Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error running fmgr_dvmdb_script_execute #66

Open
cpmoves opened this issue Jul 26, 2023 · 3 comments
Open

Error running fmgr_dvmdb_script_execute #66

cpmoves opened this issue Jul 26, 2023 · 3 comments

Comments

@cpmoves
Copy link

cpmoves commented Jul 26, 2023
edited
Loading

When trying to execute a script and checking the status of the job it's failing. It looks to be sending the oid of the script instead of the name based off what I can see in the Task Monitor comparing a job run from the GUI.

FMG v6.4.8
fortinet.fortimanager 2.2.0

- name: Run the Script
 fmgr_dvmdb_script_execute:
   bypass_validation: False
   adom: '{{ device_adom }}'
   dvmdb_script_execute:
     adom: '{{ device_adom }}'
     script: '{{ script_name }}'
     package: '{{ device_package }}'
     scope:
       -
         name: '{{ device_name }}'
         vdom: '{{ device_vdom }}'
   enable_log: true
 register: running_task

- name: Inspect the Task Status
 fmgr_fact:
   facts:
     selector: 'task_task'
     params:
       task: '{{running_task.meta.response_data.task}}'
 register: taskinfo
 until: taskinfo.meta.response_data.percent == 100
 retries: 30
 delay: 3
 failed_when: taskinfo.meta.response_data.state == 'error'

changed: [xxxxx]: FAILED! => {
    "changed": true,
    "invocation": {
        "module_args": {
            "access_token": null,
            "adom": "PreProd-Lab",
            "bypass_validation": false,
            "dvmdb_script_execute": {
                "adom": "PreProd-Lab",
                "package": "PreProd-CDE",
                "scope": null,
                "script": "Ansible_Script"
            },
            "enable_log": true,
            "forticloud_access_token": null,
            "rc_failed": null,
            "rc_succeeded": null,
            "workspace_locking_adom": null,
            "workspace_locking_timeout": 300
        }
    },
    "meta": {
        "request_url": "/dvmdb/adom/PreProd-Lab/script/execute",
        "response_code": 0,
        "response_data": {
            "task": 109201
        },
    "rc": 0
}

fatal: [xxxxx]: FAILED! => {
    "attempts": 2,
    "changed": true,
    "failed_when_result": true,
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": false,
            "facts": {
                "fields": null,
                "filter": null,
                "option": null,
                "params": {
                    "task": "109201"
                },
                "selector": "task_task",
                "sortings": null
            },
            "forticloud_access_token": null,
            "rc_failed": null,
            "rc_succeeded": null,
            "workspace_locking_adom": null,
            "workspace_locking_timeout": 300
        }
    },
    "meta": {
        "request_url": "/task/task/109201",
        "response_code": 0,
        "response_data": {
            "adom": 1081907,
            "end_tm": 1690337466,
            "flags": 0,
            "id": 109201,
            "line": [
                {
                    "detail": "install script 1176374 failed. Reason: Invalid data.",
                    "end_tm": 1690337466,
                    "err": -1,
                    "history": [
                        {
                            "detail": "2023-07-26 12:11:04:start installing script 1176374.",
                            "name": "script 1176374",
                            "percent": 0,
                            "vdom": null
                        },
                        {
                            "detail": "2023-07-26 12:11:06:install script 1176374 failed. Reason: Invalid data.",
                            "name": "script 1176374",
                            "percent": 100,
                            "vdom": null
                        }
                    ],
                    "ip": "",
                    "name": "script 1176374",
                    "oid": 1176374,
                    "percent": 100,
                    "start_tm": 1690337464,
                    "state": "error",
                    "vdom": ""
                }
            ],
            "num_done": 0,
            "num_err": 1,
            "num_lines": 1,
            "num_warn": 0,
            "percent": 100,
            "pid": 0,
            "src": "script installation",
            "start_tm": 1690337464,
            "state": "error",
            "title": "Run Script",
            "tot_percent": 100,
            "user": "api_user"
        },
        "response_message": "OK",
    "rc": 0
}

image

image
@dux-fortinet
Copy link

dux-fortinet commented Jul 26, 2023
edited
Loading

Hey @cpmoves,

I tried FMG v6.4.8 (managing one FGT V6.4.0) with fortinet.fortimanager 2.2.0. And I didn't encounter the problem you mentioned.

Could you please share the log file so I can figure out what is the cause?

You can get the log file by adding "enable_log: true" in your playbook:

- name: Run the Script
  fmgr_dvmdb_script_execute:
    bypass_validation: False
    adom: "{{ device_adom }}"
    dvmdb_script_execute:
      adom: "{{ device_adom }}"
      script: "{{ script_name }}"
      package: "{{ device_package }}"
      scope:
        - name: "{{ device_name }}"
          vdom: "{{ device_vdom }}"
    enable_log: true
  register: running_task

- name: Inspect the Task Status
  fmgr_fact:
    enable_log: true
    facts:
      selector: "task_task"
      params:
        task: "{{running_task.meta.response_data.task}}"
  register: taskinfo
  until: taskinfo.meta.response_data.percent == 100
  retries: 30
  delay: 3
  failed_when: taskinfo.meta.response_data.state == 'error'

And the log file will be in '/tmp/fortimanager.ansible.log'. Since the log data will be appended to this file every time you run a playbook, please remember to delete this file (remove history log data) before you run the playbook.

Thanks.

