search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
84 stars 48 forks source link

Ansible 6.x.x, exception, Please provide access token or username/password to login #199

Closed nklerk closed 8 months ago

nklerk commented 2 years ago

After upgrading Ansible to 6.3.0 the fortinet.fortios can't connect to the fortigate API. I tested the following playbook to work on Ansible 5.7.1 and 5.10.0. and not to work on 6.0.0, 6.1.0 and 6.2.0

Collection version(s):

ansible-galaxy collection list | grep forti
community.fortios        1.0.0
fortinet.fortios         2.1.7

The playbook I use to test with.

- name: Grab facts
  hosts:
    10.6.1.1
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortios
  vars:
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no
    ansible_httpapi_port: 8443
    ansible_user: "admin"
    ansible_ssh_pass: "*************"
    vdom: "root"
    ansible_network_os: fortinet.fortios.fortios

  tasks:
  - name: Print ansible user and pw defaulting to None to avoid undefined error
    debug:
      msg: "USER: {{ ansible_user | default(None) }}, PW: {{ ansible_password | default(None) }}"

  - name: Get multiple selectors info concurrently
    fortios_configuration_fact:
      selectors:
        - selector: system_global
    register: fortifacts

Error message on task2:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Please provide access token or username/password to login
fatal: [10.6.1.1]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/username/.ansible/tmp/ansible-local-7800wic36neb/ansible-tmp-1662718787.5440533-7829-173423437539430/AnsiballZ_fortios_configuration_fact.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/username/.ansible/tmp/ansible-local-7800wic36neb/ansible-tmp-1662718787.5440533-7829-173423437539430/AnsiballZ_fortios_configuration_fact.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/username/.ansible/tmp/ansible-local-7800wic36neb/ansible-tmp-1662718787.5440533-7829-173423437539430/AnsiballZ_fortios_configuration_fact.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_configuration_fact', init_globals=dict(_module_fqn='ansible_collections.fortinet.fortios.plugins.modules.fortios_configuration_fact', _modlib_path=modlib_path),\n  File \"/usr/lib/python3.8/runpy.py\", line 207, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.8/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib/python3.8/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_fortios_configuration_fact_payload_59zjcngi/ansible_fortios_configuration_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py\", line 6049, in <module>\n  File \"/tmp/ansible_fortios_configuration_fact_payload_59zjcngi/ansible_fortios_configuration_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py\", line 6015, in main\n  File \"/tmp/ansible_fortios_configuration_fact_payload_59zjcngi/ansible_fortios_configuration_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py\", line 4538, in fortios_configuration_fact\n  File \"/tmp/ansible_fortios_configuration_fact_payload_59zjcngi/ansible_fortios_configuration_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py\", line 548, in get\n  File \"/tmp/ansible_fortios_configuration_fact_payload_59zjcngi/ansible_fortios_configuration_fact_payload.zip/ansible/module_utils/connection.py\", line 200, in __rpc__\nansible.module_utils.connection.ConnectionError: Please provide access token or username/password to login\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Versions working:

MaxxLiu22 commented 2 years ago

Hi @nklerk ,

Thank you for raising this issue, I will report it to development team for further investigation. From the error msg, that wants you to provide access token to access FGT. My suggestion is create a API user and generate an access token on FGT, then use this token to access FGT via Ansible,

- name: Grab facts
  hosts: all
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortios
  vars:
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no
    ansible_httpapi_port: 443
    ansible_user: "admin"
    ansible_ssh_pass: "*************"
    vdom: "root"
    ansible_network_os: fortinet.fortios.fortios

  tasks:
  - name: Print ansible user and pw defaulting to None to avoid undefined error
    debug:
      msg: "USER: {{ ansible_user | default(None) }}, PW: {{ ansible_password | default(None) }}"

  - name: Get multiple selectors info concurrently
    fortios_configuration_fact:
      access_token: "xx737Q94bh5tw0qhQhtQngmdf8xtGy"   // generated by FGT in advance
      selectors:
        - selector: system_global
    register: fortifacts

this code works well on my ansible 6.2.0

Thanks, Maxx

MaxxLiu22 commented 2 years ago

or you can change "ansible_ssh_pass" to "ansible_password", that would also work.

- name: Grab facts
  hosts: all
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortios
  vars:
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no
    ansible_httpapi_port: 443
    ansible_user: "admin"
    ansible_password: "psw"
    vdom: "root"
    ansible_network_os: fortinet.fortios.fortios

  tasks:
  - name: Print ansible user and pw defaulting to None to avoid undefined error
    debug:
      msg: "USER: {{ ansible_user | default(None) }}, PW: {{ ansible_password | default(None) }}"

  - name: Get multiple selectors info concurrently
    fortios_configuration_fact:
      selectors:
        - selector: system_global
    register: fortifacts

Thanks, Maxx

JieX19 commented 1 year ago

Hi @nklerk,

The error indicates that you need to provide a valid access_token or username/password to log into the fortigate device. We highly recommend using access_token to log into a fortigate device. Maxx has provided an example.

I wonder which collection version you used when using Ansible 5. Did you still use fortiOS Collection 2.1.7?

Thanks, Jie

JieX19 commented 8 months ago

Hi @nklerk

I will close this issue as it's been a while and no further updates or responses have been received, indicating that the matter has likely been resolved or is no longer active. If you have any further questions or concerns, please feel free to reopen the ticket or create a new one.