This article describes applications of Ansible to perform actions on FortiManager. Ansible are software tools to automate, provisioning, configuration management, and application deployment on multiple IT infrastructures. It can be applicable in FortiManager to automate the provisioning, configuration and management process at ease.
FortiManager.
1) Installation of Ansible in Linux:
Ansible installation can be executed with the Linux command below:
apt-get update
apt-get -y install ansible
Note:
Ensure the user is a root user.
2) Download FortiManager modules with Ansible with the command below:
Ansible-galaxy collection install fortinet.fortimanager
3) Create an inventory file to provide Ansible with FortiManager information:
### FortiManager Host###
[fortimanager]
fmg ansible_host=<FMG IP> ansible_user="<FMG API admin username>" ansible_password="<FMG API username password>"
### FortiGate Host###
Fgt_ansible_host=<FGT IP> ansible_user=”<FGT admin username” ansible_password=”<FGT username password>”
### FortiManager OS Modules ###
[fortimanager:vars]
ansible_network_os=fortinet.fortimanager.fortimanager
[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios
### Specify API connection with HTTP (default SSH)###
[all:vars]
ansible_connection=httpapi
ansible_httpapi_validate_certs=no
ansible_httpapi_use_ssl=yes
4) Enable JSON API Read-Write Access for the admin used in step 3:
Go to FortiManager -> System Settings -> Admin -> Administrators -> Edit the user -> Select Read-Write for JSON API Access.
5) Create and YAML file and prepare the script with the format below:
- hosts: <fortimanger host list in step 3>
tasks:
- name: <tasks name>
<Ansible Module>
<Configuration on FortiManager>
<Objects in the Configuration>
The sample below will provide the basic application of Ansible on FortiManager:
a) Add device with discover device (online device):
- hosts: fortimanager
collections:
- fortinet.fortimanager
tasks:
- name: add device
fmgr_dvm_cmd_discover_device:
dvm_cmd_discover_device:
device:
adm_usr: “admin”
adm_pass: “Fortinet”
ip: “x.x.x.x”
b) Add device with Model Device (offline device):
- hosts: fortimanager
collections:
- fortinet.fortimanager
tasks:
- name: Add device
fmgr_dvm_cmd_add_device:
dvm_cmd_add_device:
adom: root
device:
device action: add_model
mgmt._mode: fmg
os_ver: “7.0”
mr: 2
name: FGT_A
sn: FGVM0000001
- hosts: fortigates
collections:
- fortinet.fortios
tasks:
- name: central management
fortios_system_central_management:
system_central_management:
type: “fortimanager”
fmg: “x.x.x.x”
Note:
The Ansible command for FortiManager can be found in the link below:
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/index.html
6) After the YAML file is created, use the Ansible command below to run the file:
ansible-playbook -i <inventory file name> < YAML file name>
Related documents:
- https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/index.html.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.