alagoutte
commented
1 year ago it is not the same issue like https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/197 ?
Closed oghoneim closed 1 year ago
alagoutte
commented
1 year ago it is not the same issue like https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/197 ?
oghoneim
commented
1 year ago I don't think it's the same. Debugging the httpsd on the fortigate shows that the ansible module is trying to use http PUT to create a new admin user but according to the API documentation the correct HTTP method to create a new user is POST:
[httpsd 14286 - 1664564345 info] fweb_debug_final[248] -- Completed GET request for "/api/v2/cmdb/system/interface" (HTTP 200 OK) [httpsd 14287 - 1664564345 info] fweb_debug_init[343] -- New PUT request for "/api/v2/cmdb/system/admin/someUser" from "1.2.3.4:2852" [httpsd 14287 - 1664564345 info] fweb_debug_init[344] -- User-Agent: "Python-urllib/3.10" [httpsd 14287 - 1664564345 info] fweb_debug_init[346] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 14287 - 1664564345 warning] api_access_check_for_api_key[969] -- API Key request authorized for admin_api from 1.2.3.4. [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'vdom' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'access_token' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'accprofile' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'accprofile-override' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'name' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'password' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'remote-auth' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'remote-group' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'sms-server' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'two-factor' (type=string) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'vdom' (type=array) [httpsd 14287 - 1664564345 info] api_store_parameter[248] -- add API parameter 'wildcard' (type=string) [httpsd 14287 - 1664564345 info] handle_cli_req_v2_vdom[2405] -- new CMDB API request (vdom='root',user='admin_api') [httpsd 14287 - 1664564345 info] api_cmdb_request_init_by_path[1563] -- new CMDB query (path='system',name='admin') [httpsd 14287 - 1664564345 info] api_cmdb_request_init_by_path[1592] -- querying CMDB entry (mkey='someUser') [httpsd 14287 - 1664564345 info] api_cmdb_request_init_by_path[1596] -- unable to find 'leec' in table 'system.admin' [httpsd 14287 - 1664564345 error] _api_cmdb_v2_config[1198] -- Object with mkey someUser not found and allow_append flag not set [httpsd 14287 - 1664564345 warning] api_return_http_result[757] -- API error 404 raised
alagoutte
commented
1 year ago The issue coming from state : present
you considered there is already the user
try
state: create
After quick look, there is not create state... :-/
lix-fortinet
commented
1 year ago Hi @oghoneim,
Thank you for raising this issue. It should have another POST operation if the PUT operation failed. Could you check whether the diagnose info has POST log after PUT? Also, could you let me know the output of the error message of Ansible request by adding -vvv option? By the way, please let me know the Ansible FortiOS collection version you are using.
Thanks, Xing
oghoneim
commented
1 year ago Hi Xing, Thanks for clarifying i did another quick test and found out the root cause was that the api account did not have super_admin privilege so i think it's similar to #197 . Now it works with state: present
I'm using Ansible FortiOS collection 2.1.7
Thanks for all the help
When trying to create an admin user using ansible the operation fails. By check the https requests on the fortigate it seems the ansible module is doing a PUT operation instead of a POST: