            "Major": 6,
            "Max Number of Admin Domains": 10000,
            "Max Number of Device Groups": 10000,
            "Minor": 2,
            "Offline Mode": "Disabled",
            "Patch": 0,
            "Platform Full Name": "FortiManager-VM64",
            "Platform Type": "FMG-VM64",
            "Release Version Information": " (GA)",
            "Serial Number": "REDACTED",
            "Time Zone": "(GMT-8:00) Pacific Time (US & Canada).",
            "Version": "v6.2.0-build1050 190411 (GA)",
            "x86-64 Applications": "Yes"
        },
        "paramgram": {
            "adom": "root",
            "device_ip": "192.168.1.1",
            "device_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "device_unique_name": "xhgmgkhyj",
            "device_username": "dfghjfgjmfgh",
            "mode": "add"
        },
        "response": [
            -20042,
            {
                "status": {
                    "code": -20042,
                    "message": "Probe failed: network"
                },
                "url": "/dvm/cmd/discover/device/"
            }
        ]
    },
    "ansible_module_results": {
        "status": {
            "code": -20042,
            "message": "Probe failed: network"
        },
        "url": "/dvm/cmd/discover/device/"
    },
    "changed": false,
    "invocation": {
        "module_args": {
            "adom": "root",
            "blind_add": "disable",
            "device_ip": "192.168.1.1",
            "device_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "device_unique_name": "xhgmgkhyj",
            "device_username": "dfghjfgjmfgh",
            "mode": "add"
        }
    },
    "msg": "Device Unreachable.",
    "rc": -20042,
    "unreachable": false
}
META: ran handlers
META: ran handlers

PLAY RECAP *************************************************************************************************************************************************************************
device-name       : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

petermcd commented 4 years ago

I originally posted the above issue on the official Ansible GitHub but was directed here instead

I am currently undecided as to whether this is now a bug or not and will leave it here for discussion.

The argument appears to be between the following options

Mark the task as skipped and have to work out if it was skipped for a genuine reason or if the device failed to add (by either polling the FortiManager to ascertain if the device exists or by updating the playlist like below). The disadvantages if this is that the overall Playbook will fail on the first device failure.
Mark the task as failed and have the playbook continue on failures. This potentially causes a playbook with multiple tasks to add a device to continually attempt to create those devices when for example you cant connect to the FortiManager.

- name: Add Fortinet Device
  hosts: FortiManager
  connection: httpapi
  tasks:
    - name: Discover and add device
      register: command_output
      vars:
        ansible_command_timeout: 60
      fmgr_device:
        adom: "root"
        device_username: "dfghjfgjmfgh"
        device_password: "sfjrgkr"
        device_ip: "192.168.1.1"
        device_unique_name: "xhgmgkhyj"
        mode: "add"
        blind_add: "disable"
    - name: fail
      fail:
        msg: "{{ command_output['ansible_module_results']['status']['message'] }}"
      when: "-20042 == command_output['ansible_module_results']['status']['code']"

ansibullbot commented 3 years ago

cc @Ftntcorecse @Ghilli3 @lweighall @p4r4n0y1ng click here for bot help

sanjay-chahar commented 3 years ago

Hi

I have similar issue, when I try to run multple tasks in playbook its skip tje task and indivisual task working fine

Please update me if anyone have any update or any other workaround.

(devops) root@control-node01:~/home/devops/project# ansible --version ansible 2.10.14 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /root/devops/lib/python3.8/site-packages/ansible executable location = /root/devops/bin/ansible python version = 3.8.10 (default, Sep 28 2021, 16:10:42) [GCC 9.

