Try SpotterConfigure OSPF in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ospf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure OSPF.
fortios_router_ospf:
vdom: "{{ vdom }}"
router_ospf:
abr_type: "cisco"
area:
-
authentication: "none"
comments: "<your_own_value>"
default_cost: "10"
filter_list:
-
direction: "in"
id: "10"
list: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
id: "12"
nssa_default_information_originate: "enable"
nssa_default_information_originate_metric: "10"
nssa_default_information_originate_metric_type: "1"
nssa_redistribution: "enable"
nssa_translator_role: "candidate"
range:
-
advertise: "disable"
id: "20"
prefix: "<your_own_value>"
substitute: "<your_own_value>"
substitute_status: "enable"
shortcut: "disable"
stub_type: "no-summary"
type: "regular"
virtual_link:
-
authentication: "none"
authentication_key: "<your_own_value>"
dead_interval: "40"
hello_interval: "10"
keychain: "<your_own_value> (source router.key-chain.name)"
md5_key: "<your_own_value>"
md5_keychain: "<your_own_value> (source router.key-chain.name)"
md5_keys:
-
id: "36"
key_string: "<your_own_value>"
name: "default_name_38"
peer: "<your_own_value>"
retransmit_interval: "5"
transmit_delay: "1"
auto_cost_ref_bandwidth: "1000"
bfd: "enable"
database_overflow: "enable"
database_overflow_max_lsas: "10000"
database_overflow_time_to_recover: "300"
default_information_metric: "10"
default_information_metric_type: "1"
default_information_originate: "enable"
default_information_route_map: "<your_own_value> (source router.route-map.name)"
default_metric: "10"
distance: "110"
distance_external: "110"
distance_inter_area: "110"
distance_intra_area: "110"
distribute_list:
-
access_list: "<your_own_value> (source router.access-list.name)"
id: "58"
protocol: "connected"
distribute_list_in: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
distribute_route_map_in: "<your_own_value> (source router.route-map.name)"
log_neighbour_changes: "enable"
neighbor:
-
cost: "0"
id: "65"
ip: "<your_own_value>"
poll_interval: "10"
priority: "1"
network:
-
area: "<your_own_value>"
comments: "<your_own_value>"
id: "72"
prefix: "<your_own_value>"
ospf_interface:
-
authentication: "none"
authentication_key: "<your_own_value>"
bfd: "global"
comments: "<your_own_value>"
cost: "0"
database_filter_out: "enable"
dead_interval: "0"
hello_interval: "0"
hello_multiplier: "0"
interface: "<your_own_value> (source system.interface.name)"
ip: "<your_own_value>"
keychain: "<your_own_value> (source router.key-chain.name)"
md5_key: "<your_own_value>"
md5_keychain: "<your_own_value> (source router.key-chain.name)"
md5_keys:
-
id: "90"
key_string: "<your_own_value>"
mtu: "0"
mtu_ignore: "enable"
name: "default_name_94"
network_type: "broadcast"
prefix_length: "0"
priority: "1"
resync_timeout: "40"
retransmit_interval: "5"
status: "disable"
transmit_delay: "1"
passive_interface:
-
name: "default_name_103 (source system.interface.name)"
redistribute:
-
metric: "0"
metric_type: "1"
name: "default_name_107"
routemap: "<your_own_value> (source router.route-map.name)"
status: "enable"
tag: "0"
restart_mode: "none"
restart_on_topology_change: "enable"
restart_period: "120"
rfc1583_compatible: "enable"
router_id: "<your_own_value>"
spf_timers: "<your_own_value>"
summary_address:
-
advertise: "disable"
id: "119"
prefix: "<your_own_value>"
tag: "0"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
router_ospf:
default: null
description:
- Configure OSPF.
suboptions:
abr_type:
choices:
- cisco
- ibm
- shortcut
- standard
description:
- Area border router type.
type: str
area:
description:
- OSPF area configuration.
elements: dict
suboptions:
authentication:
choices:
- none
- text
- message-digest
- md5
description:
- Authentication type.
type: str
comments:
description:
- Comment.
type: str
default_cost:
description:
- Summary default cost of stub or NSSA area.
type: int
filter_list:
description:
- OSPF area filter-list configuration.
elements: dict
suboptions:
direction:
choices:
- in
- out
description:
- Direction.
type: str
id:
description:
- Filter list entry ID.
