search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
85 stars 49 forks source link

Error in repo when pulling configuration #284

Closed Silverthaw closed 1 month ago

Silverthaw commented 10 months ago

We are trying to create an automated (and offsite) backup of the configuration on a virtual fortigate. We are running 7.0.12 and have installed the latest fortinet.fortios version. We are able to pull operation information from the appliance (such as licensing and version) but attempts to pull configuration data result in an "Error in repo" error message. We have tried multiple version of the modules without effect. Can anyone help?

This is the playbook we're using:

#!/opt/ansible/playbooks/venv-FORTINET/bin/ansible-playbook

---
- name: Test FortiGate Firewall connectivity
  hosts: "{{ host }}"
  connection: httpapi
  collections:
    - fortinet.fortios
#  gather_facts: no

  vars:
    # host: "{{ inventory_hostname }}"
    # username: "{{ ansible_user }}"
    # password: "{{ ansible_password }}"
    vdom: "root"
    ansible_httpapi_use_ssl: True
    ansible_httpapi_validate_certs: False
    ansible_httpapi_port: 443

  tasks:
    - name: Pull license data
      fortios_monitor_fact:
        vdom: 'root'
        selector: 'license_status'
#        params:
#          scope: 'global'
      register: licenseinfo

    - name: Show license data
      debug:
        var: licenseinfo.meta.version

    - name: Pull config data
      fortios_monitor:
        vdom: 'root'
        selector: 'backup.system.config'
        params:
          scope: 'global'
      register: configinfo

    - name: Show config data
      debug:
        var: configinfo

Here's the version information and playbook output:

(venv-FORTINET) [playbooks]$ ansible --version
ansible [core 2.15.6]
  config file = /opt/ansible/playbooks/ansible.cfg
  configured module search path = ['/opt/ansible/libraries/ansible-hpe-cw7.git/library']
  ansible python module location = /opt/ansible/playbooks/venv-FORTINET/lib/python3.9/site-packages/ansible
  ansible collection location = /opt/ansible/playbooks/collections
  executable location = /opt/ansible/playbooks/venv-FORTINET/bin/ansible
  python version = 3.9.10 (main, Jan 28 2022, 11:56:24) [GCC 7.3.1 20180303 (Red Hat 7.3.1-5)] (/opt/ansible/playbooks/venv-FORTINET/bin/python)
  jinja version = 3.1.2
  libyaml = True
(venv-FORTINET) [playbooks]$ ansible-galaxy collection list | egrep -i '^$|\-|Collection|forti'

# /opt/ansible/playbooks/collections/ansible_collections
Collection                    Version
----------------------------- -------
fortinet.fortios              2.3.4  

# /opt/ansible/playbooks/venv-FORTINET/lib/python3.9/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
azure.azcollection            1.19.0 
community.fortios             1.0.0  
fortinet.fortimanager         2.3.0  
fortinet.fortios              2.3.4  
(venv-FORTINET) [playbooks]$ ./fortinet-test-NEW.yml -e "host=HUB_OCI_FW1A_VA"

PLAY [Test FortiGate Firewall connectivity] ******************************************************************

TASK [Gathering Facts] ***************************************************************************************
ok: [HUB_OCI_FW1A_VA]

TASK [Pull license data] *************************************************************************************
ok: [HUB_OCI_FW1A_VA]

TASK [Show license data] *************************************************************************************
ok: [HUB_OCI_FW1A_VA] => {
    "licenseinfo.meta.version": "v7.0.12"
}

TASK [Pull config data] **************************************************************************************
fatal: [HUB_OCI_FW1A_VA]: FAILED! => {"changed": false, "meta": {"action": "backup", "build": 523, "http_status": 405, "name": "config", "path": "system", "serial": "XXXXXXXX", "status": "error", "version": "v7.0.12"}, "msg": "Error in repo"}

PLAY RECAP ***************************************************************************************************
HUB_OCI_FW1A_VA            : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

