full backup - Githubissues

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0

84 stars 48 forks source link

full backup #336

Open milad-24 opened 1 month ago

milad-24 commented 1 month ago

I'm using the fortinet.fortios.fortios_monitor_fact module to create a full backup, but the backup differs slightly from the one obtained through the web UI.

here is my task:

    - name: Backup global settings
      fortinet.fortios.fortios_monitor_fact:
        selector: 'system_config_backup'
        vdom: 'root'
        params:
            scope: 'global'

differences :

config system sso-forticloud-admin
config system admin

How can I create a backup with the complete sso-forticloud-admin and admin sections?

MaxxLiu22 commented 1 month ago

Hi @milad-24 ,

Thank you for bringing this issue to my attention and for providing the information. After comparing the API of the GUI and Ansible requests, I noticed that Ansible includes an additional vdom=root in the URL. This could be why some configurations are not being downloaded. Even if you remove the vdom argument from the task, Ansible defaults to setting vdom="root". I would suggest trying to set vdom="" in your task to see if that resolves the issue. on my side, It behaviors just like GUI.

  tasks:
    - name: Backup global settings
      fortinet.fortios.fortios_monitor_fact:
        enable_log: "true"
        selector: 'system_config_backup'
        vdom: ''
        params:
            scope: 'global'

Ansible: /api/v2/monitor/system/config/backup?vdom=root&scope=global
GUI: /api/v2/monitor/system/config/backup?destination=file&scope=global

Thanks, Maxx

milad-24 commented 1 month ago

Hi @MaxxLiu22 , Thank you for the quick response. Unfortunately, setting vdom to an empty string did not resolve my issue. Both sso-forticloud-admin and admin are still empty:

config system admin
end
config system sso-forticloud-admin
end

MaxxLiu22 commented 1 month ago

Hi @milad-24 ,

Thank you for providing this information. It appears that your login user may not have the necessary permissions to back up this data. Could you please confirm if you are using a user with the 'super_admin' profile for the backup? Even users with customized full permissions might have fewer permissions than those with the default 'super_admin' profile. If this is not the issue, could you please let me know which version of FOS you are using? Alternatively, you can open the web monitor (F12) to check how the GUI performs this operation. Thank you!

Thanks, Maxx

milad-24 commented 3 weeks ago

@MaxxLiu22 I've created another profile with full admin rights for APIs and used this API token. It seems that this profile doesn't have full privileges!