fortios_address, fortios_config, fortios_ipv4_policy removed in patch release without deprecation

[gundalow]

Hi,
In ea07b61 you deleted:

• fortios_address
• fortios_config
• fortios_ipv4_policy

Without going through any deprecation cycle, also this was done in a patch release.
As these modules were released in Ansible 2.3 & 2.4 ea07b61#diff-2fc04ddd652278d20701a1eb10e7334dL18 you've broken anyone upgrading from Ansible 2.9 to 2.10 by deleting these three modules without going via any notice period.

If there are equalivent modules with new functionality you need to add a meta/runtime.yml direct to the new file
Or if not, you need to restore the files, mark as deprecated, then removed in a later release, see ansible-collections/community.kubernetes#165 for how a deprecated redirect would look like (search for k8s_facts).

@chillancezen @frankshen01 @JieX19 @bjolivot Could you please respond to this today.

[felixfontein]

Also, when releasing new versions, please stick to semantic versioning. Patch releases must only contain bugfixes, minor releases can have new features, and only major versions are allowed to break backwards compatibility (i.e. remove something).

[JieX19]

Hi @gundalow @felixfontein,

Thank you for pointing out the issue and the helpful guidance! We do have equivalent modules that operate the same functionalities. We're going to add a meta/runtime.ym to direct to the new files.

Thank you,
Jie

[gundalow]

Thanks for the quick response.

Could you please let me know which the new modules are so I can update ansible-base

[chillancezen]

hi @gundalow,
now we have the following mapping for deprecated modules:
fortios_config -> fortios_system_config_backup_restore
fortios_address -> fortios_firewall_address
fortios_ipv4_policy -> fortios_firewall_policy

these are with latest collection: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/tree/fos_v6.0.0/galaxy_1.0.14

thanks,
Link

[aegiacometti]

Hi, just FYI I tried to install that version but I get this error

adrian@adrian$ sudo ansible-galaxy collection install fortinet.fortios:1.0.14 -vvvv
ansible-galaxy 2.9.11
  config file = /home/adrian/.ansible.cfg
  configured module search path = ['/home/adrian/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/adrian/.local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible-galaxy
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]
Using /home/adrian/.ansible.cfg as config file
Found installed collection ansible.netcommon:1.0.0 at '/home/adrian/.ansible/collections/ansible_collections/ansible/netcommon'
Process install dependency map
Initial connection to galaxy_server: https://galaxy.ansible.com
Opened /home/adrian/.ansible/galaxy_token
Calling Galaxy at https://galaxy.ansible.com/api/
Processing requirement collection 'fortinet.fortios'
Collection requirement 'fortinet.fortios' is the name of a collection
Found API version 'v1, v2' with Galaxy server default (https://galaxy.ansible.com/api/)
Calling Galaxy at https://galaxy.ansible.com/api/v2/collections/fortinet/fortios/versions/1.0.14/
Collection 'fortinet.fortios' is not available from server default https://galaxy.ansible.com/api/
ERROR! Failed to find collection fortinet.fortios:1.0.14

[felixfontein]

The latest release on galaxy is 1.0.13, released two months ago: https://galaxy.ansible.com/fortinet/fortios

@chillancezen is there a reason that 1.0.14 was not published to galaxy?

[chillancezen]

he latest release on galaxy is 1.0.13, released two months ago: https://galaxy.ansible.com/fortinet/fortios

@chillancezen is there a reason that 1.0.14 was no

hi @felixfontein @aegiacometti , oh, I thought what we have to do is to make a new branch to github, not Galaxy.
I will release it in hours.

thanks,
Link

[chillancezen]

hi @aegiacometti @felixfontein ,

we have uploaded Galaxy FortiOS 1.0.14. please help review.

thanks,
Link

[mbdraks]

@chillancezen

Can you please rebuild the docs for 1.0.14?

Thanks!

[chillancezen]

@chillancezen

Can you please rebuild the docs for 1.0.14?

Thanks!

sure, I was planing to fix document before the end of tomorrow.

thanks Michel.
Link

[aegiacometti]

Thanks I will try it as soon as I say. (I like your nickname😉)Adrián.-El 15 ago. 2020 21:34, "Jie (Link) Zheng" <notifications@github.com> escribió: @chillancezen Can you please rebuild the docs for 1.0.14? Thanks! sure, I was planing to fix document before the end of tomorrow. thanks Michel. Link —You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.

[mbdraks]

The module fortios_system_config_backup_restore depends on fortiosapi. I understood that we should avoid that and use the httpapi were possible instead.

Is there any plans to update the module to use the httpapi or should I consider fortiosapi a requirement moving forward?

[chillancezen]

The module fortios_system_config_backup_restore depends on fortiosapi. I understood that we should avoid that and use the httpapi were possible instead.

Is there any plans to update the module to use the httpapi or should I consider fortiosapi a requirement moving forward?

per team's discussion, deprecating legacy fortiosapi is the major goal of next major release.
thanks @mbdraks Michel for this.

[aegiacometti]

@chillancezen
Hi I just tryied the backup and didn't work. Let me know how can I help

This is the PB (copied from fortios_system_config_backup_restore.py file in the modules directory)

- name: backup
  hosts: localhost
  connection: httpapi
  collections:
    - fortinet.fortios
  
  tasks:
    - name: backup global or a_specific_vdom settings
      fortios_system_config_backup_restore:
        config: "system config backup"
        vdom: "root"
        host: "x.x.x.x"
        username: "xxx"
        password: "xxx"
        backup: "yes"
        https: True
        ssl_verify: False
        scope: "vdom"
        filename: "./backup_test"

And this is the output error

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:860: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Traceback (most recent call last):
  File "/home/netauto/.ansible/tmp/ansible-tmp-1598522859.2322276-40133-177251021889239/AnsiballZ_fortios_system_config_backup_restore.py", line 102, in <module>
    _ansiballz_main()
  File "/home/netauto/.ansible/tmp/ansible-tmp-1598522859.2322276-40133-177251021889239/AnsiballZ_fortios_system_config_backup_restore.py", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/netauto/.ansible/tmp/ansible-tmp-1598522859.2322276-40133-177251021889239/AnsiballZ_fortios_system_config_backup_restore.py", line 40, in invoke_module
    runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_system_config_backup_restore', init_globals=None, run_name='__main__', alter_sys=True)
  File "/usr/lib/python3.6/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_fortios_system_config_backup_restore_payload_nygo9j3e/ansible_fortios_system_config_backup_restore_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py", line 344, in <module>
  File "/tmp/ansible_fortios_system_config_backup_restore_payload_nygo9j3e/ansible_fortios_system_config_backup_restore_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py", line 329, in main
  File "/tmp/ansible_fortios_system_config_backup_restore_payload_nygo9j3e/ansible_fortios_system_config_backup_restore_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_system_config_backup_restore.py", line 211, in fortigate_backup
KeyError: 'results'

[JieX19]

@aegiacometti,

This module is the only one relies on fortiosapi, which will be deprecated in the next major release. Can you please check if fortiosapi is installed?

[JieX19]

@aegiacometti

This module is the only one relies on fortiosapi, which will be deprecated in the next major release. Can you please check if fortiosapi is installed? Using command: pip list to check.
Using command: pip install fortiosapi to install it if it's not existing.

Because it's using the legacy mode you cannot using any variables starting with ansible in your hosts file, like ansible_username etc.

Here's a workaround to solve the issue.

- hosts: localhost
  collections:
    - fortinet.fortios
  vars:
    vdom: "root"
    host: "198.168.10.21"
    username: "admin"
    password: ""
  tasks:
  - name: backup global
    fortios_system_config_backup_restore:
      config: "system config backup"
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom: "{{ vdom }}"
      backup: "yes"
      https: True
      ssl_verify: False
      scope: "global"
      filename: "./backup_global_test"

[aegiacometti]

@JieX19
Hi, yes I did have fortiosapi installed.
I tried to debug by adding a simple print(resp) in the line 207 of the file fortios_system_config_backup_restore.py, and bingo.
I was able to see that I was having an HTTP 403 response code.

{'http_method': 'GET', 'status': 'error', 'http_status': 403, 'vdom': 'root', 'path': 'system', 'name': 'config', 'action': 'backup', 'serial': 'FG6H1E5819901691', 'version': 'v6.2.2', 'build': 1010}

From there I found that the user profile for backup HAS to be super_admin, and not super_admin_readonly which doesn't have enough privileges.

So, sorry, my bad.

Thanks a lot for your quick support!!!