fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue?

Question

fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue?

chr00ted opened this issue 5 months ago · comments

Once again, thank you for fortios ansible collection! I'm sure this is operator error, hoping you can point me in the right direction. In my playbook I'm telling the firewall to download the update from fortinet (like I would in the GUI). What am I misssing?

I'm using the following playbook:

`---

hosts: all
connection: httpapi
gather_facts: no
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
ansible_network_os: fortinet.fortios.fortios
tasks:
- name: Upgrade Firmware
  fortinet.fortios.fortios_monitor:
  vdom: "{{ vdom }}"
  selector: 'upgrade.system.firmware'
  params:
  source: fortiguard
  filename: v7.2.7`

When it runs, it shows successful, but when I look at the actual debug, I'm seeing:

"changed": false,
"meta": {
"http_method": "POST",
**"results": {
"status": "error",
"error": {
"message": "download_failed"**
}
},
"vdom": "root",
"path": "system",
"name": "firmware",
"action": "upgrade",
"status": "success",
"serial": "FG100FTK2323456",
"version": "v7.2.6",
"build": 1575
},
"invocation": {
"module_args": {
"vdom": "root",
"selector": "upgrade.system.firmware",
"params": {
"source": "fortiguard",
"filename": "v7.2.7"
},
"enable_log": false,
"access_token": null
}
},

I have even tried: filename: FGT_100F-v7.2.7.M-build1577-FORTINET.out in my playbook with the same results.

Liang_FTNT · Answer 1 · Thu Feb 15 2024 10:06:20 GMT+0800 (China Standard Time)

Hi @chr00ted ,

Thank you for raising this question, The file name would be set as ID from FortiGuard available firmware that is different from the version number we usually see, but I don't find all the mapping data, here 07004000FIMG0012004003 stands for v7.4.3,build2573, you may save firmware file to local and upload it your FGT to switch versions, let me know if that doesn't satisfy your need.

  - name: "Upgrade Firmware"
    register: result
    fortios_monitor:
      vdom: "root"
      # access_token: 9pmdrpsx0zpzQdx98pty3Nk1Q66s4m
      selector: 'upgrade.system.firmware'
      params:
        source: "upload" # "fortiguard"  
        # filename: 07004000FIMG0012004003  # 07004000FIMG0012004003 is ID for v7.4.3,build2573
        file_content: "{{ lookup( 'file', 'FGT_VM64-v7.4.0.F-build2360-FORTINET.out') | string | b64encode }}"

Thanks,
Maxx

chr00ted · Answer 2 · Thu Feb 15 2024 10:22:35 GMT+0800 (China Standard Time)

Thanks again @MaxxLiu22 , after some digging I found the ID list by running the following on my fortigate cli:
diag fdsm image-upgrade-matrix

chr00ted · Answer 3 · Thu Feb 15 2024 10:34:17 GMT+0800 (China Standard Time)

Big THANK YOU to @MaxxLiu22!!! Below is my final playbook which pulls the firmware from fortiguard. Prior to running this playbook I would need to run the following on any fortigate cli to gather the ID for the file to download:

diag fdsm image-upgrade-matrix

Then throw that ID in the filename of the playbook below. The following playbook would upgrade Fortigates to 7.2.7M

hosts: all
connection: httpapi
gather_facts: no
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 446
ansible_network_os: fortinet.fortios.fortios
tasks:
- name: Upgrade Firmware
  fortinet.fortios.fortios_monitor:
  vdom: "{{ vdom }}"
  selector: 'upgrade.system.firmware'
  params:
  source: fortiguard
  filename: 07002000FIMG0023802007