Closed foxpatil closed 7 months ago
Hi @foxpatil ,
Thank you for raising this issue, could you type ansible --version
and ansible-galaxy collection list
to gather the environment information for me?
Thanks, Maxx
Hi @MaxxLiu22
I am facing similiar error for Fortigate firewall. Please find attached details in the PDF-
Request your help ASAP.
Thanks in advance
Hi @RachnaDodia,
This is the doc for how to prepare the host inventory and run your playbook. https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/playbook.html
I saw you run the command ansible-nevigator, can you just run ansible-playbook to test the collection to see if the plugin can be loaded normally?
Thanks, Jie
Hi @foxpatil,
May I know if the issue has been solved? Please send me the config and hosts files if you still experience the same error.
Thanks, Jie
@RachnaDodia,
Could you send me the ansible.cfg file along with the inventory file (no sensitive data exposure).
Hi @RachnaDodia, there're some errors in your playbook, selector 'system_available-interfaces' is in the monitor_fact module actually.
Can you set up your hosts file as follows and run the playbook I provide again?
hosts file:
[fortigates]
fortigate01 enable_log=True ansible_host=YOUR_HOST_IP
[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios
ansible_user=YOUR_USER_NAME
ansible_password=YOUR_PASSWORD
Playbook:
- hosts: fortigates
connection: httpapi
collections:
- fortinet.fortios
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name:
fortios_monitor_fact:
vdom: root
selector: system_available-interfaces
# params:
# mkey: port1
Hi @JieX19 @MaxxLiu22
I have configured in Ansible Automation Platform 2.3 .
I have also upldated the playbook as requested . But error seems to be in the collection httpapi plugin and not the playbook
Fortigate collection error (2).pdf
Please have a look.
Thanks in advance
@JieX19 I have also followed the fortios doc which you shared..configured similiar in Ansible controller UI.
Hi @Team / @JieX19 @MaxxLiu22 Any way on the issue?
Hi @RachnaDodia,
I installed the ansible-navigator on Podman and the collection works fine without any errors. I just send Emily an email requesting the execution-environment file and container file. I need to check some information in it and make sure the installation path is not mixed up. The error is not from our code, it basically means Ansible cannot find the collection.
Here's my config info:
➜ navigator podman run fortios-only ansible --version
ansible [core 2.12.5.post0]
config file = None
configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 2.10.3
libyaml = True
➜ navigator podman run fortios-only ansible-galaxy collection list
# /usr/share/ansible/collections/ansible_collections
Collection Version
----------------- -------
ansible.netcommon 5.1.2
ansible.utils 2.10.3
fortinet.fortios 2.3.1
execution-environment.yml
version: 3
dependencies:
galaxy:
collections:
- name: fortinet.fortios
Thanks, Jie
fortigate.tar.gz
Hi @JieX19 Please find the execution environment image used- https://drive.google.com/file/d/19HtM74myxVNWM-oyA0Su-ke2qMqrs7TE/view?usp=sharing
Thanks
hey @JieX19 ,
I am working with Rachna on this and in the logs that appeared on the job output of the AAP i can see that the collection path is correctly being used so the collection is definitely installed. The output form the EE being used:
podman run -it
Collection Version
ansible.netcommon 5.1.2
ansible.utils 2.10.3
fortinet.fortios 2.2.3
Hi @JieX19 The fortios version that is used in customer's environment is v7.0.6
Hi @RachnaDodia @ammygill,
I loaded your image locally and the module works fine. I tested on FOS 7.4.0 and 7.0.12, andno error occurs. I noticed the ansible configuration path is /home/runner/.ansible/plugins/modules'(I loaded it locally and ran it on my env):
➜ navigator
➜ navigator ansible-navigator run fortios_monitor.yml -i inventory --execution-environment-image 10.80.92.35/fortigate --mode stdout --pp missing -vvvv
ansible-playbook [core 2.14.6]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-playbook
python version = 3.9.16 (main, May 31 2023, 12:21:58) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/usr/bin/python3.9)
jinja version = 3.1.2
libyaml = True
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
But the path is different from what you provided the first time (/home/AutomationPOC/****), I paste it here for your reference.
Here's the log for the ansible task on my env.
➜ navigator vim fortios_monitor.yml
➜ navigator ansible-navigator run fortios_monitor.yml -i inventory --execution-environment-image 10.80.92.35/fortigate
---------------------------------------------------------------
Execution environment image and pull policy overview
---------------------------------------------------------------
Execution environment image name: 10.80.92.35/fortigate:latest
Execution environment image tag: latest
Execution environment pull arguments: None
Execution environment pull policy: tag
Execution environment pull needed: True
---------------------------------------------------------------
Updating the execution environment
---------------------------------------------------------------
Running the command: podman pull 10.80.92.35/fortigate:latest
And the results getting from the above task:
<192.168.88.182> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.168.88.18> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l `"&& mkdir "` echo /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428 `" && echo ansible-tmp-1691716277.5612597-25-59340333601428="` echo /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428 `" ) && sleep 0'
Using module file /usr/share/ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py
<192.168.88.182> PUT /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/tmpt5lyl8tu TO /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/AnsiballZ_fortios_monitor_fact.py
<192.168.88.18> EXEC /bin/sh -c 'chmod u+x /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/ /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/AnsiballZ_fortios_monitor_fact.py && sleep 0'
<192.168.88.18> EXEC /bin/sh -c '/usr/bin/python3.9 /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/AnsiballZ_fortios_monitor_fact.py && sleep 0'
<192.168.88.182> EXEC /bin/sh -c 'rm -f -r /home/runner/.ansible/tmp/ansible-local-21tu0pgw4l/ansible-tmp-1691716277.5612597-25-59340333601428/ > /dev/null 2>&1 && sleep 0'
ok: [fortigate01] => {
"changed": false,
"invocation": {
"module_args": {
"access_token": null,
"enable_log": false,
"filters": null,
"formatters": null,
"params": null,
"selector": "system_available-interfaces",
"selectors": null,
"sorters": null,
"vdom": "root"
}
},
"meta": {
"action": "",
"build": 523,
"http_method": "GET",
"name": "available-interfaces",
"path": "system",
"results": [
{
"icon": "fa-square-o",
"name": "any",
"valid_in_policy": true
},
{
"dhcp4_client_count": 0,
Could you double check on the ansible-navigator installation path? It may cause the error.
Hi @JieX19
I am testing on fortios v7.0.6 where the execution image that includes fortios collection is loading.Hence we are able to reach till this stage.I can see it is failing to load the httpapi plugin which comes a part of the collection.
The collection or plugin would be working with a different fortios version but it is failing for v7.0.6.
Job execution O/P-
Thanks, Rachna
Hi @RachnaDodia, @ammygill
I think I found the root cause, you misspelled fortinet in the inventory file. I tested it on FOS v7.0.6, no errors.
Thanks, Jie
Hi @JieX19
Made the changes. Getting a new param error right now. Let me work on this.
Thank you .
@JieX19 recreated execution image and imported the tar file.
Made necessary changes and it worked :)
Network OS related configurations has been missed in the offical site of fortigate collections.
Thank you so much.
@JieX19 wanted to connect with you further on automating Fortigate Firewall
May I request you for your email ID?
I have installed below collection on ansible controller and trying to execute below playbook, it shows error.
ansible-galaxy collection install fortinet.fortios
Below is my yml file.
hosts: fortigate connection: httpapi
collections:
tasks:
TASK [Gathering Facts] ***** fatal: [10..x.x.x]: FAILED! => {"msg": "unable to load API plugin for network_os fortinet.fortios.fortios"}