No write permission

[jklasd8899]

Following is how my inventory file looks like based on example provided on https://ftnt-ansible-docs.readthedocs.io/en/latest/fmgr_getting_started.html.

[fortimanager] IP_ADDR_FM ansible_host= IP_ADDR_FM

[fortimanager:vars] ansible_network_os=fortimanager ansible_user=USERNAME ansible_password=PASSWORD ansible_become=no ansible_become_method=disable ansible_httpapi_use_ssl=true ansible_httpapi_validate_certs=false ansible_httpapi_timeout=300

Playbook -

---

• name: CONFIG FMGR FIREWALL OBJECTS hosts: fortimanager connection: httpapi gather_facts: False

  tasks:

  • name: ADD VERY BASIC IPV4 POLICY WITH NO NAT (WIDE OPEN) fmgr_fwpol_ipv4: mode: "add" adom: "ADOM_NAME" package_name: "default" name: "Basic_IPv4_Policy" comments: "Example" action: "accept" dstaddr: "all" srcaddr: "all" dstintf: "any" srcintf: "any" logtraffic: "utm" service: "ALL" schedule: "always" ignore_errors: yes ignore_unreachable: yes

The user is provisioned with "set rpc-permit read-write".

However on execution of playbook receive the following error

"msg": "no write permission",
"rc": -10147,
"unreachable": false 

Looks like the issue maybe with locking the ADOM before making config changes and then also to unlock the ADOM once the task is complete. The guide does not describe how to lock and unlock the ADOM for config changes on fortimanager.

[amosbeh]

having the same issue, what is your solution?

[jklasd8899]

The module_utils/network/fortimanager/fortimanager.py and plugins/httpapi/fortimanager.py files were updated in this project to handle the issue. Standard Ansible plugins are not up-to-date so you will have to clone this repo and update the files.