Skip to content

michaelquickct/fortiplaybooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
collections
collections
 
 
files
files
 
 
group_vars
group_vars
 
 
README.md
README.md
 
 
fg_allow_ip.yaml
fg_allow_ip.yaml
 
 
fg_backup_config.yaml
fg_backup_config.yaml
 
 
fg_block_ip.yaml
fg_block_ip.yaml
 
 
fg_compliance_check.yml
fg_compliance_check.yml
 
 
fg_create_api_user.yml
fg_create_api_user.yml
 
 
fg_create_user.yml
fg_create_user.yml
 
 
fg_enable_policy_logging.yaml
fg_enable_policy_logging.yaml
 
 
fg_get_facts.yml
fg_get_facts.yml
 
 
fg_policy_update.yaml
fg_policy_update.yaml
 
 
fg_set_fw_policy.yml
fg_set_fw_policy.yml
 
 
fwebos_certificate_ca.yml
fwebos_certificate_ca.yml
 
 
fwebos_certificate_local_csr.yml
fwebos_certificate_local_csr.yml
 
 
fwebos_certificate_local_import_certificate.yml
fwebos_certificate_local_import_certificate.yml
 
 
fwebos_server_policy_add.yml
fwebos_server_policy_add.yml
 
 
fwebos_server_policy_delete.yml
fwebos_server_policy_delete.yml
 
 
fwebos_server_policy_edit.yml
fwebos_server_policy_edit.yml
 
 
fwebos_server_policy_get.yml
fwebos_server_policy_get.yml
 
 
fwebos_server_pool.yml
fwebos_server_pool.yml
 
 
fwebos_server_variables.yml
fwebos_server_variables.yml
 
 
fwebos_virtual_ip.yml
fwebos_virtual_ip.yml
 
 
fwebos_virtual_server.yml
fwebos_virtual_server.yml
 
 
fwebos_virtual_server_vip.yml
fwebos_virtual_server_vip.yml
 
 
inventory.yml
inventory.yml
 
 
new_fortiuser.yaml
new_fortiuser.yaml
 
 
setup.yml
setup.yml
 
 
waf_backup_config.yaml
waf_backup_config.yaml
 
 
waf_compliance_audit.yaml
waf_compliance_audit.yaml
 
 
waf_update_certificate.yaml
waf_update_certificate.yaml
 
 

Repository files navigation

fortiplaybooks

Repo to hold my Fortigate Anisble playbooks. Use at your own risk.

I set up an inventory file like below with the variables configured for my environment:

[fortiweb]
fortiweb1    ansible_host=<insert host here>

[fortigates]
fortigate1 ansible_host=<insert host here>

[fortiweb:vars]
ansible_user=<insert user here>
ansible_password=<insert password here>

[fortigates:vars]
ansible_user=<insert user here>
ansible_password=<insert password here>
cat group_vars/fortigates.yml 
ansible_network_os: fortinet.fortios.fortios
ansible_connection: httpapi
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
[fortiplaybooks]$ cat group_vars/fortiweb.yml 
---
ansible_network_os: fortinet.fortiweb.fwebos
ansible_connection: httpapi
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 8443

Make sure that the ansible_connection: httpapi is specified in the group_vars or inventory.

Had my first successful run of any fortiweb module, to create a virtual server: ansible-navigator run -mstdout fwebos_virtual_server.yml

Working playbooks:

  • fwebos_virtual_server.yml
  • fwebos_virtual_ip.yml
  • fwebos_virtual_server_vip.yml

Mostly working playbooks:

  • fwebos_certificate_ca.yml Will continue to add the same ca cert - not idempotent.

  • fwebos_certificate_local_csr.yml You can create the csr, but no way to download it automatically. Once you have downloaded it manually, you need to create the certificate manually, and store it somewhere. -- Run the playbook, then look in the gui in Server Objects -> Certificates -> Local

  • fwebos_certificate_local_import_certificate.yml You can't upload a certificate where the CSR was not generated on the Fortiweb. Supposedly you can upload the certificate and the key, but this hasn't worked yet for me.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages