diff --git a/README.md b/README.md index a1f2373..5a09e94 100644 --- a/README.md +++ b/README.md @@ -1,160 +1,164 @@ # VyOS Collection [![CI](https://zuul-ci.org/gated.svg)](https://dashboard.zuul.ansible.com/t/ansible/project/github.com/ansible-collections/vyos) The Ansible VyOS collection includes a variety of Ansible content to help automate the management of VyOS network appliances. This collection has been tested against VyOS 1.1.8 (helium). ## Ansible version compatibility This collection has been tested against following Ansible versions: **>=2.9.10,<2.11**. Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible. ### Supported connections The VyOS collection supports ``network_cli`` connections. ## Included content ### Cliconf plugins Name | Description --- | --- [vyos.vyos.vyos](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_cliconf.rst)|Use vyos cliconf to run command on VyOS platform ### Modules Name | Description --- | --- [vyos.vyos.vyos_banner](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_banner_module.rst)|Manage multiline banners on VyOS devices [vyos.vyos.vyos_command](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_command_module.rst)|Run one or more commands on VyOS devices [vyos.vyos.vyos_config](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_config_module.rst)|Manage VyOS configuration on remote device [vyos.vyos.vyos_facts](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_facts_module.rst)|Get facts about vyos devices. [vyos.vyos.vyos_firewall_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_global_module.rst)|FIREWALL global resource module [vyos.vyos.vyos_firewall_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_interfaces_module.rst)|FIREWALL interfaces resource module [vyos.vyos.vyos_firewall_rules](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_rules_module.rst)|FIREWALL rules resource module [vyos.vyos.vyos_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices [vyos.vyos.vyos_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interfaces_module.rst)|Interfaces resource module [vyos.vyos.vyos_l3_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices [vyos.vyos.vyos_l3_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interfaces_module.rst)|L3 interfaces resource module [vyos.vyos.vyos_lag_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lag_interfaces_module.rst)|LAG interfaces resource module [vyos.vyos.vyos_linkagg](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_linkagg_module.rst)|(deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices [vyos.vyos.vyos_lldp](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices [vyos.vyos.vyos_lldp_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_global_module.rst)|LLDP global resource module [vyos.vyos.vyos_lldp_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices [vyos.vyos.vyos_lldp_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interfaces_module.rst)|LLDP interfaces resource module [vyos.vyos.vyos_logging](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_logging_module.rst)|Manage logging on network devices [vyos.vyos.vyos_ospfv2](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv2_module.rst)|OSPFv2 resource module [vyos.vyos.vyos_ospfv3](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv3_module.rst)|OSPFV3 resource module [vyos.vyos.vyos_ping](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ping_module.rst)|Tests reachability using ping from VyOS network devices [vyos.vyos.vyos_static_route](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_route_module.rst)|(deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices [vyos.vyos.vyos_static_routes](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_routes_module.rst)|Static routes resource module [vyos.vyos.vyos_system](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_system_module.rst)|Run `set system` commands on VyOS devices [vyos.vyos.vyos_user](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_user_module.rst)|Manage the collection of local users on VyOS device [vyos.vyos.vyos_vlan](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_vlan_module.rst)|Manage VLANs on VyOS network devices Click the ``Content`` button to see the list of content included in this collection. ## Installing this collection You can install the VyOS collection with the Ansible Galaxy CLI: ansible-galaxy collection install vyos.vyos You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format: ```yaml --- collections: - name: vyos.vyos ``` ## Using this collection This collection includes [network resource modules](https://docs.ansible.com/ansible/latest/network/user_guide/network_resource_modules.html). ### Using modules from the VyOS collection in your playbooks You can call modules by their Fully Qualified Collection Namespace (FQCN), such as `vyos.vyos.vyos_static_routes`. The following example task replaces configuration changes in the existing configuration on a VyOS network device, using the FQCN: ```yaml --- - name: Replace device configurations of listed static routes with provided configurations register: result vyos.vyos.vyos_static_routes: &id001 config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: distance: 2 next_hops: - forward_router_address: 192.0.2.7 - forward_router_address: 192.0.2.8 - forward_router_address: 192.0.2.9 state: replaced ``` **NOTE**: For Ansible 2.9, you may not see deprecation warnings when you run your playbooks with this collection. Use this documentation to track when a module is deprecated. ### See Also: * [VyOS Platform Options](https://docs.ansible.com/ansible/latest/network/user_guide/platform_vyos.html) * [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details. ## Contributing to this collection We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the [VyOS collection repository](https://github.com/ansible-collections/vyos). See [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details. You can also join us on: - Freenode IRC - ``#ansible-network`` Freenode channel - Slack - https://ansiblenetwork.slack.com See the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for details on contributing to Ansible. ### Code of Conduct This collection follows the Ansible project's [Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html). Please read and familiarize yourself with this document. ## Changelogs +## Release notes + +Release notes are available [here](https://github.com/ansible-collections/vyos.vyos/blob/main/changelogs/CHANGELOG.rst). + ## Roadmap ## More information - [Ansible network resources](https://docs.ansible.com/ansible/latest/network/getting_started/network_resources.html) - [Ansible Collection overview](https://github.com/ansible-collections/overview) - [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) - [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html) - [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) ## Licensing GNU General Public License v3.0 or later. -See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. \ No newline at end of file +See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. diff --git a/changelogs/CHANGELOG.rst b/changelogs/CHANGELOG.rst index 5488733..b9c7ed4 100644 --- a/changelogs/CHANGELOG.rst +++ b/changelogs/CHANGELOG.rst @@ -1,80 +1,89 @@ ============================= Vyos Collection Release Notes ============================= .. contents:: Topics +v1.0.4 +====== + +Minor Changes +------------- + +- Moved intent testcases from integration suite to unit tests. +- Reformatted files with latest version of Black (20.8b1). + v1.0.3 ====== Release Summary --------------- - Rereleasing 1.0.2 with updated changelog. v1.0.2 ====== Minor Changes ------------- - Fixed the typo in the modulename of ospfv2 and ospfv3 unit tests. - Updated docs. - terminal plugin - Added additional escape sequence to be removed from terminal output. Bugfixes -------- - Added workaround to avoid set_fact dynamically assigning value. This behavior seems to have been broken after ansible2.9. - Make `src`, `backup` and `backup_options` in vyos_config work when module alias is used (https://github.com/ansible-collections/vyos.vyos/pull/67). - vyos_config - fixed issue where config could be saved while in check mode (https://github.com/ansible-collections/vyos.vyos/pull/53) v1.0.1 ====== Minor Changes ------------- - Add doc plugin fixes (https://github.com/ansible-collections/vyos.vyos/pull/51) v1.0.0 ====== New Plugins ----------- Cliconf ~~~~~~~ - vyos - Use vyos cliconf to run command on VyOS platform New Modules ----------- - vyos_banner - Manage multiline banners on VyOS devices - vyos_command - Run one or more commands on VyOS devices - vyos_config - Manage VyOS configuration on remote device - vyos_facts - Get facts about vyos devices. - vyos_firewall_global - FIREWALL global resource module - vyos_firewall_interfaces - FIREWALL interfaces resource module - vyos_firewall_rules - FIREWALL rules resource module - vyos_interface - (deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices - vyos_interfaces - Interfaces resource module - vyos_l3_interface - (deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices - vyos_l3_interfaces - L3 interfaces resource module - vyos_lag_interfaces - LAG interfaces resource module - vyos_linkagg - (deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices - vyos_lldp - (deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices - vyos_lldp_global - LLDP global resource module - vyos_lldp_interface - (deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices - vyos_lldp_interfaces - LLDP interfaces resource module - vyos_logging - Manage logging on network devices - vyos_ospfv2 - OSPFv2 resource module - vyos_ospfv3 - OSPFV3 resource module - vyos_ping - Tests reachability using ping from VyOS network devices - vyos_static_route - (deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices - vyos_static_routes - Static routes resource module - vyos_system - Run `set system` commands on VyOS devices - vyos_user - Manage the collection of local users on VyOS device - vyos_vlan - Manage VLANs on VyOS network devices diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 3dc2020..7e5d152 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -1,130 +1,139 @@ ancestor: null releases: 1.0.0: modules: - description: Manage multiline banners on VyOS devices name: vyos_banner namespace: '' - description: Run one or more commands on VyOS devices name: vyos_command namespace: '' - description: Manage VyOS configuration on remote device name: vyos_config namespace: '' - description: Get facts about vyos devices. name: vyos_facts namespace: '' - description: FIREWALL global resource module name: vyos_firewall_global namespace: '' - description: FIREWALL interfaces resource module name: vyos_firewall_interfaces namespace: '' - description: FIREWALL rules resource module name: vyos_firewall_rules namespace: '' - description: (deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices name: vyos_interface namespace: '' - description: Interfaces resource module name: vyos_interfaces namespace: '' - description: (deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices name: vyos_l3_interface namespace: '' - description: L3 interfaces resource module name: vyos_l3_interfaces namespace: '' - description: LAG interfaces resource module name: vyos_lag_interfaces namespace: '' - description: (deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices name: vyos_linkagg namespace: '' - description: (deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices name: vyos_lldp namespace: '' - description: LLDP global resource module name: vyos_lldp_global namespace: '' - description: (deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices name: vyos_lldp_interface namespace: '' - description: LLDP interfaces resource module name: vyos_lldp_interfaces namespace: '' - description: Manage logging on network devices name: vyos_logging namespace: '' - description: OSPFv2 resource module name: vyos_ospfv2 namespace: '' - description: OSPFV3 resource module name: vyos_ospfv3 namespace: '' - description: Tests reachability using ping from VyOS network devices name: vyos_ping namespace: '' - description: (deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices name: vyos_static_route namespace: '' - description: Static routes resource module name: vyos_static_routes namespace: '' - description: Run `set system` commands on VyOS devices name: vyos_system namespace: '' - description: Manage the collection of local users on VyOS device name: vyos_user namespace: '' - description: Manage VLANs on VyOS network devices name: vyos_vlan namespace: '' plugins: cliconf: - description: Use vyos cliconf to run command on VyOS platform name: vyos namespace: null release_date: '2020-06-23' 1.0.1: changes: minor_changes: - Add doc plugin fixes (https://github.com/ansible-collections/vyos.vyos/pull/51) fragments: - 51-doc-plugin-fixes.yaml release_date: '2020-06-23' 1.0.2: changes: bugfixes: - Added workaround to avoid set_fact dynamically assigning value. This behavior seems to have been broken after ansible2.9. - Make `src`, `backup` and `backup_options` in vyos_config work when module alias is used (https://github.com/ansible-collections/vyos.vyos/pull/67). - vyos_config - fixed issue where config could be saved while in check mode (https://github.com/ansible-collections/vyos.vyos/pull/53) minor_changes: - Fixed the typo in the modulename of ospfv2 and ospfv3 unit tests. - Updated docs. - terminal plugin - Added additional escape sequence to be removed from terminal output. fragments: - 65-remove-unwanted-terminal-chars.yaml - 70-workaround-set_fact.yaml - 72-modulename-typofix.yaml - 73-update-docs.yaml - fix_src_backup_with_module_alias.yaml - prevent-vyos_config-saving-in-check-mode.yaml release_date: '2020-07-31' 1.0.3: changes: release_summary: - Rereleasing 1.0.2 with updated changelog. fragments: - 1.0.3.yaml release_date: '2020-08-06' + 1.0.4: + changes: + minor_changes: + - Moved intent testcases from integration suite to unit tests. + - Reformatted files with latest version of Black (20.8b1). + fragments: + - 71-refactor-interface-test.yaml + - 80-reformat-files.yaml + release_date: '2020-08-27' diff --git a/changelogs/fragments/71-refactor-interface-test.yaml b/changelogs/fragments/71-refactor-interface-test.yaml deleted file mode 100644 index 55c4e57..0000000 --- a/changelogs/fragments/71-refactor-interface-test.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - Moved intent testcases from integration suite to unit tests. diff --git a/changelogs/fragments/80-reformat-files.yaml b/changelogs/fragments/80-reformat-files.yaml deleted file mode 100644 index 21719cc..0000000 --- a/changelogs/fragments/80-reformat-files.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - Reformatted files with latest version of Black (20.8b1). diff --git a/docs/vyos.vyos.vyos_banner_module.rst b/docs/vyos.vyos.vyos_banner_module.rst index dd26e37..8e14ce3 100644 --- a/docs/vyos.vyos.vyos_banner_module.rst +++ b/docs/vyos.vyos.vyos_banner_module.rst @@ -1,283 +1,280 @@ .. _vyos.vyos.vyos_banner_module: ********************* vyos.vyos.vyos_banner ********************* **Manage multiline banners on VyOS devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This will configure both pre-login and post-login banners on remote devices running VyOS. It allows playbooks to add or remote banner text from the active running configuration. Parameters ---------- .. raw:: html - + - - + - - + / required + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
banner
string - / required
-
-
    Choices: -
  • pre-login
  • -
  • post-login
  • -
-
-
Specifies which banner that should be configured on the remote device.
