search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
84 stars 48 forks source link

HTTP 403 errors since upgrade to 7.2.4 #232

Closed slazer2au closed 1 year ago

slazer2au commented 1 year ago

Since we upgraded a FortiGate to 7.2.4 we are getting HTTP 403 errors with all modules that change configuration.

Ansible version

ansible [core 2.14.1]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/demo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/demo/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/demo/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/demo/.local/bin/ansible
  python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Fortinet.FortiOS version

ansible-galaxy collection list

# /home/demo/.ansible/collections/ansible_collections
Collection            Version
--------------------- -------
ansible.netcommon     4.1.0
ansible.utils         2.9.0
cisco.asa             2.1.0
cisco.ios             4.2.0
fortinet.fortimanager 2.1.5
fortinet.fortios      2.2.2

Host file

[demo]
demo-fgt-p01 ansible_host=192.168.2.7

[demo:vars]
ansible_user=ansible
ansible_httpapi_password=admin

Playbook

---
- hosts: demo
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortios
  vars:
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no
    ansible_httpapi_port: 443
    vdom: "root"
    ansible_network_os: fortinet.fortios.fortios
  tasks:
  - name: System Global configuration
    tags: global
    fortios_system_global:
      system_global:
        admintimeout: 400

Running the playbook ansible-playbook demo.yml -i hosts -vvv -t global

PLAYBOOK: demo_fortigate.yml ***************************************************************************************************************************************1 plays in demo_fortigate.yml

