Closed miguelnuf closed 2 months ago
name: "Create firewall sdwanzone SDWZONE{{customer_shortname}}_CORPORATE_1" fortinet.fortios.fortios_system_sdwan: access_token: "{{ fw_token_rw }}" vdom: "{{customer_vdom_name}}" member_state: "present" system_sdwan:
zone: name: "{{customer_vdom_sdwan_zone_name}}" service_sla_tie_break: "cfg-order"
do you have try this
zone:
- name: "{{customer_vdom_sdwan_zone_name}}"
service_sla_tie_break: "cfg-order"
do you have try this
zone: - name: "{{customer_vdom_sdwan_zone_name}}" service_sla_tie_break: "cfg-order"
I have already tried it but the Ansible Tower give me respond that there are 2 arguments.
\"/tmp/ansible_fortinet.fortios.fortios_system_sdwan_payload_p5b2fwmd/ansible_fortinet.fortios.fortios_system_sdwan_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py\", line 405, in do_member_operation\nTypeError: fail_json() takes 1 positional argument but 2 were given\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
Hi @miguelnuf ,
Welcome to use Ansible FOS collection, ansible is space sign sensitive, item start with "-" would be seem as a list. here is an example, if you still have issue when run your script please let me know. and that would be helpful if you can provide your FGT version and FOS ansible collection version by cmd ansible-galaxy collection list
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
gather_facts: false
vars:
vdom: root
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- fortios_system_sdwan:
vdom: root
system_sdwan:
zone:
- name: test1
service_sla_tie_break: cfg-order
- name: test45
service_sla_tie_break: fib-best-match
Thanks, Maxx
Forti OS 7.2.5 Ansible Engine 2.9.15 I have test it with Collection Version 2.3.3 and 2.2.3
Hi @miguelnuf ,
I notice that your error msg mentions about member operation, if you are doing member operation, could you try the follow script that works well on my side, by the way cfg-order
is the default value for service_sla_tie_break
, you need to type FGVMULTM23002230 (sdwan) # show full-configuration
to check if that argument is being set to the correct value. Let me know if that doesn't solve your problem.
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
gather_facts: false
vars:
vdom: root
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- fortios_system_sdwan:
vdom: root
member_path: zone:name
member_state: present
system_sdwan:
zone:
- name: test4
service_sla_tie_break: cfg-order
- name: test5
service_sla_tie_break: fib-best-match
Thanks, Maxx
Thanks it works now. Member_path was the missing component
Hello I try to improve the code. Now i have the Problem that i cant Activate SDWAN.
The first 2 Task works fine but on the Third I have problems.
name: "Create firewall sdwanzone SDWZONE{{ customer_shortname }}_CORPORATE_1" fortinet.fortios.fortios_system_sdwan: access_token: "{{ fw_token_rw }}" vdom: "{{ customer_vdom_name }}" member_state: "present" member_path: zone:name system_sdwan: zone:
name: "Create firewall sdwanmember SDMEMBER{{ customer_shortname }}" fortinet.fortios.fortios_system_sdwan: access_token: "{{ fw_token_rw }}" vdom: "{{ customer_vdom_name }}" member_state: "present" member_path: members:interface system_sdwan: members:
name: "Activation sdwan SDWAN_{{ customer_shortname }}" fortinet.fortios.fortios_system_sdwan: access_token: "{{ fw_token_rw }}" vdom: "{{ customer_vdom_name }}" member_state: "present" member_path: system_sdwan:status system_sdwan: status: "enable"
Can anyone help ?
Hi @miguelnuf ,
The "member operation" is used to configure blocks under an object. this operation corresponds to the configuration when you type 'config' In the CLI.
FGVMULTM23002230 (sdwan) # config
zone Configure SD-WAN zones.
members FortiGate interfaces added to the SD-WAN.
health-check SD-WAN status checking or health checking. Identify a server on the Internet and determine how SD-WAN verifies that the FortiGate can communicate with it.
neighbor Create SD-WAN neighbor from BGP neighbor table to control route advertisements according to SLA status.
service Create SD-WAN rules (also called services) to control how sessions are distributed to interfaces in the SD-WAN.
duplication Create SD-WAN duplication rule.
Here, 'zone', 'members', etc., can be edited specifically through the member operation without affecting other settings in the current SD-WAN configuration.status
is under SD-WAN, so we don't have to use the member operation. You are free to comment out those two arguments ('member_state' and 'member_path') from your task 3. Let me know if that doesn't solve your question.
tasks:
- fortios_system_sdwan:
vdom: root
# member_path: zone:name
# member_state: present
system_sdwan:
status: enable
Thanks, Maxx
Hi thanks its works
Could you explain me what the member_path Attribute is for ?
Hi @miguelnuf
In the above example, "member_path: zone:name", this indicates the path where new items should be added. "-name: test4" and "-name: test5" are the mkey that you wanna add items to them.
Thanks, Jie
Hello Everyone
I am starting with Ansible in my Company. My First Task was create a new SDWAN Zone. But I always get an error Message on the Part Zone:
Is something wrong with the Code or do I need to Update ?
Version: Ansible 2.9.15
name: "Create firewall sdwanzone SDWZONE{{customer_shortname}}_CORPORATE_1" fortinet.fortios.fortios_system_sdwan: access_token: "{{ fw_token_rw }}" vdom: "{{customer_vdom_name}}" member_state: "present" system_sdwan:
zone: name: "{{customer_vdom_sdwan_zone_name}}" service_sla_tie_break: "cfg-order"