Closed asrivastav-aag closed 1 month ago
asrivastav-aag
commented
7 months ago I tried with _accesstoken as well; got the same error.
"meta": {
"build": 866,
"http_method": "PUT", (tried POST & PUT both)
"http_status": 403,
"mkey": "prt-lo-testla-u",
"name": "interface",
"path": "system",
"serial": "FG100ETKxxxxxxxx",
"status": "error",
"vdom": "partner",
"version": "v6.2.0"
},
"msg": "Error in repo"API Token permission:
MaxxLiu22
commented
7 months ago Hi @asrivastav-aag ,
Thank you for your question, I run your script with adding vdom, everything works well. In the FOS 7.4, Ansible will return an additional error msg "vdom is required", so here the "Error in repo" is kind of confusing. and in FOS 6.2 only token authentication is accepted, let me know if that doesn't solve your question.
- name: Creating Loopback Interface
fortinet.fortios.fortios_system_interface:
vdom: "root"
enable_log: True
state: present
access_token: 091bwh
system_interface:
vdom: "root"
name: "test"
description: "vendor"
type: "loopback"
ip: "10.77.98.129/32" # "{{ fgt_loopbk_ip }}"
allowaccess: "ping" # "ping", "https", "ssh", "snmp", "http", "telnet", "fgfm", "radius-acct", "probe-response", "fabric", "ftm", "speed-test", "capwap"
status: "up"Thanks, Maxx
asrivastav-aag
commented
7 months ago This is great, thank you! I will give it a try and confirm you.
On _fortios_systeminterface document, vdom is not marked as required in parent and/or child modules, so thought I only have to define it on one place.
asrivastav-aag
commented
7 months ago Unfortunately, it did not work on my laptop. I just tried with new task snippet; got the same error.
New Task Snippet:
- name: Creating Loopback Interface '{{ fgt_loopbk_inf }}'
fortinet.fortios.fortios_system_interface:
vdom: "{{ vdom }}"
access_token: "{{ access_token }}" # Tried without token as well, no luck
enable_log: True
state: present
system_interface:
vdom: "{{ vdom }}"
name: "{{ fgt_loopbk_inf }}"
description: "{{ vendor_name }}"
type: "loopback"
ip: 10.54.37.129/32
allowaccess: "ping"
status: "up"
"msg": "Error in repo"
TASK [Creating Loopback Interface 'prt-lo-testla-u'] ********************************************************************************************************
task path: /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/52_CreateLoopbackInterface.yaml:68
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<10.0.0.60> ESTABLISH LOCAL CONNECTION FOR USER: sri
<10.0.0.60> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh `"&& mkdir "` echo /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/ansible-tmp-1701909484.881983-15275-88654802273948 `" && echo ansible-tmp-1701909484.881983-15275-88654802273948="` echo /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/ansible-tmp-1701909484.881983-15275-88654802273948 `" ) && sleep 0'
Using module file /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_interface.py
<10.0.0.60> PUT /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/tmprekm43wn TO /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/ansible-tmp-1701909484.881983-15275-88654802273948/AnsiballZ_fortios_system_interface.py
<10.0.0.60> EXEC /bin/sh -c 'chmod u+x /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/ansible-tmp-1701909484.881983-15275-88654802273948/ /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/ansible-tmp-1701909484.881983-15275-88654802273948/AnsiballZ_fortios_system_interface.py && sleep 0'
<10.0.0.60> EXEC /bin/sh -c '/Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/bin/python3 /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/ansible-tmp-1701909484.881983-15275-88654802273948/AnsiballZ_fortios_system_interface.py && sleep 0'
<10.0.0.60> EXEC /bin/sh -c 'rm -f -r /Users/sri/.ansible/tmp/ansible-local-152137pejo5wh/ansible-tmp-1701909484.881983-15275-88654802273948/ > /dev/null 2>&1 && sleep 0'
fatal: [sri-se4]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"access_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"enable_log": true,
"member_path": null,
"member_state": null,
"state": "present",
"system_interface": {
"ac_name": null,
"aggregate": null,
"aggregate_type": null,
"algorithm": null,
"alias": null,
"allowaccess": "ping",
"ap_discover": null,
"arpforward": null,
"auth_cert": null,
"auth_portal_addr": null,
"auth_type": null,
"auto_auth_extension_device": null,
"bandwidth_measure_time": null,
"bfd": null,
"bfd_desired_min_tx": null,
"bfd_detect_mult": null,
"bfd_required_min_rx": null,
"broadcast_forticlient_discovery": null,
"broadcast_forward": null,
"captive_portal": null,
"cli_conn_status": null,
"client_options": null,
"color": null,
"dedicated_to": null,
"default_purdue_level": null,
"defaultgw": null,
"description": "Testlab",
"detected_peer_mtu": null,
"detectprotocol": null,
"detectserver": null,
"device_access_list": null,
"device_identification": null,
"device_identification_active_scan": null,
"device_netscan": null,
"device_user_identification": null,
"devindex": null,
"dhcp_broadcast_flag": null,
"dhcp_classless_route_addition": null,
"dhcp_client_identifier": null,
"dhcp_relay_agent_option": null,
"dhcp_relay_interface": null,
"dhcp_relay_interface_select_method": null,
"dhcp_relay_ip": null,
"dhcp_relay_link_selection": null,
"dhcp_relay_request_all_server": null,
"dhcp_relay_service": null,
"dhcp_relay_type": null,
"dhcp_renew_time": null,
"dhcp_smart_relay": null,
"dhcp_snooping_server_list": null,
"disc_retry_timeout": null,
"disconnect_threshold": null,
"distance": null,
"dns_server_override": null,
"dns_server_protocol": null,
"drop_fragment": null,
"drop_overlapped_fragment": null,
"eap_ca_cert": null,
"eap_identity": null,
"eap_method": null,
"eap_password": null,
"eap_supplicant": null,
"eap_user_cert": null,
"egress_cos": null,
"egress_queues": null,
"egress_shaping_profile": null,
"endpoint_compliance": null,
"estimated_downstream_bandwidth": null,
"estimated_upstream_bandwidth": null,
"explicit_ftp_proxy": null,
"explicit_web_proxy": null,
"external": null,
"fail_action_on_extender": null,
"fail_alert_interfaces": null,
"fail_alert_method": null,
"fail_detect": null,
"fail_detect_option": null,
"fortiheartbeat": null,
"fortilink": null,
"fortilink_backup_link": null,
"fortilink_neighbor_detect": null,
"fortilink_split_interface": null,
"fortilink_stacking": null,
"forward_domain": null,
"gi_gk": null,
"gwdetect": null,
"ha_priority": null,
"icmp_accept_redirect": null,
"icmp_send_redirect": null,
"ident_accept": null,
"idle_timeout": null,
"ike_saml_server": null,
"inbandwidth": null,
"ingress_cos": null,
"ingress_shaping_profile": null,
"ingress_spillover_threshold": null,
"interface": null,
"internal": null,
"ip": "10.54.37.129/32",
"ip_managed_by_fortiipam": null,
"ipmac": null,
"ips_sniffer_mode": null,
"ipunnumbered": null,
"ipv6": null,
"l2forward": null,
"lacp_ha_secondary": null,
"lacp_ha_slave": null,
"lacp_mode": null,
"lacp_speed": null,
"lcp_echo_interval": null,
"lcp_max_echo_fails": null,
"link_up_delay": null,
"lldp_network_policy": null,
"lldp_reception": null,
"lldp_transmission": null,
"macaddr": null,
"managed_device": null,
"managed_subnetwork_size": null,
"management_ip": null,
"measured_downstream_bandwidth": null,
"measured_upstream_bandwidth": null,
"mediatype": null,
"member": null,
"min_links": null,
"min_links_down": null,
"mode": null,
"monitor_bandwidth": null,
"mtu": null,
"mtu_override": null,
"name": "prt-lo-testla-u",
"ndiscforward": null,
"netbios_forward": null,
"netflow_sampler": null,
"outbandwidth": null,
"padt_retry_timeout": null,
"password": null,
"ping_serv_status": null,
"polling_interval": null,
"pppoe_unnumbered_negotiate": null,
"pptp_auth_type": null,
"pptp_client": null,
"pptp_password": null,
"pptp_server_ip": null,
"pptp_timeout": null,
"pptp_user": null,
"preserve_session_route": null,
"priority": null,
"priority_override": null,
"proxy_captive_portal": null,
"reachable_time": null,
"redundant_interface": null,
"remote_ip": null,
"replacemsg_override_group": null,
"ring_rx": null,
"ring_tx": null,
"role": null,
"sample_direction": null,
"sample_rate": null,
"scan_botnet_connections": null,
"secondary_IP": null,
"secondaryip": null,
"security_exempt_list": null,
"security_external_logout": null,
"security_external_web": null,
"security_groups": null,
"security_mac_auth_bypass": null,
"security_mode": null,
"security_redirect_url": null,
"service_name": null,
"sflow_sampler": null,
"snmp_index": null,
"speed": null,
"spillover_threshold": null,
"src_check": null,
"status": "up",
"stp": null,
"stp_ha_secondary": null,
"stp_ha_slave": null,
"stpforward": null,
"stpforward_mode": null,
"subst": null,
"substitute_dst_mac": null,
"sw_algorithm": null,
"swc_first_create": null,
"swc_vlan": null,
"switch": null,
"switch_controller_access_vlan": null,
"switch_controller_arp_inspection": null,
"switch_controller_dhcp_snooping": null,
"switch_controller_dhcp_snooping_option82": null,
"switch_controller_dhcp_snooping_verify_mac": null,
"switch_controller_dynamic": null,
"switch_controller_feature": null,
"switch_controller_igmp_snooping": null,
"switch_controller_igmp_snooping_fast_leave": null,
"switch_controller_igmp_snooping_proxy": null,
"switch_controller_iot_scanning": null,
"switch_controller_learning_limit": null,
"switch_controller_mgmt_vlan": null,
"switch_controller_nac": null,
"switch_controller_netflow_collect": null,
"switch_controller_rspan_mode": null,
"switch_controller_source_ip": null,
"switch_controller_traffic_policy": null,
"system_id": null,
"system_id_type": null,
"tagging": null,
"tcp_mss": null,
"trust_ip6_1": null,
"trust_ip6_2": null,
"trust_ip6_3": null,
"trust_ip_1": null,
"trust_ip_2": null,
"trust_ip_3": null,
"type": "loopback",
"username": null,
"vdom": "partner",
"vindex": null,
"vlan_protocol": null,
"vlanforward": null,
"vlanid": null,
"vrf": null,
"vrrp": null,
"vrrp_virtual_mac": null,
"wccp": null,
"weight": null,
"wins_ip": null
},
"vdom": "partner"
}
},
"meta": {
"build": 866,
"http_method": "PUT",
"http_status": 403,
"mkey": "prt-lo-testla-u",
"name": "interface",
"path": "system",
"serial": "FG100ETKxxxxxxxx",
"status": "error",
"vdom": "partner",
"version": "v6.2.0"
},
"msg": "Error in repo"
}
PLAY RECAP **************************************************************************************************************************************************
sri-se4 : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
(013_fgt_create_ipsec) sri@SEAVVMASRIVA 013_fgt_create_ipsec % That is weird, could you run diagnose debug cli 8 and diagnose debug enable on FGT and then run the script again to monitor which setting was going wrong? you should get something like this:
ansible # diagnose debug cli 8
Debug messages will be on for 30 minutes.
ansible # diagnose debug enable
ansible # 0: config system interface
[cmf_shm_update:662] Error: pid=169,vd=,query=system.settings,level=0,pos=0.