PLAY [demo] ********************************************************************************************************************************************************
TASK [System Global configuration] *********************************************************************************************************************************task path: /mnt/c/Users/demo/Ansible/wshd/demo_fortigate.yml:20
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<192.168.2.7> ESTABLISH LOCAL CONNECTION FOR USER: demo
<192.168.2.7> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/demo/.ansible/tmp/ansible-local-1513obwl7d19 `"&& mkdir "` echo /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/ansible-tmp-1677160023.4951086-1518-240398256957818 `" && echo ansible-tmp-1677160023.4951086-1518-240398256957818="` echo /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/ansible-tmp-1677160023.4951086-1518-240398256957818 `" ) && sleep 0'
Using module file /home/demo/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_global.py
<192.168.2.7> PUT /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/tmpb4opcvcv TO /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/ansible-tmp-1677160023.4951086-1518-240398256957818/AnsiballZ_fortios_system_global.py
<192.168.2.7> EXEC /bin/sh -c 'chmod u+x /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/ansible-tmp-1677160023.4951086-1518-240398256957818/ /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/ansible-tmp-1677160023.4951086-1518-240398256957818/AnsiballZ_fortios_system_global.py && sleep 0'
<192.168.2.7> EXEC /bin/sh -c '/usr/bin/python3 /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/ansible-tmp-1677160023.4951086-1518-240398256957818/AnsiballZ_fortios_system_global.py && sleep 0'
<192.168.2.7> EXEC /bin/sh -c 'rm -f -r /home/demo/.ansible/tmp/ansible-local-1513obwl7d19/ansible-tmp-1677160023.4951086-1518-240398256957818/ > /dev/null 2>&1 && sleep 0'
fatal: [demo-fgt-p01]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": false,
            "member_path": null,
            "member_state": null,
            "system_global": {
                "admin_concurrent": null,
                "admin_console_timeout": null,
                "admin_forticloud_sso_login": null,
                "admin_host": null,
                "admin_hsts_max_age": null,
                "admin_https_pki_required": null,
                "admin_https_redirect": null,
                "admin_https_ssl_banned_ciphers": null,
                "admin_https_ssl_ciphersuites": null,
                "admin_https_ssl_versions": null,
                "admin_lockout_duration": null,
                "admin_lockout_threshold": null,
                "admin_login_max": null,
                "admin_maintainer": null,
                "admin_port": null,
                "admin_restrict_local": null,
                "admin_scp": null,
                "admin_server_cert": null,
                "admin_sport": null,
                "admin_ssh_grace_time": null,
                "admin_ssh_password": null,
                "admin_ssh_port": null,
                "admin_ssh_v1": null,
                "admin_telnet": null,
                "admin_telnet_port": null,
                "admintimeout": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "alias": null,
                "allow_traffic_redirect": null,
                "anti_replay": null,
                "arp_max_entry": null,
                "asymroute": null,
                "auth_cert": null,
                "auth_http_port": null,
                "auth_https_port": null,
                "auth_ike_saml_port": null,
                "auth_keepalive": null,
                "auth_session_limit": null,
                "auto_auth_extension_device": null,
                "autorun_log_fsck": null,
                "av_affinity": null,
                "av_failopen": null,
                "av_failopen_session": null,
                "batch_cmdb": null,
                "block_session_timer": null,
                "br_fdb_max_entry": null,
                "cert_chain_max": null,
                "cfg_revert_timeout": null,
                "cfg_save": null,
                "check_protocol_header": null,
                "check_reset_range": null,
                "cli_audit_log": null,
                "cloud_communication": null,
                "clt_cert_req": null,
                "cmdbsvr_affinity": null,
                "compliance_check": null,
                "compliance_check_time": null,
                "cpu_use_threshold": null,
                "csr_ca_attribute": null,
                "daily_restart": null,
                "default_service_source_port": null,
                "device_identification_active_scan_delay": null,
                "device_idle_timeout": null,
                "dh_params": null,
                "dnsproxy_worker_count": null,
                "dst": null,
                "early_tcp_npu_session": null,
                "edit_vdom_prompt": null,
                "endpoint_control_fds_access": null,
                "endpoint_control_portal_port": null,
                "extender_controller_reserved_network": null,
                "failtime": null,
                "faz_disk_buffer_size": null,
                "fds_statistics": null,
                "fds_statistics_period": null,
                "fec_port": null,
                "fgd_alert_subscription": null,
                "forticarrier_bypass": null,
                "fortiextender": null,
                "fortiextender_data_port": null,
                "fortiextender_discovery_lockdown": null,
                "fortiextender_provision_on_authorization": null,
                "fortiextender_vlan_mode": null,
                "fortiipam_integration": null,
                "fortiservice_port": null,
                "fortitoken_cloud": null,
                "gui_allow_default_hostname": null,
                "gui_app_detection_sdwan": null,
                "gui_cdn_usage": null,
                "gui_certificates": null,
                "gui_custom_language": null,
                "gui_date_format": null,
                "gui_date_time_source": null,
                "gui_device_latitude": null,
                "gui_device_longitude": null,
                "gui_display_hostname": null,
                "gui_firmware_upgrade_warning": null,
                "gui_forticare_registration_setup_warning": null,
                "gui_fortigate_cloud_sandbox": null,
                "gui_fortiguard_resource_fetch": null,
                "gui_fortisandbox_cloud": null,
                "gui_ipv6": null,
                "gui_lines_per_page": null,
                "gui_local_out": null,
                "gui_replacement_message_groups": null,
