Closed ric293 closed 7 months ago
Hi @ric293 ,
Thank you for raising this issue, I can reproduce it and have reported it to the development team, will let you know once it is fixed, Sorry for any inconvenience.
Thanks, Maxx
Hi @ric293,
I just tested the sessions on my env and found the sessions are closed when the task is done. The two sessions you mentioned (http and console) are build when you log into your fortigate and type in the command on the CLI. These are not caused by any ansible tasks.
Thanks, Jie
I'm not sure if JieX19 is correct about the two sessions. If I deploy fortigate vm and open console connection, login as admin, and do get system info admin status
, it shows only one logged in user which is admin on console.
If I open the web interface to the fortigate vm and login as admin, then as expected, there are two logged in users, one admin on console, and the other admin on http.
But it doesn't seem correct that if I run fortigate ansible module that it should leave an additonal admin http logged in user session. May be JieX19 is using later version of the fortinet.fortios collection than me and it doesn't have this problem.
I've re-tested on a later version of the fortinet.fortios galaxy collection and the problem still exists.
Galaxy collection: fortinet.fortios 2.3.1 Ansible core: 2.15.3 Python: 3.9.16 FortiGate-VM64-KVM v7.0.5,build0304,220208 (GA), using evaluation license
I'm using the same inventory as in the original description at the top above.
Playbook:
---
- name: This is a playbook for managing fortigate
hosts: all
gather_facts: false
tasks:
- name: Configure global attributes.
fortinet.fortios.fortios_system_global:
system_global:
alias: my_new_alias
Steps taken:
get system info admin status
.
This shows only one logged in admin user which is type 'console'.Hi @ric293
Thank you for your detailed info! I will look into the case again and get back to you later.
Hi @ric293
The issue has been fixed in the collection, please try it again. I will close this issue at this moment, marking it as resolved or completed. If you have any further questions or concerns, please feel free to reopen the ticket or create a new one.
Using the fortios_monitor_fact and fortios_system_global modules without using api token based authentication creates an admin http session on the fortigate device. This is not removed when the playbook is finished.
Using an api token in the ansible task calling fortios_system_global does not result in a admin http session remaining after the playbook is finished.
Not using api token when using fortios_monitor_fact and then using api token for fortios_system_global within the same playbook results in two admin http sessions remaining after the playbook is finished. I didn't want to use api token when using fortios_monitor_fact because I wanted to do a config backup which needs admin account for a full backup.
I'm not specifying any api token in the ansible inventory, only in the ansible task.
Galaxy collection: fortinet.fortios 2.2.3 Ansible core: 2.14.5 Python: 3.9.13 FortiGate-VM64-KVM v7.0.5,build0304,220208 (GA), using evaluation license
Using 'get system info admin status' on the fortigate cli to check for sessions.
Inventory
Playbook