fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
85 stars 49 forks source link

error in repo #242

Closed mhca99 closed 1 year ago

mhca99 commented 1 year ago

Hi, I am running a simple setup and getting "Error in repo".

FMG "version": "v7.2.4"

c45e5bc898b2:/mnt# ansible --version ansible [core 2.13.6] config file = /mnt/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.10/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.10.10 (main, Feb 9 2023, 02:08:14) [GCC 12.2.1 20220924] jinja version = 3.1.2 libyaml = True

c45e5bc898b2:/mnt# ansible-galaxy collection list

/root/.ansible/collections/ansible_collections

Collection Version


ansible.netcommon 5.0.0 ansible.utils 2.9.0 fortinet.fortimanager 2.1.7 fortinet.fortios 2.2.2

Following is simple playbook:

[fortigates] fortigate01 ansible_host=140.2x.x.x. ansible_user="admin" ansible_password="testpass"

[fortigates:vars] ansible_network_os=fortinet.fortios.fortios

Following is the debug output:

c45e5bc898b2:/mnt# ansible-playbook -vvv -i inventory test.yml ansible-playbook [core 2.13.6] config file = /mnt/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.10/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible-playbook python version = 3.10.10 (main, Feb 9 2023, 02:08:14) [GCC 12.2.1 20220924] jinja version = 3.1.2 libyaml = True Using /mnt/ansible.cfg as config file host_list declined parsing /mnt/inventory as it did not pass its verify_file() method script declined parsing /mnt/inventory as it did not pass its verify_file() method auto declined parsing /mnt/inventory as it did not pass its verify_file() method Parsed /mnt/inventory inventory source with ini plugin Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test.yml *** 1 plays in test.yml

PLAY [fortigates] ****

TASK [Gathering Facts] *** task path: /mnt/test.yml:2 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi <140.2x.x.x.> ESTABLISH LOCAL CONNECTION FOR USER: root <140.2x.x.x.> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-1060aybuk97e"&& mkdir "echo /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600442.3278825-1064-28463696122697" && echo ansible-tmp-1678600442.3278825-1064-28463696122697="echo /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600442.3278825-1064-28463696122697" ) && sleep 0' Using module file /usr/lib/python3.10/site-packages/ansible/modules/setup.py <140.2x.x.x.> PUT /root/.ansible/tmp/ansible-local-1060aybuk97e/tmp7whjnvhi TO /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600442.3278825-1064-28463696122697/AnsiballZ_setup.py <140.2x.x.x.> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600442.3278825-1064-28463696122697/ /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600442.3278825-1064-28463696122697/AnsiballZ_setup.py && sleep 0' <140.2x.x.x.> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600442.3278825-1064-28463696122697/AnsiballZ_setup.py && sleep 0' <140.2x.x.x.> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600442.3278825-1064-28463696122697/ > /dev/null 2>&1 && sleep 0' ok: [fortigate01] META: ran handlers

