Comments (5)
That'll do it -- the role wasn't using the galaxy module, it was using the legacy ansible module. I had specified it in the main playbook but not in the role itself. Added the collection to role/name/meta/main.yml and it worked.
Thanks for your help.
from ansible-galaxy-fortios-collection.
Hi @freddygfy,
Fortios collection supports version6 but not v5. I cannot reproduce the error on my side with FOS6.0.7m 6.2.3 and 6.4.0.
Can you please try the following playbook? Let's try the simple one and see what the errors are. Please make sure to create the members/users before setting user_group.
- hosts: fortigates
connection: httpapi
collections:
- fortinet.fortios
vars:
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
vdom: "root"
tasks:
- name: Configure user group
fortios_user_group:
vdom: "{{ vdom }}"
state: "present"
user_group:
name: "Firewall_group_test"
group_type: "firewall"
member:
- name: "firewall_user_1"
from ansible-galaxy-fortios-collection.
This worked as expected...the problem seems to be limited to remote groups, or at least LDAP remote groups.
I've recreated this issue again today on 6.2.3 and 6.0.10, as well. The information under the "match" section doesn't get sent,
Here's a di de cli 8 from the 6.2.3 firewall today:
0: end
0: config user group
0: edit "<< ldap_group_name >>"
0: end
0: config user group
0: edit " << ldap_group_name >>"
0: config match
0: edit 1
-56: end
It seems it's trying to exit the "config match" without entering any match criteria, throwing an error.
Play output, -vvvvv, sanitized:
TASK [init : Add LDAP Group - Part 1] *********************************************************************************************************************************************
task path: /home/<myuser>/git/fortigate_baseline/roles/init/tasks/04-add_ldap_group.yml:1
fatal: [<ansible_hostname>]: FAILED! => changed=false
invocation:
module_args:
host: null
https: true
password: ''
ssl_verify: true
state: present
user_group:
auth_concurrent_override: null
auth_concurrent_value: null
authtimeout: null
company: null
email: null
expire: null
expire_type: null
group_type: firewall
guest: null
http_digest_realm: null
id: null
match:
- group_name: <ldapadmin_group(DN)>
id: 1
server_name: < fw_ldap_server_name >
max_accounts: null
member:
- name: < fw_ldap_server_name >
mobile_phone: null
multiple_guest_add: null
name: < fw_ldap_group_name >
password: null
sms_custom_server: null
sms_server: null
sponsor: null
sso_attribute_value: null
user_id: null
user_name: null
username: null
vdom: root
meta:
build: 6188
error: -5
http_method: POST
http_status: 500
name: group
path: user
revision: <redacted>
revision_changed: false
serial: <redacted>
status: error
vdom: root
version: v6.2.3
msg: Error in repo
ansible 2.9.13, python version = 3.6.8
from ansible-galaxy-fortios-collection.
I believe I've found the cause of the issue...the underscore-to-hyphen operation doesn't seem to be happening for server_name and group_name...this was captured from a tcpdump going to the fortigate with SSL disabled:
{"member": [{"name": "FW_LDAP_SERVER_NAME"}], "group-type": "firewall", "name": "FW_LDAP_GROUP_NAME", "match": [{"server_name": "FW_LDAP_SERVER_NAME", "group_name": "CN=LDAP_GROUP,OU=PATH,OU=PATH,DC=DOMAIN,DC=COM"}]}
Edit to add: Surprisingly, and contrary to documentation, this worked:
- name: Add Network Automation Group
fortios_user_group:
vdom: "root"
state: "present"
user_group:
name: "{{ fw_ldap_group_name }}"
group_type: "firewall"
member:
- name: "{{ fw_ldap_server_name }}"
match:
- server-name: "{{ fw_ldap_server_name }}"
group-name: "{{ ldap_group_dn }}"
id: 1
from ansible-galaxy-fortios-collection.
@freddygfy,
Thank you for your info! It's a bit weird, because I used the same playbook as yours and everything works well. I did not change server_name to server-name. It seems you are using an old version of ansible modules. We did fix this issue early this year.
Can you please check a file for me? If possible, please copy and paste the underscore_to_hyphen function here. Thank you very much!
less ~/.ansible/collections/ansible_collections/fortinet/fortios/plugins/modules/fortios_user_group.py , you will find the underscore_to_hyphen() in this file.
The function should be:
def underscore_to_hyphen(data):
if isinstance(data, list):
for i, elem in enumerate(data):
data[i] = underscore_to_hyphen(elem)
elif isinstance(data, dict):
new_data = {}
for k, v in data.items():
new_data[k.replace('_', '-')] = underscore_to_hyphen(v)
data = new_data
return data
from ansible-galaxy-fortios-collection.
Related Issues (20)
- Can not set Admin SSH keys. "Error in Repo" HOT 4
- "Error in repo" using fortios_firewall_policy module HOT 4
- config system globals timezone not numeric in 7.4.2 HOT 3
- How to Create SDWAN Zone HOT 11
- Changing admin user password results in 403 PUT error. HOT 1
- network os fortinet.fortios.fortios is not supported HOT 1
- Is global scope security profile supported? HOT 1
- fortinet.fortios.fortios_monitor_fact filter questions HOT 4
- fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue? HOT 3
- Need help w/playbook to list all managed fortiap's per firewall. HOT 4
- updating policy based routing of fortigate is not working always has seq-num error HOT 2
- There must be at least 1 server certificate configured HOT 2
- Getting 404 error while trying to add IPv6 address group using fortios_firewall_addrgrp6 HOT 2
- Error in comparison/serialize HOT 4
- Question on usage - setting dhcp (v4) reservations HOT 3
- federated-upgrade 7.2.7>7.2.8 problem HOT 2
- fortios_system_global timezone not working with FortiOS 7.4.2 and higher HOT 3
- fortinet.fortios.fortios_firewall_addrgrp module question HOT 8
- fortigate firewall firmware upgrade using fortios_monitor module HOT 2
- check mode error since 2.3.5 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-galaxy-fortios-collection.