/ home / community / community.general / 0.1.1 / module / ftd_install

community.general.ftd_install (0.1.1) — module

Installs FTD pkg image on the firewall

Authors: Cisco Systems, Inc. (@annikulin)

preview | supported by community

Install collection

Install with ansible-galaxy collection install community.general:==0.1.1

Add to requirements.yml

  collections:
    - name: community.general
      version: 0.1.1

Description

Provisioning module for FTD devices that installs ROMMON image (if needed) and FTD pkg image on the firewall.

Can be used with `httpapi` and `local` connection types. The `httpapi` is preferred, the `local` connection should be used only when the device cannot be accessed via REST API.

Requirements

python >= 3.5
firepower-kickstart

Usage examples

Scanned by Steampunk Spotter

  - name: Install image v6.3.0 on FTD 5516
    ftd_install:
      device_hostname: firepower
      device_password: pass
      device_ip: 192.168.0.1
      device_netmask: 255.255.255.0
      device_gateway: 192.168.0.254
      dns_server: 8.8.8.8

      console_ip: 10.89.0.0
      console_port: 2004
      console_username: console_user
      console_password: console_pass

      rommon_file_location: 'tftp://10.89.0.11/installers/ftd-boot-9.10.1.3.lfbff'
      image_file_location: 'https://10.89.0.11/installers/ftd-6.3.0-83.pkg'
      image_version: 6.3.0-83

Inputs

    
device_ip:
    description:
    - Device IP address of management interface.
    - If not specified and connection is 'httpapi`, the module tries to fetch the existing
      value via REST API.
    - For 'local' connection type, this parameter is mandatory.
    required: false
    type: str

console_ip:
    description:
    - IP address of a terminal server.
    - Used to set up an SSH connection with device's console port through the terminal
      server.
    required: true
    type: str

dns_server:
    description:
    - DNS IP address of management interface.
    - If not specified and connection is 'httpapi`, the module tries to fetch the existing
      value via REST API.
    - For 'local' connection type, this parameter is mandatory.
    required: false
    type: str

console_port:
    description:
    - Device's port on a terminal server.
    required: true
    type: str

device_model:
    choices:
    - Cisco ASA5506-X Threat Defense
    - Cisco ASA5508-X Threat Defense
    - Cisco ASA5516-X Threat Defense
    - Cisco Firepower 2110 Threat Defense
    - Cisco Firepower 2120 Threat Defense
    - Cisco Firepower 2130 Threat Defense
    - Cisco Firepower 2140 Threat Defense
    description:
    - Platform model of the device (e.g., 'Cisco ASA5506-X Threat Defense').
    - If not specified and connection is 'httpapi`, the module tries to fetch the device
      model via REST API.
    - For 'local' connection type, this parameter is mandatory.
    required: false
    type: str

force_install:
    default: false
    description:
    - Forces the FTD image to be installed even when the same version is already installed
      on the firewall.
    - By default, the module stops execution when the target version is installed in the
      device.
    required: false
    type: bool

image_version:
    description:
    - Version of FTD image to be installed.
    - Helps to compare target and current FTD versions to prevent unnecessary reinstalls.
    required: true
    type: str

device_gateway:
    description:
    - Device gateway of management interface.
    - If not specified and connection is 'httpapi`, the module tries to fetch the existing
      value via REST API.
    - For 'local' connection type, this parameter is mandatory.
    required: false
    type: str

device_netmask:
    description:
    - Device netmask of management interface.
    - If not specified and connection is 'httpapi`, the module tries to fetch the existing
      value via REST API.
    - For 'local' connection type, this parameter is mandatory.
    required: false
    type: str

search_domains:
    default: cisco.com
    description:
    - Search domains delimited by comma.
    - Defaulted to 'cisco.com' if not specified.
    required: false
    type: str

device_hostname:
    description:
    - Hostname of the device as appears in the prompt (e.g., 'firepower-5516').
    required: true
    type: str

device_password:
    description:
    - Password to login on the device.
    required: true
    type: str

device_username:
    default: admin
    description:
    - Username to login on the device.
    - Defaulted to 'admin' if not specified.
    required: false
    type: str

console_password:
    description:
    - Password to login on a terminal server.
    required: true
    type: str

console_username:
    description:
    - Username to login on a terminal server.
    required: true
    type: str

device_new_password:
    description:
    - New device password to set after image installation.
    - If not specified, current password from `device_password` property is reused.
    - Not applicable for ASA5500-X series devices.
    required: false
    type: str

image_file_location:
    description:
    - Path to the FTD pkg image on the server to be downloaded.
    - FTP, SCP, SFTP, TFTP, or HTTP protocols are usually supported, but may depend on
      the device model.
    required: true
    type: str

device_sudo_password:
    description:
    - Root password for the device. If not specified, `device_password` is used.
    required: false
    type: str

rommon_file_location:
    description:
    - Path to the boot (ROMMON) image on TFTP server.
    - Only TFTP is supported.
    required: true
    type: str

Outputs

msg:
  description: The message saying whether the image was installed or explaining why
    the installation failed.
  returned: always
  type: str