Closed riccardo-roveri-labs closed 2 months ago
Hi @riccardo-roveri-labs,
Based on the error information you provided, the problem comes from fortinet.fortimanager.fmgr_dvmdb_script_execute ("/dvmdb/adom/{adom}/script/execute"), and it seems like the parameter data type is incorrect.
However, both I and my colleague can't reproduce this error. I tested it on FMG 7.2.5 and FMG 7.4.3, and I got no errors.
Please set "enable_log: true"
in your playbook, and the log data will be appended to the file /tmp/fortimanager.ansible.log
(Every time you log data, the log data will be appended to this file. So I suggest cleaning/deleting this file before you want to start a new log.)
- name: Run address script
fortinet.fortimanager.fmgr_dvmdb_script_execute:
enable_log: true # enable debug log
adom: "{{ adom }}"
access_token: "{{ access_token }}"
dvmdb_script_execute:
adom: "{{ adom }}"
script: "{{ script_create_address }}"
package: "{{ package_name }}"
Please share the log data in /tmp/fortimanager.ansible.log
so we can figure out what is the cause.
Thanks, Dux
Here is the log file you requested, i also added logging for the creare script part. I have verified that the policy package test
does exist in that adom, and i can run on that poliy package manually without any problem. Because i am testing it the adom does not have any device assigned yet.
Let me know if you need anything else, Riccardo
Hi @riccardo-roveri-labs ,
Thank you for providing this information. The argument "package" is required and should be set with an existing package name. Could you please create a package before running your execute task? Here is an example of how you can do this:
- name: Update address script
fortinet.fortimanager.fmgr_dvmdb_script:
access_token: efztmauih3o965c6wys8p99fgg494dpa
adom: "root"
state: present
dvmdb_script:
name: "script"
desc: Create address and address group in adom DB
content: "test3"
target: "adom_database"
type: "cli"
register: change_create_address
- fmgr_pm_pkg_adom:
adom: "root"
pm_pkg_adom:
name: "ansible"
type: "pkg"
- name: Run address script
fortinet.fortimanager.fmgr_dvmdb_script_execute:
adom: "root"
dvmdb_script_execute:
adom: "root"
script: "script"
package: "ansible"
Thanks, Maxx
Hi @riccardo-roveri-labs,
I tried to mimic the environment you used, including using FMG 7.2.5, logging in with access_token, using the same playbook and same scripts, etc.
My log file is basically exactly like your log file, except the request: {"method": "exec", "params": [{"url": "/dvmdb/adom/root/script/execute", "data": {"adom": "root", "package": "test", "script": "create_address"}}], "session": null, "id": 8, "verbose": 1}
I got
response: {
"result": [
{
"data": {
"task": 18
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/dvmdb/adom/root/script/execute"
}
],
"id": 8
while in your log file, it is
response: {
"result": [
{
"status": {
"code": -10,
"message": "The data is invalid for selected url"
},
"url": "/dvmdb/adom/root/script/execute"
}
],
"id": 8
}
Every JSON request in my log file is exactly like your log file.
So I guess maybe there is something wrong with the "test" package, or there is some imperceptible difference between our FMGs.
Will you get an error if you change the package_name
from "test" to "default"?
Thanks, Dux
Hi @dux-fortinet, i already tried that and did not work, but i will retry and attach the log file. Is there any way to have more detailed logs on the actual request that is making and having more detailed log from the fortimanager side?
I can try to open a TAC to fortigate but i need more detail to demonstrate that is not an ansible related problem.
Thanks, Riccardo
Hi @riccardo-roveri-labs,
Here is my log file. github86.log
(FMG 7.2.5, logging in with access_token, using the playbook you provided, using port 1239. I even created an adom 'test' since your FMG also has an adom name 'test' according to your log file.)
For FMG Ansible, everything we need is in the log file. FMG Ansible converts the playbook into 8 JSON requests and sends them to FMG. These 8 requests in your and my log files are exactly the same, but the response of last request is different. So I think this is not an ansible related problem.
For FMG, please go to System Settings->Event Log
Please feel free to let us know if you have any questions.
All the best, Dux
Hi @dux-fortinet,
thanks for your help, it is evident that is not a problem in ansible. I will create a TAC with fortinet to further investigate this issue.
All the best, Riccardo
When running the following playbook
I get the following error
When running in an earlier version of the 7.2 of fortimanager it seed to work.
Here is the versions used: