fortinet.fortimanager.fmgr_system_sdnconnector – Configure connection to SDN Connector.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_sdnconnector.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_sdnconnector
dictionary
the top level parameters set
_local_cert
string
_Local_Cert.
access-key
string
AWS access key ID.
api-key
string
IBM cloud API key or service ID API key.
azure-region
string
    Choices:
  • global
  • china
  • germany
  • usgov
  • local
Azure server region.
client-id
string
Azure client ID (application ID).
client-secret
string
Azure client secret (application key).
compartment-id
string
Compartment ID.
compute-generation
integer
Compute generation for IBM cloud infrastructure.
domain
string
Openstack domain.
external-ip
list / elements=string
External-Ip.
name
string
External IP name.
gcp-project
string
GCP project name.
group-name
string
Group name of computers.
ha-status
string
    Choices:
  • disable
  • enable
Enable/disable use for FortiGate HA service.
ibm-region
string
    Choices:
  • us-south
  • us-east
  • germany
  • great-britain
  • japan
  • australia
IBM cloud region name.
ibm-region-gen1
string
    Choices:
  • us-south
  • us-east
  • germany
  • great-britain
  • japan
  • australia
Ibm-Region-Gen1.
ibm-region-gen2
string
    Choices:
  • us-south
  • us-east
  • great-britain
Ibm-Region-Gen2.
key-passwd
string
Private key password.
last-update
integer
Last-Update.
login-endpoint
string
Azure Stack login enpoint.
name
string
SDN connector name.
nic
list / elements=string
Nic.
ip
list / elements=string
Ip.
name
string
IP configuration name.
public-ip
string
Public IP name.
resource-group
string
Resource group of Azure public IP.
name
string
Network interface name.
nsx-cert-fingerprint
string
NSX certificate fingerprint.
oci-cert
string
OCI certificate.
oci-fingerprint
string
Oci-Fingerprint.
oci-region
string
    Choices:
  • phoenix
  • ashburn
  • frankfurt
  • london
  • toronto
OCI server region.
oci-region-type
string
    Choices:
  • commercial
  • government
OCI region type.
password
string
Password of the remote SDN connector as login credentials.
private-key
string
Private key of GCP service account.
region
string
AWS region name.
resource-group
string
Azure resource group.
resource-url
string
Azure Stack resource URL.
rest-interface
string
    Choices:
  • mgmt
  • sync
Interface name for REST service to listen on.
rest-password
string
Password for REST service.
rest-sport
integer
REST service access port (1 - 65535).
rest-ssl
string
    Choices:
  • disable
  • enable
Rest-Ssl.
route
list / elements=string
Route.
name
string
Route name.
route-table
list / elements=string
Route-Table.
name
string
Route table name.
resource-group
string
Resource group of Azure route table.
route
list / elements=string
Route.
name
string
Route name.
next-hop
string
Next hop address.
subscription-id
string
Subscription ID of Azure route table.
secret-key
string
AWS / ACS secret access key.
secret-token
string
Secret token of Kubernetes service account.
server
string
Server address of the remote SDN connector.
server-list
string
Server address list of the remote SDN connector.
server-port
integer
Port number of the remote SDN connector.
service-account
string
GCP service account email.
status
string
    Choices:
  • disable
  • enable
Enable/disable connection to the remote SDN connector.
subscription-id
string
Azure subscription ID.
tenant-id
string
Tenant ID (directory ID).
type
string
    Choices:
  • aci
  • aws
  • nsx
  • nuage
  • azure
  • gcp
  • oci
  • openstack
  • kubernetes
  • vmware
  • acs
  • alicloud
  • sepm
  • aci-direct
  • ibm
  • nutanix
Type of SDN connector.
update-interval
integer
Dynamic object update interval (0 - 3600 sec, 0 means disabled, default = 60).
updating
integer
Updating.
use-metadata-iam
string
    Choices:
  • disable
  • enable
Enable/disable using IAM role from metadata to call API.
user-id
string
User ID.
username
string
Username of the remote SDN connector as login credentials.
vcenter-password
string
vCenter server password for NSX quarantine.
vcenter-server
string
vCenter server address for NSX quarantine.
vcenter-username
string
vCenter server username for NSX quarantine.
vmx-image-url
string
URL of web-hosted VMX image.
vmx-service-name
string
VMX Service name.
vpc-id
string
AWS VPC ID.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: gathering fortimanager facts
  hosts: fortimanager00
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortimanager
  vars:
    ansible_httpapi_use_ssl: True
    ansible_httpapi_validate_certs: False
    ansible_httpapi_port: 443
  tasks:
   - name: retrieve all the connections to SDN Connector
     fmgr_fact:
       facts:
           selector: 'system_sdnconnector'
           params:
               adom: 'ansible'
               sdn-connector: ''

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure connection to SDN Connector.
     fmgr_system_sdnconnector:
        bypass_validation: False
        adom: ansible
        state: present
        system_sdnconnector:
           azure-region: global #<value in [global, china, germany, ...]>
           #compartment-id: 1
           name: ansible-test-sdn
           password: fortinet
           server: ALL
           status: disable
           type: aws #<value in [aci, aws, nsx, ...]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)