updating policy based routing of fortigate is not working always has seq-num error

[bhakero]

I tried to add/append test1 and tes2 addresses to existing policy route with sequence number 2 can you help what went wrong?

Source Code:

• hosts: FW1 connection: httpapi collections:
  • fortinet.fortios vars: vdom: "root" ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 ansible_network_os: fortinet.fortios.fortios tasks:
  • name: Configure IPv4 routing policies. fortios_router_policy: vdom: "{{ vdom }}" state: "present" access_token: "{{ fortios_access_token }}" member_path: "srcaddr:name" member_state: "present" router_policy: seq_num: 2 srcaddr:
    • name: "Ansible_Test1"
    • name: "Ansible_Test2" ...

Error:

The full traceback is: Traceback (most recent call last): File "/root/.ansible/tmp/ansible-local-8417089a8j6a/ansible-tmp-1708423238.1846228-8500-144810943796408/AnsiballZ_fortios_router_policy.py", line 107, in _ansiballz_main() File "/root/.ansible/tmp/ansible-local-8417089a8j6a/ansible-tmp-1708423238.1846228-8500-144810943796408/AnsiballZ_fortios_router_policy.py", line 99, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/root/.ansible/tmp/ansible-local-8417089a8j6a/ansible-tmp-1708423238.1846228-8500-144810943796408/AnsiballZ_fortios_router_policy.py", line 47, in invoke_module runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_router_policy', init_globals=dict(_module_fqn='ansible_collections.fortinet.fortios.plugins.modules.fortios_router_policy', _modlib_path=modlib_path), File "/usr/lib/python3.10/runpy.py", line 224, in run_module return _run_module_code(code, init_globals, run_name, mod_spec) File "/usr/lib/python3.10/runpy.py", line 96, in _run_module_code _run_code(code, mod_globals, init_globals, File "/usr/lib/python3.10/runpy.py", line 86, in _run_code exec(code, run_globals) File "/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py", line 753, in File "/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py", line 719, in main File "/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py", line 527, in fortios_router File "/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py", line 458, in do_member_operation KeyError: 'seq-num' fatal: [FW1]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-local-8417089a8j6a/ansible-tmp-1708423238.1846228-8500-144810943796408/AnsiballZ_fortios_router_policy.py\", line 107, in \n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-local-8417089a8j6a/ansible-tmp-1708423238.1846228-8500-144810943796408/AnsiballZ_fortios_router_policy.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-local-8417089a8j6a/ansible-tmp-1708423238.1846228-8500-144810943796408/AnsiballZ_fortios_router_policy.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_router_policy', init_globals=dict(_module_fqn='ansible_collections.fortinet.fortios.plugins.modules.fortios_router_policy', _modlib_path=modlib_path),\n File \"/usr/lib/python3.10/runpy.py\", line 224, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.10/runpy.py\", line 96, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.10/runpy.py\", line 86, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py\", line 753, in \n File \"/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py\", line 719, in main\n File \"/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_policy.py\", line 527, in fortios_router\n File \"/tmp/ansible_fortios_router_policy_payload_cobiz1gf/ansible_fortios_router_policy_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py\", line 458, in do_member_operation\nKeyError: 'seq-num'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

[MaxxLiu22]

Hi @bhakero

Thank you for raising this issue, there may exists some conflict between member operation and seq_num, could you try to remove member_path and member_state and update srcaddr again, since if Ansible detects there exist same seq_num object , it will update the exist one with changed arguments not replace the whole object, so if you would like to add more srcaddr , remember to add existing srcaddr to the script as well, let me know if that doesn't solve your question.

  tasks:
  - name: Configure IPv4 routing policies.
    fortios_router_policy:
      vdom: '{{ vdom }}'
      state: present
      # member_path: "srcaddr:name"
      # member_state: "present"
      router_policy:
        seq_num: 22
        srcaddr:
        - name: FABRIC_DEVICE
        - name: SSLVPN_TUNNEL_ADDR1

Thanks, Maxx

[JieX19]

Hi @bhakero

Please install the latest version 2.3.6 and try this module again! I will close this ticket as it's already fixed. Feel free to reopen it if you have any questions.

Thanks, Jie