API user not logging out after a failed playbook run

[Alcap]

Hi,

The last time I ran a playbook and it failed I noticed that the session was left hanging on the fortimanager GUI. The session was idle there for, at least, 10m and then I deleted it manually.

I'm happy to take point in solving this issue, I just wanted to confirm that more people are able to reproduce this. This occurred with the install policy module (fortimgr_install)

Thanks!

[jmcgill298]

can you provide the task and results from the task?

[Alcap]

Hi,

Sure. tasks: - name: Install policy fortimgr_install: host: "{{ ansible_host }}" username: "{{ ansible_user }}" password: "{{ ansible_password }}" adom: "{{ adom }}" check_install: True fortigate_name: "{{ fortigate}}" package: "{{ policy_package }}" vdom: "{{ vdom }}" install_flags: "generate_rev"

The task results: TASK [Install policy] ************************************************************************************************ task path: $HOME/dev/playbooks/install_policy_fortimanager.yaml:6 <1.1.1.1> ESTABLISH HTTP(S) CONNECTFOR USER: user1 TO http://1.1.1.1:80 <1.1.1.1> ESTABLISH LOCAL CONNECTION FOR USER: user2 <1.1.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo $HOME/.ansible/tmp/ansible-local-35579gp60i3yq"&& mkdir $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156 && echo ansible-tmp-1593816686.63519-35589-225658846582156="echo $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156" ) && sleep 0' Using module file $HOME/dev/fortimanager-ansible/library/fortimgr_install.py <1.1.1.1> PUT $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/tmp3hkcn08i TO $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py <1.1.1.1> EXEC /bin/sh -c 'chmod u+x $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/ $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py && sleep 0' <1.1.1.1> EXEC /bin/sh -c 'python $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py && sleep 0' <1.1.1.1> EXEC /bin/sh -c 'rm -f -r $HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "$HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py", line 114, in _ansiballz_main() File "$HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py", line 106, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "$HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py", line 49, in invoke_module imp.load_module('main', mod, module, MOD_DESC) File "$HOME/venv/lib64/python3.6/imp.py", line 235, in load_module return load_source(name, filename, file) File "$HOME/venv/lib64/python3.6/imp.py", line 170, in load_source module = _exec(spec, sys.modules[name]) File "", line 618, in _exec File "", line 678, in exec_module File "", line 219, in _call_with_frames_removed File "/tmp/ansible_fortimgr_install_payload_wvazu_x6/main.py", line 1613, in File "/tmp/ansible_fortimgr_install_payload_wvazu_x6/main.py", line 1590, in main KeyError: 'flags'

fatal: [fortigate]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File "$HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py", line 114, in \n _ansiballz_main()\n File "$HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py", line 106, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "$HOME/.ansible/tmp/ansible-local-35579gp60i3yq/ansible-tmp-1593816686.63519-35589-225658846582156/AnsiballZ_fortimgr_install.py", line 49, in invoke_module\n imp.load_module('main', mod, module, MOD_DESC)\n File "$HOME/venv/lib64/python3.6/imp.py", line 235, in load_module\n return load_source(name, filename, file)\n File "$HOME/venv/lib64/python3.6/imp.py", line 170, in load_source\n module = _exec(spec, sys.modules[name])\n File "", line 618, in _exec\n File "", line 678, in exec_module\n File "", line 219, in _call_with_frames_removed\n File "/tmp/ansible_fortimgr_install_payload_wvazu_x6/main.py", line 1613, in \n File "/tmp/ansible_fortimgr_install_payload_wvazu_x6/main.py", line 1590, in main\nKeyError: 'flags'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

This is just one of the failures that caused the hanging session. I was able to solve this by adding the install_flags option to the play. Some values have been obfuscated.

[Alcap]

In fact, I just noticed that this is happening also when it fails to lock the ADOM for editing. I reviewed the code quickly and it should be logging out the user, I'll have to debug further to know what is happening. Can anyone else reproduce this behaviour?

[jmcgill298]

looks like this needs to be caught after line 1589, do you want to put in the PR?

[Alcap]

Hi,

Yes, just not sure how long this will take because I'm still new to the module and ansible in general.

[Alcap]

Hi,

Just added a pull request for the log out feature when failure to aquire a lock: #86

I know that more actions, when failing, are not logging out the users, so I'll keep an eye on those and keep on submitting pull requests when I find them. I think we should keep this issue open to keep track of the remaining issues.

Please let me know if I did something wrong in this, as this is my first PR on a real project.