def exec_command(ctx, command, fortinet_host_ip):
ctx.logger.info('Open connection to host {0} '.format(fortinet_host_ip))
conn = FortiOS(fortinet_host_ip, username=forti_username, password=forti_password)
conn.open()
ctx.logger.info("Execute Command >> \n {0}".format(command))
conn.execute_command(command)
conn.close()
def exec_command(ctx, command, fortinet_host_ip):
ctx.logger.info('Open connection to host {0} '.format(fortinet_host_ip))
conn = FortiOS(fortinet_host_ip, username=forti_username, password=forti_password)
conn.open()
ctx.logger.info("Execute Command >> \n {0}".format(command))
conn.execute_command(command)
conn.close()
def set_port(ctx, fortinet_host_ip, target_ip, port_id, port_alias):
ctx.logger.info('Configure fw port ....')
ctx.logger.info('Open connection to host {0} '.format(fortinet_host_ip))
conn = FortiOS(fortinet_host_ip,
username=forti_username,
password=forti_password)
conn.open()
command = \
'config system interface\n' \
' edit port%s\n' \
' set mode static\n' \
' set allowaccess ping\n' \
' set alias %s\n' \
' set ip %s %s\n' \
' next\n' \
'end' % (port_id, port_alias, target_ip, portMask)
ctx.logger.info(">>:\n {0}".format(command))
conn.execute_command(command)
conn.close()
def set_policy(ctx, fortinet_host_ip):
ctx.logger.info('Open connection to host {0} '.format(fortinet_host_ip))
conn = FortiOS(fortinet_host_ip,
username=forti_username,
password=forti_password)
conn.open()
command = \
'config firewall policy\n' \
' edit 1\n' \
' set srcintf \"any\"\n' \
' set dstintf \"any\"\n' \
' set srcaddr \"all\"\n' \
' set dstaddr \"all\"\n' \
' set action accept\n' \
' set schedule \"always\"\n' \
' set service \"ALL\"\n' \
' next\n' \
'end'
ctx.logger.info(">>:\n {0}".format(command))
conn.execute_command(command)
conn.close()
#!/usr/bin/env python
# Gets the entire config and prints it
from pyFG import FortiOS
import sys
if __name__ == '__main__':
hostname = sys.argv[1]
d = FortiOS(hostname, vdom='vpn')
d.open()
d.load_config('router bgp')
d.close()
print d.running_config.to_text()
class AnsibleFortios(object):
def __init__(self, module):
if not HAS_PYFG:
module.fail_json(
msg=
'Could not import the python library pyFG required by this module'
)
self.result = {
'changed': False,
}
self.module = module
def _connect(self):
if self.module.params['file_mode']:
self.forti_device = FortiOS('')
else:
host = self.module.params['host']
username = self.module.params['username']
password = self.module.params['password']
timeout = self.module.params['timeout']
vdom = self.module.params['vdom']
self.forti_device = FortiOS(host,
username=username,
password=password,
timeout=timeout,
vdom=vdom)
try:
self.forti_device.open()
except Exception as e:
self.module.fail_json(msg='Error connecting device. %s' %
to_text(e),
exception=traceback.format_exc())
def load_config(self, path):
self.path = path
self._connect()
# load in file_mode
if self.module.params['file_mode']:
try:
f = open(self.module.params['config_file'], 'r')
running = f.read()
f.close()
except IOError as e:
self.module.fail_json(
msg='Error reading configuration file. %s' % to_text(e),
exception=traceback.format_exc())
self.forti_device.load_config(config_text=running, path=path)
else:
# get config
try:
self.forti_device.load_config(path=path)
except Exception as e:
self.forti_device.close()
self.module.fail_json(msg='Error reading running config. %s' %
to_text(e),
exception=traceback.format_exc())
# set configs in object
self.result[
'running_config'] = self.forti_device.running_config.to_text()
self.candidate_config = self.forti_device.candidate_config
# backup if needed
if self.module.params['backup']:
backup(self.module, self.forti_device.running_config.to_text())
def apply_changes(self):
change_string = self.forti_device.compare_config()
if change_string:
self.result['change_string'] = change_string
self.result['changed'] = True
# Commit if not check mode
if change_string and not self.module.check_mode:
if self.module.params['file_mode']:
try:
f = open(self.module.params['config_file'], 'w')
f.write(self.candidate_config.to_text())
f.close()
except IOError as e:
self.module.fail_json(
msg='Error writing configuration file. %s' %
to_text(e),
exception=traceback.format_exc())
else:
try:
self.forti_device.commit()
except FailedCommit as e:
# Something's wrong (rollback is automatic)
self.forti_device.close()
error_list = self.get_error_infos(e)
self.module.fail_json(
msg_error_list=error_list,
msg=
"Unable to commit change, check your args, the error was %s"
% e.message)
self.forti_device.close()
self.module.exit_json(**self.result)
def del_block(self, block_id):
self.forti_device.candidate_config[self.path].del_block(block_id)
def add_block(self, block_id, block):
self.forti_device.candidate_config[self.path][block_id] = block
def get_error_infos(self, cli_errors):
error_list = []
for errors in cli_errors.args:
for error in errors:
error_code = error[0]
error_string = error[1]
error_type = fortios_error_codes.get(error_code, "unknown")
error_list.append(
dict(error_code=error_code,
error_type=error_type,
error_string=error_string))
return error_list
def get_empty_configuration_block(self, block_name, block_type):
return FortiConfig(block_name, block_type)
#!/usr/bin/env python
# Gets the router bgp config and prints it
from pyFG import FortiOS
import sys
if __name__ == "__main__":
hostname = sys.argv[1]
d = FortiOS(hostname, vdom="vpn")
d.open()
d.load_config("router bgp")
d.close()
for neighbor, config in d.running_config["router bgp"]["neighbor"].iterblocks():
print neighbor
print " AS: %s" % config.get_param("remote-as")
print " route-map-out: %s" % config.get_param("route-map-out")
print " route-map-in: %s" % config.get_param("route-map-in")