-
+
    Choices: +
  • pre-login
  • +
  • post-login
  • +
+
+
Specifies which banner that should be configured on the remote device.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
-
-
Specifies whether or not the configuration is present in the current devices active running configuration.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
Specifies whether or not the configuration is present in the current devices active running configuration.
+
+
text
string -
-
- -
The banner text that should be present in the remote device running configuration. This argument accepts a multiline string, with no empty lines. Requires state=present.
-
+ +
The banner text that should be present in the remote device running configuration. This argument accepts a multiline string, with no empty lines. Requires state=present.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: configure the pre-login banner vyos.vyos.vyos_banner: banner: pre-login text: | this is my pre-login banner that contains a multiline string state: present - name: remove the post-login banner vyos.vyos.vyos_banner: banner: post-login state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['banner pre-login', 'this is my pre-login banner', 'that contains a multiline', 'string']
+ -
Key Returned Description
+
commands
list -
-
always -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['banner pre-login', 'this is my pre-login banner', 'that contains a multiline', 'string']
-
+

Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) - - diff --git a/docs/vyos.vyos.vyos_command_module.rst b/docs/vyos.vyos.vyos_command_module.rst index bd3d5e6..41041bc 100644 --- a/docs/vyos.vyos.vyos_command_module.rst +++ b/docs/vyos.vyos.vyos_command_module.rst @@ -1,378 +1,377 @@ .. _vyos.vyos.vyos_command_module: ********************** vyos.vyos.vyos_command ********************** **Run one or more commands on VyOS devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - The command module allows running one or more commands on remote devices running VyOS. This module can also be introspected to validate key parameters before returning successfully. If the conditional statements are not met in the wait period, the task fails. - Certain ``show`` commands in VyOS produce many lines of output and use a custom pager that can cause this module to hang. If the value of the environment variable ``ANSIBLE_VYOS_TERMINAL_LENGTH`` is not set, the default number of 10000 is used. Parameters ---------- .. raw:: html - + - - + - - + / elements=raw + / required + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + / elements=string + + + + -
Parameter Choices/DefaultsCommentsComments
+
commands
list - / elements=raw / required
-
- -
The ordered set of commands to execute on the remote device running VyOS. The output from the command execution is returned to the playbook. If the wait_for argument is provided, the module is not returned until the condition is satisfied or the number of retries has been exceeded.
-
If a command sent to the device requires answering a prompt, it is possible to pass a dict containing command, answer and prompt. Common answers are 'y' or "\r" (carriage return, must be double quotes). Refer below examples.
-
+ +
The ordered set of commands to execute on the remote device running VyOS. The output from the command execution is returned to the playbook. If the wait_for argument is provided, the module is not returned until the condition is satisfied or the number of retries has been exceeded.
+
If a command sent to the device requires answering a prompt, it is possible to pass a dict containing command, answer and prompt. Common answers are 'y' or "\r" (carriage return, must be double quotes). Refer below examples.
+
+
interval
integer -
-
- Default:
1
-
-
Configures the interval in seconds to wait between retries of the command. If the command does not pass the specified conditions, the interval indicates how long to wait before trying the command again.
-
+ Default:
1
+
+
Configures the interval in seconds to wait between retries of the command. If the command does not pass the specified conditions, the interval indicates how long to wait before trying the command again.
+
+
match
string -
-
-
    Choices: -
  • any
  • -
  • all ←
  • -
-
-
The match argument is used in conjunction with the wait_for argument to specify the match policy. Valid values are all or any. If the value is set to all then all conditionals in the wait_for must be satisfied. If the value is set to any then only one of the values must be satisfied.
-
+
    Choices: +
  • any
  • +
  • all ←
  • +
+
+
The match argument is used in conjunction with the wait_for argument to specify the match policy. Valid values are all or any. If the value is set to all then all conditionals in the wait_for must be satisfied. If the value is set to any then only one of the values must be satisfied.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
retries
integer -
-
- Default:
10
-
-
Specifies the number of retries a command should be tried before it is considered failed. The command is run on the target device every retry and evaluated against the wait_for conditionals.
-
+ Default:
10
+
+
Specifies the number of retries a command should be tried before it is considered failed. The command is run on the target device every retry and evaluated against the wait_for conditionals.
+
+
wait_for
list - / elements=string
-
- -
Specifies what to evaluate from the output of the command and what conditionals to apply. This argument will cause the task to wait for a particular conditional to be true before moving forward. If the conditional is not true by the configured retries, the task fails. See examples.
-

aliases: waitfor
-
+ +
Specifies what to evaluate from the output of the command and what conditionals to apply. This argument will cause the task to wait for a particular conditional to be true before moving forward. If the conditional is not true by the configured retries, the task fails. See examples.
+

aliases: waitfor
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - Running ``show system boot-messages all`` will cause the module to hang since VyOS is using a custom pager setting to display the output of that command. - If a command sent to the device requires answering a prompt, it is possible to pass a dict containing *command*, *answer* and *prompt*. See examples. - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: show configuration on ethernet devices eth0 and eth1 vyos.vyos.vyos_command: commands: - show interfaces ethernet {{ item }} with_items: - eth0 - eth1 - name: run multiple commands and check if version output contains specific version string vyos.vyos.vyos_command: commands: - show version - show hardware cpu wait_for: - result[0] contains 'VyOS 1.1.7' - name: run command that requires answering a prompt vyos.vyos.vyos_command: commands: - command: rollback 1 prompt: Proceed with reboot? [confirm][y] answer: y - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of conditionals that have failed
+
+
Sample:
+
['...', '...']
+ - - + + + +
The set of responses from the commands
+
+
Sample:
+
['...', '...']
+ - - + + + +
The value of stdout split into a list
+
+
Sample:
+
[['...', '...'], ['...'], ['...']]
+ - - + + + +
The list of warnings (if any) generated by module based on arguments
+
+
Sample:
+
['...', '...']
+ -
Key Returned Description
+
failed_conditions
list -
-
failed -
The list of conditionals that have failed
-
-
Sample:
-
['...', '...']
-
+
stdout
list -
-
always apart from low level errors (such as action plugin) -
The set of responses from the commands
-
-
Sample:
-
['...', '...']
-
+
stdout_lines
list -
-
always -
The value of stdout split into a list
-
-
Sample:
-
[['...', '...'], ['...'], ['...']]
-
+
warnings
list -
-
always -
The list of warnings (if any) generated by module based on arguments
-
-
Sample:
-
['...', '...']
-
+

Status ------ Authors ~~~~~~~ - Nathaniel Case (@Qalthos) - - diff --git a/docs/vyos.vyos.vyos_config_module.rst b/docs/vyos.vyos.vyos_config_module.rst index c3031f3..0914d8e 100644 --- a/docs/vyos.vyos.vyos_config_module.rst +++ b/docs/vyos.vyos.vyos_config_module.rst @@ -1,514 +1,511 @@ .. _vyos.vyos.vyos_config_module: ********************* vyos.vyos.vyos_config ********************* **Manage VyOS configuration on remote device** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides configuration file management of VyOS devices. It provides arguments for managing both the configuration file and state of the active configuration. All configuration statements are based on `set` and `delete` commands in the device configuration. Parameters ---------- .. raw:: html - + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + / elements=string + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
backup
boolean -
-
-
    Choices: -
  • no ←
  • -
  • yes
  • -
-
-
The backup argument will backup the current devices active configuration to the Ansible control host prior to making any changes. If the backup_options value is not given, the backup file will be located in the backup folder in the playbook root directory or role root directory, if playbook is part of an ansible role. If the directory does not exist, it is created.
-
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
The backup argument will backup the current devices active configuration to the Ansible control host prior to making any changes. If the backup_options value is not given, the backup file will be located in the backup folder in the playbook root directory or role root directory, if playbook is part of an ansible role. If the directory does not exist, it is created.
+
+
backup_options
dictionary -
-
- -
This is a dict object containing configurable options related to backup file path. The value of this option is read only when backup is set to yes, if backup is set to no this option will be silently ignored.
-
+ +
This is a dict object containing configurable options related to backup file path. The value of this option is read only when backup is set to yes, if backup is set to no this option will be silently ignored.