                "gui_rest_api_cache": null,
                "gui_theme": null,
                "gui_wireless_opensecurity": null,
                "gui_workflow_management": null,
                "ha_affinity": null,
                "honor_df": null,
                "hostname": null,
                "igmp_state_limit": null,
                "internet_service_database": null,
                "interval": null,
                "ip_fragment_mem_thresholds": null,
                "ip_src_port_range": null,
                "ips_affinity": null,
                "ipsec_asic_offload": null,
                "ipsec_ha_seqjump_rate": null,
                "ipsec_hmac_offload": null,
                "ipsec_round_robin": null,
                "ipsec_soft_dec_async": null,
                "ipv6_accept_dad": null,
                "ipv6_allow_anycast_probe": null,
                "ipv6_allow_local_in_slient_drop": null,
                "ipv6_allow_multicast_probe": null,
                "ipv6_allow_traffic_redirect": null,
                "irq_time_accounting": null,
                "language": null,
                "ldapconntimeout": null,
                "lldp_reception": null,
                "lldp_transmission": null,
                "log_ssl_connection": null,
                "log_uuid": null,
                "log_uuid_address": null,
                "log_uuid_policy": null,
                "login_timestamp": null,
                "long_vdom_name": null,
                "management_ip": null,
                "management_port": null,
                "management_port_use_admin_sport": null,
                "management_vdom": null,
                "max_dlpstat_memory": null,
                "max_route_cache_size": null,
                "mc_ttl_notchange": null,
                "memory_use_threshold_extreme": null,
                "memory_use_threshold_green": null,
                "memory_use_threshold_red": null,
                "miglog_affinity": null,
                "miglogd_children": null,
                "multi_factor_authentication": null,
                "multicast_forward": null,
                "ndp_max_entry": null,
                "per_user_bal": null,
                "per_user_bwl": null,
                "pmtu_discovery": null,
                "policy_auth_concurrent": null,
                "post_login_banner": null,
                "pre_login_banner": null,
                "private_data_encryption": null,
                "proxy_auth_lifetime": null,
                "proxy_auth_lifetime_timeout": null,
                "proxy_auth_timeout": null,
                "proxy_cert_use_mgmt_vdom": null,
                "proxy_cipher_hardware_acceleration": null,
                "proxy_hardware_acceleration": null,
                "proxy_kxp_hardware_acceleration": null,
                "proxy_re_authentication_mode": null,
                "proxy_resource_mode": null,
                "proxy_worker_count": null,
                "radius_port": null,
                "reboot_upon_config_restore": null,
                "refresh": null,
                "remoteauthtimeout": null,
                "reset_sessionless_tcp": null,
                "restart_time": null,
                "revision_backup_on_logout": null,
                "revision_image_auto_backup": null,
                "scanunit_count": null,
                "security_rating_result_submission": null,
                "security_rating_run_on_schedule": null,
                "send_pmtu_icmp": null,
                "snat_route_change": null,
                "special_file_23_support": null,
                "speedtest_server": null,
                "split_port": null,
                "ssd_trim_date": null,
                "ssd_trim_freq": null,
                "ssd_trim_hour": null,
                "ssd_trim_min": null,
                "ssd_trim_weekday": null,
                "ssh_cbc_cipher": null,
                "ssh_enc_algo": null,
                "ssh_hmac_md5": null,
                "ssh_kex_algo": null,
                "ssh_kex_sha1": null,
                "ssh_mac_algo": null,
                "ssh_mac_weak": null,
                "ssl_min_proto_version": null,
                "ssl_static_key_ciphers": null,
                "sslvpn_cipher_hardware_acceleration": null,
                "sslvpn_ems_sn_check": null,
                "sslvpn_kxp_hardware_acceleration": null,
                "sslvpn_max_worker_count": null,
                "sslvpn_plugin_version_check": null,
                "strict_dirty_session_check": null,
                "strong_crypto": null,
                "switch_controller": null,
                "switch_controller_reserved_network": null,
                "sys_perf_log_interval": null,
                "tcp_halfclose_timer": null,
                "tcp_halfopen_timer": null,
                "tcp_option": null,
                "tcp_rst_timer": null,
                "tcp_timewait_timer": null,
                "tftp": null,
                "timezone": null,
                "tp_mc_skip_policy": null,
                "traffic_priority": null,
                "traffic_priority_level": null,
                "two_factor_email_expiry": null,
                "two_factor_fac_expiry": null,
                "two_factor_ftk_expiry": null,
                "two_factor_ftm_expiry": null,
                "two_factor_sms_expiry": null,
                "udp_idle_timer": null,
                "url_filter_affinity": null,
                "url_filter_count": null,
                "user_device_store_max_devices": null,
                "user_device_store_max_unified_mem": null,
                "user_device_store_max_users": null,
                "user_server_cert": null,
                "vdom_admin": null,
                "vdom_mode": null,
                "vip_arp_range": null,
                "virtual_server_count": null,
                "virtual_server_hardware_acceleration": null,
                "wad_affinity": null,
                "wad_csvc_cs_count": null,
                "wad_csvc_db_count": null,
                "wad_memory_change_granularity": null,
                "wad_source_affinity": null,
                "wad_worker_count": null,
                "wifi_ca_certificate": null,
                "wifi_certificate": null,
                "wimax_4g_usb": null,
                "wireless_controller": null,
                "wireless_controller_port": null
            },
            "vdom": "root"
        }
    },
    "meta": {
        "build": 1396,
        "http_method": "PUT",
        "http_status": 403,
        "name": "global",
        "path": "system",
        "serial": "FGVM1VTM22005947",
        "status": "error",
        "vdom": "root",
        "version": "v7.2.4"
    },
    "msg": "Error in repo"
}

PLAY RECAP *********************************************************************************************************************************************************
demo-fgt-p01               : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Running a debug on the FortiGate 

demo-fgt-p01 # diagnose debug enable

demo-fgt-p01 # diagnose debug cli 8
Debug messages will be on for 30 minutes.

demo-fgt-p01 # diagnose debug application httpsd -1
Debug messages will be on for 30 minutes.

demo-fgt-p01 # [httpsd 4970 - 1677161807     info] fweb_debug_init[416] -- New POST request for "/logincheck" from "10.241.8.4:33798"
[httpsd 4970 - 1677161807     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.6"
[httpsd 4970 - 1677161807     info] fweb_debug_init[420] -- Handler "logincheck-handler" assigned to request
[httpsd 4970 - 1677161807     info] logincheck_handler[422] -- entering vdom for login_attempt (vdom='root')
[httpsd 4970 - 1677161807     info] logincheck_handler[524] -- login attempt OK, VDOM updated to 'root'
[httpsd 4970 - 1677161807     info] logincheck_handler[530] -- login_attempt (method=5, vdom='root', name='ansible',admin_name='ansible', auth_svr='')
[httpsd 4970 - 1677161807     info] output_response[58] -- sent response (status='1', buf='document.location="/prompt?viewOnly&redir=%2F";
')
[httpsd 4970 - 1677161807     info] fweb_debug_final[306] -- Completed POST request for "/logincheck" (HTTP 200)
[httpsd 4970 - 1677161807     info] fweb_debug_init[416] -- New GET request for "/api/v2/cmdb/system/interface" from "10.241.8.4:33808"
[httpsd 4970 - 1677161807     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.6"
[httpsd 4970 - 1677161807     info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request
[httpsd 4970 - 1677161807     info] api_store_parameter[320] -- add API parameter 'vdom' (type=string)
[httpsd 4970 - 1677161807     info] api_store_parameter[320] -- add API parameter 'action' (type=string)
[httpsd 4970 - 1677161807     info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='interface')
[httpsd 4970 - 1677161807     info] api_cmdb_guino_etag[2313] -- Static ETag check for system.interface
[httpsd 4970 - 1677161807     info] api_generate_and_add_etag[1805] -- Per VDOM ETags: [ "vdom: root, hash: 0155a43ab74b5e3037630205aaf05574" ]
[httpsd 4970 - 1677161807     info] api_generate_and_add_etag[1810] -- New ETag: 8C1340A008754A6047BE10C0DAFFEC491685F59A4EEFCDB8C9285A3293727C22
[httpsd 4970 - 1677161807     info] api_generate_request_hash[1690] -- hash_str: { "uri": "\/api\/v2\/cmdb\/system\/interface", "params": { "vdom": "root", "action": "schema", "path": "system", "name": "interface", "authorized_admin": "ansible" } }
[httpsd 4970 - 1677161807     info] api_generate_request_hash[1691] -- revisions: [ "vdom: root, hash: 2c2bfa13e62f37b8370a0a8899291d56", "0d6b47849ea5db350eee12626d3dc5de" ]
[httpsd 4970 - 1677161807     info] get_cache_lock[64] -- Cache: locking /tmp/api_cache/49961350B7EEBB13AD0599E8A842772A33C92690BB38A384A4641382ED6A3026-BF017A7E9998E0334927D0718AC600ABFAAF6F448E899FCCFF7CBB49DC95A6D (read).
[httpsd 4970 - 1677161807     info] get_cache_lock[80] -- Cache: locked /tmp/api_cache/49961350B7EEBB13AD0599E8A842772A33C92690BB38A384A4641382ED6A3026-BF017A7E9998E0334927D0718AC600ABFAAF6F448E899FCCFF7CBB49DC95A6D (read)
[httpsd 4970 - 1677161807     info] fortiweb_send_cache[297] -- Cache decompressed.
[httpsd 4970 - 1677161807     info] api_response_from_cache[1136] -- API response is generated from cache.
[httpsd 4970 - 1677161807     info] handle_cli_req_v2[3318] -- returning to original vdom "root"
[httpsd 4970 - 1677161807     info] fweb_debug_final[306] -- Completed GET request for "/api/v2/cmdb/system/interface" (HTTP 200 OK)
[httpsd 4970 - 1677161807     info] fweb_debug_init[416] -- New PUT request for "/api/v2/cmdb/system/global" from "10.241.8.4:33818"
[httpsd 4970 - 1677161807     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.6"
[httpsd 4970 - 1677161807     info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request
[httpsd 4970 - 1677161807     info] api_store_parameter[320] -- add API parameter 'vdom' (type=string)
[httpsd 4970 - 1677161807     info] api_store_parameter[320] -- add API parameter 'admintimeout' (type=int)
[httpsd 4970 - 1677161807     info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='global')
[httpsd 4970 - 1677161807    error] is_valid_csrf_token[2406] -- no CSRF token found
[httpsd 4970 - 1677161807    error] api_cmdb_perm_check[2862] -- no valid CSRF token found
[httpsd 4970 - 1677161807     info] handle_cli_req_v2[3318] -- returning to original vdom "root"
[httpsd 4970 - 1677161807  warning] api_return_http_result[1272] -- API error 403 raised
[httpsd 4970 - 1677161807     info] fweb_debug_final[306] -- Completed PUT request for "/api/v2/cmdb/system/global" (HTTP 403)
[httpsd 4970 - 1677161807     info] fweb_debug_init[416] -- New POST request for "/logout" from "10.241.8.4:33820"
[httpsd 4970 - 1677161807     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.6"
[httpsd 4970 - 1677161807     info] fweb_debug_init[420] -- Handler "logout-handler" assigned to request
[httpsd 4970 - 1677161807     info] fweb_debug_final[306] -- Completed POST request for "/logout" (HTTP 200)

Running the same playbook on a 6.4.11 and 7.0.9 Fortigate will result in the configuration being applied successfully.

MaxxLiu22 commented 1 year ago

Hi @slazer2au ,

Thank you for bring up this issue, I can reproduce that, but we recommend to use "token" as a primary authentication way to login FGT. In order to do so, we need to create an API user with an appropriate "accprofile" and generate a token then use that token in the playbook you use, if you still have issue to access FGT, please let me know.

FGVMULTM22003786 # config system api-user 

FGVMULTM22003786 (api-user) # edit api 

FGVMULTM22003786 (api) # show
config system api-user
    edit "api"
        set api-key ENC SH2Dt0e3z6j6k+V8TsABtBoy8UmCgtmI192MaPRGhhyYqROt6m/r9IATuRV68I=
        set accprofile "super_admin"
        set vdom "root"
    next
end

FGVMULTM22003786 (api) # end

FGVMULTM22003786 # execute api-user generate-key api 

New API key: 6Hjrf1GHzNsw837wdwnxNNwN0b8f8t

NOTE: The bearer of this API key will be granted all access privileges assigned to the api-user api.

ansible play book

  tasks:
  - name: System Global configuration
    fortios_system_global:
      vdom: root
      access_token: 6Hjrf1GHzNsw837wdwnxNNwN0b8f8t
      system_global:
        admintimeout: 405

Thanks, Maxx

slazer2au commented 1 year ago

Using the access_token does work, but we use LDAP to manage automation accounts. Is there going to be a fix for this in the future?

alagoutte commented 1 year ago

Using the access_token does work, but we use LDAP to manage automation accounts. Is there going to be a fix for this in the future?

Get the same issue, there is a change on name of CCSRF Token (ccsrftoken => ccsrftoken_PORT) https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/main/plugins/httpapi/fortios.py#L113

JieX19 commented 1 year ago

@alagoutte @slazer2au Thanks for catching that! The backend has changed the name in the new FortiOS firmware. We will do a bugfix release ASAP.

alagoutte commented 1 year ago

Same issue on my PowerFGT module and fix (get also the same issue with 7.4.0)

JieX19 commented 1 year ago

Hi @alagoutte @slazer2au,

We've fixed the issue in version 2.2.3, please go ahead and upgrade the collection to avoid this issue. ansible-galaxy collection install fortinet.fortios:2.2.3

Thanks, Jie

slazer2au commented 1 year ago

I have upgraded to 2.2.3 but I am now getting 405 errors.

