search

networktocode / fortimanager-ansible

Ansible Modules to manage Fortinet FortiManager
Other
65 stars 34 forks source link

issue with fortimgr_policy_unittest #62

Closed kcapecchi closed 5 years ago

kcapecchi commented 5 years ago

Hello,

I have tried to use another module but I still get multiple errors

ansible-playbook fortimgr_policy_unittest.yml

PLAY [CREATE SESSION ID FOR UNIT TESTS] ***

TASK [FORTIMANAGER LOCK - CHANGE] ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='fmg1', port=443): Max retries exceeded with url: /jsonrpc (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f3889f1af90>: Failed to establish a new connection: [Errno -2] Name or service not known',)) fatal: [fmg1]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1545237939.06-109451512231250/AnsiballZ_fortimgr_lock.py\", line 113, in \n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1545237939.06-109451512231250/AnsiballZ_fortimgr_lock.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1545237939.06-109451512231250/AnsiballZ_fortimgr_lock.py\", line 48, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File \"/tmp/ansible_fortimgr_lock_payload_Aqyqj7/main.py\", line 1494, in \n File \"/tmp/ansible_fortimgr_lock_payload_Aqyqj7/main.py\", line 1460, in main\n File \"/tmp/ansible_fortimgr_lock_payload_Aqyqj7/main.py\", line 1225, in login\n File \"/tmp/ansible_fortimgr_lock_payload_Aqyqj7/main.py\", line 1253, in make_request\n File \"/usr/local/lib/python2.7/dist-packages/requests/api.py\", line 116, in post\n return request('post', url, data=data, json=json, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/api.py\", line 60, in request\n return session.request(method=method, url=url, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/sessions.py\", line 533, in request\n resp = self.send(prep, send_kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/sessions.py\", line 646, in send\n r = adapter.send(request, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/adapters.py\", line 516, in send\n raise ConnectionError(e, request=request)\nrequests.exceptions.ConnectionError: HTTPSConnectionPool(host='fmg1', port=443): Max retries exceeded with url: /jsonrpc (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f3889f1af90>: Failed to establish a new connection: [Errno -2] Name or service not known',))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} to retry, use: --limit @/home/tubalcain/depot/fortimanager-ansible/unittests/fortimgr_policy_unittest.retry

PLAY RECAP **** fmg1 : ok=0 changed=0 unreachable=0 failed=1

I have modified my inventory to get the same variable than the module :

[fortimanager] fmg1 inventory_hostname=10.5.21.232 username=admin password=fortinet

could you let me know how to use this module ?

regards,

jmcgill298 commented 5 years ago

can you show your playbook?

kcapecchi commented 5 years ago

Thanks for your reply.

It is the one you have created , I have not modified it.

jmcgill298 commented 5 years ago

I think you are confusing inventory_hostname and ansible_host. Your inventory should look like this:

[fortimanager]
fmg1 ansible_host=10.5.21.232 username=admin password=fortinet

I would also recommend being consistent with Ansible's style and using ansible_user and ansible_password

[fortimanager]
fmg1 ansible_host=10.5.21.232 ansible_user=admin ansible_password=fortinet

inventory_hostname will resolve to the name you give the host in your inventory, which you can see happening in the error message you provided: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='fmg1', port=443). Since you named the host fmg1, the task is using that for the connection, but that hostname is not resolvable in your environment. Update to use ansible_host, and that should fix the issue.

kcapecchi commented 5 years ago

Hello John,

I have changed my inventory and it now looks like the following :

[fortimanager] fmg1 ansible_host=10.5.21.232 ansible_user=admin ansible_password=fortinet

But when I run the playbook , I get the following error :

ansible-playbook fortimgr_policy_unittest.yml

PLAY [CREATE SESSION ID FOR UNIT TESTS] ***

TASK [FORTIMANAGER LOCK - CHANGE] ***** fatal: [fmg1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'username' is undefined\n\nThe error appears to have been in '/home/tubalcain/depot/fortimanager-ansible/unittests/fortimgr_policy_unittest.yml': line 10, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n tasks:\n - name: FORTIMANAGER LOCK - CHANGE\n ^ here\n"} to retry, use: --limit @/home/tubalcain/depot/fortimanager-ansible/unittests/fortimgr_policy_unittest.retry

