alagoutte
commented
1 year ago you are use about ansible.netcommon release ? because the API send a POST but need a PUT for this call...
and may be for hbdev, to use list
[...]
hbdev:
- port4
[...]Closed mhca99 closed 5 days ago
alagoutte
commented
1 year ago you are use about ansible.netcommon release ? because the API send a POST but need a PUT for this call...
and may be for hbdev, to use list
[...]
hbdev:
- port4
[...]
mhca99
commented
1 year ago Its using ansible.netcommon 4.1.0 as follows:. I have tried "hbdev" value with list option ( i.e. - port4 or - "port4") , its giving the same error and using "POST".
/root/.ansible/collections/ansible_collections Collection Version
ansible.netcommon 4.1.0 ansible.utils 2.9.0 fortinet.fortimanager 2.1.7 fortinet.fortios 2.2.2
TASK [fortigate-vm : Configure FortiGate HA] ***** task path: /mnt/ansible/fortigate-vm/tasks/configure-ha.yml:2 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon <x.x.x.x> attempting to start connection <x.x.x.x> using connection plugin ansible.netcommon.httpapi Found ansible-connection at path /usr/bin/ansible-connection
"meta": {
"build": 1396,
"http_method": "POST",
"http_status": 405,
"name": "ha",
"path": "system",
"serial": "FGVMPG80I_8B6QCF",
"status": "error",
"vdom": "root",
"version": "v7.2.4"
},
"msg": "Error in repo"
MaxxLiu22
commented
1 year ago @mhca99 ,
Thank you for raising this issue, I can reproduce it and have reported it to the development team for further investigation.
Thanks, Maxx
JieX19
commented
1 year ago Hi @mhca99,
I tested the module on 7.2.4 and it works well. This module is a global obj, so you cannot delete or create it. I saw the API returns 405 error, it tries to create an obj but the API does not support the POST operation. Can you please double-check the following parameters and make sure all of them already exist? Also, you can test and add a param every time to see which param causes the issue.
unicast_hb_peerip: "192.168.4.20"
ha_mgmt_interfaces:
- interface: "port1"
gateway: "192.168.1.1"
ha_mgmt_status: "enable"
hbdev: "port4"Thanks, Jie
mhca99
commented
1 year ago Hi Jie,
Thanks for testing. What cloud platform did you test ? Did you test on OCI cloud as we deploying FortiGate VMs on OCI cloud. These parameters work fine when I configure FortiGate manually via CLI on console and I checked all required interfaces are available in the system and I can ping the gateway as well as follows.
vma # sh sys int port4 config system interface edit "port4" set vdom "root" set ip 192.168.4.10 255.255.255.0 set allowaccess ping https ssh http fgfm set type physical set description "hb_private_ip_primary_a" set alias "ha" set snmp-index 8 set mtu-override enable set mtu 9000 next end
vma # exec ping 192.168.4.20 PING 192.168.4.20 (192.168.4.20): 56 data bytes 64 bytes from 192.168.4.20: icmp_seq=0 ttl=255 time=0.2 ms 64 bytes from 192.168.4.20: icmp_seq=1 ttl=255 time=0.2 ms
vma # exec ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.1 ms 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.1 ms 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.4 ms
Following is the ansible play for HA which is failing. I tried to do testing with few numbers of parameters as well but failing every time.