+
+
dir_path
path -
-
- -
This option provides the path ending with directory name in which the backup configuration file will be stored. If the directory does not exist it will be first created and the filename is either the value of filename or default filename as described in filename options description. If the path value is not given in that case a backup directory will be created in the current working directory and backup configuration will be copied in filename within backup directory.
-
+ +
This option provides the path ending with directory name in which the backup configuration file will be stored. If the directory does not exist it will be first created and the filename is either the value of filename or default filename as described in filename options description. If the path value is not given in that case a backup directory will be created in the current working directory and backup configuration will be copied in filename within backup directory.
+
+
filename
string -
-
- -
The filename to be used to store the backup configuration. If the filename is not given it will be generated based on the hostname, current time and date in format defined by <hostname>_config.<current-date>@<current-time>
-
+ +
The filename to be used to store the backup configuration. If the filename is not given it will be generated based on the hostname, current time and date in format defined by <hostname>_config.<current-date>@<current-time>
+
+ +
comment
string -
-
- Default:
"configured by vyos_config"
-
-
Allows a commit description to be specified to be included when the configuration is committed. If the configuration is not changed or committed, this argument is ignored.
-
+ Default:
"configured by vyos_config"
+
+
Allows a commit description to be specified to be included when the configuration is committed. If the configuration is not changed or committed, this argument is ignored.
+
+
config
string -
-
- -
The config argument specifies the base configuration to use to compare against the desired configuration. If this value is not specified, the module will automatically retrieve the current active configuration from the remote device.
-
+ +
The config argument specifies the base configuration to use to compare against the desired configuration. If this value is not specified, the module will automatically retrieve the current active configuration from the remote device.
+
+
lines
list - / elements=string
-
- -
The ordered set of configuration lines to be managed and compared with the existing configuration on the remote device.
-
+ +
The ordered set of configuration lines to be managed and compared with the existing configuration on the remote device.
+
+
match
string -
-
-
    Choices: -
  • line ←
  • -
  • none
  • -
-
-
The match argument controls the method used to match against the current active configuration. By default, the desired config is matched against the active config and the deltas are loaded. If the match argument is set to none the active configuration is ignored and the configuration is always loaded.
-
+
    Choices: +
  • line ←
  • +
  • none
  • +
+
+
The match argument controls the method used to match against the current active configuration. By default, the desired config is matched against the active config and the deltas are loaded. If the match argument is set to none the active configuration is ignored and the configuration is always loaded.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
save
boolean -
-
-
    Choices: -
  • no ←
  • -
  • yes
  • -
-
-
The save argument controls whether or not changes made to the active configuration are saved to disk. This is independent of committing the config. When set to True, the active configuration is saved.
-
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
The save argument controls whether or not changes made to the active configuration are saved to disk. This is independent of committing the config. When set to True, the active configuration is saved.
+
+
src
path -
-
- -
The src argument specifies the path to the source config file to load. The source config file can either be in bracket format or set format. The source file can include Jinja2 template variables.
-
+ +
The src argument specifies the path to the source config file to load. The source config file can either be in bracket format or set format. The source file can include Jinja2 template variables.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: configure the remote device vyos.vyos.vyos_config: lines: - set system host-name {{ inventory_hostname }} - set service lldp - delete service dhcp-server - name: backup and load from file vyos.vyos.vyos_config: src: vyos.cfg backup: yes - name: render a Jinja2 template onto the VyOS router vyos.vyos.vyos_config: src: vyos_template.j2 - name: for idempotency, use full-form commands vyos.vyos.vyos_config: lines: # - set int eth eth2 description 'OUTSIDE' - set interface ethernet eth2 description 'OUTSIDE' - name: configurable backup path vyos.vyos.vyos_config: backup: yes backup_options: filename: backup.cfg dir_path: /home/user - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The full path to the backup file
+
+
Sample:
+
/playbooks/ansible/backup/vyos_config.2016-07-16@22:28:34
+ - - + + + +
The list of configuration commands sent to the device
+
+
Sample:
+
['...', '...']
+ - - + + + +
The date extracted from the backup file name
+
+
Sample:
+
2016-07-16
+ - - + + + +
The name of the backup file
+
+
Sample:
+
vyos_config.2016-07-16@22:28:34
+ - - + + + +
The list of configuration commands removed to avoid a load failure
+
+
Sample:
+
['...', '...']
+ - - + + + +
The full path to the backup file excluding the timestamp
+
+
Sample:
+
/playbooks/ansible/backup/vyos_config
+ - - + + + +
The time extracted from the backup file name
+
+
Sample:
+
22:28:34
+ -
Key Returned Description
+
backup_path
string -
-
when backup is yes -
The full path to the backup file
-
-
Sample:
-
/playbooks/ansible/backup/vyos_config.2016-07-16@22:28:34
-
+
commands
list -
-
always -
The list of configuration commands sent to the device
-
-
Sample:
-
['...', '...']
-
+
date
string -
-
when backup is yes -
The date extracted from the backup file name
-
-
Sample:
-
2016-07-16
-
+
filename
string -
-
when backup is yes and filename is not specified in backup options -
The name of the backup file
-
-
Sample:
-
vyos_config.2016-07-16@22:28:34
-
+
filtered
list -
-
always -
The list of configuration commands removed to avoid a load failure
-
-
Sample:
-
['...', '...']
-
+
shortname
string -
-
when backup is yes and filename is not specified in backup options -
The full path to the backup file excluding the timestamp
-
-
Sample:
-
/playbooks/ansible/backup/vyos_config
-
+
time
string -
-
when backup is yes -
The time extracted from the backup file name
-
-
Sample:
-
22:28:34
-
+

Status ------ Authors ~~~~~~~ - Nathaniel Case (@Qalthos) - - diff --git a/docs/vyos.vyos.vyos_facts_module.rst b/docs/vyos.vyos.vyos_facts_module.rst index f609b9e..d285864 100644 --- a/docs/vyos.vyos.vyos_facts_module.rst +++ b/docs/vyos.vyos.vyos_facts_module.rst @@ -1,429 +1,427 @@ .. _vyos.vyos.vyos_facts_module: ******************** vyos.vyos.vyos_facts ******************** **Get facts about vyos devices.** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Collects facts from network devices running the vyos operating system. This module places the facts gathered in the fact tree keyed by the respective resource name. The facts module will always collect a base set of facts from the device and can enable or disable collection of additional facts. Parameters ---------- .. raw:: html - + - - + - - + / elements=string + + + + - - + - - + / elements=string + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - -
Parameter Choices/DefaultsCommentsComments
+
gather_network_resources
list - / elements=string
-
- -
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all and the resources like interfaces. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces', 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', 'firewall_interfaces', 'ospfv3', 'ospfv2'.
-
+ +
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all and the resources like interfaces. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces', 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', 'firewall_interfaces', 'ospfv3', 'ospfv2'.
+
+
gather_subset
list - / elements=string
-
- Default:
"!config"
-
-
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all, default, config, and neighbors. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected.
-
+ Default:
"!config"
+
+
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all, default, config, and neighbors. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - # Gather all facts - vyos.vyos.vyos_facts: gather_subset: all gather_network_resources: all # collect only the config and default facts - vyos.vyos.vyos_facts: gather_subset: config # collect everything exception the config - vyos.vyos.vyos_facts: gather_subset: '!config' # Collect only the interfaces facts - vyos.vyos.vyos_facts: gather_subset: - '!all' - '!min' gather_network_resources: - interfaces # Do not collect interfaces facts - vyos.vyos.vyos_facts: gather_network_resources: - '!interfaces' # Collect interfaces and minimal default facts - vyos.vyos.vyos_facts: gather_subset: min gather_network_resources: interfaces - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The name of the transport
+
+ - - + + + +
The set of available configuration revisions
+
+ - - + + + +
The running-config from the device
+
+ - - + + + +
The list of fact resource subsets collected from the device
+
+ - - + + + +
The list of subsets gathered by the module
+
+ - - + + + +
The configured system hostname
+
+ - - + + + +
The device model string
+
+ - - + + + +
The set of LLDP neighbors
+
+ - - + + + +
The Python version Ansible controller is using
+
+ - - + + + +
The serial number of the device
+
+ - - + + + +
The version of the software running
+
+ -
Key Returned Description
+
ansible_net_api
string -
-
always -
The name of the transport
-
-
+
ansible_net_commits
list -
-
when present -
The set of available configuration revisions
-
-
+
ansible_net_config
string -
-
when config is configured -
The running-config from the device
-
-
+
ansible_net_gather_network_resources
list -
-
always -
The list of fact resource subsets collected from the device
-
-
+
ansible_net_gather_subset
list -
-
always -
The list of subsets gathered by the module
-
-
+
ansible_net_hostname
string -
-
always -
The configured system hostname
-
-
+
ansible_net_model
string -
-
always -
The device model string
-
-
+
ansible_net_neighbors
list -
-
when interface is configured -
The set of LLDP neighbors
-
-
+
ansible_net_python_version
string -
-
always -
The Python version Ansible controller is using
-
-
+
ansible_net_serialnum
string -
-
always -
The serial number of the device
-
-
+
ansible_net_version
string -
-
always -
The version of the software running
-
-
+

Status ------ Authors ~~~~~~~ - Nathaniel Case (@qalthos) - Nilashish Chakraborty (@Nilashishc) - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_firewall_global_module.rst b/docs/vyos.vyos.vyos_firewall_global_module.rst index f7e6462..30f7ecf 100644 --- a/docs/vyos.vyos.vyos_firewall_global_module.rst +++ b/docs/vyos.vyos.vyos_firewall_global_module.rst @@ -1,1741 +1,1749 @@ .. _vyos.vyos.vyos_firewall_global_module: ****************************** vyos.vyos.vyos_firewall_global ****************************** **FIREWALL global resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manage global policies or configurations for firewall on VyOS devices. Parameters ---------- .. raw:: html - + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + / elements=dictionary + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + - - + / required + + + + - - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + / elements=dictionary + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + - - + / required + + + + - - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + / elements=dictionary + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + - - + / required + + + + - - - - - + + - - + + + + - - - + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + / required + + + + - - - - + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + - - + + + + - - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
dictionary -
-
- -
A dictionary of Firewall global configuration options.
-
+ +
A dictionary of Firewall global configuration options.
+
+
config_trap
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
SNMP trap generation on firewall configuration changes.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
SNMP trap generation on firewall configuration changes.
+
+
group
dictionary -
-
- -
Defines a group of objects for referencing in firewall rules.
-
+ +
Defines a group of objects for referencing in firewall rules.
