Try SpotterConfigure connection to SDN Connector in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sdn_connector category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure connection to SDN Connector.
fortios_system_sdn_connector:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_sdn_connector:
access_key: "<your_own_value>"
api_key: "<your_own_value>"
azure_region: "global"
client_id: "<your_own_value>"
client_secret: "<your_own_value>"
compartment_id: "<your_own_value>"
compute_generation: "2"
domain: "<your_own_value>"
external_account_list:
-
external_id: "<your_own_value>"
region_list:
-
region: "<your_own_value>"
role_arn: "<your_own_value>"
external_ip:
-
name: "default_name_17"
forwarding_rule:
-
rule_name: "<your_own_value>"
target: "<your_own_value>"
gcp_project: "<your_own_value>"
gcp_project_list:
-
gcp_zone_list:
-
name: "default_name_24"
id: "25"
group_name: "<your_own_value>"
ha_status: "disable"
ibm_region: "dallas"
ibm_region_gen1: "us-south"
ibm_region_gen2: "us-south"
key_passwd: "<your_own_value>"
login_endpoint: "<your_own_value>"
name: "default_name_33"
nic:
-
ip:
-
name: "default_name_36"
public_ip: "<your_own_value>"
resource_group: "<your_own_value>"
name: "default_name_39"
oci_cert: "<your_own_value> (source certificate.local.name)"
oci_fingerprint: "<your_own_value>"
oci_region: "phoenix"
oci_region_type: "commercial"
password: "<your_own_value>"
private_key: "<your_own_value>"
region: "<your_own_value>"
resource_group: "<your_own_value>"
resource_url: "<your_own_value>"
route:
-
name: "default_name_50"
route_table:
-
name: "default_name_52"
resource_group: "<your_own_value>"
route:
-
name: "default_name_55"
next_hop: "<your_own_value>"
subscription_id: "<your_own_value>"
secret_key: "<your_own_value>"
secret_token: "<your_own_value>"
server: "192.168.100.40"
server_list:
-
ip: "<your_own_value>"
server_port: "0"
service_account: "<your_own_value>"
status: "disable"
subscription_id: "<your_own_value>"
tenant_id: "<your_own_value>"
type: "aci"
update_interval: "60"
use_metadata_iam: "disable"
user_id: "<your_own_value>"
username: "<your_own_value>"
vcenter_password: "<your_own_value>"
vcenter_server: "<your_own_value>"
vcenter_username: "<your_own_value>"
verify_certificate: "disable"
vpc_id: "<your_own_value>"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
state:
choices:
- present
- absent
description:
- Indicates whether to create or remove the object.
required: true
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
system_sdn_connector:
default: null
description:
- Configure connection to SDN Connector.
suboptions:
access_key:
description:
- AWS / ACS access key ID.
type: str
api_key:
description:
- IBM cloud API key or service ID API key.
type: str
azure_region:
choices:
- global
- china
- germany
- usgov
- local
description:
- Azure server region.
type: str
client_id:
description:
- Azure client ID (application ID).
type: str
client_secret:
description:
- Azure client secret (application key).
type: str
compartment_id:
description:
- Compartment ID.
type: str
compute_generation:
description:
- Compute generation for IBM cloud infrastructure.
type: int
domain:
description:
- Domain name.
type: str
external_account_list:
description:
- Configure AWS external account list.
elements: dict
suboptions:
external_id:
description:
- AWS external ID.
type: str
region_list:
description:
- AWS region name list.
elements: dict
suboptions:
region:
description:
- AWS region name.
type: str
type: list
role_arn:
description:
- AWS role ARN to assume.
type: str
type: list
external_ip:
description:
- Configure GCP external IP.
elements: dict
suboptions:
name:
description:
- External IP name.
type: str
type: list
forwarding_rule:
description:
- Configure GCP forwarding rule.
elements: dict
suboptions:
rule_name:
description:
- Forwarding rule name.
type: str
target:
description:
- Target instance name.
type: str
type: list
gcp_project:
description:
- GCP project name.
type: str
gcp_project_list:
description:
- Configure GCP project list.
elements: dict
suboptions:
gcp_zone_list:
description:
- Configure GCP zone list.
elements: dict
suboptions:
name:
description:
- GCP zone name.
type: str
type: list
id:
description:
- GCP project ID.
