Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kscurloc
New Contributor II

Ansible and FortiGate Initial Configuration

Does anyone have any suggestions on how to use Ansible to get around the admin initial password change of a brand new FortiGate?

 

We stage dozens of FortiGates a quarter in an isolated manner.  Having to manually enter in the admin password first doesn't truly make this approach "zero-touch".  We've been searching and trying with Ansible, but I'm missing something?

 

Thanks in advance for any help you can provide!  

1 Solution
kscurloc
New Contributor II

So, I'm not sure if this is the preferred way of doing this... but... I was able to figure it out by doing the following.  

 

HOSTS:

[fortigates]
fortigate_pr ansible_host=192.168.1.99 ansible_user="admin" ansible_password=""

 

[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios
fortigate_admin_password="password123"

 

YAML:

---

- hosts: fortigates
collections:
- fortinet.fortios
gather_facts: no
connection: ssh
vars:
vdom: "root"
ansible_httpapi_use_ssl: no
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 80
tasks:
- name: change admin password
raw: |
{{ fortigate_admin_password }}
{{ fortigate_admin_password }}
 
 

View solution in original post

3 REPLIES 3
ssudhakar
Staff
Staff

Hi there:

 

Can you please try the following and let me know if that works ?

 

https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_system_admin_module.htm...

 

Thank you,

Hope.

 

kscurloc
New Contributor II

Actually, that's been the URL I've been working off of.  

 

Again, this is a brand new FortiGate.  No passwords have been set.  I'm sure I'm missing something or doing something wrong.  To give you an idea of what I'm trying:

 

HOSTS:

[fortigates]
fortigate_pr ansible_host=192.168.1.99 ansible_user="admin" ansible_password=""

[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios

 

YAML:

---

- hosts: fortigates
connection: httpapi
collections:
- fortinet.fortios
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure Admin User.
fortios_system_admin:
vdom: "{{ vdom }}"
state: "present"
system_admin:
name: "admin"
password: "password123"

 

ERROR:

TASK [Configure Admin User.] ********************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Wrong credentials. Please check

 

 

 

kscurloc
New Contributor II

So, I'm not sure if this is the preferred way of doing this... but... I was able to figure it out by doing the following.  

 

HOSTS:

[fortigates]
fortigate_pr ansible_host=192.168.1.99 ansible_user="admin" ansible_password=""

 

[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios
fortigate_admin_password="password123"

 

YAML:

---

- hosts: fortigates
collections:
- fortinet.fortios
gather_facts: no
connection: ssh
vars:
vdom: "root"
ansible_httpapi_use_ssl: no
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 80
tasks:
- name: change admin password
raw: |
{{ fortigate_admin_password }}
{{ fortigate_admin_password }}
 
 
Labels
Top Kudoed Authors