[cmf_shm_update:662] Error: pid=169,vd=,query=system.settings,level=0,pos=0.
[cmf_shm_update:662] Error: pid=169,vd=,query=system.settings,level=0,pos=0.
0: edit "test5"
0: set vdom "root"
0: set ip 12.89.98.129 255.255.255.255
0: set allowaccess ping
0: set type loopback
0: set description "vendor"
0: end
0: config system interface
0: edit "test5"
0: config ipv6
0: end
0: end
write config file success, prepare to save in flashThanks, Maxx
asrivastav-aag
commented
7 months ago Command diagnose debug cli 8 and diagnose debug enable did not give any output, so I added diagnose debug application httpsd -1 as well.
Highlevel error
2023-12-06 17:46:19 [httpsd 249 - 1701913579 error] fortiweb_static_handler[321] -- Access denied: Not authorized to access the static resource file: /migadmin/api/v2/authentication
2023-12-06 17:46:19 [httpsd 249 - 1701913579 error] log_error_core[439] -- [Wed Dec 6 17:46:19 2023] [error] [client 10.0.0.11] File does not exist: /migadmin/api/v2/authentication
2023-12-06 17:46:28 [httpsd 248 - 1701913588 error] is_valid_csrf_token[2421] -- no CSRF token found
2023-12-06 17:46:28 [httpsd 248 - 1701913588 error] api_cmdb_execute_handler[1882] -- no valid CSRF token found
2023-12-06 17:46:28 [httpsd 248 - 1701913588 error] api_return_http_result[645] -- API error 403 raisedWithout access_token:
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/available-interfaces?scope=global', method='GET')
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60823 Destination: 10.0.0.60:443
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] api_store_parameter[241] -- add API parameter 'scope': '"global"' (type=string)
2023-12-06 17:53:41 [httpsd 1502 - 1701914021 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='available-interfaces',vdom='root',user='admin')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/user/fortitoken?global=1', method='GET')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60824 Destination: 10.0.0.60:443
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:53:42 [httpsd 1505 - 1701914022 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:53:42 [httpsd 1505 - 1701914022 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60825 Destination: 10.0.0.60:443
2023-12-06 17:53:42 [httpsd 1505 - 1701914022 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] api_store_parameter[241] -- add API parameter 'global': '"1"' (type=string)
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] api_parse_vdom_list[986] -- request is for all VDOMs
2023-12-06 17:53:42 [httpsd 1505 - 1701914022 info] endpoint_process_req_vdom[463] -- new API request (action='status',path='system',name='sandbox',vdom='root',user='admin')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[459] -- attempting to change from vdom "root" to vdom "cloud"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='user',name='fortitoken',vdom='cloud',user='admin')
2023-12-06 17:53:42 [httpsd 1505 - 1701914022 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[471] -- returning to original vdom "root"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[459] -- attempting to change from vdom "root" to vdom "direwolf"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='user',name='fortitoken',vdom='direwolf',user='admin')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[471] -- returning to original vdom "root"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[459] -- attempting to change from vdom "root" to vdom "partner"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='user',name='fortitoken',vdom='partner',user='admin')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[471] -- returning to original vdom "root"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='user',name='fortitoken',vdom='root',user='admin')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[459] -- attempting to change from vdom "root" to vdom "sdwan"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='user',name='fortitoken',vdom='sdwan',user='admin')
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] endpoint_process_req_vdom[471] -- returning to original vdom "root"
2023-12-06 17:53:42 [httpsd 1504 - 1701914022 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:53:42 [httpsd 1502 - 1701914022 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:53:44 [httpsd 1502 - 1701914024 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/usb-log', method='GET')
2023-12-06 17:53:44 [httpsd 1502 - 1701914024 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:53:44 [httpsd 1502 - 1701914024 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60823 Destination: 10.0.0.60:443
2023-12-06 17:53:44 [httpsd 1502 - 1701914024 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:53:44 [httpsd 1502 - 1701914024 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 17:53:44 [httpsd 1502 - 1701914024 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='usb-log',vdom='root',user='admin')
2023-12-06 17:53:44 [httpsd 1502 - 1701914024 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] ap_invoke_handler[593] -- new request (handler='api_cmdb_v2-handler', uri='/api/v2/cmdb/system/interface/prt-lo-testla-u?vdom=partner', method='PUT')
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] ap_invoke_handler[597] -- User-Agent: Python-urllib/3.8
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60830 Destination: 10.0.0.60:443
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_cmdb_v2_handler[2096] -- received api_cmdb_v2_request from '10.0.0.11'
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='(null)')
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'vdom': '"partner"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'allowaccess': '"ping"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'description': '"Testlab"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'ip': '"10.54.37.129\/32"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'name': '"prt-lo-testla-u"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'status': '"up"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'type': '"loopback"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_store_parameter[241] -- add API parameter 'vdom': '"partner"' (type=string)
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] handle_cli_req_v2_vdom[1995] -- attempting to change from vdom "root" to vdom "partner"
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] handle_cli_req_v2_vdom[1998] -- new CMDB API request (vdom='partner',user='admin')
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_cmdb_request_init_by_path[1401] -- new CMDB query (path='system',name='interface')