+
+
address_group
list - / elements=dictionary
-
- -
Defines a group of IP addresses for referencing in firewall rules.
-
+ +
Defines a group of IP addresses for referencing in firewall rules.
+
+
description
string -
-
- -
Allows you to specify a brief description for the address group.
-
+ +
Allows you to specify a brief description for the address group.
+
+
members
list - / elements=dictionary
-
- -
Address-group members.
-
IPv4 address to match.
-
IPv4 range to match.
-
+ +
Address-group members.
+
IPv4 address to match.
+
IPv4 range to match.
+
+
address
string -
-
- -
IP address.
-
+ +
IP address.
+
+ +
name
string - / required
-
- -
Name of the firewall address group.
-
+ +
Name of the firewall address group.
+
+ +
network_group
list - / elements=dictionary
-
- -
Defines a group of networks for referencing in firewall rules.
-
+ +
Defines a group of networks for referencing in firewall rules.
+
+
description
string -
-
- -
Allows you to specify a brief description for the network group.
-
+ +
Allows you to specify a brief description for the network group.
+
+
members
list - / elements=dictionary
-
- -
Adds an IPv4 network to the specified network group.
-
The format is ip-address/prefix.
-
+ +
Adds an IPv4 network to the specified network group.
+
The format is ip-address/prefix.
+
+
address
string -
-
- -
IP address.
-
+ +
IP address.
+
+ +
name
string - / required
-
- -
Name of the firewall network group.
-
+ +
Name of the firewall network group.
+
+ +
port_group
list - / elements=dictionary
-
- -
Defines a group of ports for referencing in firewall rules.
-
+ +
Defines a group of ports for referencing in firewall rules.
+
+
description
string -
-
- -
Allows you to specify a brief description for the port group.
-
+ +
Allows you to specify a brief description for the port group.
+
+
members
list - / elements=dictionary
-
- -
Port-group member.
-
+ +
Port-group member.
+
+
port
string -
-
- -
Defines the number.
-
+ +
Defines the number.
+
+ +
name
string - / required
-
- -
Name of the firewall port group.
-
+ +
Name of the firewall port group.
+
+ + +
log_martians
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Specifies whether or not to record packets with invalid addresses in the log.
-
(True) Logs packets with invalid addresses.
-
(False) Does not log packets with invalid addresses.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Specifies whether or not to record packets with invalid addresses in the log.
+
(True) Logs packets with invalid addresses.
+
(False) Does not log packets with invalid addresses.
+
+
ping
dictionary -
-
- -
Policy for handling of all IPv4 ICMP echo requests.
-
+ +
Policy for handling of all IPv4 ICMP echo requests.
+
+
all
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enables or disables response to all IPv4 ICMP Echo Request (ping) messages.
-
The system responds to IPv4 ICMP Echo Request messages.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enables or disables response to all IPv4 ICMP Echo Request (ping) messages.
+
The system responds to IPv4 ICMP Echo Request messages.
+
+
broadcast
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enables or disables response to broadcast IPv4 ICMP Echo Request and Timestamp Request messages.
-
IPv4 ICMP Echo and Timestamp Request messages are not processed.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enables or disables response to broadcast IPv4 ICMP Echo Request and Timestamp Request messages.
+
IPv4 ICMP Echo and Timestamp Request messages are not processed.
+
+ +
route_redirects
list - / elements=dictionary
-
- -
-A dictionary of Firewall icmp redirect and source route global configuration options.
-
+ +
-A dictionary of Firewall icmp redirect and source route global configuration options.
+
+
afi
string - / required
-
-
    Choices: -
  • ipv4
  • -
  • ipv6
  • -
-
-
Specifies IP address type
-
+
    Choices: +
  • ipv4
  • +
  • ipv6
  • +
+
+
Specifies IP address type
+
+
icmp_redirects
dictionary -
-
- -
Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect messages.
-
+ +
Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect messages.
+
+
receive
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Permits or denies receiving packets ICMP redirect messages.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Permits or denies receiving packets ICMP redirect messages.
+
+
send
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Permits or denies transmitting packets ICMP redirect messages.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Permits or denies transmitting packets ICMP redirect messages.
+
+ +
ip_src_route
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Specifies whether or not to process source route IP options.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Specifies whether or not to process source route IP options.
+
+ +
state_policy
list - / elements=dictionary
-
- -
Specifies global firewall state-policy.
-
+ +
Specifies global firewall state-policy.
+
+
action
string -
-
-
    Choices: -
  • accept
  • -
  • drop
  • -
  • reject
  • -
-
-
Action for packets part of an established connection.
-
+
    Choices: +
  • accept
  • +
  • drop
  • +
  • reject
  • +
+
+
Action for packets part of an established connection.
+
+
connection_type
string -
-
-
    Choices: -
  • established
  • -
  • invalid
  • -
  • related
  • -
-
-
Specifies connection type.
-
+
    Choices: +
  • established
  • +
  • invalid
  • +
  • related
  • +
+
+
Specifies connection type.
+
+
log
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enable logging of packets part of an established connection.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enable logging of packets part of an established connection.
+
+ +
syn_cookies
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Specifies policy for using TCP SYN cookies with IPv4.
-
(True) Enables TCP SYN cookies with IPv4.
-
(False) Disables TCP SYN cookies with IPv4.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Specifies policy for using TCP SYN cookies with IPv4.
+
(True) Enables TCP SYN cookies with IPv4.
+
(False) Disables TCP SYN cookies with IPv4.
+
+
twa_hazards_protection
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
RFC1337 TCP TIME-WAIT assasination hazards protection.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
RFC1337 TCP TIME-WAIT assasination hazards protection.
+
+
validation
string -
-
-
    Choices: -
  • strict
  • -
  • loose
  • -
  • disable
  • -
-
-
Specifies a policy for source validation by reversed path, as defined in RFC 3704.
-
(disable) No source validation is performed.
-
(loose) Enable Loose Reverse Path Forwarding as defined in RFC3704.
-
(strict) Enable Strict Reverse Path Forwarding as defined in RFC3704.
-
+
    Choices: +
  • strict
  • +
  • loose
  • +
  • disable
  • +
+
+
Specifies a policy for source validation by reversed path, as defined in RFC 3704.
+
(disable) No source validation is performed.
+
(loose) Enable Loose Reverse Path Forwarding as defined in RFC3704.
+
(strict) Enable Strict Reverse Path Forwarding as defined in RFC3704.
+
+ +
running_config
string -
-
- -
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command show configuration commands | grep 'firewall'
-
+ +
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command show configuration commands | grep 'firewall'
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • deleted
  • -
  • gathered
  • -
  • rendered
  • -
  • parsed
  • -
-
-
The state the configuration should be left in.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • deleted
  • +
  • gathered
  • +
  • rendered
  • +
  • parsed
  • +
+
+
The state the configuration should be left in.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep firewall # # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set firewall group address-group MGMT-HOSTS address 192.0.1.1", # "set firewall group address-group MGMT-HOSTS address 192.0.1.3", # "set firewall group address-group MGMT-HOSTS address 192.0.1.5", # "set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'", # "set firewall group address-group MGMT-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using parsed # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: running_config: "set firewall all-ping 'enable' set firewall broadcast-ping 'enable' set firewall config-trap 'enable' set firewall group address-group ENG-HOSTS address '192.0.3.1' set firewall group address-group ENG-HOSTS address '192.0.3.2' set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' set firewall group address-group SALES-HOSTS address '192.0.2.1' set firewall group address-group SALES-HOSTS address '192.0.2.2' set firewall group address-group SALES-HOSTS address '192.0.2.3' set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' set firewall group network-group MGMT description 'This group has the Management network addresses' set firewall group network-group MGMT network '192.0.1.0/24' set firewall ip-src-route 'enable' set firewall log-martians 'enable' set firewall receive-redirects 'disable' set firewall send-redirects 'enable' set firewall source-validation 'strict' set firewall state-policy established action 'accept' set firewall state-policy established log 'enable' set firewall state-policy invalid action 'reject' set firewall syn-cookies 'enable' set firewall twa-hazards-protection 'enable'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # } # # # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' - name: Delete attributes of firewall. vyos.vyos.vyos_firewall_global: config: state_policy: config_trap: log_martians: syn_cookies: twa_hazards_protection: route_redirects: ping: group: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # "commands": [ # "delete firewall source-validation", # "delete firewall group", # "delete firewall log-martians", # "delete firewall ip-src-route", # "delete firewall receive-redirects", # "delete firewall send-redirects", # "delete firewall config-trap", # "delete firewall state-policy", # "delete firewall syn-cookies", # "delete firewall broadcast-ping", # "delete firewall all-ping", # "delete firewall twa-hazards-protection" # ] # # "after": [] # After state # ------------ # vyos@192# run show configuration commands | grep firewall # set 'firewall' # # # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Replace firewall global attributes configuration. vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # "commands": [ # "delete firewall group address-group MGMT-HOSTS", # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Gather firewall global config with provided configurations vyos.vyos.vyos_firewall_global: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set firewall group address-group ENG-HOSTS', 'set firewall group address-group ENG-HOSTS address 192.0.3.1']
+ -
Key Returned Description
+
after
list -
-
when changed -
The resulting configuration model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The resulting configuration model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration prior to the model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration prior to the model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
['set firewall group address-group ENG-HOSTS', 'set firewall group address-group ENG-HOSTS address 192.0.3.1']
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_firewall_interfaces_module.rst b/docs/vyos.vyos.vyos_firewall_interfaces_module.rst index 9e37a42..7c55b04 100644 --- a/docs/vyos.vyos.vyos_firewall_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_firewall_interfaces_module.rst @@ -1,1413 +1,1413 @@ .. _vyos.vyos.vyos_firewall_interfaces_module: ********************************** vyos.vyos.vyos_firewall_interfaces ********************************** **FIREWALL interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Manage firewall rules of interfaces on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + / required + + + + - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + / required + + + + - - - - - + + + + - - + + + + - - - - - + + - - + / required + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
list - / elements=dictionary
-
- -
A list of firewall rules options for interfaces.
-
+ +
A list of firewall rules options for interfaces.
+
+
access_rules
list - / elements=dictionary
-
- -
Specifies firewall rules attached to the interfaces.
-
+ +
Specifies firewall rules attached to the interfaces.
+
+
afi
string - / required
-
-
    Choices: -
  • ipv4
  • -
  • ipv6
  • -
-
-
Specifies the AFI for the Firewall rules to be configured on this interface.
-
+
    Choices: +
  • ipv4
  • +
  • ipv6
  • +
+
+
Specifies the AFI for the Firewall rules to be configured on this interface.