my playbook

hosts: fortimanagers collections:
- fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks:
- name: Device VDOM table. fmgr_dvmdb_device_vdom: bypass_validation: False workspace_locking_adom: "FWC" workspace_locking_timeout: 300 rc_succeeded: 0 rc_failed: -2 adom: "FWC" device: FWC state: present dvmdb_device_vdom: comments: "manage by ansible" name: "ans-vdom"
  opmode: nat
  
  rtm_prof_id: 4
  
  status: add
  
  vpn_id: 2121
  
  meta fields: test
  
  tasks:
- name: 'Add Policy Package' fmgr_fwpol_package: mode: "add" adom: "FWC" name: "ansiblePKG" object_type: "pkg" inspection_mode: "flow" ngfw_mode: "profile-based" scope_members: "FWC" scope_members_vdom: "ans-vdom"

ansible-playbook -i inventory test_create_everything_thru_one_playbook.yml -vv ansible-playbook 2.10.14 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /root/devops/lib/python3.8/site-packages/ansible executable location = /root/devops/bin/ansible-playbook python version = 3.8.10 (default, Sep 28 2021, 16:10:42) [GCC 9.3.0] No config file found; using defaults [WARNING]: While constructing a mapping from /root/home/devops/project/test_create_everything_thru_one_playbook.yml, line 1, column 3, found a duplicate dict key (tasks). Using last defined value only. redirecting (type: modules) ansible.builtin.fmgr_fwpol_package to community.network.fmgr_fwpol_package Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test_create_everything_thru_one_playbook.yml ***** 1 plays in test_create_everything_thru_one_playbook.yml

PLAY [fortimanagers] ***

TASK [Gathering Facts] ***** task path: /root/home/devops/project/test_create_everything_thru_one_playbook.yml:1 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi ok: [fmg] META: ran handlers

TASK [Add Policy Package] ** task path: /root/home/devops/project/test_create_everything_thru_one_playbook.yml:29 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi redirecting (type: modules) ansible.builtin.fmgr_fwpol_package to community.network.fmgr_fwpol_package [WARNING]: Found internal 'results' key in module return, renamed to 'ansible_module_results'. changed: [fmg] => {"ansible_facts": {"ansible_params": {"adom": "FWC", "central_nat": "disable", "fwpolicy6_implicit_log": "disable", "fwpolicy_implicit_log": "disable", "inspection_mode": "flow", "mode": "add", "name": "ansiblePKG", "ngfw_mode": "profile-based", "object_type": "pkg", "scope_members_vdom": "ans-vdom"}, "connected_fmgr": {"data": {"Admin Domain Configuration": "Enabled", "BIOS version": "04000002", "Branch Point": "2363", "Build": "2363", "Current Time": "Tue Oct 05 04:24:59 PDT 2021", "Daylight Time Saving": "Yes", "FIPS Mode": "Disabled", "HA Mode": "Stand Alone", "Hostname": "FortiManager", "License Status": "Valid", "Major": 6, "Max Number of Admin Domains": 10000, "Max Number of Device Groups": 10000, "Minor": 4, "Offline Mode": "Disabled", "Patch": 6, "Platform Full Name": "FortiManager-VM64", "Platform Type": "FMG-VM64", "Release Version Information": " (GA)", "Serial Number": "FMG-VMTM21010111", "Time Zone": "(GMT-8:00) Pacific Time (US & Canada).", "Version": "v6.4.6-build2363 210531 (GA)", "x86-64 Applications": "Yes"}, "status": {"code": 0, "message": "OK"}, "url": "sys/status"}, "paramgram": {"adom": "FWC", "central-nat": "disable", "fwpolicy-implicit-log": "disable", "fwpolicy6-implicit-log": "disable", "inspection-mode": "flow", "mode": "add", "name": "ansiblePKG", "ngfw-mode": "profile-based", "object_type": "pkg", "scope_members_vdom": "ans-vdom"}, "response": [0, {"status": {"code": 0, "message": "OK"}, "url": "/pm/pkg/adom/FWC"}]}, "ansible_module_results": {"status": {"code": 0, "message": "OK"}, "url": "/pm/pkg/adom/FWC"}, "changed": true, "msg": "OK", "rc": 0, "success": true, "unreachable": false} META: ran handlers META: ran handlers

PLAY RECAP ***** fmg : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

petermcd commented 3 years ago

Hi @sanjay-chahar

Unfortunately it is inlikely this issue is going to be resolved here as per the responses I got on a pull request I raised for ref:

https://github.com/ansible-collections/community.network/pull/15

ansible-collections / community.network