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_cmdb_request_init_by_path[1430] -- querying CMDB entry (mkey='prt-lo-testla-u')
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] api_cmdb_request_init_by_path[1434] -- unable to find 'prt-lo-testla-u' in table 'system.interface'
2023-12-06 17:53:45 [httpsd 248 - 1701914025 error] is_valid_csrf_token[2421] -- no CSRF token found
2023-12-06 17:53:45 [httpsd 248 - 1701914025 error] api_cmdb_execute_handler[1882] -- no valid CSRF token found
2023-12-06 17:53:45 [httpsd 248 - 1701914025 error] api_return_http_result[645] -- API error 403 raised
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] handle_cli_req_v2_vdom[2006] -- returning to original vdom "root"
2023-12-06 17:53:45 [httpsd 248 - 1701914025 info] ap_invoke_handler[616] -- request completed (handler='api_cmdb_v2-handler' result==0)
2023-12-06 17:53:45 [httpsd 249 - 1701914025 info] ap_invoke_handler[593] -- new request (handler='logout-handler', uri='/logout', method='POST')
2023-12-06 17:53:45 [httpsd 249 - 1701914025 info] ap_invoke_handler[597] -- User-Agent: Python-urllib/3.8
2023-12-06 17:53:45 [httpsd 249 - 1701914025 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60831 Destination: 10.0.0.60:443
2023-12-06 17:53:45 [httpsd 249 - 1701914025 info] ap_invoke_handler[616] -- request completed (handler='logout-handler' result==0)
2023-12-06 17:53:50 [httpsd 248 - 1701914030 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/usb-log', method='GET')
2023-12-06 17:53:50 [httpsd 248 - 1701914030 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:53:50 [httpsd 248 - 1701914030 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60833 Destination: 10.0.0.60:443
2023-12-06 17:53:50 [httpsd 248 - 1701914030 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:53:50 [httpsd 248 - 1701914030 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 17:53:50 [httpsd 248 - 1701914030 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='usb-log',vdom='root',user='admin')
2023-12-06 17:53:50 [httpsd 248 - 1701914030 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:53:53 [httpsd 249 - 1701914033 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/available-interfaces?scope=global', method='GET')
2023-12-06 17:53:53 [httpsd 249 - 1701914033 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:53:53 [httpsd 249 - 1701914033 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60834 Destination: 10.0.0.60:443
2023-12-06 17:53:53 [httpsd 249 - 1701914033 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:53:53 [httpsd 249 - 1701914033 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 17:53:53 [httpsd 249 - 1701914033 info] api_store_parameter[241] -- add API parameter 'scope': '"global"' (type=string)
2023-12-06 17:53:53 [httpsd 249 - 1701914033 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='available-interfaces',vdom='root',user='admin')
2023-12-06 17:53:54 [httpsd 249 - 1701914034 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:53:55 [httpsd 249 - 1701914035 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/usb-log', method='GET')
2023-12-06 17:53:55 [httpsd 249 - 1701914035 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:53:55 [httpsd 249 - 1701914035 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60834 Destination: 10.0.0.60:443
2023-12-06 17:53:55 [httpsd 249 - 1701914035 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:53:55 [httpsd 249 - 1701914035 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 17:53:55 [httpsd 249 - 1701914035 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='usb-log',vdom='root',user='admin')
2023-12-06 17:53:55 [httpsd 249 - 1701914035 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 17:54:00 [httpsd 248 - 1701914040 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/usb-log', method='GET')
2023-12-06 17:54:00 [httpsd 248 - 1701914040 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 17:54:00 [httpsd 248 - 1701914040 info] ap_invoke_handler[600] -- Source: 10.0.0.11:60835 Destination: 10.0.0.60:443
2023-12-06 17:54:00 [httpsd 248 - 1701914040 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 17:54:00 [httpsd 248 - 1701914040 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 17:54:00 [httpsd 248 - 1701914040 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='usb-log',vdom='root',user='admin')
2023-12-06 17:54:00 [httpsd 248 - 1701914040 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
With access_token:
2023-12-06 18:06:35 [httpsd 249 - 1701914795 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/usb-log', method='GET')
2023-12-06 18:06:35 [httpsd 249 - 1701914795 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 18:06:35 [httpsd 249 - 1701914795 info] ap_invoke_handler[600] -- Source: 10.0.0.11:61225 Destination: 10.0.0.60:443
2023-12-06 18:06:35 [httpsd 249 - 1701914795 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 18:06:35 [httpsd 249 - 1701914795 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 18:06:35 [httpsd 249 - 1701914795 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='usb-log',vdom='root',user='admin')
2023-12-06 18:06:35 [httpsd 249 - 1701914795 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 18:06:37 [httpsd 248 - 1701914797 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/available-interfaces?scope=global', method='GET')
2023-12-06 18:06:37 [httpsd 248 - 1701914797 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 18:06:37 [httpsd 248 - 1701914797 info] ap_invoke_handler[600] -- Source: 10.0.0.11:61229 Destination: 10.0.0.60:443
2023-12-06 18:06:37 [httpsd 248 - 1701914797 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 18:06:37 [httpsd 248 - 1701914797 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 18:06:37 [httpsd 248 - 1701914797 info] api_store_parameter[241] -- add API parameter 'scope': '"global"' (type=string)
2023-12-06 18:06:37 [httpsd 248 - 1701914797 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='available-interfaces',vdom='root',user='admin')
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[593] -- new request (handler='api_cmdb_v2-handler', uri='/api/v2/cmdb/system/interface/prt-lo-testla-u?vdom=partner&access_token=******************************', method='PUT')
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[597] -- User-Agent: Python-urllib/3.8
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[600] -- Source: 10.0.0.11:61231 Destination: 10.0.0.60:443
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_cmdb_v2_handler[2096] -- received api_cmdb_v2_request from '10.0.0.11'
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_access_check_for_api_key[927] -- Peer not trusted: 10.0.0.11.
