search

fortinet-ansible-dev / ansible-galaxy-fortimanager-collection

GNU General Public License v3.0
16 stars 15 forks source link

Device upgrade using fmgr_um_image_upgrade_ext does not create a task #90

Open cr0cdev opened 3 days ago

cr0cdev commented 3 days ago

Hi!

I'm testing device upgrade using fmgr_um_image_upgrade_ext module and it is not creating a task and when looking at the API call in GUI it shows that it also sends adom parameter when upgrade is initiated via GUI. Here is the task:

- name: Test firmware upgrade on device
  fortinet.fortimanager.fmgr_um_image_upgrade_ext:
    workspace_locking_adom: "{{ adom_name | lower }}"
    um_image_upgrade_ext:
      create_task: enable
      device:
        -
          name: "{{ device_name | lower }}"
          vdom: "{{ device_vdom }}"
      flags: f_skip_multi_steps
      image: "7.2.9-b1688-GA"

Returns:

changed: [fortimanager01] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "access_token": null,
            "bypass_validation": true,
            "enable_log": false,
            "forticloud_access_token": null,
            "rc_failed": null,
            "rc_succeeded": null,
            "um_image_upgrade_ext": {
                "device": [
                    {
                        "name": "fgt40f",
                        "vdom": "root"
                    }
                ],
                "flags": "f_skip_multi_steps",
                "image": "7.2.9-b1688-GA"
            },
            "workspace_locking_adom": "test",
            "workspace_locking_timeout": 300
        }
    },
    "meta": {
        "request_url": "/um/image/upgrade/ext",
        "response_code": 0,
        "response_data": {
            "key": "adom0_1727270799-505474672",
            "status": "unknown",
            "taskid": 0
        },
        "response_message": "OK",
        "system_information": {
            "Admin Domain Configuration": "Enabled",
            "BIOS version": "04000002",
            "Branch Point": "1633",
            "Build": "1633",
            "Current Time": "Wed Sep 25 16:26:39 EEST 2024",
            "Daylight Time Saving": "Yes",
            "FIPS Mode": "Disabled",
            "HA Mode": "Stand Alone",
            "Hostname": "FMG",
            "License Status": "Valid",
            "Major": 7,
            "Max Number of Admin Domains": 2,
            "Max Number of Device Groups": 3,
            "Minor": 2,
            "Offline Mode": "Disabled",
            "Patch": 7,
            "Platform Full Name": "FortiManager-VM64-HV",
            "Platform Type": "FMG-VM64-HV",
            "Release Version Information": " (GA)",
            "Serial Number": "FMG-",
            "TZ": "Europe/Helsinki",
            "Time Zone": "(GMT+2:00) Helsinki, Riga,Tallinn.",
            "Version": "v7.2.7-build1633 240821 (GA)",
            "x86-64 Applications": "Yes"
        }
    },
    "rc": 0
}

No task is created for the device upgrade. When I add bypass_validation: true and adom: "{{ adom_name | lower }}" under um_image_upgrade_ext then the task returns no devices as status under response_data: Task:

- name: Test firmware upgrade on device
  fortinet.fortimanager.fmgr_um_image_upgrade_ext:
    workspace_locking_adom: "{{ adom_name | lower }}"
    bypass_validation: true
    um_image_upgrade_ext:
      adom: "{{ adom_name | lower }}"
      create_task: "enable"
      device:
        -
          name: "{{ device_name | lower }}"
          vdom: "{{ device_vdom }}"
      flags: f_skip_multi_steps
      image: "7.2.9-b1688-GA"

Response:

changed: [fortimanager01] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "access_token": null,
            "bypass_validation": true,
            "enable_log": false,
            "forticloud_access_token": null,
            "rc_failed": null,
            "rc_succeeded": null,
            "um_image_upgrade_ext": {
                "adom": "test",
                "device": "fgt40f",
                "flags": "f_skip_multi_steps",
                "image": "7.2.9-b1688-GA"
            },
            "workspace_locking_adom": "test",
            "workspace_locking_timeout": 300
        }
    },
    "meta": {
        "request_url": "/um/image/upgrade/ext",
        "response_code": 0,
        "response_data": {
            "key": "adom218_1727270839-1283751453",
            "status": "No devices",
            "taskid": 0
        },
        "response_message": "OK",
        "system_information": {
            "Admin Domain Configuration": "Enabled",
            "BIOS version": "04000002",
            "Branch Point": "1633",
            "Build": "1633",
            "Current Time": "Wed Sep 25 16:27:19 EEST 2024",
            "Daylight Time Saving": "Yes",
            "FIPS Mode": "Disabled",
            "HA Mode": "Stand Alone",
            "Hostname": "FMG",
            "License Status": "Valid",
            "Major": 7,
            "Max Number of Admin Domains": 2,
            "Max Number of Device Groups": 3,
            "Minor": 2,
            "Offline Mode": "Disabled",
            "Patch": 7,
            "Platform Full Name": "FortiManager-VM64-HV",
            "Platform Type": "FMG-VM64-HV",
            "Release Version Information": " (GA)",
            "Serial Number": "FMG-",
            "TZ": "Europe/Helsinki",
            "Time Zone": "(GMT+2:00) Helsinki, Riga,Tallinn.",
            "Version": "v7.2.7-build1633 240821 (GA)",
            "x86-64 Applications": "Yes"
        }
    },
    "rc": 0
}

