Description
This article describes how to review the Ansible and API calls and how to troubleshoot them.
Scope
FortiManager, FortiAnalyzer.
Solution
For this article, identical Ansible and API calls have been compared, and errors were observed. The API call is the one used to run/execute a CLI script from FortiManager:
{
"method": "exec",
"params": [
{
"data": {
"adom": "root",
"package": "test",
"scope": [
{
"name": "test",
"vdom": "root"
}
],
"script": "ansible-test4",
"target": "remote_device"
},
"url": "/dvmdb/adom/root/script/execute"
}
],
"session": "'$APITOKEN'",
"verbose": 0,
"id": 6
}
The same from the Ansible side is:
---
- name: Apply a script to device
hosts: fortimanager
gather_facts: false
connection: httpapi
- name: Example playbook
hosts: fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Run script.
fortinet.fortimanager.fmgr_dvmdb_script_execute:
bypass_validation: false
adom: root
dvmdb_script_execute:
adom: root
package: test
scope:
- name: ansible-test4
vdom: root
script: ansible-test4
In this example, the API call was successfully executed.
When the Ansible was executed it gives an error.
To understand more about the issue, the debug command was run under the FortiManager (present in the troubleshooting section of this article).
API call from the FortiManager debug:
{
"client": "\\/usr\\/local\\/apache2\\/bin\\/httpd:2372",
"extid": 6,
"id": 375,
"method": "exec",
"params": [
{
"data": {
"adom": "root",
"package": "test",
"scope": [
{
"name": "test",
"vdom": "root"
}
],
"script": "ansible-test4",
"target": "remote_device"
},
"target start": 1,
"url": "\\/dvmdb\\/adom\\/root\\/script\\/execute"
}
],
"session": "Ka1Qzn6+W0GjbMxXnT5PS8zsG6CFscf+ol2SUjKOL0PWXx+OnmuDDOZy1n+I\\/QjnIbsAnt8Ln7Aeh9uUnt89ZQ==",
"src": "192.168.1.1",
"verbose": 1
}
{
"id": 375,
"result": [
{
"data": {
"task": 76
},
"status": {
"code": 0,
"message": "OK"
},
"url": "\\/dvmdb\\/adom\\/root\\/script\\/execute"
}
]
}
Ansible call from the debug:
{
"client": "\\/usr\\/local\\/apache2\\/bin\\/httpd:2372",
"extid": 5,
"id": 380,
"method": "exec",
"params": [
{
"data": {
"adom": "root",
"package": "test",
"scope": [
{
"name": "ansible-test4",
"vdom": "root"
}
],
"script": "ansible-test4"
},
"target start": 1,
"url": "\\/dvmdb\\/adom\\/root\\/script\\/execute"
}
],
"session": "ByGhczZXmm8ZTU1o3NIkIzdTBfaaafoVSytmoq5r2bx7Z91eYDWWc7vJZSgcVVCPyuuwFZkiMt4mhzgKeXYrSQ==",
"src": "192.168.1.1",
"verbose": 1
}
{
"id": 380,
"result": [
{
"status": {
"code": -8,
"message": "Invalid parameter"
},
"url": "\\/dvmdb\\/adom\\/root\\/script\\/execute"
}
]
}
In this case, the issue was in the scope name of the Ansible call after changing it to the same as in the API call it was successfully executing the script.
Troubleshooting:
The YAML files can be tested as first step of the troubleshooting.
yamllint some.yaml
ansible-lint some.yaml
If this is successful use the Ansible in verbose mode to give the full output.
ansible-playbook -vvv -i inventory test3.yaml
From FortiManager side use the following debug commands:
diagnose debug reset
diagnose debug service dvmcmd 255
diagnose debug enable
After the output is gathered:
diagnose debug disable
diagnose debug reset
In some cases can be used the other service debugs.
diagnose debug service ?
Use the ? to review the other options. The task monitor also is giving the status of the job.
Related articles:
Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud
FortiManager Ansible Collection documentation
API References:
https://how-to-fortimanager-api.readthedocs.io/en/latest/001_fmg_json_api_introduction.html