2023-12-06 18:06:38 [httpsd 249 - 1701914798 warning] _lock_out_check_and_lock_out[541] -- Failed api-key login attempt from 10.0.0.11. (2/3 attempts within 120s).
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='(null)')
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'vdom': '"partner"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'access_token': '********' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'allowaccess': '"ping"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'description': '"Testlab"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'ip': '"10.54.37.129\/32"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'name': '"prt-lo-testla-u"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'status': '"up"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'type': '"loopback"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_store_parameter[241] -- add API parameter 'vdom': '"partner"' (type=string)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] handle_cli_req_v2_vdom[1995] -- attempting to change from vdom "root" to vdom "partner"
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] handle_cli_req_v2_vdom[1998] -- new CMDB API request (vdom='partner',user='admin')
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_cmdb_request_init_by_path[1401] -- new CMDB query (path='system',name='interface')
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_cmdb_request_init_by_path[1430] -- querying CMDB entry (mkey='prt-lo-testla-u')
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] api_cmdb_request_init_by_path[1434] -- unable to find 'prt-lo-testla-u' in table 'system.interface'
2023-12-06 18:06:38 [httpsd 249 - 1701914798 error] is_valid_csrf_token[2421] -- no CSRF token found
2023-12-06 18:06:38 [httpsd 249 - 1701914798 error] api_cmdb_execute_handler[1882] -- no valid CSRF token found
2023-12-06 18:06:38 [httpsd 249 - 1701914798 error] api_return_http_result[645] -- API error 403 raised
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] handle_cli_req_v2_vdom[2006] -- returning to original vdom "root"
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[616] -- request completed (handler='api_cmdb_v2-handler' result==0)
2023-12-06 18:06:38 [httpsd 248 - 1701914798 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[593] -- new request (handler='logout-handler', uri='/logout?access_token=******************************', method='POST')
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[597] -- User-Agent: Python-urllib/3.8
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[600] -- Source: 10.0.0.11:61232 Destination: 10.0.0.60:443
2023-12-06 18:06:38 [httpsd 249 - 1701914798 info] ap_invoke_handler[616] -- request completed (handler='logout-handler' result==0)
2023-12-06 18:06:41 [httpsd 249 - 1701914801 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/usb-log', method='GET')
2023-12-06 18:06:41 [httpsd 249 - 1701914801 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 18:06:41 [httpsd 249 - 1701914801 info] ap_invoke_handler[600] -- Source: 10.0.0.11:61234 Destination: 10.0.0.60:443
2023-12-06 18:06:41 [httpsd 249 - 1701914801 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 18:06:41 [httpsd 249 - 1701914801 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 18:06:41 [httpsd 249 - 1701914801 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='usb-log',vdom='root',user='admin')
2023-12-06 18:06:41 [httpsd 249 - 1701914801 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
2023-12-06 18:06:47 [httpsd 248 - 1701914807 info] ap_invoke_handler[593] -- new request (handler='api_monitor_v2-handler', uri='/api/v2/monitor/system/usb-log', method='GET')
2023-12-06 18:06:47 [httpsd 248 - 1701914807 info] ap_invoke_handler[597] -- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
2023-12-06 18:06:47 [httpsd 248 - 1701914807 info] ap_invoke_handler[600] -- Source: 10.0.0.11:61236 Destination: 10.0.0.60:443
2023-12-06 18:06:47 [httpsd 248 - 1701914807 info] endpoint_handle_req[625] -- received api_monitor_v2_request from '10.0.0.11'
2023-12-06 18:06:47 [httpsd 248 - 1701914807 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='')
2023-12-06 18:06:47 [httpsd 248 - 1701914807 info] endpoint_process_req_vdom[463] -- new API request (action='select',path='system',name='usb-log',vdom='root',user='admin')
2023-12-06 18:06:47 [httpsd 248 - 1701914807 info] ap_invoke_handler[616] -- request completed (handler='api_monitor_v2-handler' result==0)
Same issue happening with fortios_vpn_ipsec_phase1_interface as well.
- name: Creating Loopback Interface '{{ fgt_loopbk_inf }}'
fortinet.fortios.fortios_vpn_ipsec_phase1_interface:
access_token: "{{ restadmin_api_key }}"
vdom: "{{ vdom }}"
enable_log: True
state: present
vpn_ipsec_phase1_interface:
name: "{{ vpn_name }}"
interface: "{{ fgt_loopbk_inf }}"
ike_version: "2"
keylife: "{{ p1_key_seconds }}"
peertype: "any"
proposal: "{{ p1_proposal }}"
dhgrp: "{{ p1_dhgrp }}"
nattraversal: disable
remote_gw: "{{ vpn_remote_gw }}"
authmethod: psk
psksecret: "{{ vpn_psk }}"
dpd: "on-idle"
dpd_retrycount: "3"
keepalive: "10"
auto_negotiate: enable[sri-se4]: FAILED! => {"changed": false, "meta": {"build": 866, "http_method": "PUT", "http_status": 403, "mkey": "SE4-Testlab", "name": "phase1-interface", "path": "vpn.ipsec", "serial": "FG100ETKxxxxxxxx", "status": "error", "vdom": "partner", "version": "v6.2.0"},
"msg": "Error in repo"}Debug Logs:
[httpsd 251 - 1702019313 info] ap_invoke_handler[593] -- new request (handler='api_cmdb_v2-handler', uri='/api/v2/cmdb/vpn.ipsec/phase1-interface/SE4-Testlab?vdom=partner&access_token=******************************', method='PUT')
[httpsd 251 - 1702019313 info] ap_invoke_handler[597] -- User-Agent: Python-urllib/3.8
[httpsd 251 - 1702019313 info] ap_invoke_handler[600] -- Source: 10.0.0.11:55218 Destination: 10.0.0.60:443
[httpsd 251 - 1702019313 info] api_cmdb_v2_handler[2096] -- received api_cmdb_v2_request from '10.0.0.11'
[httpsd 251 - 1702019313 info] api_access_check_for_api_key[927] -- Peer not trusted: 10.0.0.11.