Which I understand because the module you have implemented contains the following :

So I have changed username and password in this module to make it works with my inventory

and now I have the following error when I run the playbook :

root@tubalcain:/home/tubalcain/depot/fortimanager-ansible/unittests# ansible-playbook fortimgr_policy_unittest.yml

PLAY [CREATE SESSION ID FOR UNIT TESTS] ***

TASK [FORTIMANAGER LOCK - CHANGE] ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='fmg1', port=443): Max retries exceeded with url: /jsonrpc (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff0d7b16f90>: Failed to establish a new connection: [Errno -2] Name or service not known',)) fatal: [fmg1]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1545303039.04-82323278165150/AnsiballZ_fortimgr_lock.py\", line 113, in \n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1545303039.04-82323278165150/AnsiballZ_fortimgr_lock.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1545303039.04-82323278165150/AnsiballZ_fortimgr_lock.py\", line 48, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1494, in \n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1460, in main\n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1225, in login\n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1253, in make_request\n File \"/usr/local/lib/python2.7/dist-packages/requests/api.py\", line 116, in post\n return request('post', url, data=data, json=json, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/api.py\", line 60, in request\n return session.request(method=method, url=url, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/sessions.py\", line 533, in request\n resp = self.send(prep, send_kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/sessions.py\", line 646, in send\n r = adapter.send(request, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/adapters.py\", line 516, in send\n raise ConnectionError(e, request=request)\nrequests.exceptions.ConnectionError: HTTPSConnectionPool(host='fmg1', port=443): Max retries exceeded with url: /jsonrpc (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff0d7b16f90>: Failed to establish a new connection: [Errno -2] Name or service not known',))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

-So I'm quite confusing because , I do not know if I need to use the following in my inventory, like you advised me in your previous message : [fortimanager] fmg1 ansible_host=10.5.21.232 ansible_user=admin ansible_password=fortinet

Or if I need to use the following one to make it works with the playbook

[fortimanager] fmg1 ansible_host=10.5.21.232 username=admin password=fortinet

on the other part I do not know how I can fix the last issue I have when I set the username and password :

TASK [FORTIMANAGER LOCK - CHANGE] ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='fmg1', port=443): Max retries exceeded with url: /jsonrpc (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff0d7b16f90>: Failed to establish a new connection: [Errno -2] Name or service not known',)) fatal: [fmg1]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1545303039.04-82323278165150/AnsiballZ_fortimgr_lock.py\", line 113, in \n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1545303039.04-82323278165150/AnsiballZ_fortimgr_lock.py\", line 105, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1545303039.04-82323278165150/AnsiballZ_fortimgr_lock.py\", line 48, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1494, in \n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1460, in main\n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1225, in login\n File \"/tmp/ansible_fortimgr_lock_payload_wnsf1q/main.py\", line 1253, in make_request\n File \"/usr/local/lib/python2.7/dist-packages/requests/api.py\", line 116, in post\n return request('post', url, data=data, json=json, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/api.py\", line 60, in request\n return session.request(method=method, url=url, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/sessions.py\", line 533, in request\n resp = self.send(prep, send_kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/sessions.py\", line 646, in send\n r = adapter.send(request, kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/requests/adapters.py\", line 516, in send\n raise ConnectionError(e, request=request)\nrequests.exceptions.ConnectionError: HTTPSConnectionPool(host='fmg1', port=443): Max retries exceeded with url: /jsonrpc (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff0d7b16f90>: Failed to establish a new connection: [Errno -2] Name or service not known',))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} to retry, use: --limit @/home/tubalcain/depot/fortimanager-ansible/unittests/fortimgr_policy_unittest.retry

regards,

itdependsnetworks commented 5 years ago

You changed one of the user/pass to ansible_user/pass but not the other. As the error indicates you have an undefined variable. Just change that the reference to username and password and you should be good.

jmcgill298 commented 5 years ago

@kcapecchi you implemented my suggestions, but not what I pinpointed to be the issue. You are trying to define inventory_hostname, which you cannot do. Ansible will assign inventory_hostname to the name you give the host in your inventory. You can assign ansible_host though (look back at my previous comment). The error shows the connection failing to connect to fmg1 not 10.5.21.232, and the error message is a DNS error, meaning your host cannot get resolution for fmg1.

jmcgill298 commented 5 years ago

Also, as you realized with my suggestions, what you change in your inventory, will also need to be updated in your playbook, so that the correct variable is used.