[httpsd 5785 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5785 - 1680004316     info] fweb_debug_init[420] -- Handler "logincheck-handler" assigned to request
[httpsd 5785 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/logincheck" (HTTP 302 Found)
[httpsd 5674 - 1680004316     info] fweb_debug_init[416] -- New GET request for "/error/403/" from "192.168.2.9:56039"
[httpsd 5674 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5674 - 1680004316     info] fweb_debug_init[420] -- Handler "error-handler" assigned to request
[httpsd 5674 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/error/403/" (HTTP 200)
[httpsd 5785 - 1680004316     info] fweb_debug_init[416] -- New GET request for "/api/v2/monitor/system/status" from "192.168.2.9:56040"
[httpsd 5785 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5785 - 1680004316     info] fweb_debug_init[420] -- Handler "api_monitor_v2-handler" assigned to request
[httpsd 5785 - 1680004316  warning] api_access_check_for_api_key[688] -- API Key request authorized for apiuser from 192.168.2.9.
[httpsd 5785 - 1680004316     info] api_store_parameter[320] -- add API parameter 'vdom' (type=string)
[httpsd 5785 - 1680004316     info] api_store_parameter[320] -- add API parameter 'access_token' (type=string)
[httpsd 5785 - 1680004316     info] endpoint_process_req_vdom[1020] -- new API request (action='select',path='system',name='status',vdom='root',user='apiuser')
[httpsd 5785 - 1680004316     info] endpoint_process_req_vdom[1026] -- completed API request (rss_pre=28040, rss_post=28040, rss_delta=0)
[httpsd 5785 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/api/v2/monitor/system/status" (HTTP 200)
[httpsd 5674 - 1680004316     info] fweb_debug_init[416] -- New GET request for "/logincheck" from "192.168.2.9:56041"
[httpsd 5674 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5674 - 1680004316     info] fweb_debug_init[420] -- Handler "logincheck-handler" assigned to request
[httpsd 5674 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/logincheck" (HTTP 302 Found)
[httpsd 5785 - 1680004316     info] fweb_debug_init[416] -- New GET request for "/error/403/" from "192.168.2.9:56042"
[httpsd 5785 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5785 - 1680004316     info] fweb_debug_init[420] -- Handler "error-handler" assigned to request
[httpsd 5785 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/error/403/" (HTTP 200)
[httpsd 5674 - 1680004316     info] fweb_debug_init[416] -- New GET request for "/api/v2/monitor/system/status" from "192.168.2.9:56043"
[httpsd 5674 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5674 - 1680004316     info] fweb_debug_init[420] -- Handler "api_monitor_v2-handler" assigned to request
[httpsd 5674 - 1680004316  warning] api_access_check_for_api_key[688] -- API Key request authorized for apiuser from 192.168.2.9.
[httpsd 5674 - 1680004316     info] api_store_parameter[320] -- add API parameter 'vdom' (type=string)
[httpsd 5674 - 1680004316     info] api_store_parameter[320] -- add API parameter 'access_token' (type=string)
[httpsd 5674 - 1680004316     info] endpoint_process_req_vdom[1020] -- new API request (action='select',path='system',name='status',vdom='root',user='apiuser')
[httpsd 5674 - 1680004316     info] endpoint_process_req_vdom[1026] -- completed API request (rss_pre=40512, rss_post=40512, rss_delta=0)
[httpsd 5674 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/api/v2/monitor/system/status" (HTTP 200)
[httpsd 5785 - 1680004316     info] fweb_debug_init[416] -- New GET request for "/api/v2/monitor/system/status" from "192.168.2.9:56044"
[httpsd 5785 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5785 - 1680004316     info] fweb_debug_init[420] -- Handler "api_monitor_v2-handler" assigned to request
[httpsd 5785 - 1680004316  warning] api_access_check_for_api_key[688] -- API Key request authorized for apiuser from 192.168.2.9.
[httpsd 5785 - 1680004316     info] api_store_parameter[320] -- add API parameter 'vdom' (type=string)
[httpsd 5785 - 1680004316     info] api_store_parameter[320] -- add API parameter 'access_token' (type=string)
[httpsd 5785 - 1680004316     info] endpoint_process_req_vdom[1020] -- new API request (action='select',path='system',name='status',vdom='root',user='apiuser')
[httpsd 5785 - 1680004316     info] endpoint_process_req_vdom[1026] -- completed API request (rss_pre=28040, rss_post=28040, rss_delta=0)
[httpsd 5785 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/api/v2/monitor/system/status" (HTTP 200)
[httpsd 5674 - 1680004316     info] fweb_debug_init[416] -- New POST request for "/api/v2/cmdb/system/global" from "192.168.2.9:56045"
[httpsd 5674 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5674 - 1680004316     info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request
[httpsd 5674 - 1680004316  warning] api_access_check_for_api_key[688] -- API Key request authorized for apiuser from 192.168.2.9.
[httpsd 5674 - 1680004316     info] api_store_parameter[320] -- add API parameter 'vdom' (type=string)
[httpsd 5674 - 1680004316     info] api_store_parameter[320] -- add API parameter 'access_token' (type=string)
[httpsd 5674 - 1680004316     info] api_store_parameter[320] -- add API parameter 'timezone' (type=string)
[httpsd 5674 - 1680004316     info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='global')
[httpsd 5674 - 1680004316     info] handle_cli_req_v2[3200] -- no method found for requested action: (null)
[httpsd 5674 - 1680004316     info] handle_cli_req_v2[3318] -- returning to original vdom "root"
[httpsd 5674 - 1680004316  warning] api_return_http_result[1272] -- API error 405 raised
[httpsd 5674 - 1680004316     info] fweb_debug_final[306] -- Completed POST request for "/api/v2/cmdb/system/global" (HTTP 405)
[httpsd 5785 - 1680004316     info] fweb_debug_init[416] -- New POST request for "/api/v2/cmdb/system/global" from "192.168.2.9:56046"
[httpsd 5785 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5785 - 1680004316     info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request
[httpsd 5785 - 1680004316  warning] api_access_check_for_api_key[688] -- API Key request authorized for apiuser from 192.168.2.9.
[httpsd 5785 - 1680004316     info] api_store_parameter[320] -- add API parameter 'vdom' (type=string)
[httpsd 5785 - 1680004316     info] api_store_parameter[320] -- add API parameter 'access_token' (type=string)
[httpsd 5785 - 1680004316     info] api_store_parameter[320] -- add API parameter 'timezone' (type=string)
[httpsd 5785 - 1680004316     info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='global')
[httpsd 5785 - 1680004316     info] handle_cli_req_v2[3200] -- no method found for requested action: (null)
[httpsd 5785 - 1680004316     info] handle_cli_req_v2[3318] -- returning to original vdom "root"
[httpsd 5785 - 1680004316  warning] api_return_http_result[1272] -- API error 405 raised
[httpsd 5785 - 1680004316     info] fweb_debug_final[306] -- Completed POST request for "/api/v2/cmdb/system/global" (HTTP 405)
[httpsd 5674 - 1680004316     info] fweb_debug_init[416] -- New GET request for "/logout" from "192.168.2.9:56047"
[httpsd 5674 - 1680004316     info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10"
[httpsd 5674 - 1680004316     info] fweb_debug_init[420] -- Handler "logout-handler" assigned to request
[httpsd 5674 - 1680004316     info] fweb_debug_final[306] -- Completed GET request for "/logout" (HTTP 200)
ansible@ansible:/mnt/c/Users/ansible/Ansible/Accesstoken$ ansible-playbook demo_fortigate.yml -i hosts -vvv
ansible-playbook [core 2.14.1]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ansible/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ansible/.local/bin/ansible-playbook
  python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /mnt/c/Users/ansible/Ansible/Accesstoken/hosts as it did not pass its verify_file() method
auto declined parsing /mnt/c/Users/ansible/Ansible/Accesstoken/hosts as it did not pass its verify_file() method     
Parsed /mnt/c/Users/ansible/Ansible/Accesstoken/hosts inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: demo_fortigate.yml ***************************************************************************************************************************************************1 plays in demo_fortigate.yml

