search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
84 stars 48 forks source link

Problem inserting prefix-list6 in Fortinet #211

Closed cardosocristian closed 1 year ago

cardosocristian commented 1 year ago

Hi I'm using the module fortios_router_prefix_list6 and after running the playbook, the values "ge" and "le" despite being written in the playbook, in the execution and insertion in Fortinet, they are simply not inserted and where they already existed, they are deleted.

Fortinet 2600f firmware version:

v6.4.9,build1966,220421 (GA)

Ansible version

ansible 2.10.17
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/local/share/py38-ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.8.15 (default, Oct 16 2022, 01:12:57) [Clang 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a

Ansible Collection:

Collection        Version
----------------- -------
ansible.netcommon 2.6.1
ansible.utils     2.5.2
fortinet.fortios  2.1.6

Playbook:

- hosts: 2600f
  collections:
   - fortinet.fortios
  connection: httpapi
  vars:
   vdom: root
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Criando Prefix-list6 /48
    fortios_router_prefix_list6:
      state: present
      vdom: Externa
      router_prefix_list6:
        name: "PREFIXOS-v6-48"
        rule:
         - action: "permit"
           ge: "48"
           le: "48"
           id:  "1"
           prefix6: "2001:DB8::/32"
         - action: "deny"
           id: "99"

  - name: Criando prefix-list6 /32
    fortios_router_prefix_list6:
      state: present
      vdom: Externa
      router_prefix_list6:
        name: "PREFIXOS-v6-GLOBAL"
        rule:
         - action: "permit"
           id:  "1"
           prefix6: "2001:DB8::/32"
         - action: "deny"
           id: "99"

  - name: Criando prefix-list6 /34
    fortios_router_prefix_list6:
      state: present
      vdom: Externa
      router_prefix_list6:
        name: "PREFIXOS-v6-34"
        rule:
         - action: "permit"
           ge: "34"
           le: "34"
           id:  "1"
           prefix6: "2001:DB8::/32"
         - action: "deny"
           id: "99"

  - name: Criando prefix-list6 /36
    fortios_router_prefix_list6:
      state: present
      vdom: Externa
      router_prefix_list6:
        name: "PREFIXOS-v6-36"
        rule:
         - action: "permit"
           ge: "36"
           le: "36"
           id:  "1"
           prefix6: "2001:DB8::/32"
         - action: "deny"
           id: "99"

  - name: Criando prefix-list6 /64
    fortios_router_prefix_list6:
      state: present
      vdom: Externa
      router_prefix_list6:
        name: "PREFIXOS-v6-VPN"
        rule:
         - action: "permit"
           ge: "64"
           le: "64"
           id:  "1"
           prefix6: "2001:DB8::/48"
         - action: "deny"
           id: "99"

These lists of IPv6 prefixes already existed in the equipment and were active, only inserted via playbook the last list of prefixes called PREFIXES, after running the playbook, with or without this new insertion, the values "ge" and "le" are removed, I believe that this is a bug.

This problem occurs in a similar way in the module fortios_router_route_map where the prefix-list6 in the field "match-ip6-address" is empty, even though it already existed in the device previously.

MaxxLiu22 commented 1 year ago

Hi @cardosocristian ,

Thank you for raising this issue and sorry for any inconvenience, we do have this issue on collection fortinet.fortios 2.1.6, but we have fixed it on the latest version. My suggestion is upgrade fortinet.fortios to 2.2.0 by running ansible-galaxy collection install fortinet.fortios:2.2.0, if you still have this issue, please let me know.

Thanks, Maxx

cardosocristian commented 1 year ago

Hi @MaxxLiu22

I updated to the mentioned version and the problems I reported no longer occurred, thank you very much for your help. Is there somewhere I can monitor when a newer version of the module comes out?

MaxxLiu22 commented 1 year ago

Hi @cardosocristian ,

So glad to hear that works, we have some latest version docs listed here Ansible Galaxy FortiOS Collection Documentation 2.2.0, I am afraid there is no way to only monitor a module's change.

Thanks, Maxx

cardosocristian commented 1 year ago

Ok, thanks.