[httpsd 251 - 1702019313 warning] _lock_out_check_and_lock_out[541] -- Failed api-key login attempt from 10.0.0.11. (1/3 attempts within 60s).
[httpsd 251 - 1702019314 info] aps_init_process_vdom[1260] -- initialized process vdom to 'root' (cookie='(null)')
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'vdom': '"partner"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'access_token': '********' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'authmethod': '"psk"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'auto-negotiate': '"enable"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'dhgrp': '"14"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'dpd': '"on-idle"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'dpd-retrycount': '3' (type=int)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'ike-version': '"2"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'interface': '"prt-lo-testla-u"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'keepalive': '10' (type=int)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'keylife': '28800' (type=int)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'name': '"SE4-Testlab"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'nattraversal': '"disable"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'peertype': '"any"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'proposal': '"aes256-sha256"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'psksecret': '"TempKey@123123"' (type=string)
[httpsd 251 - 1702019314 info] api_store_parameter[241] -- add API parameter 'remote-gw': '"1.1.1.1"' (type=string)
[httpsd 251 - 1702019314 info] handle_cli_req_v2_vdom[1995] -- attempting to change from vdom "root" to vdom "partner"
[httpsd 251 - 1702019314 info] handle_cli_req_v2_vdom[1998] -- new CMDB API request (vdom='partner',user='admin')
[httpsd 251 - 1702019314 info] api_cmdb_request_init_by_path[1401] -- new CMDB query (path='vpn.ipsec',name='phase1-interface')
[httpsd 251 - 1702019314 info] api_cmdb_request_init_by_path[1430] -- querying CMDB entry (mkey='SE4-Testlab')
[httpsd 251 - 1702019314 info] api_cmdb_request_init_by_path[1434] -- unable to find 'SE4-Testlab' in table 'vpn.ipsec.phase1-interface'
[httpsd 251 - 1702019314 error] is_valid_csrf_token[2421] -- no CSRF token found
[httpsd 251 - 1702019314 error] api_cmdb_execute_handler[1882] -- no valid CSRF token found
[httpsd 251 - 1702019314 error] api_return_http_result[645] -- API error 403 raised
[httpsd 251 - 1702019314 info] handle_cli_req_v2_vdom[2006] -- returning to original vdom "root"
[httpsd 251 - 1702019314 info] ap_invoke_handler[616] -- request completed (handler='api_cmdb_v2-handler' result==0)
[httpsd 247 - 1702019314 info] ap_invoke_handler[593] -- new request (handler='logout-handler', uri='/logout?access_token=******************************', method='POST')
[httpsd 247 - 1702019314 info] ap_invoke_handler[597] -- User-Agent: Python-urllib/3.8
[httpsd 247 - 1702019314 info] ap_invoke_handler[600] -- Source: 10.0.0.11:55219 Destination: 10.0.0.60:443
[httpsd 247 - 1702019314 info] ap_invoke_handler[616] -- request completed (handler='logout-handler' result==0)
JieX19
commented
3 months ago Hi @asrivastav-aag
I found some clues from the log, the 1st issue is that you might not configure the API access_token correctly, here's the reason:
[httpsd 251 - 1702019313 info] api_access_check_for_api_key[927] -- Peer not trusted: 10.0.0.11. [httpsd 251 - 1702019313 warning] _lock_out_check_and_lock_out[541] -- Failed api-key login attempt from 10.0.0.11. (1/3 attempts within 60s).
So it actually uses the username/password instead. But it's not a problem, we handle the case in the code.
The error should be caused by the 2nd issue as below:
[httpsd 251 - 1702019314 info] api_cmdb_request_init_by_path[1430] -- querying CMDB entry (mkey='SE4-Testlab') [httpsd 251 - 1702019314 info] api_cmdb_request_init_by_path[1434] -- unable to find 'SE4-Testlab' in table 'vpn.ipsec.phase1-interface'
You should check on "vpn.ipsec.phase1-interface" to see if "SE4-Testlab" exists in the table.
Thanks, Jie
Hello! I'm trying to create a lookback interface on a licensed FGT hardware using _fortios_systeminterface module, but getting "Error in repo" everytime.