+
+
rules
list - / elements=dictionary
-
- -
Specifies the firewall rules for the provided AFI.
-
+ +
Specifies the firewall rules for the provided AFI.
+
+
direction
string - / required
-
-
    Choices: -
  • in
  • -
  • local
  • -
  • out
  • -
-
-
Specifies the direction of packets that the firewall rule will be applied on.
-
+
    Choices: +
  • in
  • +
  • local
  • +
  • out
  • +
+
+
Specifies the direction of packets that the firewall rule will be applied on.
+
+
name
string -
-
- -
Specifies the name of the IPv4/IPv6 Firewall rule for the interface.
-
+ +
Specifies the name of the IPv4/IPv6 Firewall rule for the interface.
+
+ + +
name
string - / required
-
- -
Name/Identifier for the interface.
-
+ +
Name/Identifier for the interface.
+
+ +
running_config
string -
-
- -
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command C(show configuration commands | grep 'firewall'
-
+ +
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command C(show configuration commands | grep 'firewall'
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • overridden
  • -
  • deleted
  • -
  • parsed
  • -
  • rendered
  • -
  • gathered
  • -
-
-
The state the configuration should be left in.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • overridden
  • +
  • deleted
  • +
  • parsed
  • +
  • rendered
  • +
  • gathered
  • +
+
+
The state the configuration should be left in.
+
+
Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_firewall_interfaces: config: - access_rules: - afi: ipv4 rules: - name: INBOUND direction: in - name: OUTBOUND direction: out - name: LOCAL direction: local - afi: ipv6 rules: - name: V6-LOCAL direction: local name: eth1 - access_rules: - afi: ipv4 rules: - name: INBOUND direction: in - name: OUTBOUND direction: out - name: LOCAL direction: local - afi: ipv6 rules: - name: V6-LOCAL direction: local name: eth3 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ] # # "commands": [ # "set interfaces ethernet eth1 firewall in name 'INBOUND'", # "set interfaces ethernet eth1 firewall out name 'OUTBOUND'", # "set interfaces ethernet eth1 firewall local name 'LOCAL'", # "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'", # "set interfaces ethernet eth3 firewall in name 'INBOUND'", # "set interfaces ethernet eth3 firewall out name 'OUTBOUND'", # "set interfaces ethernet eth3 firewall local name 'LOCAL'", # "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'" # ] # # "after": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_firewall_interfaces: config: - access_rules: - afi: ipv4 rules: - name: OUTBOUND direction: in - name: INBOUND direction: out name: eth1 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # "commands": [ # "set interfaces ethernet eth1 firewall in name 'OUTBOUND'", # "set interfaces ethernet eth1 firewall out name 'INBOUND'" # ] # # "after": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "OUTBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "INBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'OUTBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'INBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Replace device configurations of listed firewall interfaces with provided configurations vyos.vyos.vyos_firewall_interfaces: config: - name: eth1 access_rules: - afi: ipv4 rules: - name: OUTBOUND direction: out - afi: ipv6 rules: - name: V6-LOCAL direction: local - name: eth3 access_rules: - afi: ipv4 rules: - name: INBOUND direction: in state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # "commands": [ # "delete interfaces ethernet eth1 firewall in name", # "delete interfaces ethernet eth1 firewall local name", # "delete interfaces ethernet eth3 firewall local name", # "delete interfaces ethernet eth3 firewall out name", # "delete interfaces ethernet eth3 firewall local ipv6-name" # ] # # "after": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_firewall_interfaces: config: - name: eth3 access_rules: - afi: ipv4 rules: - name: INBOUND direction: out state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before":[ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # "commands": [ # "delete interfaces ethernet eth1 firewall", # "delete interfaces ethernet eth3 firewall in name", # "set interfaces ethernet eth3 firewall out name 'INBOUND'" # # # "after": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # # After state # ------------ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth3 firewall 'in' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall out name 'INBOUND' # Using deleted per interface name # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Delete firewall interfaces based on interface name. vyos.vyos.vyos_firewall_interfaces: config: - name: eth1 - name: eth3 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # "commands": [ # "delete interfaces ethernet eth1 firewall", # "delete interfaces ethernet eth3 firewall" # ] # # "after": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ] # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # Using deleted per afi # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Delete firewall interfaces config per afi. vyos.vyos.vyos_firewall_interfaces: config: - name: eth1 access_rules: - afi: ipv4 - afi: ipv6 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "commands": [ # "delete interfaces ethernet eth1 firewall in name", # "delete interfaces ethernet eth1 firewall out name", # "delete interfaces ethernet eth1 firewall local name", # "delete interfaces ethernet eth1 firewall local ipv6-name" # ] # # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # Using deleted without config # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Delete firewall interfaces config when empty config provided. vyos.vyos.vyos_firewall_interfaces: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "commands": [ # "delete interfaces ethernet eth1 firewall", # "delete interfaces ethernet eth1 firewall" # ] # # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # Using parsed # # - name: Parse the provided configuration vyos.vyos.vyos_firewall_interfaces: running_config: "set interfaces ethernet eth1 firewall in name 'INBOUND' set interfaces ethernet eth1 firewall out name 'OUTBOUND' set interfaces ethernet eth1 firewall local name 'LOCAL' set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' set interfaces ethernet eth2 firewall in name 'INBOUND' set interfaces ethernet eth2 firewall out name 'OUTBOUND' set interfaces ethernet eth2 firewall local name 'LOCAL' set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth2" # }, # { # "name": "eth3" # } # ] # Using gathered # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # - name: Gather listed firewall interfaces. vyos.vyos.vyos_firewall_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_interfaces: config: - name: eth2 access_rules: - afi: ipv4 rules: - direction: in name: INGRESS - direction: out name: OUTGRESS - direction: local name: DROP state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces ethernet eth2 firewall in name 'INGRESS'", # "set interfaces ethernet eth2 firewall out name 'OUTGRESS'", # "set interfaces ethernet eth2 firewall local name 'DROP'", # "set interfaces ethernet eth2 firewall local ipv6-name 'LOCAL'" # ] - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
["set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'", "set interfaces ethernet eth3 firewall in name 'INBOUND'"]
+ -
Key Returned Description
+
after
list -
-
when changed -
The resulting configuration model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The resulting configuration model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration prior to the model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration prior to the model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
["set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'", "set interfaces ethernet eth3 firewall in name 'INBOUND'"]
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_firewall_rules_module.rst b/docs/vyos.vyos.vyos_firewall_rules_module.rst index 647f835..15073b1 100644 --- a/docs/vyos.vyos.vyos_firewall_rules_module.rst +++ b/docs/vyos.vyos.vyos_firewall_rules_module.rst @@ -1,2440 +1,2440 @@ .. _vyos.vyos.vyos_firewall_rules_module: ***************************** vyos.vyos.vyos_firewall_rules ***************************** **FIREWALL rules resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages firewall rule-set attributes on VyOS devices Parameters ---------- .. raw:: html - + - - + - - - - - - + + + + + + - - + / required + + + + - - - + + - - - - - - - + + + + + + + - - - - - - - + + + + + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + + + - - + - - - -
Parameter Choices/DefaultsCommentsComments
+
config
list - / elements=dictionary
-
- -
A dictionary of Firewall rule-set options.
-
+ / elements=dictionary + + + +
A dictionary of Firewall rule-set options.
+
afi
string - / required
-
-
    Choices: -
  • ipv4
  • -
  • ipv6
  • -
-
-
Specifies the type of rule-set.
-
+
    Choices: +
  • ipv4
  • +
  • ipv6
  • +
+
+
Specifies the type of rule-set.
+
+
rule_sets
list - / elements=dictionary
-
- -
The Firewall rule-set list.
-
+ / elements=dictionary + + + +
The Firewall rule-set list.
+
default_action
string -
-
-
    Choices: -
  • drop
  • -
  • reject
  • -
  • accept
  • -
-
-
Default action for rule-set.
-
drop (Drop if no prior rules are hit (default))
-
reject (Drop and notify source if no prior rules are hit)
-
accept (Accept if no prior rules are hit)
-
+ + +
    Choices: +
  • drop
  • +
  • reject
  • +
  • accept
  • +
+
+
Default action for rule-set.
+
drop (Drop if no prior rules are hit (default))
+
reject (Drop and notify source if no prior rules are hit)
+
accept (Accept if no prior rules are hit)
+
description
string -
-
- -
Rule set description.
-
+ +
Rule set description.
+
+
enable_default_log
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Option to log packets hitting default-action.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Option to log packets hitting default-action.
+
+
name
string -
-
- -
Firewall rule set name.
-
+ +
Firewall rule set name.
+
+
rules
list - / elements=dictionary
-
- -
A ditionary that specifies the rule-set configurations.
-
+ / elements=dictionary + + + +
A ditionary that specifies the rule-set configurations.
+
action
string -
-
-
    Choices: -
  • drop
  • -
  • reject
  • -
  • accept
  • -
  • inspect
  • -
-
-
Specifying the action.
-
+ + +
    Choices: +
  • drop
  • +
  • reject
  • +
  • accept
  • +
  • inspect
  • +
+
+
Specifying the action.
+
description
string -
-
- -
Description of this rule.
-
+ + + +
Description of this rule.
+
destination
dictionary -
-
- -
Specifying the destination parameters.
-
+ + + +
Specifying the destination parameters.
+
address
string -
-
- -
Destination ip address subnet or range.
-
IPv4/6 address, subnet or range to match.
-
Match everything except the specified address, subnet or range.
-
Destination ip address subnet or range.
-
+ + + +
Destination ip address subnet or range.
+
IPv4/6 address, subnet or range to match.
+
Match everything except the specified address, subnet or range.
+
Destination ip address subnet or range.
+
group
dictionary -
-
- -
Destination group.
-
+ + + +
Destination group.
+
address_group
string -
-
- -
Group of addresses.
-
+ + + +
Group of addresses.
+
network_group
string -
-
- -
Group of networks.
-
+ + + +
Group of networks.
+
port_group
string -
-
- -
Group of ports.
-
+ + + +
Group of ports.
+
port
string -
-
- -
Multiple destination ports can be specified as a comma-separated list.
-
The whole list can also be "negated" using '!'.
-
For example:'!22,telnet,http,123,1001-1005'.
-
+ + + +
Multiple destination ports can be specified as a comma-separated list.
+
The whole list can also be "negated" using '!'.
+
For example:'!22,telnet,http,123,1001-1005'.
+
disabled
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Option to disable firewall rule.
-
+ + +
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Option to disable firewall rule.
+
fragment
string -
-
-
    Choices: -
  • match-frag
  • -
  • match-non-frag
  • -
-
-
IP fragment match.