b522df478328:/mnt/ansible# ansible-playbook -i k fortigate-firewall-vm-setup.yml --tags kalu -l vma
PLAY [all] *** included: /mnt/ansible/fortigate-vm/tasks/configure-ha.yml for vma
TASK [fortigate-vm : Configure FortiGate HA] ***** fatal: [vma]: FAILED! => {"changed": false, "meta": {"build": 1396, "http_method": "POST", "httpstatus": 405, "name": "ha", "path": "system", "serial": "FGVMPG-JRCGKSD6", "status": "error", "vdom": "root", "version": "v7.2.4"}, "msg": "Error in repo"}
PLAY RECAP *** vma : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
During the ansible run, each request in HA Module is doing GET interface query first as follows:
[httpsd 7262 - 1680819421 info] fweb_debug_init[416] -- New GET request for "/api/v2/cmdb/system/interface" from "x.x.x.x:6144
then do the PUT request as follows:
[httpsd 7262 - 1680819422 info] fweb_debug_init[416] -- New PUT request for "/api/v2/cmdb/system/ha" from "x.x.x.x:61444"
Which fails in code 500 as follows:
[httpsd 7262 - 1680819422 info] fweb_debug_final[306] -- Completed PUT request for "/api/v2/cmdb/system/ha" (HTTP 500)
Then it finally does the POST request as follows:
[httpsd 7262 - 1680819422 info] fweb_debug_init[416] -- New POST request for "/api/v2/cmdb/system/ha" from "x.x.x.x:61446"
which eventually fails saying method not supported as follows:
[httpsd 7262 - 1680819422 info] handle_cli_req_v2[3200] -- no method found for requested action: (null)
Following are the details logs messages from the FortiGate VM:
[httpsd 7262 - 1680819421 info] fweb_debug_init[416] -- New GET request for "/api/v2/cmdb/system/interface" from "x.x.x.x.136:6144 2" [httpsd 7262 - 1680819421 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7262 - 1680819421 info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 7262 - 1680819421 warning] api_access_check_for_api_key[688] -- API Key request authorized for iac-user from x.x.x.x [httpsd 7262 - 1680819421 info] api_store_parameter[320] -- add API parameter 'vdom' (type=string) [httpsd 7262 - 1680819421 info] api_store_parameter[320] -- add API parameter 'action' (type=string) [httpsd 7262 - 1680819421 info] api_store_parameter[320] -- add API parameter 'access_token' (type=string) [httpsd 7262 - 1680819421 info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='interface') [httpsd 7262 - 1680819421 info] api_cmdb_guino_etag[2313] -- Static ETag check for system.interface [httpsd 7262 - 1680819421 info] api_generate_and_add_etag[1805] -- Per VDOM ETags: [ "vdom: root, hash: c132fa0bbfe63402d4c69129c0f f36ca" ] [httpsd 7262 - 1680819421 info] api_generate_and_add_etag[1810] -- New ETag: E629871A0C081EE3E5941C0885414BFCB4F3A2AACCCA12DBB8BC6F 624BB4BAFA [httpsd 7262 - 1680819421 info] api_generate_request_hash[1690] -- hash_str: { "uri": "\/api\/v2\/cmdb\/system\/interface", "params ": { "vdom": "root", "action": "schema", "path": "system", "name": "interface", "authorized_admin": "iac-user" } } [httpsd 7262 - 1680819421 info] api_generate_request_hash[1691] -- revisions: [ "vdom: root, hash: 5530f5b81367dd7f07aa258f6cec7366 ", "88740a7abd504692918f053c0c324cf1" ] [httpsd 7262 - 1680819421 info] get_cache_lock[64] -- Cache: locking /tmp/api_cache/F58B06F2D9B65F5A9F8CAAECD172DE348FB1066BA7BFA36 C51084D472738E8E1-4A84255A0257AC5BF3361E10482A2E1E86DD885A87F34A883621A8B44BAB433 (read). [httpsd 7262 - 1680819421 info] get_cache_lock[80] -- Cache: locked /tmp/api_cache/F58B06F2D9B65F5A9F8CAAECD172DE348FB1066BA7BFA36C 51084D472738E8E1-4A84255A0257AC5BF3361E10482A2E1E86DD885A87F34A883621A8B44BAB433 (read) [httpsd 7262 - 1680819421 info] fortiweb_send_cache[297] -- Cache decompressed. [httpsd 7262 - 1680819421 info] api_response_from_cache[1136] -- API response is generated from cache. [httpsd 7262 - 1680819421 info] handle_cli_req_v2[3318] -- returning to original vdom "root" [httpsd 7262 - 1680819421 info] fweb_debug_final[306] -- Completed GET request for "/api/v2/cmdb/system/interface" (HTTP 200 OK)
[httpsd 7262 - 1680819422 info] fweb_debug_init[416] -- New PUT request for "/api/v2/cmdb/system/ha" from "x.x.x.x:61444" [httpsd 7262 - 1680819422 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7262 - 1680819422 info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 7262 - 1680819422 warning] api_access_check_for_api_key[688] -- API Key request authorized for iac-user from x.x.x.x. [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'vdom' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'access_token' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'group-id' (type=int) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'group-name' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-interfaces' (type=array) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-status' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'hbdev' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'mode' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'override' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'priority' (type=int) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'session-pickup' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'session-pickup-connectionless' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'unicast-hb' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'unicast-hb-peerip' (type=string) [httpsd 7262 - 1680819422 info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='ha') [httpsd 7262 - 1680819422 info] handle_cli_req_v2[3288] -- new CMDB API request (vdom='root',user='iac-user') [httpsd 7262 - 1680819422 info] _api_cmdb_v2_config[1419] -- editing