When upgrading the FortiGate firmware on a ha cluster via the following play, we get a 401 Unauthorized in the second task:
- name: "Try upgrade"
fortinet.fortios.fortios_monitor:
selector: "upgrade.system.firmware"
params:
source: "fortiguard"
filename: "{{ firmware_target.id }}"
register: upgrade_data
ignore_errors: true # set to true as the play should proceed
- name: "Wait and check if upgrade was successful"
fortios_monitor_fact:
selector: 'system_firmware'
register: firmware_result
until:
- "firmware_result is not failed"
- "firmware_result.meta.results.current.version == target_version"
retries: 15
delay: 20
Error:
fatal: [123.123.123.123]: FAILED! => {
"attempts": 15,
"changed": false,
"invocation": {
"module_args": {
"access_token": null,
"enable_log": false,
"filters": null,
"formatters": null,
"params": null,
"selector": "system_firmware",
"selectors": null,
"sorters": null,
"vdom": "root"
}
},
"meta": {
"http_status": 401,
"raw": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>401 Unauthorized</title>\n</head><body>\n<h1>Unauthorized</h1>\n<p>This server could not verify that you\nare authorized to access the document\nrequested. Either you supplied the wrong\ncredentials (e.g., bad password), or your\nbrowser doesn't understand how to supply\nthe credentials required.</p>\n<p>Additionally, a 401 Unauthorized\nerror was encountered while trying to use an ErrorDocument to handle the request.</p>\n</body></html>\n"
},
"msg": "Error in repo"
}
This seems to happen, as the failover/reboot of the units will invalidate the authentication token. Unfortunately no reauthentication is happen here.
Resetting the connection between both tasks via ansible.builtin.meta: reset_connection isnt working either.
This applies only, if authentication is done via user/password. In a playbook, where user/password or access token is used for triggering the upgrade and then switch to access token based auth for checking if the upgrade was successful, everything works fine.
When upgrading the FortiGate firmware on a ha cluster via the following play, we get a 401 Unauthorized in the second task:
Error:
This seems to happen, as the failover/reboot of the units will invalidate the authentication token. Unfortunately no reauthentication is happen here.
Resetting the connection between both tasks via
ansible.builtin.meta: reset_connection
isnt working either.This applies only, if authentication is done via user/password. In a playbook, where user/password or access token is used for triggering the upgrade and then switch to access token based auth for checking if the upgrade was successful, everything works fine.