Error in repo when using fortios_system_admin to configure ssh_public_key #68497
Labels
affects_2.9
This issue/PR affects Ansible v2.9
bug
This issue/PR relates to a bug.
collection:frankshen01.testfortios
collection
Related to Ansible Collections work
fortios
Fortios community
module
This issue/PR relates to a module.
needs_collection_redirect
https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md
networking
Network category
support:community
This issue/PR relates to code supported by the Ansible community.
Comments
|
Files identified in the description: If these files are incorrect, please update the |
|
@yamjoepobuda, just so you are aware we have a dedicated Working Group for network. |
ansibot
added
affects_2.9
|
Hi @yamjoepobuda unfortunately, due to the way the FortiOS handles errors, it doesn't return them through the API. What you're probably better doing, particularly as you've got this in a test environment, is to do this, before you run the above playbook.
You'll see it do something like (sourced from a post I wrote a couple of years ago: https://jon.sprig.gs/blog/post/929) If you then try and run that sequence of commands yourself, it'll say why that command wouldn't run. I went around this quite a bit with the Fortinet TAC team when I was working on this stuff more heavily, before it was mainlined. You might also see some more useful content by trying to execute |
|
Debug output from the firewall: Debug output from the task: |
|
And what happens if you paste that line into the firewall command line
directly?
…On Sat, 28 Mar 2020, 01:46 Joe, ***@***.***> wrote:
Debug output from the firewall:
fw-60e-a #
fw-60e-a #
fw-60e-a # 0: config system admin
0: edit "johndoe"
0: unset ssh-public-key1
-651: set ssh-public-key1 "AAAAB3NzaC1yc2EAAAADAQABAAABAQDR3N6ygJB0quJM4586+Txw04ugV3JtUYn4uZJ0PA7ePafJtNvv4DAYPLWuvwOPrk3u5kaRew1eIhLrj7CgsI/nrKB4F7LHUQ8Fd1pJte13i7mTW8BlNbs4ilGSDLdZOpmJU0+Xdfoon/xvoVzK6RCcoaA3+Q/WW2ASlrKmzRhm4Gp/oQrnFE9cUI+s8YfAtR10FAmYEDRezhypy672nccZh4pwHR6s/DgxsqR28JS/X2OvAj5/ErouqIelTNtFmyU/wNhPMYCmKlh5R1wZyPUk98lqA2ReFS8/O+1cN4eQAjHY5956y5zl7yMTCFrMPvscTcP1tl4JLRMg1P/jLmVV"
(skipped) unset ssh-public-key2
(skipped) unset ssh-public-key3
(skipped) set ssh-public-key3 "__omit_place_holder__718b3b734010dbb252cfdb4c8140695491dc8fa9"
11506 0 cmd =
config system admin
edit johndoe
unset ssh-public-key1
abort
Debug output from the task:
ok: [fw-60e.test.internal] => {
"_ssh_key_1": {
"changed": false,
"failed": true,
"msg": "All items completed",
"results": [
{
"ansible_loop_var": "item",
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"host": "fw-60e.test.internal:8443",
"https": true,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ssl_verify": false,
"state": "present",
"system_admin": {
"accprofile": null,
"accprofile_override": null,
"allow_remove_admin_session": null,
"comments": null,
"email_to": null,
"force_password_change": null,
"fortitoken": null,
"guest_auth": null,
"guest_lang": null,
"guest_usergroups": null,
"gui_dashboard": null,
"gui_global_menu_favorites": null,
"gui_vdom_menu_favorites": null,
"hidden": null,
"history0": null,
"history1": null,
"ip6_trusthost1": null,
"ip6_trusthost10": null,
"ip6_trusthost2": null,
"ip6_trusthost3": null,
"ip6_trusthost4": null,
"ip6_trusthost5": null,
"ip6_trusthost6": null,
"ip6_trusthost7": null,
"ip6_trusthost8": null,
"ip6_trusthost9": null,
"login_time": null,
"name": "johndoe",
"password": null,
"password_expire": null,
"peer_auth": null,
"peer_group": null,
"radius_vdom_override": null,
"remote_auth": null,
