search

fortinet-solutions-cse / 40ansible

Ansible modules and examples for Fortinet products using the REST API
https://fndn.fortinet.net
Apache License 2.0
79 stars 44 forks source link

msg: error in repo on playbook run #22

Closed tchession closed 5 years ago

tchession commented 6 years ago

Hello,

I am receiving the following error when running a playbook to create a VIP on an FG-VM-64.

fatal: [th-lab-fgvm64]: FAILED! => {"changed": false, "meta": {"http_status": 500, "status": "error"}, "msg": "Error in repo"}

The playbook is as follows:

-  name: Set vip on the fortigate
   gather_facts: false
   connection: local
   hosts: all   
   tasks:
     - fortiosconfig:
         action: "set"
         host:  "172.16.31.254"
         username: "admin"
         password: ""
         config: "firewall vip"
         config_parameters:
           name: "vip-1"
           extip: "1.1.1.1"
           mappedip: "10.10.10.10"
           type: "static"
           extintf: "any"

I have confirmed that the firewall is reachable from my Ansible machine, and that the credentials are correct. My pip list is below.

ansible (2.5.0)
asn1crypto (0.24.0)
bcrypt (3.1.4)
certifi (2018.1.18)
cffi (1.11.5)
chardet (3.0.4)
cryptography (2.2.2)
enum34 (1.1.6)
fortiosapi (0.9.91)
idna (2.6)
ipaddress (1.0.19)
Jinja2 (2.10)
MarkupSafe (1.0)
ntlm-auth (1.1.0)
paramiko (2.4.1)
pip (9.0.3)
pyasn1 (0.4.2)
pycparser (2.18)
pyfg (0.50)
PyNaCl (1.2.1)
pywinrm (0.3.0)
PyYAML (3.12)
requests (2.18.4)
requests-ntlm (1.1.0)
setuptools (33.1.1.post20170517)
six (1.11.0)
urllib3 (1.22)
xmltodict (0.11.0)

Thank you very much for your assistance.

migumun commented 5 years ago

Hi, sorry for the late reply. I think the problem is in the mappedip attribute. According to the schema it is a table and not a string:

GET http://{{fgt_ip}}/api/v2/cmdb/firewall/vip?action=schema
[...]
"mappedip": {
                "name": "mappedip",
                "category": "table",
                "help": "IP address or address range on the destination network to which the external IP address is mapped.",
                "mkey": "range",
                "mkey_type": "string",
                "children": {
                    "range": {
                        "name": "range",
                        "category": "unitary",
                        "type": "string",
                        "help": "Mapped IP range.",
                        "required": true,
                        "size": 64
                    }
                },
[...]

I have created this example for your case. It has been tested in v6.0.2: 

- hosts: localhost
  vars:
    host: "192.168.122.40"
    username: "admin"
    password: ""
  tasks:
  - name: Set vip on the fortigate
    connection: local
    fortiosconfig:
      https: False
      action: "set"
      host:  "{{host}}"
      username: "{{username}}"
      password: "{{password}}"
      config: "firewall vip"
      config_parameters:
        name: "1"
        type: static-nat
        dns-mapping-ttl: 0
        ldb-method: static
        extip: 1.1.1.1
        mappedip:
        - range: 10.10.10.10
        extintf: port1
        arp-reply: enable
        protocol: tcp
        extport: 0-65535
        mappedport: 0-65535

Hope that helps.