Run Your First Playbook

This document explains how to run your first FortiSwitch Ansible playbook.

With FortiSwitch Galaxy collection, you are always recommended to run FortiSwitch module in httpapi manner. The first step is to prepare your host inventory with which you can use ansible-vault to encrypt or decrypt your secrets for the sake of confidentiality.

Prepare host inventory

in our case we create a file named hosts:

fortiswitch01 ansible_host= ansible_user="admin" ansible_password="password"
fortiswitch02 ansible_host= ansible_user="admin" ansible_password="password"


Write the playbook

in the example: test.yml we are going to modify the fortiSwitch configurations. device’s hostname:

- hosts: fortiswitch01
  - fortinet.fortiswitch
  connection: httpapi
  gather_facts: 'no'
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  - name: Only https allow access to the device.
      state: present
        name: internal
        vdom: root
          - https
          - http
          - ssh
          - ping

there are several options which might need you special care:

  • connection : httpapi is preferred.

  • collections : The namespace must be fortinet.fortiswitch

  • ansible_httpapi_use_ssl and ansible_httpapi_port: by default when your fortiSwitch device is licensed, the https is enabled.

Run the playbook

ansible-playbook -i hosts test.yml

you can also observe the verbose output by adding option at the tail: -vvv.