fortinet.fortios.fortios_system_sdn_connector module – Configure connection to SDN Connector in Fortinet’s FortiOS and FortiGate.
Note
This module is part of the fortinet.fortios collection (version 2.2.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: fortinet.fortios.fortios_system_sdn_connector
.
New in fortinet.fortios 2.0.0
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and sdn_connector category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.9
Parameters
Parameter |
Comments |
---|---|
Token-based authentication. Generated from GUI of Fortigate. |
|
Enable/Disable logging for task. Choices:
|
|
Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
|
Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
|
Indicates whether to create or remove the object. Choices:
|
|
Configure connection to SDN Connector. |
|
AWS / ACS access key ID. |
|
IBM cloud API key or service ID API key. |
|
Azure server region. Choices:
|
|
Azure client ID (application ID). |
|
Azure client secret (application key). |
|
Compartment ID. |
|
Compute generation for IBM cloud infrastructure. |
|
Domain name. |
|
Configure AWS external account list. |
|
AWS external ID. |
|
AWS region name list. |
|
AWS region name. |
|
AWS role ARN to assume. |
|
Configure GCP external IP. |
|
External IP name. |
|
Configure GCP forwarding rule. |
|
Forwarding rule name. |
|
Target instance name. |
|
GCP project name. |
|
Configure GCP project list. |
|
Configure GCP zone list. |
|
GCP zone name. |
|
GCP project ID. |
|
Group name of computers. |
|
Enable/disable use for FortiGate HA service. Choices:
|
|
IBM cloud region name. Choices:
|
|
IBM cloud compute generation 1 region name. Choices:
|
|
IBM cloud compute generation 2 region name. Choices:
|
|
Private key password. |
|
Azure Stack login endpoint. |
|
SDN connector name. |
|
Configure Azure network interface. |
|
Configure IP configuration. |
|
IP configuration name. |
|
Public IP name. |
|
Resource group of Azure public IP. |
|
Network interface name. |
|
OCI certificate. Source certificate.local.name. |
|
OCI pubkey fingerprint. |
|
OCI server region. Choices:
|
|
OCI region type. Choices:
|
|
Password of the remote SDN connector as login credentials. |
|
Private key of GCP service account. |
|
AWS / ACS region name. |
|
Azure resource group. |
|
Azure Stack resource URL. |
|
Configure GCP route. |
|
Route name. |
|
Configure Azure route table. |
|
Route table name. |
|
Resource group of Azure route table. |
|
Configure Azure route. |
|
Route name. |
|
Next hop address. |
|
Subscription ID of Azure route table. |
|
AWS / ACS secret access key. |
|
Secret token of Kubernetes service account. |
|
Server address of the remote SDN connector. |
|
Server address list of the remote SDN connector. |
|
IPv4 address. |
|
Port number of the remote SDN connector. |
|
GCP service account email. |
|
Enable/disable connection to the remote SDN connector. Choices:
|
|
Azure subscription ID. |
|
Tenant ID (directory ID). |
|
Type of SDN connector. Choices:
|
|
Dynamic object update interval (30 - 3600 sec). |
|
Enable/disable use of IAM role from metadata to call API. Choices:
|
|
User ID. |
|
Username of the remote SDN connector as login credentials. |
|
vCenter server password for NSX quarantine. |
|
vCenter server address for NSX quarantine. |
|
vCenter server username for NSX quarantine. |
|
Enable/disable server certificate verification. Choices:
|
|
AWS VPC ID. |
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: |
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure connection to SDN Connector.
fortios_system_sdn_connector:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_sdn_connector:
access_key: "<your_own_value>"
api_key: "<your_own_value>"
azure_region: "global"
client_id: "<your_own_value>"
client_secret: "<your_own_value>"
compartment_id: "<your_own_value>"
compute_generation: "2"
domain: "<your_own_value>"
external_account_list:
-
external_id: "<your_own_value>"
region_list:
-
region: "<your_own_value>"
role_arn: "<your_own_value>"
external_ip:
-
name: "default_name_17"
forwarding_rule:
-
rule_name: "<your_own_value>"
target: "<your_own_value>"
gcp_project: "<your_own_value>"
gcp_project_list:
-
gcp_zone_list:
-
name: "default_name_24"
id: "25"
group_name: "<your_own_value>"
ha_status: "disable"
ibm_region: "dallas"
ibm_region_gen1: "us-south"
ibm_region_gen2: "us-south"
key_passwd: "<your_own_value>"
login_endpoint: "<your_own_value>"
name: "default_name_33"
nic:
-
ip:
-
name: "default_name_36"
public_ip: "<your_own_value>"
resource_group: "<your_own_value>"
name: "default_name_39"
oci_cert: "<your_own_value> (source certificate.local.name)"
oci_fingerprint: "<your_own_value>"
oci_region: "phoenix"
oci_region_type: "commercial"
password: "<your_own_value>"
private_key: "<your_own_value>"
region: "<your_own_value>"
resource_group: "<your_own_value>"
resource_url: "<your_own_value>"
route:
-
name: "default_name_50"
route_table:
-
name: "default_name_52"
resource_group: "<your_own_value>"
route:
-
name: "default_name_55"
next_hop: "<your_own_value>"
subscription_id: "<your_own_value>"
secret_key: "<your_own_value>"
secret_token: "<your_own_value>"
server: "192.168.100.40"
server_list:
-
ip: "<your_own_value>"
server_port: "0"
service_account: "<your_own_value>"
status: "disable"
subscription_id: "<your_own_value>"
tenant_id: "<your_own_value>"
type: "aci"
update_interval: "60"
use_metadata_iam: "disable"
user_id: "<your_own_value>"
username: "<your_own_value>"
vcenter_password: "<your_own_value>"
vcenter_server: "<your_own_value>"
vcenter_username: "<your_own_value>"
verify_certificate: "disable"
vpc_id: "<your_own_value>"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Build number of the fortigate image Returned: always Sample: |
|
Last method used to provision the content into FortiGate Returned: always Sample: |
|
Last result given by FortiGate on last operation applied Returned: always Sample: |
|
Master key (id) used in the last call to FortiGate Returned: success Sample: |
|
Name of the table used to fulfill the request Returned: always Sample: |
|
Path of the table used to fulfill the request Returned: always Sample: |
|
Internal revision number Returned: always Sample: |
|
Serial number of the unit Returned: always Sample: |
|
Indication of the operation’s result Returned: always Sample: |
|
Virtual domain used Returned: always Sample: |
|
Version of the FortiGate Returned: always Sample: |