search

spotify / pyfg

Apache License 2.0
56 stars 55 forks source link

Commit not working with VDOM #10

Open tcaiazza opened 8 years ago

tcaiazza commented 8 years ago

Using the latest version of the pyFG, I'm trying to merge the running config on a fortigate of mine with a new snippet of code. I'm running with VDOMs enabled.

In [1]: import pyFG
In [2]: device = pyFG.FortiOS("fw1", vdom="FW", username="admin", password="password")
In [3]: device.open()
In [4]: device.candidate_config = pyFG.FortiConfig("candidate")
In [5]: device.running_config = pyFG.FortiConfig("running")
In [6]: configuration = open("/Users/tim/code/napalm/generated/fw1.txt").read()
In [7]: device.load_config(in_candidate=True, config_text=configuration)
In [8]: for block in device.candidate_config.get_block_names():
   ...:  device.load_config(path=block, empty_candidate=True)
   ...:
In [12]: print device.compare_config()
    config firewall address
        edit Marist
          set subnet 148.100.0.0 255.255.0.0
        next
    end

The load config looks mostly correct, but is missing the commands to move this into the correct VDOM. So when I try to commit if get an error

In [13]: device.commit()
---------------------------------------------------------------------------
FailedCommit                              Traceback (most recent call last)
<ipython-input-13-764a21633a04> in <module>()
----> 1 device.commit()

/Library/Python/2.7/site-packages/pyFG/fortios.pyc in commit(self, config_text, force)
    277             * :class:`~pyFG.exceptions.ForcedCommit` -- Something failed but we avoided any rollback
    278         """
--> 279         self._commit(config_text, force)
    280
    281     def _commit(self, config_text=None, force=False, reload_original_config=True):

/Library/Python/2.7/site-packages/pyFG/fortios.pyc in _commit(self, config_text, force, reload_original_config)
    332
    333             if exit_code < 0 :
--> 334                 raise exceptions.FailedCommit(wrong_commands)
    335
    336     def rollback(self):

FailedCommit: [('-1', 'edit Marist'), ('-1', 'set subnet 148.100.0.0 255.255.0.0'), ('-1', 'next'), ('-1', 'end')]

Now what is interesting is that if I run compare_config again, I get the correct config snippet it, VDOM and all. I'm also able to commit this just fine.

In [14]: print device.compare_config()
conf vdom
  edit FW
    config firewall address
        edit Marist
          set subnet 148.100.0.0 255.255.0.0
        next
    end
end
In [15]: device.commit()
In [16]:

I noticed this issue when trying to use napalm and this thread started there napalm-automation/napalm-fortios#13

awlx commented 7 years ago

Any updates on this? I encounter the same error at the moment.

AuroraLi commented 6 years ago

I think there is a bug in forticonfig.py if indent_level == 0 and self.vdom is not None: if self.vdom == 'global': pre = 'conf global\n' else: pre = 'conf vdom\n edit %s\n' % self.vdom post = 'end' instead of "conf global", it should be "config global" since fortigate scrpit only accepts the exact command, not abbreviations. Same applies to vdom.