Search code examples
ansiblefortigate

Ansible: 'fortios_monitor' module "error": { "code": -586, "message": "-586" }

I'm currently attempting to upgrade a FortiGate-60F firewall using fortios_monitor module which is part of the 'fortinet.fortios' collection and as described in FortiOS Collection Issue #107. The current version of the firewall is v6.4.6 build1879.

The problem is that after running the playbook it returns that it was successful but when I check the firmware on the firewall wasn't upgraded. After checking the output in verbose I found that it did in fact make a connection to the firewall and retrieved info of the firewall but it also returned this error message:

"error": { "code": -586, "message": "-586" }.

I've looked through the documentation of the module I'm using and tried searching the error code but I came up short.

My main questions:

  • What do these errors mean?
  • How can I get it to actually perform the upgrade?

My playbook:

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  gather_facts: "False"

  vars:

    vdom: "root"
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no
    ansible_httpapi_port: 443

  tasks:

  - name: Upgrade firmware 
    fortinet.fortios.fortios_monitor:
      vdom: "{{ vdom }}"
      selector: 'upgrade.system.firmware'
      params:
        source: "upload"
        filename: 'FGT_60F-v6-build1911-FORTINET.out'
        file_content: x"{{ lookup( 'file', './FGT_60F-v6-build1911-FORTINET.out') | string | b64encode }}"

I was expecting for it authenticate then perform the upgrade on the device. Instead when I run my playbook in verbose it returns this output:

"filename": "FGT_60F-v6-build1911-FORTINET.out",
                "source": "upload"
            },
            "selector": "upgrade.system.firmware",
            "vdom": "root"
        }
    },
    "meta": {
        "action": "upgrade",
        "build": 1879,
        "http_method": "POST",
        "name": "firmware",
        "path": "system",
        "results": {
            "error": {
                "code": -586,
                "message": "-586"
            },
            "status": "error"
        },
        "serial": "FGT60FKT1290VA4B",
        "status": "success",
        "vdom": "root",
        "version": "v6.4.6"

What I got from this output was that it successfully made a connection and retrieved some info from the device but didn't upgrade the firmware, and you can see the firmware hasn't changed.

Solution

  • I realised that it was trying to perform the upgrade without the firmware image which resulted in the error. So after looking through the selectors in the fortios_monitor module, I found 'upload.wifi.firmware' which uploads the firmware to the firewall:

    - name: Upload firmware image
    fortinet.fortios.fortios_monitor:
      selector: 'upload.wifi.firmware'
      vdom: "{{ vdom }}"
      params: 
        serials: '{{ serial_number_of_firewall }}'
        file_content: "{{ lookup( 'file', './FGT_60F-v6-build1911-FORTINET.out') | string | b64encode }}"

    After adding the above task to my code I was able to send the firmware image to the firewall and successfully automate the upgrade of the firewall.