diff --git a/plugins/modules/vyos_banner.py b/plugins/modules/vyos_banner.py
index b08fb73..aa0bd5c 100644
--- a/plugins/modules/vyos_banner.py
+++ b/plugins/modules/vyos_banner.py
@@ -1,196 +1,193 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-DOCUMENTATION = """module: vyos_banner
+DOCUMENTATION = """
+module: vyos_banner
author: Trishna Guha (@trishnaguha)
short_description: Manage multiline banners on VyOS devices
description:
- This will configure both pre-login and post-login banners on remote devices running
VyOS. It allows playbooks to add or remote banner text from the active running configuration.
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
options:
banner:
description:
- Specifies which banner that should be configured on the remote device.
required: true
choices:
- pre-login
- post-login
text:
description:
- The banner text that should be present in the remote device running configuration.
This argument accepts a multiline string, with no empty lines. Requires I(state=present).
state:
description:
- Specifies whether or not the configuration is present in the current devices
active running configuration.
default: present
choices:
- present
- absent
extends_documentation_fragment:
- vyos.vyos.vyos
"""
EXAMPLES = """
- name: configure the pre-login banner
- vyos_banner:
+ vyos.vyos.vyos_banner:
banner: pre-login
text: |
this is my pre-login banner
that contains a multiline
string
state: present
- name: remove the post-login banner
- vyos_banner:
+ vyos.vyos.vyos_banner:
banner: post-login
state: absent
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always
type: list
sample:
- banner pre-login
- this is my pre-login banner
- that contains a multiline
- string
"""
import re
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
get_config,
load_config,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def spec_to_commands(updates, module):
commands = list()
want, have = updates
state = module.params["state"]
if state == "absent":
if have.get("state") != "absent" or (
have.get("state") != "absent"
and "text" in have.keys()
and have["text"]
):
commands.append(
"delete system login banner %s" % module.params["banner"]
)
elif state == "present":
if want["text"] and want["text"].encode().decode(
"unicode_escape"
) != have.get("text"):
banner_cmd = (
"set system login banner %s " % module.params["banner"]
)
banner_cmd += want["text"].strip()
commands.append(banner_cmd)
return commands
def config_to_dict(module):
data = get_config(module)
output = None
obj = {"banner": module.params["banner"], "state": "absent"}
for line in data.split("\n"):
if line.startswith("set system login banner %s" % obj["banner"]):
match = re.findall(r"%s (.*)" % obj["banner"], line, re.M)
output = match
if output:
obj["text"] = output[0].encode().decode("unicode_escape")
obj["state"] = "present"
return obj
def map_params_to_obj(module):
text = module.params["text"]
if text:
text = "%r" % (str(text).strip())
return {
"banner": module.params["banner"],
"text": text,
"state": module.params["state"],
}
def main():
""" main entry point for module execution
"""
argument_spec = dict(
banner=dict(required=True, choices=["pre-login", "post-login"]),
text=dict(),
state=dict(default="present", choices=["present", "absent"]),
)
argument_spec.update(vyos_argument_spec)
required_if = [("state", "present", ("text",))]
module = AnsibleModule(
argument_spec=argument_spec,
required_if=required_if,
supports_check_mode=True,
)
warnings = list()
result = {"changed": False}
if warnings:
result["warnings"] = warnings
want = map_params_to_obj(module)
have = config_to_dict(module)
commands = spec_to_commands((want, have), module)
result["commands"] = commands
if commands:
commit = not module.check_mode
load_config(module, commands, commit=commit)
result["changed"] = True
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_command.py b/plugins/modules/vyos_command.py
index 1853849..58e98c9 100644
--- a/plugins/modules/vyos_command.py
+++ b/plugins/modules/vyos_command.py
@@ -1,223 +1,219 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-
-DOCUMENTATION = """module: vyos_command
+DOCUMENTATION = """
+module: vyos_command
author: Nathaniel Case (@Qalthos)
short_description: Run one or more commands on VyOS devices
description:
- The command module allows running one or more commands on remote devices running
VyOS. This module can also be introspected to validate key parameters before returning
successfully. If the conditional statements are not met in the wait period, the
task fails.
- Certain C(show) commands in VyOS produce many lines of output and use a custom pager
that can cause this module to hang. If the value of the environment variable C(ANSIBLE_VYOS_TERMINAL_LENGTH)
is not set, the default number of 10000 is used.
+version_added: 1.0.0
extends_documentation_fragment:
- vyos.vyos.vyos
options:
commands:
description:
- The ordered set of commands to execute on the remote device running VyOS. The
output from the command execution is returned to the playbook. If the I(wait_for)
argument is provided, the module is not returned until the condition is satisfied
or the number of retries has been exceeded.
required: true
wait_for:
description:
- Specifies what to evaluate from the output of the command and what conditionals
to apply. This argument will cause the task to wait for a particular conditional
to be true before moving forward. If the conditional is not true by the configured
I(retries), the task fails. See examples.
aliases:
- waitfor
match:
description:
- The I(match) argument is used in conjunction with the I(wait_for) argument to
specify the match policy. Valid values are C(all) or C(any). If the value is
set to C(all) then all conditionals in the wait_for must be satisfied. If the
value is set to C(any) then only one of the values must be satisfied.
default: all
choices:
- any
- all
retries:
description:
- Specifies the number of retries a command should be tried before it is considered
failed. The command is run on the target device every retry and evaluated against
the I(wait_for) conditionals.
default: 10
interval:
description:
- Configures the interval in seconds to wait between I(retries) of the command.
If the command does not pass the specified conditions, the interval indicates
how long to wait before trying the command again.
default: 1
notes:
- Tested against VyOS 1.1.8 (helium).
- Running C(show system boot-messages all) will cause the module to hang since VyOS
is using a custom pager setting to display the output of that command.
- If a command sent to the device requires answering a prompt, it is possible to pass
a dict containing I(command), I(answer) and I(prompt). See examples.
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
"""
EXAMPLES = """
-tasks:
- - name: show configuration on ethernet devices eth0 and eth1
- vyos_command:
- commands:
- - show interfaces ethernet {{ item }}
- with_items:
- - eth0
- - eth1
-
- - name: run multiple commands and check if version output contains specific version string
- vyos_command:
- commands:
- - show version
- - show hardware cpu
- wait_for:
- - "result[0] contains 'VyOS 1.1.7'"
-
- - name: run command that requires answering a prompt
- vyos_command:
- commands:
- - command: 'rollback 1'
- prompt: 'Proceed with reboot? [confirm][y]'
- answer: y
+- name: show configuration on ethernet devices eth0 and eth1
+ vyos.vyos.vyos_command:
+ commands:
+ - show interfaces ethernet {{ item }}
+ with_items:
+ - eth0
+ - eth1
+
+- name: run multiple commands and check if version output contains specific version
+ string
+ vyos.vyos.vyos_command:
+ commands:
+ - show version
+ - show hardware cpu
+ wait_for:
+ - result[0] contains 'VyOS 1.1.7'
+
+- name: run command that requires answering a prompt
+ vyos.vyos.vyos_command:
+ commands:
+ - command: rollback 1
+ prompt: Proceed with reboot? [confirm][y]
+ answer: y
"""
RETURN = """
stdout:
description: The set of responses from the commands
returned: always apart from low level errors (such as action plugin)
type: list
sample: ['...', '...']
stdout_lines:
description: The value of stdout split into a list
returned: always
type: list
sample: [['...', '...'], ['...'], ['...']]
failed_conditions:
description: The list of conditionals that have failed
returned: failed
type: list
sample: ['...', '...']
warnings:
description: The list of warnings (if any) generated by module based on arguments
returned: always
type: list
sample: ['...', '...']
"""
import time
from ansible.module_utils._text import to_text
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.parsing import (
Conditional,
)
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import (
transform_commands,
to_lines,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
run_commands,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def parse_commands(module, warnings):
commands = transform_commands(module)
if module.check_mode:
for item in list(commands):
if not item["command"].startswith("show"):
warnings.append(
"Only show commands are supported when using check mode, not "
"executing %s" % item["command"]
)
commands.remove(item)
return commands
def main():
spec = dict(
commands=dict(type="list", required=True),
wait_for=dict(type="list", aliases=["waitfor"]),
match=dict(default="all", choices=["all", "any"]),
retries=dict(default=10, type="int"),
interval=dict(default=1, type="int"),
)
spec.update(vyos_argument_spec)
module = AnsibleModule(argument_spec=spec, supports_check_mode=True)
warnings = list()
result = {"changed": False, "warnings": warnings}
commands = parse_commands(module, warnings)
wait_for = module.params["wait_for"] or list()
try:
conditionals = [Conditional(c) for c in wait_for]
except AttributeError as exc:
module.fail_json(msg=to_text(exc))
retries = module.params["retries"]
interval = module.params["interval"]
match = module.params["match"]
for _ in range(retries):
responses = run_commands(module, commands)
for item in list(conditionals):
if item(responses):
if match == "any":
conditionals = list()
break
conditionals.remove(item)
if not conditionals:
break
time.sleep(interval)
if conditionals:
failed_conditions = [item.raw for item in conditionals]
msg = "One or more conditional statements have not been satisfied"
module.fail_json(msg=msg, failed_conditions=failed_conditions)
result.update(
{"stdout": responses, "stdout_lines": list(to_lines(responses)),}
)
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_config.py b/plugins/modules/vyos_config.py
index b899045..baa63f3 100644
--- a/plugins/modules/vyos_config.py
+++ b/plugins/modules/vyos_config.py
@@ -1,354 +1,350 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-
-DOCUMENTATION = """module: vyos_config
+DOCUMENTATION = """
+module: vyos_config
author: Nathaniel Case (@Qalthos)
short_description: Manage VyOS configuration on remote device
description:
- This module provides configuration file management of VyOS devices. It provides
arguments for managing both the configuration file and state of the active configuration.
All configuration statements are based on `set` and `delete` commands in the device
configuration.
+version_added: 1.0.0
extends_documentation_fragment:
- vyos.vyos.vyos
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
options:
lines:
description:
- The ordered set of configuration lines to be managed and compared with the existing
configuration on the remote device.
src:
description:
- The C(src) argument specifies the path to the source config file to load. The
source config file can either be in bracket format or set format. The source
file can include Jinja2 template variables.
match:
description:
- The C(match) argument controls the method used to match against the current
active configuration. By default, the desired config is matched against the
active config and the deltas are loaded. If the C(match) argument is set to
C(none) the active configuration is ignored and the configuration is always
loaded.
default: line
choices:
- line
- none
backup:
description:
- The C(backup) argument will backup the current devices active configuration
to the Ansible control host prior to making any changes. If the C(backup_options)
value is not given, the backup file will be located in the backup folder in
the playbook root directory or role root directory, if playbook is part of an
ansible role. If the directory does not exist, it is created.
type: bool
- default: 'no'
+ default: no
comment:
description:
- Allows a commit description to be specified to be included when the configuration
is committed. If the configuration is not changed or committed, this argument
is ignored.
default: configured by vyos_config
config:
description:
- The C(config) argument specifies the base configuration to use to compare against
the desired configuration. If this value is not specified, the module will
automatically retrieve the current active configuration from the remote device.
save:
description:
- The C(save) argument controls whether or not changes made to the active configuration
are saved to disk. This is independent of committing the config. When set
to True, the active configuration is saved.
type: bool
- default: 'no'
+ default: no
backup_options:
description:
- This is a dict object containing configurable options related to backup file
path. The value of this option is read only when C(backup) is set to I(yes),
if C(backup) is set to I(no) this option will be silently ignored.
suboptions:
filename:
description:
- The filename to be used to store the backup configuration. If the filename
is not given it will be generated based on the hostname, current time and
date in format defined by _config.@
dir_path:
description:
- This option provides the path ending with directory name in which the backup
configuration file will be stored. If the directory does not exist it will
be first created and the filename is either the value of C(filename) or
default filename as described in C(filename) options description. If the
path value is not given in that case a I(backup) directory will be created
in the current working directory and backup configuration will be copied
in C(filename) within I(backup) directory.
type: path
type: dict
"""
EXAMPLES = """
- name: configure the remote device
- vyos_config:
+ vyos.vyos.vyos_config:
lines:
- - set system host-name {{ inventory_hostname }}
- - set service lldp
- - delete service dhcp-server
+ - set system host-name {{ inventory_hostname }}
+ - set service lldp
+ - delete service dhcp-server
- name: backup and load from file
- vyos_config:
+ vyos.vyos.vyos_config:
src: vyos.cfg
backup: yes
- name: render a Jinja2 template onto the VyOS router
- vyos_config:
+ vyos.vyos.vyos_config:
src: vyos_template.j2
- name: for idempotency, use full-form commands
- vyos_config:
+ vyos.vyos.vyos_config:
lines:
# - set int eth eth2 description 'OUTSIDE'
- - set interface ethernet eth2 description 'OUTSIDE'
+ - set interface ethernet eth2 description 'OUTSIDE'
- name: configurable backup path
- vyos_config:
+ vyos.vyos.vyos_config:
backup: yes
backup_options:
filename: backup.cfg
dir_path: /home/user
"""
RETURN = """
commands:
description: The list of configuration commands sent to the device
returned: always
type: list
sample: ['...', '...']
filtered:
description: The list of configuration commands removed to avoid a load failure
returned: always
type: list
sample: ['...', '...']
backup_path:
description: The full path to the backup file
returned: when backup is yes
type: str
sample: /playbooks/ansible/backup/vyos_config.2016-07-16@22:28:34
filename:
description: The name of the backup file
returned: when backup is yes and filename is not specified in backup options
type: str
sample: vyos_config.2016-07-16@22:28:34
shortname:
description: The full path to the backup file excluding the timestamp
returned: when backup is yes and filename is not specified in backup options
type: str
sample: /playbooks/ansible/backup/vyos_config
date:
description: The date extracted from the backup file name
returned: when backup is yes
type: str
sample: "2016-07-16"
time:
description: The time extracted from the backup file name
returned: when backup is yes
type: str
sample: "22:28:34"
"""
import re
from ansible.module_utils._text import to_text
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import ConnectionError
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
load_config,
get_config,
run_commands,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
get_connection,
)
DEFAULT_COMMENT = "configured by vyos_config"
CONFIG_FILTERS = [
re.compile(r"set system login user \S+ authentication encrypted-password")
]
def get_candidate(module):
contents = module.params["src"] or module.params["lines"]
if module.params["src"]:
contents = format_commands(contents.splitlines())
contents = "\n".join(contents)
return contents
def format_commands(commands):
"""
This function format the input commands and removes the prepend white spaces
for command lines having 'set' or 'delete' and it skips empty lines.
:param commands:
:return: list of commands
"""
return [
line.strip() if line.split()[0] in ("set", "delete") else line
for line in commands
if len(line.strip()) > 0
]
def diff_config(commands, config):
config = [str(c).replace("'", "") for c in config.splitlines()]
updates = list()
visited = set()
for line in commands:
item = str(line).replace("'", "")
if not item.startswith("set") and not item.startswith("delete"):
raise ValueError("line must start with either `set` or `delete`")
elif item.startswith("set") and item not in config:
updates.append(line)
elif item.startswith("delete"):
if not config:
updates.append(line)
else:
item = re.sub(r"delete", "set", item)
for entry in config:
if entry.startswith(item) and line not in visited:
updates.append(line)
visited.add(line)
return list(updates)
def sanitize_config(config, result):
result["filtered"] = list()
index_to_filter = list()
for regex in CONFIG_FILTERS:
for index, line in enumerate(list(config)):
if regex.search(line):
result["filtered"].append(line)
index_to_filter.append(index)
# Delete all filtered configs
for filter_index in sorted(index_to_filter, reverse=True):
del config[filter_index]
def run(module, result):
# get the current active config from the node or passed in via
# the config param
config = module.params["config"] or get_config(module)
# create the candidate config object from the arguments
candidate = get_candidate(module)
# create loadable config that includes only the configuration updates
connection = get_connection(module)
try:
response = connection.get_diff(
candidate=candidate,
running=config,
diff_match=module.params["match"],
)
except ConnectionError as exc:
module.fail_json(msg=to_text(exc, errors="surrogate_then_replace"))
commands = response.get("config_diff")
sanitize_config(commands, result)
result["commands"] = commands
commit = not module.check_mode
comment = module.params["comment"]
diff = None
if commands:
diff = load_config(module, commands, commit=commit, comment=comment)
if result.get("filtered"):
result["warnings"].append(
"Some configuration commands were "
"removed, please see the filtered key"
)
result["changed"] = True
if module._diff:
result["diff"] = {"prepared": diff}
def main():
backup_spec = dict(filename=dict(), dir_path=dict(type="path"))
argument_spec = dict(
src=dict(type="path"),
lines=dict(type="list"),
match=dict(default="line", choices=["line", "none"]),
comment=dict(default=DEFAULT_COMMENT),
config=dict(),
backup=dict(type="bool", default=False),
backup_options=dict(type="dict", options=backup_spec),
save=dict(type="bool", default=False),
)
argument_spec.update(vyos_argument_spec)
mutually_exclusive = [("lines", "src")]
module = AnsibleModule(
argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
supports_check_mode=True,
)
warnings = list()
result = dict(changed=False, warnings=warnings)
if module.params["backup"]:
result["__backup__"] = get_config(module=module)
if any((module.params["src"], module.params["lines"])):
run(module, result)
if module.params["save"]:
diff = run_commands(module, commands=["configure", "compare saved"])[1]
if diff != "[edit]":
run_commands(module, commands=["save"])
result["changed"] = True
run_commands(module, commands=["exit"])
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_facts.py b/plugins/modules/vyos_facts.py
index 72b191c..7521a3b 100644
--- a/plugins/modules/vyos_facts.py
+++ b/plugins/modules/vyos_facts.py
@@ -1,175 +1,170 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
"""
The module file for vyos_facts
"""
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": [u"preview"],
- "supported_by": "network",
-}
-
-
-DOCUMENTATION = """module: vyos_facts
+DOCUMENTATION = """
+module: vyos_facts
short_description: Get facts about vyos devices.
description:
- Collects facts from network devices running the vyos operating system. This module
places the facts gathered in the fact tree keyed by the respective resource name. The
facts module will always collect a base set of facts from the device and can enable
or disable collection of additional facts.
+version_added: 1.0.0
author:
- Nathaniel Case (@qalthos)
- Nilashish Chakraborty (@Nilashishc)
- Rohit Thakur (@rohitthakur2590)
extends_documentation_fragment:
- vyos.vyos.vyos
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
options:
gather_subset:
description:
- When supplied, this argument will restrict the facts collected to a given subset. Possible
values for this argument include all, default, config, and neighbors. Can specify
a list of values to include a larger subset. Values can also be used with an
initial C(M(!)) to specify that a specific subset should not be collected.
required: false
default: '!config'
gather_network_resources:
description:
- When supplied, this argument will restrict the facts collected to a given subset.
Possible values for this argument include all and the resources like interfaces.
Can specify a list of values to include a larger subset. Values can also be
used with an initial C(M(!)) to specify that a specific subset should not be
collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces',
'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global',
'firewall_interfaces', 'ospfv3', 'ospfv2'.
required: false
"""
EXAMPLES = """
# Gather all facts
-- vyos_facts:
+- vyos.vyos.vyos_facts:
gather_subset: all
gather_network_resources: all
# collect only the config and default facts
-- vyos_facts:
+- vyos.vyos.vyos_facts:
gather_subset: config
# collect everything exception the config
-- vyos_facts:
- gather_subset: "!config"
+- vyos.vyos.vyos_facts:
+ gather_subset: '!config'
# Collect only the interfaces facts
-- vyos_facts:
+- vyos.vyos.vyos_facts:
gather_subset:
- - '!all'
- - '!min'
+ - '!all'
+ - '!min'
gather_network_resources:
- - interfaces
+ - interfaces
# Do not collect interfaces facts
-- vyos_facts:
+- vyos.vyos.vyos_facts:
gather_network_resources:
- - "!interfaces"
+ - '!interfaces'
# Collect interfaces and minimal default facts
-- vyos_facts:
+- vyos.vyos.vyos_facts:
gather_subset: min
gather_network_resources: interfaces
"""
RETURN = """
ansible_net_config:
description: The running-config from the device
returned: when config is configured
type: str
ansible_net_commits:
description: The set of available configuration revisions
returned: when present
type: list
ansible_net_hostname:
description: The configured system hostname
returned: always
type: str
ansible_net_model:
description: The device model string
returned: always
type: str
ansible_net_serialnum:
description: The serial number of the device
returned: always
type: str
ansible_net_version:
description: The version of the software running
returned: always
type: str
ansible_net_neighbors:
description: The set of LLDP neighbors
returned: when interface is configured
type: list
ansible_net_gather_subset:
description: The list of subsets gathered by the module
returned: always
type: list
ansible_net_api:
description: The name of the transport
returned: always
type: str
ansible_net_python_version:
description: The Python version Ansible controller is using
returned: always
type: str
ansible_net_gather_network_resources:
description: The list of fact resource subsets collected from the device
returned: always
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.facts.facts import (
FactsArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import (
Facts,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def main():
"""
Main entry point for module execution
:returns: ansible_facts
"""
argument_spec = FactsArgs.argument_spec
argument_spec.update(vyos_argument_spec)
module = AnsibleModule(
argument_spec=argument_spec, supports_check_mode=True
)
warnings = []
if module.params["gather_subset"] == "!config":
warnings.append(
"default value for `gather_subset` will be changed to `min` from `!config` v2.11 onwards"
)
result = Facts(module).get_facts()
ansible_facts, additional_warnings = result
warnings.extend(additional_warnings)
module.exit_json(ansible_facts=ansible_facts, warnings=warnings)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_firewall_global.py b/plugins/modules/vyos_firewall_global.py
index 519725a..0574aa8 100644
--- a/plugins/modules/vyos_firewall_global.py
+++ b/plugins/modules/vyos_firewall_global.py
@@ -1,1204 +1,1202 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_firewall_global
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-DOCUMENTATION = """module: vyos_firewall_global
-short_description: Manage global policies or configurations for firewall on VyOS devices.
+DOCUMENTATION = """
+module: vyos_firewall_global
+short_description: FIREWALL global resource module
description: This module manage global policies or configurations for firewall on
VyOS devices.
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
author:
- Rohit Thakur (@rohitthakur2590)
options:
config:
description:
- A dictionary of Firewall global configuration options.
type: dict
suboptions:
route_redirects:
description: -A dictionary of Firewall icmp redirect and source route global
configuration options.
type: list
elements: dict
suboptions:
afi:
description:
- Specifies IP address type
type: str
choices:
- ipv4
- ipv6
required: true
icmp_redirects:
description:
- Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect
messages.
type: dict
suboptions:
send:
description:
- Permits or denies transmitting packets ICMP redirect messages.
type: bool
receive:
description:
- Permits or denies receiving packets ICMP redirect messages.
type: bool
ip_src_route:
description:
- Specifies whether or not to process source route IP options.
type: bool
ping:
description:
- Policy for handling of all IPv4 ICMP echo requests.
type: dict
suboptions:
all:
description:
- Enables or disables response to all IPv4 ICMP Echo Request (ping) messages.
- The system responds to IPv4 ICMP Echo Request messages.
type: bool
broadcast:
description:
- Enables or disables response to broadcast IPv4 ICMP Echo Request and
Timestamp Request messages.
- IPv4 ICMP Echo and Timestamp Request messages are not processed.
type: bool
config_trap:
description:
- SNMP trap generation on firewall configuration changes.
type: bool
validation:
description:
- Specifies a policy for source validation by reversed path, as defined in
RFC 3704.
- (disable) No source validation is performed.
- (loose) Enable Loose Reverse Path Forwarding as defined in RFC3704.
- (strict) Enable Strict Reverse Path Forwarding as defined in RFC3704.
type: str
choices:
- - strict
+ - stricu
- loose
- disable
group:
description:
- Defines a group of objects for referencing in firewall rules.
type: dict
suboptions:
address_group:
description:
- Defines a group of IP addresses for referencing in firewall rules.
type: list
elements: dict
suboptions:
name:
description:
- Name of the firewall address group.
type: str
required: true
description:
description:
- Allows you to specify a brief description for the address group.
type: str
members:
description:
- Address-group members.
- IPv4 address to match.
- IPv4 range to match.
type: list
elements: dict
suboptions:
address:
description: IP address.
type: str
network_group:
description:
- Defines a group of networks for referencing in firewall rules.
type: list
elements: dict
suboptions:
name:
description:
- Name of the firewall network group.
type: str
required: true
description:
description:
- Allows you to specify a brief description for the network group.
type: str
members:
description:
- Adds an IPv4 network to the specified network group.
- The format is ip-address/prefix.
type: list
elements: dict
suboptions:
address:
description: IP address.
type: str
port_group:
description:
- Defines a group of ports for referencing in firewall rules.
type: list
elements: dict
suboptions:
name:
description:
- Name of the firewall port group.
type: str
required: true
description:
description:
- Allows you to specify a brief description for the port group.
type: str
members:
description:
- Port-group member.
type: list
elements: dict
suboptions:
port:
description: Defines the number.
type: str
log_martians:
description:
- Specifies whether or not to record packets with invalid addresses in the
log.
- (True) Logs packets with invalid addresses.
- (False) Does not log packets with invalid addresses.
type: bool
syn_cookies:
description:
- Specifies policy for using TCP SYN cookies with IPv4.
- (True) Enables TCP SYN cookies with IPv4.
- (False) Disables TCP SYN cookies with IPv4.
type: bool
twa_hazards_protection:
description:
- RFC1337 TCP TIME-WAIT assasination hazards protection.
type: bool
state_policy:
description:
- Specifies global firewall state-policy.
type: list
elements: dict
suboptions:
connection_type:
description: Specifies connection type.
type: str
choices:
- established
- invalid
- related
action:
description:
- Action for packets part of an established connection.
type: str
choices:
- accept
- drop
- reject
log:
description:
- Enable logging of packets part of an established connection.
type: bool
running_config:
description:
- The module, by default, will connect to the remote device and retrieve the current
running-config to use as a base for comparing against the contents of source.
There are times when it is not desirable to have the task get the current running-config
for every task in a playbook. The I(running_config) argument allows the implementer
to pass in the configuration to use as the base config for comparison. This
value of this option should be the output received from device by executing
command C(show configuration commands | grep 'firewall')
type: str
state:
description:
- The state the configuration should be left in.
type: str
choices:
- merged
- replaced
- deleted
- gathered
- rendered
- parsed
default: merged
+
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos# run show configuration commands | grep firewall
#
#
- name: Merge the provided configuration with the exisiting running configuration
- vyos_firewall_global:
+ vyos.vyos.vyos_firewall_global:
config:
validation: strict
- config_trap: True
- log_martians: True
- syn_cookies: True
- twa_hazards_protection: True
+ config_trap: true
+ log_martians: true
+ syn_cookies: true
+ twa_hazards_protection: true
ping:
- all: True
- broadcast: True
+ all: true
+ broadcast: true
state_policy:
- - connection_type: 'established'
- action: 'accept'
- log: True
- - connection_type: 'invalid'
- action: 'reject'
+ - connection_type: established
+ action: accept
+ log: true
+ - connection_type: invalid
+ action: reject
route_redirects:
- - afi: 'ipv4'
- ip_src_route: True
- icmp_redirects:
- send: True
- receive: False
+ - afi: ipv4
+ ip_src_route: true
+ icmp_redirects:
+ send: true
+ receive: false
group:
address_group:
- - name: 'MGMT-HOSTS'
- description: 'This group has the Management hosts address list'
- members:
- - address: 192.0.1.1
- - address: 192.0.1.3
- - address: 192.0.1.5
+ - name: MGMT-HOSTS
+ description: This group has the Management hosts address list
+ members:
+ - address: 192.0.1.1
+ - address: 192.0.1.3
+ - address: 192.0.1.5
network_group:
- - name: 'MGMT'
- description: 'This group has the Management network addresses'
- members:
- - address: 192.0.1.0/24
+ - name: MGMT
+ description: This group has the Management network addresses
+ members:
+ - address: 192.0.1.0/24
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# before": []
#
# "commands": [
# "set firewall group address-group MGMT-HOSTS address 192.0.1.1",
# "set firewall group address-group MGMT-HOSTS address 192.0.1.3",
# "set firewall group address-group MGMT-HOSTS address 192.0.1.5",
# "set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'",
# "set firewall group address-group MGMT-HOSTS",
# "set firewall group network-group MGMT network 192.0.1.0/24",
# "set firewall group network-group MGMT description 'This group has the Management network addresses'",
# "set firewall group network-group MGMT",
# "set firewall ip-src-route 'enable'",
# "set firewall receive-redirects 'disable'",
# "set firewall send-redirects 'enable'",
# "set firewall config-trap 'enable'",
# "set firewall state-policy established action 'accept'",
# "set firewall state-policy established log 'enable'",
# "set firewall state-policy invalid action 'reject'",
# "set firewall broadcast-ping 'enable'",
# "set firewall all-ping 'enable'",
# "set firewall log-martians 'enable'",
# "set firewall twa-hazards-protection 'enable'",
# "set firewall syn-cookies 'enable'",
# "set firewall source-validation 'strict'"
# ]
#
# "after": {
# "config_trap": true,
# "group": {
# "address_group": [
# {
# "description": "This group has the Management hosts address list",
# "members": [
# {
# "address": "192.0.1.1"
# },
# {
# "address": "192.0.1.3"
# },
# {
# "address": "192.0.1.5"
# }
# ],
# "name": "MGMT-HOSTS"
# }
# ],
# "network_group": [
# {
# "description": "This group has the Management network addresses",
# "members": [
# {
# "address": "192.0.1.0/24"
# }
# ],
# "name": "MGMT"
# }
# ]
# },
# "log_martians": true,
# "ping": {
# "all": true,
# "broadcast": true
# },
# "route_redirects": [
# {
# "afi": "ipv4",
# "icmp_redirects": {
# "receive": false,
# "send": true
# },
# "ip_src_route": true
# }
# ],
# "state_policy": [
# {
# "action": "accept",
# "connection_type": "established",
# "log": true
# },
# {
# "action": "reject",
# "connection_type": "invalid"
# }
# ],
# "syn_cookies": true,
# "twa_hazards_protection": true,
# "validation": "strict"
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep firewall
# set firewall all-ping 'enable'
# set firewall broadcast-ping 'enable'
# set firewall config-trap 'enable'
# set firewall group address-group MGMT-HOSTS address '192.0.1.1'
# set firewall group address-group MGMT-HOSTS address '192.0.1.3'
# set firewall group address-group MGMT-HOSTS address '192.0.1.5'
# set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'
# set firewall group network-group MGMT description 'This group has the Management network addresses'
# set firewall group network-group MGMT network '192.0.1.0/24'
# set firewall ip-src-route 'enable'
# set firewall log-martians 'enable'
# set firewall receive-redirects 'disable'
# set firewall send-redirects 'enable'
# set firewall source-validation 'strict'
# set firewall state-policy established action 'accept'
# set firewall state-policy established log 'enable'
# set firewall state-policy invalid action 'reject'
# set firewall syn-cookies 'enable'
# set firewall twa-hazards-protection 'enable'
#
#
# Using parsed
#
#
- name: Render the commands for provided configuration
- vyos_firewall_global:
+ vyos.vyos.vyos_firewall_global:
running_config:
"set firewall all-ping 'enable'
- set firewall broadcast-ping 'enable'
- set firewall config-trap 'enable'
- set firewall group address-group ENG-HOSTS address '192.0.3.1'
- set firewall group address-group ENG-HOSTS address '192.0.3.2'
- set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'
- set firewall group address-group SALES-HOSTS address '192.0.2.1'
- set firewall group address-group SALES-HOSTS address '192.0.2.2'
- set firewall group address-group SALES-HOSTS address '192.0.2.3'
- set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'
- set firewall group network-group MGMT description 'This group has the Management network addresses'
- set firewall group network-group MGMT network '192.0.1.0/24'
- set firewall ip-src-route 'enable'
- set firewall log-martians 'enable'
- set firewall receive-redirects 'disable'
- set firewall send-redirects 'enable'
- set firewall source-validation 'strict'
- set firewall state-policy established action 'accept'
- set firewall state-policy established log 'enable'
- set firewall state-policy invalid action 'reject'
- set firewall syn-cookies 'enable'
- set firewall twa-hazards-protection 'enable'"
+ set firewall broadcast-ping 'enable'
+ set firewall config-trap 'enable'
+ set firewall group address-group ENG-HOSTS address '192.0.3.1'
+ set firewall group address-group ENG-HOSTS address '192.0.3.2'
+ set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'
+ set firewall group address-group SALES-HOSTS address '192.0.2.1'
+ set firewall group address-group SALES-HOSTS address '192.0.2.2'
+ set firewall group address-group SALES-HOSTS address '192.0.2.3'
+ set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'
+ set firewall group network-group MGMT description 'This group has the Management network addresses'
+ set firewall group network-group MGMT network '192.0.1.0/24'
+ set firewall ip-src-route 'enable'
+ set firewall log-martians 'enable'
+ set firewall receive-redirects 'disable'
+ set firewall send-redirects 'enable'
+ set firewall source-validation 'strict'
+ set firewall state-policy established action 'accept'
+ set firewall state-policy established log 'enable'
+ set firewall state-policy invalid action 'reject'
+ set firewall syn-cookies 'enable'
+ set firewall twa-hazards-protection 'enable'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": {
# "config_trap": true,
# "group": {
# "address_group": [
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.3.1"
# },
# {
# "address": "192.0.3.2"
# }
# ],
# "name": "ENG-HOSTS"
# },
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.2.1"
# },
# {
# "address": "192.0.2.2"
# },
# {
# "address": "192.0.2.3"
# }
# ],
# "name": "SALES-HOSTS"
# }
# ],
# "network_group": [
# {
# "description": "This group has the Management network addresses",
# "members": [
# {
# "address": "192.0.1.0/24"
# }
# ],
# "name": "MGMT"
# }
# ]
# },
# "log_martians": true,
# "ping": {
# "all": true,
# "broadcast": true
# },
# "route_redirects": [
# {
# "afi": "ipv4",
# "icmp_redirects": {
# "receive": false,
# "send": true
# },
# "ip_src_route": true
# }
# ],
# "state_policy": [
# {
# "action": "accept",
# "connection_type": "established",
# "log": true
# },
# {
# "action": "reject",
# "connection_type": "invalid"
# }
# ],
# "syn_cookies": true,
# "twa_hazards_protection": true,
# "validation": "strict"
# }
# }
#
#
# Using deleted
#
# Before state
# -------------
#
# vyos@192# run show configuration commands | grep firewall
# set firewall all-ping 'enable'
# set firewall broadcast-ping 'enable'
# set firewall config-trap 'enable'
# set firewall group address-group MGMT-HOSTS address '192.0.1.1'
# set firewall group address-group MGMT-HOSTS address '192.0.1.3'
# set firewall group address-group MGMT-HOSTS address '192.0.1.5'
# set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'
# set firewall group network-group MGMT description 'This group has the Management network addresses'
# set firewall group network-group MGMT network '192.0.1.0/24'
# set firewall ip-src-route 'enable'
# set firewall log-martians 'enable'
# set firewall receive-redirects 'disable'
# set firewall send-redirects 'enable'
# set firewall source-validation 'strict'
# set firewall state-policy established action 'accept'
# set firewall state-policy established log 'enable'
# set firewall state-policy invalid action 'reject'
# set firewall syn-cookies 'enable'
# set firewall twa-hazards-protection 'enable'
- name: Delete attributes of firewall.