When we published these modules, Ansible Network did not use the standard Ansible variables; they have since adopted using them and provided new connection mechanisms that require them. Yesterday, I did update the examples and documentation of this project.

itdependsnetworks commented 5 years ago

Also, likely easier to get help by joining our slack community by going to http://slack.networktocode.com and joining the #ansible channel

kcapecchi commented 5 years ago

Hello guys,

Thanks for your help guys, I have fixed my host and dns and it is now far better. I only get one last error that I'm gonna investigate :

fatal: [fmg1]: FAILED! => {"changed": false, "msg": "This Fortimanager does not support policy names, please remove the policy_name parameter from task"}

root@tubalcain:/home/tubalcain/depot/fortimanager-ansible/unittests# ansible-playbook fortimgr_policy_unittest.yml

PLAY [CREATE SESSION ID FOR UNIT TESTS] ***

TASK [FORTIMANAGER LOCK - CHANGE] ***** changed: [fmg1]

TASK [SET SESSION ID] ***** ok: [fmg1]

PLAY [CREATE FORTIMANAGER OBJECTS FOR UNIT TESTS] *****

TASK [CREATE ADDRESS OBJECTS - CHANGE] **** ok: [fmg1] => (item={u'ip': u'10.1.1.1', u'name': u'srcaddr1'}) ok: [fmg1] => (item={u'ip': u'10.1.1.2', u'name': u'srcaddr2'}) ok: [fmg1] => (item={u'ip': u'10.1.1.3', u'name': u'srcaddr3'}) ok: [fmg1] => (item={u'ip': u'10.1.1.4', u'name': u'srcaddr4'}) ok: [fmg1] => (item={u'ip': u'10.1.1.5', u'name': u'srcaddr5'}) ok: [fmg1] => (item={u'ip': u'10.1.1.6', u'name': u'srcaddr6'})

TASK [CREATE SERVICE - CHANGE] **** ok: [fmg1] => (item={u'name': u'svc1', u'port': 1}) ok: [fmg1] => (item={u'name': u'svc2', u'port': 2}) ok: [fmg1] => (item={u'name': u'svc3', u'port': 3})

TASK [CREATE IP POOL - CHANGE] **** ok: [fmg1] => (item={u'start': u'200.1.1.1', u'end': u'200.1.1.1', u'name': u'pool1'}) ok: [fmg1] => (item={u'start': u'200.1.1.2', u'end': u'200.1.1.2', u'name': u'pool2'}) ok: [fmg1] => (item={u'start': u'200.1.1.3', u'end': u'200.1.1.3', u'name': u'pool3'})

TASK [CREATE VIP - CHANGE] **** ok: [fmg1] => (item={u'map': u'10.10.10.10', u'ext': u'100.10.10.10', u'name': u'vip1'}) ok: [fmg1] => (item={u'map': u'10.10.10.11', u'ext': u'100.10.10.11', u'name': u'vip2'}) ok: [fmg1] => (item={u'map': u'10.10.10.12', u'ext': u'100.10.10.12', u'name': u'vip3'})

TASK [FORTIMANAGER SAVE - CHANGE] ***** changed: [fmg1]

PLAY [FORTIMANAGER POLICY UNITTESTS] **

TASK [CREATE DENY POLICY - CHANGE] **** fatal: [fmg1]: FAILED! => {"changed": false, "msg": "This Fortimanager does not support policy names, please remove the policy_name parameter from task"} to retry, use: --limit @/home/tubalcain/depot/fortimanager-ansible/unittests/fortimgr_policy_unittest.retry

PLAY RECAP **** fmg1 : ok=7 changed=2 unreachable=0 failed=1

jmcgill298 commented 5 years ago

@kcapecchi Glad that is working for you. The latest message seems to be dependent on the version, and the error message seems to be accurate and clear, so I am closing the issue.