PLAY [demo] ********************************************************************************************************************************************************************
TASK [System Global configuration] *********************************************************************************************************************************************task path: /mnt/c/Users/ansible/Ansible/Accesstoken/demo_fortigate.yml:20
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<192.168.2.8> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<192.168.2.8> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ansible/.ansible/tmp/ansible-local-6498w30f77p `"&& mkdir "` echo /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/ansible-tmp-1680004403.373229-654-145469719858671 `" && echo ansible-tmp-1680004403.373229-654-145469719858671="` echo /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/ansible-tmp-1680004403.373229-654-145469719858671 `" ) && sleep 0'
Using module file /home/ansible/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_global.py
<192.168.2.8> PUT /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/tmp_w5i1r0p TO /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/ansible-tmp-1680004403.373229-654-145469719858671/AnsiballZ_fortios_system_global.py
<192.168.2.8> EXEC /bin/sh -c 'chmod u+x /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/ansible-tmp-1680004403.373229-654-145469719858671/ /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/ansible-tmp-1680004403.373229-654-145469719858671/AnsiballZ_fortios_system_global.py && sleep 0'
<192.168.2.8> EXEC /bin/sh -c '/usr/bin/python3 /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/ansible-tmp-1680004403.373229-654-145469719858671/AnsiballZ_fortios_system_global.py && sleep 0'
<192.168.2.8> EXEC /bin/sh -c 'rm -f -r /home/ansible/.ansible/tmp/ansible-local-6498w30f77p/ansible-tmp-1680004403.373229-654-145469719858671/ > /dev/null 2>&1 && sleep 0'
fatal: [demo-fgt-p01]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "enable_log": false,
            "member_path": null,
            "member_state": null,
            "system_global": {
                "admin_concurrent": null,
                "admin_console_timeout": null,
                "admin_forticloud_sso_login": null,
                "admin_host": null,
                "admin_hsts_max_age": null,
                "admin_https_pki_required": null,
                "admin_https_redirect": null,
                "admin_https_ssl_banned_ciphers": null,
                "admin_https_ssl_ciphersuites": null,
                "admin_https_ssl_versions": null,
                "admin_lockout_duration": null,
                "admin_lockout_threshold": null,
                "admin_login_max": null,
                "admin_maintainer": null,
                "admin_port": null,
                "admin_restrict_local": null,
                "admin_scp": null,
                "admin_server_cert": null,
                "admin_sport": null,
                "admin_ssh_grace_time": null,
                "admin_ssh_password": null,
                "admin_ssh_port": null,
                "admin_ssh_v1": null,
                "admin_telnet": null,
                "admin_telnet_port": null,
                "admintimeout": null,
                "alias": null,
                "allow_traffic_redirect": null,
                "anti_replay": null,
                "arp_max_entry": null,
                "asymroute": null,
                "auth_cert": null,
                "auth_http_port": null,
                "auth_https_port": null,
                "auth_ike_saml_port": null,
                "auth_keepalive": null,
                "auth_session_limit": null,
                "auto_auth_extension_device": null,
                "autorun_log_fsck": null,
                "av_affinity": null,
                "av_failopen": null,
                "av_failopen_session": null,
                "batch_cmdb": null,
                "block_session_timer": null,
                "br_fdb_max_entry": null,
                "cert_chain_max": null,
                "cfg_revert_timeout": null,
                "cfg_save": null,
                "check_protocol_header": null,
                "check_reset_range": null,
                "cli_audit_log": null,
                "cloud_communication": null,
                "clt_cert_req": null,
                "cmdbsvr_affinity": null,
                "compliance_check": null,
                "compliance_check_time": null,
                "cpu_use_threshold": null,
                "csr_ca_attribute": null,
                "daily_restart": null,
                "default_service_source_port": null,
                "device_identification_active_scan_delay": null,
                "device_idle_timeout": null,
                "dh_params": null,
                "dnsproxy_worker_count": null,
                "dst": null,
                "early_tcp_npu_session": null,
                "edit_vdom_prompt": null,
                "endpoint_control_fds_access": null,
                "endpoint_control_portal_port": null,
                "extender_controller_reserved_network": null,
                "failtime": null,
                "faz_disk_buffer_size": null,
                "fds_statistics": null,
                "fds_statistics_period": null,
                "fec_port": null,
                "fgd_alert_subscription": null,
                "forticarrier_bypass": null,
                "fortiextender": null,
                "fortiextender_data_port": null,
                "fortiextender_discovery_lockdown": null,
                "fortiextender_provision_on_authorization": null,
                "fortiextender_vlan_mode": null,
                "fortiipam_integration": null,
                "fortiservice_port": null,
                "fortitoken_cloud": null,
                "gui_allow_default_hostname": null,
                "gui_app_detection_sdwan": null,
                "gui_cdn_usage": null,
                "gui_certificates": null,
                "gui_custom_language": null,
                "gui_date_format": null,
                "gui_date_time_source": null,
                "gui_device_latitude": null,
                "gui_device_longitude": null,
                "gui_display_hostname": null,
                "gui_firmware_upgrade_warning": null,
                "gui_forticare_registration_setup_warning": null,
                "gui_fortigate_cloud_sandbox": null,
                "gui_fortiguard_resource_fetch": null,
                "gui_fortisandbox_cloud": null,
                "gui_ipv6": null,
                "gui_lines_per_page": null,
                "gui_local_out": null,
                "gui_replacement_message_groups": null,
                "gui_rest_api_cache": null,
                "gui_theme": null,
                "gui_wireless_opensecurity": null,
                "gui_workflow_management": null,
                "ha_affinity": null,
                "honor_df": null,
                "hostname": null,
                "igmp_state_limit": null,
                "internet_service_database": null,
                "interval": null,
                "ip_fragment_mem_thresholds": null,
                "ip_src_port_range": null,
                "ips_affinity": null,
                "ipsec_asic_offload": null,
                "ipsec_ha_seqjump_rate": null,
