hello,
i resolve the issue .
i see that ansible check " https://192.168.1.136:443/logincheck"; , but in
fortinet the port:443 is use for the sslvpn.
So the best practice is to use new port for the management admin exemple:
4433 and configure a certificat (in system setting fortigate) and enable
https on the phisycal port.
So ansible can https for the connection to the FW
just change:
ansible_httpapi_port: 443 --> ansible_httpapi_port: 4433
Le jeudi 18 août 2022 à 20:15:38 UTC+2, ibrahim camara a écrit :
> Hello,
>
> I need help with an ansible deployment I would like to create a user
> account (admin) on fortinet.
> but when I play the playbook I have an error that I can't debug if someone
> in the group has already encountered this error when deploying on fortinet
> could he help me.
>
> i share my simple test configuration below:
>
> *inventary hosts:*
> [forti]
> 192.168.1.136
>
> *testForti.yml*
> ---
> - name: configure user admin
> hosts: forti
> connection: httpapi
> collections:
> - fortinet.fortios
> tasks:
> - debug: var=ansible_host
> - name: task Configure admin users.
> fortios_system_admin:
> vdom: "{{ vdom }}"
> state: "present"
> system_admin:
> accprofile: "super_admin"
> accprofile_override: "enable"
> allow_remove_admin_session: "enable"
> comments: "test ansible"
> email_to: "[email protected]"
> force_password_change: "disable"
> name: "test"
> password: "test123"
>
> *groupe_vars > forti.yml*
> ---
> ansible_python_interpreter: /usr/bin/python3
> vdom: "root"
> ansible_httpapi_use_ssl: yes
> ansible_httpapi_validate_certs: no
> ansible_httpapi_port: 443
> ansible_network_os: fortinet.fortios.fortios
> ssl_verify: "false"
> ansible_user: "admin"
> ansible_password: "password"
>
>
> *playbook*
> ansible-playbook testForti.yml -vvv
>
> output:
>
> p3-virtualenv-ansible) [user@ansible Automation-Stuff]$ ansible-playbook
> testForti.yml -vvv
> [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the
> controller starting with Ansible 2.12. Current version: 3.6.8 (default, Nov
> 16 2020, 16:55:22) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]. This feature
> will
> be removed from ansible-core in version 2.12. Deprecation warnings can be
> disabled by setting deprecation_warnings=False in ansible.cfg.
> /home/user/p3-virtualenv-ansible/lib64/python3.6/site-packages/ansible/parsing/vault/__init__.py:44:
>
> CryptographyDeprecationWarning: Python 3.6 is no longer supported by the
> Python core team. Therefore, support for it is deprecated in cryptography
> and will be removed in a future release.
> from cryptography.exceptions import InvalidSignature
> ansible-playbook [core 2.11.12]
> config file = /home/user/Automation-Stuff/ansible.cfg
> configured module search path = ['/home/user/.ansible/plugins/modules',
> '/usr/share/ansible/plugins/modules']
> ansible python module location =
> /home/user/p3-virtualenv-ansible/lib64/python3.6/site-packages/ansible
> ansible collection location =
> /home/user/.ansible/collections:/usr/share/ansible/collections
> executable location =
> /home/user/p3-virtualenv-ansible/bin/ansible-playbook
> python version = 3.6.8 (default, Nov 16 2020, 16:55:22) [GCC 4.8.5
> 20150623 (Red Hat 4.8.5-44)]
> jinja version = 3.0.3
> libyaml = True
> Using /home/user/Automation-Stuff/ansible.cfg as config file
> host_list declined parsing /home/user/Automation-Stuff/hosts as it did not
> pass its verify_file() method
> script declined parsing /home/user/Automation-Stuff/hosts as it did not
> pass its verify_file() method
> auto declined parsing /home/user/Automation-Stuff/hosts as it did not pass
> its verify_file() method
> Parsed /home/user/Automation-Stuff/hosts inventory source with ini plugin
> Skipping callback 'default', as we already have a stdout callback.
> Skipping callback 'minimal', as we already have a stdout callback.
> Skipping callback 'oneline', as we already have a stdout callback.