Playbook:
hosts: fgt connection: httpapi collections:
vars: vdom: "partner" vendor_name: 'testlab' fgt_loopbk_ip: "10.54.37.129/32"
tasks:
set_fact: vdom: "{{ vdom | lower }}" vendor_name: "{{ vendor_name | capitalize }}" fgt_loopbk_inf: "prt-lo-{{ vendor_name[0:6] | lower }}-u" vpn_name: "SE4-{{ vendor_name | capitalize }}" static_route_id: "Need to CREATE a filter" partner_pfx_id: "Need to CREATE a filter"
name: Creating Loopback Interface '{{ fgt_loopbk_inf }}' fortinet.fortios.fortios_system_interface: vdom: "{{ vdom }}" enable_log: True state: present system_interface: name: "{{ fgt_loopbk_inf }}" description: "{{ vendor_name }}" type: "loopback" ip: 10.54.37.129/32 # "{{ fgt_loopbk_ip }}" allowaccess: "ping" # "ping", "https", "ssh", "snmp", "http", "telnet", "fgfm", "radius-acct", "probe-response", "fabric", "ftm", "speed-test", "capwap" status: "up"
Detailed Output: ansible [core 2.13.13] config file = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/ansible.cfg configured module search path = ['/Users/sri/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/lib/python3.8/site-packages/ansible ansible collection location = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/collections/ansible_collections executable location = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/bin/ansible python version = 3.8.6 (v3.8.6:db455296be, Sep 23 2020, 13:31:39) [Clang 6.0 (clang-600.0.57)] jinja version = 3.1.2 libyaml = True
(013_fgt_create_ipsec)sri@@SEAVVMASRIVA 013_fgt_create_ipsec % ansible-galaxy collection list
Collection Version
ansible.netcommon 5.2.0
ansible.utils 2.11.0 fortinet.fortios 2.3.2
(013_fgt_create_ipsec)sri@@SEAVVMASRIVA 013_fgt_create_ipsec % ansible-playbook 52_CreateLoopbackInterface-2.yaml -vvv ansible-playbook [core 2.13.13] config file = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/ansible.cfg configured module search path = ['/Users/sri/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/lib/python3.8/site-packages/ansible ansible collection location = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/collections/ansible_collections executable location = /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/bin/ansible-playbook python version = 3.8.6 (v3.8.6:db455296be, Sep 23 2020, 13:31:39) [Clang 6.0 (clang-600.0.57)] jinja version = 3.1.2 libyaml = True Using /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/ansible.cfg as config file host_list declined parsing /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/inventory.yaml as it did not pass its verify_file() method script declined parsing /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/inventory.yaml as it did not pass its verify_file() method Parsed /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/inventory.yaml inventory source with ini plugin Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: 52_CreateLoopbackInterface-2.yaml **** 1 plays in 52_CreateLoopbackInterface-2.yaml
PLAY [fgt] ***** META: ran handlers
TASK [set_fact] **** task path: /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/52_CreateLoopbackInterface-2.yaml:15 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi redirecting (type: httpapi) ansible.builtin.fortios to fortinet.fortios.fortios ok: [sri-se4] => { "ansible_facts": { "fgt_loopbk_inf": "prt-lo-testla-u", "partner_pfx_id": "Need to CREATE a filter", "static_route_id": "Need to CREATE a filter", "vdom": "partner", "vendor_name": "Testlab", "vpn_name": "SE4-Testlab" }, "changed": false }
TASK [Creating Loopback Interface 'prt-lo-testla-u'] *** task path: /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/52_CreateLoopbackInterface-2.yaml:23 redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi redirecting (type: httpapi) ansible.builtin.fortios to fortinet.fortios.fortios <10.0.0.60> ESTABLISH LOCAL CONNECTION FOR USER: sri <10.0.0.60> EXEC /bin/sh -c '( umask 77 && mkdir -p "
echo /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol"&& mkdir "echo /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/ansible-tmp-1701727230.947819-28436-252761457335853" && echo ansible-tmp-1701727230.947819-28436-252761457335853="echo /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/ansible-tmp-1701727230.947819-28436-252761457335853" ) && sleep 0' Using module file /Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_interface.py <10.0.0.60> PUT /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/tmp7_4lzsyj TO /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/ansible-tmp-1701727230.947819-28436-252761457335853/AnsiballZ_fortios_system_interface.py <10.0.0.60> EXEC /bin/sh -c 'chmod u+x /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/ansible-tmp-1701727230.947819-28436-252761457335853/ /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/ansible-tmp-1701727230.947819-28436-252761457335853/AnsiballZ_fortios_system_interface.py && sleep 0' <10.0.0.60> EXEC /bin/sh -c '/Users/sri/Documents/002/GitRepos/013_fgt_create_ipsec/bin/python3 /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/ansible-tmp-1701727230.947819-28436-252761457335853/AnsiballZ_fortios_system_interface.py && sleep 0' <10.0.0.60> EXEC /bin/sh -c 'rm -f -r /Users/sri/.ansible/tmp/ansible-local-28422a37kbvol/ansible-tmp-1701727230.947819-28436-252761457335853/ > /dev/null 2>&1 && sleep 0' fatal: [sri-se4]: FAILED! => { "changed": false, "invocation": { "module_args": { "access_token": null, "enable_log": true, "member_path": null, "member_state": null, "state": "present", "system_interface": { "ac_name": null, "aggregate": null, "aggregate_type": null, "algorithm": null, "alias": null, "allowaccess": "ping", "ap_discover": null, "arpforward": null, "auth_cert": null, "auth_portal_addr": null, "auth_type": null, "auto_auth_extension_device": null, "bandwidth_measure_time": null, "bfd": null, "bfd_desired_min_tx": null, "bfd_detect_mult": null, "bfd_required_min_rx": null, "broadcast_forticlient_discovery": null, "broadcast_forward": null, "captive_portal": null, "cli_conn_status": null, "client_options": null, "color": null, "dedicated_to": null, "default_purdue_level": null, "defaultgw": null, "description": "Testlab", "detected_peer_mtu": null, "detectprotocol": null, "detectserver": null, "device_access_list": null, "device_identification": null, "device_identification_active_scan": null, "device_netscan": null, "device_user_identification": null, "devindex": null, "dhcp_broadcast_flag": null, "dhcp_classless_route_addition": null, "dhcp_client_identifier": null, "dhcp_relay_agent_option": null, "dhcp_relay_interface": null, "dhcp_relay_interface_select_method": null, "dhcp_relay_ip": null, "dhcp_relay_link_selection": null, "dhcp_relay_request_all_server": null, "dhcp_relay_service": null, "dhcp_relay_type": null, "dhcp_renew_time": null, "dhcp_smart_relay": null, "dhcp_snooping_server_list": null, "disc_retry_timeout": null, "disconnect_threshold": null, "distance": null, "dns_server_override": null, "dns_server_protocol": null, "drop_fragment": null, "drop_overlapped_fragment": null, "eap_ca_cert": null, "eap_identity": null, "eap_method": null, "eap_password": null, "eap_supplicant": null, "eap_user_cert": null, "egress_cos": null, "egress_queues": null, "egress_shaping_profile": null, "endpoint_compliance": null, "estimated_downstream_bandwidth": null, "estimated_upstream_bandwidth": null, "explicit_ftp_proxy": null, "explicit_web_proxy": null, "external": null, "fail_action_on_extender": null, "fail_alert_interfaces": null, "fail_alert_method": null, "fail_detect": null, "fail_detect_option": null, "fortiheartbeat": null, "fortilink": null, "fortilink_backup_link": null, "fortilink_neighbor_detect": null, "fortilink_split_interface": null, "fortilink_stacking": null, "forward_domain": null, "gi_gk": null, "gwdetect": null, "ha_priority": null, "icmp_accept_redirect": null, "icmp_send_redirect": null, "ident_accept": null, "idle_timeout": null, "ike_saml_server": null, "inbandwidth": null, "ingress_cos": null, "ingress_shaping_profile": null, "ingress_spillover_threshold": null, "interface": null, "internal": null, "ip": "10.54.37.129/32", "ip_managed_by_fortiipam": null, "ipmac": null, "ips_sniffer_mode": null, "ipunnumbered": null, "ipv6": null, "l2forward": null, "lacp_ha_secondary": null, "lacp_ha_slave": null, "lacp_mode": null, "lacp_speed": null, "lcp_echo_interval": null, "lcp_max_echo_fails": null, "link_up_delay": null, "lldp_network_policy": null, "lldp_reception": null, "lldp_transmission": null, "macaddr": null, "managed_device": null, "managed_subnetwork_size": null, "management_ip": null, "measured_downstream_bandwidth": null, "measured_upstream_bandwidth": null, "mediatype": null, "member": null, "min_links": null, "min_links_down": null, "mode": null, "monitor_bandwidth": null, "mtu": null, "mtu_override": null, "name": "prt-lo-testla-u", "ndiscforward": null, "netbios_forward": null, "netflow_sampler": null, "outbandwidth": null, "padt_retry_timeout": null, "password": null, "ping_serv_status": null, "polling_interval": null, "pppoe_unnumbered_negotiate": null, "pptp_auth_type": null, "pptp_client": null, "pptp_password": null, "pptp_server_ip": null, "pptp_timeout": null, "pptp_user": null, "preserve_session_route": null, "priority": null, "priority_override": null, "proxy_captive_portal": null, "reachable_time": null, "redundant_interface": null, "remote_ip": null, "replacemsg_override_group": null, "ring_rx": null, "ring_tx": null, "role": null, "sample_direction": null, "sample_rate": null, "scan_botnet_connections": null, "secondary_IP": null, "secondaryip": null, "security_exempt_list": null, "security_external_logout": null, "security_external_web": null, "security_groups": null, "security_mac_auth_bypass": null, "security_mode": null, "security_redirect_url": null, "service_name": null, "sflow_sampler": null, "snmp_index": null, "speed": null, "spillover_threshold": null, "src_check": null, "status": "up", "stp": null, "stp_ha_secondary": null, "stp_ha_slave": null, "stpforward": null, "stpforward_mode": null, "subst": null, "substitute_dst_mac": null, "sw_algorithm": null, "swc_first_create": null, "swc_vlan": null, "switch": null, "switch_controller_access_vlan": null, "switch_controller_arp_inspection": null, "switch_controller_dhcp_snooping": null, "switch_controller_dhcp_snooping_option82": null, "switch_controller_dhcp_snooping_verify_mac": null, "switch_controller_dynamic": null, "switch_controller_feature": null, "switch_controller_igmp_snooping": null, "switch_controller_igmp_snooping_fast_leave": null, "switch_controller_igmp_snooping_proxy": null, "switch_controller_iot_scanning": null, "switch_controller_learning_limit": null, "switch_controller_mgmt_vlan": null, "switch_controller_nac": null, "switch_controller_netflow_collect": null, "switch_controller_rspan_mode": null, "switch_controller_source_ip": null, "switch_controller_traffic_policy": null, "system_id": null, "system_id_type": null, "tagging": null, "tcp_mss": null, "trust_ip6_1": null, "trust_ip6_2": null, "trust_ip6_3": null, "trust_ip_1": null, "trust_ip_2": null, "trust_ip_3": null, "type": "loopback", "username": null, "vdom": null, "vindex": null, "vlan_protocol": null, "vlanforward": null, "vlanid": null, "vrf": null, "vrrp": null, "vrrp_virtual_mac": null, "wccp": null, "weight": null, "wins_ip": null }, "vdom": "partner" } }, "meta": { "build": 866, "http_method": "PUT", "http_status": 403, "mkey": "prt-lo-testla-u", "name": "interface", "path": "system", "serial": "FG100ETKxxxxxxxxx", "status": "error", "vdom": "partner", "version": "v6.2.0" }, "msg": "Error in repo" }PLAY RECAP ***** sri-se4 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
sri@SEAVVMASRIVA /tmp % tail -f fortios.ansible.log
2023-12-04 14:00:32.820853: logout
2023-12-04 14:00:32.821169: Sending request: METHOD:POST URL:/logout DATA:
2023-12-04 14:00:32.904233: updated auth headers: dict_items([('Accept', 'application/json'), ('Cookie', 'APSCOOKIE_824185510="0%260"; path=/; expires=Sun, 16-Dec-1973 22:00:32 GMT; secure; SameSite=Strict'), ('x-csrftoken', '0%260')])
2023-12-04 14:00:32.904640: response data:
...
^C
sri@SEAVVMASRIVA /tmp %
"mkey":"prt-lo-testla-u", "serial":"FG100ETKxxxxxxxxx", "version":"v...