(venv-FORTINET) [playbooks]$
MaxxLiu22 commented 10 months ago

Hi @Silverthaw ,

Thank you for raising this issue, your script runs well on my local environment, the only difference I see is my ansible-core version is 2.13.13, I can't find 2.15.6. Is that possible to downgrade your ansible-core version to 2.13.13 and give a try? if not, is that possible to run your script with -vvv like ansible-playbook -i hosts fortios_monitor_fact.yml -vvv that will provide a more detailed log.

liangl@US-LIANGL:~/ansible_fgt/github#284$ ansible-playbook -i hosts fortios_monitor_fact.yml 
[WARNING]: Collection fortinet.fortios does not support Ansible version 2.13.13

PLAY [fortigates] ****************************************************************************************

TASK [Pull license data] *********************************************************************************
ok: [fortigate03]

TASK [Show license data] *********************************************************************************
ok: [fortigate03] => {
    "licenseinfo.meta.version": "v7.0.12"
}

TASK [Pull config data] **********************************************************************************
ok: [fortigate03]

PLAY RECAP ***********************************************************************************************
fortigate03                : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

3

Thanks, Maxx

Silverthaw commented 10 months ago

I was able to downgrade my version by running the following commands:

pip uninstall ansible-core
pip uninstall ansible
pip install 'ansible-core==2.13.13'

Here is the requested log:

(venv-FORTINET) [dev@noctools ansible-playbook]$ ansible-playbook -i hosts fortinet-test-NEW.yml -vvv -e "host=HUB_OCI_FW1A_VA" ansible-playbook [core 2.13.13]
  config file = /home/dev/ansible-playbook/ansible.cfg
  configured module search path = ['/opt/ansible/libraries/ansible-hpe-cw7.git/library']
  ansible python module location = /home/dev/ansible-playbook/venv-FORTINET/lib/python3.9/site-packages/ansible
  ansible collection location = /home/dev/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/dev/ansible-playbook/venv-FORTINET/bin/ansible-playbook
  python version = 3.9.10 (main, Jan 28 2022, 11:56:24) [GCC 7.3.1 20180303 (Red Hat 7.3.1-5)]
  jinja version = 3.1.2
  libyaml = True
Using /home/dev/ansible-playbook/ansible.cfg as config file
host_list declined parsing /home/dev/ansible-playbook/hosts as it did not pass its verify_file() method
auto declined parsing /home/dev/ansible-playbook/hosts as it did not pass its verify_file() method
Parsed /home/dev/ansible-playbook/hosts inventory source with ini plugin
[WARNING]: Collection fortinet.fortios does not support Ansible version 2.13.13
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: fortinet-test-NEW.yml ****************************************************************************************************
1 plays in fortinet-test-NEW.yml

PLAY [Test FortiGate Firewall connectivity] ****************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************
task path: /home/dev/ansible-playbook/fortinet-test-NEW.yml:4
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<xxx.xxx.xxx.xxx> ESTABLISH LOCAL CONNECTION FOR USER: dev
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz `"&& mkdir "` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894405.4994905-4185-209405197262993 `" && echo ansible-tmp-1701894405.4994905-4185-209405197262993="` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894405.4994905-4185-209405197262993 `" ) && sleep 0'
Using module file /home/dev/ansible-playbook/venv-FORTINET/lib/python3.9/site-packages/ansible/modules/setup.py
<xxx.xxx.xxx.xxx> PUT /home/dev/.ansible/tmp/ansible-local-4176yet822fz/tmpyaxrrhuk TO /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894405.4994905-4185-209405197262993/AnsiballZ_setup.py
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c 'chmod u+x /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894405.4994905-4185-209405197262993/ /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894405.4994905-4185-209405197262993/AnsiballZ_setup.py && sleep 0'
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c '/home/dev/ansible-playbook/venv-FORTINET/bin/python /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894405.4994905-4185-209405197262993/AnsiballZ_setup.py && sleep 0'
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c 'rm -f -r /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894405.4994905-4185-209405197262993/ > /dev/null 2>&1 && sleep 0'
ok: [HUB_OCI_FW1A_VA]
META: ran handlers