- vyos_firewall_global:
+ vyos.vyos.vyos_firewall_global:
config:
state_policy:
config_trap:
log_martians:
syn_cookies:
twa_hazards_protection:
route_redirects:
ping:
group:
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": {
# "config_trap": true,
# "group": {
# "address_group": [
# {
# "description": "This group has the Management hosts address list",
# "members": [
# {
# "address": "192.0.1.1"
# },
# {
# "address": "192.0.1.3"
# },
# {
# "address": "192.0.1.5"
# }
# ],
# "name": "MGMT-HOSTS"
# }
# ],
# "network_group": [
# {
# "description": "This group has the Management network addresses",
# "members": [
# {
# "address": "192.0.1.0/24"
# }
# ],
# "name": "MGMT"
# }
# ]
# },
# "log_martians": true,
# "ping": {
# "all": true,
# "broadcast": true
# },
# "route_redirects": [
# {
# "afi": "ipv4",
# "icmp_redirects": {
# "receive": false,
# "send": true
# },
# "ip_src_route": true
# }
# ],
# "state_policy": [
# {
# "action": "accept",
# "connection_type": "established",
# "log": true
# },
# {
# "action": "reject",
# "connection_type": "invalid"
# }
# ],
# "syn_cookies": true,
# "twa_hazards_protection": true,
# "validation": "strict"
# }
# "commands": [
# "delete firewall source-validation",
# "delete firewall group",
# "delete firewall log-martians",
# "delete firewall ip-src-route",
# "delete firewall receive-redirects",
# "delete firewall send-redirects",
# "delete firewall config-trap",
# "delete firewall state-policy",
# "delete firewall syn-cookies",
# "delete firewall broadcast-ping",
# "delete firewall all-ping",
# "delete firewall twa-hazards-protection"
# ]
#
# "after": []
# After state
# ------------
# vyos@192# run show configuration commands | grep firewall
# set 'firewall'
#
#
# Using replaced
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall all-ping 'enable'
# set firewall broadcast-ping 'enable'
# set firewall config-trap 'enable'
# set firewall group address-group MGMT-HOSTS address '192.0.1.1'
# set firewall group address-group MGMT-HOSTS address '192.0.1.3'
# set firewall group address-group MGMT-HOSTS address '192.0.1.5'
# set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'
# set firewall group network-group MGMT description 'This group has the Management network addresses'
# set firewall group network-group MGMT network '192.0.1.0/24'
# set firewall ip-src-route 'enable'
# set firewall log-martians 'enable'
# set firewall receive-redirects 'disable'
# set firewall send-redirects 'enable'
# set firewall source-validation 'strict'
# set firewall state-policy established action 'accept'
# set firewall state-policy established log 'enable'
# set firewall state-policy invalid action 'reject'
# set firewall syn-cookies 'enable'
# set firewall twa-hazards-protection 'enable'
#
- name: Replace firewall global attributes configuration.
- vyos_firewall_global:
+ vyos.vyos.vyos_firewall_global:
config:
validation: strict
- config_trap: True
- log_martians: True
- syn_cookies: True
- twa_hazards_protection: True
+ config_trap: true
+ log_martians: true
+ syn_cookies: true
+ twa_hazards_protection: true
ping:
- all: True
- broadcast: True
+ all: true
+ broadcast: true
state_policy:
- - connection_type: 'established'
- action: 'accept'
- log: True
- - connection_type: 'invalid'
- action: 'reject'
+ - connection_type: established
+ action: accept
+ log: true
+ - connection_type: invalid
+ action: reject
route_redirects:
- - afi: 'ipv4'
- ip_src_route: True
- icmp_redirects:
- send: True
- receive: False
+ - afi: ipv4
+ ip_src_route: true
+ icmp_redirects:
+ send: true
+ receive: false
group:
address_group:
- - name: 'SALES-HOSTS'
- description: 'Sales office hosts address list'
- members:
- - address: 192.0.2.1
- - address: 192.0.2.2
- - address: 192.0.2.3
- - name: 'ENG-HOSTS'
- description: 'Sales office hosts address list'
- members:
- - address: 192.0.3.1
- - address: 192.0.3.2
+ - name: SALES-HOSTS
+ description: Sales office hosts address list
+ members:
+ - address: 192.0.2.1
+ - address: 192.0.2.2
+ - address: 192.0.2.3
+ - name: ENG-HOSTS
+ description: Sales office hosts address list
+ members:
+ - address: 192.0.3.1
+ - address: 192.0.3.2
network_group:
- - name: 'MGMT'
- description: 'This group has the Management network addresses'
- members:
- - address: 192.0.1.0/24
+ - name: MGMT
+ description: This group has the Management network addresses
+ members:
+ - address: 192.0.1.0/24
state: replaced
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": {
# "config_trap": true,
# "group": {
# "address_group": [
# {
# "description": "This group has the Management hosts address list",
# "members": [
# {
# "address": "192.0.1.1"
# },
# {
# "address": "192.0.1.3"
# },
# {
# "address": "192.0.1.5"
# }
# ],
# "name": "MGMT-HOSTS"
# }
# ],
# "network_group": [
# {
# "description": "This group has the Management network addresses",
# "members": [
# {
# "address": "192.0.1.0/24"
# }
# ],
# "name": "MGMT"
# }
# ]
# },
# "log_martians": true,
# "ping": {
# "all": true,
# "broadcast": true
# },
# "route_redirects": [
# {
# "afi": "ipv4",
# "icmp_redirects": {
# "receive": false,
# "send": true
# },
# "ip_src_route": true
# }
# ],
# "state_policy": [
# {
# "action": "accept",
# "connection_type": "established",
# "log": true
# },
# {
# "action": "reject",
# "connection_type": "invalid"
# }
# ],
# "syn_cookies": true,
# "twa_hazards_protection": true,
# "validation": "strict"
# }
#
# "commands": [
# "delete firewall group address-group MGMT-HOSTS",
# "set firewall group address-group SALES-HOSTS address 192.0.2.1",
# "set firewall group address-group SALES-HOSTS address 192.0.2.2",
# "set firewall group address-group SALES-HOSTS address 192.0.2.3",
# "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'",
# "set firewall group address-group SALES-HOSTS",
# "set firewall group address-group ENG-HOSTS address 192.0.3.1",
# "set firewall group address-group ENG-HOSTS address 192.0.3.2",
# "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'",
# "set firewall group address-group ENG-HOSTS"
# ]
#
# "after": {
# "config_trap": true,
# "group": {
# "address_group": [
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.3.1"
# },
# {
# "address": "192.0.3.2"
# }
# ],
# "name": "ENG-HOSTS"
# },
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.2.1"
# },
# {
# "address": "192.0.2.2"
# },
# {
# "address": "192.0.2.3"
# }
# ],
# "name": "SALES-HOSTS"
# }
# ],
# "network_group": [
# {
# "description": "This group has the Management network addresses",
# "members": [
# {
# "address": "192.0.1.0/24"
# }
# ],
# "name": "MGMT"
# }
# ]
# },
# "log_martians": true,
# "ping": {
# "all": true,
# "broadcast": true
# },
# "route_redirects": [
# {
# "afi": "ipv4",
# "icmp_redirects": {
# "receive": false,
# "send": true
# },
# "ip_src_route": true
# }
# ],
# "state_policy": [
# {
# "action": "accept",
# "connection_type": "established",
# "log": true
# },
# {
# "action": "reject",
# "connection_type": "invalid"
# }
# ],
# "syn_cookies": true,
# "twa_hazards_protection": true,
# "validation": "strict"
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep firewall
# set firewall all-ping 'enable'
# set firewall broadcast-ping 'enable'
# set firewall config-trap 'enable'
# set firewall group address-group ENG-HOSTS address '192.0.3.1'
# set firewall group address-group ENG-HOSTS address '192.0.3.2'
# set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'
# set firewall group address-group SALES-HOSTS address '192.0.2.1'
# set firewall group address-group SALES-HOSTS address '192.0.2.2'
# set firewall group address-group SALES-HOSTS address '192.0.2.3'
# set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'
# set firewall group network-group MGMT description 'This group has the Management network addresses'
# set firewall group network-group MGMT network '192.0.1.0/24'
# set firewall ip-src-route 'enable'
# set firewall log-martians 'enable'
# set firewall receive-redirects 'disable'
# set firewall send-redirects 'enable'
# set firewall source-validation 'strict'
# set firewall state-policy established action 'accept'
# set firewall state-policy established log 'enable'
# set firewall state-policy invalid action 'reject'
# set firewall syn-cookies 'enable'
# set firewall twa-hazards-protection 'enable'
#
#
# Using gathered
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep firewall
# set firewall all-ping 'enable'
# set firewall broadcast-ping 'enable'
# set firewall config-trap 'enable'
# set firewall group address-group ENG-HOSTS address '192.0.3.1'
# set firewall group address-group ENG-HOSTS address '192.0.3.2'
# set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'
# set firewall group address-group SALES-HOSTS address '192.0.2.1'
# set firewall group address-group SALES-HOSTS address '192.0.2.2'
# set firewall group address-group SALES-HOSTS address '192.0.2.3'
# set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'
# set firewall group network-group MGMT description 'This group has the Management network addresses'
# set firewall group network-group MGMT network '192.0.1.0/24'
# set firewall ip-src-route 'enable'
# set firewall log-martians 'enable'
# set firewall receive-redirects 'disable'
# set firewall send-redirects 'enable'
# set firewall source-validation 'strict'
# set firewall state-policy established action 'accept'
# set firewall state-policy established log 'enable'
# set firewall state-policy invalid action 'reject'
# set firewall syn-cookies 'enable'
# set firewall twa-hazards-protection 'enable'
#
- name: Gather firewall global config with provided configurations
- vyos_firewall_global:
+ vyos.vyos.vyos_firewall_global:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "config_trap": true,
# "group": {
# "address_group": [
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.3.1"
# },
# {
# "address": "192.0.3.2"
# }
# ],
# "name": "ENG-HOSTS"
# },
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.2.1"
# },
# {
# "address": "192.0.2.2"
# },
# {
# "address": "192.0.2.3"
# }
# ],
# "name": "SALES-HOSTS"
# }
# ],
# "network_group": [
# {
# "description": "This group has the Management network addresses",
# "members": [
# {
# "address": "192.0.1.0/24"
# }
# ],
# "name": "MGMT"
# }
# ]
# },
# "log_martians": true,
# "ping": {
# "all": true,
# "broadcast": true
# },
# "route_redirects": [
# {
# "afi": "ipv4",
# "icmp_redirects": {
# "receive": false,
# "send": true
# },
# "ip_src_route": true
# }
# ],
# "state_policy": [
# {
# "action": "accept",
# "connection_type": "established",
# "log": true
# },
# {
# "action": "reject",
# "connection_type": "invalid"
# }
# ],
# "syn_cookies": true,
# "twa_hazards_protection": true,
# "validation": "strict"
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep firewall
# set firewall all-ping 'enable'
# set firewall broadcast-ping 'enable'
# set firewall config-trap 'enable'
# set firewall group address-group ENG-HOSTS address '192.0.3.1'
# set firewall group address-group ENG-HOSTS address '192.0.3.2'
# set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'
# set firewall group address-group SALES-HOSTS address '192.0.2.1'
# set firewall group address-group SALES-HOSTS address '192.0.2.2'
# set firewall group address-group SALES-HOSTS address '192.0.2.3'
# set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'
# set firewall group network-group MGMT description 'This group has the Management network addresses'
# set firewall group network-group MGMT network '192.0.1.0/24'
# set firewall ip-src-route 'enable'
# set firewall log-martians 'enable'
# set firewall receive-redirects 'disable'
# set firewall send-redirects 'enable'
# set firewall source-validation 'strict'
# set firewall state-policy established action 'accept'
# set firewall state-policy established log 'enable'
# set firewall state-policy invalid action 'reject'
# set firewall syn-cookies 'enable'
# set firewall twa-hazards-protection 'enable'
# Using rendered
#
#
- name: Render the commands for provided configuration
- vyos_firewall_global:
+ vyos.vyos.vyos_firewall_global:
config:
validation: strict
- config_trap: True
- log_martians: True
- syn_cookies: True
- twa_hazards_protection: True
+ config_trap: true
+ log_martians: true
+ syn_cookies: true
+ twa_hazards_protection: true
ping:
- all: True
- broadcast: True
+ all: true
+ broadcast: true
state_policy:
- - connection_type: 'established'
- action: 'accept'
- log: True
- - connection_type: 'invalid'
- action: 'reject'
+ - connection_type: established
+ action: accept
+ log: true
+ - connection_type: invalid
+ action: reject
route_redirects:
- - afi: 'ipv4'
- ip_src_route: True
- icmp_redirects:
- send: True
- receive: False
+ - afi: ipv4
+ ip_src_route: true
+ icmp_redirects:
+ send: true
+ receive: false
group:
address_group:
- - name: 'SALES-HOSTS'
- description: 'Sales office hosts address list'
- members:
- - address: 192.0.2.1
- - address: 192.0.2.2
- - address: 192.0.2.3
- - name: 'ENG-HOSTS'
- description: 'Sales office hosts address list'
- members:
- - address: 192.0.3.1
- - address: 192.0.3.2
+ - name: SALES-HOSTS
+ description: Sales office hosts address list
+ members:
+ - address: 192.0.2.1
+ - address: 192.0.2.2
+ - address: 192.0.2.3
+ - name: ENG-HOSTS
+ description: Sales office hosts address list
+ members:
+ - address: 192.0.3.1
+ - address: 192.0.3.2
network_group:
- - name: 'MGMT'
- description: 'This group has the Management network addresses'
- members:
- - address: 192.0.1.0/24
+ - name: MGMT
+ description: This group has the Management network addresses
+ members:
+ - address: 192.0.1.0/24
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set firewall group address-group SALES-HOSTS address 192.0.2.1",
# "set firewall group address-group SALES-HOSTS address 192.0.2.2",
# "set firewall group address-group SALES-HOSTS address 192.0.2.3",
# "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'",
# "set firewall group address-group SALES-HOSTS",
# "set firewall group address-group ENG-HOSTS address 192.0.3.1",
# "set firewall group address-group ENG-HOSTS address 192.0.3.2",
# "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'",
# "set firewall group address-group ENG-HOSTS",
# "set firewall group network-group MGMT network 192.0.1.0/24",
# "set firewall group network-group MGMT description 'This group has the Management network addresses'",
# "set firewall group network-group MGMT",
# "set firewall ip-src-route 'enable'",
# "set firewall receive-redirects 'disable'",
# "set firewall send-redirects 'enable'",
# "set firewall config-trap 'enable'",
# "set firewall state-policy established action 'accept'",
# "set firewall state-policy established log 'enable'",
# "set firewall state-policy invalid action 'reject'",
# "set firewall broadcast-ping 'enable'",
# "set firewall all-ping 'enable'",
# "set firewall log-martians 'enable'",
# "set firewall twa-hazards-protection 'enable'",
# "set firewall syn-cookies 'enable'",
# "set firewall source-validation 'strict'"
# ]
#
#
"""
RETURN = """
before:
description: The configuration prior to the model invocation.
returned: always
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The resulting configuration model invocation.
returned: when changed
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample: ['set firewall group address-group ENG-HOSTS',
'set firewall group address-group ENG-HOSTS address 192.0.3.1']
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_global.firewall_global import (
Firewall_globalArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_global.firewall_global import (
Firewall_global,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Firewall_globalArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Firewall_global(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_firewall_interfaces.py b/plugins/modules/vyos_firewall_interfaces.py
index 1c2ce98..7ca936d 100644
--- a/plugins/modules/vyos_firewall_interfaces.py
+++ b/plugins/modules/vyos_firewall_interfaces.py
@@ -1,1289 +1,1288 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_firewall_interfaces
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-DOCUMENTATION = """module: vyos_firewall_interfaces
-short_description: Manage firewall rules attributes of interfaces on VyOS devices
+DOCUMENTATION = """
+module: vyos_firewall_interfaces
+short_description: FIREWALL interfaces resource module
description: Manage firewall rules of interfaces on VyOS network devices.
+version_added: 1.0.0
author:
- Rohit Thakur (@rohitthakur2590)
options:
config:
description: A list of firewall rules options for interfaces.
type: list
elements: dict
suboptions:
name:
description:
- Name/Identifier for the interface.
type: str
required: true
access_rules:
description:
- Specifies firewall rules attached to the interfaces.
type: list
elements: dict
suboptions:
afi:
description:
- Specifies the AFI for the Firewall rules to be configured on this interface.
type: str
choices:
- ipv4
- ipv6
required: true
rules:
description:
- Specifies the firewall rules for the provided AFI.
type: list
elements: dict
suboptions:
name:
description:
- Specifies the name of the IPv4/IPv6 Firewall rule for the interface.
type: str
direction:
description:
- Specifies the direction of packets that the firewall rule will be
applied on.
type: str
choices:
- in
- local
- out
required: true
running_config:
description:
- The module, by default, will connect to the remote device and retrieve the current
running-config to use as a base for comparing against the contents of source.
There are times when it is not desirable to have the task get the current running-config
for every task in a playbook. The I(running_config) argument allows the implementer
to pass in the configuration to use as the base config for comparison. This
value of this option should be the output received from device by executing
command C(show configuration commands | grep 'firewall'
type: str
state:
description:
- The state the configuration should be left in.
type: str
choices:
- merged
- replaced
- overridden
- deleted
- parsed
- rendered
- gathered
default: merged
+
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
#
- name: Merge the provided configuration with the existing running configuration
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
- - access_rules:
- - afi: 'ipv4'
- rules:
- - name: 'INBOUND'
- direction: 'in'
- - name: 'OUTBOUND'
- direction: 'out'
- - name: 'LOCAL'
- direction: 'local'
- - afi: 'ipv6'
- rules:
- - name: 'V6-LOCAL'
- direction: 'local'
- name: 'eth1'
- - access_rules:
- - afi: 'ipv4'
- rules:
- - name: 'INBOUND'
- direction: 'in'
- - name: 'OUTBOUND'
- direction: 'out'
- - name: 'LOCAL'
- direction: 'local'
- - afi: 'ipv6'
- rules:
- - name: 'V6-LOCAL'
- direction: 'local'
- name: 'eth3'
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - name: INBOUND
+ direction: in
+ - name: OUTBOUND
+ direction: out
+ - name: LOCAL
+ direction: local
+ - afi: ipv6
+ rules:
+ - name: V6-LOCAL
+ direction: local
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - name: INBOUND
+ direction: in
+ - name: OUTBOUND
+ direction: out
+ - name: LOCAL
+ direction: local
+ - afi: ipv6
+ rules:
+ - name: V6-LOCAL
+ direction: local
+ name: eth3
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# before": [
# {
# "name": "eth0"
# },
# {
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "name": "eth3"
# }
# ]
#
# "commands": [
# "set interfaces ethernet eth1 firewall in name 'INBOUND'",
# "set interfaces ethernet eth1 firewall out name 'OUTBOUND'",
# "set interfaces ethernet eth1 firewall local name 'LOCAL'",
# "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'",
# "set interfaces ethernet eth3 firewall in name 'INBOUND'",
# "set interfaces ethernet eth3 firewall out name 'OUTBOUND'",
# "set interfaces ethernet eth3 firewall local name 'LOCAL'",
# "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'"
# ]
#
# "after": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall in name 'INBOUND'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall local name 'LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth3 firewall local name 'LOCAL'
# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall in name 'INBOUND'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall local name 'LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth3 firewall local name 'LOCAL'
# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
#
- name: Merge the provided configuration with the existing running configuration
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
- - access_rules:
- - afi: 'ipv4'
- rules:
- - name: 'OUTBOUND'
- direction: 'in'
- - name: 'INBOUND'
- direction: 'out'
- name: 'eth1'
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - name: OUTBOUND
+ direction: in
+ - name: INBOUND
+ direction: out
+ name: eth1
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
# "commands": [
# "set interfaces ethernet eth1 firewall in name 'OUTBOUND'",
# "set interfaces ethernet eth1 firewall out name 'INBOUND'"
# ]
#
# "after": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "OUTBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "INBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall in name 'OUTBOUND'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall local name 'LOCAL'
# set interfaces ethernet eth1 firewall out name 'INBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth3 firewall local name 'LOCAL'
# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
# Using replaced
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall in name 'INBOUND'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall local name 'LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth3 firewall local name 'LOCAL'
# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
#
-- name: Replace device configurations of listed firewall interfaces with provided configurations
- vyos_firewall_interfaces:
+- name: Replace device configurations of listed firewall interfaces with provided
+ configurations
+ vyos.vyos.vyos_firewall_interfaces:
config:
- - name: 'eth1'
- access_rules:
- - afi: 'ipv4'
- rules:
- - name: 'OUTBOUND'
- direction: 'out'
- - afi: 'ipv6'
- rules:
- - name: 'V6-LOCAL'
- direction: 'local'
- - name: 'eth3'
- access_rules:
- - afi: 'ipv4'
- rules:
- - name: 'INBOUND'
- direction: 'in'
+ - name: eth1
+ access_rules:
+ - afi: ipv4
+ rules:
+ - name: OUTBOUND
+ direction: out
+ - afi: ipv6
+ rules:
+ - name: V6-LOCAL
+ direction: local
+ - name: eth3
+ access_rules:
+ - afi: ipv4
+ rules:
+ - name: INBOUND
+ direction: in
state: replaced
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
# "commands": [
# "delete interfaces ethernet eth1 firewall in name",
# "delete interfaces ethernet eth1 firewall local name",
# "delete interfaces ethernet eth3 firewall local name",
# "delete interfaces ethernet eth3 firewall out name",
# "delete interfaces ethernet eth3 firewall local ipv6-name"
# ]
#
# "after": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall 'in'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall 'local'
# set interfaces ethernet eth3 firewall 'out'
# Using overridden
#
# Before state
# --------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall 'in'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall 'local'
# set interfaces ethernet eth3 firewall 'out'
#
- name: Overrides all device configuration with provided configuration
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
- - name: 'eth3'
- access_rules:
- - afi: 'ipv4'
- rules:
- - name: 'INBOUND'
- direction: 'out'
+ - name: eth3
+ access_rules:
+ - afi: ipv4
+ rules:
+ - name: INBOUND
+ direction: out
state: overridden
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before":[
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
# "commands": [
# "delete interfaces ethernet eth1 firewall",
# "delete interfaces ethernet eth3 firewall in name",
# "set interfaces ethernet eth3 firewall out name 'INBOUND'"
#
#
# "after": [
# {
# "name": "eth0"
# },
# {
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "out",
# "name": "INBOUND"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
#
# After state
# ------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth3 firewall 'in'
# set interfaces ethernet eth3 firewall 'local'
# set interfaces ethernet eth3 firewall out name 'INBOUND'
# Using deleted per interface name
#
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall in name 'INBOUND'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall local name 'LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth3 firewall local name 'LOCAL'
# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
#
- name: Delete firewall interfaces based on interface name.
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
- - name: 'eth1'
- - name: 'eth3'
+ - name: eth1
+ - name: eth3
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
# "commands": [
# "delete interfaces ethernet eth1 firewall",
# "delete interfaces ethernet eth3 firewall"
# ]
#
# "after": [
# {
# "name": "eth0"
# },
# {
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "name": "eth3"
# }
# ]
# After state
# ------------
# vyos@vyos# run show configuration commands | grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# Using deleted per afi
#
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall in name 'INBOUND'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall local name 'LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth3 firewall local name 'LOCAL'
# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
#
- name: Delete firewall interfaces config per afi.
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
- - name: 'eth1'
- access_rules:
- - afi: 'ipv4'
- - afi: 'ipv6'
+ - name: eth1
+ access_rules:
+ - afi: ipv4
+ - afi: ipv6
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "commands": [
# "delete interfaces ethernet eth1 firewall in name",
# "delete interfaces ethernet eth1 firewall out name",
# "delete interfaces ethernet eth1 firewall local name",
# "delete interfaces ethernet eth1 firewall local ipv6-name"
# ]
#
# After state
# ------------
# vyos@vyos# run show configuration commands | grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# Using deleted without config
#
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall in name 'INBOUND'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall local name 'LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth3 firewall local name 'LOCAL'
# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
#
- name: Delete firewall interfaces config when empty config provided.
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "commands": [
# "delete interfaces ethernet eth1 firewall",
# "delete interfaces ethernet eth1 firewall"
# ]
#
# After state
# ------------
# vyos@vyos# run show configuration commands | grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# Using parsed
#
#
- name: Parse the provided configuration
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
running_config:
"set interfaces ethernet eth1 firewall in name 'INBOUND'
- set interfaces ethernet eth1 firewall out name 'OUTBOUND'
- set interfaces ethernet eth1 firewall local name 'LOCAL'
- set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
- set interfaces ethernet eth2 firewall in name 'INBOUND'
- set interfaces ethernet eth2 firewall out name 'OUTBOUND'
- set interfaces ethernet eth2 firewall local name 'LOCAL'
- set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'"
+ set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+ set interfaces ethernet eth1 firewall local name 'LOCAL'
+ set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+ set interfaces ethernet eth2 firewall in name 'INBOUND'
+ set interfaces ethernet eth2 firewall out name 'OUTBOUND'
+ set interfaces ethernet eth2 firewall local name 'LOCAL'
+ set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# },
# {
# "direction": "local",
# "name": "LOCAL"
# },
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth2"
# },
# {
# "name": "eth3"
# }
# ]
# Using gathered
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall 'in'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall 'local'
# set interfaces ethernet eth3 firewall 'out'
#
- name: Gather listed firewall interfaces.
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "name": "eth0"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "out",
# "name": "OUTBOUND"
# }
# ]
# },
# {
# "afi": "ipv6",
# "rules": [
# {
# "direction": "local",
# "name": "V6-LOCAL"
# }
# ]
# }
# ],
# "name": "eth1"
# },
# {
# "name": "eth2"
# },
# {
# "access_rules": [
# {
# "afi": "ipv4",
# "rules": [
# {
# "direction": "in",
# "name": "INBOUND"
# }
# ]
# }
# ],
# "name": "eth3"
# }
# ]
#
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name 'V6-LOCAL'
# set firewall name 'INBOUND'
# set firewall name 'LOCAL'
# set firewall name 'OUTBOUND'
# set interfaces ethernet eth1 firewall 'in'
# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
# set interfaces ethernet eth3 firewall in name 'INBOUND'
# set interfaces ethernet eth3 firewall 'local'
# set interfaces ethernet eth3 firewall 'out'
# Using rendered
#
#
- name: Render the commands for provided configuration
- vyos_firewall_interfaces:
+ vyos.vyos.vyos_firewall_interfaces:
config:
- - name: 'eth2'
- access_rules:
- - afi: 'ipv4'
- rules:
- - direction: 'in'
- name: 'INGRESS'
- - direction: 'out'
- name: 'OUTGRESS'
- - direction: 'local'
- name: 'DROP'
+ - name: eth2
+ access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INGRESS
+ - direction: out
+ name: OUTGRESS
+ - direction: local
+ name: DROP
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set interfaces ethernet eth2 firewall in name 'INGRESS'",
# "set interfaces ethernet eth2 firewall out name 'OUTGRESS'",
# "set interfaces ethernet eth2 firewall local name 'DROP'",
# "set interfaces ethernet eth2 firewall local ipv6-name 'LOCAL'"
# ]
"""
RETURN = """
before:
description: The configuration prior to the model invocation.
returned: always
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The resulting configuration model invocation.
returned: when changed
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample:
- "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'"
- "set interfaces ethernet eth3 firewall in name 'INBOUND'"
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_interfaces.firewall_interfaces import (
Firewall_interfacesArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_interfaces.firewall_interfaces import (
Firewall_interfaces,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "overridden", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Firewall_interfacesArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Firewall_interfaces(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py
index 9c2e832..3bd6451 100644
--- a/plugins/modules/vyos_firewall_rules.py
+++ b/plugins/modules/vyos_firewall_rules.py
@@ -1,1517 +1,1514 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_firewall_rules
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-DOCUMENTATION = """module: vyos_firewall_rules
-short_description: Firewall rules resource module
+DOCUMENTATION = """
+module: vyos_firewall_rules
+short_description: FIREWALL rules resource module
description: This module manages firewall rule-set attributes on VyOS devices
-version_added: "1.0.0"
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
author:
- Rohit Thakur (@rohitthakur2590)
options:
config:
description: A dictionary of Firewall rule-set options.
type: list
elements: dict
suboptions:
afi:
description:
- Specifies the type of rule-set.
type: str
choices:
- ipv4
- ipv6
required: true
rule_sets:
description:
- The Firewall rule-set list.
type: list
elements: dict
suboptions:
name:
description:
- Firewall rule set name.
type: str
default_action:
description:
- Default action for rule-set.
- drop (Drop if no prior rules are hit (default))
- reject (Drop and notify source if no prior rules are hit)
- accept (Accept if no prior rules are hit)
type: str
choices:
- drop
- reject
- accept
description:
description:
- Rule set description.
type: str
enable_default_log:
description:
- Option to log packets hitting default-action.
type: bool
rules:
description:
- A ditionary that specifies the rule-set configurations.
type: list
elements: dict
suboptions:
number:
description:
- Rule number.
type: int
required: true
description:
description:
- Description of this rule.
type: str
action:
description:
- Specifying the action.
type: str
choices:
- drop
- reject
- accept
- inspect
destination:
description:
- Specifying the destination parameters.
type: dict
suboptions:
address:
description:
- Destination ip address subnet or range.
- IPv4/6 address, subnet or range to match.
- Match everything except the specified address, subnet or range.
- Destination ip address subnet or range.
type: str
group:
description:
- Destination group.
type: dict
suboptions:
address_group:
description:
- Group of addresses.
type: str
network_group:
description:
- Group of networks.
type: str
port_group:
description:
- Group of ports.
type: str
port:
description:
- Multiple destination ports can be specified as a comma-separated
list.
- The whole list can also be "negated" using '!'.
