fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue?
chr00ted opened this issue · comments
Once again, thank you for fortios ansible collection! I'm sure this is operator error, hoping you can point me in the right direction. In my playbook I'm telling the firewall to download the update from fortinet (like I would in the GUI). What am I misssing?
I'm using the following playbook:
`---
- hosts: all
connection: httpapi
gather_facts: no
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
ansible_network_os: fortinet.fortios.fortios
tasks:- name: Upgrade Firmware
fortinet.fortios.fortios_monitor:
vdom: "{{ vdom }}"
selector: 'upgrade.system.firmware'
params:
source: fortiguard
filename: v7.2.7`
- name: Upgrade Firmware
When it runs, it shows successful, but when I look at the actual debug, I'm seeing:
"changed": false,
"meta": {
"http_method": "POST",
**"results": {
"status": "error",
"error": {
"message": "download_failed"**
}
},
"vdom": "root",
"path": "system",
"name": "firmware",
"action": "upgrade",
"status": "success",
"serial": "FG100FTK2323456",
"version": "v7.2.6",
"build": 1575
},
"invocation": {
"module_args": {
"vdom": "root",
"selector": "upgrade.system.firmware",
"params": {
"source": "fortiguard",
"filename": "v7.2.7"
},
"enable_log": false,
"access_token": null
}
},
I have even tried: filename: FGT_100F-v7.2.7.M-build1577-FORTINET.out in my playbook with the same results.
Hi @chr00ted ,
Thank you for raising this question, The file name
would be set as ID from FortiGuard available firmware that is different from the version number we usually see, but I don't find all the mapping data, here 07004000FIMG0012004003
stands for v7.4.3,build2573
, you may save firmware file to local and upload it your FGT to switch versions, let me know if that doesn't satisfy your need.
- name: "Upgrade Firmware"
register: result
fortios_monitor:
vdom: "root"
# access_token: 9pmdrpsx0zpzQdx98pty3Nk1Q66s4m
selector: 'upgrade.system.firmware'
params:
source: "upload" # "fortiguard"
# filename: 07004000FIMG0012004003 # 07004000FIMG0012004003 is ID for v7.4.3,build2573
file_content: "{{ lookup( 'file', 'FGT_VM64-v7.4.0.F-build2360-FORTINET.out') | string | b64encode }}"
Thanks,
Maxx
Thanks again @MaxxLiu22 , after some digging I found the ID list by running the following on my fortigate cli:
diag fdsm image-upgrade-matrix
Big THANK YOU to @MaxxLiu22!!! Below is my final playbook which pulls the firmware from fortiguard. Prior to running this playbook I would need to run the following on any fortigate cli to gather the ID for the file to download:
diag fdsm image-upgrade-matrix
Then throw that ID in the filename of the playbook below. The following playbook would upgrade Fortigates to 7.2.7M
- hosts: all
connection: httpapi
gather_facts: no
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 446
ansible_network_os: fortinet.fortios.fortios
tasks:- name: Upgrade Firmware
fortinet.fortios.fortios_monitor:
vdom: "{{ vdom }}"
selector: 'upgrade.system.firmware'
params:
source: fortiguard
filename: 07002000FIMG0023802007
- name: Upgrade Firmware