CLI object (append=0, auto_key=0, path=system, name=ha, mkey=( null), flags=0) [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'group-id' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'group-name' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'mode' [httpsd 7262 - 1680819422 error] api_set_cmdb_attr[2339] -- cmd_check_value failed for node 'hbdev': 'port4' (err=-651) [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'hbdev' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'hbdev' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'unicast-hb' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'unicast-hb-peerip' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'session-pickup' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'session-pickup-connectionless' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'ha-mgmt-status' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'interface' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'gateway' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'override' [httpsd 7262 - 1680819422 info] api_set_cmdb_attr[2393] -- 'priority' 0: config system ha 0: set group-id 30 0: set group-name "ha-cluster" 0: set mode a-p 0: unset hbdev 0: set hbdev "port4" 50 0: set session-pickup enable 0: set session-pickup-connectionless enable 0: set ha-mgmt-status enable 0: set override disable 0: set priority 200 0: set unicast-hb enable 0: set unicast-hb-peerip 192.168.4.20 -37: end [httpsd 7262 - 1680819422 info] cmdb_save_with_children[280] -- appended main node (nret=-37, is_new=0) [httpsd 7262 - 1680819422 error] cmdb_save_with_children[285] -- saving failed for main node: 'ha' (err=-37)
[httpsd 7262 - 1680819422 error] cmdb_commit_from_json[2162] -- error saving request object to CLI (-37) [httpsd 7262 - 1680819422 error] _api_cmdb_v2_config[1455] -- error editing object (nret=-37) [httpsd 7262 - 1680819422 warning] api_return_http_result[1272] -- API error -37 raised [httpsd 7262 - 1680819422 info] handle_cli_req_v2[3318] -- returning to original vdom "root" [httpsd 7262 - 1680819422 info] fweb_debug_final[306] -- Completed PUT request for "/api/v2/cmdb/system/ha" (HTTP 500)
[httpsd 7262 - 1680819422 info] fweb_debug_init[416] -- New POST request for "/api/v2/cmdb/system/ha" from "x.x.x.x61446" [httpsd 7262 - 1680819422 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7262 - 1680819422 info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 7262 - 1680819422 warning] api_access_check_for_api_key[688] -- API Key request authorized for iac-user from x.x.x.x. [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'vdom' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'access_token' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'group-id' (type=int) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'group-name' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-interfaces' (type=array) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-status' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'hbdev' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'mode' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'override' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'priority' (type=int) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'session-pickup' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'session-pickup-connectionless' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'unicast-hb' (type=string) [httpsd 7262 - 1680819422 info] api_store_parameter[320] -- add API parameter 'unicast-hb-peerip' (type=string) [httpsd 7262 - 1680819422 info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='ha') [httpsd 7262 - 1680819422 info] handle_cli_req_v2[3200] -- no method found for requested action: (null) [httpsd 7262 - 1680819422 info] handle_cli_req_v2[3318] -- returning to original vdom "root" [httpsd 7262 - 1680819422 warning] api_return_http_result[1272] -- API error 405 raised [httpsd 7262 - 1680819422 info] fweb_debug_final[306] -- Completed POST request for "/api/v2/cmdb/system/ha" (HTTP 405)
mhca99
commented
1 year ago Hi Jie,
I also tested it deploying FortiGate VM on VMWare and its the same result. Can you please confirm if you tested with following version: vmc # get system status path=system, objname=status, tablename=(null), size=0 Version: FortiGate-VM64 v7.2.4,build1396,230131 (GA.F)
Thanks
perrosenlind
commented
1 year ago I have written a simple API script, which confirms this thesis, that POST is not allowed and should be PUT. Documentation on FNDN confirms.
mhca99
commented
1 year ago Yeah , I confirmed on the Fortinet 7.2.4 API documentation as well , it does only support "PUT" or "GET" mothed. The question is that why ansible Fortinet HA module is failing on PUT call and then doing POST call afterwards on previous failure. In all calls , access_token is being used , does this module work or API support access_token ? I think all issues seem to be with "hbdev" field or value that API is expecting but not getting.
I raised the same "API call failure with access_token" question in Fortinet forum but no resolution there yet as well. I could manage to do HA API call with admin user and secret key and HA configuration completes but still see some errors about "hbdev" field/value in the FortiGate logs, so there must be something wrong in API syntax and actual FortiGate OS layer.
perrosenlind
commented
1 year ago It seems that this is an issue in a lot of modules. Do we have any ETA in a new release that will handle these issues?