- For example:'!22,telnet,http,123,1001-1005'.
type: str
disabled:
description:
- Option to disable firewall rule.
type: bool
fragment:
description:
- IP fragment match.
type: str
choices:
- match-frag
- match-non-frag
icmp:
description:
- ICMP type and code information.
type: dict
suboptions:
type_name:
description:
- ICMP type-name.
type: str
choices:
- any
- echo-reply
- destination-unreachable
- network-unreachable
- host-unreachable
- protocol-unreachable
- port-unreachable
- fragmentation-needed
- source-route-failed
- network-unknown
- host-unknown
- network-prohibited
- host-prohibited
- TOS-network-unreachable
- TOS-host-unreachable
- communication-prohibited
- host-precedence-violation
- precedence-cutoff
- source-quench
- redirect
- network-redirect
- host-redirect
- TOS-network-redirect
- TOS-host-redirect
- echo-request
- router-advertisement
- router-solicitation
- time-exceeded
- ttl-zero-during-transit
- ttl-zero-during-reassembly
- parameter-problem
- ip-header-bad
- required-option-missing
- timestamp-request
- timestamp-reply
- address-mask-request
- address-mask-reply
- ping
- pong
- ttl-exceeded
code:
description:
- ICMP code.
type: int
type:
description:
- ICMP type.
type: int
ipsec:
description:
- Inboud ip sec packets.
type: str
choices:
- match-ipsec
- match-none
limit:
description:
- Rate limit using a token bucket filter.
type: dict
suboptions:
burst:
description:
- Maximum number of packets to allow in excess of rate.
type: int
rate:
description:
- format for rate (integer/time unit).
- any one of second, minute, hour or day may be used to specify
time unit.
- eg. 1/second implies rule to be matched at an average of once
per second.
type: dict
suboptions:
number:
description:
- This is the integer value.
type: int
unit:
description:
- This is the time unit.
type: str
p2p:
description:
- P2P application packets.
type: list
elements: dict
suboptions:
application:
description:
- Name of the application.
type: str
choices:
- all
- applejuice
- bittorrent
- directconnect
- edonkey
- gnutella
- kazaa
protocol:
description:
- Protocol to match (protocol name in /etc/protocols or protocol number
or all).
- IP protocol name from /etc/protocols (e.g. "tcp" or "udp").
- <0-255> IP protocol number.
- tcp_udp Both TCP and UDP.
- all All IP protocols.
- (!)All IP protocols except for the specified name or number.
type: str
recent:
description:
- Parameters for matching recently seen sources.
type: dict
suboptions:
count:
description:
- Source addresses seen more than N times.
type: int
time:
description:
- Source addresses seen in the last N seconds.
type: int
source:
description:
- Source parameters.
type: dict
suboptions:
address:
description:
- Source ip address subnet or range.
- IPv4/6 address, subnet or range to match.
- Match everything except the specified address, subnet or range.
- Source ip address subnet or range.
type: str
group:
description:
- Source group.
type: dict
suboptions:
address_group:
description:
- Group of addresses.
type: str
network_group:
description:
- Group of networks.
type: str
port_group:
description:
- Group of ports.
type: str
port:
description:
- Multiple source ports can be specified as a comma-separated
list.
- The whole list can also be "negated" using '!'.
- For example:'!22,telnet,http,123,1001-1005'.
type: str
mac_address:
description:
- MAC address to match.
- Match everything except the specified MAC address.
type: str
state:
description:
- Session state.
type: dict
suboptions:
established:
description:
- Established state.
type: bool
invalid:
description:
- Invalid state.
type: bool
new:
description:
- New state.
type: bool
related:
description:
- Related state.
type: bool
tcp:
description:
- TCP flags to match.
type: dict
suboptions:
flags:
description:
- TCP flags to be matched.
type: str
time:
description:
- Time to match rule.
type: dict
suboptions:
utc:
description:
- Interpret times for startdate, stopdate, starttime and stoptime
to be UTC.
type: bool
monthdays:
description:
- Monthdays to match rule on.
type: str
startdate:
description:
- Date to start matching rule.
type: str
starttime:
description:
- Time of day to start matching rule.
type: str
stopdate:
description:
- Date to stop matching rule.
type: str
stoptime:
description:
- Time of day to stop matching rule.
type: str
weekdays:
description:
- Weekdays to match rule on.
type: str
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep firewall).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep firewall).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
- The state the configuration should be left in
type: str
choices:
- merged
- replaced
- overridden
- deleted
- gathered
- rendered
- parsed
default: merged
+
"""
EXAMPLES = """
# Using deleted to delete firewall rules based on rule-set name
#
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall name Downlink default-action 'accept'
# set firewall name Downlink description 'IPv4 INBOUND rule set'
# set firewall name Downlink rule 501 action 'accept'
# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
# set firewall name Downlink rule 501 ipsec 'match-ipsec'
# set firewall name Downlink rule 502 action 'reject'
# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
# set firewall name Downlink rule 502 ipsec 'match-ipsec'
#
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv4
- rule_sets:
- - name: 'Downlink'
+ - afi: ipv4
+ rule_sets:
+ - name: Downlink
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": [
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "Downlink",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 501 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 501
# },
# {
# "action": "reject",
# "description": "Rule 502 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 502
# }
# ]
# }
# ]
# }
# ]
# "commands": [
# "delete firewall name Downlink"
# ]
#
# "after": []
# After state
# ------------
# vyos@vyos# run show configuration commands | grep firewall
# set firewall group address-group 'inbound'
# Using deleted to delete firewall rules based on afi
#
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall ipv6-name UPLINK rule 1 action 'accept'
# set firewall ipv6-name UPLINK rule 1
# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
# set firewall ipv6-name UPLINK rule 2 action 'accept'
# set firewall ipv6-name UPLINK rule 2
# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
# set firewall group address-group 'inbound'
# set firewall name Downlink default-action 'accept'
# set firewall name Downlink description 'IPv4 INBOUND rule set'
# set firewall name Downlink rule 501 action 'accept'
# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
# set firewall name Downlink rule 501 ipsec 'match-ipsec'
# set firewall name Downlink rule 502 action 'reject'
# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
# set firewall name Downlink rule 502 ipsec 'match-ipsec'
#
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv4
+ - afi: ipv4
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": [
# {
# "afi": "ipv6",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "This is ipv6 specific rule-set",
# "name": "UPLINK",
# "rules": [
# {
# "action": "accept",
# "description": "Fwipv6-Rule 1 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 1
# },
# {
# "action": "accept",
# "description": "Fwipv6-Rule 2 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 2
# }
# ]
# }
# ]
# },
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "Downlink",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 501 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 501
# },
# {
# "action": "reject",
# "description": "Rule 502 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 502
# }
# ]
# }
# ]
# }
# ]
# "commands": [
# "delete firewall name"
# ]
#
# "after": []
# After state
# ------------
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall ipv6-name UPLINK rule 1 action 'accept'
# set firewall ipv6-name UPLINK rule 1
# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
# set firewall ipv6-name UPLINK rule 2 action 'accept'
# set firewall ipv6-name UPLINK rule 2
# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
# Using deleted to delete all the the firewall rules when provided config is empty
#
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall name Downlink default-action 'accept'
# set firewall name Downlink description 'IPv4 INBOUND rule set'
# set firewall name Downlink rule 501 action 'accept'
# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
# set firewall name Downlink rule 501 ipsec 'match-ipsec'
# set firewall name Downlink rule 502 action 'reject'
# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
# set firewall name Downlink rule 502 ipsec 'match-ipsec'
#
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
config:
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": [
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "Downlink",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 501 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 501
# },
# {
# "action": "reject",
# "description": "Rule 502 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 502
# }
# ]
# }
# ]
# }
# ]
# "commands": [
# "delete firewall name"
# ]
#
# "after": []
# After state
# ------------
# vyos@vyos# run show configuration commands | grep firewall
# set firewall group address-group 'inbound'
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos# run show configuration commands | grep firewall
# set firewall group address-group 'inbound'
#
- name: Merge the provided configuration with the exisiting running configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv6'
- rule_sets:
- - name: 'UPLINK'
- description: 'This is ipv6 specific rule-set'
- default_action: 'accept'
- rules:
- - number: 1
- action: 'accept'
- description: 'Fwipv6-Rule 1 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 2
- action: 'accept'
- description: 'Fwipv6-Rule 2 is configured by Ansible'
- ipsec: 'match-ipsec'
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: accept
+ description: Fwipv6-Rule 1 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ ipsec: match-ipsec
- - afi: 'ipv4'
- rule_sets:
- - name: 'INBOUND'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 101
- action: 'accept'
- description: 'Rule 101 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 102
- action: 'reject'
- description: 'Rule 102 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 103
- action: 'accept'
- description: 'Rule 103 is configured by Ansible'
- destination:
- group:
- address_group: 'inbound'
- source:
- address: '192.0.2.0'
- state:
- established: true
- new: false
- invalid: false
- related: true
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# before": []
#
# "commands": [
# "set firewall ipv6-name UPLINK default-action 'accept'",
# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'",
# "set firewall ipv6-name UPLINK rule 1 action 'accept'",
# "set firewall ipv6-name UPLINK rule 1",
# "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'",
# "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'",
# "set firewall ipv6-name UPLINK rule 2 action 'accept'",
# "set firewall ipv6-name UPLINK rule 2",
# "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'",
# "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'",
# "set firewall name INBOUND default-action 'accept'",
# "set firewall name INBOUND description 'IPv4 INBOUND rule set'",
# "set firewall name INBOUND rule 101 action 'accept'",
# "set firewall name INBOUND rule 101",
# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
# "set firewall name INBOUND rule 102 action 'reject'",
# "set firewall name INBOUND rule 102",
# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'",
# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
# "set firewall name INBOUND rule 103 destination group address-group inbound",
# "set firewall name INBOUND rule 103",
# "set firewall name INBOUND rule 103 source address 192.0.2.0",
# "set firewall name INBOUND rule 103 state established enable",
# "set firewall name INBOUND rule 103 state related enable",
# "set firewall name INBOUND rule 103 state invalid disable",
# "set firewall name INBOUND rule 103 state new disable",
# "set firewall name INBOUND rule 103 action 'accept'"
# ]
#
# "after": [
# {
# "afi": "ipv6",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "This is ipv6 specific rule-set",
# "name": "UPLINK",
# "rules": [
# {
# "action": "accept",
# "description": "Fwipv6-Rule 1 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 1
# },
# {
# "action": "accept",
# "description": "Fwipv6-Rule 2 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 2
# }
# ]
# }
# ]
# },
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "INBOUND",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 101 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 101
# },
# {
# "action": "reject",
# "description": "Rule 102 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 102
# },
# {
# "action": "accept",
# "description": "Rule 103 is configured by Ansible",
# "destination": {
# "group": {
# "address_group": "inbound"
# }
# },
# "number": 103,
# "source": {
# "address": "192.0.2.0"
# },
# "state": {
# "established": true,
# "invalid": false,
# "new": false,
# "related": true
# }
# }
# ]
# }
# ]
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall ipv6-name UPLINK rule 1 action 'accept'
# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
# set firewall ipv6-name UPLINK rule 2 action 'accept'
# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
# set firewall name INBOUND default-action 'accept'
# set firewall name INBOUND description 'IPv4 INBOUND rule set'
# set firewall name INBOUND rule 101 action 'accept'
# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
# set firewall name INBOUND rule 102 action 'reject'
# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
# set firewall name INBOUND rule 103 action 'accept'
# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
# set firewall name INBOUND rule 103 destination group address-group 'inbound'
# set firewall name INBOUND rule 103 source address '192.0.2.0'
# set firewall name INBOUND rule 103 state established 'enable'
# set firewall name INBOUND rule 103 state invalid 'disable'
# set firewall name INBOUND rule 103 state new 'disable'
# set firewall name INBOUND rule 103 state related 'enable'
# Using replaced
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall ipv6-name UPLINK rule 1 action 'accept'
# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
# set firewall ipv6-name UPLINK rule 2 action 'accept'
# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
# set firewall name INBOUND default-action 'accept'
# set firewall name INBOUND description 'IPv4 INBOUND rule set'
# set firewall name INBOUND rule 101 action 'accept'
# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
# set firewall name INBOUND rule 102 action 'reject'
# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
# set firewall name INBOUND rule 103 action 'accept'
# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
# set firewall name INBOUND rule 103 destination group address-group 'inbound'
# set firewall name INBOUND rule 103 source address '192.0.2.0'
# set firewall name INBOUND rule 103 state established 'enable'
# set firewall name INBOUND rule 103 state invalid 'disable'
# set firewall name INBOUND rule 103 state new 'disable'
# set firewall name INBOUND rule 103 state related 'enable'
#
- name: Replace device configurations of listed firewall rules with provided configurations
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv6'
- rule_sets:
- - name: 'UPLINK'
- description: 'This is ipv6 specific rule-set'
- default_action: 'accept'
- - afi: 'ipv4'
- rule_sets:
- - name: 'INBOUND'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 101
- action: 'accept'
- description: 'Rule 101 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 104
- action: 'reject'
- description: 'Rule 104 is configured by Ansible'
- ipsec: 'match-none'
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 104
+ action: reject
+ description: Rule 104 is configured by Ansible
+ ipsec: match-none
state: replaced
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "afi": "ipv6",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "This is ipv6 specific rule-set",
# "name": "UPLINK",
# "rules": [
# {
# "action": "accept",
# "description": "Fwipv6-Rule 1 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 1
# },
# {
# "action": "accept",
# "description": "Fwipv6-Rule 2 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 2
# }
# ]
# }
# ]
# },
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "INBOUND",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 101 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 101
# },
# {
# "action": "reject",
# "description": "Rule 102 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 102
# },
# {
# "action": "accept",
# "description": "Rule 103 is configured by Ansible",
# "destination": {
# "group": {
# "address_group": "inbound"
# }
# },
# "number": 103,
# "source": {
# "address": "192.0.2.0"
# },
# "state": {
# "established": true,
# "invalid": false,
# "new": false,
# "related": true
# }
# }
# ]
# }
# ]
# }
# ]
#
# "commands": [
# "delete firewall ipv6-name UPLINK rule 1",
# "delete firewall ipv6-name UPLINK rule 2",
# "delete firewall name INBOUND rule 102",
# "delete firewall name INBOUND rule 103",
# "set firewall name INBOUND rule 104 action 'reject'",
# "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'",
# "set firewall name INBOUND rule 104",
# "set firewall name INBOUND rule 104 ipsec 'match-none'"
# ]
#
# "after": [
# {
# "afi": "ipv6",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "This is ipv6 specific rule-set",
# "name": "UPLINK"
# }
# ]
# },
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "INBOUND",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 101 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 101
# },
# {
# "action": "reject",
# "description": "Rule 104 is configured by Ansible",
# "ipsec": "match-none",
# "number": 104
# }
# ]
# }
# ]
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall name INBOUND default-action 'accept'
# set firewall name INBOUND description 'IPv4 INBOUND rule set'
# set firewall name INBOUND rule 101 action 'accept'
# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
# set firewall name INBOUND rule 104 action 'reject'
# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
# set firewall name INBOUND rule 104 ipsec 'match-none'
# Using overridden
#
# Before state
# --------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall name INBOUND default-action 'accept'
# set firewall name INBOUND description 'IPv4 INBOUND rule set'
# set firewall name INBOUND rule 101 action 'accept'
# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
# set firewall name INBOUND rule 104 action 'reject'
# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
# set firewall name INBOUND rule 104 ipsec 'match-none'
#
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv4'
- rule_sets:
- - name: 'Downlink'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 501
- action: 'accept'
- description: 'Rule 501 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 502
- action: 'reject'
- description: 'Rule 502 is configured by Ansible'
- ipsec: 'match-ipsec'
+ - afi: ipv4
+ rule_sets:
+ - name: Downlink
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 501
+ action: accept
+ description: Rule 501 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 502
+ action: reject
+ description: Rule 502 is configured by Ansible
+ ipsec: match-ipsec
state: overridden
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "afi": "ipv6",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "This is ipv6 specific rule-set",
# "name": "UPLINK"
# }
# ]
# },
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "INBOUND",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 101 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 101
# },
# {
# "action": "reject",
# "description": "Rule 104 is configured by Ansible",
# "ipsec": "match-none",
# "number": 104
# }
# ]
# }
# ]
# }
# ]
#
# "commands": [
# "delete firewall ipv6-name UPLINK",
# "delete firewall name INBOUND",
# "set firewall name Downlink default-action 'accept'",
# "set firewall name Downlink description 'IPv4 INBOUND rule set'",
# "set firewall name Downlink rule 501 action 'accept'",
# "set firewall name Downlink rule 501",
# "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'",
# "set firewall name Downlink rule 501 ipsec 'match-ipsec'",
# "set firewall name Downlink rule 502 action 'reject'",
# "set firewall name Downlink rule 502",
# "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'",
# "set firewall name Downlink rule 502 ipsec 'match-ipsec'"
#
#
# "after": [
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "Downlink",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 501 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 501
# },
# {
# "action": "reject",
# "description": "Rule 502 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 502
# }
# ]
# }
# ]
# }
# ]
#
#
# After state
# ------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall name Downlink default-action 'accept'
# set firewall name Downlink description 'IPv4 INBOUND rule set'
# set firewall name Downlink rule 501 action 'accept'
# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
# set firewall name Downlink rule 501 ipsec 'match-ipsec'
# set firewall name Downlink rule 502 action 'reject'
# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
# set firewall name Downlink rule 502 ipsec 'match-ipsec'
# Using gathered
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall ipv6-name UPLINK rule 1 action 'accept'
# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
# set firewall ipv6-name UPLINK rule 2 action 'accept'
# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
# set firewall name INBOUND default-action 'accept'
# set firewall name INBOUND description 'IPv4 INBOUND rule set'
# set firewall name INBOUND rule 101 action 'accept'
# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
# set firewall name INBOUND rule 102 action 'reject'
# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
# set firewall name INBOUND rule 103 action 'accept'
# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
# set firewall name INBOUND rule 103 destination group address-group 'inbound'
# set firewall name INBOUND rule 103 source address '192.0.2.0'
# set firewall name INBOUND rule 103 state established 'enable'
# set firewall name INBOUND rule 103 state invalid 'disable'
# set firewall name INBOUND rule 103 state new 'disable'
# set firewall name INBOUND rule 103 state related 'enable'
#
- name: Gather listed firewall rules with provided configurations
vyos.vyos.vyos_firewall_rules:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "afi": "ipv6",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "This is ipv6 specific rule-set",
# "name": "UPLINK",
# "rules": [
# {
# "action": "accept",
# "description": "Fwipv6-Rule 1 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 1
# },
# {
# "action": "accept",
# "description": "Fwipv6-Rule 2 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 2
# }
# ]
# }
# ]
# },
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "INBOUND",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 101 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 101
# },
# {
# "action": "reject",
# "description": "Rule 102 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 102
# },
# {
# "action": "accept",
# "description": "Rule 103 is configured by Ansible",
# "destination": {
# "group": {
# "address_group": "inbound"
# }
# },
# "number": 103,
# "source": {
# "address": "192.0.2.0"
# },
# "state": {
# "established": true,
# "invalid": false,
# "new": false,
# "related": true
# }
# }
# ]
# }
# ]
# }
# ]
#
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
# set firewall ipv6-name UPLINK default-action 'accept'
# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
# set firewall ipv6-name UPLINK rule 1 action 'accept'
# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
# set firewall ipv6-name UPLINK rule 2 action 'accept'
# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
# set firewall name INBOUND default-action 'accept'
# set firewall name INBOUND description 'IPv4 INBOUND rule set'
# set firewall name INBOUND rule 101 action 'accept'
# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
# set firewall name INBOUND rule 102 action 'reject'
# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
# set firewall name INBOUND rule 103 action 'accept'
# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
# set firewall name INBOUND rule 103 destination group address-group 'inbound'
# set firewall name INBOUND rule 103 source address '192.0.2.0'
# set firewall name INBOUND rule 103 state established 'enable'
# set firewall name INBOUND rule 103 state invalid 'disable'
# set firewall name INBOUND rule 103 state new 'disable'
# set firewall name INBOUND rule 103 state related 'enable'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv6'
- rule_sets:
- - name: 'UPLINK'
- description: 'This is ipv6 specific rule-set'
- default_action: 'accept'
- - afi: 'ipv4'
- rule_sets:
- - name: 'INBOUND'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 101
- action: 'accept'
- description: 'Rule 101 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 102
- action: 'reject'
- description: 'Rule 102 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 103
- action: 'accept'
- description: 'Rule 103 is configured by Ansible'
- destination:
- group:
- address_group: 'inbound'
- source:
- address: '192.0.2.0'
- state:
- established: true
- new: false
- invalid: false
- related: true
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set firewall ipv6-name UPLINK default-action 'accept'",
# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'",
# "set firewall name INBOUND default-action 'accept'",
# "set firewall name INBOUND description 'IPv4 INBOUND rule set'",
# "set firewall name INBOUND rule 101 action 'accept'",
# "set firewall name INBOUND rule 101",
# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
# "set firewall name INBOUND rule 102 action 'reject'",
# "set firewall name INBOUND rule 102",
# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'",
# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
# "set firewall name INBOUND rule 103 destination group address-group inbound",
# "set firewall name INBOUND rule 103",
# "set firewall name INBOUND rule 103 source address 192.0.2.0",
# "set firewall name INBOUND rule 103 state established enable",
# "set firewall name INBOUND rule 103 state related enable",
# "set firewall name INBOUND rule 103 state invalid disable",
# "set firewall name INBOUND rule 103 state new disable",
# "set firewall name INBOUND rule 103 action 'accept'"
# ]
# Using parsed
#
#
- name: Parsed the provided input commands.
vyos.vyos.vyos_firewall_rules:
running_config:
"set firewall group address-group 'inbound'
- set firewall name Downlink default-action 'accept'
- set firewall name Downlink description 'IPv4 INBOUND rule set'
- set firewall name Downlink rule 501 action 'accept'
- set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
- set firewall name Downlink rule 501 ipsec 'match-ipsec'
- set firewall name Downlink rule 502 action 'reject'
- set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
- set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+ set firewall name Downlink default-action 'accept'
+ set firewall name Downlink description 'IPv4 INBOUND rule set'
+ set firewall name Downlink rule 501 action 'accept'
+ set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+ set firewall name Downlink rule 501 ipsec 'match-ipsec'
+ set firewall name Downlink rule 502 action 'reject'
+ set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+ set firewall name Downlink rule 502 ipsec 'match-ipsec'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": [
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "Downlink",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 501 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 501
# },
# {
# "action": "reject",
# "description": "Rule 502 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 502
# }
# ]
# }
# ]
# }
# ]
"""
RETURN = """
before:
description: The configuration prior to the model invocation.
returned: always
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The resulting configuration model invocation.
returned: when changed
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample:
- "set firewall name Downlink default-action 'accept'"
- "set firewall name Downlink description 'IPv4 INBOUND rule set'"
- "set firewall name Downlink rule 501 action 'accept'"
- "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'"
- "set firewall name Downlink rule 502 ipsec 'match-ipsec'"
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_rules.firewall_rules import (
Firewall_rulesArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_rules.firewall_rules import (
Firewall_rules,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "overridden", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Firewall_rulesArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Firewall_rules(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_interface.py b/plugins/modules/vyos_interface.py
index 175cf3b..11a1d49 100644
--- a/plugins/modules/vyos_interface.py
+++ b/plugins/modules/vyos_interface.py
@@ -1,471 +1,468 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["deprecated"],
- "supported_by": "network",
-}
-
-DOCUMENTATION = """module: vyos_interface
+DOCUMENTATION = """
+module: vyos_interface
author: Ganesh Nalawade (@ganeshrn)
-short_description: Manage Interface on VyOS network devices
+short_description: (deprecated) Manage Interface on VyOS network devices
description:
- This module provides declarative management of Interfaces on VyOS network devices.
+version_added: 1.0.0
deprecated:
removed_in: '2.13'
alternative: vyos_interfaces
why: Updated modules released with more functionality.
notes:
- Tested against VYOS 1.1.7
options:
name:
description:
- Name of the Interface.
required: true
description:
description:
- Description of Interface.
enabled:
description:
- Interface link status.
type: bool
speed:
description:
- Interface link speed.
mtu:
description:
- Maximum size of transmit packet.
duplex:
description:
- Interface link status.
default: auto
choices:
- full
- half
- auto
delay:
description:
- Time in seconds to wait before checking for the operational state on remote
device. This wait is applicable for operational state argument which are I(state)
with values C(up)/C(down) and I(neighbors).
default: 10
neighbors:
description:
- Check the operational state of given interface C(name) for LLDP neighbor.
- The following suboptions are available.
suboptions:
host:
description:
- LLDP neighbor host for given interface C(name).
port:
description:
- LLDP neighbor port to which given interface C(name) is connected.
aggregate:
description: List of Interfaces definitions.
state:
description:
- State of the Interface configuration, C(up) means present and operationally
up and C(down) means present and operationally C(down)
default: present
choices:
- present
- absent
- up
- down
extends_documentation_fragment:
- vyos.vyos.vyos
+
"""
EXAMPLES = """
- name: configure interface
- vyos_interface:
+ vyos.vyos.vyos_interface:
name: eth0
description: test-interface
- name: remove interface
- vyos_interface:
+ vyos.vyos.vyos_interface:
name: eth0
state: absent
- name: make interface down
- vyos_interface:
+ vyos.vyos.vyos_interface:
name: eth0
- enabled: False
+ enabled: false
- name: make interface up
- vyos_interface:
+ vyos.vyos.vyos_interface:
name: eth0
- enabled: True
+ enabled: true
- name: Configure interface speed, mtu, duplex
- vyos_interface:
+ vyos.vyos.vyos_interface:
name: eth5
state: present
speed: 100
mtu: 256
duplex: full
- name: Set interface using aggregate
- vyos_interface:
+ vyos.vyos.vyos_interface:
aggregate:
- - { name: eth1, description: test-interface-1, speed: 100, duplex: half, mtu: 512}
- - { name: eth2, description: test-interface-2, speed: 1000, duplex: full, mtu: 256}
+ - {name: eth1, description: test-interface-1, speed: 100, duplex: half, mtu: 512}
+ - {name: eth2, description: test-interface-2, speed: 1000, duplex: full, mtu: 256}
- name: Disable interface on aggregate
net_interface:
aggregate:
- - name: eth1
- - name: eth2
- enabled: False
+ - name: eth1
+ - name: eth2
+ enabled: false
- name: Delete interface using aggregate
net_interface:
aggregate:
- - name: eth1
- - name: eth2
+ - name: eth1
+ - name: eth2
state: absent
- name: Check lldp neighbors intent arguments
- vyos_interface:
+ vyos.vyos.vyos_interface:
name: eth0
neighbors:
- port: eth0
host: netdev
- name: Config + intent
- vyos_interface:
+ vyos.vyos.vyos_interface:
name: eth1
- enabled: False
+ enabled: false
state: down
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always, except for the platforms that use Netconf transport to manage the device.
type: list
sample:
- set interfaces ethernet eth0 description "test-interface"
- set interfaces ethernet eth0 speed 100
- set interfaces ethernet eth0 mtu 256
- set interfaces ethernet eth0 duplex full
"""
import re
from copy import deepcopy
from time import sleep
from ansible.module_utils._text import to_text
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import exec_command
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import (
conditional,
remove_default_spec,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
load_config,
get_config,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def search_obj_in_list(name, lst):
for o in lst:
if o["name"] == name:
return o
return None
def map_obj_to_commands(updates):
commands = list()
want, have = updates
params = ("speed", "description", "duplex", "mtu")
for w in want:
name = w["name"]
disable = w["disable"]
state = w["state"]
obj_in_have = search_obj_in_list(name, have)
set_interface = "set interfaces ethernet " + name
delete_interface = "delete interfaces ethernet " + name
if state == "absent" and obj_in_have:
commands.append(delete_interface)
elif state in ("present", "up", "down"):
if obj_in_have:
for item in params:
value = w.get(item)
if value and value != obj_in_have.get(item):
if item == "description":
value = "'" + str(value) + "'"
commands.append(
set_interface + " " + item + " " + str(value)
)
if disable and not obj_in_have.get("disable", False):
commands.append(set_interface + " disable")
elif not disable and obj_in_have.get("disable", False):
commands.append(delete_interface + " disable")
else:
commands.append(set_interface)
for item in params:
value = w.get(item)
if value:
if item == "description":
value = "'" + str(value) + "'"
commands.append(
set_interface + " " + item + " " + str(value)
)
if disable:
commands.append(set_interface + " disable")
return commands
def map_config_to_obj(module):
data = get_config(module, flags=["| grep interface"])
obj = []
for line in data.split("\n"):
if line.startswith("set interfaces ethernet"):
match = re.search(r"set interfaces ethernet (\S+)", line, re.M)
name = match.group(1)
if name:
interface = {}
for item in obj:
if item["name"] == name:
interface = item
break
if not interface:
interface = {"name": name}
obj.append(interface)
match = re.search(r"%s (\S+)" % name, line, re.M)
if match:
param = match.group(1)
if param == "description":
match = re.search(r"description (.+)", line, re.M)
description = match.group(1).strip("'")
interface["description"] = description
elif param == "speed":
match = re.search(r"speed (\S+)", line, re.M)
speed = match.group(1).strip("'")
interface["speed"] = speed
elif param == "mtu":
match = re.search(r"mtu (\S+)", line, re.M)
mtu = match.group(1).strip("'")
interface["mtu"] = int(mtu)
elif param == "duplex":
match = re.search(r"duplex (\S+)", line, re.M)
duplex = match.group(1).strip("'")
interface["duplex"] = duplex
elif param.strip("'") == "disable":
interface["disable"] = True
return obj
def map_params_to_obj(module):
obj = []
aggregate = module.params.get("aggregate")
if aggregate:
for item in aggregate:
for key in item:
if item.get(key) is None:
item[key] = module.params[key]
d = item.copy()
if d["enabled"]:
d["disable"] = False
else:
d["disable"] = True
obj.append(d)
else:
params = {
"name": module.params["name"],
"description": module.params["description"],
"speed": module.params["speed"],
"mtu": module.params["mtu"],
"duplex": module.params["duplex"],
"delay": module.params["delay"],
"state": module.params["state"],
"neighbors": module.params["neighbors"],
}
if module.params["enabled"]:
params.update({"disable": False})
else:
params.update({"disable": True})
obj.append(params)
return obj
def check_declarative_intent_params(module, want, result):
failed_conditions = []
have_neighbors = None
for w in want:
want_state = w.get("state")
want_neighbors = w.get("neighbors")
if want_state not in ("up", "down") and not want_neighbors:
continue
if result["changed"]:
sleep(w["delay"])
command = "show interfaces ethernet %s" % w["name"]
rc, out, err = exec_command(module, command)
if rc != 0:
module.fail_json(
msg=to_text(err, errors="surrogate_then_replace"),
command=command,
rc=rc,
)
if want_state in ("up", "down"):
match = re.search(r"%s (\w+)" % "state", out, re.M)
have_state = None
if match:
have_state = match.group(1)
if have_state is None or not conditional(
want_state, have_state.strip().lower()
):
failed_conditions.append("state " + "eq(%s)" % want_state)
if want_neighbors:
have_host = []
have_port = []
if have_neighbors is None:
rc, have_neighbors, err = exec_command(
module, "show lldp neighbors detail"
)
if rc != 0:
module.fail_json(
msg=to_text(err, errors="surrogate_then_replace"),
command=command,
rc=rc,
)
if have_neighbors:
lines = have_neighbors.strip().split("Interface: ")
for line in lines:
field = line.split("\n")
if field[0].split(",")[0].strip() == w["name"]:
for item in field:
if item.strip().startswith("SysName:"):
have_host.append(item.split(":")[1].strip())
if item.strip().startswith("PortDescr:"):
have_port.append(item.split(":")[1].strip())
for item in want_neighbors:
host = item.get("host")
port = item.get("port")
if host and host not in have_host:
failed_conditions.append("host " + host)
if port and port not in have_port:
failed_conditions.append("port " + port)
return failed_conditions
def main():
""" main entry point for module execution
"""
neighbors_spec = dict(host=dict(), port=dict())
element_spec = dict(
name=dict(),
description=dict(),
speed=dict(),
mtu=dict(type="int"),
duplex=dict(choices=["full", "half", "auto"]),
enabled=dict(default=True, type="bool"),
neighbors=dict(type="list", elements="dict", options=neighbors_spec),
delay=dict(default=10, type="int"),
state=dict(
default="present", choices=["present", "absent", "up", "down"]
),
)
aggregate_spec = deepcopy(element_spec)
aggregate_spec["name"] = dict(required=True)
# remove default in aggregate spec, to handle common arguments
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type="list", elements="dict", options=aggregate_spec),
)
argument_spec.update(element_spec)
argument_spec.update(vyos_argument_spec)
required_one_of = [["name", "aggregate"]]
mutually_exclusive = [["name", "aggregate"]]
required_together = [["speed", "duplex"]]
module = AnsibleModule(
argument_spec=argument_spec,
required_one_of=required_one_of,
mutually_exclusive=mutually_exclusive,
required_together=required_together,
supports_check_mode=True,
)
warnings = list()
result = {"changed": False}
if warnings:
result["warnings"] = warnings
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands((want, have))
result["commands"] = commands
if commands:
commit = not module.check_mode
diff = load_config(module, commands, commit=commit)
if diff:
if module._diff:
result["diff"] = {"prepared": diff}
result["changed"] = True
failed_conditions = check_declarative_intent_params(module, want, result)
if failed_conditions:
msg = "One or more conditional statements have not been satisfied"
module.fail_json(msg=msg, failed_conditions=failed_conditions)
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_interfaces.py b/plugins/modules/vyos_interfaces.py
index 6730e30..47f9777 100644
--- a/plugins/modules/vyos_interfaces.py
+++ b/plugins/modules/vyos_interfaces.py
@@ -1,1131 +1,1132 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_interfaces
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {"metadata_version": "1.1", "supported_by": "Ansible"}
-DOCUMENTATION = """module: vyos_interfaces
+DOCUMENTATION = """
+module: vyos_interfaces
short_description: Interfaces resource module
description:
- This module manages the interface attributes on VyOS network devices.
- This module supports managing base attributes of Ethernet, Bonding, VXLAN, Loopback
and Virtual Tunnel Interfaces.
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
-version_added: "1.0.0"
author:
- Nilashish Chakraborty (@nilashishc)
- Rohit Thakur (@rohitthakur2590)
options:
config:
description: The provided interfaces configuration.
type: list
suboptions:
name:
description:
- Full name of the interface, e.g. eth0, eth1, bond0, vti1, vxlan2.
type: str
required: true
description:
description:
- Interface description.
type: str
duplex:
description:
- Interface duplex mode.
- Applicable for Ethernet interfaces only.
choices:
- full
- half
- auto
type: str
enabled:
default: true
description:
- Administrative state of the interface.
- Set the value to C(true) to administratively enable the interface or C(false)
to disable it.
type: bool
mtu:
description:
- MTU for a specific interface. Refer to vendor documentation for valid values.
- Applicable for Ethernet, Bonding, VXLAN and Virtual Tunnel interfaces.
type: int
speed:
description:
- Interface link speed.
- Applicable for Ethernet interfaces only.
type: str
choices:
- auto
- '10'
- '100'
- '1000'
- '2500'
- '10000'
vifs:
description:
- Virtual sub-interfaces related configuration.
- 802.1Q VLAN interfaces are represented as virtual sub-interfaces in VyOS.
type: list
suboptions:
vlan_id:
description:
- Identifier for the virtual sub-interface.
type: int
description:
description:
- Virtual sub-interface description.
type: str
enabled:
description:
- Administrative state of the virtual sub-interface.
- Set the value to C(true) to administratively enable the interface or
C(false) to disable it.
type: bool
default: true
mtu:
description:
- MTU for the virtual sub-interface.
- Refer to vendor documentation for valid values.
type: int
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep interfaces).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep interfaces).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
- The state of the configuration after module completion.
type: str
choices:
- merged
- replaced
- overridden
- deleted
- rendered
- gathered
- parsed
default: merged
"""
EXAMPLES = """
# Using merged
#
# -------------
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep interfaces
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9'
# set interfaces ethernet eth1 smp-affinity 'auto'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth2 smp-affinity 'auto'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces loopback lo
- name: Merge provided configuration with device configuration
vyos.vyos.vyos_interfaces:
config:
- - name: eth2
- description: 'Configured by Ansible'
- enabled: True
- vifs:
- - vlan_id: 200
- description: "VIF 200 - ETH2"
+ - name: eth2
+ description: Configured by Ansible
+ enabled: true
+ vifs:
+ - vlan_id: 200
+ description: VIF 200 - ETH2
- - name: eth3
- description: 'Configured by Ansible'
- mtu: 1500
+ - name: eth3
+ description: Configured by Ansible
+ mtu: 1500
- - name: bond1
- description: 'Bond - 1'
- mtu: 1200
+ - name: bond1
+ description: Bond - 1
+ mtu: 1200
- - name: vti2
- description: 'VTI - 2'
- enabled: false
+ - name: vti2
+ description: VTI - 2
+ enabled: false
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "enabled": true,
# "name": "eth3"
# },
# {
# "enabled": true,
# "name": "eth2"
# },
# {
# "enabled": true,
# "name": "eth1"
# },
# {
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
# "commands": [
# "set interfaces ethernet eth2 description 'Configured by Ansible'",
# "set interfaces ethernet eth2 vif 200",
# "set interfaces ethernet eth2 vif 200 description 'VIF 200 - ETH2'",
# "set interfaces ethernet eth3 description 'Configured by Ansible'",
# "set interfaces ethernet eth3 mtu '1500'",
# "set interfaces bonding bond1",
# "set interfaces bonding bond1 description 'Bond - 1'",
# "set interfaces bonding bond1 mtu '1200'",
# "set interfaces vti vti2",
# "set interfaces vti vti2 description 'VTI - 2'",
# "set interfaces vti vti2 disable"
# ]
#
# "after": [
# {
# "description": "Bond - 1",
# "enabled": true,
# "mtu": 1200,
# "name": "bond1"
# },
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "description": "VTI - 2",
# "enabled": false,
# "name": "vti2"
# },
# {
# "description": "Configured by Ansible",
# "enabled": true,
# "mtu": 1500,
# "name": "eth3"
# },
# {
# "description": "Configured by Ansible",
# "enabled": true,
# "name": "eth2",
# "vifs": [
# {
# "description": "VIF 200 - ETH2",
# "enabled": true,
# "vlan_id": "200"
# }
# ]
# },
# {
# "enabled": true,
# "name": "eth1"
# },
# {
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
#
# -------------
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep interfaces
# set interfaces bonding bond1 description 'Bond - 1'
# set interfaces bonding bond1 mtu '1200'
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9'
# set interfaces ethernet eth1 smp-affinity 'auto'
# set interfaces ethernet eth2 description 'Configured by Ansible'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth2 smp-affinity 'auto'
# set interfaces ethernet eth2 vif 200 description 'VIF 200 - ETH2'
# set interfaces ethernet eth3 description 'Configured by Ansible'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 mtu '1500'
# set interfaces loopback lo
# set interfaces vti vti2 description 'VTI - 2'
# set interfaces vti vti2 disable
#
# Using replaced
#
# -------------
# Before state:
# -------------
#
# vyos:~$ show configuration commands | grep eth
# set interfaces bonding bond1 description 'Bond - 1'
# set interfaces bonding bond1 mtu '1400'
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 description 'Management Interface for the Appliance'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:f3:6c:b5'
# set interfaces ethernet eth0 smp_affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 description 'Configured by Ansible Eng Team'
# set interfaces ethernet eth1 duplex 'full'
# set interfaces ethernet eth1 hw-id '08:00:27:ad:ef:65'
# set interfaces ethernet eth1 smp_affinity 'auto'
# set interfaces ethernet eth1 speed '100'
# set interfaces ethernet eth2 description 'Configured by Ansible'
# set interfaces ethernet eth2 duplex 'full'
# set interfaces ethernet eth2 hw-id '08:00:27:ab:4e:79'
# set interfaces ethernet eth2 mtu '500'
# set interfaces ethernet eth2 smp_affinity 'auto'
# set interfaces ethernet eth2 speed '100'
# set interfaces ethernet eth2 vif 200 description 'Configured by Ansible'
# set interfaces ethernet eth3 description 'Configured by Ansible'
# set interfaces ethernet eth3 duplex 'full'
# set interfaces ethernet eth3 hw-id '08:00:27:17:3c:85'
# set interfaces ethernet eth3 mtu '1500'
# set interfaces ethernet eth3 smp_affinity 'auto'
# set interfaces ethernet eth3 speed '100'
# set interfaces loopback lo
#
#
- name: Replace device configurations of listed interfaces with provided configurations
vyos.vyos.vyos_interfaces:
config:
- - name: eth2
- description: "Replaced by Ansible"
+ - name: eth2
+ description: Replaced by Ansible
- - name: eth3
- description: "Replaced by Ansible"
+ - name: eth3
+ description: Replaced by Ansible
- - name: eth1
- description: "Replaced by Ansible"
+ - name: eth1
+ description: Replaced by Ansible
state: replaced
#
#
# -----------------------
# Module Execution Result
# -----------------------
#
# "before": [
# {
# "description": "Bond - 1",
# "enabled": true,
# "mtu": 1400,
# "name": "bond1"
# },
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "description": "Configured by Ansible",
# "duplex": "full",
# "enabled": true,
# "mtu": 1500,
# "name": "eth3",
# "speed": "100"
# },
# {
# "description": "Configured by Ansible",
# "duplex": "full",
# "enabled": true,
# "mtu": 500,
# "name": "eth2",
# "speed": "100",
# "vifs": [
# {
# "description": "VIF 200 - ETH2",
# "enabled": true,
# "vlan_id": "200"
# }
# ]
# },
# {
# "description": "Configured by Ansible Eng Team",
# "duplex": "full",
# "enabled": true,
# "name": "eth1",
# "speed": "100"
# },
# {
# "description": "Management Interface for the Appliance",
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
# "commands": [
# "delete interfaces ethernet eth2 speed",
# "delete interfaces ethernet eth2 duplex",
# "delete interfaces ethernet eth2 mtu",
# "delete interfaces ethernet eth2 vif 200 description",
# "set interfaces ethernet eth2 description 'Replaced by Ansible'",
# "delete interfaces ethernet eth3 speed",
# "delete interfaces ethernet eth3 duplex",
# "delete interfaces ethernet eth3 mtu",
# "set interfaces ethernet eth3 description 'Replaced by Ansible'",
# "delete interfaces ethernet eth1 speed",
# "delete interfaces ethernet eth1 duplex",
# "set interfaces ethernet eth1 description 'Replaced by Ansible'"
# ]
#
# "after": [
# {
# "description": "Bond - 1",
# "enabled": true,
# "mtu": 1400,
# "name": "bond1"
# },
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "description": "Replaced by Ansible",
# "enabled": true,
# "name": "eth3"
# },
# {
# "description": "Replaced by Ansible",
# "enabled": true,
# "name": "eth2",
# "vifs": [
# {
# "enabled": true,
# "vlan_id": "200"
# }
# ]
# },
# {
# "description": "Replaced by Ansible",
# "enabled": true,
# "name": "eth1"
# },
# {
# "description": "Management Interface for the Appliance",
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
#
# -------------
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep interfaces
# set interfaces bonding bond1 description 'Bond - 1'
# set interfaces bonding bond1 mtu '1400'
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 description 'Management Interface for the Appliance'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 description 'Replaced by Ansible'
# set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9'
# set interfaces ethernet eth1 smp-affinity 'auto'
# set interfaces ethernet eth2 description 'Replaced by Ansible'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth2 smp-affinity 'auto'
# set interfaces ethernet eth2 vif 200
# set interfaces ethernet eth3 description 'Replaced by Ansible'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces loopback lo
#
#
# Using overridden
#
#
# --------------
# Before state
# --------------
#
# vyos@vyos:~$ show configuration commands | grep interfaces
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 description 'Ethernet Interface - 0'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 mtu '1200'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 description 'Configured by Ansible Eng Team'
# set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9'
# set interfaces ethernet eth1 mtu '100'
# set interfaces ethernet eth1 smp-affinity 'auto'
# set interfaces ethernet eth1 vif 100 description 'VIF 100 - ETH1'
# set interfaces ethernet eth1 vif 100 disable
# set interfaces ethernet eth2 description 'Configured by Ansible Team (Admin Down)'
# set interfaces ethernet eth2 disable
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth2 mtu '600'
# set interfaces ethernet eth2 smp-affinity 'auto'
# set interfaces ethernet eth3 description 'Configured by Ansible Network'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces loopback lo
# set interfaces vti vti1 description 'Virtual Tunnel Interface - 1'
# set interfaces vti vti1 mtu '68'
#
#
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_interfaces:
config:
- - name: eth0
- description: Outbound Interface For The Appliance
- speed: auto
- duplex: auto
+ - name: eth0
+ description: Outbound Interface For The Appliance
+ speed: auto
+ duplex: auto
- - name: eth2
- speed: auto
- duplex: auto
+ - name: eth2
+ speed: auto
+ duplex: auto
- - name: eth3
- mtu: 1200
+ - name: eth3
+ mtu: 1200
state: overridden
#
#
# ------------------------
# Module Execution Result
# ------------------------
#
# "before": [
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "description": "Virtual Tunnel Interface - 1",
# "enabled": true,
# "mtu": 68,
# "name": "vti1"
# },
# {
# "description": "Configured by Ansible Network",
# "enabled": true,
# "name": "eth3"
# },
# {
# "description": "Configured by Ansible Team (Admin Down)",
# "enabled": false,
# "mtu": 600,
# "name": "eth2"
# },
# {
# "description": "Configured by Ansible Eng Team",
# "enabled": true,
# "mtu": 100,
# "name": "eth1",
# "vifs": [
# {
# "description": "VIF 100 - ETH1",
# "enabled": false,
# "vlan_id": "100"
# }
# ]
# },
# {
# "description": "Ethernet Interface - 0",
# "duplex": "auto",
# "enabled": true,
# "mtu": 1200,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
# "commands": [
# "delete interfaces vti vti1 description",
# "delete interfaces vti vti1 mtu",
# "delete interfaces ethernet eth1 description",
# "delete interfaces ethernet eth1 mtu",
# "delete interfaces ethernet eth1 vif 100 description",
# "delete interfaces ethernet eth1 vif 100 disable",
# "delete interfaces ethernet eth0 mtu",
# "set interfaces ethernet eth0 description 'Outbound Interface For The Appliance'",
# "delete interfaces ethernet eth2 description",
# "delete interfaces ethernet eth2 mtu",
# "set interfaces ethernet eth2 duplex 'auto'",
# "delete interfaces ethernet eth2 disable",
# "set interfaces ethernet eth2 speed 'auto'",
# "delete interfaces ethernet eth3 description",
# "set interfaces ethernet eth3 mtu '1200'"
# ],
#
# "after": [
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "enabled": true,
# "name": "vti1"
# },
# {
# "enabled": true,
# "mtu": 1200,
# "name": "eth3"
# },
# {
# "duplex": "auto",
# "enabled": true,
# "name": "eth2",
# "speed": "auto"
# },
# {
# "enabled": true,
# "name": "eth1",
# "vifs": [
# {
# "enabled": true,
# "vlan_id": "100"
# }
# ]
# },
# {
# "description": "Outbound Interface For The Appliance",
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
#
# ------------
# After state
# ------------
#
# vyos@vyos:~$ show configuration commands | grep interfaces
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 description 'Outbound Interface For The Appliance'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9'
# set interfaces ethernet eth1 smp-affinity 'auto'
# set interfaces ethernet eth1 vif 100
# set interfaces ethernet eth2 duplex 'auto'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth2 smp-affinity 'auto'
# set interfaces ethernet eth2 speed 'auto'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 mtu '1200'
# set interfaces loopback lo
# set interfaces vti vti1
#
#
# Using deleted
#
#
# -------------
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands | grep interfaces
# set interfaces bonding bond0 mtu '1300'
# set interfaces bonding bond1 description 'LAG - 1'
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 description 'Outbound Interface for this appliance'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 description 'Configured by Ansible Network'
# set interfaces ethernet eth1 duplex 'full'
# set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9'
# set interfaces ethernet eth1 smp-affinity 'auto'
# set interfaces ethernet eth1 speed '100'
# set interfaces ethernet eth2 description 'Configured by Ansible'
# set interfaces ethernet eth2 disable
# set interfaces ethernet eth2 duplex 'full'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth2 mtu '600'
# set interfaces ethernet eth2 smp-affinity 'auto'
# set interfaces ethernet eth2 speed '100'
# set interfaces ethernet eth3 description 'Configured by Ansible Network'
# set interfaces ethernet eth3 duplex 'full'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 speed '100'
# set interfaces loopback lo
#
#
-- name: Delete attributes of given interfaces (Note - This won't delete the interfaces themselves)
+- name: Delete attributes of given interfaces (Note - This won't delete the interfaces
+ themselves)
vyos.vyos.vyos_interfaces:
config:
- - name: bond1
+ - name: bond1
- - name: eth1
+ - name: eth1
- - name: eth2
+ - name: eth2
- - name: eth3
+ - name: eth3
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": [
# {
# "enabled": true,
# "mtu": 1300,
# "name": "bond0"
# },
# {
# "description": "LAG - 1",
# "enabled": true,
# "name": "bond1"
# },
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "description": "Configured by Ansible Network",
# "duplex": "full",
# "enabled": true,
# "name": "eth3",
# "speed": "100"
# },
# {
# "description": "Configured by Ansible",
# "duplex": "full",
# "enabled": false,
# "mtu": 600,
# "name": "eth2",
# "speed": "100"
# },
# {
# "description": "Configured by Ansible Network",
# "duplex": "full",
# "enabled": true,
# "name": "eth1",
# "speed": "100"
# },
# {
# "description": "Outbound Interface for this appliance",
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
# "commands": [
# "delete interfaces bonding bond1 description",
# "delete interfaces ethernet eth1 speed",
# "delete interfaces ethernet eth1 duplex",
# "delete interfaces ethernet eth1 description",
# "delete interfaces ethernet eth2 speed",
# "delete interfaces ethernet eth2 disable",
# "delete interfaces ethernet eth2 duplex",
# "delete interfaces ethernet eth2 disable",
# "delete interfaces ethernet eth2 description",
# "delete interfaces ethernet eth2 disable",
# "delete interfaces ethernet eth2 mtu",
# "delete interfaces ethernet eth2 disable",
# "delete interfaces ethernet eth3 speed",
# "delete interfaces ethernet eth3 duplex",
# "delete interfaces ethernet eth3 description"
# ]
#
# "after": [
# {
# "enabled": true,
# "mtu": 1300,
# "name": "bond0"
# },
# {
# "enabled": true,
# "name": "bond1"
# },
# {
# "enabled": true,
# "name": "lo"
# },
# {
# "enabled": true,
# "name": "eth3"
# },
# {
# "enabled": true,
# "name": "eth2"
# },
# {
# "enabled": true,
# "name": "eth1"
# },
# {
# "description": "Outbound Interface for this appliance",
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
#
# ------------
# After state
# ------------
#
# vyos@vyos:~$ show configuration commands | grep interfaces
# set interfaces bonding bond0 mtu '1300'
# set interfaces bonding bond1
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 description 'Outbound Interface for this appliance'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9'
# set interfaces ethernet eth1 smp-affinity 'auto'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth2 smp-affinity 'auto'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces loopback lo
#
#
# Using gathered
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep interfaces
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19'
# set interfaces ethernet eth0 smp_affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 description 'Configured by Ansible'
# set interfaces ethernet eth1 duplex 'auto'
# set interfaces ethernet eth1 mtu '1500'
# set interfaces ethernet eth1 speed 'auto'
# set interfaces ethernet eth1 vif 200 description 'VIF - 200'
# set interfaces ethernet eth2 description 'Configured by Ansible'
# set interfaces ethernet eth2 duplex 'auto'
# set interfaces ethernet eth2 mtu '1500'
# set interfaces ethernet eth2 speed 'auto'
# set interfaces ethernet eth2 vif 200 description 'VIF - 200'
#
- name: Gather listed interfaces with provided configurations
vyos.vyos.vyos_interfaces:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "description": "Configured by Ansible",
# "duplex": "auto",
# "enabled": true,
# "mtu": 1500,
# "name": "eth2",
# "speed": "auto",
# "vifs": [
# {
# "description": "VIF - 200",
# "enabled": true,
# "vlan_id": 200
# }
# ]
# },
# {
# "description": "Configured by Ansible",
# "duplex": "auto",
# "enabled": true,
# "mtu": 1500,
# "name": "eth1",
# "speed": "auto",
# "vifs": [
# {
# "description": "VIF - 200",
# "enabled": true,
# "vlan_id": 200
# }
# ]
# },
# {
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
#
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep interfaces
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19'
# set interfaces ethernet eth0 smp_affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 description 'Configured by Ansible'
# set interfaces ethernet eth1 duplex 'auto'
# set interfaces ethernet eth1 mtu '1500'
# set interfaces ethernet eth1 speed 'auto'
# set interfaces ethernet eth1 vif 200 description 'VIF - 200'
# set interfaces ethernet eth2 description 'Configured by Ansible'
# set interfaces ethernet eth2 duplex 'auto'
# set interfaces ethernet eth2 mtu '1500'
# set interfaces ethernet eth2 speed 'auto'
# set interfaces ethernet eth2 vif 200 description 'VIF - 200'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_interfaces:
config:
- - name: eth0
+ - name: eth0
+ enabled: true
+ duplex: auto
+ speed: auto
+ - name: eth1
+ description: Configured by Ansible - Interface 1
+ mtu: 1500
+ speed: auto
+ duplex: auto
+ enabled: true
+ vifs:
+ - vlan_id: 100
+ description: Eth1 - VIF 100
+ mtu: 400
enabled: true
- duplex: auto
- speed: auto
- - name: eth1
- description: Configured by Ansible - Interface 1
- mtu: 1500
- speed: auto
- duplex: auto
+ - vlan_id: 101
+ description: Eth1 - VIF 101
enabled: true
- vifs:
- - vlan_id: 100
- description: Eth1 - VIF 100
- mtu: 400
- enabled: true
- - vlan_id: 101
- description: Eth1 - VIF 101
- enabled: true
- - name: eth2
- description: Configured by Ansible - Interface 2 (ADMIN DOWN)
- mtu: 600
- enabled: false
+ - name: eth2
+ description: Configured by Ansible - Interface 2 (ADMIN DOWN)
+ mtu: 600
+ enabled: false
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set interfaces ethernet eth0 duplex 'auto'",
# "set interfaces ethernet eth0 speed 'auto'",
# "delete interfaces ethernet eth0 disable",
# "set interfaces ethernet eth1 duplex 'auto'",
# "delete interfaces ethernet eth1 disable",
# "set interfaces ethernet eth1 speed 'auto'",
# "set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1'",
# "set interfaces ethernet eth1 mtu '1500'",
# "set interfaces ethernet eth1 vif 100 description 'Eth1 - VIF 100'",
# "set interfaces ethernet eth1 vif 100 mtu '400'",
# "set interfaces ethernet eth1 vif 101 description 'Eth1 - VIF 101'",
# "set interfaces ethernet eth2 disable",
# "set interfaces ethernet eth2 description 'Configured by Ansible - Interface 2 (ADMIN DOWN)'",
# "set interfaces ethernet eth2 mtu '600'"
# ]
# Using parsed
#
#
- name: Parse the configuration.
vyos.vyos.vyos_interfaces:
running_config:
"set interfaces ethernet eth0 address 'dhcp'
- set interfaces ethernet eth0 duplex 'auto'
- set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19'
- set interfaces ethernet eth0 smp_affinity 'auto'
- set interfaces ethernet eth0 speed 'auto'
- set interfaces ethernet eth1 description 'Configured by Ansible'
- set interfaces ethernet eth1 duplex 'auto'
- set interfaces ethernet eth1 mtu '1500'
- set interfaces ethernet eth1 speed 'auto'
- set interfaces ethernet eth1 vif 200 description 'VIF - 200'
- set interfaces ethernet eth2 description 'Configured by Ansible'
- set interfaces ethernet eth2 duplex 'auto'
- set interfaces ethernet eth2 mtu '1500'
- set interfaces ethernet eth2 speed 'auto'
- set interfaces ethernet eth2 vif 200 description 'VIF - 200'"
+ set interfaces ethernet eth0 duplex 'auto'
+ set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19'
+ set interfaces ethernet eth0 smp_affinity 'auto'
+ set interfaces ethernet eth0 speed 'auto'
+ set interfaces ethernet eth1 description 'Configured by Ansible'
+ set interfaces ethernet eth1 duplex 'auto'
+ set interfaces ethernet eth1 mtu '1500'
+ set interfaces ethernet eth1 speed 'auto'
+ set interfaces ethernet eth1 vif 200 description 'VIF - 200'
+ set interfaces ethernet eth2 description 'Configured by Ansible'
+ set interfaces ethernet eth2 duplex 'auto'
+ set interfaces ethernet eth2 mtu '1500'
+ set interfaces ethernet eth2 speed 'auto'
+ set interfaces ethernet eth2 vif 200 description 'VIF - 200'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": [
# {
# "description": "Configured by Ansible",
# "duplex": "auto",
# "enabled": true,
# "mtu": 1500,
# "name": "eth2",
# "speed": "auto",
# "vifs": [
# {
# "description": "VIF - 200",
# "enabled": true,
# "vlan_id": 200
# }
# ]
# },
# {
# "description": "Configured by Ansible",
# "duplex": "auto",
# "enabled": true,
# "mtu": 1500,
# "name": "eth1",
# "speed": "auto",
# "vifs": [
# {
# "description": "VIF - 200",
# "enabled": true,
# "vlan_id": 200
# }
# ]
# },
# {
# "duplex": "auto",
# "enabled": true,
# "name": "eth0",
# "speed": "auto"
# }
# ]
"""
RETURN = """
before:
description: The configuration as structured data prior to module invocation.
returned: always
sample: >
The configuration returned will always be in the same format
of the parameters above.
type: list
after:
description: The configuration as structured data after module completion.
returned: when changed
sample: >
The configuration returned will always be in the same format
of the parameters above.
type: list
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample:
- 'set interfaces ethernet eth1 mtu 1200'
- 'set interfaces ethernet eth2 vif 100 description VIF 100'
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.interfaces.interfaces import (
InterfacesArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.interfaces.interfaces import (
Interfaces,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "overridden", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=InterfacesArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Interfaces(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_l3_interface.py b/plugins/modules/vyos_l3_interface.py
index faa9629..3e43f7c 100644
--- a/plugins/modules/vyos_l3_interface.py
+++ b/plugins/modules/vyos_l3_interface.py
@@ -1,329 +1,326 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["deprecated"],
- "supported_by": "network",
-}
-
-DOCUMENTATION = """module: vyos_l3_interface
+DOCUMENTATION = """
+module: vyos_l3_interface
author: Ricardo Carrillo Cruz (@rcarrillocruz)
-short_description: Manage L3 interfaces on VyOS network devices
+short_description: (deprecated) Manage L3 interfaces on VyOS network devices
description:
- This module provides declarative management of L3 interfaces on VyOS network devices.
+version_added: 1.0.0
deprecated:
removed_in: '2.13'
alternative: vyos_l3_interfaces
why: Updated modules released with more functionality.
notes:
- Tested against VYOS 1.1.7
options:
name:
description:
- Name of the L3 interface.
ipv4:
description:
- IPv4 of the L3 interface.
ipv6:
description:
- IPv6 of the L3 interface.
aggregate:
description: List of L3 interfaces definitions
state:
description:
- State of the L3 interface configuration.
default: present
choices:
- present
- absent
extends_documentation_fragment:
- vyos.vyos.vyos
+
"""
EXAMPLES = """
- name: Set eth0 IPv4 address
- vyos_l3_interface:
+ vyos.vyos.vyos_l3_interface:
name: eth0
ipv4: 192.168.0.1/24
- name: Remove eth0 IPv4 address
- vyos_l3_interface:
+ vyos.vyos.vyos_l3_interface:
name: eth0
state: absent
- name: Set IP addresses on aggregate
- vyos_l3_interface:
+ vyos.vyos.vyos_l3_interface:
aggregate:
- - { name: eth1, ipv4: 192.168.2.10/24 }
- - { name: eth2, ipv4: 192.168.3.10/24, ipv6: "fd5d:12c9:2201:1::1/64" }
+ - {name: eth1, ipv4: 192.168.2.10/24}
+ - {name: eth2, ipv4: 192.168.3.10/24, ipv6: fd5d:12c9:2201:1::1/64}
- name: Remove IP addresses on aggregate
- vyos_l3_interface:
+ vyos.vyos.vyos_l3_interface:
aggregate:
- - { name: eth1, ipv4: 192.168.2.10/24 }
- - { name: eth2, ipv4: 192.168.3.10/24, ipv6: "fd5d:12c9:2201:1::1/64" }
+ - {name: eth1, ipv4: 192.168.2.10/24}
+ - {name: eth2, ipv4: 192.168.3.10/24, ipv6: fd5d:12c9:2201:1::1/64}
state: absent
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always, except for the platforms that use Netconf transport to manage the device.
type: list
sample:
- set interfaces ethernet eth0 address '192.168.0.1/24'
"""
import socket
import re
from copy import deepcopy
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import (
is_masklen,
validate_ip_address,
)
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import (
remove_default_spec,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
load_config,
run_commands,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def is_ipv4(value):
if value:
address = value.split("/")
if is_masklen(address[1]) and validate_ip_address(address[0]):
return True
return False
def is_ipv6(value):
if value:
address = value.split("/")
if 0 <= int(address[1]) <= 128:
try:
socket.inet_pton(socket.AF_INET6, address[0])
except socket.error:
return False
return True
return False
def search_obj_in_list(name, lst):
for o in lst:
if o["name"] == name:
return o
return None
def map_obj_to_commands(updates, module):
commands = list()
want, have = updates
for w in want:
name = w["name"]
ipv4 = w["ipv4"]
ipv6 = w["ipv6"]
state = w["state"]
obj_in_have = search_obj_in_list(name, have)
if state == "absent" and obj_in_have:
if (
not ipv4
and not ipv6
and (obj_in_have["ipv4"] or obj_in_have["ipv6"])
):
if name == "lo":
commands.append("delete interfaces loopback lo address")
else:
commands.append(
"delete interfaces ethernet " + name + " address"
)
else:
if ipv4 and ipv4 in obj_in_have["ipv4"]:
if name == "lo":
commands.append(
"delete interfaces loopback lo address " + ipv4
)
else:
commands.append(
"delete interfaces ethernet "
+ name
+ " address "
+ ipv4
)
if ipv6 and ipv6 in obj_in_have["ipv6"]:
if name == "lo":
commands.append(
"delete interfaces loopback lo address " + ipv6
)
else:
commands.append(
"delete interfaces ethernet "
+ name
+ " address "
+ ipv6
)
elif state == "present" and obj_in_have:
if ipv4 and ipv4 not in obj_in_have["ipv4"]:
if name == "lo":
commands.append(
"set interfaces loopback lo address " + ipv4
)
else:
commands.append(
"set interfaces ethernet " + name + " address " + ipv4
)
if ipv6 and ipv6 not in obj_in_have["ipv6"]:
if name == "lo":
commands.append(
"set interfaces loopback lo address " + ipv6
)
else:
commands.append(
"set interfaces ethernet " + name + " address " + ipv6
)
return commands
def map_config_to_obj(module):
obj = []
output = run_commands(module, ["show interfaces"])
lines = re.split(r"\n[e|l]", output[0])[1:]
if len(lines) > 0:
for line in lines:
splitted_line = line.split()
if len(splitted_line) > 0:
ipv4 = []
ipv6 = []
if splitted_line[0].lower().startswith("th"):
name = "e" + splitted_line[0].lower()
elif splitted_line[0].lower().startswith("o"):
name = "l" + splitted_line[0].lower()
for i in splitted_line[1:]:
if ("." in i or ":" in i) and "/" in i:
value = i.split(r"\n")[0]
if is_ipv4(value):
ipv4.append(value)
elif is_ipv6(value):
ipv6.append(value)
obj.append({"name": name, "ipv4": ipv4, "ipv6": ipv6})
return obj
def map_params_to_obj(module):
obj = []
aggregate = module.params.get("aggregate")
if aggregate:
for item in aggregate:
for key in item:
if item.get(key) is None:
item[key] = module.params[key]
obj.append(item.copy())
else:
obj.append(
{
"name": module.params["name"],
"ipv4": module.params["ipv4"],
"ipv6": module.params["ipv6"],
"state": module.params["state"],
}
)
return obj
def main():
""" main entry point for module execution
"""
element_spec = dict(
name=dict(),
ipv4=dict(),
ipv6=dict(),
state=dict(default="present", choices=["present", "absent"]),
)
aggregate_spec = deepcopy(element_spec)
aggregate_spec["name"] = dict(required=True)
# remove default in aggregate spec, to handle common arguments
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type="list", elements="dict", options=aggregate_spec),
)
argument_spec.update(element_spec)
argument_spec.update(vyos_argument_spec)
required_one_of = [["name", "aggregate"]]
mutually_exclusive = [["name", "aggregate"]]
module = AnsibleModule(
argument_spec=argument_spec,
required_one_of=required_one_of,
mutually_exclusive=mutually_exclusive,
supports_check_mode=True,
)
warnings = list()
result = {"changed": False}
if warnings:
result["warnings"] = warnings
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands((want, have), module)
result["commands"] = commands
if commands:
commit = not module.check_mode
load_config(module, commands, commit=commit)
result["changed"] = True
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_l3_interfaces.py b/plugins/modules/vyos_l3_interfaces.py
index 4724240..39dd23c 100644
--- a/plugins/modules/vyos_l3_interfaces.py
+++ b/plugins/modules/vyos_l3_interfaces.py
@@ -1,578 +1,575 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_l3_interfaces
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-DOCUMENTATION = """module: vyos_l3_interfaces
+DOCUMENTATION = """
+module: vyos_l3_interfaces
short_description: L3 interfaces resource module
description: This module manages the L3 interface attributes on VyOS network devices.