TASK [Configure global attributes.] ** task path: /mnt/test.yml:12 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi <140.2x.x.x.> ESTABLISH LOCAL CONNECTION FOR USER: root <140.2x.x.x.> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-1060aybuk97e"&& mkdir "echo /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600444.3683848-1106-91876107051384" && echo ansible-tmp-1678600444.3683848-1106-91876107051384="echo /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600444.3683848-1106-91876107051384" ) && sleep 0' Using module file /root/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_global.py <140.2x.x.x.> PUT /root/.ansible/tmp/ansible-local-1060aybuk97e/tmpj4444kxu TO /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600444.3683848-1106-91876107051384/AnsiballZ_fortios_system_global.py <140.2x.x.x.> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600444.3683848-1106-91876107051384/ /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600444.3683848-1106-91876107051384/AnsiballZ_fortios_system_global.py && sleep 0' <140.2x.x.x.> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600444.3683848-1106-91876107051384/AnsiballZ_fortios_system_global.py && sleep 0' <140.2x.x.x.> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-1060aybuk97e/ansible-tmp-1678600444.3683848-1106-91876107051384/ > /dev/null 2>&1 && sleep 0' fatal: [fortigate01]: FAILED! => { "changed": false, "invocation": { "module_args": { "access_token": null, "enable_log": false, "member_path": null, "member_state": null, "system_global": { "admin_concurrent": null, "admin_console_timeout": null, "admin_forticloud_sso_login": null, "admin_host": null, "admin_hsts_max_age": null, "admin_https_pki_required": null, "admin_https_redirect": null, "admin_https_ssl_banned_ciphers": null, "admin_https_ssl_ciphersuites": null, "admin_https_ssl_versions": null, "admin_lockout_duration": null, "admin_lockout_threshold": null, "admin_login_max": null, "admin_maintainer": null, "admin_port": null, "admin_restrict_local": null, "admin_scp": null, "admin_server_cert": null, "admin_sport": null, "admin_ssh_grace_time": null, "admin_ssh_password": null, "admin_ssh_port": null, "admin_ssh_v1": null, "admin_telnet": null, "admin_telnet_port": null, "admintimeout": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "alias": null, "allow_traffic_redirect": null, "anti_replay": null, "arp_max_entry": null, "asymroute": null, "auth_cert": null, "auth_http_port": null, "auth_https_port": null, "auth_ike_saml_port": null, "auth_keepalive": null, "auth_session_limit": null, "auto_auth_extension_device": null, "autorun_log_fsck": null, "av_affinity": null, "av_failopen": null, "av_failopen_session": null, "batch_cmdb": null, "block_session_timer": null, "br_fdb_max_entry": null, "cert_chain_max": null, "cfg_revert_timeout": null, "cfg_save": null, "check_protocol_header": null, "check_reset_range": null, "cli_audit_log": null, "cloud_communication": null, "clt_cert_req": null, "cmdbsvr_affinity": null, "compliance_check": null, "compliance_check_time": null, "cpu_use_threshold": null, "csr_ca_attribute": null, "daily_restart": null, "default_service_source_port": null, "device_identification_active_scan_delay": null, "device_idle_timeout": null, "dh_params": null, "dnsproxy_worker_count": null, "dst": null, "early_tcp_npu_session": null, "edit_vdom_prompt": null, "endpoint_control_fds_access": null, "endpoint_control_portal_port": null, "extender_controller_reserved_network": null, "failtime": null, "faz_disk_buffer_size": null, "fds_statistics": null, "fds_statistics_period": null, "fec_port": null, "fgd_alert_subscription": null, "forticarrier_bypass": null, "fortiextender": null, "fortiextender_data_port": null, "fortiextender_discovery_lockdown": null, "fortiextender_provision_on_authorization": null, "fortiextender_vlan_mode": null, "fortiipam_integration": null, "fortiservice_port": null, "fortitoken_cloud": null, "gui_allow_default_hostname": null, "gui_app_detection_sdwan": null, "gui_cdn_usage": null, "gui_certificates": null, "gui_custom_language": null, "gui_date_format": null, "gui_date_time_source": null, "gui_device_latitude": null, "gui_device_longitude": null, "gui_display_hostname": null, "gui_firmware_upgrade_warning": null, "gui_forticare_registration_setup_warning": null, "gui_fortigate_cloud_sandbox": null, "gui_fortiguard_resource_fetch": null, "gui_fortisandbox_cloud": null, "gui_ipv6": null, "gui_lines_per_page": null, "gui_local_out": null, "gui_replacement_message_groups": null, "gui_rest_api_cache": null, "gui_theme": null, "gui_wireless_opensecurity": null, "gui_workflow_management": null, "ha_affinity": null, "honor_df": null, "hostname": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "igmp_state_limit": null, "internet_service_database": null, "interval": null, "ip_fragment_mem_thresholds": null, "ip_src_port_range": null, "ips_affinity": null, "ipsec_asic_offload": null, "ipsec_ha_seqjump_rate": null, "ipsec_hmac_offload": null, "ipsec_round_robin": null, "ipsec_soft_dec_async": null, "ipv6_accept_dad": null, "ipv6_allow_anycast_probe": null, "ipv6_allow_local_in_slient_drop": null, "ipv6_allow_multicast_probe": null, "ipv6_allow_traffic_redirect": null, "irq_time_accounting": null, "language": null, "ldapconntimeout": null, "lldp_reception": null, "lldp_transmission": null, "log_ssl_connection": null, "log_uuid": null, "log_uuid_address": null, "log_uuid_policy": null, "login_timestamp": null, "long_vdom_name": null, "management_ip": null, "management_port": null, "management_port_use_admin_sport": null, "management_vdom": null, "max_dlpstat_memory": null, "max_route_cache_size": null, "mc_ttl_notchange": null, "memory_use_threshold_extreme": null, "memory_use_threshold_green": null, "memory_use_threshold_red": null, "miglog_affinity": null, "miglogd_children": null, "multi_factor_authentication": null, "multicast_forward": null, "ndp_max_entry": null, "per_user_bal": null, "per_user_bwl": null, "pmtu_discovery": null, "policy_auth_concurrent": null, "post_login_banner": null, "pre_login_banner": null, "private_data_encryption": null, "proxy_auth_lifetime": null, "proxy_auth_lifetime_timeout": null, "proxy_auth_timeout": null, "proxy_cert_use_mgmt_vdom": null, "proxy_cipher_hardware_acceleration": null, "proxy_hardware_acceleration": null, "proxy_kxp_hardware_acceleration": null, "proxy_re_authentication_mode": null, "proxy_resource_mode": null, "proxy_worker_count": null, "radius_port": null, "reboot_upon_config_restore": null, "refresh": null, "remoteauthtimeout": null, "reset_sessionless_tcp": null, "restart_time": null, "revision_backup_on_logout": null, "revision_image_auto_backup": null, "scanunit_count": null, "security_rating_result_submission": null, "security_rating_run_on_schedule": null, "send_pmtu_icmp": null, "snat_route_change": null, "special_file_23_support": null, "speedtest_server": null, "split_port": null, "ssd_trim_date": null, "ssd_trim_freq": null, "ssd_trim_hour": null, "ssd_trim_min": null, "ssd_trim_weekday": null, "ssh_cbc_cipher": null, "ssh_enc_algo": null, "ssh_hmac_md5": null, "ssh_kex_algo": null, "ssh_kex_sha1": null, "ssh_mac_algo": null, "ssh_mac_weak": null, "ssl_min_proto_version": null, "ssl_static_key_ciphers": null, "sslvpn_cipher_hardware_acceleration": null, "sslvpn_ems_sn_check": null, "sslvpn_kxp_hardware_acceleration": null, "sslvpn_max_worker_count": null, "sslvpn_plugin_version_check": null, "strict_dirty_session_check": null, "strong_crypto": null, "switch_controller": null, "switch_controller_reserved_network": null, "sys_perf_log_interval": null, "tcp_halfclose_timer": null, "tcp_halfopen_timer": null, "tcp_option": null, "tcp_rst_timer": null, "tcp_timewait_timer": null, "tftp": null, "timezone": null, "tp_mc_skip_policy": null, "traffic_priority": null, "traffic_priority_level": null, "two_factor_email_expiry": null, "two_factor_fac_expiry": null, "two_factor_ftk_expiry": null, "two_factor_ftm_expiry": null, "two_factor_sms_expiry": null, "udp_idle_timer": null, "url_filter_affinity": null, "url_filter_count": null, "user_device_store_max_devices": null, "user_device_store_max_unified_mem": null, "user_device_store_max_users": null, "user_server_cert": null, "vdom_admin": null, "vdom_mode": null, "vip_arp_range": null, "virtual_server_count": null, "virtual_server_hardware_acceleration": null, "wad_affinity": null, "wad_csvc_cs_count": null, "wad_csvc_db_count": null, "wad_memory_change_granularity": null, "wad_source_affinity": null, "wad_worker_count": null, "wifi_ca_certificate": null, "wifi_certificate": null, "wimax_4g_usb": null, "wireless_controller": null, "wireless_controller_port": null }, "vdom": "root" } }, "meta": { "build": 1396, "http_method": "POST", "http_status": 405, "name": "global", "path": "system", "serial": "FGVXXXXXXXXXX", <------ put some dummy # there "status": "error", "vdom": "root", "version": "v7.2.4" }, "msg": "Error in repo" }

