search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
85 stars 49 forks source link

Can not set Admin SSH keys. "Error in Repo" #288

Closed TafkaMax closed 10 months ago

TafkaMax commented 10 months ago

I have the same problem with FortiOS ansible module, as I had with the FortiSwitch one.

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortiswitch-collection/issues/7

TafkaMax commented 10 months ago

NVM. It seems to be a problem with changing existing Admin user and 'PUT' command.

https://community.fortinet.com/t5/Support-Forum/Fortigate-API-works-for-everything-but-admin-password-change/td-p/80126

https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/20

TafkaMax commented 10 months ago

NVM. I have two problems. I get 403 when using PUT via this role, as specified above.

Also the same issue perists, that is also present with FortiSwitch module. It tries to only parse the last part of the SSH key entered.

  1. Crypto type
  2. SSH-key
  3. Comment

As you can see, again it tried to only add the comment part and not the full SSH-key.


0: edit "read-only-admin"
0: set accprofile "read-only-profile"
0: set comments "Read Only privileged admin user to save backup configuration."
0: set vdom "root" 
0: unset ssh-public-key1
-651: set ssh-public-key1 "oxidized-ecdsa@example.com"
MaxxLiu22 commented 10 months ago

Hi @TafkaMax ,

Thank you for raising this issue, I find this argument is specially handled by API just like image content, certificate, so we had better save the SSH key into a singe file (for example ssh_key.txt) with single quotation marks wrapped like 

`ssh-rsa AAAAB3NzaC1yc...yxs91pxVWYTA9A6y67KtksOUIp/k26ihDxECTo2XdJ9WXTUEurYwl49H8= root@maxx'

and refer it in your ansible script like

  tasks:
  - name: Configure admin users.
    fortios_system_admin:
      vdom: root
      state: present
      system_admin:
        accprofile: super_admin
        name: new_admin355
        ssh_public_key1: "{{ lookup( 'file', 'ssh_key.txt') | string  }}"

please let me know if that doesn't solve your problem in your FGT and FSW.

Thanks, Maxx

TafkaMax commented 10 months ago

Well it did work, but overall it is a rather unfortunate bug/workaround method.

Thanks for feedback though. It does work, so I will close the issue.