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
author:
- Nilashish Chakraborty (@NilashishC)
- Rohit Thakur (@rohitthakur2590)
options:
config:
description: The provided L3 interfaces configuration.
type: list
elements: dict
suboptions:
name:
description:
- Full name of the interface, e.g. eth0, eth1.
type: str
required: true
ipv4:
description:
- List of IPv4 addresses of the interface.
type: list
elements: dict
suboptions:
address:
description:
- IPv4 address of the interface.
type: str
ipv6:
description:
- List of IPv6 addresses of the interface.
type: list
elements: dict
suboptions:
address:
description:
- IPv6 address of the interface.
type: str
vifs:
description:
- Virtual sub-interfaces L3 configurations.
elements: dict
type: list
suboptions:
vlan_id:
description:
- Identifier for the virtual sub-interface.
type: int
ipv4:
description:
- List of IPv4 addresses of the virtual interface.
type: list
elements: dict
suboptions:
address:
description:
- IPv4 address of the virtual interface.
type: str
ipv6:
description:
- List of IPv6 addresses of the virtual interface.
type: list
elements: dict
suboptions:
address:
description:
- IPv6 address of the virtual interface.
type: str
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep -e eth[2,3]).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep -e eth[2,3]).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
- version_added: "1.0.0"
state:
description:
- The state of the configuration after module completion.
type: str
choices:
- merged
- replaced
- overridden
- deleted
- parsed
- gathered
- rendered
default: merged
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos:~$ show configuration commands | grep -e eth[2,3]
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 vif 101
# set interfaces ethernet eth3 vif 102
- name: Merge provided configuration with device configuration
vyos.vyos.vyos_l3_interfaces:
config:
- - name: eth2
- ipv4:
- - address: 192.0.2.10/28
- - address: 198.51.100.40/27
- ipv6:
- - address: 2001:db8:100::2/32
- - address: 2001:db8:400::10/32
+ - name: eth2
+ ipv4:
+ - address: 192.0.2.10/28
+ - address: 198.51.100.40/27
+ ipv6:
+ - address: 2001:db8:100::2/32
+ - address: 2001:db8:400::10/32
- - name: eth3
+ - name: eth3
+ ipv4:
+ - address: 203.0.113.65/26
+ vifs:
+ - vlan_id: 101
ipv4:
- - address: 203.0.113.65/26
- vifs:
- - vlan_id: 101
- ipv4:
- - address: 192.0.2.71/28
- - address: 198.51.100.131/25
- - vlan_id: 102
- ipv6:
- - address: 2001:db8:1000::5/38
- - address: 2001:db8:1400::3/38
+ - address: 192.0.2.71/28
+ - address: 198.51.100.131/25
+ - vlan_id: 102
+ ipv6:
+ - address: 2001:db8:1000::5/38
+ - address: 2001:db8:1400::3/38
state: merged
# After state:
# -------------
#
# vyos:~$ show configuration commands | grep -e eth[2,3]
# set interfaces ethernet eth2 address '192.0.2.10/28'
# set interfaces ethernet eth2 address '198.51.100.40/27'
# set interfaces ethernet eth2 address '2001:db8:100::2/32'
# set interfaces ethernet eth2 address '2001:db8:400::10/32'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth3 address '203.0.113.65/26'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 vif 101 address '192.0.2.71/28'
# set interfaces ethernet eth3 vif 101 address '198.51.100.131/25'
# set interfaces ethernet eth3 vif 102 address '2001:db8:1000::5/38'
# set interfaces ethernet eth3 vif 102 address '2001:db8:1400::3/38'
# set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34'
# Using replaced
#
# Before state:
# -------------
#
# vyos:~$ show configuration commands | grep eth
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9'
# set interfaces ethernet eth1 address '192.0.2.14/24'
# set interfaces ethernet eth2 address '192.0.2.10/24'
# set interfaces ethernet eth2 address '192.0.2.11/24'
# set interfaces ethernet eth2 address '2001:db8::10/32'
# set interfaces ethernet eth2 address '2001:db8::11/32'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth3 address '198.51.100.10/24'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 vif 101 address '198.51.100.130/25'
# set interfaces ethernet eth3 vif 101 address '198.51.100.131/25'
# set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34'
# set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34'
#
- name: Replace device configurations of listed interfaces with provided configurations
vyos.vyos.vyos_l3_interfaces:
config:
- - name: eth2
- ipv4:
- - address: 192.0.2.10/24
+ - name: eth2
+ ipv4:
+ - address: 192.0.2.10/24
- - name: eth3
- ipv6:
- - address: 2001:db8::11/32
+ - name: eth3
+ ipv6:
+ - address: 2001:db8::11/32
state: replaced
# After state:
# -------------
#
# vyos:~$ show configuration commands | grep eth
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9'
# set interfaces ethernet eth1 address '192.0.2.14/24'
# set interfaces ethernet eth2 address '192.0.2.10/24'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 address '2001:db8::11/32'
# set interfaces ethernet eth3 vif 101
# set interfaces ethernet eth3 vif 102
# Using overridden
#
# Before state
# --------------
#
# vyos@vyos-appliance:~$ show configuration commands | grep eth
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9'
# set interfaces ethernet eth1 address '192.0.2.14/24'
# set interfaces ethernet eth2 address '192.0.2.10/24'
# set interfaces ethernet eth2 address '192.0.2.11/24'
# set interfaces ethernet eth2 address '2001:db8::10/32'
# set interfaces ethernet eth2 address '2001:db8::11/32'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth3 address '198.51.100.10/24'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 vif 101 address '198.51.100.130/25'
# set interfaces ethernet eth3 vif 101 address '198.51.100.131/25'
# set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34'
# set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34'
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_l3_interfaces:
config:
- - name: eth0
- ipv4:
- - address: dhcp
- ipv6:
- - address: dhcpv6
+ - name: eth0
+ ipv4:
+ - address: dhcp
+ ipv6:
+ - address: dhcpv6
state: overridden
# After state
# ------------
#
# vyos@vyos-appliance:~$ show configuration commands | grep eth
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 address 'dhcpv6'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 vif 101
# set interfaces ethernet eth3 vif 102
# Using deleted
#
# Before state
# -------------
# vyos@vyos-appliance:~$ show configuration commands | grep eth
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22'
# set interfaces ethernet eth0 smp-affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9'
# set interfaces ethernet eth1 address '192.0.2.14/24'
# set interfaces ethernet eth2 address '192.0.2.10/24'
# set interfaces ethernet eth2 address '192.0.2.11/24'
# set interfaces ethernet eth2 address '2001:db8::10/32'
# set interfaces ethernet eth2 address '2001:db8::11/32'
# set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23'
# set interfaces ethernet eth3 address '198.51.100.10/24'
# set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c'
# set interfaces ethernet eth3 vif 101 address '198.51.100.130/25'
# set interfaces ethernet eth3 vif 101 address '198.51.100.131/25'
# set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34'
# set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34'
-- name: Delete L3 attributes of given interfaces (Note - This won't delete the interface itself)
+- name: Delete L3 attributes of given interfaces (Note - This won't delete the interface
+ itself)
vyos.vyos.vyos_l3_interfaces:
config:
- - name: eth1
- - name: eth2
- - name: eth3
+ - name: eth1
+ - name: eth2
+ - name: eth3
state: deleted
# After state
# ------------
# vyos@vyos-appliance:~$ show configuration commands | grep eth
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:f3:6c:b5'
# set interfaces ethernet eth0 smp_affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 hw-id '08:00:27:ad:ef:65'
# set interfaces ethernet eth1 smp_affinity 'auto'
# set interfaces ethernet eth2 hw-id '08:00:27:ab:4e:79'
# set interfaces ethernet eth2 smp_affinity 'auto'
# set interfaces ethernet eth3 hw-id '08:00:27:17:3c:85'
# set interfaces ethernet eth3 smp_affinity 'auto'
# Using gathered
#
# Before state:
# -------------
#
# vyos:~$ show configuration commands | grep -e eth[2,3,0]
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19'
# set interfaces ethernet eth0 smp_affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 address '192.0.2.14/24'
# set interfaces ethernet eth2 address '192.0.2.11/24'
# set interfaces ethernet eth2 address '192.0.2.10/24'
# set interfaces ethernet eth2 address '2001:db8::10/32'
# set interfaces ethernet eth2 address '2001:db8::12/32'
#
- name: Gather listed l3 interfaces with provided configurations
vyos.vyos.vyos_l3_interfaces:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "ipv4": [
# {
# "address": "192.0.2.11/24"
# },
# {
# "address": "192.0.2.10/24"
# }
# ],
# "ipv6": [
# {
# "address": "2001:db8::10/32"
# },
# {
# "address": "2001:db8::12/32"
# }
# ],
# "name": "eth2"
# },
# {
# "ipv4": [
# {
# "address": "192.0.2.14/24"
# }
# ],
# "name": "eth1"
# },
# {
# "ipv4": [
# {
# "address": "dhcp"
# }
# ],
# "name": "eth0"
# }
# ]
#
#
# After state:
# -------------
#
# vyos:~$ show configuration commands | grep -e eth[2,3]
# set interfaces ethernet eth0 address 'dhcp'
# set interfaces ethernet eth0 duplex 'auto'
# set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19'
# set interfaces ethernet eth0 smp_affinity 'auto'
# set interfaces ethernet eth0 speed 'auto'
# set interfaces ethernet eth1 address '192.0.2.14/24'
# set interfaces ethernet eth2 address '192.0.2.11/24'
# set interfaces ethernet eth2 address '192.0.2.10/24'
# set interfaces ethernet eth2 address '2001:db8::10/32'
# set interfaces ethernet eth2 address '2001:db8::12/32'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_l3_interfaces:
config:
- - name: eth1
- ipv4:
- - address: 192.0.2.14/24
- - name: eth2
- ipv4:
- - address: 192.0.2.10/24
- - address: 192.0.2.11/24
- ipv6:
- - address: 2001:db8::10/32
- - address: 2001:db8::12/32
+ - name: eth1
+ ipv4:
+ - address: 192.0.2.14/24
+ - name: eth2
+ ipv4:
+ - address: 192.0.2.10/24
+ - address: 192.0.2.11/24
+ ipv6:
+ - address: 2001:db8::10/32
+ - address: 2001:db8::12/32
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set interfaces ethernet eth1 address '192.0.2.14/24'",
# "set interfaces ethernet eth2 address '192.0.2.11/24'",
# "set interfaces ethernet eth2 address '192.0.2.10/24'",
# "set interfaces ethernet eth2 address '2001:db8::10/32'",
# "set interfaces ethernet eth2 address '2001:db8::12/32'"
# ]
# Using parsed
#
#
- name: parse the provided running configuration
vyos.vyos.vyos_l3_interfaces:
running_config:
"set interfaces ethernet eth0 address 'dhcp'
- set interfaces ethernet eth1 address '192.0.2.14/24'
- set interfaces ethernet eth2 address '192.0.2.10/24'
- set interfaces ethernet eth2 address '192.0.2.11/24'
- set interfaces ethernet eth2 address '2001:db8::10/32'
- set interfaces ethernet eth2 address '2001:db8::12/32'"
+ set interfaces ethernet eth1 address '192.0.2.14/24'
+ set interfaces ethernet eth2 address '192.0.2.10/24'
+ set interfaces ethernet eth2 address '192.0.2.11/24'
+ set interfaces ethernet eth2 address '2001:db8::10/32'
+ set interfaces ethernet eth2 address '2001:db8::12/32'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": [
# {
# "ipv4": [
# {
# "address": "192.0.2.10/24"
# },
# {
# "address": "192.0.2.11/24"
# }
# ],
# "ipv6": [
# {
# "address": "2001:db8::10/32"
# },
# {
# "address": "2001:db8::12/32"
# }
# ],
# "name": "eth2"
# },
# {
# "ipv4": [
# {
# "address": "192.0.2.14/24"
# }
# ],
# "name": "eth1"
# },
# {
# "ipv4": [
# {
# "address": "dhcp"
# }
# ],
# "name": "eth0"
# }
# ]
"""
RETURN = """
before:
description: The configuration as structured data prior to module invocation.
returned: always
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The configuration as structured data after module completion.
returned: when changed
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample: ['set interfaces ethernet eth1 192.0.2.14/2', 'set interfaces ethernet eth3 vif 101 address 198.51.100.130/25']
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.l3_interfaces.l3_interfaces import (
L3_interfacesArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.l3_interfaces.l3_interfaces import (
L3_interfaces,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "overridden", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=L3_interfacesArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = L3_interfaces(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_lag_interfaces.py b/plugins/modules/vyos_lag_interfaces.py
index 1ba511c..c2868a8 100644
--- a/plugins/modules/vyos_lag_interfaces.py
+++ b/plugins/modules/vyos_lag_interfaces.py
@@ -1,777 +1,778 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_lag_interfaces
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {"metadata_version": "1.1", "supported_by": "Ansible"}
-DOCUMENTATION = """module: vyos_lag_interfaces
+DOCUMENTATION = """
+module: vyos_lag_interfaces
short_description: LAG interfaces resource module
description: This module manages attributes of link aggregation groups on VyOS network
devices.
-version_added: "1.0.0"
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
author: Rohit Thakur (@rohitthakur2590)
options:
config:
description: A list of link aggregation group configurations.
type: list
suboptions:
name:
description:
- Name of the link aggregation group (LAG) or bond.
type: str
required: true
mode:
description:
- LAG or bond mode.
type: str
choices:
- 802.3ad
- active-backup
- broadcast
- round-robin
- transmit-load-balance
- adaptive-load-balance
- xor-hash
members:
description:
- List of member interfaces for the LAG (bond).
type: list
suboptions:
member:
description:
- Name of the member interface.
type: str
primary:
description:
- Primary device interfaces for the LAG (bond).
type: str
hash_policy:
description:
- LAG or bonding transmit hash policy.
type: str
choices:
- layer2
- layer2+3
- layer3+4
arp_monitor:
description:
- ARP Link monitoring parameters.
type: dict
suboptions:
interval:
description:
- ARP link monitoring frequency in milliseconds.
type: int
target:
description:
- IP address to use for ARP monitoring.
type: list
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep bond).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep bond).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
- The state of the configuration after module completion.
type: str
choices:
- merged
- replaced
- overridden
- deleted
- parsed
- gathered
- rendered
default: merged
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2
# set interfaces bonding bond3
#
- name: Merge provided configuration with device configuration
vyos.vyos.vyos_lag_interfaces:
config:
- - name: bond2
- mode: active-backup
- members:
- - member: eth2
- - member: eth1
- hash_policy: layer2
- primary: eth2
+ - name: bond2
+ mode: active-backup
+ members:
+ - member: eth2
+ - member: eth1
+ hash_policy: layer2
+ primary: eth2
- - name: 'bond3'
- mode: 'active-backup'
- hash_policy: 'layer2+3'
- members:
- - member: eth3
- primary: 'eth3'
+ - name: bond3
+ mode: active-backup
+ hash_policy: layer2+3
+ members:
+ - member: eth3
+ primary: eth3
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "name": "bond2"
# },
# {
# "name": "bond3"
# }
# ],
#
# "commands": [
# "set interfaces bonding bond2 hash-policy 'layer2'",
# "set interfaces bonding bond2 mode 'active-backup'",
# "set interfaces ethernet eth2 bond-group bond2",
# "set interfaces ethernet eth1 bond-group bond2",
# "set interfaces bonding bond2 primary 'eth2'",
# "set interfaces bonding bond3 hash-policy 'layer2+3'",
# "set interfaces bonding bond3 mode 'active-backup'",
# "set interfaces ethernet eth3 bond-group bond3",
# "set interfaces bonding bond3 primary 'eth3'"
# ]
#
# "after": [
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth1"
# },
# {
# "member": "eth2"
# }
# ],
# "mode": "active-backup",
# "name": "bond2",
# "primary": "eth2"
# },
# {
# "hash_policy": "layer2+3",
# "members": [
# {
# "member": "eth3"
# }
# ],
# "mode": "active-backup",
# "name": "bond3",
# "primary": "eth3"
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2 hash-policy 'layer2'
# set interfaces bonding bond2 mode 'active-backup'
# set interfaces bonding bond2 primary 'eth2'
# set interfaces bonding bond3 hash-policy 'layer2+3'
# set interfaces bonding bond3 mode 'active-backup'
# set interfaces bonding bond3 primary 'eth3'
# set interfaces ethernet eth1 bond-group 'bond2'
# set interfaces ethernet eth2 bond-group 'bond2'
# set interfaces ethernet eth3 bond-group 'bond3'
# Using replaced
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2 hash-policy 'layer2'
# set interfaces bonding bond2 mode 'active-backup'
# set interfaces bonding bond2 primary 'eth2'
# set interfaces bonding bond3 hash-policy 'layer2+3'
# set interfaces bonding bond3 mode 'active-backup'
# set interfaces bonding bond3 primary 'eth3'
# set interfaces ethernet eth1 bond-group 'bond2'
# set interfaces ethernet eth2 bond-group 'bond2'
# set interfaces ethernet eth3 bond-group 'bond3'
#
- name: Replace device configurations of listed LAGs with provided configurations
vyos.vyos.vyos_lag_interfaces:
config:
- - name: bond3
- mode: '802.3ad'
- hash_policy: 'layer2'
- members:
- - member: eth3
+ - name: bond3
+ mode: 802.3ad
+ hash_policy: layer2
+ members:
+ - member: eth3
state: replaced
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth1"
# },
# {
# "member": "eth2"
# }
# ],
# "mode": "active-backup",
# "name": "bond2",
# "primary": "eth2"
# },
# {
# "hash_policy": "layer2+3",
# "members": [
# {
# "member": "eth3"
# }
# ],
# "mode": "active-backup",
# "name": "bond3",
# "primary": "eth3"
# }
# ],
#
# "commands": [
# "delete interfaces bonding bond3 primary",
# "set interfaces bonding bond3 hash-policy 'layer2'",
# "set interfaces bonding bond3 mode '802.3ad'"
# ],
#
# "after": [
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth1"
# },
# {
# "member": "eth2"
# }
# ],
# "mode": "active-backup",
# "name": "bond2",
# "primary": "eth2"
# },
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth3"
# }
# ],
# "mode": "802.3ad",
# "name": "bond3"
# }
# ],
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2 hash-policy 'layer2'
# set interfaces bonding bond2 mode 'active-backup'
# set interfaces bonding bond2 primary 'eth2'
# set interfaces bonding bond3 hash-policy 'layer2'
# set interfaces bonding bond3 mode '802.3ad'
# set interfaces ethernet eth1 bond-group 'bond2'
# set interfaces ethernet eth2 bond-group 'bond2'
# set interfaces ethernet eth3 bond-group 'bond3'
# Using overridden
#
# Before state
# --------------
#
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2 hash-policy 'layer2'
# set interfaces bonding bond2 mode 'active-backup'
# set interfaces bonding bond2 primary 'eth2'
# set interfaces bonding bond3 hash-policy 'layer2'
# set interfaces bonding bond3 mode '802.3ad'
# set interfaces ethernet eth1 bond-group 'bond2'
# set interfaces ethernet eth2 bond-group 'bond2'
# set interfaces ethernet eth3 bond-group 'bond3'
#
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_lag_interfaces:
config:
- - name: bond3
- mode: active-backup
- members:
- - member: eth1
- - member: eth2
- - member: eth3
- primary: eth3
- hash_policy: layer2
+ - name: bond3
+ mode: active-backup
+ members:
+ - member: eth1
+ - member: eth2
+ - member: eth3
+ primary: eth3
+ hash_policy: layer2
state: overridden
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth1"
# },
# {
# "member": "eth2"
# }
# ],
# "mode": "active-backup",
# "name": "bond2",
# "primary": "eth2"
# },
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth3"
# }
# ],
# "mode": "802.3ad",
# "name": "bond3"
# }
# ],
#
# "commands": [
# "delete interfaces bonding bond2 hash-policy",
# "delete interfaces ethernet eth1 bond-group bond2",
# "delete interfaces ethernet eth2 bond-group bond2",
# "delete interfaces bonding bond2 mode",
# "delete interfaces bonding bond2 primary",
# "set interfaces bonding bond3 mode 'active-backup'",
# "set interfaces ethernet eth1 bond-group bond3",
# "set interfaces ethernet eth2 bond-group bond3",
# "set interfaces bonding bond3 primary 'eth3'"
# ],
#
# "after": [
# {
# "name": "bond2"
# },
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth1"
# },
# {
# "member": "eth2"
# },
# {
# "member": "eth3"
# }
# ],
# "mode": "active-backup",
# "name": "bond3",
# "primary": "eth3"
# }
# ],
#
#
# After state
# ------------
#
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2
# set interfaces bonding bond3 hash-policy 'layer2'
# set interfaces bonding bond3 mode 'active-backup'
# set interfaces bonding bond3 primary 'eth3'
# set interfaces ethernet eth1 bond-group 'bond3'
# set interfaces ethernet eth2 bond-group 'bond3'
# set interfaces ethernet eth3 bond-group 'bond3'
# Using deleted
#
# Before state
# -------------
#
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2 hash-policy 'layer2'
# set interfaces bonding bond2 mode 'active-backup'
# set interfaces bonding bond2 primary 'eth2'
# set interfaces bonding bond3 hash-policy 'layer2+3'
# set interfaces bonding bond3 mode 'active-backup'
# set interfaces bonding bond3 primary 'eth3'
# set interfaces ethernet eth1 bond-group 'bond2'
# set interfaces ethernet eth2 bond-group 'bond2'
# set interfaces ethernet eth3 bond-group 'bond3'
#
-- name: Delete LAG attributes of given interfaces (Note This won't delete the interface itself)
+- name: Delete LAG attributes of given interfaces (Note This won't delete the interface
+ itself)
vyos.vyos.vyos_lag_interfaces:
config:
- - name: bond2
- - name: bond3
+ - name: bond2
+ - name: bond3
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": [
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth1"
# },
# {
# "member": "eth2"
# }
# ],
# "mode": "active-backup",
# "name": "bond2",
# "primary": "eth2"
# },
# {
# "hash_policy": "layer2+3",
# "members": [
# {
# "member": "eth3"
# }
# ],
# "mode": "active-backup",
# "name": "bond3",
# "primary": "eth3"
# }
# ],
# "commands": [
# "delete interfaces bonding bond2 hash-policy",
# "delete interfaces ethernet eth1 bond-group bond2",
# "delete interfaces ethernet eth2 bond-group bond2",
# "delete interfaces bonding bond2 mode",
# "delete interfaces bonding bond2 primary",
# "delete interfaces bonding bond3 hash-policy",
# "delete interfaces ethernet eth3 bond-group bond3",
# "delete interfaces bonding bond3 mode",
# "delete interfaces bonding bond3 primary"
# ],
#
# "after": [
# {
# "name": "bond2"
# },
# {
# "name": "bond3"
# }
# ],
#
# After state
# ------------
# vyos@vyos:~$ show configuration commands | grep bond
# set interfaces bonding bond2
# set interfaces bonding bond3
# Using gathered
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep bond
# set interfaces bonding bond0 hash-policy 'layer2'
# set interfaces bonding bond0 mode 'active-backup'
# set interfaces bonding bond0 primary 'eth1'
# set interfaces bonding bond1 hash-policy 'layer2+3'
# set interfaces bonding bond1 mode 'active-backup'
# set interfaces bonding bond1 primary 'eth2'
# set interfaces ethernet eth1 bond-group 'bond0'
# set interfaces ethernet eth2 bond-group 'bond1'
#
- name: Gather listed lag interfaces with provided configurations
vyos.vyos.vyos_lag_interfaces:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "afi": "ipv6",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "This is ipv6 specific rule-set",
# "name": "UPLINK",
# "rules": [
# {
# "action": "accept",
# "description": "Fwipv6-Rule 1 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 1
# },
# {
# "action": "accept",
# "description": "Fwipv6-Rule 2 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 2
# }
# ]
# }
# ]
# },
# {
# "afi": "ipv4",
# "rule_sets": [
# {
# "default_action": "accept",
# "description": "IPv4 INBOUND rule set",
# "name": "INBOUND",
# "rules": [
# {
# "action": "accept",
# "description": "Rule 101 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 101
# },
# {
# "action": "reject",
# "description": "Rule 102 is configured by Ansible",
# "ipsec": "match-ipsec",
# "number": 102
# },
# {
# "action": "accept",
# "description": "Rule 103 is configured by Ansible",
# "destination": {
# "group": {
# "address_group": "inbound"
# }
# },
# "number": 103,
# "source": {
# "address": "192.0.2.0"
# },
# "state": {
# "established": true,
# "invalid": false,
# "new": false,
# "related": true
# }
# }
# ]
# }
# ]
# }
# ]
#
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep bond
# set interfaces bonding bond0 hash-policy 'layer2'
# set interfaces bonding bond0 mode 'active-backup'
# set interfaces bonding bond0 primary 'eth1'
# set interfaces bonding bond1 hash-policy 'layer2+3'
# set interfaces bonding bond1 mode 'active-backup'
# set interfaces bonding bond1 primary 'eth2'
# set interfaces ethernet eth1 bond-group 'bond0'
# set interfaces ethernet eth2 bond-group 'bond1'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_lag_interfaces:
config:
- - name: bond0
- hash_policy: layer2
- members:
- - member: eth1
- mode: active-backup
- primary: eth1
- - name: bond1
- hash_policy: layer2+3
- members:
- - member: eth2
- mode: active-backup
- primary: eth2
+ - name: bond0
+ hash_policy: layer2
+ members:
+ - member: eth1
+ mode: active-backup
+ primary: eth1
+ - name: bond1
+ hash_policy: layer2+3
+ members:
+ - member: eth2
+ mode: active-backup
+ primary: eth2
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set interfaces bonding bond0 hash-policy 'layer2'",
# "set interfaces ethernet eth1 bond-group 'bond0'",
# "set interfaces bonding bond0 mode 'active-backup'",
# "set interfaces bonding bond0 primary 'eth1'",
# "set interfaces bonding bond1 hash-policy 'layer2+3'",
# "set interfaces ethernet eth2 bond-group 'bond1'",
# "set interfaces bonding bond1 mode 'active-backup'",
# "set interfaces bonding bond1 primary 'eth2'"
# ]
# Using parsed
#
#
- name: Parsed the commands for provided configuration
vyos.vyos.vyos_l3_interfaces:
running_config:
"set interfaces bonding bond0 hash-policy 'layer2'
- set interfaces bonding bond0 mode 'active-backup'
- set interfaces bonding bond0 primary 'eth1'
- set interfaces bonding bond1 hash-policy 'layer2+3'
- set interfaces bonding bond1 mode 'active-backup'
- set interfaces bonding bond1 primary 'eth2'
- set interfaces ethernet eth1 bond-group 'bond0'
- set interfaces ethernet eth2 bond-group 'bond1'"
+ set interfaces bonding bond0 mode 'active-backup'
+ set interfaces bonding bond0 primary 'eth1'
+ set interfaces bonding bond1 hash-policy 'layer2+3'
+ set interfaces bonding bond1 mode 'active-backup'
+ set interfaces bonding bond1 primary 'eth2'
+ set interfaces ethernet eth1 bond-group 'bond0'
+ set interfaces ethernet eth2 bond-group 'bond1'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": [
# {
# "hash_policy": "layer2",
# "members": [
# {
# "member": "eth1"
# }
# ],
# "mode": "active-backup",
# "name": "bond0",
# "primary": "eth1"
# },
# {
# "hash_policy": "layer2+3",
# "members": [
# {
# "member": "eth2"
# }
# ],
# "mode": "active-backup",
# "name": "bond1",
# "primary": "eth2"
# }
# ]
"""
RETURN = """
before:
description: The configuration as structured data prior to module invocation.
returned: always
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The configuration as structured data after module completion.
returned: when changed
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample:
- 'set interfaces bonding bond2'
- 'set interfaces bonding bond2 hash-policy layer2'
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.lag_interfaces.lag_interfaces import (
Lag_interfacesArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.lag_interfaces.lag_interfaces import (
Lag_interfaces,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "overridden", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Lag_interfacesArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Lag_interfaces(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_linkagg.py b/plugins/modules/vyos_linkagg.py
index 6810a54..0d939b2 100644
--- a/plugins/modules/vyos_linkagg.py
+++ b/plugins/modules/vyos_linkagg.py
@@ -1,327 +1,324 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["deprecated"],
- "supported_by": "network",
-}
-
-DOCUMENTATION = """module: vyos_linkagg
+DOCUMENTATION = """
+module: vyos_linkagg
author: Ricardo Carrillo Cruz (@rcarrillocruz)
-short_description: Manage link aggregation groups on VyOS network devices
+short_description: (deprecated) Manage link aggregation groups on VyOS network devices
description:
- This module provides declarative management of link aggregation groups on VyOS network
devices.
+version_added: 1.0.0
deprecated:
removed_in: '2.13'
alternative: vyos_lag_interfaces
why: Updated modules released with more functionality.
notes:
- Tested against VYOS 1.1.7
options:
name:
description:
- Name of the link aggregation group.
required: true
type: str
mode:
description:
- Mode of the link aggregation group.
choices:
- 802.3ad
- active-backup
- broadcast
- round-robin
- transmit-load-balance
- adaptive-load-balance
- xor-hash
- - 'on'
+ - on
type: str
members:
description:
- List of members of the link aggregation group.
type: list
aggregate:
description: List of link aggregation definitions.
type: list
state:
description:
- State of the link aggregation group.
default: present
choices:
- present
- absent
- up
- down
type: str
extends_documentation_fragment:
- vyos.vyos.vyos
+
"""
EXAMPLES = """
- name: configure link aggregation group
- vyos_linkagg:
+ vyos.vyos.vyos_linkagg:
name: bond0
members:
- - eth0
- - eth1
+ - eth0
+ - eth1
- name: remove configuration
- vyos_linkagg:
+ vyos.vyos.vyos_linkagg:
name: bond0
state: absent
- name: Create aggregate of linkagg definitions
- vyos_linkagg:
+ vyos.vyos.vyos_linkagg:
aggregate:
- - { name: bond0, members: [eth1] }
- - { name: bond1, members: [eth2] }
+ - {name: bond0, members: [eth1]}
+ - {name: bond1, members: [eth2]}
- name: Remove aggregate of linkagg definitions
- vyos_linkagg:
+ vyos.vyos.vyos_linkagg:
aggregate:
- - name: bond0
- - name: bond1
+ - name: bond0
+ - name: bond1
state: absent
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always, except for the platforms that use Netconf transport to manage the device.
type: list
sample:
- set interfaces bonding bond0
- set interfaces ethernet eth0 bond-group 'bond0'
- set interfaces ethernet eth1 bond-group 'bond0'
"""
from copy import deepcopy
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import (
remove_default_spec,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
load_config,
run_commands,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def search_obj_in_list(name, lst):
for o in lst:
if o["name"] == name:
return o
return None
def map_obj_to_commands(updates, module):
commands = list()
want, have = updates
for w in want:
name = w["name"]
members = w.get("members") or []
mode = w["mode"]
if mode == "on":
mode = "802.3ad"
state = w["state"]
obj_in_have = search_obj_in_list(name, have)
if state == "absent":
if obj_in_have:
for m in obj_in_have["members"]:
commands.append(
"delete interfaces ethernet " + m + " bond-group"
)
commands.append("delete interfaces bonding " + name)
else:
if not obj_in_have:
commands.append(
"set interfaces bonding " + name + " mode " + mode
)
for m in members:
commands.append(
"set interfaces ethernet " + m + " bond-group " + name
)
if state == "down":
commands.append(
"set interfaces bonding " + name + " disable"
)
else:
if mode != obj_in_have["mode"]:
commands.append(
"set interfaces bonding " + name + " mode " + mode
)
missing_members = list(
set(members) - set(obj_in_have["members"])
)
for m in missing_members:
commands.append(
"set interfaces ethernet " + m + " bond-group " + name
)
if state == "down" and obj_in_have["state"] == "up":
commands.append(
"set interfaces bonding " + name + " disable"
)
elif state == "up" and obj_in_have["state"] == "down":
commands.append(
"delete interfaces bonding " + name + " disable"
)
return commands
def map_config_to_obj(module):
obj = []
output = run_commands(module, ["show interfaces bonding slaves"])
lines = output[0].splitlines()
if len(lines) > 1:
for line in lines[1:]:
splitted_line = line.split()
name = splitted_line[0]
mode = splitted_line[1]
state = splitted_line[2]
if len(splitted_line) > 4:
members = splitted_line[4:]
else:
members = []
obj.append(
{
"name": name,
"mode": mode,
"members": members,
"state": state,
}
)
return obj
def map_params_to_obj(module):
obj = []
aggregate = module.params.get("aggregate")
if aggregate:
for item in aggregate:
for key in item:
if item.get(key) is None:
item[key] = module.params[key]
obj.append(item.copy())
else:
obj.append(
{
"name": module.params["name"],
"mode": module.params["mode"],
"members": module.params["members"],
"state": module.params["state"],
}
)
return obj
def main():
""" main entry point for module execution
"""
element_spec = dict(
name=dict(),
mode=dict(
choices=[
"802.3ad",
"active-backup",
"broadcast",
"round-robin",
"transmit-load-balance",
"adaptive-load-balance",
"xor-hash",
"on",
],
default="802.3ad",
),
members=dict(type="list"),
state=dict(
default="present", choices=["present", "absent", "up", "down"]
),
)
aggregate_spec = deepcopy(element_spec)
aggregate_spec["name"] = dict(required=True)
# remove default in aggregate spec, to handle common arguments
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type="list", elements="dict", options=aggregate_spec),
)
argument_spec.update(element_spec)
argument_spec.update(vyos_argument_spec)
required_one_of = [["name", "aggregate"]]
mutually_exclusive = [["name", "aggregate"]]
module = AnsibleModule(
argument_spec=argument_spec,
required_one_of=required_one_of,
mutually_exclusive=mutually_exclusive,
supports_check_mode=True,
)
warnings = list()
result = {"changed": False}
if warnings:
result["warnings"] = warnings
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands((want, have), module)
result["commands"] = commands
if commands:
commit = not module.check_mode
load_config(module, commands, commit=commit)
result["changed"] = True
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_lldp.py b/plugins/modules/vyos_lldp.py
index aa7a316..5b697c2 100644
--- a/plugins/modules/vyos_lldp.py
+++ b/plugins/modules/vyos_lldp.py
@@ -1,145 +1,141 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["deprecated"],
- "supported_by": "network",
-}
-
-
-DOCUMENTATION = """module: vyos_lldp
+DOCUMENTATION = """
+module: vyos_lldp
author: Ricardo Carrillo Cruz (@rcarrillocruz)
-short_description: Manage LLDP configuration on VyOS network devices
+short_description: (deprecated) Manage LLDP configuration on VyOS network devices
description:
- This module provides declarative management of LLDP service on VyOS network devices.
