Run Your First Playbook
This document explains how to run your first FortiSwitch Ansible playbook.
With FortiSwitch Galaxy collection, you are always recommended to run
FortiSwitch module in httpapi manner. The first step is to prepare your
host inventory with which you can use ansible-vault to encrypt or
decrypt your secrets for the sake of confidentiality.
Prepare host inventory
in our case we create a file named hosts:
[fortiswitches]
fortiswitch01 ansible_host=192.168.190.130 ansible_user="admin" ansible_password="password"
fortiswitch02 ansible_host=192.168.190.131 ansible_user="admin" ansible_password="password"
[fortiswitches:vars]
ansible_network_os=fortinet.fortiswitch.fortiswitch
Write the playbook
in the example: test.yml we are going to modify the fortiSwitch configurations.
device’s hostname:
- hosts: fortiswitch01
collections:
- fortinet.fortiswitch
connection: httpapi
gather_facts: 'no'
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Only https allow access to the device.
fortiswitch_system_interface:
state: present
system_interface:
name: internal
vdom: root
allowaccess:
- https
- http
- ssh
- ping
there are several options which might need you special care:
connection :
httpapiis preferred.collections : The namespace must be
fortinet.fortiswitchansible_httpapi_use_ssl and ansible_httpapi_port: by default when your fortiSwitch device is licensed, the https is enabled.
Run the playbook
ansible-playbook -i hosts test.yml
you can also observe the verbose output by adding option at the tail:
-vvv.