"remote_group": null,
"schedule": null,
"sms_custom_server": null,
"sms_phone": null,
"sms_server": null,
"ssh_certificate": null,
"ssh_public_key1": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR3N6ygJB0quJM4586+Txw04ugV3JtUYn4uZJ0PA7ePafJtNvv4DAYPLWuvwOPrk3u5kaRew1eIhLrj7CgsI/nrKB4F7LHUQ8Fd1pJte13i7mTW8BlNbs4ilGSDLdZOpmJU0+Xdfoon/xvoVzK6RCcoaA3+Q/WW2ASlrKmzRhm4Gp/oQrnFE9cUI+s8YfAtR10FAmYEDRezhypy672nccZh4pwHR6s/DgxsqR28JS/X2OvAj5/ErouqIelTNtFmyU/wNhPMYCmKlh5R1wZyPUk98lqA2ReFS8/O+1cN4eQAjHY5956y5zl7yMTCFrMPvscTcP1tl4JLRMg1P/jLmVV",
"ssh_public_key2": null,
"ssh_public_key3": null,
"state": null,
"trusthost1": null,
"trusthost10": null,
"trusthost2": null,
"trusthost3": null,
"trusthost4": null,
"trusthost5": null,
"trusthost6": null,
"trusthost7": null,
"trusthost8": null,
"trusthost9": null,
"two_factor": null,
"vdom": null,
"wildcard": null
},
"username": "admin",
"vdom": "root"
}
},
"item": "johndoe",
"meta": {
"build":335,
"error": -5,
"http_method": "POST",
"http_status": 500,
"name": "admin",
"path": "system",
"revision": "196.0.0.2736635036.1581028194",
"serial": "FGT60EXXXXXXXXXX",
"status": "error",
"vdom": "root",
"version": "v6.0.9"
},
"msg": "Error in repo"
}
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#68497 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABX2P72LIGAOEVI4BNIEGLRJVJIBANCNFSM4LUODS3A>
.
|
If you look at the debug output above, you'll see that the full string is there... but for some reason it looks like it's truncating the "ssh-rsa" |
|
A suggestion, depending on the outcome of this issue... Here's the syntax per the FortOS manual: Might be nice to have something like this as a configuration option, where rsa is default. Behind the scenes, key-type would translate https://docs.ansible.com/ansible/latest/modules/fortios_system_admin_module.html
|
ansibot
added
collection
danielmellado
removed
the
needs_triage
|
Thank you very much for your interest in Ansible. This plugin is no longer maintained in this repository and has been migrated to https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
SUMMARY
When attempting to add ssh keys (ssh_public_key1, ssh_public_key2, ssh_public_key3) to adminisistrators using the fortios_system_admin module, the task errors out with a non-descriptive message. Running the same play with "ssh_public_key1" line commented out, the task completes successfully.
I've attempted to define each of the three keys individually, as well as all 3 keys at the same time. I've also reviewed Fortinet's official documentation for this config section (https://kb.fortinet.com/kb/documentLink.do?externalID=FD38771) and the format appears to be what the device is expecting.
ISSUE TYPE
COMPONENT NAME
fortios_system_admin
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
ubuntu: 18.04
ansible_version: 2.9.6
Fortigate OS: 6.0.9
Fortigate hardware: 60E
Fortigate OS: 6.0.6
Fortigate hardware: 600D, 300D
STEPS TO REPRODUCE
Notable vars:
Ansible task:
EXPECTED RESULTS
ACTUAL RESULTS
Task errors with "Error in repo" on every device, on every run. Unfortunately, every failure I've ever experienced with these modules has had the same error message. I wish this were more descriptive, but I digress.
The command does not get entered into FortiOS. Manually entering the command via cli or FortiManager works fine without issue. Running the same module without ssh_public_key1 defined completes successfully.
Non-verbose output:
Verbose output (only 1 example shown, since they're all the same):
The text was updated successfully, but these errors were encountered: