No write permission
jklasd8899 opened this issue · comments
Following is how my inventory file looks like based on example provided on https://ftnt-ansible-docs.readthedocs.io/en/latest/fmgr_getting_started.html.
[fortimanager]
IP_ADDR_FM ansible_host= IP_ADDR_FM
[fortimanager:vars]
ansible_network_os=fortimanager
ansible_user=USERNAME
ansible_password=PASSWORD
ansible_become=no
ansible_become_method=disable
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_httpapi_timeout=300
Playbook -
-
name: CONFIG FMGR FIREWALL OBJECTS
hosts: fortimanager
connection: httpapi
gather_facts: Falsetasks:
- name: ADD VERY BASIC IPV4 POLICY WITH NO NAT (WIDE OPEN)
fmgr_fwpol_ipv4:
mode: "add"
adom: "ADOM_NAME"
package_name: "default"
name: "Basic_IPv4_Policy"
comments: "Example"
action: "accept"
dstaddr: "all"
srcaddr: "all"
dstintf: "any"
srcintf: "any"
logtraffic: "utm"
service: "ALL"
schedule: "always"
ignore_errors: yes
ignore_unreachable: yes
- name: ADD VERY BASIC IPV4 POLICY WITH NO NAT (WIDE OPEN)
The user is provisioned with "set rpc-permit read-write".
However on execution of playbook receive the following error
"msg": "no write permission",
"rc": -10147,
"unreachable": false
Looks like the issue maybe with locking the ADOM before making config changes and then also to unlock the ADOM once the task is complete. The guide does not describe how to lock and unlock the ADOM for config changes on fortimanager.
having the same issue, what is your solution?
The module_utils/network/fortimanager/fortimanager.py and plugins/httpapi/fortimanager.py files were updated in this project to handle the issue. Standard Ansible plugins are not up-to-date so you will have to clone this repo and update the files.