Question on fortinet.fortios.fortios_export_config_playbook

[chr00ted]

I have a good config on a firewall that I would like to push out to similar model firewalls. We are currently uploading a backup config and editing after the config is applied. I saw fortinet.fortios.fortios_export_config_playbook , is there a way for it to create plays for all selectors? I tried generic:

`

• name: Will generate the playbooks for each selector/module. fortinet.fortios.fortios_export_config_playbook: selectors:
  • selector: system_vdom
  • selector: system.snmp_user
  • selector: ips_custom output_path: "/scratch" `

Playbooks were generated with no details though. Any help would be appreciated.

[MaxxLiu22]

Hi @chr00ted ,

Thank you for your question. At the moment, we don't have a feature to export all selectors at once, but I've compiled all the selectors for you here. While it is possible to write a loop to download these playbooks, please note that not all selectors are supported in your FOS version. This may cause some tasks to fail if they are not compatible with your system.

Regarding your concern about playbooks being generated with no details, could you clarify if the playbooks appear empty? In my setup, your script successfully exported the content. May I kindly ask which FOS version you are using? Also, please ensure that there is a configuration present in your specified path.

  tasks:
    - name: Read the JSON file
      set_fact:
        selectors: "{{ lookup('file', 'selectors.json') | from_json }}"
    - name: Will generate the playbooks for each selector/module.
      fortinet.fortios.fortios_export_config_playbook:
        selectors:
        - selector: "{{item}}"
        output_path: "./"
      loop: "{{ selectors }}"

Thanks, Maxx

[chr00ted]

Once again thanks @MaxxLiu22. Most of my firewalls are v7.2.7 build1577, but the firewall I'm currently testing against is: v7.0.15 build7334. Maybe I'm confused, I was thinking I run this playbook against a configured firewall and it will pull down its configuration and build plays off its configuration. but all I see in my directory are plays that show nothing other than: `- hosts: fortigates collections:

• fortinet.fortios connection: httpapi gather_facts: 'no' vars: vdom: root ansible_httpapi_use_ssl: 'true' ansible_httpapi_validate_certs: 'false' ansible_httpapi_port: 443 tasks: []`

[chr00ted]

@MaxxLiu22 , that works really well, thank you! One question, the plays it creates have it using a specific host group and 443 for the port. Is there a way I can have it change these?

[chr00ted]

@MaxxLiu22 , just circling back on this, is there a way to customize the exported playbook like change the SSL port (We are not using 443) as well as the group name?

[MaxxLiu22]

Hi @chr00ted ,

Thank you for bringing this to our attention. It appears that if invalid host information is provided, the task still shows as successful and returns an empty result. This might be the issue you've encountered before. We will work on improving this by ensuring that a warning is raised instead of showing a success message. As for the customized arguments, we currently have the template hardcoded, but our development team will be making enhancements to offer a more flexible exported playbook. Thank you for your valuable suggestions,

Thanks, Maxx

[chr00ted]

Thank you for your response @MaxxLiu22! Going to close this out for now ;)