>
> PLAYBOOK: testForti.yml
> *********************************************************************************************************************************************************************************************************
> 1 plays in testForti.yml
>
> PLAY [configure user admin]
> *****************************************************************************************************************************************************************************************************
> META: ran handlers
>
> TASK [debug]
> ********************************************************************************************************************************************************************************************************************
> task path: /home/user/Automation-Stuff/testForti.yml:9
> redirecting (type: connection) ansible.builtin.httpapi to
> ansible.netcommon.httpapi
> ok: [192.168.1.136] => {
> "ansible_host": "192.168.1.136"
> }
>
> TASK [task Configure admin users.]
> **********************************************************************************************************************************************************************************************
> task path: /home/user/Automation-Stuff/testForti.yml:10
> redirecting (type: connection) ansible.builtin.httpapi to
> ansible.netcommon.httpapi
> <192.168.1.136> ESTABLISH LOCAL CONNECTION FOR USER: user
> <192.168.1.136> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0 `"&& mkdir "` echo
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789
>
> `" && echo ansible-tmp-1660791972.256035-21571-153360967314789="` echo
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789
>
> `" ) && sleep 0'
> Using module file
> /home/user/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py
> <192.168.1.136> PUT
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/tmp43du_hoy TO
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py
> <192.168.1.136> EXEC /bin/sh -c 'chmod u+x
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/
>
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py
>
> && sleep 0'
> <192.168.1.136> EXEC /bin/sh -c
> '/home/user/p3-virtualenv-ansible/bin/python3
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py
>
> && sleep 0'
> <192.168.1.136> EXEC /bin/sh -c 'rm -f -r
> /home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/
>
> > /dev/null 2>&1 && sleep 0'
> The full traceback is:
> Traceback (most recent call last):
> File
> "/home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py",
>
> line 100, in <module>
> _ansiballz_main()
> File
> "/home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py",
>
> line 92, in _ansiballz_main
> invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
> File
> "/home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py",
>
> line 41, in invoke_module
> run_name='__main__', alter_sys=True)
> File "/usr/lib64/python3.6/runpy.py", line 205, in run_module
> return _run_module_code(code, init_globals, run_name, mod_spec)
> File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code
> mod_name, mod_spec, pkg_name, script_name)
> File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
> exec(code, run_globals)
> File
> "/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py",
>
> line 3592, in <module>
> File
> "/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py",
>
> line 3555, in main
> File
> "/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py",
>
> line 217, in check_schema_versioning
> File
> "/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible/module_utils/connection.py",
>
> line 200, in __rpc__
> ansible.module_utils.connection.ConnectionError: Could not connect to
> https://192.168.1.136:443/logincheck: [Errno 104] Connection reset by peer
> fatal: [192.168.1.136]: FAILED! => {
> "changed": false,
> "module_stderr": "Traceback (most recent call last):\n File
> \"/home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py\",
>
> line 100, in <module>\n _ansiballz_main()\n File
> \"/home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py\",
>
> line 92, in _ansiballz_main\n invoke_module(zipped_mod, temp_path,
> ANSIBALLZ_PARAMS)\n File
> \"/home/user/.ansible/tmp/ansible-local-21526q5jr4zz0/ansible-tmp-1660791972.256035-21571-153360967314789/AnsiballZ_fortios_system_admin.py\",
>
> line 41, in invoke_module\n run_name='__main__', alter_sys=True)\n File
> \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return
> _run_module_code(code, init_globals, run_name, mod_spec)\n File
> \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n
> mod_name, mod_spec, pkg_name, script_name)\n File
> \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code,
> run_globals)\n File
> \"/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py\",
>
> line 3592, in <module>\n File
> \"/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_admin.py\",
>
> line 3555, in main\n File
> \"/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py\",
>
> line 217, in check_schema_versioning\n File
> \"/tmp/ansible_fortios_system_admin_payload_lbrhtsap/ansible_fortios_system_admin_payload.zip/ansible/module_utils/connection.py\",
>
> line 200, in __rpc__\nansible.module_utils.connection.ConnectionError:
> Could not connect to https://192.168.1.136:443/logincheck: [Errno 104]
> Connection reset by peer\n",
> "module_stdout": "",
> "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
> "rc": 1
> }
>
> PLAY RECAP
> **********************************************************************************************************************************************************************************************************************
> 192.168.1.136 : ok=1 changed=0 unreachable=0
> failed=1 skipped=0 rescued=0 ignored=0
>
>
> does anyone have an idea about this issue ?
>
> thanks
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/aa3f94e6-9f43-4485-8968-5bfa0bdd5a03n%40googlegroups.com.