@cpmoves
Copy link
Author

cpmoves commented Jul 27, 2023 

2023-07-27 10:01:59.477841: request: {"method": "get", "params": [{"url": "/cli/global/system/status"}], "session": "UxFP7qpSfvcRXDujJm2hfgfbYsGYkye5iCwU4pK2BEP8WOIE6OKga3jqkNCp8PcIUk4Tn48fPgc0Bp6xy6Q9pA==", "id": 8, "verbose": 1}
2023-07-27 10:01:59.502906: response: {
   "id": 8,
   "result": [
      {
         "data": {
            "Admin Domain Configuration": "Enabled",
            "BIOS version": "04000002",
            "Branch Point": "2473",
            "Build": "2473",
            "Current Time": "Thu Jul 27 10:02:01 EST 2023",
            "Daylight Time Saving": "Yes",
            "FIPS Mode": "Disabled",
            "HA Mode": "Stand Alone",
            "Hostname": "FMG",
            "License Status": "Valid",
            "Major": 6,
            "Max Number of Admin Domains": 1010,
            "Max Number of Device Groups": 1010,
            "Minor": 4,
            "Offline Mode": "Disabled",
            "Patch": 8,
            "Platform Full Name": "FortiManager-VM64",
            "Platform Type": "FMG-VM64",
            "Release Version Information": " (GA)",
            "Serial Number": "FMG-VM0A12345678",
            "Time Zone": "xxxxxx",
            "Version": "v6.4.8-build2473 220503 (GA)",
            "x86-64 Applications": "Yes"
         },
         "status": {
            "code": 0,
            "message": "OK"
         },
         "url": "/cli/global/system/status"
      }
   ]
}
2023-07-27 10:01:59.503573: request: {"method": "exec", "params": [{"url": "/dvmdb/adom/PreProd-Lab/script/execute", "data": {"adom": "PreProd-Lab", "script": "Ansible_Script", "package": "PreProd-CDE", "scope": [{"name": "PreProd-CDE2-FW", "vdom": "root"}]}}], "session": "UxFP7qpSfvcRXDujJm2hfgfbYsGYkye5iCwU4pK2BEP8WOIE6OKga3jqkNCp8PcIUk4Tn48fPgc0Bp6xy6Q9pA==", "id": 9, "verbose": 1}
2023-07-27 10:01:59.632055: response: {
   "id": 9,
   "result": [
      {
         "data": {
            "task": 109234
         },
         "status": {
            "code": 0,
            "message": "OK"
         },
         "url": "/dvmdb/adom/PreProd-Lab/script/execute"
      }
   ]
}

Below are the details of the script which should be executed against the policy package.

            {
                "content": "config firewall service custom\n    edit \"Test-Service\"\n        set tcp-portrange 443\n    next\nend\nconfig firewall policy\n    edit 14\n        set service \"RDP\" \"Test-Service\"\n    next\nend\n",
                "desc": "A script created via Ansible",
                "filter_build": -1,
                "filter_device": 0,
                "filter_hostname": null,
                "filter_ostype": "unknown",
                "filter_osver": "unknown",
                "filter_platform": "",
                "filter_serial": null,
                "modification_time": "2023-07-25 18:41:32",
                "name": "Ansible_Script",
                "oid": 1176374,
                "script_schedule": null,
                "target": "adom_database",
                "type": "cli"
            },

Thank you.

@dux-fortinet
Copy link

dux-fortinet commented Jul 28, 2023
edited
Loading

Hi @cpmoves ,

I tried to reproduce your case, yet I didn't encounter the error. I can pass the script successfully.
Here is my script, for your reference. (FMG v6.4.8, fortinet.fortimanager 2.2.0)

- name: Apply a script to device
  hosts: fortimanagers
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortimanager
  vars:
    ansible_httpapi_use_ssl: True
    ansible_httpapi_validate_certs: False
    ansible_httpapi_port: 443
    device_adom: "root"
    script_name: "Ansible_Script"
    device_name: "XXXXXXXX"
    device_vdom: "root"
  tasks:
    - name: Create a Script to later execute
      fmgr_dvmdb_script:
        enable_log: true
        adom: "{{ device_adom }}"
        state: "present"
        dvmdb_script:
          name: "{{ script_name }}"
          desc: "A script created via Ansible"
          content: |
            config firewall service custom
                edit "Test-Service"
                    set tcp-portrange 443
                next
            end
            config firewall policy
                edit 1
                    set service "RDP" "Test-Service"
                next
            end
          target: "adom_database"
          type: "cli"
    - name: Run the Script
      fmgr_dvmdb_script_execute:
        enable_log: true
        adom: "{{ device_adom }}"
        dvmdb_script_execute:
          adom: "{{ device_adom }}"
          script: "{{ script_name }}"
          package: "XXXXXXXX_root"
          scope:
            - name: "{{ device_name }}"
              vdom: "{{ device_vdom }}"
      register: running_task
    - name: Inspect the Task Status
      fmgr_fact:
        enable_log: true
        facts:
          selector: "task_task"
          params:
            task: "{{running_task.meta.response_data.task}}"
      register: taskinfo
      until: taskinfo.meta.response_data.percent == 100
      retries: 30
      delay: 3
      failed_when: taskinfo.meta.response_data.state == 'error'
    - name: Display response 1
      debug:
        var: running_task
    - name: Display response 2
      debug:
        var: taskinfo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpmoves @dux-fortinet