PLAY RECAP *** fortigate01 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

alagoutte commented 1 year ago

Duplicate with a part of https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/237 and https://github.com/ansible-collections/ansible.netcommon/pull/523

can you try to downgrade netcommon release ?

mhca99 commented 1 year ago

Thanks, downgrading ansible.netcommon and using "access_token" works.

/root/.ansible/collections/ansible_collections

Collection Version


ansible.netcommon 4.1.0 ansible.utils 2.9.0 fortinet.fortimanager 2.1.7 fortinet.fortios 2.2.2

However, another task for changing the token giving 403 error as follows: I wonder if its related to any other bug or I need to downgrade any other version as I have tried with different users but none works.

c45e5bc898b2:/mnt# ansible-playbook -i inventory test.yml

PLAY [fortigates] ****

TASK [Gathering Facts] *** ok: [fortigate01]

TASK [Generate The API token] **** fatal: [fortigate01]: FAILED! => {"changed": false, "meta": {"action": "generate-key", "build": 1396, "http_method": "POST", "http_status": 403, "name": "api-user", "path": "system", "serial": XXXXXXXXXX", "status": "error", "vdom": "root", "version": "v7.2.4"}, "msg": "Error in repo"}

PLAY RECAP *** fortigate01 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

debug output: c45e5bc898b2:/mnt# ansible-playbook -vvv -i inventory test.yml ansible-playbook [core 2.13.6] config file = /mnt/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.10/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible-playbook python version = 3.10.10 (main, Feb 9 2023, 02:08:14) [GCC 12.2.1 20220924] jinja version = 3.1.2 libyaml = True Using /mnt/ansible.cfg as config file host_list declined parsing /mnt/inventory as it did not pass its verify_file() method script declined parsing /mnt/inventory as it did not pass its verify_file() method auto declined parsing /mnt/inventory as it did not pass its verify_file() method Parsed /mnt/inventory inventory source with ini plugin Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test.yml *** 1 plays in test.yml

PLAY [fortigates] ****

TASK [Gathering Facts] *** task path: /mnt/test.yml:2 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi <140.x.x.x> ESTABLISH LOCAL CONNECTION FOR USER: root <140.x.x.x> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-30858id3mb10"&& mkdir "echo /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638873.2727988-3089-204248332973834" && echo ansible-tmp-1678638873.2727988-3089-204248332973834="echo /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638873.2727988-3089-204248332973834" ) && sleep 0' Using module file /usr/lib/python3.10/site-packages/ansible/modules/setup.py <140.x.x.x> PUT /root/.ansible/tmp/ansible-local-30858id3mb10/tmplwxbv5ik TO /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638873.2727988-3089-204248332973834/AnsiballZ_setup.py <140.x.x.x> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638873.2727988-3089-204248332973834/ /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638873.2727988-3089-204248332973834/AnsiballZ_setup.py && sleep 0' <140.x.x.x> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638873.2727988-3089-204248332973834/AnsiballZ_setup.py && sleep 0' <140.x.x.x> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638873.2727988-3089-204248332973834/ > /dev/null 2>&1 && sleep 0' ok: [fortigate01] META: ran handlers

TASK [Generate The API token] **** task path: /mnt/test.yml:14 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi <140.x.x.x> ESTABLISH LOCAL CONNECTION FOR USER: root <140.x.x.x> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-30858id3mb10"&& mkdir "echo /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638874.8300757-3131-278062044892401" && echo ansible-tmp-1678638874.8300757-3131-278062044892401="echo /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638874.8300757-3131-278062044892401" ) && sleep 0' Using module file /root/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor.py <140.x.x.x> PUT /root/.ansible/tmp/ansible-local-30858id3mb10/tmpntklhdrz TO /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638874.8300757-3131-278062044892401/AnsiballZ_fortios_monitor.py <140.x.x.x> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638874.8300757-3131-278062044892401/ /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638874.8300757-3131-278062044892401/AnsiballZ_fortios_monitor.py && sleep 0' <140.x.x.x> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638874.8300757-3131-278062044892401/AnsiballZ_fortios_monitor.py && sleep 0' <140.x.x.x> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-30858id3mb10/ansible-tmp-1678638874.8300757-3131-278062044892401/ > /dev/null 2>&1 && sleep 0' fatal: [fortigate01]: FAILED! => { "changed": false, "invocation": { "module_args": { "access_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "enable_log": false, "params": { "api-user": "test2" }, "selector": "generate-key.system.api-user", "vdom": "root" } }, "meta": { "action": "generate-key", "build": 1396, "http_method": "POST", "http_status": 403, "name": "api-user", "path": "system", "serial": "xxxxxxxxxxxxxxxxx", "status": "error", "vdom": "root", "version": "v7.2.4" }, "msg": "Error in repo" }

PLAY RECAP *** fortigate01 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0