TASK [Pull license data] ***********************************************************************************************************
task path: /home/dev/ansible-playbook/fortinet-test-NEW.yml:21
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<xxx.xxx.xxx.xxx> ESTABLISH LOCAL CONNECTION FOR USER: dev
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz `"&& mkdir "` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894407.1860592-4325-228285144609031 `" && echo ansible-tmp-1701894407.1860592-4325-228285144609031="` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894407.1860592-4325-228285144609031 `" ) && sleep 0'
Using module file /home/dev/ansible-playbook/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py
<xxx.xxx.xxx.xxx> PUT /home/dev/.ansible/tmp/ansible-local-4176yet822fz/tmp9hyf_i8r TO /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894407.1860592-4325-228285144609031/AnsiballZ_fortios_monitor_fact.py
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c 'chmod u+x /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894407.1860592-4325-228285144609031/ /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894407.1860592-4325-228285144609031/AnsiballZ_fortios_monitor_fact.py && sleep 0'
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c '/home/dev/ansible-playbook/venv-FORTINET/bin/python /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894407.1860592-4325-228285144609031/AnsiballZ_fortios_monitor_fact.py && sleep 0'
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c 'rm -f -r /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894407.1860592-4325-228285144609031/ > /dev/null 2>&1 && sleep 0'
ok: [HUB_OCI_FW1A_VA] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": false,
            "filters": null,
            "formatters": null,
            "params": null,
            "selector": "license_status",
            "selectors": null,
            "sorters": null,
            "vdom": "root"
        }
    },
    "meta": {
        "action": "",
        "build": 523,
        "http_method": "GET",
        "name": "status",
        "path": "license",
        "results": {
            "ai_malware_detection": {
                "entitlement": "AVDB",
                "expires": 1806105600,
                "last_update": 978336000,
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "0.00000"
            },
            "antispam": {
                "entitlement": "SPAM",
                "expires": 1806105600,
                "status": "licensed",
                "type": "live_fortiguard_service"
            },
            "antivirus": {
                "db_status": "db_type_extended",
                "engine": {
                    "last_update": 1684200900,
                    "version": "6.00288"
                },
                "entitlement": "AVDB",
                "expires": 1806105600,
                "last_update": 1523326020,
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "1.00000"
            },
            "appctrl": {
                "entitlement": "FMWR",
                "expires": 1806105600,
                "last_update": 1448965800,
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "6.00741"
            },
            "blacklisted_certificates": {
                "entitlement": "FURL",
                "expires": 1806105600,
                "last_update": 1701123673,
                "last_update_attempt": 1701894310,
                "last_update_method_status": "update_method_sched",
                "last_update_result_status": "update_result_no_updates",
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "1.00457"
            },
            "botnet_domain": {
                "entitlement": "AVDB",
                "expires": 1806105600,
                "last_update": 1701891909,
                "last_update_attempt": 1701894310,
                "last_update_method_status": "update_method_sched",
                "last_update_result_status": "update_result_no_updates",
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "3.00560"
            },
            "botnet_ip": {
                "last_update": 1701492174,
                "last_update_attempt": 1701894310,
                "last_update_method_status": "update_method_sched",
                "last_update_result_status": "update_result_no_updates",
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "7.03483"
            },
            "device_os_id": {
                "entitlement": "FMWR",
                "expires": 1806105600,
                "last_update": 1700249772,
                "last_update_attempt": 1701894310,
                "last_update_method_status": "update_method_sched",
                "last_update_result_status": "update_result_no_updates",
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "1.00160"
            },
            "fortianalyzer_cloud": {
                "entitlement": "FAZC",
                "status": "no_license",
                "type": "live_cloud_service"
            },
            "fortianalyzer_cloud_premium": {
                "entitlement": "AFAC",
                "status": "no_license",
                "type": "live_cloud_service"
            },
            "forticare": {
                "account": "core.net@oregonstate.edu",
                "company": "Oregon State University",
                "industry": "Education",
                "registration_supported": true,
                "status": "registered",
                "support": {
                    "enhanced": {
                        "expires": 1806105600,
                        "status": "licensed",
                        "support_level": "Premium"
                    }
                },
                "type": "cloud_service_status"
            },
            "forticloud": {
                "status": "cloud_logged_out",
                "type": "cloud_service_status"
            },
            "forticloud_logging": {
                "log_retention_days": 7,
                "max_bytes": 0,
                "status": "free_license",
                "type": "live_cloud_service",
                "used_bytes": 0
            },
            "forticloud_sandbox": {
                "entitlement": "AVDB",
