Comments (12)
@onurbrc thanks Bruno,
yes with Fortigate, only raw ssh connection works:
I used to work it around like your way:
#72 (comment)
#72 (comment)
It looks really cumbersome with Fortigate CLI as we have to take care the specific commands to execute.
thanks again for sharing.
Link
from ansible-galaxy-fortios-collection.
ETA: 6/18/2020
from ansible-galaxy-fortios-collection.
hi @diLLec,
-
password
issue.
changing password via Ansible(cmdb) is not supported, we must use CLI or monitor APIs instead.
[httpsd 190 - 1592532203 error] _api_cmdb_v2_config[1204] -- Modification of the 'password' field of system.admin is forbidden.
[httpsd 190 - 1592532203 error] api_return_http_result[645] -- API error 403 raised
-
trusthost1
issue.
the target must be a masked network.
- hosts: fortigate01
connection: httpapi
collections:
- fortinet.fortios
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure system admin.
fortios_system_admin:
vdom: "{{ vdom }}"
state: "present"
system_admin:
name: 'admin'
trusthost1: '130.140.25.23/32' <======watch out .
thanks,
Link.
from ansible-galaxy-fortios-collection.
Thanks @chillancezen. With which debug command the above mentioned httpsd messages are created? I think they tell much insight and would be very helpful in other cases.
from ansible-galaxy-fortios-collection.
ssh to fortigate device then the shell is opened:
- Turn on debugging:
diagnose debug enable
diagnose debug cli 8
diagnose debug application httpsd -1
- Turn off debugging:
diagnose debug disable
yes it's helpful to address parameters issue in Ansible.
thanks,
Link
from ansible-galaxy-fortios-collection.
hi @diLLec Michael,
I now mark this issue closed
. please fell free to reopen it in case of any issues.
we are glad to help.
thanks,
Link
from ansible-galaxy-fortios-collection.
hi @chillancezen,
I'm having the same issue to change admin's password using Ansible.
Does it still not possible using fortios_system_admin?
Could you please provide an example how to change admin's password using another method?
Thanks in advance.
from ansible-galaxy-fortios-collection.
hi @chillancezen,
I'm having the same issue to change admin's password using Ansible.
Does it still not possible using fortios_system_admin?
Could you please provide an example how to change admin's password using another method?Thanks in advance.
hi @seohs7 ,
could you try raw curl command:
curl --insecure -X POST "https://192.168.190.132:443/api/v2/monitor/system/change-password/select?access_token=<your access token>" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "{ \"mkey\": \"<your user id>\", \"old_password\": \"<your old password>\", \"new_password\": \"<your new password>"}"
we are going to support this from Ansible in next major release.
from ansible-galaxy-fortios-collection.
Hi @chillancezen ,
Thank you for you response.
In this case, I must generate an access_token in the first place. How can I do that programmatically? Because I'd love to use only Ansible via fortios_* modules or via API request through native uri module.
My workflow starts as the following:
1 - Instantiate a FGT-VM via Terraform using a template
2 - Run basic configuration using Ansible:
2.1 - First admin's password change
2.2 - Replace security banner alert message
2.3 - etc...
So, is it possible to change the admin's password during the step 2 to avoid the interaction with the prompt as following:
New Password:
Confirm Password:
Thank you in advance.
from ansible-galaxy-fortios-collection.
we are sorry that we don't have a good programable way to generate a token for future use.
but we are still able to do change admin's password via the following commands:
curl --insecure -X POST https://192.168.190.132/logincheck -H 'Cache-Control: no-cache' -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=admin&secretkey=<your admin password>&ajax=1' -c /tmp/cookies
curl -b /tmp/cookies --insecure -X POST "https://192.168.190.132:443/api/v2/monitor/system/change-password?vdom=root" -H "accept: application/json" -H "X-CSRFTOKEN: `cat /tmp/cookies |grep 'ccsrftoken' |grep -v 'ccsrftoken_' |sed 's/\t/ /g' |cut -d ' ' -f 7|tr -d '"'`" -H "Content-Type: application/x-www-form-urlencoded" -d "{ \"mkey\": \"admin\", \"old_password\": \"<old_password>\", \"new_password\": \"<new_password>\"}"
it looks a little complicated but we don't have a better way to do so.
we are going to implement this function from anisble , #74 is tracking this.
thanks,
Link.
from ansible-galaxy-fortios-collection.
Hello @chillancezen,
Your workaround works fine for me.
Thanks.
from ansible-galaxy-fortios-collection.
Hi @chillancezen,
I'm using my workaround below and it worked as well.
# Using expect (shell like) to interact with target
- name: Using native shell for the 1st password changing interaction
shell: |
set timeout 20
spawn ssh -o StrictHostKeyChecking=no {{ login | default('admin') }}@{{ mgmtIp | default(ansible_host) }}
expect "New*Password*"
send "admin\n"
expect "\nConfirm*"
send "admin\n"
expect "\n{{ inventory_hostname }}*"
send "\n"
exit 0
args:
executable: /usr/bin/expect
delegate_to: localhost
Thanks.
from ansible-galaxy-fortios-collection.
Related Issues (20)
- Can not set Admin SSH keys. "Error in Repo" HOT 4
- "Error in repo" using fortios_firewall_policy module HOT 4
- config system globals timezone not numeric in 7.4.2 HOT 3
- How to Create SDWAN Zone HOT 11
- Changing admin user password results in 403 PUT error. HOT 1
- network os fortinet.fortios.fortios is not supported HOT 1
- Is global scope security profile supported? HOT 1
- fortinet.fortios.fortios_monitor_fact filter questions HOT 4
- fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue? HOT 3
- Need help w/playbook to list all managed fortiap's per firewall. HOT 4
- updating policy based routing of fortigate is not working always has seq-num error HOT 2
- There must be at least 1 server certificate configured HOT 2
- Getting 404 error while trying to add IPv6 address group using fortios_firewall_addrgrp6 HOT 2
- Error in comparison/serialize HOT 4
- Question on usage - setting dhcp (v4) reservations HOT 3
- federated-upgrade 7.2.7>7.2.8 problem HOT 2
- fortios_system_global timezone not working with FortiOS 7.4.2 and higher HOT 3
- fortinet.fortios.fortios_firewall_addrgrp module question HOT 8
- fortigate firewall firmware upgrade using fortios_monitor module HOT 2
- check mode error since 2.3.5 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-galaxy-fortios-collection.