I am using the ansible_fgt_module libraries, and if I forget to specify https: True, and don't specify a port number, I get the following:
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\nTraceback (most recent call last):\n File \"/home/spriggsj/.ansible/tmp/ansible-tmp-1549621114.0393393-176012617895562/AnsiballZ_fortios_log_syslogd_setting.py\", line 113, in <module>\n _ansiballz_main()\n File \"/home/spriggsj/.ansible/tmp/ansible-tmp-1549621114.0393393-176012617895562/AnsiballZ_fortios_log_syslogd_setting.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/spriggsj/.ansible/tmp/ansible-tmp-1549621114.0393393-176012617895562/AnsiballZ_fortios_log_syslogd_setting.py\", line 48, in invoke_module\n imp.load_module('__main__', mod, module, MOD_DESC)\n File \"/usr/lib/python3.6/imp.py\", line 235, in load_module\n return load_source(name, filename, file)\n File \"/usr/lib/python3.6/imp.py\", line 170, in load_source\n module = _exec(spec, sys.modules[name])\n File \"<frozen importlib._bootstrap>\", line 618, in _exec\n File \"<frozen importlib._bootstrap_external>\", line 678, in exec_module\n File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed\n File \"/tmp/ansible_fortios_log_syslogd_setting_payload_lpcznfjs/__main__.py\", line 367, in <module>\n File \"/tmp/ansible_fortios_log_syslogd_setting_payload_lpcznfjs/__main__.py\", line 358, in main\n File \"/tmp/ansible_fortios_log_syslogd_setting_payload_lpcznfjs/__main__.py\", line 293, in fortios_log_syslogd\n File \"/tmp/ansible_fortios_log_syslogd_setting_payload_lpcznfjs/__main__.py\", line 265, in login\n File \"/usr/local/lib/python3.6/dist-packages/fortiosapi/fortiosapi.py\", line 193, in login\n raise Exception('login failed')\nException: login failed\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
If I specify https: True this play runs successfully.
I believe that the fortiosapi library is disabling HTTPS certificate checking when HTTPS is enabled, but not doing so when it is not enabled. Thus, when the HTTP302 is fired, and it redirects to the HTTPS port, it should also disable HTTPS certificate checking.
I can't spot where in the code this is happening (I had a quick parse, but couldn't catch it), but it's worth noting.
I am using the
ansible_fgt_module
libraries, and if I forget to specifyhttps: True
, and don't specify a port number, I get the following:If I specify
https: True
this play runs successfully.I believe that the fortiosapi library is disabling HTTPS certificate checking when HTTPS is enabled, but not doing so when it is not enabled. Thus, when the HTTP302 is fired, and it redirects to the HTTPS port, it should also disable HTTPS certificate checking.
I can't spot where in the code this is happening (I had a quick parse, but couldn't catch it), but it's worth noting.