fortios_router_ospf – Configure OSPF in Fortinet’s FortiOS and FortiGate.

New in version 2.0.0.

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and ospf category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.14

Tips

Using member operation to add an element to an existing object.

FortiOS Version Compatibility


Supported Version Ranges
fortios_router_ospf v6.0.0 -> latest

Parameters

  • access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
  • enable_log - Enable/Disable logging for task. type: bool required: false default: False
  • vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
  • member_path - Member attribute path to operate on. type: str
  • member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
  • router_ospf - Configure OSPF. type: dict more...
    • abr_type - Area border router type. type: str choices: cisco, ibm, shortcut, standard more...
    • area - OSPF area configuration. type: list member_path: area:id more...
      • authentication - Authentication type. type: str choices: none, text, message-digest, md5 more...
      • comments - Comment. type: str more...
      • default_cost - Summary default cost of stub or NSSA area. type: int more...
      • filter_list - OSPF area filter-list configuration. type: list member_path: area:id/filter_list:id more...
        • direction - Direction. type: str choices: in, out more...
        • id - Filter list entry ID. see Notes. type: int required: true more...
        • list - Access-list or prefix-list name. Source router.access-list.name router.prefix-list.name. type: str more...
      • id - Area entry IP address. type: str required: true more...
      • nssa_default_information_originate - Redistribute, advertise, or do not originate Type-7 default route into NSSA area. type: str choices: enable, always, disable more...
      • nssa_default_information_originate_metric - OSPF default metric. type: int more...
      • nssa_default_information_originate_metric_type - OSPF metric type for default routes. type: str choices: 1, 2 more...
      • nssa_redistribution - Enable/disable redistribute into NSSA area. type: str choices: enable, disable more...
      • nssa_translator_role - NSSA translator role type. type: str choices: candidate, never, always more...
      • range - OSPF area range configuration. type: list member_path: area:id/range:id more...
        • advertise - Enable/disable advertise status. type: str choices: disable, enable more...
        • id - Range entry ID. see Notes. type: int required: true more...
        • prefix - Prefix. type: str more...
        • substitute - Substitute prefix. type: str more...
        • substitute_status - Enable/disable substitute status. type: str choices: enable, disable more...
      • shortcut - Enable/disable shortcut option. type: str choices: disable, enable, default more...
      • stub_type - Stub summary setting. type: str choices: no-summary, summary more...
      • type - Area type setting. type: str choices: regular, nssa, stub more...
      • virtual_link - OSPF virtual link configuration. type: list member_path: area:id/virtual_link:name more...
        • authentication - Authentication type. type: str choices: none, text, message-digest, md5 more...
        • authentication_key - Authentication key. type: str more...
        • dead_interval - Dead interval. type: int more...
        • hello_interval - Hello interval. type: int more...
        • keychain - Message-digest key-chain name. Source router.key-chain.name. type: str more...
        • md5_key - MD5 key. type: str more...
        • md5_keychain - Authentication MD5 key-chain name. Source router.key-chain.name. type: str more...
        • md5_keys - MD5 key. type: list member_path: area:id/virtual_link:name/md5_keys:id more...
          • id - Key ID (1 - 255). see Notes. type: int required: true more...
          • key_string - Password for the key. type: str more...
        • name - Virtual link entry name. type: str required: true more...
        • peer - Peer IP. type: str more...
        • retransmit_interval - Retransmit interval. type: int more...
        • transmit_delay - Transmit delay. type: int more...
    • auto_cost_ref_bandwidth - Reference bandwidth in terms of megabits per second. type: int more...
    • bfd - Bidirectional Forwarding Detection (BFD). type: str choices: enable, disable more...
    • database_overflow - Enable/disable database overflow. type: str choices: enable, disable more...
    • database_overflow_max_lsas - Database overflow maximum LSAs. type: int more...
    • database_overflow_time_to_recover - Database overflow time to recover (sec). type: int more...
    • default_information_metric - Default information metric. type: int more...
    • default_information_metric_type - Default information metric type. type: str choices: 1, 2 more...
    • default_information_originate - Enable/disable generation of default route. type: str choices: enable, always, disable more...
    • default_information_route_map - Default information route map. Source router.route-map.name. type: str more...
    • default_metric - Default metric of redistribute routes. type: int more...
    • distance - Distance of the route. type: int more...
    • distance_external - Administrative external distance. type: int more...
    • distance_inter_area - Administrative inter-area distance. type: int more...
