Comments (6)
chillancezen
commented on July 21, 2024
@shariaty59
looks like your network is unreachable, please make sure you can access your fortigate device via ssh or ping from the host which Ansible is run on.
thanks,
Link
from ansible-galaxy-fortios-collection.
shariaty59
commented on July 21, 2024
@chillancezen Hi, I think the error message is misleading. the only change I make in my play book is changing the host name "mylab-fw-dev1" to group "dev". Group "dev" has only one member and it is "mylab-fw-dev1". The SSL verify is set to disable but could it because the Ansible connection doesn't see the group name in the actual SSL path?
from ansible-galaxy-fortios-collection.
chillancezen
commented on July 21, 2024
@shariaty59 that's weird, could you provide your full playbook plus inventory(please mask your password and ip.)?
thanks,
Link
from ansible-galaxy-fortios-collection.
shariaty59
commented on July 21, 2024
@chillancezen of course, First this is what's working:
---
- hosts: localhost
vars:
host: "mylab-fw-dev1"
username: "alistair"
password: "mypass"
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure Phase1 Interface
fortios_vpn_ipsec_phase1_interface:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "True"
state: "present"
ssl_verify: "False"
vpn_ipsec_phase1_interface:
interface: 'port1'
name: 'VPN_AS_TEST'
net_device: 'disable'
proposal: 'des-md5'
peertype: 'any'
wizard_type: 'custom'
remote_gw: '22.33.44.200'
psksecret: 'foo-password'
dhgrp: '2'
ike_version: '2'
dpd: 'on-idle'
dpd_retryinterval: '5'
comments: 'test vpn ansible'
- name: Configure Phase2 Interface
fortios_vpn_ipsec_phase2_interface:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "True"
state: "present"
ssl_verify: "False"
vpn_ipsec_phase2_interface:
name: 'VPN_and_Ansible'
phase1name: 'VPN_AS_TEST'
proposal: 'des-sha512'
dhgrp: '2'
auto_negotiate: 'enable'
keylife_type: 'seconds'
keylifeseconds: '28800'
dst_addr_type: 'subnet'
dst_subnet: '192.168.185.131 255.255.255.255'
src_addr_type: 'subnet'
src_subnet: '192.168.185.132 255.255.255.255'
below is the result:
[alistair@ansible-ctrl my_ansible]$ ansible-playbook vpn_works_no_touch.yml
PLAY [localhost] ***************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Configure Phase1 Interface] **********************************************************************************************************************************************************************************************
changed: [localhost]
TASK [Configure Phase2 Interface] **********************************************************************************************************************************************************************************************
changed: [localhost]
PLAY RECAP *********************************************************************************************************************************************************************************************************************
localhost : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Here's the content of my hosts file:
[alistair@ansible-ctrl my_ansible]$ cat inventory/hosts
[dev]
mylab-fw-dev1 ansible_host=192.168.9.225
Now the only line I change on the playbook is below:
host: "dev"
and it fails on me:
[alistair@ansible-ctrl my_ansible]$ ansible-playbook vpn_works_no_touch.yml
PLAY [localhost] ***************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [Configure Phase1 Interface] **********************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='dev', port=443): Max retries exceeded with url: /logincheck (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f60f3663630>: Failed to establish a new connection: [Errno -2] Name or service not known',))
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.6/site-packages/urllib3/connection.py\", line 157, in _new_conn\n (self._dns_host, self.port), self.timeout, **extra_kw\n File \"/usr/local/lib/python3.6/site-packages/urllib3/util/connection.py\", line 61, in create_connection\n for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):\n File \"/usr/lib64/python3.6/socket.py\", line 745, in getaddrinfo\n for res in _socket.getaddrinfo(host, port, family, type, proto, flags):\nsocket.gaierror: [Errno -2] Name or service not known\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 672, in urlopen\n chunked=chunked,\n File \"/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 376, in _make_request\n self._validate_conn(conn)\n File \"/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 994, in _validate_conn\n conn.connect()\n File \"/usr/local/lib/python3.6/site-packages/urllib3/connection.py\", line 334, in connect\n conn = self._new_conn()\n File \"/usr/local/lib/python3.6/site-packages/urllib3/connection.py\", line 169, in _new_conn\n self, \"Failed to establish a new connection: %s\" % e\nurllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f60f3663630>: Failed to establish a new connection: [Errno -2] Name or service not known\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/usr/local/lib/python3.6/site-packages/requests/adapters.py\", line 449, in send\n timeout=timeout\n File \"/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py\", line 720, in urlopen\n method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]\n File \"/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py\", line 436, in increment\n raise MaxRetryError(_pool, url, error or ResponseError(cause))\nurllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='dev', port=443): Max retries exceeded with url: /logincheck (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f60f3663630>: Failed to establish a new connection: [Errno -2] Name or service not known',))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/home/alistair/.ansible/tmp/ansible-tmp-1592837484.6954627-112177785026323/AnsiballZ_fortios_vpn_ipsec_phase1_interface.py\", line 102, in <module>\n _ansiballz_main()\n File \"/home/alistair/.ansible/tmp/ansible-tmp-1592837484.6954627-112177785026323/AnsiballZ_fortios_vpn_ipsec_phase1_interface.