fortigate / fortinet

[Andrew Meyer]

Has anyone gotten a fortinet/fortigate playbook to work?  I have a Fortigate 100D running 6.2.2 and I can't get it to pass an ansible ping.

[Andrew Meyer]

Here is what I am getting:

ansible -m ping 10.150.1.1 --user=ansible
[WARNING]: sftp transfer mechanism failed on [10.150.1.1]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [10.150.1.1]. Use ANSIBLE_DEBUG=1 to see detailed information
10.150.1.1 | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to 10.150.1.1 closed.\r\n",
"module_stdout": "fw01 # Unknown action 0\r\n\r\nfw01 # ",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 0
}

ansible -m ping fw01.loc.example.com --user=ansible
[WARNING]: sftp transfer mechanism failed on [fw01.loc.example.com]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [fw01.loc.example.com]. Use ANSIBLE_DEBUG=1 to see detailed information
fw01.loc.example.com | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to fw01.loc.example.com closed.\r\n",
"module_stdout": "fw01 # Unknown action 0\r\n\r\nfw01 # ",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 0
}

[Kai Stian Olstad]

On Thu, May 07, 2020 at 06:03:47AM -0700, Andrew Meyer wrote:
> Here is what I am getting:
>
> ansible -m ping 10.150.1.1 --user=ansible
> [WARNING]: sftp transfer mechanism failed on [10.150.1.1]. Use
> ANSIBLE_DEBUG=1 to see detailed information
> [WARNING]: scp transfer mechanism failed on [10.150.1.1]. Use
> ANSIBLE_DEBUG=1 to see detailed information
> 10.150.1.1 | FAILED! => {
> "changed": false,
> "module_stderr": "Shared connection to 10.150.1.1 closed.\r\n",
> "module_stdout": "fw01 # Unknown action 0\r\n\r\nfw01 # ",
> "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
> "rc": 0
> }
>

> On Wednesday, May 6, 2020 at 2:49:51 PM UTC-5, Andrew Meyer wrote:
> >
> > Has anyone gotten a fortinet/fortigate playbook to work? I have a
> > Fortigate 100D running 6.2.2 and I can't get it to pass an ansible ping.

I don't know what a Fortigate is, but I guess some kind of network equipment.

Ansible ping is not a ICMP ping, it's a module that copies a Python script to
the remote host and run the Python script on that host.

Most network equipment doesn't have a proper shell(which "default" Ansible need) and Python installed.

So to use Ansible you need to use the raw and/or expect module so interact with the device.
You also have Ansible for Network that might work
https://docs.ansible.com/ansible/latest/network/index.html

--
Kai Stian Olstad

[Robert Grätz]

Hallo Andrew,

I had the same problem as you. Please use https://galaxy.ansible.com/fortinet/fortios. This works very well.

[dvenur...@gmail.com]

Hi Robert,

Are you able to run playbooks using fortinet galaxy collections.

Actually I am facing issue using it.

Can you please show how you maintain inventory file and playbook with sample values.

Is it work with python2 interpreter.

I am getting timeout error.

---
- hosts: fortigate
  collections:
   - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   #ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   #ansible_httpapi_port: 443
  tasks:
  - name: Configure global attributes.
    fortios_system_global:
      vdom:  "{{ vdom }}"
      system_global:
         pre_login_banner: "enable"

[fortigate]

[fortigate:vars]

xx.xx.xx.xx

ansible_network_os=fortinet.fortios.fortios
ansible_python_interpreter=/usr/bin/python3
ansible_user=xxxx
ansible_password=xxxx

[dvenur...@gmail.com]

my ansible is on python2.7 I have tried by change ansible_python_interpreter=/usr/bin/python3  but nothing works out can you please help here.