What I do is go to my ansible account dir and cd to .ssh
you should have a pub key that ends in id_rsa.pub . copy that pub key and paste it in with " " strings for the ansible user.
e.g config system admin edit "ansible" set accprofile "super_admin" set vdom "root" set ssh-public-key1 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgqzF+K7qevH8xe9LQyiuSD794R1mmzVNAe8BfiREx3MXYgR+6gbskKwgQ7SoyS66Zw32qoojasFVwPipmU1j3NYch8ErCa3n2EgO4LLw8Y08aG8RdOhz0ZEa0NetjS7C7vScEBRmVPQitF0TpYaYVGpCirsPLHMZl9zfMMDDYzlA+PiuENUULY0wEKAH0xD1zLRWNtdAI/nFzEeOIUBCQNkbmNhip4d5FGiDMzbWof522hA3WG9IzS8XLm85H48it3NwgwK6g8vzSw1sAbxriQDn5N3tfG8+c3LukZzXJZ086TQuRCh28tnPH1FCWcgHsR3eiDgOi6UcSbNOsYbOj firstname.lastname@example.org" set password ENC SH23eab+MFSXJSuzKbTOGTRppllTNqklpULhers2FWVWbGXZ99vXQv1kyKIA1E= nextend
Now if you ssh from the control_node you should gain access.
now run your playbook but callout debug
ansible-playbook --syntax <youplaybooknamed.yml>
ansible-playbook --check <youplaybooknamed.yml>
ANSIBLE_DEBUG=1 ansible-playbook <youplaybooknamed.yml>
If you are a success, the "get system admin list
" will show your control_node logged in. Another trick that we do which simple is to make API calls but we use ansible plays to gather status. We run this off a linux host in the org that grab the status. This is how we test ansible using the uri module, check that the fortigate is up, and connectivity to the fgt.
I would do something like that if you want to test ansible before calling up the fortios specific modules.
post edited by emnoc - 2020/11/13 13:40:50