Now if I use the older module which uses the older API endpoint everything works as expected. The upgrade task is created under FortiManager and the device is being upgraded. Task:

- name: Test firmware upgrade on device
  fortinet.fortimanager.fmgr_um_image_upgrade:
    workspace_locking_adom: "{{ adom_name | lower }}"
    bypass_validation: true
    um_image_upgrade:
      adom: "{{ adom_name | lower }}"
      create_task: enable
      device:
        -
          name: "{{ device_name | lower }}"
          vdom: "{{ device_vdom }}"
      flags: f_skip_retrieve
      image:
        build: b1688
        release: 7.2.9

Response:

changed: [fortimanager01] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "access_token": null,
            "bypass_validation": true,
            "enable_log": false,
            "forticloud_access_token": null,
            "rc_failed": null,
            "rc_succeeded": null,
            "um_image_upgrade": {
                "adom": "test",
                "create_task": "enable",
                "device": [
                    {
                        "name": "fgt40f",
                        "vdom": "root"
                    }
                ],
                "flags": "f_skip_retrieve",
                "image": {
                    "build": "b1688",
                    "release": "7.2.9"
                }
            },
            "workspace_locking_adom": "test",
            "workspace_locking_timeout": 300
        }
    },
    "meta": {
        "request_url": "/um/image/upgrade",
        "response_code": 0,
        "response_data": {
            "key": "adom218_1727271012-1337589202",
            "status": "success",
            "taskid": 2399
        },
        "response_message": "OK",
        "system_information": {
            "Admin Domain Configuration": "Enabled",
            "BIOS version": "04000002",
            "Branch Point": "1633",
            "Build": "1633",
            "Current Time": "Wed Sep 25 16:30:12 EEST 2024",
            "Daylight Time Saving": "Yes",
            "FIPS Mode": "Disabled",
            "HA Mode": "Stand Alone",
            "Hostname": "FMG",
            "License Status": "Valid",
            "Major": 7,
            "Max Number of Admin Domains": 2,
            "Max Number of Device Groups": 3,
            "Minor": 2,
            "Offline Mode": "Disabled",
            "Patch": 7,
            "Platform Full Name": "FortiManager-VM64-HV",
            "Platform Type": "FMG-VM64-HV",
            "Release Version Information": " (GA)",
            "Serial Number": "FMG-",
            "TZ": "Europe/Helsinki",
            "Time Zone": "(GMT+2:00) Helsinki, Riga,Tallinn.",
            "Version": "v7.2.7-build1633 240821 (GA)",
            "x86-64 Applications": "Yes"
        }
    },
    "rc": 0
}
dux-fortinet commented 3 days ago

Hi @cr0cdev,

Thanks for your detailed explanation!

The API schema of "/um/image/upgrade/ext" in FNDN is outdated. The possible JSON request format should be:

{
    "method": "exec",
    "params": [
        {
            "url": "/um/image/upgrade/ext",
            "data": {
                "devices": [{
                    "image": "7.2.9-b1688",
                    "name": "YOUR_DEVICE_NAME"
                }],
                "create_task": "enable",
                // "flags": <a number> // must be given in numeric code, see flags number below.
                "adom": "root"
            }
        }
    ],
    "session": "{{fortimanager_session}}",
    "id": 6,
    "verbose": 1
}
Flags number:
"f_boot_alt_partition" : 1
"f_skip_retrieve"  : 2
"f_skip_multi_steps" : 4
"f_skip_fortiguard_img" : 8
"f_preview" : 16

The GUI still uses the older API endpoint "/um/image/upgrade/". For now, please still use fortinet.fortimanager.fmgr_um_image to upgrade images.

I will update "fmgr_um_image_ext" once its API is updated in FNDN.

Thanks, Dux