fortios_firewall_vip ignores ldb_method

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0

84 stars 48 forks source link

fortios_firewall_vip ignores ldb_method #328

Closed milad-24 closed 1 month ago

milad-24 commented 1 month ago

The fortios_firewall_vip module cannot create a virtual server with server_type: tcp and lb_method: least-session. It ignores the lb_method parameter and always defaults to the static method.

- name: virtual server
  fortinet.fortios.fortios_firewall_vip:
    state: "present"
    access_token: "{{ fortios_access_token }}"
    firewall_vip:
      name: "TEST"
      type: "server-load-balance"
      extip: "1.2.3.4"
      extintf: "any"
      extport:  "1234"
      server_type: tcp
      ldb_method: least-session

already reported here: https://community.fortinet.com/t5/Support-Forum/fortios-API-for-vip-load-balancer-not-saving-ldb-method-7-2-4/m-p/255595#M211997

milad-24 commented 1 month ago

I use an extra ansible module to fix this issue:

- name: Update LB Method
  ansible.builtin.uri:
    url: "{{'https://' +ansible_host + '/api/v2/cmdb/firewall/vip/' + vip.name }}"
    method: PUT
    headers:
      Authorization: "{{'Bearer' +fortios_access_token }}"
      Content-Type: "application/json"
    body:
      name: "{{vip.name}}"
      ldb-method: '{{vip.ldb_method}}'
    body_format: json

MaxxLiu22 commented 1 month ago

Hi @milad-24 ,

Thank you for raising this issue. This problem has been reported by other customers before https://github.com/fortinetdev/terraform-provider-fortios/issues/246#issuecomment-1263101678. I am currently checking the internal ticket and will remind the API team about this issue. It seems like "ldb-method" and "server_type" cannot be set at the same time, which is not what we intended. As a workaround solution, could you please split this into two tasks: one for creating the firewall VIP, and the other for updating the "ldb-method"? Alternatively, you can continue using your URI method. Sorry for the inconvenience.

  - name: config vip
    fortinet.fortios.fortios_firewall_vip:
      state: "present"
      firewall_vip:
        name: "TEST"
        type: "server-load-balance"
        extip: "1.2.3.4"
        extintf: "any"
        extport:  "1234"
        server_type: tcp
  - name: update ldb_method
    fortinet.fortios.fortios_firewall_vip:
      state: "present"
      firewall_vip:
        name: "TEST"
        ldb_method: least-session

Thanks, Maxx

milad-24 commented 1 month ago

Thank you, @MaxxLiu22. Your solution is an improvement! However, I still encounter state changes when running my Ansible playbook. To resolve this, I utilized ansible.builtin.uri to check the state of the virtual server. Then, I applied a when condition to create or modify the virtual server accordingly.

- name: Get virtual server data
  ansible.builtin.uri:
    url: "{{'https://' +ansible_host + '/api/v2/cmdb/firewall/vip/' + vip.name | urlencode }}"
    method: GET
    status_code: [200, 404]
    headers:
      Authorization: "{{'Bearer' +fortios_access_token }}"
      Content-Type: "application/json"
      return_content: yes
      body_format: json