type: int
list:
description:
- Access-list or prefix-list name. Source router.access-list.name router.prefix-list.name.
type: str
type: list
id:
description:
- Area entry IP address.
type: str
nssa_default_information_originate:
choices:
- enable
- always
- disable
description:
- Redistribute, advertise, or do not originate Type-7 default route into NSSA
area.
type: str
nssa_default_information_originate_metric:
description:
- OSPF default metric.
type: int
nssa_default_information_originate_metric_type:
choices:
- '1'
- '2'
description:
- OSPF metric type for default routes.
type: str
nssa_redistribution:
choices:
- enable
- disable
description:
- Enable/disable redistribute into NSSA area.
type: str
nssa_translator_role:
choices:
- candidate
- never
- always
description:
- NSSA translator role type.
type: str
range:
description:
- OSPF area range configuration.
elements: dict
suboptions:
advertise:
choices:
- disable
- enable
description:
- Enable/disable advertise status.
type: str
id:
description:
- Range entry ID.
type: int
prefix:
description:
- Prefix.
type: str
substitute:
description:
- Substitute prefix.
type: str
substitute_status:
choices:
- enable
- disable
description:
- Enable/disable substitute status.
type: str
type: list
shortcut:
choices:
- disable
- enable
- default
description:
- Enable/disable shortcut option.
type: str
stub_type:
choices:
- no-summary
- summary
description:
- Stub summary setting.
type: str
type:
choices:
- regular
- nssa
- stub
description:
- Area type setting.
type: str
virtual_link:
description:
- OSPF virtual link configuration.
elements: dict
suboptions:
authentication:
choices:
- none
- text
- message-digest
- md5
description:
- Authentication type.
type: str
authentication_key:
description:
- Authentication key.
type: str
dead_interval:
description:
- Dead interval.
type: int
hello_interval:
description:
- Hello interval.
type: int
keychain:
description:
- Message-digest key-chain name. Source router.key-chain.name.
type: str
md5_key:
description:
- MD5 key.
type: str
md5_keychain:
description:
- Authentication MD5 key-chain name. Source router.key-chain.name.
type: str
md5_keys:
description:
- MD5 key.
elements: dict
suboptions:
id:
description:
- Key ID (1 - 255).
type: int
key_string:
description:
- Password for the key.
type: str
type: list
name:
description:
- Virtual link entry name.
type: str
peer:
description:
- Peer IP.
type: str
retransmit_interval:
description:
- Retransmit interval.
type: int
transmit_delay:
description:
- Transmit delay.
type: int
type: list
type: list
auto_cost_ref_bandwidth:
description:
- Reference bandwidth in terms of megabits per second.
type: int
bfd:
choices:
- enable
- disable
description:
- Bidirectional Forwarding Detection (BFD).
type: str
database_overflow:
choices:
- enable
- disable
description:
- Enable/disable database overflow.
type: str
database_overflow_max_lsas:
description:
- Database overflow maximum LSAs.
type: int
database_overflow_time_to_recover:
description:
- Database overflow time to recover (sec).
type: int
default_information_metric:
description:
- Default information metric.
type: int
default_information_metric_type:
choices:
- '1'
- '2'
description:
- Default information metric type.
type: str
default_information_originate:
choices:
- enable
- always
- disable
description:
- Enable/disable generation of default route.
type: str
default_information_route_map:
description:
- Default information route map. Source router.route-map.name.
type: str
default_metric:
description:
- Default metric of redistribute routes.
type: int
distance:
description:
- Distance of the route.
type: int
distance_external:
description:
- Administrative external distance.
type: int
distance_inter_area:
description:
- Administrative inter-area distance.
type: int
distance_intra_area:
description:
- Administrative intra-area distance.
type: int
distribute_list:
description:
- Distribute list configuration.
elements: dict
suboptions:
access_list:
description:
- Access list name. Source router.access-list.name.
type: str
id:
description:
- Distribute list entry ID.
type: int
protocol:
choices:
- connected
- static
- rip
description:
- Protocol type.
type: str
type: list
distribute_list_in:
description:
- Filter incoming routes. Source router.access-list.name router.prefix-list.name.
type: str
distribute_route_map_in:
description:
- Filter incoming external routes by route-map. Source router.route-map.name.
type: str
log_neighbour_changes:
choices:
- enable
- disable
description:
- Log of OSPF neighbor changes.
type: str
neighbor:
description:
- OSPF neighbor configuration are used when OSPF runs on non-broadcast media.
