Closed asrivastav-aag closed 3 months ago
Hello!
Module "_fortios_router_prefixlist" is wiping out the old rules and adding just the new rule that I'm trying to add through the playbook. Could you please check on this and suggest if I'm missing anything?
I'm referring to this doc, and tried member operations as well, but no luck: https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_router_prefix_list.html
Also raised an issue here: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-sphinxdoc/issues/15
Thanks!
Example:
Playbook:
--- - hosts: igq-sri-test-fw connection: httpapi gather_facts: no collections: - fortinet.fortios - fortinet.fortimanager vars: encr_dst: 1.2.3.0 255.255.255.0 vendor_name: 'TestLab' tasks: - name: "Task00-1 - Gathering FW Configuration Facts" fortinet.fortios.fortios_configuration_fact: vdom: "root" selectors: - selector: router_prefix-list register: vpn_facts - set_fact: next_pfx_id: "{{ vpn_facts | next_partner_pfx_id }}" # Custom Filter for next available prefix id - eg: 60 - fortios_router_prefix_list: vdom: "root" state: "present" router_prefix_list: name: "pfx-partner-src" rule: - action: "permit" id: "{{ next_pfx_id }}" prefix: "{{ encr_dst }}" register: pfx_data - debug: msg: "{{ pfx_data }}"
Debug logs:
2024-08-16 13:58:58,604 p=71005 u=sri n=ansible | ansible-playbook [core 2.15.12] config file = /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/ansible.cfg configured module search path = ['/Users/sri/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/lib/python3.9/site-packages/ansible ansible collection location = /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/collections/ansible_collections executable location = /Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/bin/ansible-playbook python version = 3.9.6 (v3.9.6:db3ff76da1, Jun 28 2021, 11:14:58) [Clang 12.0.5 (clang-1205.0.22.9)] (/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/bin/python3) jinja version = 3.1.4 libyaml = True 2024-08-16 13:58:58,604 p=71005 u=sri n=ansible | Using /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/ansible.cfg as config file 2024-08-16 13:58:58,687 p=71005 u=sri n=ansible | host_list declined parsing /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/inventory.yaml as it did not pass its verify_file() method 2024-08-16 13:58:58,687 p=71005 u=sri n=ansible | script declined parsing /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/inventory.yaml as it did not pass its verify_file() method 2024-08-16 13:58:58,690 p=71005 u=sri n=ansible | Parsed /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/inventory.yaml inventory source with ini plugin 2024-08-16 13:58:58,846 p=71005 u=sri n=ansible | Skipping callback 'default', as we already have a stdout callback. 2024-08-16 13:58:58,846 p=71005 u=sri n=ansible | Skipping callback 'minimal', as we already have a stdout callback. 2024-08-16 13:58:58,846 p=71005 u=sri n=ansible | Skipping callback 'oneline', as we already have a stdout callback. 2024-08-16 13:58:58,846 p=71005 u=sri n=ansible | PLAYBOOK: 10_fgt_prefix_list.yaml ************************************************************************************************************************************************************************************************************************************************************************* 2024-08-16 13:58:58,846 p=71005 u=sri n=ansible | 1 plays in 10_fgt_prefix_list.yaml 2024-08-16 13:58:58,846 p=71005 u=sri n=ansible | PLAY [igq-sri-test-fw] ************************************************************************************************************************************************************************************************************************************************************************************ 2024-08-16 13:58:58,863 p=71005 u=sri n=ansible | TASK [Task00-1 - Gathering FW Configuration Facts] ******************************************************************************************************************************************************************************************************************************************************** 2024-08-16 13:58:58,874 p=71005 u=sri n=ansible | redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi 2024-08-16 13:58:59,283 p=71014 u=sri n=ansible | redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi 2024-08-16 13:58:59,946 p=71005 u=sri n=ansible | platform_type is set to fortinet.fortios.fortios 2024-08-16 13:58:59,952 p=71005 u=sri n=ansible | <192.168.1.10> ESTABLISH LOCAL CONNECTION FOR USER: sri 2024-08-16 13:58:59,954 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub `"&& mkdir "` echo /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841939.952211-71008-180877662139145 `" && echo ansible-tmp-1723841939.952211-71008-180877662139145="` echo /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841939.952211-71008-180877662139145 `" ) && sleep 0' 2024-08-16 13:59:00,084 p=71005 u=sri n=ansible | Using module file /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_configuration_fact.py 2024-08-16 13:59:00,085 p=71005 u=sri n=ansible | <192.168.1.10> PUT /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/tmp378ftc23 TO /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841939.952211-71008-180877662139145/AnsiballZ_fortios_configuration_fact.py 2024-08-16 13:59:00,118 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c 'chmod u+x /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841939.952211-71008-180877662139145/ /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841939.952211-71008-180877662139145/AnsiballZ_fortios_configuration_fact.py && sleep 0' 2024-08-16 13:59:00,129 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c '/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/bin/python3 /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841939.952211-71008-180877662139145/AnsiballZ_fortios_configuration_fact.py && sleep 0' 2024-08-16 13:59:00,888 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c 'rm -f -r /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841939.952211-71008-180877662139145/ > /dev/null 2>&1 && sleep 0' 2024-08-16 13:59:00,923 p=71005 u=sri n=ansible | ok: [igq-sri-test-fw] => { "changed": false, "invocation": { "module_args": { "access_token": null, "enable_log": false, "filters": null, "formatters": null, "params": null, "selector": null, "selectors": [ { "filters": null, "formatters": null, "params": null, "selector": "router_prefix-list", "sorters": null } ], "sorters": null, "vdom": "root" } }, "meta": [ { "build": 632, "http_method": "GET", "http_status": 200, "matched_count": 8, "name": "prefix-list", "next_idx": 7, "path": "router", "results": [ { "comments": "Local control interface addresses", "name": "pfx-control-local", "q_origin_key": "pfx-control-local", "rule": [ { "action": "permit", "flags": 0, "ge": "", "id": 10, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 10 }, { "action": "permit", "flags": 0, "ge": "", "id": 20, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 20 } ] }, { "comments": "Addresses of remote firewalls for FGSP Sync", "name": "pfx-fgsp-neighbors", "q_origin_key": "pfx-fgsp-neighbors", "rule": [ { "action": "permit", "flags": 0, "ge": "", "id": 10, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 10 } ] }, { "comments": "IP addresses used as Anycast tunnel sources", "name": "pfx-partner-anycast-addresses", "q_origin_key": "pfx-partner-anycast-addresses", "rule": [ { "action": "permit", "flags": 4, "ge": "", "id": 1, "le": 32, "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 1 } ] }, { "comments": "Prefixes accepted as advertisements from ARINC", "name": "pfx-partner-ar-in", "q_origin_key": "pfx-partner-ar-in", "rule": [ { "action": "permit", "flags": 0, "ge": "", "id": 10, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 10 }, { "action": "permit", "flags": 0, "ge": "", "id": 11, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 11 }, { "action": "permit", "flags": 0, "ge": "", "id": 12, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 12 }, { "action": "permit", "flags": 0, "ge": "", "id": 13, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 13 }, { "action": "permit", "flags": 0, "ge": "", "id": 14, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 14 }, { "action": "permit", "flags": 0, "ge": "", "id": 15, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 15 }, { "action": "permit", "flags": 0, "ge": "", "id": 16, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 16 }, { "action": "permit", "flags": 0, "ge": "", "id": 17, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 17 } ] }, { "comments": "Prefixes advertised to ARINC", "name": "pfx-partner-ar-out", "q_origin_key": "pfx-partner-ar-out", "rule": [ { "action": "permit", "flags": 0, "ge": "", "id": 10, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 10 }, { "action": "permit", "flags": 0, "ge": "", "id": 11, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 11 }, { "action": "permit", "flags": 0, "ge": "", "id": 12, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 12 }, { "action": "permit", "flags": 0, "ge": "", "id": 13, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 13 }, { "action": "permit", "flags": 0, "ge": "", "id": 14, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 14 }, { "action": "permit", "flags": 0, "ge": "", "id": 15, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 15 }, { "action": "permit", "flags": 0, "ge": "", "id": 16, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 16 }, { "action": "permit", "flags": 0, "ge": "", "id": 17, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 17 }, { "action": "permit", "flags": 0, "ge": "", "id": 18, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 18 }, { "action": "permit", "flags": 0, "ge": "", "id": 19, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 19 }, { "action": "permit", "flags": 0, "ge": "", "id": 20, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 20 }, { "action": "permit", "flags": 0, "ge": "", "id": 21, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 21 }, { "action": "permit", "flags": 0, "ge": "", "id": 22, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 22 }, { "action": "permit", "flags": 0, "ge": "", "id": 23, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 23 }, { "action": "permit", "flags": 0, "ge": "", "id": 24, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 24 }, { "action": "permit", "flags": 0, "ge": "", "id": 25, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 25 }, { "action": "permit", "flags": 0, "ge": "", "id": 26, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 26 }, { "action": "permit", "flags": 0, "ge": "", "id": 27, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 27 }, { "action": "permit", "flags": 0, "ge": "", "id": 28, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 28 }, { "action": "permit", "flags": 0, "ge": "", "id": 29, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 29 }, { "action": "permit", "flags": 0, "ge": "", "id": 30, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 30 }, { "action": "permit", "flags": 0, "ge": "", "id": 31, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 31 }, { "action": "permit", "flags": 0, "ge": "", "id": 32, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 32 } ] }, { "comments": "Prefixes accepted as advertisements from Sungard PHL", "name": "pfx-partner-phlxn3p", "q_origin_key": "pfx-partner-phlxn3p", "rule": [ { "action": "permit", "flags": 0, "ge": "", "id": 1, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 1 }, { "action": "permit", "flags": 0, "ge": "", "id": 2, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 2 } ] }, { "comments": "IP addresses for IPSEC partner sources", "name": "pfx-partner-src", "q_origin_key": "pfx-partner-src", "rule": [ { "action": "permit", "flags": 0, "ge": "", "id": 50, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 50 }, { "action": "permit", "flags": 0, "ge": "", "id": 1, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 1 }, { "action": "permit", "flags": 0, "ge": "", "id": 2, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 2 }, { "action": "permit", "flags": 0, "ge": "", "id": 3, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 3 }, { "action": "permit", "flags": 0, "ge": "", "id": 4, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 4 }, { "action": "permit", "flags": 0, "ge": "", "id": 5, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 5 }, { "action": "permit", "flags": 0, "ge": "", "id": 6, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 6 }, { "action": "permit", "flags": 0, "ge": "", "id": 7, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 7 }, { "action": "permit", "flags": 0, "ge": "", "id": 8, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 8 }, { "action": "permit", "flags": 0, "ge": "", "id": 9, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 9 }, { "action": "permit", "flags": 0, "ge": "", "id": 10, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 10 }, { "action": "permit", "flags": 0, "ge": "", "id": 11, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 11 }, { "action": "permit", "flags": 0, "ge": "", "id": 12, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 12 }, { "action": "permit", "flags": 0, "ge": "", "id": 13, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 13 }, { "action": "permit", "flags": 0, "ge": "", "id": 14, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 14 }, { "action": "permit", "flags": 0, "ge": "", "id": 15, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 15 }, { "action": "permit", "flags": 0, "ge": "", "id": 16, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 16 }, { "action": "permit", "flags": 0, "ge": "", "id": 17, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 17 }, { "action": "permit", "flags": 0, "ge": "", "id": 18, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 18 }, { "action": "permit", "flags": 0, "ge": "", "id": 19, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 19 }, { "action": "permit", "flags": 0, "ge": "", "id": 20, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 20 }, { "action": "permit", "flags": 0, "ge": "", "id": 21, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 21 }, { "action": "permit", "flags": 0, "ge": "", "id": 22, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 22 }, { "action": "permit", "flags": 0, "ge": "", "id": 23, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 23 }, { "action": "permit", "flags": 0, "ge": "", "id": 24, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 24 }, { "action": "permit", "flags": 0, "ge": "", "id": 26, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 26 }, { "action": "permit", "flags": 0, "ge": "", "id": 25, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 25 }, { "action": "permit", "flags": 0, "ge": "", "id": 27, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 27 }, { "action": "permit", "flags": 0, "ge": "", "id": 28, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 28 }, { "action": "permit", "flags": 0, "ge": "", "id": 29, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 29 }, { "action": "permit", "flags": 0, "ge": "", "id": 30, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 30 }, { "action": "permit", "flags": 0, "ge": "", "id": 31, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 31 }, { "action": "permit", "flags": 0, "ge": "", "id": 32, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 32 }, { "action": "permit", "flags": 0, "ge": "", "id": 33, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 33 }, { "action": "permit", "flags": 0, "ge": "", "id": 34, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 34 }, { "action": "permit", "flags": 0, "ge": "", "id": 35, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 35 }, { "action": "permit", "flags": 0, "ge": "", "id": 36, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 36 }, { "action": "permit", "flags": 0, "ge": "", "id": 37, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 37 }, { "action": "permit", "flags": 0, "ge": "", "id": 38, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 38 }, { "action": "permit", "flags": 0, "ge": "", "id": 39, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 39 }, { "action": "permit", "flags": 0, "ge": "", "id": 40, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 40 }, { "action": "permit", "flags": 0, "ge": "", "id": 41, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 41 }, { "action": "permit", "flags": 0, "ge": "", "id": 42, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 42 }, { "action": "permit", "flags": 0, "ge": "", "id": 43, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 43 }, { "action": "permit", "flags": 0, "ge": "", "id": 44, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 44 }, { "action": "permit", "flags": 0, "ge": "", "id": 45, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 45 }, { "action": "permit", "flags": 0, "ge": "", "id": 47, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 47 }, { "action": "permit", "flags": 0, "ge": "", "id": 48, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 48 }, { "action": "permit", "flags": 0, "ge": "", "id": 49, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 49 }, { "action": "permit", "flags": 0, "ge": "", "id": 51, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 51 }, { "action": "permit", "flags": 0, "ge": "", "id": 52, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 52 }, { "action": "permit", "flags": 0, "ge": "", "id": 53, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 53 }, { "action": "permit", "flags": 0, "ge": "", "id": 54, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 54 }, { "action": "permit", "flags": 0, "ge": "", "id": 55, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 55 }, { "action": "permit", "flags": 0, "ge": "", "id": 56, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 56 }, { "action": "permit", "flags": 0, "ge": "", "id": 57, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 57 }, { "action": "permit", "flags": 0, "ge": "", "id": 58, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 58 }, { "action": "permit", "flags": 0, "ge": "", "id": 59, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 59 }, { "action": "permit", "flags": 0, "ge": "", "id": 60, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 60 } ] }, { "comments": "IP addresses used as IPSEC tunnel sources", "name": "pfx-tunnel-src-addresses", "q_origin_key": "pfx-tunnel-src-addresses", "rule": [ { "action": "permit", "flags": 0, "ge": "", "id": 1, "le": "", "prefix": "x.x.x.x y.y.y.y", "q_origin_key": 1 } ] } ], "revision": "46bfd1dc119789a40bf420221957767e", "serial": "FG100ETKxxxxxxxx", "size": 8, "status": "success", "vdom": "root", "version": "v7.0.15" } ] } 2024-08-16 13:59:00,930 p=71005 u=sri n=ansible | TASK [set_fact] ******************************************************************************************************************************************************************************************************************************************************************************************* 2024-08-16 13:59:01,016 p=71005 u=sri n=ansible | redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi 2024-08-16 13:59:01,973 p=71005 u=sri n=ansible | <192.168.1.10> ESTABLISH HTTP(S) CONNECTFOR USER: admin TO https://192.168.1.10:443 2024-08-16 13:59:01,991 p=71005 u=sri n=ansible | ok: [igq-sri-test-fw] => { "ansible_facts": { "next_pfx_id": "61" }, "changed": false } 2024-08-16 13:59:01,997 p=71005 u=sri n=ansible | TASK [fortios_router_prefix_list] ************************************************************************************************************************************************************************************************************************************************************************* 2024-08-16 13:59:02,009 p=71005 u=sri n=ansible | redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi 2024-08-16 13:59:03,060 p=71005 u=sri n=ansible | <192.168.1.10> ESTABLISH LOCAL CONNECTION FOR USER: sri 2024-08-16 13:59:03,060 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub `"&& mkdir "` echo /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841943.0590599-71046-140781520979810 `" && echo ansible-tmp-1723841943.0590599-71046-140781520979810="` echo /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841943.0590599-71046-140781520979810 `" ) && sleep 0' 2024-08-16 13:59:03,213 p=71005 u=sri n=ansible | Using module file /Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_router_prefix_list.py 2024-08-16 13:59:03,214 p=71005 u=sri n=ansible | <192.168.1.10> PUT /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/tmpoblm8ahh TO /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841943.0590599-71046-140781520979810/AnsiballZ_fortios_router_prefix_list.py 2024-08-16 13:59:03,261 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c 'chmod u+x /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841943.0590599-71046-140781520979810/ /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841943.0590599-71046-140781520979810/AnsiballZ_fortios_router_prefix_list.py && sleep 0' 2024-08-16 13:59:03,280 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c '/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/bin/python3 /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841943.0590599-71046-140781520979810/AnsiballZ_fortios_router_prefix_list.py && sleep 0' 2024-08-16 13:59:05,052 p=71005 u=sri n=ansible | <192.168.1.10> EXEC /bin/sh -c 'rm -f -r /Users/sri/.ansible/tmp/ansible-local-71005is65b_ub/ansible-tmp-1723841943.0590599-71046-140781520979810/ > /dev/null 2>&1 && sleep 0' 2024-08-16 13:59:05,076 p=71005 u=sri n=ansible | changed: [igq-sri-test-fw] => { "changed": true, "diff": {}, "invocation": { "module_args": { "access_token": null, "enable_log": false, "member_path": null, "member_state": null, "router_prefix_list": { "comments": null, "name": "pfx-partner-src", "rule": [ { "action": "permit", "flags": null, "ge": null, "id": 61, "le": null, "prefix": "1.2.3.0 255.255.255.0" } ] }, "state": "present", "vdom": "root" } }, "meta": { "build": 632, "http_method": "PUT", "http_status": 200, "mkey": "pfx-partner-src", "name": "prefix-list", "old_revision": "46bfd1dc119789a40bf420221957767e", "path": "router", "revision": "766c3c154e1c1f147bd52f2050be8577", "revision_changed": true, "serial": "FG100ETKxxxxxxxx", "status": "success", "vdom": "root", "version": "v7.0.15" } } 2024-08-16 13:59:05,087 p=71005 u=sri n=ansible | TASK [debug] ********************************************************************************************************************************************************************************************************************************************************************************************** 2024-08-16 13:59:05,097 p=71005 u=sri n=ansible | redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi 2024-08-16 13:59:06,071 p=71005 u=sri n=ansible | ok: [igq-sri-test-fw] => { "msg": { "changed": true, "diff": {}, "failed": false, "meta": { "build": 632, "http_method": "PUT", "http_status": 200, "mkey": "pfx-partner-src", "name": "prefix-list", "old_revision": "46bfd1dc119789a40bf420221957767e", "path": "router", "revision": "766c3c154e1c1f147bd52f2050be8577", "revision_changed": true, "serial": "FG100ETKxxxxxxxx", "status": "success", "vdom": "root", "version": "v7.0.15" } } } 2024-08-16 13:59:06,097 p=71014 u=sri n=ansible | Traceback (most recent call last): File "/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/lib/python3.9/site-packages/ansible/plugins/__init__.py", line 75, in get_option option_value = C.config.get_config_value(option, plugin_type=self.plugin_type, plugin_name=self._load_name, variables=hostvars) File "/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/lib/python3.9/site-packages/ansible/config/manager.py", line 445, in get_config_value value, _drop = self.get_config_value_and_origin(config, cfile=cfile, plugin_type=plugin_type, plugin_name=plugin_name, File "/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/lib/python3.9/site-packages/ansible/config/manager.py", line 601, in get_config_value_and_origin raise AnsibleError('Requested entry (%s) was not defined in configuration.' % to_native(_get_entry(plugin_type, plugin_name, config))) ansible.errors.AnsibleError: Requested entry (plugin_type: connection plugin: ansible_collections.ansible.netcommon.plugins.connection.httpapi setting: enable_log ) was not defined in configuration. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/lib/python3.9/site-packages/ansible/utils/jsonrpc.py", line 46, in handle_request result = rpc_method(*args, **kwargs) File "/Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/collections/ansible_collections/ansible/utils/plugins/plugin_utils/connection_base.py", line 83, in reset self.close() File "/Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/collections/ansible_collections/ansible/netcommon/plugins/connection/httpapi.py", line 300, in close self.logout() File "/Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/collections/ansible_collections/fortinet/fortios/plugins/httpapi/fortios.py", line 133, in logout self.log('logout') File "/Users/sri/Documents/002CaseStudies/001ReposGIT/007_fgt_create_bp_ipsec/collections/ansible_collections/fortinet/fortios/plugins/httpapi/fortios.py", line 45, in log log_enabled = self._conn.get_option('enable_log') File "/Users/sri/Documents/002CaseStudies/001ReposGIT/013_fgt_create_ipsec/lib/python3.9/site-packages/ansible/plugins/__init__.py", line 77, in get_option raise KeyError(to_native(e)) KeyError: 'Requested entry (plugin_type: connection plugin: ansible_collections.ansible.netcommon.plugins.connection.httpapi setting: enable_log ) was not defined in configuration.' 2024-08-16 13:59:06,099 p=71005 u=sri n=ansible | PLAY RECAP ************************************************************************************************************************************************************************************************************************************************************************************************ 2024-08-16 13:59:06,099 p=71005 u=sri n=ansible | igq-sri-test-fw : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 2024-08-16 13:59:36,121 p=71014 u=sri n=ansible | persistent connection idle timeout triggered, timeout value is 30 secs. See the timeout setting options in the Network Debug and Troubleshooting Guide. 2024-08-16 13:59:36,242 p=71014 u=sri n=ansible | shutdown complete
Got this worked! member_path and member_state, both are required together to preserve the existing records.
member_path
member_state
Hello!
Module "_fortios_router_prefixlist" is wiping out the old rules and adding just the new rule that I'm trying to add through the playbook. Could you please check on this and suggest if I'm missing anything?
I'm referring to this doc, and tried member operations as well, but no luck: https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_router_prefix_list.html
Also raised an issue here: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-sphinxdoc/issues/15
Thanks!
Example:
Playbook:
Debug logs: