fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue?

[chr00ted]

Once again, thank you for fortios ansible collection! I'm sure this is operator error, hoping you can point me in the right direction. In my playbook I'm telling the firewall to download the update from fortinet (like I would in the GUI). What am I misssing?

I'm using the following playbook:

`---

• hosts: all connection: httpapi gather_facts: no vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 ansible_network_os: fortinet.fortios.fortios tasks:
  • name: Upgrade Firmware fortinet.fortios.fortios_monitor: vdom: "{{ vdom }}" selector: 'upgrade.system.firmware' params: source: fortiguard filename: v7.2.7`

When it runs, it shows successful, but when I look at the actual debug, I'm seeing:

"changed": false, "meta": { **"httpmethod": "POST", "results": { "status": "error", "error": { "message": "downloadfailed"** } }, "vdom": "root", "path": "system", "name": "firmware", "action": "upgrade", "status": "success", "serial": "FG100FTK2323456", "version": "v7.2.6", "build": 1575 }, "invocation": { "module_args": { "vdom": "root", "selector": "upgrade.system.firmware", "params": { "source": "fortiguard", "filename": "v7.2.7" }, "enable_log": false, "access_token": null } },

I have even tried: filename: FGT_100F-v7.2.7.M-build1577-FORTINET.out in my playbook with the same results.

[MaxxLiu22]

Hi @chr00ted ,

Thank you for raising this question, The file name would be set as ID from FortiGuard available firmware that is different from the version number we usually see, but I don't find all the mapping data, here 07004000FIMG0012004003 stands for v7.4.3,build2573, you may save firmware file to local and upload it your FGT to switch versions, let me know if that doesn't satisfy your need.

  - name: "Upgrade Firmware"
    register: result
    fortios_monitor:
      vdom: "root"
      # access_token: 9pmdrpsx0zpzQdx98pty3Nk1Q66s4m
      selector: 'upgrade.system.firmware'
      params:
        source: "upload" # "fortiguard"  
        # filename: 07004000FIMG0012004003  # 07004000FIMG0012004003 is ID for v7.4.3,build2573
        file_content: "{{ lookup( 'file', 'FGT_VM64-v7.4.0.F-build2360-FORTINET.out') | string | b64encode }}"

Thanks, Maxx

[chr00ted]

Thanks again @MaxxLiu22 , after some digging I found the ID list by running the following on my fortigate cli: diag fdsm image-upgrade-matrix

[chr00ted]

Big THANK YOU to @MaxxLiu22!!! Below is my final playbook which pulls the firmware from fortiguard. Prior to running this playbook I would need to run the following on any fortigate cli to gather the ID for the file to download:

diag fdsm image-upgrade-matrix

Then throw that ID in the filename of the playbook below. The following playbook would upgrade Fortigates to 7.2.7M

• hosts: all connection: httpapi gather_facts: no vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 446 ansible_network_os: fortinet.fortios.fortios tasks:
  • name: Upgrade Firmware fortinet.fortios.fortios_monitor: vdom: "{{ vdom }}" selector: 'upgrade.system.firmware' params: source: fortiguard filename: 07002000FIMG0023802007