fortigate firewall firmware upgrade using fortios_monitor module

[giggsitx]

Hi Jie, I have been working for days and can't seems to upgrade firmware on fortigate firewall. Below is my playbook task and error. Ansible tower shows that job has been run successfully but devices not upgraded.

tasks:
- name: Firmware Upgrade
fortios_monitor:
access_token: "{{ access_token }}"
vdom: "{{ vdom }}"
enable_log: "true"
selector: 'upgrade.system.firmware'
params:
source: "upload"
filename: "{{ file_name }}"
file_content: "{{ lookup('file', './FGT_81F-v7.2.6.F-build1575-FORTINET.out') | b64encode }}"
register: upgrade_result

- name: Check Upgrade Status
  debug:
    msg: "Firmware upgrade status: {{ upgrade_result }}"

---

error:
ok: [10.5.100.254] => {
"msg": "Firmware upgrade status: {'changed': False, 'meta': {'http_method': 'POST', 'results': {'status': 'error', 'error': {'message': '-585', 'code': -585}, 'file_id': '7DrJlM'}, 'vdom': 'root', 'path': 'system', 'name': 'firmware', 'action': 'upgrade', 'status': 'success', 'serial': 'FGT81FTK23008396', 'version': 'v7.0.12', 'build': 523}, 'failed': False}"
}

[MaxxLiu22]

Hi @giggsitx ,

Thank you for bringing this to my attention. I've executed your script and it appears to be functioning perfectly. I was wondering if you're currently utilizing the latest version of Ansible FOS, specifically "fortinet.fortios:2.3.6"? Additionally, could you please consider enabling the debug feature on the FGT? This would greatly assist us in collecting log information for further investigation. Below is the CLI command to enable the debug session on the FGT:

diagnose debug enable
diagnose debug application httpsd -1
......
[httpsd 302 - 1712954332     info] system_firmware_upgrade[2423] -- upgrade success for '/tmp/upfile'
[httpsd 302 - 1712954332     info] endpoint_process_req_vdom[1030] -- completed API request (rss_pre=232704, rss_post=232860, rss_delta=156)
[httpsd 302 - 1712954332     info] endpoint_process_req[1991] -- Removing temporary upload file: /tmp/monitor_upload_XYPtf0.
[httpsd 302 - 1712954332     info] fweb_debug_final[319] -- Completed POST request for "/api/v2/monitor/system/firmware/upgrade" (HTTP 200)

PLAY [fortigates] *****************************************************************************

TASK [Firmware Upgrade] ***********************************************************************
ok: [fortigate03]

TASK [Check Upgrade Status] *******************************************************************
ok: [fortigate03] => {
    "msg": "Firmware upgrade status: {'changed': False, 'meta': {'http_method': 'POST', 'results': {'status': 'success'}, 'vdom': 'root', 'path': 'system', 'name': 'firmware', 'action': 'upgrade', 'status': 'success', 'serial': 'FGT60FTK19009015', 'version': 'v7.2.8', 'build': 1639}, 'failed': False}"
}

PLAY RECAP ************************************************************************************
fortigate03                : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Thanks,
Maxx

[giggsitx]

hi @MaxxLiu22, i am currently using ansible tower to execute this playbook inside a template, may i know is there any other way to check this? from what i see from the debug, it shows that the playbook run completely fine, but the version did not change or do you think i should use other module like fortios_system_device_upgrade
execution environment is fortigate 1.0.0

[MaxxLiu22]

Hi @giggsitx ,

Apologies for the delayed response. May I ask if the issue is still occurring? You might want to check the logs via GUI -> Log & Report -> System Events to gather more details about what happened during the upgrade process.