MaxxLiu22
commented
1 year ago Hi all,
We find this issue only happens when you use API token as authentication method, I need to confirm it if that is on purpose, by now we suggest to use user and password to change system/ha setting, sorry for any inconvenience.
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
ansible_httpapi_use_ssl: "yes"
ansible_httpapi_validate_certs: "no"
ansible_httpapi_port: 443
ansible_user: username
ansible_password: psw
tasks:
- fortios_system_ha:
vdom: "root"
enable_log: True
system_ha:
group_id: "30"
group_name: "a-p"
mode: "standalone"
session_pickup: "enable"
session_pickup_connectionless: "enable"
override: "disable"
priority: "201"
unicast_hb: "enable"
unicast_hb_peerip: "192.168.4.20"
ha_mgmt_interfaces:
- interface: "port1"
gateway: "192.168.1.1"
ha_mgmt_status: "enable"
hbdev: "port2 5"Thanks, Maxx
mhca99
commented
1 year ago Hi Maxx, Thanks for testing this out. However, I think you tested with "standalone" HA mode i.e. mode: "standalone". not with "active-passive" mode i.e. mode: "a-p". I have tested following play with userid/pwd method , however it still failing now with code 403. Looks like its looking for csrf token but could not found as per FortiGate Logs below: Further using access_token with some modules and userid/pwd for other modules will result in inconsistent configuration. I think it should either all be access_token or userid/pwd not both unless its deem required.
Following is the netcommon version:
/root/.ansible/collections/ansible_collections Collection Version ansible.netcommon 4.1.0 ansible.utils 2.9.0 fortinet.fortimanager 2.1.7 fortinet.fortios 2.2.2
Following is test play file to do HA config (a-p):
hosts: all collections:
tasks:
Following is the output:
"meta": {
"build": 1396,
"http_method": "PUT",
"http_status": 403,
"name": "ha",
"path": "system",
"serial": "FGVXXXXXXXXXXX",
"status": "error",
"vdom": "root",
"version": "v7.2.4"
},
"msg": "Error in repo"}
Following are the FortiOS logs:
[httpsd 7332 - 1681326095 info] fweb_debug_init[416] -- New POST request for "/logincheck" from "x.x.x.x:54118" [httpsd 7332 - 1681326095 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7332 - 1681326095 info] fweb_debug_init[420] -- Handler "logincheck-handler" assigned to request [httpsd 7332 - 1681326095 info] logincheck_handler[422] -- entering vdom for login_attempt (vdom='root') [httpsd 7332 - 1681326095 info] logincheck_handler[524] -- login attempt OK, VDOM updated to 'root' [httpsd 7332 - 1681326095 info] logincheck_handler[530] -- login_attempt (method=5, vdom='root', name='admin',admin_name='admin', auth_svr='') [httpsd 7332 - 1681326095 info] output_response[58] -- sent response (status='1', buf='document.location="/prompt?viewOnly&redir=%2F"; ') [httpsd 7332 - 1681326095 info] fweb_debug_final[306] -- Completed POST request for "/logincheck" (HTTP 200) [httpsd 7333 - 1681326095 info] fweb_debug_init[416] -- New GET request for "/api/v2/cmdb/system/interface" from "x.x.x.x:54120" [httpsd 7333 - 1681326095 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7333 - 1681326095 info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 7333 - 1681326095 info] api_store_parameter[320] -- add API parameter 'vdom' (type=string) [httpsd 7333 - 1681326095 info] api_store_parameter[320] -- add API parameter 'action' (type=string) [httpsd 7333 - 1681326095 info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='interface') [httpsd 7333 - 1681326095 info] api_cmdb_guino_etag[2313] -- Static ETag check for system.interface [httpsd 7333 - 1681326095 info] api_generate_and_add_etag[1805] -- Per VDOM ETags: [ "vdom: root, hash: c132fa0bbfe63402d4c69129c0ff36ca" ] [httpsd 7333 - 1681326095 info] api_generate_and_add_etag[1810] -- New ETag: E629871A0C081EE3E5941C0885414BFCB4F3A2AACCCA12DBB8BC6F624BB4BAFA [httpsd 7333 - 1681326095 info] api_generate_request_hash[1690] -- hash_str: { "uri": "\/api\/v2\/cmdb\/system\/interface", "params": { "vdom": "root", "action": "schema", "path": "system", "name": "interface", "authorized_admin": "admin" } } [httpsd 7333 - 1681326095 info] api_generate_request_hash[1691] -- revisions: [ "vdom: root, hash: 97a2429738d9f39c019358a55effbd30", "a93c462df4b8c0c7ecf80a83594ee850" ] [httpsd 7333 - 1681326095 info] get_cache_lock[64] -- Cache: locking /tmp/api_cache/FEBB4F70E913E55502A497632A7086FF843DADAEC68305614F94DFB03B3E4DEA-9D39F1115721067302064C5A28DD0459718102BE9EF0CDA455DAA06D967D9DA (write). [httpsd 7333 - 1681326095 info] get_cache_lock[80] -- Cache: locked /tmp/api_cache/FEBB4F70E913E55502A497632A7086FF843DADAEC68305614F94DFB03B3E4DEA-9D39F1115721067302064C5A28DD0459718102BE9EF0CDA455DAA06D967D9DA (write) [httpsd 7333 - 1681326095 info] handle_cli_req_v2[3260] -- API cache miss. [httpsd 7333 - 1681326095 