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/alistair/.ansible/tmp/ansible-tmp-1592837484.6954627-112177785026323/AnsiballZ_fortios_vpn_ipsec_phase1_interface.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible.modules.network.fortios.fortios_vpn_ipsec_phase1_interface', init_globals=None, run_name='__main__', alter_sys=False)\n File \"/usr/lib64/python3.6/runpy.py\", line 208, in run_module\n return _run_code(code, {}, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_fortios_vpn_ipsec_phase1_interface_payload_gbilyhds/ansible_fortios_vpn_ipsec_phase1_interface_payload.zip/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py\", line 1500, in <module>\n File \"/tmp/ansible_fortios_vpn_ipsec_phase1_interface_payload_gbilyhds/ansible_fortios_vpn_ipsec_phase1_interface_payload.zip/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py\", line 1489, in main\n File \"/tmp/ansible_fortios_vpn_ipsec_phase1_interface_payload_gbilyhds/ansible_fortios_vpn_ipsec_phase1_interface_payload.zip/ansible/modules/network/fortios/fortios_vpn_ipsec_phase1_interface.py\", line 1120, in login\n File \"/usr/local/lib/python3.6/site-packages/fortiosapi/fortiosapi.py\", line 170, in login\n data='username=' + urllib.parse.quote(username) + '&secretkey=' + urllib.parse.quote(password) + \"&ajax=1\", timeout=self.timeout)\n File \"/usr/local/lib/python3.6/site-packages/requests/sessions.py\", line 581, in post\n return self.request('POST', url, data=data, json=json, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/requests/sessions.py\", line 533, in request\n resp = self.send(prep, **send_kwargs)\n File \"/usr/local/lib/python3.6/site-packages/requests/sessions.py\", line 646, in send\n r = adapter.send(request, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/requests/adapters.py\", line 516, in send\n raise ConnectionError(e, request=request)\nrequests.exceptions.ConnectionError: HTTPSConnectionPool(host='dev', port=443): Max retries exceeded with url: /logincheck (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f60f3663630>: Failed to establish a new connection: [Errno -2] Name or service not known',))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
PLAY RECAP *********************************************************************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
from ansible-galaxy-fortios-collection.
chillancezen
commented on July 21, 2024
hi @shariaty59 ,
from your playbook it looks like you didn't use host and host group correctly.
-
mylab-fw-dev1works fine
because in your/etc/hostsyou specified the custom DNS option or mylab-fw-dev1 is resolvable in your domain. -
devis not actual one host's name
that's actually failing your playbooks.
In general ansible_host group can not be applied to legacy fortiosapi mode, but latest httpapi can do.
could you please transit your playbooks to httpapi style ones? the effort is supposed to not be much.
https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/playbook.html
remember to install latest FortiOS galaxy collection:
#ansible-galaxy collection install -f fortinet.fortios
please let me know anything I can help.
thanks,
Link
from ansible-galaxy-fortios-collection.
chillancezen
commented on July 21, 2024
hi @shariaty59, hope you are doing well.
I now mark this issue closed, please feel free to reopen it in case of any issues.
thanks,
Link
from ansible-galaxy-fortios-collection.
Related Issues (20)
- updating policy based routing of fortigate is not working always has seq-num error HOT 2
- There must be at least 1 server certificate configured HOT 2
- Getting 404 error while trying to add IPv6 address group using fortios_firewall_addrgrp6 HOT 2
- Error in comparison/serialize HOT 4
- Question on usage - setting dhcp (v4) reservations HOT 3
- federated-upgrade 7.2.7>7.2.8 problem HOT 2
- fortios_system_global timezone not working with FortiOS 7.4.2 and higher HOT 3
- fortinet.fortios.fortios_firewall_addrgrp module question HOT 8
- fortigate firewall firmware upgrade using fortios_monitor module HOT 2
- check mode error since 2.3.5 HOT 2
- IPv4 Virtual Wire Pair Policy HOT 4
- List of check_mode supported modules HOT 3
- DLP profile rule "type" property value "fos_message" isn't obeyed HOT 5
- Wrong handling of Exceptions / TypeError: exceptions must derive from BaseException HOT 2
- Cannot delete/mark as absent static route HOT 4
- Cannot Authenticate Using Username and Password in Ansible 10 + core 2.17 HOT 9
- Authenticating on FortiGates using API doesn't work with Ansible-core 2.17 HOT 8
- KeyError: 'management_ip' in check mode HOT 2
- Feature Request module_defaults group HOT 1
- fortios_export_config_playbook - system_settings selector not working HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-galaxy-fortios-collection.