-
+ + +
    Choices: +
  • match-frag
  • +
  • match-non-frag
  • +
+
+
IP fragment match.
+
icmp
dictionary -
-
- -
ICMP type and code information.
-
+ + + +
ICMP type and code information.
+
code
integer -
-
- -
ICMP code.
-
+ + + +
ICMP code.
+
type
integer -
-
- -
ICMP type.
-
+ + + +
ICMP type.
+
type_name
string -
-
-
    Choices: -
  • any
  • -
  • echo-reply
  • -
  • destination-unreachable
  • -
  • network-unreachable
  • -
  • host-unreachable
  • -
  • protocol-unreachable
  • -
  • port-unreachable
  • -
  • fragmentation-needed
  • -
  • source-route-failed
  • -
  • network-unknown
  • -
  • host-unknown
  • -
  • network-prohibited
  • -
  • host-prohibited
  • -
  • TOS-network-unreachable
  • -
  • TOS-host-unreachable
  • -
  • communication-prohibited
  • -
  • host-precedence-violation
  • -
  • precedence-cutoff
  • -
  • source-quench
  • -
  • redirect
  • -
  • network-redirect
  • -
  • host-redirect
  • -
  • TOS-network-redirect
  • -
  • TOS-host-redirect
  • -
  • echo-request
  • -
  • router-advertisement
  • -
  • router-solicitation
  • -
  • time-exceeded
  • -
  • ttl-zero-during-transit
  • -
  • ttl-zero-during-reassembly
  • -
  • parameter-problem
  • -
  • ip-header-bad
  • -
  • required-option-missing
  • -
  • timestamp-request
  • -
  • timestamp-reply
  • -
  • address-mask-request
  • -
  • address-mask-reply
  • -
  • ping
  • -
  • pong
  • -
  • ttl-exceeded
  • -
-
-
ICMP type-name.
-
+ + +
    Choices: +
  • any
  • +
  • echo-reply
  • +
  • destination-unreachable
  • +
  • network-unreachable
  • +
  • host-unreachable
  • +
  • protocol-unreachable
  • +
  • port-unreachable
  • +
  • fragmentation-needed
  • +
  • source-route-failed
  • +
  • network-unknown
  • +
  • host-unknown
  • +
  • network-prohibited
  • +
  • host-prohibited
  • +
  • TOS-network-unreachable
  • +
  • TOS-host-unreachable
  • +
  • communication-prohibited
  • +
  • host-precedence-violation
  • +
  • precedence-cutoff
  • +
  • source-quench
  • +
  • redirect
  • +
  • network-redirect
  • +
  • host-redirect
  • +
  • TOS-network-redirect
  • +
  • TOS-host-redirect
  • +
  • echo-request
  • +
  • router-advertisement
  • +
  • router-solicitation
  • +
  • time-exceeded
  • +
  • ttl-zero-during-transit
  • +
  • ttl-zero-during-reassembly
  • +
  • parameter-problem
  • +
  • ip-header-bad
  • +
  • required-option-missing
  • +
  • timestamp-request
  • +
  • timestamp-reply
  • +
  • address-mask-request
  • +
  • address-mask-reply
  • +
  • ping
  • +
  • pong
  • +
  • ttl-exceeded
  • +
+
+
ICMP type-name.
+
ipsec
string -
-
-
    Choices: -
  • match-ipsec
  • -
  • match-none
  • -
-
-
Inboud ip sec packets.
-
+ + +
    Choices: +
  • match-ipsec
  • +
  • match-none
  • +
+
+
Inboud ip sec packets.
+
limit
dictionary -
-
- -
Rate limit using a token bucket filter.
-
+ + + +
Rate limit using a token bucket filter.
+
burst
integer -
-
- -
Maximum number of packets to allow in excess of rate.
-
+ + + +
Maximum number of packets to allow in excess of rate.
+
rate
dictionary -
-
- -
format for rate (integer/time unit).
-
any one of second, minute, hour or day may be used to specify time unit.
-
eg. 1/second implies rule to be matched at an average of once per second.
-
+ + + +
format for rate (integer/time unit).
+
any one of second, minute, hour or day may be used to specify time unit.
+
eg. 1/second implies rule to be matched at an average of once per second.
+
number
integer -
-
- -
This is the integer value.
-
+ + + +
This is the integer value.
+
unit
string -
-
- -
This is the time unit.
-
+ + + +
This is the time unit.
+
number
integer - / required
-
- -
Rule number.
-
+ / required + + + +
Rule number.
+
p2p
list - / elements=dictionary
-
- -
P2P application packets.
-
+ / elements=dictionary + + + +
P2P application packets.
+
application
string -
-
-
    Choices: -
  • all
  • -
  • applejuice
  • -
  • bittorrent
  • -
  • directconnect
  • -
  • edonkey
  • -
  • gnutella
  • -
  • kazaa
  • -
-
-
Name of the application.
-
+ + +
    Choices: +
  • all
  • +
  • applejuice
  • +
  • bittorrent
  • +
  • directconnect
  • +
  • edonkey
  • +
  • gnutella
  • +
  • kazaa
  • +
+
+
Name of the application.
+
protocol
string -
-
- -
Protocol to match (protocol name in /etc/protocols or protocol number or all).
-
<text> IP protocol name from /etc/protocols (e.g. "tcp" or "udp").
-
<0-255> IP protocol number.
-
tcp_udp Both TCP and UDP.
-
all All IP protocols.
-
(!)All IP protocols except for the specified name or number.
-
+ + + +
Protocol to match (protocol name in /etc/protocols or protocol number or all).
+
<text> IP protocol name from /etc/protocols (e.g. "tcp" or "udp").
+
<0-255> IP protocol number.
+
tcp_udp Both TCP and UDP.
+
all All IP protocols.
+
(!)All IP protocols except for the specified name or number.
+
recent
dictionary -
-
- -
Parameters for matching recently seen sources.
-
+ + + +
Parameters for matching recently seen sources.
+
count
integer -
-
- -
Source addresses seen more than N times.
-
+ + + +
Source addresses seen more than N times.
+
time
integer -
-
- -
Source addresses seen in the last N seconds.
-
+ + + +
Source addresses seen in the last N seconds.
+
source
dictionary -
-
- -
Source parameters.
-
+ + + +
Source parameters.
+
address
string -
-
- -
Source ip address subnet or range.
-
IPv4/6 address, subnet or range to match.
-
Match everything except the specified address, subnet or range.
-
Source ip address subnet or range.
-
+ + + +
Source ip address subnet or range.
+
IPv4/6 address, subnet or range to match.
+
Match everything except the specified address, subnet or range.
+
Source ip address subnet or range.
+
group
dictionary -
-
- -
Source group.
-
+ + + +
Source group.
+
address_group
string -
-
- -
Group of addresses.
-
+ + + +
Group of addresses.
+
network_group
string -
-
- -
Group of networks.
-
+ + + +
Group of networks.
+
port_group
string -
-
- -
Group of ports.
-
+ + + +
Group of ports.
+
mac_address
string -
-
- -
<MAC address> MAC address to match.
-
<!MAC address> Match everything except the specified MAC address.
-
+ + + +
<MAC address> MAC address to match.
+
<!MAC address> Match everything except the specified MAC address.
+
port
string -
-
- -
Multiple source ports can be specified as a comma-separated list.
-
The whole list can also be "negated" using '!'.
-
For example:'!22,telnet,http,123,1001-1005'.
-
+ + + +
Multiple source ports can be specified as a comma-separated list.
+
The whole list can also be "negated" using '!'.
+
For example:'!22,telnet,http,123,1001-1005'.
+
state
dictionary -
-
- -
Session state.
-
+ + + +
Session state.
+
established
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Established state.
-
+ + +
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Established state.
+
invalid
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Invalid state.
-
+ + +
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Invalid state.
+
new
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
New state.
-
+ + +
    Choices: +
  • no
  • +
  • yes
  • +
+
+
New state.
+
related
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Related state.
-
+ + +
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Related state.
+
tcp
dictionary -
-
- -
TCP flags to match.
-
+ + + +
TCP flags to match.
+
flags
string -
-
- -
TCP flags to be matched.
-
+ + + +
TCP flags to be matched.
+
time
dictionary -
-
- -
Time to match rule.
-
+ + + +
Time to match rule.
+
monthdays
string -
-
- -
Monthdays to match rule on.
-
+ + + +
Monthdays to match rule on.
+
startdate
string -
-
- -
Date to start matching rule.
-
+ + + +
Date to start matching rule.
+
starttime
string -
-
- -
Time of day to start matching rule.
-
+ + + +
Time of day to start matching rule.
+
stopdate
string -
-
- -
Date to stop matching rule.
-
+ + + +
Date to stop matching rule.
+
stoptime
string -
-
- -
Time of day to stop matching rule.
-
+ + + +
Time of day to stop matching rule.
+
utc
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Interpret times for startdate, stopdate, starttime and stoptime to be UTC.
-
+ + +
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Interpret times for startdate, stopdate, starttime and stoptime to be UTC.
+
weekdays
string -
-
- -
Weekdays to match rule on.
-
+ + + +
Weekdays to match rule on.