+version_added: 1.0.0
deprecated:
removed_in: '2.13'
alternative: vyos_lldp_global
why: Updated modules released with more functionality.
notes:
- Tested against VYOS 1.1.7
options:
interfaces:
description:
- Name of the interfaces.
type: list
state:
description:
- State of the link aggregation group.
default: present
choices:
- present
- absent
- enabled
- disabled
type: str
extends_documentation_fragment:
- vyos.vyos.vyos
+
"""
EXAMPLES = """
- name: Enable LLDP service
- vyos_lldp:
+ vyos.vyos.vyos_lldp:
state: present
- name: Disable LLDP service
- vyos_lldp:
+ vyos.vyos.vyos_lldp:
state: absent
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always, except for the platforms that use Netconf transport to manage the device.
type: list
sample:
- set service lldp
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
get_config,
load_config,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def has_lldp(module):
config = get_config(module).splitlines()
if "set service 'lldp'" in config or "set service lldp" in config:
return True
else:
return False
def main():
""" main entry point for module execution
"""
argument_spec = dict(
interfaces=dict(type="list"),
state=dict(
default="present",
choices=["present", "absent", "enabled", "disabled"],
),
)
argument_spec.update(vyos_argument_spec)
module = AnsibleModule(
argument_spec=argument_spec, supports_check_mode=True
)
warnings = list()
result = {"changed": False}
if warnings:
result["warnings"] = warnings
HAS_LLDP = has_lldp(module)
commands = []
if module.params["state"] == "absent" and HAS_LLDP:
commands.append("delete service lldp")
elif module.params["state"] == "present" and not HAS_LLDP:
commands.append("set service lldp")
result["commands"] = commands
if commands:
commit = not module.check_mode
load_config(module, commands, commit=commit)
result["changed"] = True
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_lldp_global.py b/plugins/modules/vyos_lldp_global.py
index 3a93c95..017133e 100644
--- a/plugins/modules/vyos_lldp_global.py
+++ b/plugins/modules/vyos_lldp_global.py
@@ -1,499 +1,501 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_lldp_global
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {"metadata_version": "1.1", "supported_by": "Ansible"}
-DOCUMENTATION = """module: vyos_lldp_global
+DOCUMENTATION = """
+module: vyos_lldp_global
short_description: LLDP global resource module
description: This module manages link layer discovery protocol (LLDP) attributes on
VyOS devices.
-version_added: "1.0.0"
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
author:
- Rohit Thakur (@rohitthakur2590)
options:
config:
description: The provided link layer discovery protocol (LLDP) configuration.
type: dict
suboptions:
enable:
description:
- This argument is a boolean value to enable or disable LLDP.
type: bool
address:
description:
- This argument defines management-address.
type: str
snmp:
description:
- This argument enable the SNMP queries to LLDP database.
type: str
legacy_protocols:
description:
- List of the supported legacy protocols.
type: list
choices:
- cdp
- edp
- fdp
- sonmp
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep lldp).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep lldp).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
- The state of the configuration after module completion.
type: str
choices:
- merged
- replaced
- deleted
- gathered
- rendered
- parsed
default: merged
+
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands|grep lldp
#
- name: Merge provided configuration with device configuration
vyos.vyos.vyos_lldp_global:
config:
legacy_protocols:
- - 'fdp'
- - 'cdp'
- snmp: 'enable'
+ - fdp
+ - cdp
+ snmp: enable
address: 192.0.2.11
state: merged
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": []
#
# "commands": [
# "set service lldp legacy-protocols fdp",
# "set service lldp legacy-protocols cdp",
# "set service lldp snmp enable",
# "set service lldp management-address '192.0.2.11'"
# ]
#
# "after": [
# {
# "snmp": "enable"
# },
# {
# "address": "192.0.2.11"
# },
# {
# "legacy_protocols": [
# "cdp",
# "fdp"
# ]
# }
# {
# "enable": true
# }
# ]
#
# After state:
# -------------
#
# set service lldp legacy-protocols cdp
# set service lldp legacy-protocols fdp
# set service lldp management-address '192.0.2.11'
# set service lldp snmp enable
# Using replaced
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep lldp
# set service lldp legacy-protocols cdp
# set service lldp legacy-protocols fdp
# set service lldp management-address '192.0.2.11'
# set service lldp snmp enable
#
- name: Replace device configurations with provided configurations
vyos.vyos.vyos_lldp_global:
config:
legacy_protocols:
- - 'edp'
- - 'sonmp'
- - 'cdp'
+ - edp
+ - sonmp
+ - cdp
address: 192.0.2.14
state: replaced
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
#
# "before": [
# {
# "snmp": "enable"
# },
# {
# "address": "192.0.2.11"
# },
# {
# "legacy_protocols": [
# "cdp",
# "fdp"
# ]
# }
# {
# "enable": true
# }
# ]
# "commands": [
# "delete service lldp snmp",
# "delete service lldp legacy-protocols fdp",
# "set service lldp management-address '192.0.2.14'",
# "set service lldp legacy-protocols edp",
# "set service lldp legacy-protocols sonmp"
# ]
#
# "after": [
# {
# "address": "192.0.2.14"
# },
# {
# "legacy_protocols": [
# "cdp",
# "edp",
# "sonmp"
# ]
# }
# {
# "enable": true
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands|grep lldp
# set service lldp legacy-protocols cdp
# set service lldp legacy-protocols edp
# set service lldp legacy-protocols sonmp
# set service lldp management-address '192.0.2.14'
# Using deleted
#
# Before state
# -------------
# vyos@vyos:~$ show configuration commands|grep lldp
# set service lldp legacy-protocols cdp
# set service lldp legacy-protocols edp
# set service lldp legacy-protocols sonmp
# set service lldp management-address '192.0.2.14'
#
-- name: Delete attributes of given lldp service (This won't delete the LLDP service itself)
+- name: Delete attributes of given lldp service (This won't delete the LLDP service
+ itself)
vyos.vyos.vyos_lldp_global:
config:
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": [
# {
# "address": "192.0.2.14"
# },
# {
# "legacy_protocols": [
# "cdp",
# "edp",
# "sonmp"
# ]
# }
# {
# "enable": true
# }
# ]
#
# "commands": [
# "delete service lldp management-address",
# "delete service lldp legacy-protocols"
# ]
#
# "after": [
# {
# "enable": true
# }
# ]
#
# After state
# ------------
# vyos@vyos:~$ show configuration commands | grep lldp
# set service lldp
# Using gathered
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep lldp
# set service lldp legacy-protocols 'cdp'
# set service lldp management-address '192.0.2.17'
#
- name: Gather lldp global config with provided configurations
vyos.vyos.vyos_lldp_global:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "config_trap": true,
# "group": {
# "address_group": [
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.3.1"
# },
# {
# "address": "192.0.3.2"
# }
# ],
# "name": "ENG-HOSTS"
# },
# {
# "description": "Sales office hosts address list",
# "members": [
# {
# "address": "192.0.2.1"
# },
# {
# "address": "192.0.2.2"
# },
# {
# "address": "192.0.2.3"
# }
# ],
# "name": "SALES-HOSTS"
# }
# ],
# "network_group": [
# {
# "description": "This group has the Management network addresses",
# "members": [
# {
# "address": "192.0.1.0/24"
# }
# ],
# "name": "MGMT"
# }
# ]
# },
# "log_martians": true,
# "ping": {
# "all": true,
# "broadcast": true
# },
# "route_redirects": [
# {
# "afi": "ipv4",
# "icmp_redirects": {
# "receive": false,
# "send": true
# },
# "ip_src_route": true
# }
# ],
# "state_policy": [
# {
# "action": "accept",
# "connection_type": "established",
# "log": true
# },
# {
# "action": "reject",
# "connection_type": "invalid"
# }
# ],
# "syn_cookies": true,
# "twa_hazards_protection": true,
# "validation": "strict"
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep lldp
# set service lldp legacy-protocols 'cdp'
# set service lldp management-address '192.0.2.17'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_lldp_global:
config:
address: 192.0.2.17
enable: true
legacy_protocols:
- - cdp
+ - cdp
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set service lldp legacy-protocols 'cdp'",
# "set service lldp",
# "set service lldp management-address '192.0.2.17'"
# ]
#
# Using parsed
#
#
- name: Parse the provided commands to provide structured configuration
vyos.vyos.vyos_lldp_global:
running_config:
"set service lldp legacy-protocols 'cdp'
- set service lldp legacy-protocols 'fdp'
- set service lldp management-address '192.0.2.11'"
+ set service lldp legacy-protocols 'fdp'
+ set service lldp management-address '192.0.2.11'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": {
# "address": "192.0.2.11",
# "enable": true,
# "legacy_protocols": [
# "cdp",
# "fdp"
# ]
# }
#
"""
RETURN = """
before:
description: The configuration as structured data prior to module invocation.
returned: always
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The configuration as structured data after module completion.
returned: when changed
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample:
- set service lldp legacy-protocols sonmp
- set service lldp management-address '192.0.2.14'
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.lldp_global.lldp_global import (
Lldp_globalArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.lldp_global.lldp_global import (
Lldp_global,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Lldp_globalArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Lldp_global(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_lldp_interface.py b/plugins/modules/vyos_lldp_interface.py
index 402facf..80d4dbf 100644
--- a/plugins/modules/vyos_lldp_interface.py
+++ b/plugins/modules/vyos_lldp_interface.py
@@ -1,264 +1,261 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["deprecated"],
- "supported_by": "network",
-}
-
-
-DOCUMENTATION = """module: vyos_lldp_interface
+DOCUMENTATION = """
+module: vyos_lldp_interface
author: Ricardo Carrillo Cruz (@rcarrillocruz)
-short_description: Manage LLDP interfaces configuration on VyOS network devices
+short_description: (deprecated) Manage LLDP interfaces configuration on VyOS network
+ devices
description:
- This module provides declarative management of LLDP interfaces configuration on
VyOS network devices.
+version_added: 1.0.0
deprecated:
removed_in: '2.13'
alternative: vyos_lldp_interfaces
why: Updated modules released with more functionality.
notes:
- Tested against VYOS 1.1.7
options:
name:
description:
- Name of the interface LLDP should be configured on.
type: str
aggregate:
description: List of interfaces LLDP should be configured on.
type: list
state:
description:
- State of the LLDP configuration.
default: present
choices:
- present
- absent
- enabled
- disabled
type: str
extends_documentation_fragment:
- vyos.vyos.vyos
+
"""
EXAMPLES = """
- name: Enable LLDP on eth1
net_lldp_interface:
state: present
- name: Enable LLDP on specific interfaces
net_lldp_interface:
interfaces:
- - eth1
- - eth2
+ - eth1
+ - eth2
state: present
- name: Disable LLDP globally
net_lldp_interface:
state: disabled
- name: Create aggregate of LLDP interface configurations
- vyos_lldp_interface:
+ vyos.vyos.vyos_lldp_interface:
aggregate:
- name: eth1
- name: eth2
state: present
- name: Delete aggregate of LLDP interface configurations
- vyos_lldp_interface:
+ vyos.vyos.vyos_lldp_interface:
aggregate:
- name: eth1
- name: eth2
state: absent
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always, except for the platforms that use Netconf transport to manage the device.
type: list
sample:
- set service lldp eth1
- set service lldp eth2 disable
"""
from copy import deepcopy
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import (
remove_default_spec,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
get_config,
load_config,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def search_obj_in_list(name, lst):
for o in lst:
if o["name"] == name:
return o
return None
def map_obj_to_commands(updates, module):
commands = list()
want, have = updates
for w in want:
name = w["name"]
state = w["state"]
obj_in_have = search_obj_in_list(name, have)
if state == "absent" and obj_in_have:
commands.append("delete service lldp interface " + name)
elif state in ("present", "enabled"):
if not obj_in_have:
commands.append("set service lldp interface " + name)
elif (
obj_in_have
and obj_in_have["state"] == "disabled"
and state == "enabled"
):
commands.append(
"delete service lldp interface " + name + " disable"
)
elif state == "disabled":
if not obj_in_have:
commands.append("set service lldp interface " + name)
commands.append(
"set service lldp interface " + name + " disable"
)
elif obj_in_have and obj_in_have["state"] != "disabled":
commands.append(
"set service lldp interface " + name + " disable"
)
return commands
def map_config_to_obj(module):
obj = []
config = get_config(module).splitlines()
output = [c for c in config if c.startswith("set service lldp interface")]
for i in output:
splitted_line = i.split()
if len(splitted_line) > 5:
new_obj = {"name": splitted_line[4]}
if splitted_line[5] == "'disable'":
new_obj["state"] = "disabled"
else:
new_obj = {"name": splitted_line[4][1:-1]}
new_obj["state"] = "present"
obj.append(new_obj)
return obj
def map_params_to_obj(module):
obj = []
aggregate = module.params.get("aggregate")
if aggregate:
for item in aggregate:
for key in item:
if item.get(key) is None:
item[key] = module.params[key]
obj.append(item.copy())
else:
obj.append(
{"name": module.params["name"], "state": module.params["state"]}
)
return obj
def main():
""" main entry point for module execution
"""
element_spec = dict(
name=dict(),
state=dict(
default="present",
choices=["present", "absent", "enabled", "disabled"],
),
)
aggregate_spec = deepcopy(element_spec)
aggregate_spec["name"] = dict(required=True)
# remove default in aggregate spec, to handle common arguments
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type="list", elements="dict", options=aggregate_spec),
)
argument_spec.update(element_spec)
argument_spec.update(vyos_argument_spec)
required_one_of = [["name", "aggregate"]]
mutually_exclusive = [["name", "aggregate"]]
module = AnsibleModule(
argument_spec=argument_spec,
required_one_of=required_one_of,
mutually_exclusive=mutually_exclusive,
supports_check_mode=True,
)
warnings = list()
result = {"changed": False}
if warnings:
result["warnings"] = warnings
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands((want, have), module)
result["commands"] = commands
if commands:
commit = not module.check_mode
load_config(module, commands, commit=commit)
result["changed"] = True
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_lldp_interfaces.py b/plugins/modules/vyos_lldp_interfaces.py
index b26da49..4db7cb0 100644
--- a/plugins/modules/vyos_lldp_interfaces.py
+++ b/plugins/modules/vyos_lldp_interfaces.py
@@ -1,680 +1,673 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_lldp_interfaces
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {"metadata_version": "1.1", "supported_by": "Ansible"}
-DOCUMENTATION = """module: vyos_lldp_interfaces
+DOCUMENTATION = """
+module: vyos_lldp_interfaces
short_description: LLDP interfaces resource module
description: This module manages attributes of lldp interfaces on VyOS network devices.
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
-version_added: "1.0.0"
author:
- Rohit Thakur (@rohitthakur2590)
options:
config:
description: A list of lldp interfaces configurations.
type: list
suboptions:
name:
description:
- Name of the lldp interface.
type: str
required: true
enable:
description:
- to disable lldp on the interface.
type: bool
default: true
location:
description:
- LLDP-MED location data.
type: dict
suboptions:
civic_based:
description:
- Civic-based location data.
type: dict
suboptions:
ca_info:
description: LLDP-MED address info
type: list
suboptions:
ca_type:
description: LLDP-MED Civic Address type.
type: int
required: true
ca_value:
description: LLDP-MED Civic Address value.
type: str
required: true
country_code:
description: Country Code
type: str
required: true
coordinate_based:
description:
- Coordinate-based location.
type: dict
suboptions:
altitude:
description: Altitude in meters.
type: int
datum:
description: Coordinate datum type.
type: str
choices:
- WGS84
- NAD83
- MLLW
latitude:
description: Latitude.
type: str
required: true
longitude:
description: Longitude.
type: str
required: true
elin:
description: Emergency Call Service ELIN number (between 10-25 numbers).
type: str
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep lldp).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep lldp).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
- The state of the configuration after module completion.
type: str
choices:
- merged
- replaced
- overridden
- deleted
- rendered
- parsed
- gathered
default: merged
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep lldp
#
- name: Merge provided configuration with device configuration
vyos.vyos.vyos_lldp_interfaces:
config:
- - name: 'eth1'
- location:
- civic_based:
- country_code: 'US'
- ca_info:
- - ca_type: 0
- ca_value: 'ENGLISH'
+ - name: eth1
+ location:
+ civic_based:
+ country_code: US
+ ca_info:
+ - ca_type: 0
+ ca_value: ENGLISH
- - name: 'eth2'
- location:
- coordinate_based:
- altitude: 2200
- datum: 'WGS84'
- longitude: '222.267255W'
- latitude: '33.524449N'
+ - name: eth2
+ location:
+ coordinate_based:
+ altitude: 2200
+ datum: WGS84
+ longitude: 222.267255W
+ latitude: 33.524449N
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# before": []
#
# "commands": [
# "set service lldp interface eth1 location civic-based country-code 'US'",
# "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'",
# "set service lldp interface eth1",
# "set service lldp interface eth2 location coordinate-based latitude '33.524449N'",
# "set service lldp interface eth2 location coordinate-based altitude '2200'",
# "set service lldp interface eth2 location coordinate-based datum 'WGS84'",
# "set service lldp interface eth2 location coordinate-based longitude '222.267255W'",
# "set service lldp interface eth2 location coordinate-based latitude '33.524449N'",
# "set service lldp interface eth2 location coordinate-based altitude '2200'",
# "set service lldp interface eth2 location coordinate-based datum 'WGS84'",
# "set service lldp interface eth2 location coordinate-based longitude '222.267255W'",
# "set service lldp interface eth2"
#
# "after": [
# {
# "location": {
# "coordinate_based": {
# "altitude": 2200,
# "datum": "WGS84",
# "latitude": "33.524449N",
# "longitude": "222.267255W"
# }
# },
# "name": "eth2"
# },
# {
# "location": {
# "civic_based": {
# "ca_info": [
# {
# "ca_type": 0,
# "ca_value": "ENGLISH"
# }
# ],
# "country_code": "US"
# }
# },
# "name": "eth1"
# }
# ],
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep lldp
# set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'
# set service lldp interface eth1 location civic-based country-code 'US'
# set service lldp interface eth2 location coordinate-based altitude '2200'
# set service lldp interface eth2 location coordinate-based datum 'WGS84'
# set service lldp interface eth2 location coordinate-based latitude '33.524449N'
# set service lldp interface eth2 location coordinate-based longitude '222.267255W'
# Using replaced
#
# Before state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep lldp
# set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'
# set service lldp interface eth1 location civic-based country-code 'US'
# set service lldp interface eth2 location coordinate-based altitude '2200'
# set service lldp interface eth2 location coordinate-based datum 'WGS84'
# set service lldp interface eth2 location coordinate-based latitude '33.524449N'
# set service lldp interface eth2 location coordinate-based longitude '222.267255W'
#
- name: Replace device configurations of listed LLDP interfaces with provided configurations
vyos.vyos.vyos_lldp_interfaces:
config:
- - name: 'eth2'
- location:
- civic_based:
- country_code: 'US'
- ca_info:
- - ca_type: 0
- ca_value: 'ENGLISH'
+ - name: eth2
+ location:
+ civic_based:
+ country_code: US
+ ca_info:
+ - ca_type: 0
+ ca_value: ENGLISH
- - name: 'eth1'
- location:
- coordinate_based:
- altitude: 2200
- datum: 'WGS84'
- longitude: '222.267255W'
- latitude: '33.524449N'
+ - name: eth1
+ location:
+ coordinate_based:
+ altitude: 2200
+ datum: WGS84
+ longitude: 222.267255W
+ latitude: 33.524449N
state: replaced
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "location": {
# "coordinate_based": {
# "altitude": 2200,
# "datum": "WGS84",
# "latitude": "33.524449N",
# "longitude": "222.267255W"
# }
# },
# "name": "eth2"
# },
# {
# "location": {
# "civic_based": {
# "ca_info": [
# {
# "ca_type": 0,
# "ca_value": "ENGLISH"
# }
# ],
# "country_code": "US"
# }
# },
# "name": "eth1"
# }
# ]
#
# "commands": [
# "delete service lldp interface eth2 location",
# "set service lldp interface eth2 'disable'",
# "set service lldp interface eth2 location civic-based country-code 'US'",
# "set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'",
# "delete service lldp interface eth1 location",
# "set service lldp interface eth1 'disable'",
# "set service lldp interface eth1 location coordinate-based latitude '33.524449N'",
# "set service lldp interface eth1 location coordinate-based altitude '2200'",
# "set service lldp interface eth1 location coordinate-based datum 'WGS84'",
# "set service lldp interface eth1 location coordinate-based longitude '222.267255W'"
# ]
#
# "after": [
# {
# "location": {
# "civic_based": {
# "ca_info": [
# {
# "ca_type": 0,
# "ca_value": "ENGLISH"
# }
# ],
# "country_code": "US"
# }
# },
# "name": "eth2"
# },
# {
# "location": {
# "coordinate_based": {
# "altitude": 2200,
# "datum": "WGS84",
# "latitude": "33.524449N",
# "longitude": "222.267255W"
# }
# },
# "name": "eth1"
# }
# ]
#
# After state:
# -------------
#
# vyos@vyos:~$ show configuration commands | grep lldp
# set service lldp interface eth1 'disable'
# set service lldp interface eth1 location coordinate-based altitude '2200'
# set service lldp interface eth1 location coordinate-based datum 'WGS84'
# set service lldp interface eth1 location coordinate-based latitude '33.524449N'
# set service lldp interface eth1 location coordinate-based longitude '222.267255W'
# set service lldp interface eth2 'disable'
# set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'
# set service lldp interface eth2 location civic-based country-code 'US'
# Using overridden
#
# Before state
# --------------
#
# vyos@vyos:~$ show configuration commands | grep lldp
# set service lldp interface eth1 'disable'
# set service lldp interface eth1 location coordinate-based altitude '2200'
# set service lldp interface eth1 location coordinate-based datum 'WGS84'
# set service lldp interface eth1 location coordinate-based latitude '33.524449N'
# set service lldp interface eth1 location coordinate-based longitude '222.267255W'
# set service lldp interface eth2 'disable'
# set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'
# set service lldp interface eth2 location civic-based country-code 'US'
#
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_lldp_interfaces:
config:
- - name: 'eth2'
- location:
- elin: 0000000911
+ - name: eth2
+ location:
+ elin: 0000000911
state: overridden
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": [
# {
# "enable": false,
# "location": {
# "civic_based": {
# "ca_info": [
# {
# "ca_type": 0,
# "ca_value": "ENGLISH"
# }
# ],
# "country_code": "US"
# }
# },
# "name": "eth2"
# },
# {
# "enable": false,
# "location": {
# "coordinate_based": {
# "altitude": 2200,
# "datum": "WGS84",
# "latitude": "33.524449N",
# "longitude": "222.267255W"
# }
# },
# "name": "eth1"
# }
# ]
#
# "commands": [
# "delete service lldp interface eth2 location",
# "delete service lldp interface eth2 disable",
# "set service lldp interface eth2 location elin 0000000911"
#
#
# "after": [
# {
# "location": {
# "elin": 0000000911
# },
# "name": "eth2"
# }
# ]
#
#
# After state
# ------------
#
# vyos@vyos# run show configuration commands | grep lldp
# set service lldp interface eth2 location elin '0000000911'
# Using deleted
#
# Before state
# -------------
#
# vyos@vyos# run show configuration commands | grep lldp
# set service lldp interface eth2 location elin '0000000911'
#
- name: Delete lldp interface attributes of given interfaces.
vyos.vyos.vyos_lldp_interfaces:
config:
- - name: 'eth2'
+ - name: eth2
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
- "before": [
- {
- "location": {
- "elin": 0000000911
- },
- "name": "eth2"
- }
- ]
+ before: [{location: {elin: 0000000911}, name: eth2}]
# "commands": [
# "commands": [
# "delete service lldp interface eth2"
# ]
#
# "after": []
# After state
# ------------
# vyos@vyos# run show configuration commands | grep lldp
# set service 'lldp'
# Using gathered
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep lldp
# set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'
# set service lldp interface eth1 location civic-based country-code 'US'
# set service lldp interface eth2 location coordinate-based altitude '2200'
# set service lldp interface eth2 location coordinate-based datum 'WGS84'
# set service lldp interface eth2 location coordinate-based latitude '33.524449N'
# set service lldp interface eth2 location coordinate-based longitude '222.267255W'
#
- name: Gather listed lldp interfaces from running configuration
vyos.vyos.vyos_lldp_interfaces:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": [
# {
# "location": {
# "coordinate_based": {
# "altitude": 2200,
# "datum": "WGS84",
# "latitude": "33.524449N",
# "longitude": "222.267255W"
# }
# },
# "name": "eth2"
# },
# {
# "location": {
# "civic_based": {
# "ca_info": [
# {
# "ca_type": 0,
# "ca_value": "ENGLISH"
# }
# ],
# "country_code": "US"
# }
# },
# "name": "eth1"
# }
# ]
#
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep lldp
# set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'
# set service lldp interface eth1 location civic-based country-code 'US'
# set service lldp interface eth2 location coordinate-based altitude '2200'
# set service lldp interface eth2 location coordinate-based datum 'WGS84'
# set service lldp interface eth2 location coordinate-based latitude '33.524449N'
# set service lldp interface eth2 location coordinate-based longitude '222.267255W'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_lldp_interfaces:
config:
- - name: eth1
- location:
- civic_based:
- country_code: US
- ca_info:
- - ca_type: 0
- ca_value: ENGLISH
- - name: eth2
- location:
- coordinate_based:
- altitude: 2200
- datum: WGS84
- longitude: 222.267255W
- latitude: 33.524449N
+ - name: eth1
+ location:
+ civic_based:
+ country_code: US
+ ca_info:
+ - ca_type: 0
+ ca_value: ENGLISH
+ - name: eth2
+ location:
+ coordinate_based:
+ altitude: 2200
+ datum: WGS84
+ longitude: 222.267255W
+ latitude: 33.524449N
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# "set service lldp interface eth1 location civic-based country-code 'US'",
# "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'",
# "set service lldp interface eth1",
# "set service lldp interface eth2 location coordinate-based latitude '33.524449N'",
# "set service lldp interface eth2 location coordinate-based altitude '2200'",
# "set service lldp interface eth2 location coordinate-based datum 'WGS84'",
# "set service lldp interface eth2 location coordinate-based longitude '222.267255W'",
# "set service lldp interface eth2"
# ]
# Using parsed
#
#
- name: Parsed the commands to provide structured configuration.
vyos.vyos.vyos_lldp_interfaces:
running_config:
"set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'
- set service lldp interface eth1 location civic-based country-code 'US'
- set service lldp interface eth2 location coordinate-based altitude '2200'
- set service lldp interface eth2 location coordinate-based datum 'WGS84'
- set service lldp interface eth2 location coordinate-based latitude '33.524449N'
- set service lldp interface eth2 location coordinate-based longitude '222.267255W'"
+ set service lldp interface eth1 location civic-based country-code 'US'
+ set service lldp interface eth2 location coordinate-based altitude '2200'
+ set service lldp interface eth2 location coordinate-based datum 'WGS84'
+ set service lldp interface eth2 location coordinate-based latitude '33.524449N'
+ set service lldp interface eth2 location coordinate-based longitude '222.267255W'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": [
# {
# "location": {
# "coordinate_based": {
# "altitude": 2200,
# "datum": "WGS84",
# "latitude": "33.524449N",
# "longitude": "222.267255W"
# }
# },
# "name": "eth2"
# },
# {
# "location": {
# "civic_based": {
# "ca_info": [
# {
# "ca_type": 0,
# "ca_value": "ENGLISH"
# }
# ],
# "country_code": "US"
# }
# },
# "name": "eth1"
# }
# ]
"""
RETURN = """
before:
description: The configuration as structured data prior to module invocation.
returned: always
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The configuration as structured data after module completion.
returned: when changed
type: list
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
sample:
- "set service lldp interface eth2 'disable'"
- "delete service lldp interface eth1 location"
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.lldp_interfaces.lldp_interfaces import (
Lldp_interfacesArgs,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.lldp_interfaces.lldp_interfaces import (
Lldp_interfaces,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "overridden", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Lldp_interfacesArgs.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Lldp_interfaces(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_logging.py b/plugins/modules/vyos_logging.py
index 9f81eb9..8732647 100644
--- a/plugins/modules/vyos_logging.py
+++ b/plugins/modules/vyos_logging.py
@@ -1,300 +1,297 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-DOCUMENTATION = """module: vyos_logging
+DOCUMENTATION = """
+module: vyos_logging
author: Trishna Guha (@trishnaguha)
short_description: Manage logging on network devices
description:
- This module provides declarative management of logging on Vyatta Vyos devices.