    • distance_intra_area - Administrative intra-area distance. type: int more...
    • distribute_list - Distribute list configuration. type: list member_path: distribute_list:id more...
      • access_list - Access list name. Source router.access-list.name. type: str more...
      • id - Distribute list entry ID. see Notes. type: int required: true more...
      • protocol - Protocol type. type: str choices: connected, static, rip more...
    • distribute_list_in - Filter incoming routes. Source router.access-list.name router.prefix-list.name. type: str more...
    • distribute_route_map_in - Filter incoming external routes by route-map. Source router.route-map.name. type: str more...
    • log_neighbour_changes - Log of OSPF neighbor changes. type: str choices: enable, disable more...
    • neighbor - OSPF neighbor configuration are used when OSPF runs on non-broadcast media. type: list member_path: neighbor:id more...
      • cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int more...
      • id - Neighbor entry ID. see Notes. type: int required: true more...
      • ip - Interface IP address of the neighbor. type: str more...
      • poll_interval - Poll interval time in seconds. type: int more...
      • priority - Priority. type: int more...
    • network - OSPF network configuration. type: list member_path: network:id more...
      • area - Attach the network to area. type: str more...
      • comments - Comment. type: str more...
      • id - Network entry ID. see Notes. type: int required: true more...
      • prefix - Prefix. type: str more...
    • ospf_interface - OSPF interface configuration. type: list member_path: ospf_interface:name more...
      • authentication - Authentication type. type: str choices: none, text, message-digest, md5 more...
      • authentication_key - Authentication key. type: str more...
      • bfd - Bidirectional Forwarding Detection (BFD). type: str choices: global, enable, disable more...
      • comments - Comment. type: str more...
      • cost - Cost of the interface, value range from 0 to 65535, 0 means auto-cost. type: int more...
      • database_filter_out - Enable/disable control of flooding out LSAs. type: str choices: enable, disable more...
      • dead_interval - Dead interval. type: int more...
      • hello_interval - Hello interval. type: int more...
      • hello_multiplier - Number of hello packets within dead interval. type: int more...
      • interface - Configuration interface name. Source system.interface.name. type: str more...
      • ip - IP address. type: str more...
      • keychain - Message-digest key-chain name. Source router.key-chain.name. type: str more...
      • md5_key - MD5 key. type: str more...
      • md5_keychain - Authentication MD5 key-chain name. Source router.key-chain.name. type: str more...
      • md5_keys - MD5 key. type: list member_path: ospf_interface:name/md5_keys:id more...
        • id - Key ID (1 - 255). see Notes. type: int required: true more...
        • key_string - Password for the key. type: str more...
      • mtu - MTU for database description packets. type: int more...
      • mtu_ignore - Enable/disable ignore MTU. type: str choices: enable, disable more...
      • name - Interface entry name. type: str required: true more...
      • network_type - Network type. type: str choices: broadcast, non-broadcast, point-to-point, point-to-multipoint, point-to-multipoint-non-broadcast more...
      • prefix_length - Prefix length. type: int more...
      • priority - Priority. type: int more...
      • resync_timeout - Graceful restart neighbor resynchronization timeout. type: int more...
      • retransmit_interval - Retransmit interval. type: int more...
      • status - Enable/disable status. type: str choices: disable, enable more...
      • transmit_delay - Transmit delay. type: int more...
    • passive_interface - Passive interface configuration. type: list member_path: passive_interface:name more...
      • name - Passive interface name. Source system.interface.name. type: str required: true more...
    • redistribute - Redistribute configuration. type: list member_path: redistribute:name more...
      • metric - Redistribute metric setting. type: int more...
      • metric_type - Metric type. type: str choices: 1, 2 more...
      • name - Redistribute name. type: str required: true more...
      • routemap - Route map name. Source router.route-map.name. type: str more...
      • status - Status. type: str choices: enable, disable more...
      • tag - Tag value. type: int more...
    • restart_mode - OSPF restart mode (graceful or LLS). type: str choices: none, lls, graceful-restart more...
    • restart_on_topology_change - Enable/disable continuing graceful restart upon topology change. type: str choices: enable, disable more...
    • restart_period - Graceful restart period. type: int more...
    • rfc1583_compatible - Enable/disable RFC1583 compatibility. type: str choices: enable, disable more...
    • router_id - Router ID. type: str more...
    • spf_timers - SPF calculation frequency. type: str more...
    • summary_address - IP address summary configuration. type: list member_path: summary_address:id more...
      • advertise - Enable/disable advertise status. type: str choices: disable, enable more...
      • id - Summary address entry ID. see Notes. type: int required: true more...
      • prefix - Prefix. type: str more...
      • tag - Tag value. type: int more...

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- name: Configure OSPF.
  fortinet.fortios.fortios_router_ospf:
      vdom: "{{ vdom }}"
      router_ospf:
          abr_type: "cisco"
          area:
              -
                  authentication: "none"
                  comments: "<your_own_value>"
                  default_cost: "10"
                  filter_list:
                      -
                          direction: "in"
                          id: "10"
                          list: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
                  id: "12"
                  nssa_default_information_originate: "enable"
                  nssa_default_information_originate_metric: "10"
                  nssa_default_information_originate_metric_type: "1"
                  nssa_redistribution: "enable"
                  nssa_translator_role: "candidate"
                  range:
                      -
                          advertise: "disable"
                          id: "20"
                          prefix: "<your_own_value>"
                          substitute: "<your_own_value>"
                          substitute_status: "enable"
                  shortcut: "disable"
                  stub_type: "no-summary"
                  type: "regular"
                  virtual_link:
                      -
                          authentication: "none"
                          authentication_key: "<your_own_value>"
                          dead_interval: "40"
                          hello_interval: "10"
                          keychain: "<your_own_value> (source router.key-chain.name)"
                          md5_key: "<your_own_value>"
                          md5_keychain: "<your_own_value> (source router.key-chain.name)"
                          md5_keys:
                              -
                                  id: "36"
                                  key_string: "<your_own_value>"
                          name: "default_name_38"
                          peer: "<your_own_value>"
                          retransmit_interval: "5"
                          transmit_delay: "1"
          auto_cost_ref_bandwidth: "1000"
          bfd: "enable"
          database_overflow: "enable"
          database_overflow_max_lsas: "10000"
          database_overflow_time_to_recover: "300"
          default_information_metric: "10"
          default_information_metric_type: "1"
          default_information_originate: "enable"
          default_information_route_map: "<your_own_value> (source router.route-map.name)"
          default_metric: "10"
          distance: "110"
          distance_external: "110"
          distance_inter_area: "110"
          distance_intra_area: "110"
          distribute_list:
              -
                  access_list: "<your_own_value> (source router.access-list.name)"
                  id: "58"
                  protocol: "connected"
          distribute_list_in: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
          distribute_route_map_in: "<your_own_value> (source router.route-map.name)"
          log_neighbour_changes: "enable"
          neighbor:
              -
                  cost: "0"
                  id: "65"
                  ip: "<your_own_value>"
                  poll_interval: "10"
                  priority: "1"
          network:
              -
                  area: "<your_own_value>"
                  comments: "<your_own_value>"
                  id: "72"
                  prefix: "<your_own_value>"
          ospf_interface:
              -
                  authentication: "none"
                  authentication_key: "<your_own_value>"
                  bfd: "global"
                  comments: "<your_own_value>"
                  cost: "0"
                  database_filter_out: "enable"
                  dead_interval: "0"
                  hello_interval: "0"
                  hello_multiplier: "0"
                  interface: "<your_own_value> (source system.interface.name)"
                  ip: "<your_own_value>"
                  keychain: "<your_own_value> (source router.key-chain.name)"
                  md5_key: "<your_own_value>"
                  md5_keychain: "<your_own_value> (source router.key-chain.name)"
                  md5_keys:
                      -
                          id: "90"
                          key_string: "<your_own_value>"
                  mtu: "0"
                  mtu_ignore: "enable"
                  name: "default_name_94"
                  network_type: "broadcast"
                  prefix_length: "0"
                  priority: "1"
                  resync_timeout: "40"
                  retransmit_interval: "5"
                  status: "disable"
                  transmit_delay: "1"
          passive_interface:
              -
                  name: "default_name_103 (source system.interface.name)"
          redistribute:
              -
                  metric: "0"
                  metric_type: "1"
                  name: "default_name_107"
                  routemap: "<your_own_value> (source router.route-map.name)"
                  status: "enable"
                  tag: "0"
          restart_mode: "none"
          restart_on_topology_change: "enable"
          restart_period: "120"
          rfc1583_compatible: "enable"
          router_id: "<your_own_value>"
          spf_timers: "<your_own_value>"
          summary_address:
              -
                  advertise: "disable"
                  id: "119"
                  prefix: "<your_own_value>"
                  tag: "0"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • build - Build number of the fortigate image returned: always type: str sample: 1547
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
  • status - Indication of the operation's result returned: always type: str sample: success
  • vdom - Virtual domain used returned: always type: str sample: root
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.