info] handle_cli_req_v2[3288] -- new CMDB API request (vdom='root',user='admin') [httpsd 7333 - 1681326095 info] cmdb_generate_schema[1698] -- generating schema for system.interface [httpsd 7333 - 1681326095 info] handle_cli_req_v2[3318] -- returning to original vdom "root" [httpsd 7333 - 1681326095 info] api_save_cache_json[964] -- Current cache size: 270338/544676864 [httpsd 7333 - 1681326095 info] api_save_cache_json[985] -- API cache is successfully created. [httpsd 7333 - 1681326095 info] fweb_debug_final[306] -- Completed GET request for "/api/v2/cmdb/system/interface" (HTTP 200 OK) [httpsd 7332 - 1681326095 info] fweb_debug_init[416] -- New PUT request for "/api/v2/cmdb/system/ha" from "x.x.x.x:54122" [httpsd 7332 - 1681326095 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7332 - 1681326095 info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'vdom' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'group-id' (type=int) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'group-name' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-interfaces' (type=array) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-status' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'hbdev' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'mode' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'override' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'priority' (type=int) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'session-pickup' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'session-pickup-connectionless' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'unicast-hb' (type=string) [httpsd 7332 - 1681326095 info] api_store_parameter[320] -- add API parameter 'unicast-hb-peerip' (type=string) [httpsd 7332 - 1681326095 info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='ha') [httpsd 7332 - 1681326095 error] is_valid_csrf_token[2406] -- no CSRF token found [httpsd 7332 - 1681326095 error] api_cmdb_perm_check[2862] -- no valid CSRF token found [httpsd 7332 - 1681326095 info] handle_cli_req_v2[3318] -- returning to original vdom "root" [httpsd 7332 - 1681326095 warning] api_return_http_result[1272] -- API error 403 raised [httpsd 7332 - 1681326095 info] fweb_debug_final[306] -- Completed PUT request for "/api/v2/cmdb/system/ha" (HTTP 403) [httpsd 7333 - 1681326095 info] fweb_debug_init[416] -- New POST request for "/logout" from "x.x.x.x:54124" [httpsd 7333 - 1681326095 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7333 - 1681326095 info] fweb_debug_init[420] -- Handler "logout-handler" assigned to request [httpsd 7333 - 1681326095 info] fweb_debug_final[306] -- Completed POST request for "/logout" (HTTP 200)
MaxxLiu22
commented
1 year ago There are some authentication bugs fixed in the latest fortios version, please run ansible-galaxy collection install fortinet.fortios:2.2.3 to latest version, and if access token and user/psw both exist, fortios will choose token as the first authentication way, let me know if that is still not working.
mhca99
commented
1 year ago Its working with fortinet.fortios:2.2.3 , however, with following carveouts which may make this module unusable probably due to the current design of FortiGate VM HA:
during the first execution , ansible management host lost connectivity with FortiGate Secondary VM as soon as HA config is triggered. The first VM remains responsive but HA is not fully operational so I had to reboot both VMs for consistency.
even though task ends up completing the HA configuration on VMs , however it still marks as failing all the times , as a result the Ansible handler task to reboot FortiGate VMs does not trigger. Even if it triggers , since the VM is non-responsive so it will fail as well.
during the configuration apply we still see the following error but HA configuration proceed anyway , so its not big issue [httpsd 7158 - 1681350560 error] api_set_cmdb_attr[2339] -- cmd_check_value failed for node 'hbdev': 'port4' (err=-651)
re-running the ansible playbook will re-apply the same HA configuration (even though its already have fully configured HA) and causes both FortiGate VMs to go unresponsive again , so I had to reboot both VMs manually right after that which nullifies the whole purpose of automation.
so this module does not seem idempotent.
there is no way to reboot vm automatically with handlers or force handlers as VM is unresponsive right after config apply
to mitigate the re-apply configuration , there will be a need to define a pre-task for capturing existing HA config and then put the condition in the HA config task to do config only if no existing HA config found.
however, since there is no way to reboot VMs after the HA config task play , so manual intervention is always required whenever configuration is changed.
