"Unsupported parameters for (fortios_config) module: #43

[erishiamu]

Duplicate of:
"Unsupported parameters for (fortios_config) module: #43

using example playbook https://github.com/fortinet-solutions-cse/40ansible/blob/master/examples/fortigate_backup_config.yml, receive this error.

Ansible 2.9.1. I ran declare -x ANSIBLE_LIBRARY=/etc/ansible/library (all files from the 40ansible/library folder were copied into it).

I'm also not entirely clear where this backup config would be placed if this worked, does it store it locally on the fortigate? our goal is to copy it to the ansible host (and then store in a bitbucket repo)

[frankshen01]

Hi @erishiamu

Here are the successfully steps on my side:

root@sv:/samba/dev# echo $ANSIBLE_LIBRARY
/samba/dev/40ansible/

root@sv:/samba/dev# cat backt.yml
- hosts: localhost
#  strategy: debug
  vars:
   host:  "192.168.52.177"
   username: "admin"
   password: "admin"
   vdom: "sgd"
  tasks:
  - name: backup system config
    fortiosconfig:
     config: "system config backup"
     action: "backup"
     host:  "{{ host }}"
     username: "{{ username }}"
     password: "{{ password }}"
     vdom:  "{{ vdom }}"
     https: True
     ssl_verify: False
     config_parameters:
      filename: "backup_config_001"
      # Specify global or vdom only backup ["global" | "vdom"].
      scope: "global"

root@sv:/samba/dev# ansible-playbook backt.yml
[WARNING]: No inventory was parsed, only implicit localhost is available

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [localhost] ************************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************************
ok: [localhost]

TASK [backup system config] *************************************************************************************************************************************
ok: [localhost]

PLAY RECAP ******************************************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

root@sv:/samba/dev# ansible --version
ansible 2.10.0.dev0
  config file = None
  configured module search path = ['/samba/dev/40ansible']
  ansible python module location = /samba/01ansible_dev/ansible/lib/ansible
  executable location = /samba/01ansible_dev/ansible/bin/ansible
  python version = 3.7.3 (default, Oct  7 2019, 12:56:13) [GCC 8.3.0]
root@sv:/samba/dev#

Please set vdom in vars to an existing VDOM in your FortiGate. The backup file is saved in the same directory as your yml file, and the filename is set by "filename" in config_parameters.

Thanks

[erishiamu]

Hello,

I will try this. Thanks for clarifying.

A note on VDOM: we are not leveraging this feature. set vdom-admin disable is in the config. Is this required to be enabled to use the module?

[erishiamu]

This is the current playbook. I am not defining vdom (and we're not using it, I want a global backup as specified in scope?).

User and pass are specified in the hostfile.

I'm receiving this output when running the playbook. It is the same when vdom: "root" is added.

EDIT: ansible version.

[frankshen01]

@erishiamu I cannot reproduce the problem you mentioned, your configuration works fine on my side . Can you try a configuration similar to the following?

# cat zhost

[fortigates]
fortigate01 ansible_host=192.168.52.177 ansible_connection=local

[fortigates:vars]
ansible_user=admin
ansible_password=admin

# cat ztest.yml

- hosts: fortigates
  gather_facts: false
  vars:
  tasks:
  - name: backup system config
    fortiosconfig:
     config: "system config backup"
     action: "backup"
     host:  "{{ ansible_host }}"
     username: "{{ ansible_user }}"
     password: "{{ ansible_password }}"
     https: True
     ssl_verify: False
     config_parameters:
       filename: "zbackup_{{ inventory_hostname }}"
       scope: "global"

# ansible-playbook ztest.yml -i zhost

PLAY [fortigates] **************************************************************

TASK [backup system config] ****************************************************

PLAY RECAP *********************************************************************
fortigate01                : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

# cat zbackup_fortigate01|more

#config-version=FGVM64-6.2.0-FW-build0776-181025:opmode=0:vdom=1:user=admin
#conf_file_ver=222109938797034
#buildno=0776
#global_vdom=1

config vdom
edit root
next
edit def
next
.....

# ansible --version

ansible 2.10.0.dev0
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /samba/01ansible_dev/zzzzzz/ansible/lib/ansible
  executable location = /samba/01ansible_dev/zzzzzz/ansible/bin/ansible
  python version = 3.7.3 (default, Oct  7 2019, 12:56:13) [GCC 8.3.0]

#fortigate version

FortiGate-VM64 v6.2.0

[erishiamu]

I will replicate this now and attempt.

Question: I'm actually going to need to specify an https port to use for this, is that possible? I'll test with https: False, but we're using 443 for SSLVPN and I assume we cannot have both that and the web interface/api on the same port?

[erishiamu]

Alright. Not sure what the difference there is but I received different behavior copy pasting in your examples.

It does error out, but is timing out trying to access /logincheck. I am not able to do this through a web browser, but beyond the link on the repo to https://fndn.fortinet.net, I can't seem to find any documentation for the API or configuration. I attempted to create an api user on the FW, but this seems to reflect that I will need to use pki to authenticate whereas this module seems to allow username and password? I can reach out to fortigate support if needed (and I imagine I will since the FNDN seems to be where the documentation lives and it requires two sponsors for some reason), but some clarity would be appreciated if possible.

[erishiamu]

I reached out to Fortinet TAC and was advised that we would need to create an API admin user and utilize a key. Can I clarify how this is meant to interact with this module which is using a username/password combination to authenticate against the API?