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
options:
dest:
description:
- Destination of the logs.
choices:
- console
- file
- global
- host
- user
name:
description:
- If value of C(dest) is I(file) it indicates file-name, for I(user) it indicates
username and for I(host) indicates the host name to be notified.
facility:
description:
- Set logging facility.
level:
description:
- Set logging severity levels.
aggregate:
description: List of logging definitions.
state:
description:
- State of the logging configuration.
default: present
choices:
- present
- absent
extends_documentation_fragment:
- vyos.vyos.vyos
"""
EXAMPLES = """
- name: configure console logging
- vyos_logging:
+ vyos.vyos.vyos_logging:
dest: console
facility: all
level: crit
- name: remove console logging configuration
- vyos_logging:
+ vyos.vyos.vyos_logging:
dest: console
state: absent
- name: configure file logging
- vyos_logging:
+ vyos.vyos.vyos_logging:
dest: file
name: test
facility: local3
level: err
- name: Add logging aggregate
- vyos_logging:
+ vyos.vyos.vyos_logging:
aggregate:
- - { dest: file, name: test1, facility: all, level: info }
- - { dest: file, name: test2, facility: news, level: debug }
+ - {dest: file, name: test1, facility: all, level: info}
+ - {dest: file, name: test2, facility: news, level: debug}
state: present
- name: Remove logging aggregate
- vyos_logging:
+ vyos.vyos.vyos_logging:
aggregate:
- - { dest: console, facility: all, level: info }
- - { dest: console, facility: daemon, level: warning }
- - { dest: file, name: test2, facility: news, level: debug }
+ - {dest: console, facility: all, level: info}
+ - {dest: console, facility: daemon, level: warning}
+ - {dest: file, name: test2, facility: news, level: debug}
state: absent
"""
RETURN = """
commands:
description: The list of configuration mode commands to send to the device
returned: always
type: list
sample:
- set system syslog global facility all level notice
"""
import re
from copy import deepcopy
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import (
remove_default_spec,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
get_config,
load_config,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
def spec_to_commands(updates, module):
commands = list()
want, have = updates
for w in want:
dest = w["dest"]
name = w["name"]
facility = w["facility"]
level = w["level"]
state = w["state"]
del w["state"]
if state == "absent" and w in have:
if w["name"]:
commands.append(
"delete system syslog {0} {1} facility {2} level {3}".format(
dest, name, facility, level
)
)
else:
commands.append(
"delete system syslog {0} facility {1} level {2}".format(
dest, facility, level
)
)
elif state == "present" and w not in have:
if w["name"]:
commands.append(
"set system syslog {0} {1} facility {2} level {3}".format(
dest, name, facility, level
)
)
else:
commands.append(
"set system syslog {0} facility {1} level {2}".format(
dest, facility, level
)
)
return commands
def config_to_dict(module):
data = get_config(module)
obj = []
for line in data.split("\n"):
if line.startswith("set system syslog"):
match = re.search(r"set system syslog (\S+)", line, re.M)
dest = match.group(1)
if dest == "host":
match = re.search(r"host (\S+)", line, re.M)
name = match.group(1)
elif dest == "file":
match = re.search(r"file (\S+)", line, re.M)
name = match.group(1)
elif dest == "user":
match = re.search(r"user (\S+)", line, re.M)
name = match.group(1)
else:
name = None
if "facility" in line:
match = re.search(r"facility (\S+)", line, re.M)
facility = match.group(1)
if "level" in line:
match = re.search(r"level (\S+)", line, re.M)
level = match.group(1).strip("'")
obj.append(
{
"dest": dest,
"name": name,
"facility": facility,
"level": level,
}
)
return obj
def map_params_to_obj(module, required_if=None):
obj = []
aggregate = module.params.get("aggregate")
if aggregate:
for item in aggregate:
for key in item:
if item.get(key) is None:
item[key] = module.params[key]
module._check_required_if(required_if, item)
obj.append(item.copy())
else:
if module.params["dest"] not in ("host", "file", "user"):
module.params["name"] = None
obj.append(
{
"dest": module.params["dest"],
"name": module.params["name"],
"facility": module.params["facility"],
"level": module.params["level"],
"state": module.params["state"],
}
)
return obj
def main():
""" main entry point for module execution
"""
element_spec = dict(
dest=dict(
type="str", choices=["console", "file", "global", "host", "user"]
),
name=dict(type="str"),
facility=dict(type="str"),
level=dict(type="str"),
state=dict(default="present", choices=["present", "absent"]),
)
aggregate_spec = deepcopy(element_spec)
# remove default in aggregate spec, to handle common arguments
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type="list", elements="dict", options=aggregate_spec),
)
argument_spec.update(element_spec)
argument_spec.update(vyos_argument_spec)
required_if = [
("dest", "host", ["name", "facility", "level"]),
("dest", "file", ["name", "facility", "level"]),
("dest", "user", ["name", "facility", "level"]),
("dest", "console", ["facility", "level"]),
("dest", "global", ["facility", "level"]),
]
module = AnsibleModule(
argument_spec=argument_spec,
required_if=required_if,
supports_check_mode=True,
)
warnings = list()
result = {"changed": False}
if warnings:
result["warnings"] = warnings
want = map_params_to_obj(module, required_if=required_if)
have = config_to_dict(module)
commands = spec_to_commands((want, have), module)
result["commands"] = commands
if commands:
commit = not module.check_mode
load_config(module, commands, commit=commit)
result["changed"] = True
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_ospfv2.py b/plugins/modules/vyos_ospfv2.py
index b320200..f890413 100644
--- a/plugins/modules/vyos_ospfv2.py
+++ b/plugins/modules/vyos_ospfv2.py
@@ -1,1813 +1,1815 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_ospfv2
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {"metadata_version": "1.1", "supported_by": "Ansible"}
DOCUMENTATION = """
----
module: vyos_ospfv2
-short_description: OSPFV2 resource module
-description: This resource module configures and manages attributes of OSPFv2 routes on VyOS network devices.
-version_added: "1.0.0"
+short_description: OSPFv2 resource module
+description: This resource module configures and manages attributes of OSPFv2 routes
+ on VyOS network devices.
+version_added: 1.0.0
notes:
- - Tested against VyOS 1.1.8 (helium).
- - This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
+- Tested against VyOS 1.1.8 (helium).
+- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
author:
- - Rohit Thakur (@rohitthakur2590)
+- Rohit Thakur (@rohitthakur2590)
options:
config:
description: A provided OSPFv2 route configuration.
type: dict
suboptions:
areas:
description: OSPFv2 area.
type: list
elements: dict
suboptions:
area_id:
description: OSPFv2 area identity.
type: str
area_type:
description: Area type.
type: dict
suboptions:
normal:
description: Normal OSPFv2 area.
type: bool
nssa:
description: NSSA OSPFv2 area.
type: dict
suboptions:
set:
description: Enabling NSSA.
type: bool
default_cost:
description: Summary-default cost of NSSA area.
type: int
no_summary:
description: Do not inject inter-area routes into stub.
type: bool
translate:
description: NSSA-ABR.
type: str
- choices: ['always', 'candidate', 'never']
+ choices: [always, candidate, never]
stub:
description: Stub OSPFv2 area.
type: dict
suboptions:
set:
description: Enabling stub.
type: bool
default_cost:
description: Summary-default cost of stub area.
type: int
no_summary:
description: Do not inject inter-area routes into stub.
type: bool
authentication:
description: OSPFv2 area authentication type.
type: str
- choices: ['plaintext-password', 'md5']
+ choices: [plaintext-password, md5]
network:
description: OSPFv2 network.
type: list
elements: dict
suboptions:
address:
- required: True
+ required: true
description: OSPFv2 IPv4 network address.
type: str
range:
description: Summarize routes matching prefix (border routers only).
type: list
elements: dict
suboptions:
address:
description: border router IPv4 address.
type: str
cost:
description: Metric for this range.
type: int
not_advertise:
description: Don't advertise this range.
type: bool
substitute:
description: Announce area range (IPv4 address) as another prefix.
type: str
shortcut:
description: Area's shortcut mode.
type: str
- choices: ['default', 'disable', 'enable']
+ choices: [default, disable, enable]
virtual_link:
description: Virtual link address.
type: list
elements: dict
suboptions:
address:
description: virtual link address.
type: str
authentication:
description: OSPFv2 area authentication type.
type: dict
suboptions:
md5:
description: MD5 key id based authentication.
type: list
elements: dict
suboptions:
key_id:
description: MD5 key id.
type: int
md5_key:
description: MD5 key.
type: str
plaintext_password:
description: Plain text password.
type: str
dead_interval:
description: Interval after which a neighbor is declared dead.
type: int
hello_interval:
description: Interval between hello packets.
type: int
retransmit_interval:
description: Interval between retransmitting lost link state advertisements.
type: int
transmit_delay:
description: Link state transmit delay.
type: int
log_adjacency_changes:
- description: Log changes in adjacency state.
- type: str
- choices: ['detail']
+ description: Log changes in adjacency state.
+ type: str
+ choices: [detail]
max_metric:
description: OSPFv2 maximum/infinite-distance metric.
type: dict
suboptions:
router_lsa:
description: Advertise own Router-LSA with infinite distance (stub router).
type: dict
suboptions:
administrative:
description: Administratively apply, for an indefinite period.
type: bool
on_shutdown:
description: Time to advertise self as stub-router.
type: int
on_startup:
description: Time to advertise self as stub-router
type: int
auto_cost:
description: Calculate OSPFv2 interface cost according to bandwidth.
type: dict
suboptions:
reference_bandwidth:
description: Reference bandwidth cost in Mbits/sec.
type: int
default_information:
description: Control distribution of default information.
type: dict
suboptions:
originate:
description: Distribute a default route.
type: dict
suboptions:
always:
description: Always advertise default route.
type: bool
metric:
description: OSPFv2 default metric.
type: int
metric_type:
description: OSPFv2 Metric types for default routes.
type: int
route_map:
description: Route map references.
type: str
default_metric:
description: Metric of redistributed routes
type: int
distance:
description: Administrative distance.
type: dict
suboptions:
global:
description: Global OSPFv2 administrative distance.
type: int
ospf:
description: OSPFv2 administrative distance.
type: dict
suboptions:
external:
description: Distance for external routes.
type: int
inter_area:
description: Distance for inter-area routes.
type: int
intra_area:
description: Distance for intra-area routes.
type: int
mpls_te:
description: MultiProtocol Label Switching-Traffic Engineering (MPLS-TE) parameters.
type: dict
suboptions:
enabled:
description: Enable MPLS-TE functionality.
type: bool
router_address:
description: Stable IP address of the advertising router.
type: str
neighbor:
description: Neighbor IP address.
type: list
elements: dict
suboptions:
neighbor_id:
description: Identity (number/IP address) of neighbor.
type: str
poll_interval:
description: Seconds between dead neighbor polling interval.
type: int
priority:
description: Neighbor priority.
type: int
parameters:
descriptions: OSPFv2 specific parameters.
type: dict
suboptions:
- abr_type:
- description: OSPFv2 ABR Type.
- type: str
- choices: ['cisco', 'ibm', 'shortcut', 'standard']
- opaque_lsa:
- description: Enable the Opaque-LSA capability (rfc2370).
- type: bool
- rfc1583_compatibility:
- description: Enable rfc1583 criteria for handling AS external routes.
- type: bool
- router_id:
- description: Override the default router identifier.
- type: str
+ abr_type:
+ description: OSPFv2 ABR Type.
+ type: str
+ choices: [cisco, ibm, shortcut, standard]
+ opaque_lsa:
+ description: Enable the Opaque-LSA capability (rfc2370).
+ type: bool
+ rfc1583_compatibility:
+ description: Enable rfc1583 criteria for handling AS external routes.
+ type: bool
+ router_id:
+ description: Override the default router identifier.
+ type: str
passive_interface:
description: Suppress routing updates on an interface.
type: list
passive_interface_exclude:
description: Interface to exclude when using passive-interface default.
type: list
redistribute:
description: Redistribute information from another routing protocol.
type: list
elements: dict
suboptions:
route_type:
description: Route type to redistribute.
type: str
- choices: ['bgp', 'connected', 'kernel', 'rip', 'static']
+ choices: [bgp, connected, kernel, rip, static]
metric:
description: Metric for redistribution routes.
type: int
metric_type:
description: OSPFv2 Metric types.
type: int
route_map:
description: Route map references.
type: str
route_map:
description: Filter routes installed in local route map.
type: list
timers:
description: Adjust routing timers.
type: dict
suboptions:
refresh:
description: Adjust refresh parameters.
type: dict
suboptions:
timers:
description: refresh timer.
type: int
throttle:
description: Throttling adaptive timers.
type: dict
suboptions:
spf:
description: OSPFv2 SPF timers.
type: dict
suboptions:
delay:
- description: Delay (msec) from first change received till SPF calculation.
+ description: Delay (msec) from first change received till SPF
+ calculation.
type: int
initial_holdtime:
description: Initial hold time(msec) between consecutive SPF calculations.
type: int
max_holdtime:
description: maximum hold time (sec).
type: int
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep ospf).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep ospf).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
- - The state the configuration should be left in.
+ - The state the configuration should be left in.
type: str
choices:
- merged
- replaced
- deleted
- parsed
- gathered
- rendered
default: merged
+
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos# run show configuration commands | grep ospf
#
#
- name: Merge the provided configuration with the existing running configuration
vyos.vyos.vyos_ospfv2:
config:
- log_adjacency_changes: 'detail'
+ log_adjacency_changes: detail
max_metric:
router_lsa:
administrative: true
on_shutdown: 10
on_startup: 10
default_information:
originate:
always: true
metric: 10
metric_type: 2
- route_map: 'ingress'
+ route_map: ingress
mpls_te:
enabled: true
- router_address: '192.0.11.11'
+ router_address: 192.0.11.11
auto_cost:
- reference_bandwidth: 2
+ reference_bandwidth: 2
neighbor:
- - neighbor_id: '192.0.11.12'
- poll_interval: 10
- priority: 2
+ - neighbor_id: 192.0.11.12
+ poll_interval: 10
+ priority: 2
redistribute:
- - route_type: 'bgp'
- metric: 10
- metric_type: 2
+ - route_type: bgp
+ metric: 10
+ metric_type: 2
passive_interface:
- - 'eth1'
- - 'eth2'
+ - eth1
+ - eth2
parameters:
- router_id: '192.0.1.1'
+ router_id: 192.0.1.1
opaque_lsa: true
rfc1583_compatibility: true
- abr_type: 'cisco'
+ abr_type: cisco
areas:
- - area_id: '2'
- area_type:
- normal: true
- authentication: "plaintext-password"
- shortcut: 'enable'
- - area_id: '3'
- area_type:
- nssa:
- set: true
- - area_id: '4'
- area_type:
- stub:
- default_cost: 20
- network:
- - address: '192.0.2.0/24'
- range:
- - address: '192.0.3.0/24'
- cost: 10
- - address: '192.0.4.0/24'
- cost: 12
+ - area_id: '2'
+ area_type:
+ normal: true
+ authentication: plaintext-password
+ shortcut: enable
+ - area_id: '3'
+ area_type:
+ nssa:
+ set: true
+ - area_id: '4'
+ area_type:
+ stub:
+ default_cost: 20
+ network:
+ - address: 192.0.2.0/24
+ range:
+ - address: 192.0.3.0/24
+ cost: 10
+ - address: 192.0.4.0/24
+ cost: 12
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# before": {}
#
# "commands": [
# "set protocols ospf mpls-te enable",
# "set protocols ospf mpls-te router-address '192.0.11.11'",
# "set protocols ospf redistribute bgp",
# "set protocols ospf redistribute bgp metric-type 2",
# "set protocols ospf redistribute bgp metric 10",
# "set protocols ospf default-information originate metric-type 2",
# "set protocols ospf default-information originate always",
# "set protocols ospf default-information originate metric 10",
# "set protocols ospf default-information originate route-map ingress",
# "set protocols ospf auto-cost reference-bandwidth '2'",
# "set protocols ospf parameters router-id '192.0.1.1'",
# "set protocols ospf parameters opaque-lsa",
# "set protocols ospf parameters abr-type 'cisco'",
# "set protocols ospf parameters rfc1583-compatibility",
# "set protocols ospf passive-interface eth1",
# "set protocols ospf passive-interface eth2",
# "set protocols ospf max-metric router-lsa on-shutdown 10",
# "set protocols ospf max-metric router-lsa administrative",
# "set protocols ospf max-metric router-lsa on-startup 10",
# "set protocols ospf log-adjacency-changes 'detail'",
# "set protocols ospf neighbor 192.0.11.12 priority 2",
# "set protocols ospf neighbor 192.0.11.12 poll-interval 10",
# "set protocols ospf neighbor 192.0.11.12",
# "set protocols ospf area '2'",
# "set protocols ospf area 2 authentication plaintext-password",
# "set protocols ospf area 2 shortcut enable",
# "set protocols ospf area 2 area-type normal",
# "set protocols ospf area '3'",
# "set protocols ospf area 3 area-type nssa",
# "set protocols ospf area 4 range 192.0.3.0/24 cost 10",
# "set protocols ospf area 4 range 192.0.3.0/24",
# "set protocols ospf area 4 range 192.0.4.0/24 cost 12",
# "set protocols ospf area 4 range 192.0.4.0/24",
# "set protocols ospf area 4 area-type stub default-cost 20",
# "set protocols ospf area '4'",
# "set protocols ospf area 4 network 192.0.2.0/24"
# ]
#
# "after": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "3",
# "area_type": {
# "nssa": {
# "set": true
# }
# }
# },
# {
# "area_id": "4",
# "area_type": {
# "stub": {
# "default_cost": 20,
# "set": true
# }
# },
# "network": [
# {
# "address": "192.0.2.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.3.0/24",
# "cost": 10
# },
# {
# "address": "192.0.4.0/24",
# "cost": 12
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.11.11"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth2",
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep ospf
# set protocols ospf area 2 area-type 'normal'
# set protocols ospf area 2 authentication 'plaintext-password'
# set protocols ospf area 2 shortcut 'enable'
# set protocols ospf area 3 area-type 'nssa'
# set protocols ospf area 4 area-type stub default-cost '20'
# set protocols ospf area 4 network '192.0.2.0/24'
# set protocols ospf area 4 range 192.0.3.0/24 cost '10'
# set protocols ospf area 4 range 192.0.4.0/24 cost '12'
# set protocols ospf auto-cost reference-bandwidth '2'
# set protocols ospf default-information originate 'always'
# set protocols ospf default-information originate metric '10'
# set protocols ospf default-information originate metric-type '2'
# set protocols ospf default-information originate route-map 'ingress'
# set protocols ospf log-adjacency-changes 'detail'
# set protocols ospf max-metric router-lsa 'administrative'
# set protocols ospf max-metric router-lsa on-shutdown '10'
# set protocols ospf max-metric router-lsa on-startup '10'
# set protocols ospf mpls-te 'enable'
# set protocols ospf mpls-te router-address '192.0.11.11'
# set protocols ospf neighbor 192.0.11.12 poll-interval '10'
# set protocols ospf neighbor 192.0.11.12 priority '2'
# set protocols ospf parameters abr-type 'cisco'
# set protocols ospf parameters 'opaque-lsa'
# set protocols ospf parameters 'rfc1583-compatibility'
# set protocols ospf parameters router-id '192.0.1.1'
# set protocols ospf passive-interface 'eth1'
# set protocols ospf passive-interface 'eth2'
# set protocols ospf redistribute bgp metric '10'
# set protocols ospf redistribute bgp metric-type '2'
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos# run show configuration commands | grep ospf
#
#
- name: Merge the provided configuration to update existing running configuration
vyos.vyos.vyos_ospfv2:
config:
areas:
- - area_id: '2'
- area_type:
- normal: true
- authentication: "plaintext-password"
- shortcut: 'enable'
- - area_id: '3'
- area_type:
- nssa:
- set: false
- - area_id: '4'
- area_type:
- stub:
- default_cost: 20
- network:
- - address: '192.0.2.0/24'
- - address: '192.0.22.0/24'
- - address: '192.0.32.0/24'
+ - area_id: '2'
+ area_type:
+ normal: true
+ authentication: plaintext-password
+ shortcut: enable
+ - area_id: '3'
+ area_type:
+ nssa:
+ set: false
+ - area_id: '4'
+ area_type:
+ stub:
+ default_cost: 20
+ network:
+ - address: 192.0.2.0/24
+ - address: 192.0.22.0/24
+ - address: 192.0.32.0/24
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "3",
# "area_type": {
# "nssa": {
# "set": true
# }
# }
# },
# {
# "area_id": "4",
# "area_type": {
# "stub": {
# "default_cost": 20,
# "set": true
# }
# },
# "network": [
# {
# "address": "192.0.2.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.3.0/24",
# "cost": 10
# },
# {
# "address": "192.0.4.0/24",
# "cost": 12
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.11.11"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth2",
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
#
# "commands": [
# "delete protocols ospf area 4 area-type stub",
# "set protocols ospf area 4 network 192.0.22.0/24"
# "set protocols ospf area 4 network 192.0.32.0/24"
# ]
#
# "after": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "3",
# "area_type": {
# "nssa": {
# "set": true
# }
# }
# },
# {
# "area_id": "4",
# },
# "network": [
# {
# "address": "192.0.2.0/24"
# },
# {
# "address": "192.0.22.0/24"
# },
# {
# "address": "192.0.32.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.3.0/24",
# "cost": 10
# },
# {
# "address": "192.0.4.0/24",
# "cost": 12
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.11.11"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth2",
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep ospf
# set protocols ospf area 2 area-type 'normal'
# set protocols ospf area 2 authentication 'plaintext-password'
# set protocols ospf area 2 shortcut 'enable'
# set protocols ospf area 3 area-type 'nssa'
# set protocols ospf area 4 network '192.0.2.0/24'
# set protocols ospf area 4 network '192.0.22.0/24'
# set protocols ospf area 4 network '192.0.32.0/24'
# set protocols ospf area 4 range 192.0.3.0/24 cost '10'
# set protocols ospf area 4 range 192.0.4.0/24 cost '12'
# set protocols ospf auto-cost reference-bandwidth '2'
# set protocols ospf default-information originate 'always'
# set protocols ospf default-information originate metric '10'
# set protocols ospf default-information originate metric-type '2'
# set protocols ospf default-information originate route-map 'ingress'
# set protocols ospf log-adjacency-changes 'detail'
# set protocols ospf max-metric router-lsa 'administrative'
# set protocols ospf max-metric router-lsa on-shutdown '10'
# set protocols ospf max-metric router-lsa on-startup '10'
# set protocols ospf mpls-te 'enable'
# set protocols ospf mpls-te router-address '192.0.11.11'
# set protocols ospf neighbor 192.0.11.12 poll-interval '10'
# set protocols ospf neighbor 192.0.11.12 priority '2'
# set protocols ospf parameters abr-type 'cisco'
# set protocols ospf parameters 'opaque-lsa'
# set protocols ospf parameters 'rfc1583-compatibility'
# set protocols ospf parameters router-id '192.0.1.1'
# set protocols ospf passive-interface 'eth1'
# set protocols ospf passive-interface 'eth2'
# set protocols ospf redistribute bgp metric '10'
# set protocols ospf redistribute bgp metric-type '2'
# Using replaced
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep ospf
# set protocols ospf area 2 area-type 'normal'
# set protocols ospf area 2 authentication 'plaintext-password'
# set protocols ospf area 2 shortcut 'enable'
# set protocols ospf area 3 area-type 'nssa'
# set protocols ospf area 4 area-type stub default-cost '20'
# set protocols ospf area 4 network '192.0.2.0/24'
# set protocols ospf area 4 range 192.0.3.0/24 cost '10'
# set protocols ospf area 4 range 192.0.4.0/24 cost '12'
# set protocols ospf auto-cost reference-bandwidth '2'
# set protocols ospf default-information originate 'always'
# set protocols ospf default-information originate metric '10'
# set protocols ospf default-information originate metric-type '2'
# set protocols ospf default-information originate route-map 'ingress'
# set protocols ospf log-adjacency-changes 'detail'
# set protocols ospf max-metric router-lsa 'administrative'
# set protocols ospf max-metric router-lsa on-shutdown '10'
# set protocols ospf max-metric router-lsa on-startup '10'
# set protocols ospf mpls-te 'enable'
# set protocols ospf mpls-te router-address '192.0.11.11'
# set protocols ospf neighbor 192.0.11.12 poll-interval '10'
# set protocols ospf neighbor 192.0.11.12 priority '2'
# set protocols ospf parameters abr-type 'cisco'
# set protocols ospf parameters 'opaque-lsa'
# set protocols ospf parameters 'rfc1583-compatibility'
# set protocols ospf parameters router-id '192.0.1.1'
# set protocols ospf passive-interface 'eth1'
# set protocols ospf passive-interface 'eth2'
# set protocols ospf redistribute bgp metric '10'
# set protocols ospf redistribute bgp metric-type '2'
#
- name: Replace ospfv2 routes attributes configuration.
vyos.vyos.vyos_ospfv2:
config:
- log_adjacency_changes: 'detail'
+ log_adjacency_changes: detail
max_metric:
router_lsa:
administrative: true
on_shutdown: 10
on_startup: 10
default_information:
originate:
always: true
metric: 10
metric_type: 2
- route_map: 'ingress'
+ route_map: ingress
mpls_te:
enabled: true
- router_address: '192.0.22.22'
+ router_address: 192.0.22.22
auto_cost:
reference_bandwidth: 2
neighbor:
- - neighbor_id: '192.0.11.12'
- poll_interval: 10
- priority: 2
+ - neighbor_id: 192.0.11.12
+ poll_interval: 10
+ priority: 2
redistribute:
- - route_type: 'bgp'
- metric: 10
- metric_type: 2
+ - route_type: bgp
+ metric: 10
+ metric_type: 2
passive_interface:
- - 'eth1'
+ - eth1
parameters:
- router_id: '192.0.1.1'
+ router_id: 192.0.1.1
opaque_lsa: true
rfc1583_compatibility: true
- abr_type: 'cisco'
+ abr_type: cisco
areas:
- - area_id: '2'
- area_type:
- normal: true
- authentication: "plaintext-password"
- shortcut: 'enable'
- - area_id: '4'
- area_type:
- stub:
- default_cost: 20
- network:
- - address: '192.0.2.0/24'
- - address: '192.0.12.0/24'
- - address: '192.0.22.0/24'
- - address: '192.0.32.0/24'
- range:
- - address: '192.0.42.0/24'
- cost: 10
+ - area_id: '2'
+ area_type:
+ normal: true
+ authentication: plaintext-password
+ shortcut: enable
+ - area_id: '4'
+ area_type:
+ stub:
+ default_cost: 20
+ network:
+ - address: 192.0.2.0/24
+ - address: 192.0.12.0/24
+ - address: 192.0.22.0/24
+ - address: 192.0.32.0/24
+ range:
+ - address: 192.0.42.0/24
+ cost: 10
state: replaced
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "3",
# "area_type": {
# "nssa": {
# "set": true
# }
# }
# },
# {
# "area_id": "4",
# "area_type": {
# "stub": {
# "default_cost": 20,
# "set": true
# }
# },
# "network": [
# {
# "address": "192.0.2.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.3.0/24",
# "cost": 10
# },
# {
# "address": "192.0.4.0/24",
# "cost": 12
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.11.11"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth2",
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
#
# "commands": [
# "delete protocols ospf passive-interface eth2",
# "delete protocols ospf area 3",
# "delete protocols ospf area 4 range 192.0.3.0/24 cost",
# "delete protocols ospf area 4 range 192.0.3.0/24",
# "delete protocols ospf area 4 range 192.0.4.0/24 cost",
# "delete protocols ospf area 4 range 192.0.4.0/24",
# "set protocols ospf mpls-te router-address '192.0.22.22'",
# "set protocols ospf area 4 range 192.0.42.0/24 cost 10",
# "set protocols ospf area 4 range 192.0.42.0/24",
# "set protocols ospf area 4 network 192.0.12.0/24",
# "set protocols ospf area 4 network 192.0.22.0/24",
# "set protocols ospf area 4 network 192.0.32.0/24"
# ]
#
# "after": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "4",
# "area_type": {
# "stub": {
# "default_cost": 20,
# "set": true
# }
# },
# "network": [
# {
# "address": "192.0.12.0/24"
# },
# {
# "address": "192.0.2.0/24"
# },
# {
# "address": "192.0.22.0/24"
# },
# {
# "address": "192.0.32.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.42.0/24",
# "cost": 10
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.22.22"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep ospf
# set protocols ospf area 2 area-type 'normal'
# set protocols ospf area 2 authentication 'plaintext-password'
# set protocols ospf area 2 shortcut 'enable'
# set protocols ospf area 4 area-type stub default-cost '20'
# set protocols ospf area 4 network '192.0.2.0/24'
# set protocols ospf area 4 network '192.0.12.0/24'
# set protocols ospf area 4 network '192.0.22.0/24'
# set protocols ospf area 4 network '192.0.32.0/24'
# set protocols ospf area 4 range 192.0.42.0/24 cost '10'
# set protocols ospf auto-cost reference-bandwidth '2'
# set protocols ospf default-information originate 'always'
# set protocols ospf default-information originate metric '10'
# set protocols ospf default-information originate metric-type '2'
# set protocols ospf default-information originate route-map 'ingress'
# set protocols ospf log-adjacency-changes 'detail'
# set protocols ospf max-metric router-lsa 'administrative'
# set protocols ospf max-metric router-lsa on-shutdown '10'
# set protocols ospf max-metric router-lsa on-startup '10'
# set protocols ospf mpls-te 'enable'
# set protocols ospf mpls-te router-address '192.0.22.22'
# set protocols ospf neighbor 192.0.11.12 poll-interval '10'
# set protocols ospf neighbor 192.0.11.12 priority '2'
# set protocols ospf parameters abr-type 'cisco'
# set protocols ospf parameters 'opaque-lsa'
# set protocols ospf parameters 'rfc1583-compatibility'
# set protocols ospf parameters router-id '192.0.1.1'
# set protocols ospf passive-interface 'eth1'
# set protocols ospf redistribute bgp metric '10'
# set protocols ospf redistribute bgp metric-type '2'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_ospfv2:
config:
- log_adjacency_changes: 'detail'
+ log_adjacency_changes: detail
max_metric:
router_lsa:
administrative: true
on_shutdown: 10
on_startup: 10
default_information:
originate:
always: true
metric: 10
metric_type: 2
- route_map: 'ingress'
+ route_map: ingress
mpls_te:
enabled: true
- router_address: '192.0.11.11'
+ router_address: 192.0.11.11
auto_cost:
reference_bandwidth: 2
neighbor:
- - neighbor_id: '192.0.11.12'
- poll_interval: 10
- priority: 2
+ - neighbor_id: 192.0.11.12
+ poll_interval: 10
+ priority: 2
redistribute:
- - route_type: 'bgp'
- metric: 10
- metric_type: 2
+ - route_type: bgp
+ metric: 10
+ metric_type: 2
passive_interface:
- - 'eth1'
- - 'eth2'
+ - eth1
+ - eth2
parameters:
- router_id: '192.0.1.1'
+ router_id: 192.0.1.1
opaque_lsa: true
rfc1583_compatibility: true
- abr_type: 'cisco'
+ abr_type: cisco
areas:
- - area_id: '2'
- area_type:
- normal: true
- authentication: "plaintext-password"
- shortcut: 'enable'
- - area_id: '3'
- area_type:
- nssa:
- set: true
- - area_id: '4'
- area_type:
- stub:
- default_cost: 20
- network:
- - address: '192.0.2.0/24'
- range:
- - address: '192.0.3.0/24'
- cost: 10
- - address: '192.0.4.0/24'
- cost: 12
+ - area_id: '2'
+ area_type:
+ normal: true
+ authentication: plaintext-password
+ shortcut: enable
+ - area_id: '3'
+ area_type:
+ nssa:
+ set: true
+ - area_id: '4'
+ area_type:
+ stub:
+ default_cost: 20
+ network:
+ - address: 192.0.2.0/24
+ range:
+ - address: 192.0.3.0/24
+ cost: 10
+ - address: 192.0.4.0/24
+ cost: 12
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# [
# "set protocols ospf mpls-te enable",
# "set protocols ospf mpls-te router-address '192.0.11.11'",
# "set protocols ospf redistribute bgp",
# "set protocols ospf redistribute bgp metric-type 2",
# "set protocols ospf redistribute bgp metric 10",
# "set protocols ospf default-information originate metric-type 2",
# "set protocols ospf default-information originate always",
# "set protocols ospf default-information originate metric 10",
# "set protocols ospf default-information originate route-map ingress",
# "set protocols ospf auto-cost reference-bandwidth '2'",
# "set protocols ospf parameters router-id '192.0.1.1'",
# "set protocols ospf parameters opaque-lsa",
# "set protocols ospf parameters abr-type 'cisco'",
# "set protocols ospf parameters rfc1583-compatibility",
# "set protocols ospf passive-interface eth1",
# "set protocols ospf passive-interface eth2",
# "set protocols ospf max-metric router-lsa on-shutdown 10",
# "set protocols ospf max-metric router-lsa administrative",
# "set protocols ospf max-metric router-lsa on-startup 10",
# "set protocols ospf log-adjacency-changes 'detail'",
# "set protocols ospf neighbor 192.0.11.12 priority 2",
# "set protocols ospf neighbor 192.0.11.12 poll-interval 10",
# "set protocols ospf neighbor 192.0.11.12",
# "set protocols ospf area '2'",
# "set protocols ospf area 2 authentication plaintext-password",
# "set protocols ospf area 2 shortcut enable",
# "set protocols ospf area 2 area-type normal",
# "set protocols ospf area '3'",
# "set protocols ospf area 3 area-type nssa",
# "set protocols ospf area 4 range 192.0.3.0/24 cost 10",
# "set protocols ospf area 4 range 192.0.3.0/24",
# "set protocols ospf area 4 range 192.0.4.0/24 cost 12",
# "set protocols ospf area 4 range 192.0.4.0/24",
# "set protocols ospf area 4 area-type stub default-cost 20",
# "set protocols ospf area '4'",
# "set protocols ospf area 4 network 192.0.2.0/24"
# ]
# Using parsed
#
#
- name: Parse the commands for provided structured configuration
vyos.vyos.vyos_ospfv2:
running_config:
"set protocols ospf area 2 area-type 'normal'
- set protocols ospf area 2 authentication 'plaintext-password'
- set protocols ospf area 2 shortcut 'enable'
- set protocols ospf area 3 area-type 'nssa'
- set protocols ospf area 4 area-type stub default-cost '20'
- set protocols ospf area 4 network '192.0.2.0/24'
- set protocols ospf area 4 range 192.0.3.0/24 cost '10'
- set protocols ospf area 4 range 192.0.4.0/24 cost '12'
- set protocols ospf auto-cost reference-bandwidth '2'
- set protocols ospf default-information originate 'always'
- set protocols ospf default-information originate metric '10'
- set protocols ospf default-information originate metric-type '2'
- set protocols ospf default-information originate route-map 'ingress'
- set protocols ospf log-adjacency-changes 'detail'
- set protocols ospf max-metric router-lsa 'administrative'
- set protocols ospf max-metric router-lsa on-shutdown '10'
- set protocols ospf max-metric router-lsa on-startup '10'
- set protocols ospf mpls-te 'enable'
- set protocols ospf mpls-te router-address '192.0.11.11'
- set protocols ospf neighbor 192.0.11.12 poll-interval '10'
- set protocols ospf neighbor 192.0.11.12 priority '2'
- set protocols ospf parameters abr-type 'cisco'
- set protocols ospf parameters 'opaque-lsa'
- set protocols ospf parameters 'rfc1583-compatibility'
- set protocols ospf parameters router-id '192.0.1.1'
- set protocols ospf passive-interface 'eth1'
- set protocols ospf passive-interface 'eth2'
- set protocols ospf redistribute bgp metric '10'
- set protocols ospf redistribute bgp metric-type '2'"
+ set protocols ospf area 2 authentication 'plaintext-password'
+ set protocols ospf area 2 shortcut 'enable'
+ set protocols ospf area 3 area-type 'nssa'
+ set protocols ospf area 4 area-type stub default-cost '20'
+ set protocols ospf area 4 network '192.0.2.0/24'
+ set protocols ospf area 4 range 192.0.3.0/24 cost '10'
+ set protocols ospf area 4 range 192.0.4.0/24 cost '12'
+ set protocols ospf auto-cost reference-bandwidth '2'
+ set protocols ospf default-information originate 'always'
+ set protocols ospf default-information originate metric '10'
+ set protocols ospf default-information originate metric-type '2'
+ set protocols ospf default-information originate route-map 'ingress'
+ set protocols ospf log-adjacency-changes 'detail'
+ set protocols ospf max-metric router-lsa 'administrative'
+ set protocols ospf max-metric router-lsa on-shutdown '10'
+ set protocols ospf max-metric router-lsa on-startup '10'
+ set protocols ospf mpls-te 'enable'
+ set protocols ospf mpls-te router-address '192.0.11.11'
+ set protocols ospf neighbor 192.0.11.12 poll-interval '10'
+ set protocols ospf neighbor 192.0.11.12 priority '2'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters 'opaque-lsa'
+ set protocols ospf parameters 'rfc1583-compatibility'
+ set protocols ospf parameters router-id '192.0.1.1'
+ set protocols ospf passive-interface 'eth1'
+ set protocols ospf passive-interface 'eth2'
+ set protocols ospf redistribute bgp metric '10'
+ set protocols ospf redistribute bgp metric-type '2'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "3",
# "area_type": {
# "nssa": {
# "set": true
# }
# }
# },
# {
# "area_id": "4",
# "area_type": {
# "stub": {
# "default_cost": 20,
# "set": true
# }
# },
# "network": [
# {
# "address": "192.0.2.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.3.0/24",
# "cost": 10
# },
# {
# "address": "192.0.4.0/24",
# "cost": 12
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.11.11"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth2",
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
# }
# Using gathered
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep ospf
# set protocols ospf area 2 area-type 'normal'
# set protocols ospf area 2 authentication 'plaintext-password'
# set protocols ospf area 2 shortcut 'enable'
# set protocols ospf area 3 area-type 'nssa'
# set protocols ospf area 4 area-type stub default-cost '20'
# set protocols ospf area 4 network '192.0.2.0/24'
# set protocols ospf area 4 range 192.0.3.0/24 cost '10'
# set protocols ospf area 4 range 192.0.4.0/24 cost '12'
# set protocols ospf auto-cost reference-bandwidth '2'
# set protocols ospf default-information originate 'always'
# set protocols ospf default-information originate metric '10'
# set protocols ospf default-information originate metric-type '2'
# set protocols ospf default-information originate route-map 'ingress'
# set protocols ospf log-adjacency-changes 'detail'
# set protocols ospf max-metric router-lsa 'administrative'
# set protocols ospf max-metric router-lsa on-shutdown '10'
# set protocols ospf max-metric router-lsa on-startup '10'
# set protocols ospf mpls-te 'enable'
# set protocols ospf mpls-te router-address '192.0.11.11'
# set protocols ospf neighbor 192.0.11.12 poll-interval '10'
# set protocols ospf neighbor 192.0.11.12 priority '2'
# set protocols ospf parameters abr-type 'cisco'
# set protocols ospf parameters 'opaque-lsa'
# set protocols ospf parameters 'rfc1583-compatibility'
# set protocols ospf parameters router-id '192.0.1.1'
# set protocols ospf passive-interface 'eth1'
# set protocols ospf passive-interface 'eth2'
# set protocols ospf redistribute bgp metric '10'
# set protocols ospf redistribute bgp metric-type '2'
#
- name: Gather ospfv2 routes config with provided configurations
vyos.vyos.vyos_ospfv2:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "3",
# "area_type": {
# "nssa": {
# "set": true
# }
# }
# },
# {
# "area_id": "4",
# "area_type": {
# "stub": {
# "default_cost": 20,
# "set": true
# }
# },
# "network": [
# {
# "address": "192.0.2.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.3.0/24",
# "cost": 10
# },
# {
# "address": "192.0.4.0/24",
# "cost": 12
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.11.11"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth2",
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep ospf
# set protocols ospf area 2 area-type 'normal'
# set protocols ospf area 2 authentication 'plaintext-password'
# set protocols ospf area 2 shortcut 'enable'
# set protocols ospf area 3 area-type 'nssa'
# set protocols ospf area 4 area-type stub default-cost '20'
# set protocols ospf area 4 network '192.0.2.0/24'
# set protocols ospf area 4 range 192.0.3.0/24 cost '10'
# set protocols ospf area 4 range 192.0.4.0/24 cost '12'
# set protocols ospf auto-cost reference-bandwidth '2'
# set protocols ospf default-information originate 'always'
# set protocols ospf default-information originate metric '10'
# set protocols ospf default-information originate metric-type '2'
# set protocols ospf default-information originate route-map 'ingress'
# set protocols ospf log-adjacency-changes 'detail'
# set protocols ospf max-metric router-lsa 'administrative'
# set protocols ospf max-metric router-lsa on-shutdown '10'
# set protocols ospf max-metric router-lsa on-startup '10'
# set protocols ospf mpls-te 'enable'
# set protocols ospf mpls-te router-address '192.0.11.11'
# set protocols ospf neighbor 192.0.11.12 poll-interval '10'
# set protocols ospf neighbor 192.0.11.12 priority '2'
# set protocols ospf parameters abr-type 'cisco'
# set protocols ospf parameters 'opaque-lsa'
# set protocols ospf parameters 'rfc1583-compatibility'
# set protocols ospf parameters router-id '192.0.1.1'
# set protocols ospf passive-interface 'eth1'
# set protocols ospf passive-interface 'eth2'
# set protocols ospf redistribute bgp metric '10'
# set protocols ospf redistribute bgp metric-type '2'
# Using deleted
#
# Before state
# -------------
#
# vyos@192# run show configuration commands | grep ospf
# set protocols ospf area 2 area-type 'normal'
# set protocols ospf area 2 authentication 'plaintext-password'
# set protocols ospf area 2 shortcut 'enable'
# set protocols ospf area 3 area-type 'nssa'
# set protocols ospf area 4 area-type stub default-cost '20'
# set protocols ospf area 4 network '192.0.2.0/24'
# set protocols ospf area 4 range 192.0.3.0/24 cost '10'
# set protocols ospf area 4 range 192.0.4.0/24 cost '12'
# set protocols ospf auto-cost reference-bandwidth '2'
# set protocols ospf default-information originate 'always'
# set protocols ospf default-information originate metric '10'
# set protocols ospf default-information originate metric-type '2'
# set protocols ospf default-information originate route-map 'ingress'
# set protocols ospf log-adjacency-changes 'detail'
# set protocols ospf max-metric router-lsa 'administrative'
# set protocols ospf max-metric router-lsa on-shutdown '10'
# set protocols ospf max-metric router-lsa on-startup '10'
# set protocols ospf mpls-te 'enable'
# set protocols ospf mpls-te router-address '192.0.11.11'
# set protocols ospf neighbor 192.0.11.12 poll-interval '10'
# set protocols ospf neighbor 192.0.11.12 priority '2'
# set protocols ospf parameters abr-type 'cisco'
# set protocols ospf parameters 'opaque-lsa'
# set protocols ospf parameters 'rfc1583-compatibility'
# set protocols ospf parameters router-id '192.0.1.1'
# set protocols ospf passive-interface 'eth1'
# set protocols ospf passive-interface 'eth2'
# set protocols ospf redistribute bgp metric '10'
# set protocols ospf redistribute bgp metric-type '2'
#
- name: Delete attributes of ospfv2 routes.
vyos.vyos.vyos_ospfv2:
config:
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": {
# "areas": [
# {
# "area_id": "2",
# "area_type": {
# "normal": true
# },
# "authentication": "plaintext-password",
# "shortcut": "enable"
# },
# {
# "area_id": "3",
# "area_type": {
# "nssa": {
# "set": true
# }
# }
# },
# {
# "area_id": "4",
# "area_type": {
# "stub": {
# "default_cost": 20,
# "set": true
# }
# },
# "network": [
# {
# "address": "192.0.2.0/24"
# }
# ],
# "range": [
# {
# "address": "192.0.3.0/24",
# "cost": 10
# },
# {
# "address": "192.0.4.0/24",
# "cost": 12
# }
# ]
# }
# ],
# "auto_cost": {
# "reference_bandwidth": 2
# },
# "default_information": {
# "originate": {
# "always": true,
# "metric": 10,
# "metric_type": 2,
# "route_map": "ingress"
# }
# },
# "log_adjacency_changes": "detail",
# "max_metric": {
# "router_lsa": {
# "administrative": true,
# "on_shutdown": 10,
# "on_startup": 10
# }
# },
# "mpls_te": {
# "enabled": true,
# "router_address": "192.0.11.11"
# },
# "neighbor": [
# {
# "neighbor_id": "192.0.11.12",
# "poll_interval": 10,
# "priority": 2
# }
# ],
# "parameters": {
# "abr_type": "cisco",
# "opaque_lsa": true,
# "rfc1583_compatibility": true,
# "router_id": "192.0.1.1"
# },
# "passive_interface": [
# "eth2",
# "eth1"
# ],
# "redistribute": [
# {
# "metric": 10,
# "metric_type": 2,
# "route_type": "bgp"
# }
# ]
# }
# "commands": [
# "delete protocols ospf"
# ]
#
# "after": {}
# After state
# ------------
# vyos@192# run show configuration commands | grep ospf
#
"""
RETURN = """
before:
description: The configuration prior to the model invocation.
returned: always
type: dict
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The resulting configuration model invocation.
returned: when changed
type: dict
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
- sample: ['set protocols ospf parameters router-id 192.0.1.1',
- 'set protocols ospf passive-interface 'eth1']
+ sample:
+ - "set protocols ospf parameters router-id 192.0.1.1"
+ - "set protocols ospf passive-interface 'eth1'"
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.ospfv2.ospfv2 import (
Ospfv2Args,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.ospfv2.ospfv2 import (
Ospfv2,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Ospfv2Args.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Ospfv2(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_ospfv3.py b/plugins/modules/vyos_ospfv3.py
index 8248c8d..20296a0 100644
--- a/plugins/modules/vyos_ospfv3.py
+++ b/plugins/modules/vyos_ospfv3.py
@@ -1,666 +1,667 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2019 Red Hat
# GNU General Public License v3.0+
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#############################################
# WARNING #
#############################################
#
# This file is auto generated by the resource
# module builder playbook.
#
# Do not edit this file manually.
#
# Changes to this file will be over written
# by the resource module builder.
#
# Changes should be made in the model used to
# generate this file or in the resource module
# builder template.
#
#############################################
"""
The module file for vyos_ospfv3
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {"metadata_version": "1.1", "supported_by": "Ansible"}
DOCUMENTATION = """
----
module: vyos_ospfv3
-short_description: OSPFV3 resource module.
-description: This resource module configures and manages attributes of OSPFv3 routes on VyOS network devices.
-version_added: "1.0.0"
+short_description: OSPFV3 resource module
+description: This resource module configures and manages attributes of OSPFv3 routes
+ on VyOS network devices.
+version_added: 1.0.0
notes:
- - Tested against VyOS 1.1.8 (helium).
- - This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
+- Tested against VyOS 1.1.8 (helium).
+- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
author:
- Rohit Thakur (@rohitthakur2590)
options:
config:
description: A provided OSPFv3 route configuration.
type: dict
suboptions:
areas:
description: OSPFv3 area.
type: list
elements: dict
suboptions:
area_id:
description: OSPFv3 Area name/identity.
type: str
export_list:
description: Name of export-list.
type: str
import_list:
description: Name of import-list.
type: str
range:
description: Summarize routes matching prefix (border routers only).
type: list
elements: dict
suboptions:
address:
description: border router IPv4 address.
type: str
advertise:
description: Advertise this range.
type: bool
not_advertise:
description: Don't advertise this range.
type: bool
parameters:
descriptions: OSPFv3 specific parameters.
type: dict
suboptions:
- router_id:
- description: Override the default router identifier.
- type: str
+ router_id:
+ description: Override the default router identifier.
+ type: str
redistribute:
description: Redistribute information from another routing protocol.
type: list
elements: dict
suboptions:
route_type:
description: Route type to redistribute.
type: str
- choices: ['bgp', 'connected', 'kernel', 'ripng', 'static']
+ choices: [bgp, connected, kernel, ripng, static]
route_map:
description: Route map references.
type: str
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep ospfv3).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep ospfv3).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
- - The state the configuration should be left in.
+ - The state the configuration should be left in.
type: str
choices:
- merged
- replaced
- deleted
- parsed
- gathered
- rendered
default: merged
+
"""
EXAMPLES = """
# Using merged
#
# Before state:
# -------------
#
# vyos@vyos# run show configuration commands | grep ospfv3
#
#
- name: Merge the provided configuration with the exisiting running configuration
vyos.vyos.vyos_ospfv3:
config:
redistribute:
- - route_type: 'bgp'
+ - route_type: bgp
parameters:
- router_id: '192.0.2.10'
+ router_id: 192.0.2.10
areas:
- - area_id: '2'
- export_list: 'export1'
- import_list: 'import1'
- range:
- - address: '2001:db10::/32'
- - address: '2001:db20::/32'
- - address: '2001:db30::/32'
- - area_id: '3'
- range:
- - address: '2001:db40::/32'
+ - area_id: '2'
+ export_list: export1
+ import_list: import1
+ range:
+ - address: 2001:db10::/32
+ - address: 2001:db20::/32
+ - address: 2001:db30::/32
+ - area_id: '3'
+ range:
+ - address: 2001:db40::/32
state: merged
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# before": {}
#
# "commands": [
# "set protocols ospfv3 redistribute bgp",
# "set protocols ospfv3 parameters router-id '192.0.2.10'",
# "set protocols ospfv3 area 2 range 2001:db10::/32",
# "set protocols ospfv3 area 2 range 2001:db20::/32",
# "set protocols ospfv3 area 2 range 2001:db30::/32",
# "set protocols ospfv3 area '2'",
# "set protocols ospfv3 area 2 export-list export1",
# "set protocols ospfv3 area 2 import-list import1",
# "set protocols ospfv3 area '3'",
# "set protocols ospfv3 area 3 range 2001:db40::/32"
# ]
#
# "after": {
# "areas": [
# {
# "area_id": "2",
# "export_list": "export1",
# "import_list": "import1",
# "range": [
# {
# "address": "2001:db10::/32"
# },
# {
# "address": "2001:db20::/32"
# },
# {
# "address": "2001:db30::/32"
# }
# ]
# },
# {
# "area_id": "3",
# "range": [
# {
# "address": "2001:db40::/32"
# }
# ]
# }
# ],
# "parameters": {
# "router_id": "192.0.2.10"
# },
# "redistribute": [
# {
# "route_type": "bgp"
# }
# ]
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep ospfv3
# set protocols ospfv3 area 2 export-list 'export1'
# set protocols ospfv3 area 2 import-list 'import1'
# set protocols ospfv3 area 2 range '2001:db10::/32'
# set protocols ospfv3 area 2 range '2001:db20::/32'
# set protocols ospfv3 area 2 range '2001:db30::/32'
# set protocols ospfv3 area 3 range '2001:db40::/32'
# set protocols ospfv3 parameters router-id '192.0.2.10'
# set protocols ospfv3 redistribute 'bgp'
# Using replaced
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep ospfv3
# set protocols ospfv3 area 2 export-list 'export1'
# set protocols ospfv3 area 2 import-list 'import1'
# set protocols ospfv3 area 2 range '2001:db10::/32'
# set protocols ospfv3 area 2 range '2001:db20::/32'
# set protocols ospfv3 area 2 range '2001:db30::/32'
# set protocols ospfv3 area 3 range '2001:db40::/32'
# set protocols ospfv3 parameters router-id '192.0.2.10'
# set protocols ospfv3 redistribute 'bgp'
#
- name: Replace ospfv3 routes attributes configuration.
vyos.vyos.vyos_ospfv3:
config:
redistribute:
- - route_type: 'bgp'
+ - route_type: bgp
parameters:
- router_id: '192.0.2.10'
+ router_id: 192.0.2.10
areas:
- - area_id: '2'
- export_list: 'export1'
- import_list: 'import1'
- range:
- - address: '2001:db10::/32'
- - address: '2001:db30::/32'
- - address: '2001:db50::/32'
- - area_id: '4'
- range:
- - address: '2001:db60::/32'
+ - area_id: '2'
+ export_list: export1
+ import_list: import1
+ range:
+ - address: 2001:db10::/32
+ - address: 2001:db30::/32
+ - address: 2001:db50::/32
+ - area_id: '4'
+ range:
+ - address: 2001:db60::/32
state: replaced
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "before": {
# "areas": [
# {
# "area_id": "2",
# "export_list": "export1",
# "import_list": "import1",
# "range": [
# {
# "address": "2001:db10::/32"
# },
# {
# "address": "2001:db20::/32"
# },
# {
# "address": "2001:db30::/32"
# }
# ]
# },
# {
# "area_id": "3",
# "range": [
# {
# "address": "2001:db40::/32"
# }
# ]
# }
# ],
# "parameters": {
# "router_id": "192.0.2.10"
# },
# "redistribute": [
# {
# "route_type": "bgp"
# }
# ]
# }
#
# "commands": [
# "delete protocols ospfv3 area 2 range 2001:db20::/32",
# "delete protocols ospfv3 area 3",
# "set protocols ospfv3 area 2 range 2001:db50::/32",
# "set protocols ospfv3 area '4'",
# "set protocols ospfv3 area 4 range 2001:db60::/32"
# ]
#
# "after": {
# "areas": [
# {
# "area_id": "2",
# "export_list": "export1",
# "import_list": "import1",
# "range": [
# {
# "address": "2001:db10::/32"
# },
# {
# "address": "2001:db30::/32"
# },
# {
# "address": "2001:db50::/32"
# }
# ]
# },
# {
# "area_id": "4",
# "range": [
# {
# "address": "2001:db60::/32"
# }
# ]
# }
# ],
# "parameters": {
# "router_id": "192.0.2.10"
# },
# "redistribute": [
# {
# "route_type": "bgp"
# }
# ]
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep ospfv3
# set protocols ospfv3 area 2 export-list 'export1'
# set protocols ospfv3 area 2 import-list 'import1'
# set protocols ospfv3 area 2 range '2001:db10::/32'
# set protocols ospfv3 area 2 range '2001:db30::/32'
# set protocols ospfv3 area 2 range '2001:db50::/32'
# set protocols ospfv3 area 4 range '2001:db60::/32'
# set protocols ospfv3 parameters router-id '192.0.2.10'
# set protocols ospfv3 redistribute 'bgp'
# Using rendered
#
#
- name: Render the commands for provided configuration
vyos.vyos.vyos_ospfv3:
config:
redistribute:
- - route_type: 'bgp'
+ - route_type: bgp
parameters:
- router_id: '192.0.2.10'
+ router_id: 192.0.2.10
areas:
- - area_id: '2'
- export_list: 'export1'
- import_list: 'import1'
- range:
- - address: '2001:db10::/32'
- - address: '2001:db20::/32'
- - address: '2001:db30::/32'
- - area_id: '3'
- range:
- - address: '2001:db40::/32'
+ - area_id: '2'
+ export_list: export1
+ import_list: import1
+ range:
+ - address: 2001:db10::/32
+ - address: 2001:db20::/32
+ - address: 2001:db30::/32
+ - area_id: '3'
+ range:
+ - address: 2001:db40::/32
state: rendered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "rendered": [
# [
# "set protocols ospfv3 redistribute bgp",
# "set protocols ospfv3 parameters router-id '192.0.2.10'",
# "set protocols ospfv3 area 2 range 2001:db10::/32",
# "set protocols ospfv3 area 2 range 2001:db20::/32",
# "set protocols ospfv3 area 2 range 2001:db30::/32",
# "set protocols ospfv3 area '2'",
# "set protocols ospfv3 area 2 export-list export1",
# "set protocols ospfv3 area 2 import-list import1",
# "set protocols ospfv3 area '3'",
# "set protocols ospfv3 area 3 range 2001:db40::/32"
# ]
# Using parsed
#
#
- name: Parse the commands to provide structured configuration.
vyos.vyos.vyos_ospfv3:
running_config:
"set protocols ospfv3 area 2 export-list 'export1'
-set protocols ospfv3 area 2 import-list 'import1'
-set protocols ospfv3 area 2 range '2001:db10::/32'
-set protocols ospfv3 area 2 range '2001:db20::/32'
-set protocols ospfv3 area 2 range '2001:db30::/32'
-set protocols ospfv3 area 3 range '2001:db40::/32'
-set protocols ospfv3 parameters router-id '192.0.2.10'
-set protocols ospfv3 redistribute 'bgp'"
+ set protocols ospfv3 area 2 import-list 'import1'
+ set protocols ospfv3 area 2 range '2001:db10::/32'
+ set protocols ospfv3 area 2 range '2001:db20::/32'
+ set protocols ospfv3 area 2 range '2001:db30::/32'
+ set protocols ospfv3 area 3 range '2001:db40::/32'
+ set protocols ospfv3 parameters router-id '192.0.2.10'
+ set protocols ospfv3 redistribute 'bgp'"
state: parsed
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
#
# "parsed": {
# "areas": [
# {
# "area_id": "2",
# "export_list": "export1",
# "import_list": "import1",
# "range": [
# {
# "address": "2001:db10::/32"
# },
# {
# "address": "2001:db20::/32"
# },
# {
# "address": "2001:db30::/32"
# }
# ]
# },
# {
# "area_id": "3",
# "range": [
# {
# "address": "2001:db40::/32"
# }
# ]
# }
# ],
# "parameters": {
# "router_id": "192.0.2.10"
# },
# "redistribute": [
# {
# "route_type": "bgp"
# }
# ]
# }
# Using gathered
#
# Before state:
# -------------
#
# vyos@192# run show configuration commands | grep ospfv3
# set protocols ospfv3 area 2 export-list 'export1'
# set protocols ospfv3 area 2 import-list 'import1'
# set protocols ospfv3 area 2 range '2001:db10::/32'
# set protocols ospfv3 area 2 range '2001:db20::/32'
# set protocols ospfv3 area 2 range '2001:db30::/32'
# set protocols ospfv3 area 3 range '2001:db40::/32'
# set protocols ospfv3 parameters router-id '192.0.2.10'
# set protocols ospfv3 redistribute 'bgp'
#
- name: Gather ospfv3 routes config with provided configurations
vyos.vyos.vyos_ospfv3:
config:
state: gathered
#
#
# -------------------------
# Module Execution Result
# -------------------------
#
# "gathered": {
# "areas": [
# {
# "area_id": "2",
# "export_list": "export1",
# "import_list": "import1",
# "range": [
# {
# "address": "2001:db10::/32"
# },
# {
# "address": "2001:db20::/32"
# },
# {
# "address": "2001:db30::/32"
# }
# ]
# },
# {
# "area_id": "3",
# "range": [
# {
# "address": "2001:db40::/32"
# }
# ]
# }
# ],
# "parameters": {
# "router_id": "192.0.2.10"
# },
# "redistribute": [
# {
# "route_type": "bgp"
# }
# ]
# }
#
# After state:
# -------------
#
# vyos@192# run show configuration commands | grep ospfv3
# set protocols ospfv3 area 2 export-list 'export1'
# set protocols ospfv3 area 2 import-list 'import1'
# set protocols ospfv3 area 2 range '2001:db10::/32'
# set protocols ospfv3 area 2 range '2001:db20::/32'
# set protocols ospfv3 area 2 range '2001:db30::/32'
# set protocols ospfv3 area 3 range '2001:db40::/32'
# set protocols ospfv3 parameters router-id '192.0.2.10'
# set protocols ospfv3 redistribute 'bgp'
# Using deleted
#
# Before state
# -------------
#
# vyos@192# run show configuration commands | grep ospfv3
# set protocols ospfv3 area 2 export-list 'export1'
# set protocols ospfv3 area 2 import-list 'import1'
# set protocols ospfv3 area 2 range '2001:db10::/32'
# set protocols ospfv3 area 2 range '2001:db20::/32'
# set protocols ospfv3 area 2 range '2001:db30::/32'
# set protocols ospfv3 area 3 range '2001:db40::/32'
# set protocols ospfv3 parameters router-id '192.0.2.10'
# set protocols ospfv3 redistribute 'bgp'
#
- name: Delete attributes of ospfv3 routes.
vyos.vyos.vyos_ospfv3:
config:
state: deleted
#
#
# ------------------------
# Module Execution Results
# ------------------------
#
# "before": {
# "areas": [
# {
# "area_id": "2",
# "export_list": "export1",
# "import_list": "import1",
# "range": [
# {
# "address": "2001:db10::/32"
# },
# {
# "address": "2001:db20::/32"
# },
# {
# "address": "2001:db30::/32"
# }
# ]
# },
# {
# "area_id": "3",
# "range": [
# {
# "address": "2001:db40::/32"
# }
# ]
# }
# ],
# "parameters": {
# "router_id": "192.0.2.10"
# },
# "redistribute": [
# {
# "route_type": "bgp"
# }
# ]
# }
# "commands": [
# "delete protocols ospfv3"
# ]
#
# "after": {}
# After state
# ------------
# vyos@192# run show configuration commands | grep ospfv3
"""
RETURN = """
before:
description: The configuration prior to the model invocation.
returned: always
type: dict
sample: >
The configuration returned will always be in the same format
of the parameters above.
after:
description: The resulting configuration model invocation.
returned: when changed
type: dict
sample: >
The configuration returned will always be in the same format
of the parameters above.
commands:
description: The set of commands pushed to the remote device.
returned: always
type: list
- sample: ['set protocols ospf parameters router-id 192.0.1.1',
- 'set protocols ospfv3 area 2 range '2001:db10::/32']
+ sample:
+ - "set protocols ospf parameters router-id 192.0.1.1"
+ - "set protocols ospfv3 area 2 range '2001:db10::/32'"
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.ospfv3.ospfv3 import (
Ospfv3Args,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.ospfv3.ospfv3 import (
Ospfv3,
)
def main():
"""
Main entry point for module execution
:returns: the result form module invocation
"""
required_if = [
("state", "merged", ("config",)),
("state", "replaced", ("config",)),
("state", "rendered", ("config",)),
("state", "parsed", ("running_config",)),
]
mutually_exclusive = [("config", "running_config")]
module = AnsibleModule(
argument_spec=Ospfv3Args.argument_spec,
required_if=required_if,
supports_check_mode=True,
mutually_exclusive=mutually_exclusive,
)
result = Ospfv3(module).execute_module()
module.exit_json(**result)
if __name__ == "__main__":
main()
diff --git a/plugins/modules/vyos_ping.py b/plugins/modules/vyos_ping.py
index 3d5a903..9131917 100644
--- a/plugins/modules/vyos_ping.py
+++ b/plugins/modules/vyos_ping.py
@@ -1,262 +1,259 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Ansible by Red Hat, inc
#
# This file is part of Ansible by Red Hat
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see .
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "community",
-}
-DOCUMENTATION = """module: vyos_ping
+DOCUMENTATION = """
+module: vyos_ping
short_description: Tests reachability using ping from VyOS network devices
description:
- Tests reachability using ping from a VyOS device to a remote destination.
- Tested against VyOS 1.1.8 (helium)
- For a general purpose network module, see the M(net_ping) module.
- For Windows targets, use the M(win_ping) module instead.
- For targets running Python, use the M(ping) module instead.
+version_added: 1.0.0
author:
- Nilashish Chakraborty (@NilashishC)
options:
dest:
description:
- The IP Address or hostname (resolvable by the device) of the remote node.
required: true
count:
description:
- Number of packets to send to check reachability.
type: int
default: 5
source:
description:
- The source interface or IP Address to use while sending the ping packet(s).
ttl:
description:
- The time-to-live value for the ICMP packet(s).
type: int
size:
description:
- Determines the size (in bytes) of the ping packet(s).
type: int
interval:
description:
- Determines the interval (in seconds) between consecutive pings.
type: int
state:
description:
- Determines if the expected result is success or fail.
choices:
- absent
- present
default: present
notes:
- Tested against VyOS 1.1.8 (helium).
- For a general purpose network module, see the M(net_ping) module.
- For Windows targets, use the M(win_ping) module instead.
- For targets running Python, use the M(ping) module instead.
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
extends_documentation_fragment:
- vyos.vyos.vyos
"""
EXAMPLES = """
- name: Test reachability to 10.10.10.10
- vyos_ping:
+ vyos.vyos.vyos_ping:
dest: 10.10.10.10
- name: Test reachability to 10.20.20.20 using source and ttl set
- vyos_ping:
+ vyos.vyos.vyos_ping:
dest: 10.20.20.20
source: eth0
ttl: 128
- name: Test unreachability to 10.30.30.30 using interval
- vyos_ping:
+ vyos.vyos.vyos_ping:
dest: 10.30.30.30
interval: 3
state: absent
- name: Test reachability to 10.40.40.40 setting count and source
- vyos_ping:
+ vyos.vyos.vyos_ping:
dest: 10.40.40.40
source: eth1
count: 20
size: 512
"""
RETURN = """
commands:
description: List of commands sent.
returned: always
type: list
sample: ["ping 10.8.38.44 count 10 interface eth0 ttl 128"]
packet_loss:
description: Percentage of packets lost.
returned: always
type: str
sample: "0%"
packets_rx:
description: Packets successfully received.
returned: always
type: int
sample: 20
packets_tx:
description: Packets successfully transmitted.
returned: always
type: int
sample: 20
rtt:
description: The round trip time (RTT) stats.
returned: when ping succeeds
type: dict
sample: {"avg": 2, "max": 8, "min": 1, "mdev": 24}
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
run_commands,
)
from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import (
vyos_argument_spec,
)
import re
def main():
""" main entry point for module execution
"""
argument_spec = dict(
count=dict(type="int", default=5),
dest=dict(type="str", required=True),
source=dict(type="str"),
ttl=dict(type="int"),
size=dict(type="int"),
interval=dict(type="int"),
state=dict(
type="str", choices=["absent", "present"], default="present"
),
)
argument_spec.update(vyos_argument_spec)
module = AnsibleModule(argument_spec=argument_spec)
count = module.params["count"]
dest = module.params["dest"]
source = module.params["source"]
size = module.params["size"]
ttl = module.params["ttl"]
interval = module.params["interval"]
warnings = list()
results = {}
if warnings:
results["warnings"] = warnings
results["commands"] = [
build_ping(dest, count, size, interval, source, ttl)
]
ping_results = run_commands(module, commands=results["commands"])
ping_results_list = ping_results[0].split("\n")
rtt_info, rate_info = None, None
for line in ping_results_list:
if line.startswith("rtt"):
rtt_info = line
if line.startswith("%s packets transmitted" % count):
rate_info = line
if rtt_info:
rtt = parse_rtt(rtt_info)
for k, v in rtt.items():
if rtt[k] is not None:
rtt[k] = int(v)
results["rtt"] = rtt
pkt_loss, rx, tx = parse_rate(rate_info)
results["packet_loss"] = str(pkt_loss) + "%"
results["packets_rx"] = int(rx)
results["packets_tx"] = int(tx)
validate_results(module, pkt_loss, results)
module.exit_json(**results)
def build_ping(dest, count, size=None, interval=None, source=None, ttl=None):
cmd = "ping {0} count {1}".format(dest, str(count))
if source:
cmd += " interface {0}".format(source)
if ttl:
cmd += " ttl {0}".format(str(ttl))
if size:
cmd += " size {0}".format(str(size))
if interval:
cmd += " interval {0}".format(str(interval))
return cmd
def parse_rate(rate_info):
rate_re = re.compile(
r"(?P\d+) (?:\w+) (?:\w+), (?P\d+) (?:\w+), (?P\d+)% (?:\w+) (?:\w+), (?:\w+) (?P