I hope these issues are addressed in the upcoming modules updates. In the meanwhile , I will try to use custom script to configure HA using Ansible shell module.
Thanks for all your support.
mhca99
commented
1 year ago Here are logs for your reference:
TASK [fortigate-vm : Configure FortiGate HA] ****
task path: /mnt/ansible/fortigate-vm/tasks/configure-ha.yml:16
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
redirecting (type: modules) ansible.builtin.fortios_system_ha to fortinet.fortios.fortios_system_ha
<192.18.148.31> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.18.148.31> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-214l33h03aj"&& mkdir "echo /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1206295-306-2520411148455" && echo ansible-tmp-1681350560.1206295-306-2520411148455="echo /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1206295-306-2520411148455" ) && sleep 0'
redirecting (type: modules) ansible.builtin.fortios_system_ha to fortinet.fortios.fortios_system_ha
redirecting (type: modules) ansible.builtin.fortios_system_ha to fortinet.fortios.fortios_system_ha
<129.153.48.255> ESTABLISH LOCAL CONNECTION FOR USER: root
<129.153.48.255> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /root/.ansible/tmp/ansible-local-214l33h03aj"&& mkdir "echo /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363" && echo ansible-tmp-1681350560.1466372-307-223309575937363="echo /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363" ) && sleep 0'
redirecting (type: modules) ansible.builtin.fortios_system_ha to fortinet.fortios.fortios_system_ha
Using module file /root/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha.py
Using module file /root/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_ha.py
<129.153.48.255> PUT /root/.ansible/tmp/ansible-local-214l33h03aj/tmpcgqehsq5 TO /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363/AnsiballZ_fortios_system_ha.py
<192.18.148.31> PUT /root/.ansible/tmp/ansible-local-214l33h03aj/tmp4oyw7v4j TO /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1206295-306-2520411148455/AnsiballZ_fortios_system_ha.py
<129.153.48.255> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363/ /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363/AnsiballZ_fortios_system_ha.py && sleep 0'
<192.18.148.31> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1206295-306-2520411148455/ /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1206295-306-2520411148455/AnsiballZ_fortios_system_ha.py && sleep 0'
<129.153.48.255> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363/AnsiballZ_fortios_system_ha.py && sleep 0'
<192.18.148.31> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1206295-306-2520411148455/AnsiballZ_fortios_system_ha.py && sleep 0'
<129.153.48.255> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-local-214l33h03aj/ansible-tmp-1681350560.1466372-307-223309575937363/AnsiballZ_fortios_system_ha.py", line 107, in
PLAY RECAP ** vma : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 vmb : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Hi, I am getting "Error in repo" for executing fortios_system_ha Ansible module.
On FortiGate Console , I am getting following: So something seems wrong with this field or any required api field is missing.
