fwebos_ha.py – Config FortiWeb HA options

New in version 1.0.1.

Synopsis

Config FortiWeb HA options

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.11

FortiWeb Version Compatibility


v7.0.x v7.2.x v7.4.x v7.6.x
fwebos_ha.py yes yes yes yes

Parameters

  • body Possible parameters to go in the body for the request required: True
    • mode mode type:string choice: active-passive, active-active-standard, active-active-high-volume, standalone,
    • group-id group id, range 0-63 type:integer maximum:63 minimum:0
    • group-name group name type:string maxLength:19
    • priority priority value, range 0-9 type:integer maximum:9 minimum:0
    • override master HA unit overriding type:string choice: enable, disable,
    • network-type The network on which heartbeat and sync are based type:string choice: flat, udp-tunnel,
    • tunnel-local Local IPv4 address for HA tunnel type:string maxLength:15
    • tunnel-peer Peers IPv4 address for HA tunnel type:string maxLength:15
    • hbdev heartbeat interfaces type:string
    • hbdev-backup backup heartbeat interfaces type:string
    • boot-time boot time for Heartbeat, rang 1-100 (s) type:integer maximum:100 minimum:1
    • hb-interval heartbeat interval, range 1-20 (100ms) type:integer maximum:20 minimum:1
    • hb-lost-threshold heartbeat threshold for failed, range 1-60 type:integer maximum:60 minimum:1
    • arps gratuitous ARP or neighbour solicitation, range 1-16 type:integer maximum:16 minimum:1
    • arp-interval ARP/NS interval, range 1-20 type:integer maximum:20 minimum:1
    • monitor interfaces to monitor type:string
    • key 16 hex number for HA type:string format:password
    • lacp-ha-slave enable/disable type:string choice: enable, disable,
    • ha-mgmt-status enable/disable manager port type:string choice: enable, disable,
    • ha-mgmt-interface manager port interface type:string
    • session-pickup enable/disable session sync type:string choice: enable, disable,
    • session-sync-dev session sync interfaces type:string
    • session-sync-broadcast enable/disable session sync broadcast type:string choice: enable, disable,
    • session-warm-up session warm-up time, range 5-120(s) type:integer maximum:120 minimum:5
    • schedule schedule type:string choice: ip, round-robin, leastconnection,
    • weight-1 weight for No.1 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • weight-2 weight for No.2 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • weight-3 weight for No.3 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • weight-4 weight for No.4 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • weight-5 weight for No.5 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • weight-6 weight for No.6 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • weight-7 weight for No.7 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • weight-8 weight for No.8 unit in Source IP schedule, range 0-255 type:integer maximum:255 minimum:0
    • link-failed-signal enable/disable link failed signal type:string choice: enable, disable,
    • l7-persistence-sync enable/disable persistence sync type:string choice: enable, disable,
    • eip-addr The Elastic IP address type:string format:ipv4
    • eip-aid The allocation ID of the Elastic IP address(Required for EC2-VPC) type:string maxLength:63
    • ha-eth-type HA heartbeat packet Ethertype (4-digit hex), range 0x8890-0x889F type:string maxLength:5
    • hc-eth-type Tuple session HA heartbeat packet Ethertype (4-digit hex), range 0x8890-0x889F type:string maxLength:5
    • l2ep-eth-type Telnet session HA heartbeat packet Ethertype (4-digit hex), range 0x8890-0x889F type:string maxLength:5
    • server-policy-hlck HA AA server policy health check type:string choice: enable, disable,
    • encryption enable/disable heartbeat message encryption type:string choice: enable, disable,
    • sdn-connector sdn connector for AP mode type:string
    • lb-name Azure load balancer resource name in the front of the FortiWeb instances type:string maxLength:63
    • lb-ocid OCI LoadBalancer ID at the front of the FortiWeb instances type:string maxLength:127
    • lb-gcp GCP LoadBalancer ID at the front of the FortiWeb instances type:string maxLength:63
    • mkey If present, objects will be filtered on property with this name type:string
    • vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
    • move_flag If supported, a flag can be specified. When *move_flag* is set, extra parameters (*move_mkey*, *sub_mkey*) must be provided. __*Note:*__ If this parameter is provided when not supported, the action will be ignored and an “invalid request” error will be returned. type:string
    • sub_mkey specific resource to be moved type:string
    • move_mkey specific resource to be moved before or after type:string

Examples

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
    - name: edit ha
      vars:
       ansible_command_timeout: 90
      fwebos_ha:
       action: edit
       mode: active-passive
       mode_val: 0
       group_id: 9
       group_name: tttt
       priority: 5
       override: disable
       override_val: 0
       network_type: flat
       network_type_val: 0
       tunnel_local:
       tunnel_peer:
       hbdev: port2
       hbdev_val: 0
       hbdev_backup: port3
       hbdev_backup_val: 0
       boot_time: 30
       hb_interval: 3
       hb_lost_threshold: 3
       arps: 10
       arp_interval: 3
       monitor: port1 port8
       lacp_ha_slave: enable
       lacp_ha_slave_val: 1
       ha_mgmt_status: disable
       ha_mgmt_status_val: 0
       ha_mgmt_interface:
       session_pickup: disable
       session_pickup_val: 0
       session_sync_dev:
       session_sync_broadcast: disable
       session_sync_broadcast_val: 0
       session_warm_up: 10
       schedule: ip
       schedule_val: 1
       weight_1: 40
       weight_2: 40
       weight_3: 40
       weight_4: 40
       weight_5: 40
       weight_6: 40
       weight_7: 40
       weight_8: 40
       link_failed_signal: disable
       link_failed_signal_val: 0
       l7_persistence_sync: disable
       l7_persistence_sync_val: 0
       eip_addr: 0.0.0.0
       eip_aid:
       ha_eth_type: 8890
       hc_eth_type: 8892
       l2ep_eth_type: 8893
       server_policy_hlck: disable
       server_policy_hlck_val: 0
       multi_cluster: disable
       multi_cluster_val: 0
       multi_cluster_group: primary
       multi_cluster_group_val: 0
       multi_cluster_switch_by: nodes_availability
       multi_cluster_switch_by_val: 0
       multi_cluster_move_primary_cluster: disable
       multi_cluster_move_primary_cluster_val: 0
       encryption: disable
       encryption_val: 0
       cluster_arp: enable
       cluster_arp_val: 1
       sdn_connector:
       sdn_connector_val: 0
       lb_name:
       lb_ocid:

    - name: edit ha
      vars:
       ansible_command_timeout: 90
      fwebos_ha:
       action: edit
       mode: standalone

    - name: edit ha
      vars:
       ansible_command_timeout: 90
      fwebos_ha:
       action: edit
       mode: active-active-standard
       group_id: 9
       group_name: tttt
       priority: 5
       override: disable
       network_type: flat
       tunnel_local:
       tunnel_peer:
       hbdev: port2
       hbdev_backup: port3
       boot_time: 30
       hb_interval: 3
       hb_lost_threshold: 3
       monitor: port1 port8
       lacp_ha_slave: enable
       ha_mgmt_status: disable
       ha_mgmt_interface:
       session_pickup: disable
       session_sync_dev:
       session_sync_broadcast: disable
       session_warm_up: 10
       schedule: ip
       link_failed_signal: disable
       l7_persistence_sync: disable
       eip_addr: 0.0.0.0
       eip_aid:
       server_policy_hlck: disable
       multi_cluster: disable
       multi_cluster_group: primary
       multi_cluster_switch_by: nodes_availability
       multi_cluster_move_primary_cluster: disable
       encryption: disable
       cluster_arp: enable

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 : OK: Request returns successful
  • 400 : Bad Request: Request cannot be processed by the API
  • 401 : Not Authorized: Request without successful login session
  • 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 : Resource Not Found: Unable to find the specified resource.
  • 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 : Request Entity Too Large: Request cannot be processed due to large entity
  • 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
  • 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 : Internal Server Error: Internal error when processing the request

For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Jie Li
  • Brad Zhang

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.