Aggregate using fortios_api_interface

[senilio]

Hi,

I'm attempting to set up an LACP interface using the fortios_api_interface module, with the following code:

      - name: PROD-LACP
        allowaccess: ping https ssh
        ip: 10.0.144.250 255.255.255.0
        type: aggregate
        vdom: root
        algorithm: L4
        lacp-mode: active
        lacp-ha-slave: enable
        lacp-speed: slow
        min-links: 1
        role: lan
        member:
          - port3
          - port4

I'm wondering if this is even possible using the fortios_api_interface module, or if I need to revert to using the generic module? It's not easy to troubleshoot since the only error I get back from the API is:

"msg": "Failed to create objects:\n #PROD-LACP, Failed dependency - one of: duplicate resource, missing required parameter, missing required attribute, or invalid attribute value., \n",

Thanks 👍

Running on FortiOS 5.4.8.

[eoprede]

Yes, the errors are not very helpful because firewall itself doesn't return anything useful when it fails...

I have not tested LACP aggregates, but I am going to make a guess it has the same issue as VRRP. If you take a look at the example (fw_example.json), I have to first create an interface and then make a separate API call with generic fortios_api module to create VRRP for it. Try the same with members.

[senilio]

Looks like a catch 22 situation :) I can't create an aggregate type interface without specifying members. No big deal, but I think this goes to the list of stuff that needs to be done manually.

[eoprede]

It looks like an issue with the module rather than API. I can easily make an API call to create new agg interface and it works just fine. I can also modify that interface via the module (i.e. add more ports to it) just fine. It's the creation that is broken. Just FYI, here's an example of config that works fine after being manually created: { "name": "testagg", "vdom": "root", "allowaccess": "ping", "ip": "1.1.1.1 255.255.255.0", "role": "lan", "type": "aggregate", "member": [ { "interface-name": "port6" }, { "interface-name": "port7" } ] }

[senilio]

Thanks for that! I realised my syntax for member was wrong. Could you please include the API call that you used for creating the new agg interface? I don't have access to the REST API reference, so I'm struggling a bit to figure out the endpoints.

[eoprede]

So, first of all - you can just do print_current_config: true and it will create a file with the full current config. Second of all:

 intf = {
              "name": "testagg",
              "vdom": "root",
              "allowaccess": "ping",
              "ip": "1.1.1.1 255.255.255.0",
              "role": "lan",
              "type": "aggregate",
              "member": [
                {
                    "interface-name": "port6"
                },
                {
                    "interface-name": "port7"
                }
              ]
            }

    try:
        t = fortigate_api(fw, un, pw, proxies=proxy)
        t.print_data (t.show('cmdb/system/interface'))
        t.print_data (t.create('cmdb/system/interface', data=intf))

Using the fortigate API module (nearby in my account)

[senilio]

Excellent! Thanks for clarifying, much appreciated 👍