[httpsd 7767 - 1679932801 error] api_set_cmdb_attr[2347] -- node_parse_object failed for node 'hbdev': 'port4' (err=1) [httpsd 7767 - 1679932801 error] api_set_cmdb_attr[2371] -- node_set_object failed for node 'hbdev' (err=-61)
FMG "version": "v7.2.4"
7d04c783f358:# ansible --version ansible [core 2.13.6] config file = /mnt/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.10/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.10.10 (main, Feb 9 2023, 02:08:14) [GCC 12.2.1 20220924] jinja version = 3.1.2 libyaml = True
/root/.ansible/collections/ansible_collections Collection Version
ansible.netcommon 4.1.0 ansible.utils 2.9.0 fortinet.fortimanager 2.1.7 fortinet.fortios 2.2.2
Following is the role's task failing:
Here is the ansible run output:
TASK [fortigate-vm : Configure FortiGate HA] ***** task path: /mnt/ansible/fortigate-vm/tasks/configure-ha.yml:2 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi redirecting (type: modules) ansible.builtin.fortios_system_ha to fortinet.fortios.fortios_systemha <x.x.x.x> ESTABLISH LOCAL CONNECTION FOR USER: root <x.x.x.x> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-4625ts0w3fd
"&& mkdir "echo /root/.ansible/tmp/ansible-local-4625ts0w3fd/ansible-tmp-1679932801.2753901-4741-234045920039317" && echo ansible-tmp-1679932801.2753901-4741-234045920039317="echo /root/.ansible/tmp/ansible-local-4625ts0w3fd/ansible-tmp-1679932801.2753901-4741-234045920039317 `" ) && sleep 0' redirecting (type: modules) ansible.builtin.fortios_system_ha to fortinet.fortios.fortios_system_ha Using module file /root/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_systemha.py <x.x.x.x> PUT /root/.ansible/tmp/ansible-local-4625ts0w3fd/tmp6pn83dtd TO /root/.ansible/tmp/ansible-local-4625ts0w3fd_/ansible-tmp-1679932801.2753901-4741-234045920039317/AnsiballZ_fortios_systemha.py <x.x.x.x> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-4625ts0w3fd/ansible-tmp-1679932801.2753901-4741-234045920039317/ /root/.ansible/tmp/ansible-local-4625ts0w3fd_/ansible-tmp-1679932801.2753901-4741-234045920039317/AnsiballZ_fortios_systemha.py && sleep 0' <x.x.x.x> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-4625ts0w3fd/ansible-tmp-1679932801.2753901-4741-234045920039317/AnsiballZ_fortios_systemha.py && sleep 0' <x.x.x.x> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-4625ts0w3fd/ansible-tmp-1679932801.2753901-4741-234045920039317/ > /dev/null 2>&1 && sleep 0' fatal: [vma]: FAILED! => { "changed": false, "invocation": { "module_args": { "access_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "enable_log": true, "member_path": null, "member_state": null, "system_ha": { "arps": null, "arps_interval": null, "authentication": null, "cpu_threshold": null, "encryption": null, "failover_hold_time": null, "ftp_proxy_threshold": null, "gratuitous_arps": null, "group_id": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "group_name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ha_direct": null, "ha_eth_type": null, "ha_mgmt_interfaces": [ { "dst": null, "gateway": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "gateway6": null, "id": null, "interface": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" } ], "ha_mgmt_status": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "ha_uptime_diff_margin": null, "hb_interval": null, "hb_interval_in_milliseconds": null, "hb_lost_threshold": null, "hbdev": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "hc_eth_type": null, "hello_holddown": null, "http_proxy_threshold": null, "imap_proxy_threshold": null, "inter_cluster_session_sync": null, "key": null, "l2ep_eth_type": null, "link_failed_signal": null, "load_balance_all": null, "logical_sn": null, "memory_based_failover": null, "memory_compatible_mode": null, "memory_failover_flip_timeout": null, "memory_failover_monitor_period": null, "memory_failover_sample_rate": null, "memory_failover_threshold": null, "memory_threshold": null, "mode": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "monitor": null, "multicast_ttl": null, "nntp_proxy_threshold": null, "override": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "override_wait_time": null, "password": null, "pingserver_failover_threshold": null, "pingserver_flip_timeout": null, "pingserver_monitor_interface": null, "pingserver_secondary_force_reset": null, "pingserver_slave_force_reset": null, "pop3_proxy_threshold": null, "priority": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "route_hold": null, "route_ttl": null, "route_wait": null, "schedule": null, "secondary_vcluster": null, "session_pickup": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "session_pickup_connectionless": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "session_pickup_delay": null, "session_pickup_expectation": null, "session_pickup_nat": null, "session_sync_dev": null, "smtp_proxy_threshold": null, "ssd_failover": null, "standalone_config_sync": null, "standalone_mgmt_vdom": null, "sync_config": null, "sync_packet_balance": null, "unicast_gateway": null, "unicast_hb": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "unicast_hb_netmask": null, "unicast_hb_peerip": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "unicast_peers": null, "unicast_status": null, "uninterruptible_primary_wait": null, "uninterruptible_upgrade": null, "vcluster": null, "vcluster2": null, "vcluster_id": null, "vcluster_status": null, "vdom": null, "weight": null }, "vdom": "root" } }, "meta": { "build": 1396, "http_method": "POST", "http_status": 405, "name": "ha", "path": "system", "serial": "FGVMPG80I_8B6QCF", "status": "error", "vdom": "root", "version": "v7.2.4" }, "msg": "Error in repo" }PLAY RECAP *** vma : ok=6 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Following are logs from FortiGate:
