Open mpsikorski opened 2 years ago
jpforcioli
commented
2 years ago Hi,
Would you mind testing again with 2.1.5? To install it in my environment, I've run this command:
ansible-galaxy collection install git+https://github.com/fortinet-ansible-dev/ansible-galaxy-fortimanager-collection.git,galaxy/2.1.5Against my FMG 7.0.2 GA, it works as expected.
Best Regards.
mpsikorski
commented
2 years ago Hi, thanks for your fast response. I think this time I am wrong. After some more testing I found out that the unlock does happen with a delay of ~one minute. Maybe it's just an issue with our fortimanager. I need to further investigate.
mpsikorski
commented
2 years ago At least one thing doesn't work as expected. In the playbook we set the value for workspace_locking_timeout to 300sec but the playbook doesn't wait longer that 5-10sec. I think if this "waiting til unlock" functionality would work we wouldn't have any issues.
Here is an example what happened after adding another task with module fmgr_firewall_address6 to our playbook:
TASK [Create any ipv6 net/addr obj] **********************************************************************************************************************************************************************************************************************
failed: [xxxxxxxx] (item={u'name': u'H_1111::1', u'network': u'1111::1'}) => changed=false
ansible_loop_var: item
item:
name: H_1111::1
network: 1111::1
meta:
request_url: /pm/config/adom/TESTADOM/obj/firewall/address6/H_1111::1
response_code: -10147
response_data: []
response_message: no write permission
system_information:
Admin Domain Configuration: Enabled
BIOS version: '04000002'
Branch Point: '1435'
Build: '1435'
Current Time: Fri Nov 05 10:04:17 CET 2021
Daylight Time Saving: 'Yes'
FIPS Mode: Disabled
HA Mode: Stand Alone
Hostname: xxxxxxxxx
License Status: Valid
Major: 6
Max Number of Admin Domains: 210
Max Number of Device Groups: 210
Minor: 2
Offline Mode: Disabled
Patch: 8
Platform Full Name: FortiManager-VM64
Platform Type: FMG-VM64
Release Version Information: ' (GA)'
Serial Number: FMG-VM0A14000378
Time Zone: (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
Version: v6.2.8-build1435 210512 (GA)
x86-64 Applications: 'Yes'
rc: -10147
DenisPerricone
commented
5 months ago Same problem in our environment... Someone has a solution? i have this issue in fmgr_firewall_policy module using loop to create multiple policy. ADOM stuck locked and nothing is created.
In ansible, my task state is changed and i've no errors.
UPDATE: Resolved adding fmgr_dvmdb_workspace_commit module after fmgr_pkg_firewall_policy
In this way chages are committed and saves and the rules are created
dux-fortinet
commented
5 months ago Hi @DenisPerricone,
Just FYI, even if you don't use fmgr_dvmdb_workspace_commit, FMG Ansible Collection will do fmgr_dvmdb_workspace_commit for you automatically, but this will has 1~2 minutes delay after you apply the playbook.
So if you want to commit your change as soon as you finish all ansible tasks, adding fmgr_dvmdb_workspace_commit would be a great choice.
Thanks, Dux
Hi,
again we tried to use the new Ansible (ansible-2.9.23-1.el7.noarch centos7) modules for creating address objects in Fortimanager v6.2.8-build1435 and after you fixed something in 2.1.4 it works for single objects. If we try to create multiple objects with a loop the ADOM doesn't get unlocked and saved after the objects are created.
This issue exists at least with the modules:
Example: