Closed foxpatil closed 7 months ago
MaxxLiu22
commented
1 year ago Hi @foxpatil ,
Thank you for raising this issue, could you type ansible --version and ansible-galaxy collection list to gather the environment information for me?
Thanks, Maxx
RachnaDodia
commented
1 year ago Hi @MaxxLiu22
I am facing similiar error for Fortigate firewall. Please find attached details in the PDF-
Request your help ASAP.
Thanks in advance
JieX19
commented
1 year ago Hi @RachnaDodia,
This is the doc for how to prepare the host inventory and run your playbook. https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/playbook.html
I saw you run the command ansible-nevigator, can you just run ansible-playbook to test the collection to see if the plugin can be loaded normally?
Thanks, Jie
JieX19
commented
1 year ago Hi @foxpatil,
May I know if the issue has been solved? Please send me the config and hosts files if you still experience the same error.
Thanks, Jie
JieX19
commented
1 year ago @RachnaDodia,
Could you send me the ansible.cfg file along with the inventory file (no sensitive data exposure).
JieX19
commented
1 year ago Hi @RachnaDodia, there're some errors in your playbook, selector 'system_available-interfaces' is in the monitor_fact module actually.
Can you set up your hosts file as follows and run the playbook I provide again?
hosts file:
[fortigates]
fortigate01 enable_log=True ansible_host=YOUR_HOST_IP
[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios
ansible_user=YOUR_USER_NAME
ansible_password=YOUR_PASSWORDPlaybook:
- hosts: fortigates
connection: httpapi
collections:
- fortinet.fortios
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name:
fortios_monitor_fact:
vdom: root
selector: system_available-interfaces
# params:
# mkey: port1Hi @JieX19 @MaxxLiu22
I have configured in Ansible Automation Platform 2.3 .
I have also upldated the playbook as requested . But error seems to be in the collection httpapi plugin and not the playbook
Fortigate collection error (2).pdf
Please have a look.
Thanks in advance
RachnaDodia
commented
1 year ago @JieX19 I have also followed the fortios doc which you shared..configured similiar in Ansible controller UI.
RachnaDodia
commented
1 year ago Hi @Team / @JieX19 @MaxxLiu22 Any way on the issue?
JieX19
commented
1 year ago Hi @RachnaDodia,
I installed the ansible-navigator on Podman and the collection works fine without any errors. I just send Emily an email requesting the execution-environment file and container file. I need to check some information in it and make sure the installation path is not mixed up. The error is not from our code, it basically means Ansible cannot find the collection.
Here's my config info:
➜ navigator podman run fortios-only ansible --version
ansible [core 2.12.5.post0]
config file = None
configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 2.10.3
libyaml = True➜ navigator podman run fortios-only ansible-galaxy collection list
# /usr/share/ansible/collections/ansible_collections
Collection Version
----------------- -------
ansible.netcommon 5.1.2
ansible.utils 2.10.3
fortinet.fortios 2.3.1execution-environment.yml
version: 3
dependencies:
galaxy:
collections:
- name: fortinet.fortiosThanks, Jie
RachnaDodia
commented
1 year ago fortigate.tar.gz
RachnaDodia
commented
1 year ago Hi @JieX19 Please find the execution environment image used- https://drive.google.com/file/d/19HtM74myxVNWM-oyA0Su-ke2qMqrs7TE/view?usp=sharing
Thanks
ammygill
commented
1 year ago hey @JieX19 ,
I am working with Rachna on this and in the logs that appeared on the job output of the AAP i can see that the collection path is correctly being used so the collection is definitely installed. The output form the EE being used:
podman run -it
Collection Version
ansible.netcommon 5.1.2
ansible.utils 2.10.3
fortinet.fortios 2.2.3
RachnaDodia
commented
1 year ago Hi @JieX19 The fortios version that is used in customer's environment is v7.0.6
JieX19
commented
1 year ago Hi @RachnaDodia @ammygill,
I loaded your image locally and the module works fine. I tested on FOS 7.4.0 and 7.0.12, andno error occurs. I noticed the ansible configuration path is /home/runner/.ansible/plugins/modules'(I loaded it locally and ran it on my env):
➜ navigator
➜ navigator ansible-navigator run fortios_monitor.yml -i inventory --execution-environment-image 10.80.92.35/fortigate --mode stdout --pp missing -vvvv
ansible-playbook [core 2.14.6]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-playbook
python version = 3.9.16 (main, May 31 2023, 12:21:58) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/usr/bin/python3.9)
jinja version = 3.1.2
libyaml = True
Using /etc/ansible/ansible.cfg as config file
setting up inventory pluginsBut the path is different from what you provided the first time (/home/AutomationPOC/****), I paste it here for your reference.
Here's the log for the ansible task on my env.
➜ navigator vim fortios_monitor.yml
➜ navigator ansible-navigator run fortios_monitor.yml -i inventory --execution-environment-image 10.80.92.35/fortigate
---------------------------------------------------------------
Execution environment image and pull policy overview
---------------------------------------------------------------
Execution environment image name: 10.80.92.35/fortigate:latest
Execution environment image tag: latest
Execution environment pull arguments: None
Execution environment pull policy: tag
Execution environment pull needed: True
---------------------------------------------------------------
Updating the execution environment
---------------------------------------------------------------
Running the command: podman pull 10.80.92.35/fortigate:latestAnd the results getting from the above task:
<192.168.88.182> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.168.88.18> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l `"&& mkdir "` echo /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428 `" && echo ansible-tmp-1691716277.5612597-25-59340333601428="` echo /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428 `" ) && sleep 0'
Using module file /usr/share/ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py
<192.168.88.182> PUT /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/tmpt5lyl8tu TO /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/AnsiballZ_fortios_monitor_fact.py
<192.168.88.18> EXEC /bin/sh -c 'chmod u+x /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/ /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/AnsiballZ_fortios_monitor_fact.py && sleep 0'
<192.168.88.18> EXEC /bin/sh -c '/usr/bin/python3.9 /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/AnsiballZ_fortios_monitor_fact.py && sleep 0'
<192.168.88.182> EXEC /bin/sh -c 'rm -f -r /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/ > /dev/null 2>&1 && sleep 0'
ok: [fortigate01] => {
"changed": false,
"invocation": {
"module_args": {
"access_token": null,
"enable_log": false,
"filters": null,
"formatters": null,
"params": null,
"selector": "system_available-interfaces",
"selectors": null,
"sorters": null,
"vdom": "root"
}
},
"meta": {
"action": "",
"build": 523,
"http_method": "GET",
"name": "available-interfaces",
"path": "system",
"results": [
{
"icon": "fa-square-o",
"name": "any",
"valid_in_policy": true
},
{
"dhcp4_client_count": 0,Could you double check on the ansible-navigator installation path? It may cause the error.
RachnaDodia
commented
1 year ago Hi @JieX19
I am testing on fortios v7.0.6 where the execution image that includes fortios collection is loading.Hence we are able to reach till this stage.I can see it is failing to load the httpapi plugin which comes a part of the collection.
The collection or plugin would be working with a different fortios version but it is failing for v7.0.6.
Job execution O/P-
Thanks, Rachna
JieX19
commented
1 year ago Hi @RachnaDodia, @ammygill
I think I found the root cause, you misspelled fortinet in the inventory file. I tested it on FOS v7.0.6, no errors.
Thanks, Jie
RachnaDodia
commented
1 year ago Hi @JieX19
Made the changes. Getting a new param error right now. Let me work on this.
Thank you .
RachnaDodia
commented
1 year ago @JieX19 recreated execution image and imported the tar file.
Made necessary changes and it worked :)
Network OS related configurations has been missed in the offical site of fortigate collections.
Thank you so much.
RachnaDodia
commented
1 year ago @JieX19 wanted to connect with you further on automating Fortigate Firewall
May I request you for your email ID?
I have installed below collection on ansible controller and trying to execute below playbook, it shows error.
ansible-galaxy collection install fortinet.fortios
Below is my yml file.
hosts: fortigate connection: httpapi
collections:
tasks:
TASK [Gathering Facts] ***** fatal: [10..x.x.x]: FAILED! => {"msg": "unable to load API plugin for network_os fortinet.fortios.fortios"}