[httpsd 7767 - 1679932801 info] fweb_debug_init[416] -- New PUT request for "/api/v2/cmdb/system/ha" from "x.x.x.x:50258" [httpsd 7767 - 1679932801 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7767 - 1679932801 info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 7767 - 1679932801 warning] api_access_check_for_api_key[688] -- API Key request authorized for myuser from x.x.x.x. [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'vdom' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'access_token' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'group-id' (type=int) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'group-name' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-interfaces' (type=array) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-status' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'hbdev' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'mode' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'override' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'priority' (type=int) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'session-pickup' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'session-pickup-connectionless' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'unicast-hb' (type=string) [httpsd 7767 - 1679932801 info] api_store_parameter[320] -- add API parameter 'unicast-hb-peerip' (type=string) [httpsd 7767 - 1679932801 info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='ha') [httpsd 7767 - 1679932801 info] handle_cli_req_v2[3288] -- new CMDB API request (vdom='root',user='myuser') [httpsd 7767 - 1679932801 info] _api_cmdb_v2_config[1419] -- editing CLI object (append=0, auto_key=0, path=system, name=ha, mkey=(null), flags=0) [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'group-id' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'group-name' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'mode' [httpsd 7767 - 1679932801 error] api_set_cmdb_attr[2347] -- node_parse_object failed for node 'hbdev': 'port4' (err=1) [httpsd 7767 - 1679932801 error] api_set_cmdb_attr[2371] -- node_set_object failed for node 'hbdev' (err=-61) [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'hbdev' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'unicast-hb' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'unicast-hb-peerip' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'session-pickup' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'session-pickup-connectionless' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'ha-mgmt-status' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'interface' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'gateway' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'override' [httpsd 7767 - 1679932801 info] api_set_cmdb_attr[2393] -- 'priority' 0: config system ha 0: set group-id 30 0: set group-name "ha-cluster" 0: set mode a-p 0: set session-pickup enable 0: set session-pickup-connectionless enable 0: set ha-mgmt-status enable 0: set override disable 0: set priority 200 0: set unicast-hb enable 0: set unicast-hb-peerip 192.168.4.20 -37: end [httpsd 7767 - 1679932801 info] cmdb_save_with_children[280] -- appended main node (nret=-37, is_new=0) [httpsd 7767 - 1679932801 error] cmdb_save_with_children[285] -- saving failed for main node: 'ha' (err=-37)
[httpsd 7767 - 1679932801 error] cmdb_commit_from_json[2162] -- error saving request object to CLI (-37) [httpsd 7767 - 1679932801 error] _api_cmdb_v2_config[1455] -- error editing object (nret=-37) [httpsd 7767 - 1679932801 warning] api_return_http_result[1272] -- API error -37 raised [httpsd 7767 - 1679932801 info] handle_cli_req_v2[3318] -- returning to original vdom "root" [httpsd 7767 - 1679932801 info] fweb_debug_final[306] -- Completed PUT request for "/api/v2/cmdb/system/ha" (HTTP 500) [httpsd 7759 - 1679932801 info] fweb_debug_init[416] -- New POST request for "/api/v2/cmdb/system/ha" from "x.x.x.x:50260" [httpsd 7759 - 1679932801 info] fweb_debug_init[418] -- User-Agent: "Python-urllib/3.10" [httpsd 7759 - 1679932801 info] fweb_debug_init[420] -- Handler "api_cmdb_v2-handler" assigned to request [httpsd 7759 - 1679932801 warning] api_access_check_for_api_key[688] -- API Key request authorized for iac-user from x.x.x.x. [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'vdom' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'access_token' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'group-id' (type=int) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'group-name' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-interfaces' (type=array) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'ha-mgmt-status' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'hbdev' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'mode' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'override' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'priority' (type=int) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'session-pickup' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'session-pickup-connectionless' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'unicast-hb' (type=string) [httpsd 7759 - 1679932801 info] api_store_parameter[320] -- add API parameter 'unicast-hb-peerip' (type=string) [httpsd 7759 - 1679932801 info] api_cmdb_request_init_by_path[1800] -- new CMDB query (path='system',name='ha') [httpsd 7759 - 1679932801 info] handle_cli_req_v2[3200] -- no method found for requested action: (null) [httpsd 7759 - 1679932801 info] handle_cli_req_v2[3318] -- returning to original vdom "root" [httpsd 7759 - 1679932801 warning] api_return_http_result[1272] -- API error 405 raised [httpsd 7759 - 1679932801 info] fweb_debug_final[306] -- Completed POST request for "/api/v2/cmdb/system/ha" (HTTP 405)