                "expires": 1806105600,
                "files_uploaded_daily": 0,
                "max_files_daily": 100,
                "status": "licensed",
                "type": "live_cloud_service"
            },
            "fortiems_cloud": {
                "entitlement": "FCEM",
                "status": "no_license",
                "type": "account_level_live_cloud_service"
            },
            "fortiguard": {
                "connected": true,
                "fortigate_wan_ip": "yyy.yyy.yyy.yyy",
                "has_updated": true,
                "next_scheduled_update": 1701895500,
                "scheduled_updates_enabled": true,
                "server_address": "zzz.zzz.zzz.zzz:443",
                "supported": true,
                "type": "cloud_service_status",
                "update_server_usa": true
            },
            "fortiipam_cloud": {
                "entitlement": "IPMC",
                "status": "no_license",
                "type": "live_cloud_service"
            },
            "fortimanager_cloud": {
                "entitlement": "FMGC",
                "status": "no_license",
                "type": "live_cloud_service"
            },
            "fortimanager_cloud_alci": {
                "entitlement": "FMGC",
                "status": "no_license",
                "type": "account_level_live_cloud_service"
            },
            "fortisandbox_cloud": {
                "entitlement": "FSAC",
                "status": "no_license",
                "type": "live_cloud_service"
            },
            "fortisandbox_cloud_alci": {
                "entitlement": "FSAP",
                "status": "no_license",
                "type": "account_level_live_cloud_service"
            },
            "industrial_db": {
                "entitlement": "ISSS",
                "last_update": 1448965800,
                "status": "no_license",
                "type": "downloaded_fds_object",
                "version": "6.00741"
            },
            "internet_service_db": {
                "last_update": 1701492174,
                "last_update_attempt": 1701894310,
                "last_update_method_status": "update_method_sched",
                "last_update_result_status": "update_result_no_updates",
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "7.03483"
            },
            "iot_detection": {
                "entitlement": "IOTH",
                "status": "no_license",
                "type": "live_fortiguard_service"
            },
            "ips": {
                "configuration_script": {
                    "last_update": 1559858520,
                    "last_update_attempt": 1701894310,
                    "last_update_method_status": "update_method_manual",
                    "last_update_result_status": "update_result_no_updates",
                    "version": "1.00009"
                },
                "db_status": "db_type_extended",
                "engine": {
                    "last_update": 1685048011,
                    "last_update_attempt": 1701894310,
                    "last_update_method_status": "update_method_sched",
                    "last_update_result_status": "update_result_no_updates",
                    "version": "7.00167"
                },
                "entitlement": "NIDS",
                "expires": 1806105600,
                "last_update": 1701885916,
                "last_update_attempt": 1701894310,
                "last_update_method_status": "update_method_sched",
                "last_update_result_status": "update_result_no_updates",
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "26.00690"
            },
            "malicious_urls": {
                "entitlement": "NIDS",
                "expires": 1806105600,
                "last_update": 1701878728,
                "last_update_attempt": 1701894310,
                "last_update_method_status": "update_method_sched",
                "last_update_result_status": "update_result_no_updates",
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "4.00900"
            },
            "mobile_malware": {
                "entitlement": "AVDB",
                "expires": 1806105600,
                "last_update": 978336000,
                "status": "licensed",
                "type": "downloaded_fds_object",
                "version": "0.00000"
            },
            "outbreak_prevention": {
                "entitlement": "ZHVO",
                "expires": 1806105600,
                "status": "licensed",
                "type": "live_fortiguard_service"
            },
            "sdwan_network_monitor": {
                "entitlement": "SWNM",
                "status": "no_license",
                "type": "live_fortiguard_service"
            },
            "security_rating": {
                "entitlement": "FGSA",
                "last_update": 978336000,
                "status": "no_license",
                "type": "downloaded_fds_object",
                "version": "0.00000"
            },
            "sms": {
                "max": 0,
                "status": "no_license",
                "type": "other",
                "used": 0
            },
            "vdom": {
                "can_upgrade": true,
                "max": 1,
                "type": "platform",
                "used": 1
            },
            "vm": {
                "closed_network": false,
                "cpu_max": 4,
                "cpu_used": 4,
                "expires": 1806105600,
                "license_model": 18,
                "license_platform_name": "FGVMSL",
                "mem_used": 63460868096,
                "status": "vm_valid",
                "type": "platform",
                "valid": true
            },
            "web_filtering": {
                "category_list_version": 9,
                "entitlement": "FURL",
                "expires": 1806105600,
                "running": true,
                "status": "licensed",
                "type": "live_fortiguard_service"
            }
        },
        "serial": "XXXXXXXX",
        "status": "success",
        "vdom": "root",
        "version": "v7.0.12"
    }
}