                "ipsec_hmac_offload": null,
                "ipsec_round_robin": null,
                "ipsec_soft_dec_async": null,
                "ipv6_accept_dad": null,
                "ipv6_allow_anycast_probe": null,
                "ipv6_allow_local_in_slient_drop": null,
                "ipv6_allow_multicast_probe": null,
                "ipv6_allow_traffic_redirect": null,
                "irq_time_accounting": null,
                "language": null,
                "ldapconntimeout": null,
                "lldp_reception": null,
                "lldp_transmission": null,
                "log_ssl_connection": null,
                "log_uuid": null,
                "log_uuid_address": null,
                "log_uuid_policy": null,
                "login_timestamp": null,
                "long_vdom_name": null,
                "management_ip": null,
                "management_port": null,
                "management_port_use_admin_sport": null,
                "management_vdom": null,
                "max_dlpstat_memory": null,
                "max_route_cache_size": null,
                "mc_ttl_notchange": null,
                "memory_use_threshold_extreme": null,
                "memory_use_threshold_green": null,
                "memory_use_threshold_red": null,
                "miglog_affinity": null,
                "miglogd_children": null,
                "multi_factor_authentication": null,
                "multicast_forward": null,
                "ndp_max_entry": null,
                "per_user_bal": null,
                "per_user_bwl": null,
                "pmtu_discovery": null,
                "policy_auth_concurrent": null,
                "post_login_banner": null,
                "pre_login_banner": null,
                "private_data_encryption": null,
                "proxy_auth_lifetime": null,
                "proxy_auth_lifetime_timeout": null,
                "proxy_auth_timeout": null,
                "proxy_cert_use_mgmt_vdom": null,
                "proxy_cipher_hardware_acceleration": null,
                "proxy_hardware_acceleration": null,
                "proxy_kxp_hardware_acceleration": null,
                "proxy_re_authentication_mode": null,
                "proxy_resource_mode": null,
                "proxy_worker_count": null,
                "radius_port": null,
                "reboot_upon_config_restore": null,
                "refresh": null,
                "remoteauthtimeout": null,
                "reset_sessionless_tcp": null,
                "restart_time": null,
                "revision_backup_on_logout": null,
                "revision_image_auto_backup": null,
                "scanunit_count": null,
                "security_rating_result_submission": null,
                "security_rating_run_on_schedule": null,
                "send_pmtu_icmp": null,
                "snat_route_change": null,
                "special_file_23_support": null,
                "speedtest_server": null,
                "split_port": null,
                "ssd_trim_date": null,
                "ssd_trim_freq": null,
                "ssd_trim_hour": null,
                "ssd_trim_min": null,
                "ssd_trim_weekday": null,
                "ssh_cbc_cipher": null,
                "ssh_enc_algo": null,
                "ssh_hmac_md5": null,
                "ssh_kex_algo": null,
                "ssh_kex_sha1": null,
                "ssh_mac_algo": null,
                "ssh_mac_weak": null,
                "ssl_min_proto_version": null,
                "ssl_static_key_ciphers": null,
                "sslvpn_cipher_hardware_acceleration": null,
                "sslvpn_ems_sn_check": null,
                "sslvpn_kxp_hardware_acceleration": null,
                "sslvpn_max_worker_count": null,
                "sslvpn_plugin_version_check": null,
                "strict_dirty_session_check": null,
                "strong_crypto": null,
                "switch_controller": null,
                "switch_controller_reserved_network": null,
                "sys_perf_log_interval": null,
                "tcp_halfclose_timer": null,
                "tcp_halfopen_timer": null,
                "tcp_option": null,
                "tcp_rst_timer": null,
                "tcp_timewait_timer": null,
                "tftp": null,
                "timezone": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "tp_mc_skip_policy": null,
                "traffic_priority": null,
                "traffic_priority_level": null,
                "two_factor_email_expiry": null,
                "two_factor_fac_expiry": null,
                "two_factor_ftk_expiry": null,
                "two_factor_ftm_expiry": null,
                "two_factor_sms_expiry": null,
                "udp_idle_timer": null,
                "url_filter_affinity": null,
                "url_filter_count": null,
                "user_device_store_max_devices": null,
                "user_device_store_max_unified_mem": null,
                "user_device_store_max_users": null,
                "user_server_cert": null,
                "vdom_admin": null,
                "vdom_mode": null,
                "vip_arp_range": null,
                "virtual_server_count": null,
                "virtual_server_hardware_acceleration": null,
                "wad_affinity": null,
                "wad_csvc_cs_count": null,
                "wad_csvc_db_count": null,
                "wad_memory_change_granularity": null,
                "wad_source_affinity": null,
                "wad_worker_count": null,
                "wifi_ca_certificate": null,
                "wifi_certificate": null,
                "wimax_4g_usb": null,
                "wireless_controller": null,
                "wireless_controller_port": null
            },
            "vdom": "root"
        }
    },
    "meta": {
        "build": 1396,
        "http_method": "POST",
        "http_status": 405,
        "name": "global",
        "path": "system",
        "serial": "FGVMEVAY_2X4PLE6",
        "status": "error",
        "vdom": "root",
        "version": "v7.2.4"
    },
    "msg": "Error in repo"
}

PLAY RECAP *********************************************************************************************************************************************************************
demo-fgt-p01               : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
---
- hosts: demo
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortios
  vars:
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no
    ansible_httpapi_port: 443
    vdom: "root"
    ansible_network_os: fortinet.fortios.fortios
    access_token: Nn6jxNf4ftHw5bmm4x9xtp9mN14zGm
  tasks:
  - name: System Global configuration
    tags: global
    fortios_system_global:
      vdom: "{{ vdom }}"
      access_token: "{{ access_token }}"
      system_global:
        #admintimeout: 400
        timezone: 26
MaxxLiu22 commented 1 year ago

Hi @slazer2au ,

Could you check your ansible.netcommon version by input ansible-galaxy collection list | grep ansible.netcommon 405 error, we do have some issue with ansible.netcommon 5.0.0, so please make sure you are using 4.1.0.

Thanks, Maxx

MaxxLiu22 commented 1 year ago

Hi @slazer2au

I will go ahead to close this case, if you still have questions, feel free to reopen it or another case.

Thanks, Maxx