:source: faz_cli_system_global.py
:orphan:
.. _faz_cli_system_global:
faz_cli_system_global -- Global range attributes.
+++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 1.0.0
.. warning::
Starting in version 2.0.0, all variables will be named in the underscore naming convention.
- Possible variable names before 2.0.0: ``variable-name``, ``variable name``, ``variable.name``
- Corresponding variable names since 2.0.0: ``variable_name``
FortiAnalyzer Ansible v1.4+ supports both previous argument name and new underscore name.
You will receive deprecation warnings if you keep using the previous argument name.
You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
.. contents::
:local:
:depth: 1
Synopsis
--------
- This module is able to configure a FortiAnalyzer device.
- Examples include all parameters and values need to be adjusted to data sources before usage.
- This module supports check mode and diff mode.
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.16.0
FortiAnalyzer Version Compatibility
------------------------------------
.. raw:: html
Supported Version Ranges: v6.2.1 -> latest
Parameters
----------
.. raw:: html
access_token The token to access FortiAnalyzer without using ansible_username and ansible_password. type: str
bypass_validation Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool default: False
enable_log Enable/Disable logging for task type: bool default: False
forticloud_access_token Access token of forticloud analyzer API users. type: str
log_path The path to save log. Used if enable_log is true. Please use absolute path instead of relative path. If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.logtype: str default: "/tmp/fortianalyzer.ansible.log"
proposed_method The overridden method for the underlying Json RPC request type: str choices: set, update, add
version_check If set to True, it will check whether the parameters used are supported by the corresponding version of FortiAnazlyer locally based on FNDN data. A warning will be returned in version_check_warning if there is a mismatch. This warning is only a suggestion and may not be accurate. type: bool default: False
rc_succeeded The rc codes list with which the conditions to succeed will be overriden type: list
rc_failed The rc codes list with which the conditions to fail will be overriden type: list
cli_system_global Global range attributes. type: dict
admin_lockout_duration Lockout duration(sec) for administration. type: intdefault: 60 more...
Supported Version Ranges: v6.2.1 -> latest
admin_lockout_threshold Lockout threshold for administration. type: intdefault: 3 more...
Supported Version Ranges: v6.2.1 -> latest
adom_mode ADOM mode. type: strchoices: [normal, advanced]default: normal more...
enc_algorithm SSL communication encryption algorithms. type: strchoices: [low, medium, high, custom]default: high more...
Supported Version Ranges: v6.2.1 -> latest
fgfm_ca_cert set the extra fgfm CA certificates. type: str more...
Supported Version Ranges: v6.2.1 -> v6.2.1, v6.2.3 -> latest
fgfm_local_cert set the fgfm local certificate. type: str more...
Supported Version Ranges: v6.2.1 -> latest
fgfm_ssl_protocol set the lowest SSL protocols for fgfmsd. type: strchoices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, follow-global-ssl-protocol]default: tlsv1.2 more...
Supported Version Ranges: v6.2.1 -> latest
ha_member_auto_grouping Enable/disable automatically group HA members feature type: strchoices: [disable, enable]default: enable more...
Supported Version Ranges: v6.2.1 -> latest
hitcount_concurrent The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). type: intdefault: 100 more...
Supported Version Ranges: v6.2.1 -> v6.4.2
hitcount_interval The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 900). type: intdefault: 900 more...
Supported Version Ranges: v6.2.1 -> v6.4.2
hostname System hostname. type: strdefault: FAZVM64 more...
Supported Version Ranges: v6.2.1 -> latest
language System global language. type: strchoices: [english, simch, japanese, korean, spanish, trach]default: english more...
task_list_size Maximum number of completed tasks to keep. type: intdefault: 2000 more...
Supported Version Ranges: v6.2.1 -> latest
tftp Enable/disable TFTP in `exec restore image` command (disabled by default in FIPS mode) type: strchoices: [disable, enable]default: disable more...
Supported Version Ranges: v7.0.5 -> v7.0.14, v7.2.1 -> latest
no_copy_permission_check Do not perform permission check to block object changes in different adom during copy and install. type: strchoices: [disable, enable]default: enable more...