TASK [Show license data] ***********************************************************************************************************
task path: /home/dev/ansible-playbook/fortinet-test-NEW.yml:29
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<xxx.xxx.xxx.xxx> ESTABLISH HTTP(S) CONNECTFOR USER: net_ansible TO https://xxx.xxx.xxx.xxx:443
ok: [HUB_OCI_FW1A_VA] => {
    "licenseinfo.meta.version": "v7.0.12"
}

TASK [Pull config data] ************************************************************************************************************
task path: /home/dev/ansible-playbook/fortinet-test-NEW.yml:33
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<xxx.xxx.xxx.xxx> ESTABLISH LOCAL CONNECTION FOR USER: dev
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz `"&& mkdir "` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894410.2961493-4351-278670743992809 `" && echo ansible-tmp-1701894410.2961493-4351-278670743992809="` echo /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894410.2961493-4351-278670743992809 `" ) && sleep 0'
Using module file /home/dev/ansible-playbook/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor.py
<xxx.xxx.xxx.xxx> PUT /home/dev/.ansible/tmp/ansible-local-4176yet822fz/tmp5do4mkjq TO /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894410.2961493-4351-278670743992809/AnsiballZ_fortios_monitor.py
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c 'chmod u+x /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894410.2961493-4351-278670743992809/ /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894410.2961493-4351-278670743992809/AnsiballZ_fortios_monitor.py && sleep 0'
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c '/home/dev/ansible-playbook/venv-FORTINET/bin/python /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894410.2961493-4351-278670743992809/AnsiballZ_fortios_monitor.py && sleep 0'
<xxx.xxx.xxx.xxx> EXEC /bin/sh -c 'rm -f -r /home/dev/.ansible/tmp/ansible-local-4176yet822fz/ansible-tmp-1701894410.2961493-4351-278670743992809/ > /dev/null 2>&1 && sleep 0'
fatal: [HUB_OCI_FW1A_VA]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": true,
            "params": {
                "scope": "global"
            },
            "selector": "backup.system.config",
            "vdom": "root"
        }
    },
    "meta": {
        "action": "backup",
        "build": 523,
        "http_status": 405,
        "name": "config",
        "path": "system",
        "serial": "XXXXXXXX",
        "status": "error",
        "version": "v7.0.12"
    },
    "msg": "Error in repo"
}

PLAY RECAP *************************************************************************************************************************
HUB_OCI_FW1A_VA            : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

(venv-FORTINET) [dev@noctools ansible-playbook]$