type: str
type: list
group_name:
description:
- Group name of computers.
type: str
ha_status:
choices:
- disable
- enable
description:
- Enable/disable use for FortiGate HA service.
type: str
ibm_region:
choices:
- dallas
- washington-dc
- london
- frankfurt
- sydney
- tokyo
- osaka
- toronto
- sao-paulo
- us-south
- us-east
- germany
- great-britain
- japan
- australia
description:
- IBM cloud region name.
type: str
ibm_region_gen1:
choices:
- us-south
- us-east
- germany
- great-britain
- japan
- australia
description:
- IBM cloud compute generation 1 region name.
type: str
ibm_region_gen2:
choices:
- us-south
- us-east
- great-britain
description:
- IBM cloud compute generation 2 region name.
type: str
key_passwd:
description:
- Private key password.
type: str
login_endpoint:
description:
- Azure Stack login endpoint.
type: str
name:
description:
- SDN connector name.
required: true
type: str
nic:
description:
- Configure Azure network interface.
elements: dict
suboptions:
ip:
description:
- Configure IP configuration.
elements: dict
suboptions:
name:
description:
- IP configuration name.
type: str
public_ip:
description:
- Public IP name.
type: str
resource_group:
description:
- Resource group of Azure public IP.
type: str
type: list
name:
description:
- Network interface name.
type: str
type: list
oci_cert:
description:
- OCI certificate. Source certificate.local.name.
type: str
oci_fingerprint:
description:
- OCI pubkey fingerprint.
type: str
oci_region:
choices:
- phoenix
- ashburn
- frankfurt
- london
description:
- OCI server region.
type: str
oci_region_type:
choices:
- commercial
- government
description:
- OCI region type.
type: str
password:
description:
- Password of the remote SDN connector as login credentials.
type: str
private_key:
description:
- Private key of GCP service account.
type: str
region:
description:
- AWS / ACS region name.
type: str
resource_group:
description:
- Azure resource group.
type: str
resource_url:
description:
- Azure Stack resource URL.
type: str
route:
description:
- Configure GCP route.
elements: dict
suboptions:
name:
description:
- Route name.
type: str
type: list
route_table:
description:
- Configure Azure route table.
elements: dict
suboptions:
name:
description:
- Route table name.
type: str
resource_group:
description:
- Resource group of Azure route table.
type: str
route:
description:
- Configure Azure route.
elements: dict
suboptions:
name:
description:
- Route name.
type: str
next_hop:
description:
- Next hop address.
type: str
type: list
subscription_id:
description:
- Subscription ID of Azure route table.
type: str
type: list
secret_key:
description:
- AWS / ACS secret access key.
type: str
secret_token:
description:
- Secret token of Kubernetes service account.
type: str
server:
description:
- Server address of the remote SDN connector.
type: str
server_list:
description:
- Server address list of the remote SDN connector.
elements: dict
suboptions:
ip:
description:
- IPv4 address.
type: str
type: list
server_port:
description:
- Port number of the remote SDN connector.
type: int
service_account:
description:
- GCP service account email.
type: str
status:
choices:
- disable
- enable
description:
- Enable/disable connection to the remote SDN connector.
type: str
subscription_id:
description:
- Azure subscription ID.
type: str
tenant_id:
description:
- Tenant ID (directory ID).
type: str
type:
choices:
- aci
- alicloud
- aws
- azure
- gcp
- nsx
- nuage
- oci
- openstack
- kubernetes
- vmware
- sepm
- aci-direct
- ibm
- nutanix
- sap
description:
- Type of SDN connector.
type: str
update_interval:
description:
- Dynamic object update interval (30 - 3600 sec).
type: int
use_metadata_iam:
choices:
- disable
- enable
description:
- Enable/disable use of IAM role from metadata to call API.
type: str
user_id:
description:
- User ID.
type: str
username:
description:
- Username of the remote SDN connector as login credentials.
type: str
vcenter_password:
description:
- vCenter server password for NSX quarantine.
type: str
vcenter_server:
description:
- vCenter server address for NSX quarantine.
type: str
vcenter_username:
description:
- vCenter server username for NSX quarantine.
type: str
verify_certificate:
choices:
- disable
- enable
description:
- Enable/disable server certificate verification.
type: str
vpc_id:
description:
- AWS VPC ID.
type: str
type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str