'fortios_vpn_ipsec_phase1' erroring out when trying to map Certificate

[asrivastav-aag]

Playbook:

(005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update sri$ ansible --version ansible 2.9.1 config file = /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/ansible.cfg configured module search path = ['/Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/napalm_ansible/modules'] ansible python module location = /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible executable location = /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/bin/ansible python version = 3.8.6 (v3.8.6:db455296be, Sep 23 2020, 13:31:39) [Clang 6.0 (clang-600.0.57)] (005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update sri$

(005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update sri$ cat ansible.cfg [defaults]

inventory = ./nauto_inven.yaml

inventory = ./inventory.yaml

NETWORK_CLI_SSH_TYPE = paramiko

NAPALM Library & Modules

library = $VIRTUAL_ENV/lib/python3.8/site-packages/napalm_ansible/modules action_plugins = $VIRTUAL_ENV/lib/python3.8/site-packages/napalm_ansible/plugins/action

Defines "collections" folder

collections_paths=./collections/ansible_collections/

collections_scan_sys_path=False

Defines the Installed Roles folder

roles_path=./roles/

gathering = explicit retry_files_enabled = False

transport = network_cli

use to navigate ansible to look for python based custom filters

filter_plugins = ./plugins/filters/

uncomment this to disable SSH key host checking

host_key_checking = False

Hardware & Software based facts collection timeout

gather_timeout = 30

Enable logging for ansible, consider logrotate

log_path = ./ansible.log

[paramiko_connection]

uncomment this line to cause the paramiko connection plugin to not record new host

keys encountered. Increases performance on new host additions. Setting works independently of the

host key checking setting above.

record_host_keys=False

paramiko will default to looking for SSH keys initially when trying to

authenticate to remote devices. This is a problem for some network devices

that close the connection after a key failure. Uncomment this line to

disable the Paramiko look for keys function

look_for_keys = False

When using persistent connections with Paramiko, the connection runs in a

background process. If the host doesn't already have a valid SSH key, by

default Ansible will prompt to add the host key. This will cause connections

running in background processes to fail. Uncomment this line to have

Paramiko automatically add host keys.

host_key_auto_add = True (005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update sri$

(005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update sri$ ansible-playbook 006_fgt_add_cert_to_tunnels.yaml -vvvvv ansible-playbook 2.9.1 config file = /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/ansible.cfg configured module search path = ['/Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/napalm_ansible/modules'] ansible python module location = /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible executable location = /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/bin/ansible-playbook python version = 3.8.6 (v3.8.6:db455296be, Sep 23 2020, 13:31:39) [Clang 6.0 (clang-600.0.57)] Using /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/ansible.cfg as config file setting up inventory plugins host_list declined parsing /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/inventory.yaml as it did not pass its verify_file() method script declined parsing /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/inventory.yaml as it did not pass its verify_file() method Parsed /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/inventory.yaml inventory source with ini plugin Loading callback plugin default of type stdout, v2.0 from /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/plugins/callback/default.py

PLAYBOOK: 006_fgt_add_cert_to_tunnels.yaml ** Positional arguments: 006_fgt_add_cert_to_tunnels.yaml verbosity: 5 connection: smart timeout: 10 become_method: sudo tags: ('all',) inventory: ('/Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/inventory.yaml',) forks: 5 1 plays in 006_fgt_add_cert_to_tunnels.yaml

PLAY [seajn-lab-fw-1] *** META: ran handlers

TASK [Add the New Cert to the Tunnels] ** task path: /Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/006_fgt_add_cert_to_tunnels.yaml:9 [WARNING]: Skipping plugin (/Users/sri/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/plugins/filters/ios_config_stats.py) as it seems to be invalid: No module named 'jmespath'

attempting to start connection using connection plugin httpapi local domain socket does not exist, starting it control socket path is /Users/_sri_/.ansible/pc/ceafeb0c77 local domain socket listeners started successfully loaded API plugin fortios from path /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/plugins/httpapi/fortios.py for network_os fortios local domain socket path is /Users/_sri_/.ansible/pc/ceafeb0c77 ESTABLISH LOCAL CONNECTION FOR USER: _sri_ EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977 `" && echo ansible-tmp-1679985653.369233-168297850440977="` echo /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977 `" ) && sleep 0' Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager/common Using module_utils file ansible_collections/fortinet/fortios Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/fortios/comparison Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/fortios Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/connection.py Using module_utils file ansible_collections Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/fortios/data_post_processor Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/basic.py Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/fortimanager Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils Using module_utils file ansible_collections/fortinet Using module_utils file ansible_collections/fortinet/fortios/plugins Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/_text.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/json.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/six/__init__.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/__init__.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/collections.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/_collections_compat.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/text/__init__.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/text/formatters.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/parsing/__init__.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/_utils.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/file.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/text/converters.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/pycompat24.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/validation.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/sys_info.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/process.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/parsing/convert_bool.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/parameters.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/common/_json_compat.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/distro/__init__.py Using module_utils file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/lib/python3.8/site-packages/ansible/module_utils/distro/_distro.py Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/common Using module_utils file ansible_collections/fortinet/fortios/plugins/module_utils/common/type_utils Using module file /Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py PUT /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/tmpo4u64mwk TO /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py EXEC /bin/sh -c 'chmod u+x /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/ /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py && sleep 0' EXEC /bin/sh -c '/Users/_sri_/Documents/002CaseStudies/001ReposGIT/001AlaskaAirlines/005_fgt_cert_update/bin/python3 /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "/Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py", line 102, in _ansiballz_main() File "/Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py", line 94, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py", line 40, in invoke_module runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_vpn_ipsec_phase1', init_globals=None, run_name='__main__', alter_sys=True) File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 207, in run_module return _run_module_code(code, init_globals, run_name, mod_spec) File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 97, in _run_module_code _run_code(code, mod_globals, init_globals, File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 87, in _run_code exec(code, run_globals) File "/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py", line 10641, in File "/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py", line 10603, in main File "/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py", line 219, in check_schema_versioning File "/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__ ansible.module_utils.connection.ConnectionError: Method not found fatal: [seajn-lab-fw-1]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py\", line 102, in \n _ansiballz_main()\n File \"/Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/Users/_sri_/.ansible/tmp/ansible-local-630430m2n23em/ansible-tmp-1679985653.369233-168297850440977/AnsiballZ_fortios_vpn_ipsec_phase1.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_vpn_ipsec_phase1', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py\", line 207, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py\", line 10641, in \n File \"/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_vpn_ipsec_phase1.py\", line 10603, in main\n File \"/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py\", line 219, in check_schema_versioning\n File \"/var/folders/1k/xk66d_jd0313dp29666tk_qh0000gq/T/ansible_fortios_vpn_ipsec_phase1_payload_br_a9k_b/ansible_fortios_vpn_ipsec_phase1_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\nansible.module_utils.connection.ConnectionError: Method not found\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 } PLAY RECAP ********************************************************************************************************************************************** seajn-lab-fw-1 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 (005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update _sri_$ (005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update _sri_$ ansible-inventory --host seajn-lab-fw-1 { "ansible_connection": "httpapi", "ansible_httpapi_port": 443, "ansible_httpapi_use_ssl": true, "ansible_httpapi_validate_certs": false, "ansible_network_os": "fortios", "ansible_password": "{{ lookup('env', 'PASSWD') }}", "ansible_python_interpreter": "{{ ansible_playbook_python }}", "ansible_user": "testuser", "cert_filepath": "./certs/pem_cert_seajn.pem", "cert_name": "TestCertViaAnsible", "cert_string": "{{ lookup( 'file', cert_filepath) | b64encode}}", "collections": "fortinet.fortios", "private_key_filepath": "./certs/pk_seajn.pem", "private_key_string": "{{ lookup( 'file', private_key_filepath) | b64encode }}", "vdom_global": "global", "vdom_root": "root", "vdom_station": "station" } (005_fgt_cert_update) SEAVVMASRIVA:005_fgt_cert_update _sri_$ **Output from playbook# 5**

[asrivastav-aag]

I tried using "fortios_vpn_ipsec_phase1_interface" module as well with "vpn_ipsec_phase1_interface" parameter, received the same error. ConnectionError: Method not found

[alagoutte]

What ansible.netcommon release do you are using?

[asrivastav-aag]

Manifest says version 5.0.0.

Here:

[alagoutte]

Manifest says version 5.0.0.

Here:

You need to use ansible.netcommon 4.x.x, there is an issue with 5.0.0 (See https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/237)

[asrivastav-aag]

Manifest says version 5.0.0. Here:

You need to use ansible.netcommon 4.x.x, there is an issue with 5.0.0 (See #237)

Thanks for the information. I will try 4.1.0 and will update here.

[asrivastav-aag]

4.1.0 is also not working. Failing with the same error & output - ConnectionError: Method not found.

[JieX19]

Hi guys,

I'll proceed to close this ticket as it hasn't required further discussion for some time. Feel free to reopen it if you still have any questions.

Thanks, Jie