elements: dict
suboptions:
cost:
description:
- Cost of the interface, value range from 0 to 65535, 0 means auto-cost.
type: int
id:
description:
- Neighbor entry ID.
type: int
ip:
description:
- Interface IP address of the neighbor.
type: str
poll_interval:
description:
- Poll interval time in seconds.
type: int
priority:
description:
- Priority.
type: int
type: list
network:
description:
- OSPF network configuration.
elements: dict
suboptions:
area:
description:
- Attach the network to area.
type: str
comments:
description:
- Comment.
type: str
id:
description:
- Network entry ID.
type: int
prefix:
description:
- Prefix.
type: str
type: list
ospf_interface:
description:
- OSPF interface configuration.
elements: dict
suboptions:
authentication:
choices:
- none
- text
- message-digest
- md5
description:
- Authentication type.
type: str
authentication_key:
description:
- Authentication key.
type: str
bfd:
choices:
- global
- enable
- disable
description:
- Bidirectional Forwarding Detection (BFD).
type: str
comments:
description:
- Comment.
type: str
cost:
description:
- Cost of the interface, value range from 0 to 65535, 0 means auto-cost.
type: int
database_filter_out:
choices:
- enable
- disable
description:
- Enable/disable control of flooding out LSAs.
type: str
dead_interval:
description:
- Dead interval.
type: int
hello_interval:
description:
- Hello interval.
type: int
hello_multiplier:
description:
- Number of hello packets within dead interval.
type: int
interface:
description:
- Configuration interface name. Source system.interface.name.
type: str
ip:
description:
- IP address.
type: str
keychain:
description:
- Message-digest key-chain name. Source router.key-chain.name.
type: str
md5_key:
description:
- MD5 key.
type: str
md5_keychain:
description:
- Authentication MD5 key-chain name. Source router.key-chain.name.
type: str
md5_keys:
description:
- MD5 key.
elements: dict
suboptions:
id:
description:
- Key ID (1 - 255).
type: int
key_string:
description:
- Password for the key.
type: str
type: list
mtu:
description:
- MTU for database description packets.
type: int
mtu_ignore:
choices:
- enable
- disable
description:
- Enable/disable ignore MTU.
type: str
name:
description:
- Interface entry name.
type: str
network_type:
choices:
- broadcast
- non-broadcast
- point-to-point
- point-to-multipoint
- point-to-multipoint-non-broadcast
description:
- Network type.
type: str
prefix_length:
description:
- Prefix length.
type: int
priority:
description:
- Priority.
type: int
resync_timeout:
description:
- Graceful restart neighbor resynchronization timeout.
type: int
retransmit_interval:
description:
- Retransmit interval.
type: int
status:
choices:
- disable
- enable
description:
- Enable/disable status.
type: str
transmit_delay:
description:
- Transmit delay.
type: int
type: list
passive_interface:
description:
- Passive interface configuration.
elements: dict
suboptions:
name:
description:
- Passive interface name. Source system.interface.name.
type: str
type: list
redistribute:
description:
- Redistribute configuration.
elements: dict
suboptions:
metric:
description:
- Redistribute metric setting.
type: int
metric_type:
choices:
- '1'
- '2'
description:
- Metric type.
type: str
name:
description:
- Redistribute name.
type: str
routemap:
description:
- Route map name. Source router.route-map.name.
type: str
status:
choices:
- enable
- disable
description:
- Status.
type: str
tag:
description:
- Tag value.
type: int
type: list
restart_mode:
choices:
- none
- lls
- graceful-restart
description:
- OSPF restart mode (graceful or LLS).
type: str
restart_on_topology_change:
choices:
- enable
- disable
description:
- Enable/disable continuing graceful restart upon topology change.
type: str
restart_period:
description:
- Graceful restart period.
type: int
rfc1583_compatible:
choices:
- enable
- disable
description:
- Enable/disable RFC1583 compatibility.
type: str
router_id:
description:
- Router ID.
type: str
spf_timers:
description:
- SPF calculation frequency.
type: str
summary_address:
description:
- IP address summary configuration.
elements: dict
suboptions:
advertise:
choices:
- disable
- enable
description:
- Enable/disable advertise status.
type: str
id:
description:
- Summary address entry ID.
type: int
prefix:
description:
- Prefix.
type: str
tag:
description:
- Tag value.
type: int
type: list
type: dict
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str