Supported Version Ranges: v7.0.8 -> v7.0.14, v7.2.3 -> latest
ssh_enc_algo Select one or more SSH ciphers. type: listelements: strchoices: [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se, aes128-gcm@openssh.com, aes256-gcm@openssh.com] more...
apache_mode Set apache mode. type: strchoices: [event, prefork]default: event more...
Supported Version Ranges: v7.2.4 -> v7.2.11, v7.4.1 -> latest
no_vip_value_check Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy type: strchoices: [disable, enable]default: disable more...
Supported Version Ranges: v7.2.4 -> v7.2.11, v7.4.1 -> latest
admin_ssh_grace_time Maximum time in seconds permitted between making an SSH connection to the FortiManager unit and authenticating (10 - 3600 sec (1 hour), default 120). type: intdefault: 120 more...
Supported Version Ranges: v7.2.6 -> v7.2.11, v7.4.4 -> latest
log_forward_plugin_workers Maximum workers for running log forward output plugins, the valid range is 2 to 20 type: intdefault: 10 more...
Supported Version Ranges: v7.4.0 -> latest
fortiservice_port FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. type: intdefault: 8013 more...
Supported Version Ranges: v7.4.1 -> latest
management_ip Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. type: str more...
Supported Version Ranges: v7.4.1 -> latest
management_port Overriding port for management connection (Overrides admin port). type: intdefault: 443 more...
Supported Version Ranges: v7.4.1 -> latest
api_ip_binding Enable/disable source IP check for JSON API request. type: strchoices: [disable, enable]default: enable more...
Supported Version Ranges: v7.4.2 -> latest
admin_host Administrative host for HTTP and HTTPs. When set, will be used in lieu of the clients Host header for any redirection. type: str more...
Supported Version Ranges: v7.4.4 -> latest
global_ssl_protocol set the lowest SSL protocol version for all SSL connections. type: strchoices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3]default: tlsv1.2 more...
Supported Version Ranges: v7.4.4 -> v7.4.8, v7.6.2 -> latest
httpd_ssl_protocol set SSL protocols for apache daemon (httpd) type: listelements: strchoices: [sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3] more...
Supported Version Ranges: v7.4.4 -> v7.4.8, v7.6.2 -> latest
mapclient_ssl_protocol set the lowest SSL protocol version for connection to mapserver. type: strchoices: [follow-global-ssl-protocol, sslv3, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3]default: follow-global-ssl-protocol more...
Supported Version Ranges: v7.4.4 -> v7.4.8, v7.6.2 -> latest
Supported Version Ranges: v7.4.7 -> v7.4.8, v7.6.3 -> latest
gui_install_preview_concurrency Set the maximum number of devices to be processed in a single GUI install preview request (1-100 default 20). type: intdefault: 20 more...
Supported Version Ranges: v7.4.8 -> v7.4.8, v7.6.4 -> latest
fabric_storage_pool_quota Disk quota for Fabric (MB). type: intdefault: 0 more...
Supported Version Ranges: v7.6.0 -> latest
fabric_storage_pool_size Max storage pooll size type: intdefault: 20 more...
Notes
-----
.. note::
- To create or update an object, use state: present directive.
- To delete an object, use state: absent directive
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
--------
.. code-block:: yaml+jinja
- name: Example playbook
gather_facts: false
hosts: fortianalyzers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Alert console
fortinet.fortianalyzer.faz_cli_system_global:
enable_log: true
cli_system_global:
language: english
Return Values
-------------
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
.. raw:: html
meta The result of the request. returned: alwaystype: dict
request_url The full url requested. returned: alwaystype: strsample: /sys/login/user
response_code The status of api request. returned: alwaystype: intsample: 0
response_data The data body of the api response. returned: optionaltype: list or dict
response_message The descriptive message of the api response. returned: alwaystype: strsample: OK
system_information The information of the target system. returned: alwaystype: dict
rc The status the request. returned: alwaystype: intsample: 0
version_check_warning Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: if params are not supported in the current versiontype: list
Status
------
- This module is not guaranteed to have a backwards compatible interface.
Authors
-------
- Xinwei Du (@dux-fortinet)
- Maxx Liu (@MaxxLiu22)
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)