+
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep firewall.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep firewall.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • overridden
  • -
  • deleted
  • -
  • gathered
  • -
  • rendered
  • -
  • parsed
  • -
-
-
The state the configuration should be left in
-
+ + + +
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • overridden
  • +
  • deleted
  • +
  • gathered
  • +
  • rendered
  • +
  • parsed
  • +
+ + +
The state the configuration should be left in
+ + +
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using deleted to delete firewall rules based on rule-set name # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: config: - afi: ipv4 rule_sets: - name: Downlink state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # "commands": [ # "delete firewall name Downlink" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall group address-group 'inbound' # Using deleted to delete firewall rules based on afi # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: config: - afi: ipv4 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # "commands": [ # "delete firewall name" # ] # # "after": [] # After state # ------------ # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # Using deleted to delete all the the firewall rules when provided config is empty # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # "commands": [ # "delete firewall name" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall group address-group 'inbound' # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep firewall # set firewall group address-group 'inbound' # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_firewall_rules: config: - afi: ipv6 rule_sets: - name: UPLINK description: This is ipv6 specific rule-set default_action: accept rules: - number: 1 action: accept description: Fwipv6-Rule 1 is configured by Ansible ipsec: match-ipsec - number: 2 action: accept description: Fwipv6-Rule 2 is configured by Ansible ipsec: match-ipsec - afi: ipv4 rule_sets: - name: INBOUND description: IPv4 INBOUND rule set default_action: accept rules: - number: 101 action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec - number: 102 action: reject description: Rule 102 is configured by Ansible ipsec: match-ipsec - number: 103 action: accept description: Rule 103 is configured by Ansible destination: group: address_group: inbound source: address: 192.0.2.0 state: established: true new: false invalid: false related: true state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set firewall ipv6-name UPLINK default-action 'accept'", # "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", # "set firewall ipv6-name UPLINK rule 1 action 'accept'", # "set firewall ipv6-name UPLINK rule 1", # "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", # "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'", # "set firewall ipv6-name UPLINK rule 2 action 'accept'", # "set firewall ipv6-name UPLINK rule 2", # "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", # "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'", # "set firewall name INBOUND default-action 'accept'", # "set firewall name INBOUND description 'IPv4 INBOUND rule set'", # "set firewall name INBOUND rule 101 action 'accept'", # "set firewall name INBOUND rule 101", # "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", # "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 102 action 'reject'", # "set firewall name INBOUND rule 102", # "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", # "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", # "set firewall name INBOUND rule 103 destination group address-group inbound", # "set firewall name INBOUND rule 103", # "set firewall name INBOUND rule 103 source address 192.0.2.0", # "set firewall name INBOUND rule 103 state established enable", # "set firewall name INBOUND rule 103 state related enable", # "set firewall name INBOUND rule 103 state invalid disable", # "set firewall name INBOUND rule 103 state new disable", # "set firewall name INBOUND rule 103 action 'accept'" # ] # # "after": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # - name: Replace device configurations of listed firewall rules with provided configurations vyos.vyos.vyos_firewall_rules: config: - afi: ipv6 rule_sets: - name: UPLINK description: This is ipv6 specific rule-set default_action: accept - afi: ipv4 rule_sets: - name: INBOUND description: IPv4 INBOUND rule set default_action: accept rules: - number: 101 action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec - number: 104 action: reject description: Rule 104 is configured by Ansible ipsec: match-none state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # "commands": [ # "delete firewall ipv6-name UPLINK rule 1", # "delete firewall ipv6-name UPLINK rule 2", # "delete firewall name INBOUND rule 102", # "delete firewall name INBOUND rule 103", # "set firewall name INBOUND rule 104 action 'reject'", # "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", # "set firewall name INBOUND rule 104", # "set firewall name INBOUND rule 104 ipsec 'match-none'" # ] # # "after": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK" # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 104 is configured by Ansible", # "ipsec": "match-none", # "number": 104 # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 104 action 'reject' # set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' # set firewall name INBOUND rule 104 ipsec 'match-none' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 104 action 'reject' # set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' # set firewall name INBOUND rule 104 ipsec 'match-none' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_firewall_rules: config: - afi: ipv4 rule_sets: - name: Downlink description: IPv4 INBOUND rule set default_action: accept rules: - number: 501 action: accept description: Rule 501 is configured by Ansible ipsec: match-ipsec - number: 502 action: reject description: Rule 502 is configured by Ansible ipsec: match-ipsec state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK" # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 104 is configured by Ansible", # "ipsec": "match-none", # "number": 104 # } # ] # } # ] # } # ] # # "commands": [ # "delete firewall ipv6-name UPLINK", # "delete firewall name INBOUND", # "set firewall name Downlink default-action 'accept'", # "set firewall name Downlink description 'IPv4 INBOUND rule set'", # "set firewall name Downlink rule 501 action 'accept'", # "set firewall name Downlink rule 501", # "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'", # "set firewall name Downlink rule 501 ipsec 'match-ipsec'", # "set firewall name Downlink rule 502 action 'reject'", # "set firewall name Downlink rule 502", # "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", # "set firewall name Downlink rule 502 ipsec 'match-ipsec'" # # # "after": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # # # After state # ------------ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # Using gathered # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # - name: Gather listed firewall rules with provided configurations vyos.vyos.vyos_firewall_rules: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_rules: config: - afi: ipv6 rule_sets: - name: UPLINK description: This is ipv6 specific rule-set default_action: accept - afi: ipv4 rule_sets: - name: INBOUND description: IPv4 INBOUND rule set default_action: accept rules: - number: 101 action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec - number: 102 action: reject description: Rule 102 is configured by Ansible ipsec: match-ipsec - number: 103 action: accept description: Rule 103 is configured by Ansible destination: group: address_group: inbound source: address: 192.0.2.0 state: established: true new: false invalid: false related: true state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set firewall ipv6-name UPLINK default-action 'accept'", # "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", # "set firewall name INBOUND default-action 'accept'", # "set firewall name INBOUND description 'IPv4 INBOUND rule set'", # "set firewall name INBOUND rule 101 action 'accept'", # "set firewall name INBOUND rule 101", # "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", # "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 102 action 'reject'", # "set firewall name INBOUND rule 102", # "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", # "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", # "set firewall name INBOUND rule 103 destination group address-group inbound", # "set firewall name INBOUND rule 103", # "set firewall name INBOUND rule 103 source address 192.0.2.0", # "set firewall name INBOUND rule 103 state established enable", # "set firewall name INBOUND rule 103 state related enable", # "set firewall name INBOUND rule 103 state invalid disable", # "set firewall name INBOUND rule 103 state new disable", # "set firewall name INBOUND rule 103 action 'accept'" # ] # Using parsed # # - name: Parsed the provided input commands. vyos.vyos.vyos_firewall_rules: running_config: "set firewall group address-group 'inbound' set firewall name Downlink default-action 'accept' set firewall name Downlink description 'IPv4 INBOUND rule set' set firewall name Downlink rule 501 action 'accept' set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' set firewall name Downlink rule 501 ipsec 'match-ipsec' set firewall name Downlink rule 502 action 'reject' set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' set firewall name Downlink rule 502 ipsec 'match-ipsec'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
["set firewall name Downlink default-action 'accept'", "set firewall name Downlink description 'IPv4 INBOUND rule set'", "set firewall name Downlink rule 501 action 'accept'", "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", "set firewall name Downlink rule 502 ipsec 'match-ipsec'"]
+ -
Key Returned Description
+
after
list -
-
when changed -
The resulting configuration model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The resulting configuration model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration prior to the model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration prior to the model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
["set firewall name Downlink default-action 'accept'", "set firewall name Downlink description 'IPv4 INBOUND rule set'", "set firewall name Downlink rule 501 action 'accept'", "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", "set firewall name Downlink rule 502 ipsec 'match-ipsec'"]
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_interface_module.rst b/docs/vyos.vyos.vyos_interface_module.rst index c00b430..111ff31 100644 --- a/docs/vyos.vyos.vyos_interface_module.rst +++ b/docs/vyos.vyos.vyos_interface_module.rst @@ -1,684 +1,684 @@ .. _vyos.vyos.vyos_interface_module: ************************ vyos.vyos.vyos_interface ************************ **(deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_interfaces Synopsis -------- - This module provides declarative management of Interfaces on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + / required + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
aggregate
list - / elements=dictionary
-
- -
List of Interfaces definitions.
-
+ +
List of Interfaces definitions.
+
+
delay
integer -
-
- -
Time in seconds to wait before checking for the operational state on remote device. This wait is applicable for operational state argument which are state with values up/down and neighbors.
-
+ +
Time in seconds to wait before checking for the operational state on remote device. This wait is applicable for operational state argument which are state with values up/down and neighbors.
+
+
description
string -
-
- -
Description of Interface.
-
+ +
Description of Interface.
+
+
duplex
string -
-
-
    Choices: -
  • full
  • -
  • half
  • -
  • auto
  • -
-
-
Interface link status.
-
+
    Choices: +
  • full
  • +
  • half
  • +
  • auto
  • +
+
+
Interface link status.
+
+
enabled
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Interface link status.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Interface link status.
+
+
mtu
integer -
-
- -
Maximum size of transmit packet.
-
+ +
Maximum size of transmit packet.
+
+
name
string - / required
-
- -
Name of the Interface.
-
+ +
Name of the Interface.
+
+
neighbors
list - / elements=dictionary
-
- -
Check the operational state of given interface name for LLDP neighbor.
-
The following suboptions are available.
-
+ +
Check the operational state of given interface name for LLDP neighbor.
+
The following suboptions are available.
+
+
host
string -
-
- -
LLDP neighbor host for given interface name.
-
+ +
LLDP neighbor host for given interface name.
+
+
port
string -
-
- -
LLDP neighbor port to which given interface name is connected.
-
+ +
LLDP neighbor port to which given interface name is connected.
+
+ +
speed
string -
-
- -
Interface link speed.
-
+ +
Interface link speed.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
  • up
  • -
  • down
  • -
-
-
State of the Interface configuration, up means present and operationally up and down means present and operationally down
-
+
    Choices: +
  • present
  • +
  • absent
  • +
  • up
  • +
  • down
  • +
+
+
State of the Interface configuration, up means present and operationally up and down means present and operationally down
+
+ +
delay
integer -
-
- Default:
10
-
-
Time in seconds to wait before checking for the operational state on remote device. This wait is applicable for operational state argument which are state with values up/down and neighbors.
-
+ Default:
10
+
+
Time in seconds to wait before checking for the operational state on remote device. This wait is applicable for operational state argument which are state with values up/down and neighbors.
+
+
description
string -
-
- -
Description of Interface.
-
+ +
Description of Interface.
+
+
duplex
string -
-
-
    Choices: -
  • full
  • -
  • half
  • -
  • auto
  • -
-
-
Interface link status.
-
+
    Choices: +
  • full
  • +
  • half
  • +
  • auto
  • +
+
+
Interface link status.
+
+
enabled
boolean -
-
-
    Choices: -
  • no
  • -
  • yes ←
  • -
-
-
Interface link status.
-
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Interface link status.
+
+
mtu
integer -
-
- -
Maximum size of transmit packet.
-
+ +
Maximum size of transmit packet.
+
+
name
string -
-
- -
Name of the Interface.
-
+ +
Name of the Interface.
+
+
neighbors
list - / elements=dictionary
-
- -
Check the operational state of given interface name for LLDP neighbor.
-
The following suboptions are available.
-
+ +
Check the operational state of given interface name for LLDP neighbor.
+
The following suboptions are available.
+
+
host
string -
-
- -
LLDP neighbor host for given interface name.
-
+ +
LLDP neighbor host for given interface name.
+
+
port
string -
-
- -
LLDP neighbor port to which given interface name is connected.
-
+ +
LLDP neighbor port to which given interface name is connected.
+
+ +
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
speed
string -
-
- -
Interface link speed.
-
+ +
Interface link speed.
+
+
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
  • up
  • -
  • down
  • -
-
-
State of the Interface configuration, up means present and operationally up and down means present and operationally down
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
  • up
  • +
  • down
  • +
+
+
State of the Interface configuration, up means present and operationally up and down means present and operationally down
+
+
Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: configure interface vyos.vyos.vyos_interface: name: eth0 description: test-interface - name: remove interface vyos.vyos.vyos_interface: name: eth0 state: absent - name: make interface down vyos.vyos.vyos_interface: name: eth0 enabled: false - name: make interface up vyos.vyos.vyos_interface: name: eth0 enabled: true - name: Configure interface speed, mtu, duplex vyos.vyos.vyos_interface: name: eth5 state: present speed: 100 mtu: 256 duplex: full - name: Set interface using aggregate vyos.vyos.vyos_interface: aggregate: - {name: eth1, description: test-interface-1, speed: 100, duplex: half, mtu: 512} - {name: eth2, description: test-interface-2, speed: 1000, duplex: full, mtu: 256} - name: Disable interface on aggregate net_interface: aggregate: - name: eth1 - name: eth2 enabled: false - name: Delete interface using aggregate net_interface: aggregate: - name: eth1 - name: eth2 state: absent - name: Check lldp neighbors intent arguments vyos.vyos.vyos_interface: name: eth0 neighbors: - port: eth0 host: netdev - name: Config + intent vyos.vyos.vyos_interface: name: eth1 enabled: false state: down - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set interfaces ethernet eth0 description "test-interface"', 'set interfaces ethernet eth0 speed 100', 'set interfaces ethernet eth0 mtu 256', 'set interfaces ethernet eth0 duplex full']
+ -
Key Returned Description
+
commands
list -
-
always, except for the platforms that use Netconf transport to manage the device. -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set interfaces ethernet eth0 description "test-interface"', 'set interfaces ethernet eth0 speed 100', 'set interfaces ethernet eth0 mtu 256', 'set interfaces ethernet eth0 duplex full']
-
+

Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ganesh Nalawade (@ganeshrn) - - diff --git a/docs/vyos.vyos.vyos_interfaces_module.rst b/docs/vyos.vyos.vyos_interfaces_module.rst index 67c71de..5bf5d23 100644 --- a/docs/vyos.vyos.vyos_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_interfaces_module.rst @@ -1,1331 +1,1328 @@ .. _vyos.vyos.vyos_interfaces_module: ************************* vyos.vyos.vyos_interfaces ************************* **Interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages the interface attributes on VyOS network devices. - This module supports managing base attributes of Ethernet, Bonding, VXLAN, Loopback and Virtual Tunnel Interfaces. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + / required + + + + - - - + + - - + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
list - / elements=dictionary
-
- -
The provided interfaces configuration.
-
+ +
The provided interfaces configuration.
+
+
description
string -
-
- -
Interface description.
-
+ +
Interface description.
+
+
duplex
string -
-
-
    Choices: -
  • full
  • -
  • half
  • -
  • auto
  • -
-
-
Interface duplex mode.
-
Applicable for Ethernet interfaces only.
-
+
    Choices: +
  • full
  • +
  • half
  • +
  • auto
  • +
+
+
Interface duplex mode.
+
Applicable for Ethernet interfaces only.
+
+
enabled
boolean -
-
-
    Choices: -
  • no
  • -
  • yes ←
  • -
-
-
Administrative state of the interface.
-
Set the value to true to administratively enable the interface or false to disable it.
-
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Administrative state of the interface.
+
Set the value to true to administratively enable the interface or false to disable it.
+
+
mtu
integer -
-
- -
MTU for a specific interface. Refer to vendor documentation for valid values.
-
Applicable for Ethernet, Bonding, VXLAN and Virtual Tunnel interfaces.
-
+ +
MTU for a specific interface. Refer to vendor documentation for valid values.
+
Applicable for Ethernet, Bonding, VXLAN and Virtual Tunnel interfaces.
+
+
name
string - / required
-
- -
Full name of the interface, e.g. eth0, eth1, bond0, vti1, vxlan2.
-
+ +
Full name of the interface, e.g. eth0, eth1, bond0, vti1, vxlan2.
+
+
speed
string -
-
-
    Choices: -
  • auto
  • -
  • 10
  • -
  • 100
  • -
  • 1000
  • -
  • 2500
  • -
  • 10000
  • -
-
-
Interface link speed.
-
Applicable for Ethernet interfaces only.
-
+
    Choices: +
  • auto
  • +
  • 10
  • +
  • 100
  • +
  • 1000
  • +
  • 2500
  • +
  • 10000
  • +
+
+
Interface link speed.
+
Applicable for Ethernet interfaces only.
+
+
vifs
list - / elements=dictionary
-
- -
Virtual sub-interfaces related configuration.
-
802.1Q VLAN interfaces are represented as virtual sub-interfaces in VyOS.
-
+ +
Virtual sub-interfaces related configuration.
+
802.1Q VLAN interfaces are represented as virtual sub-interfaces in VyOS.
+
+
description
string -
-
- -
Virtual sub-interface description.
-
+ +
Virtual sub-interface description.
+
+
enabled
boolean -
-
-
    Choices: -
  • no
  • -
  • yes ←
  • -
-
-
Administrative state of the virtual sub-interface.
-
Set the value to true to administratively enable the interface or false to disable it.
-
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
Administrative state of the virtual sub-interface.
+
Set the value to true to administratively enable the interface or false to disable it.
+
+
mtu
integer -
-
- -
MTU for the virtual sub-interface.
-
Refer to vendor documentation for valid values.
-
+ +
MTU for the virtual sub-interface.
+
Refer to vendor documentation for valid values.
+
+
vlan_id
integer -
-
- -
Identifier for the virtual sub-interface.
-
+ +
Identifier for the virtual sub-interface.
+
+ + +
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep interfaces.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep interfaces.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • overridden
  • -
  • deleted
  • -
  • rendered
  • -
  • gathered
  • -
  • parsed
  • -
-
-
The state of the configuration after module completion.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • overridden
  • +
  • deleted
  • +
  • rendered
  • +
  • gathered
  • +
  • parsed
  • +
+
+
The state of the configuration after module completion.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # ------------- # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo - name: Merge provided configuration with device configuration vyos.vyos.vyos_interfaces: config: - name: eth2 description: Configured by Ansible enabled: true vifs: - vlan_id: 200 description: VIF 200 - ETH2 - name: eth3 description: Configured by Ansible mtu: 1500 - name: bond1 description: Bond - 1 mtu: 1200 - name: vti2 description: VTI - 2 enabled: false state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "enabled": true, # "name": "lo" # }, # { # "enabled": true, # "name": "eth3" # }, # { # "enabled": true, # "name": "eth2" # }, # { # "enabled": true, # "name": "eth1" # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "set interfaces ethernet eth2 description 'Configured by Ansible'", # "set interfaces ethernet eth2 vif 200", # "set interfaces ethernet eth2 vif 200 description 'VIF 200 - ETH2'", # "set interfaces ethernet eth3 description 'Configured by Ansible'", # "set interfaces ethernet eth3 mtu '1500'", # "set interfaces bonding bond1", # "set interfaces bonding bond1 description 'Bond - 1'", # "set interfaces bonding bond1 mtu '1200'", # "set interfaces vti vti2", # "set interfaces vti vti2 description 'VTI - 2'", # "set interfaces vti vti2 disable" # ] # # "after": [ # { # "description": "Bond - 1", # "enabled": true, # "mtu": 1200, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "VTI - 2", # "enabled": false, # "name": "vti2" # }, # { # "description": "Configured by Ansible", # "enabled": true, # "mtu": 1500, # "name": "eth3" # }, # { # "description": "Configured by Ansible", # "enabled": true, # "name": "eth2", # "vifs": [ # { # "description": "VIF 200 - ETH2", # "enabled": true, # "vlan_id": "200" # } # ] # }, # { # "enabled": true, # "name": "eth1" # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------- # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond1 description 'Bond - 1' # set interfaces bonding bond1 mtu '1200' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 vif 200 description 'VIF 200 - ETH2' # set interfaces ethernet eth3 description 'Configured by Ansible' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 mtu '1500' # set interfaces loopback lo # set interfaces vti vti2 description 'VTI - 2' # set interfaces vti vti2 disable # # Using replaced # # ------------- # Before state: # ------------- # # vyos:~$ show configuration commands | grep eth # set interfaces bonding bond1 description 'Bond - 1' # set interfaces bonding bond1 mtu '1400' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 description 'Management Interface for the Appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:f3:6c:b5' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible Eng Team' # set interfaces ethernet eth1 duplex 'full' # set interfaces ethernet eth1 hw-id '08:00:27:ad:ef:65' # set interfaces ethernet eth1 smp_affinity 'auto' # set interfaces ethernet eth1 speed '100' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 duplex 'full' # set interfaces ethernet eth2 hw-id '08:00:27:ab:4e:79' # set interfaces ethernet eth2 mtu '500' # set interfaces ethernet eth2 smp_affinity 'auto' # set interfaces ethernet eth2 speed '100' # set interfaces ethernet eth2 vif 200 description 'Configured by Ansible' # set interfaces ethernet eth3 description 'Configured by Ansible' # set interfaces ethernet eth3 duplex 'full' # set interfaces ethernet eth3 hw-id '08:00:27:17:3c:85' # set interfaces ethernet eth3 mtu '1500' # set interfaces ethernet eth3 smp_affinity 'auto' # set interfaces ethernet eth3 speed '100' # set interfaces loopback lo # # - name: Replace device configurations of listed interfaces with provided configurations vyos.vyos.vyos_interfaces: config: - name: eth2 description: Replaced by Ansible - name: eth3 description: Replaced by Ansible - name: eth1 description: Replaced by Ansible state: replaced # # # ----------------------- # Module Execution Result # ----------------------- # # "before": [ # { # "description": "Bond - 1", # "enabled": true, # "mtu": 1400, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "Configured by Ansible", # "duplex": "full", # "enabled": true, # "mtu": 1500, # "name": "eth3", # "speed": "100" # }, # { # "description": "Configured by Ansible", # "duplex": "full", # "enabled": true, # "mtu": 500, # "name": "eth2", # "speed": "100", # "vifs": [ # { # "description": "VIF 200 - ETH2", # "enabled": true, # "vlan_id": "200" # } # ] # }, # { # "description": "Configured by Ansible Eng Team", # "duplex": "full", # "enabled": true, # "name": "eth1", # "speed": "100" # }, # { # "description": "Management Interface for the Appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "delete interfaces ethernet eth2 speed", # "delete interfaces ethernet eth2 duplex", # "delete interfaces ethernet eth2 mtu", # "delete interfaces ethernet eth2 vif 200 description", # "set interfaces ethernet eth2 description 'Replaced by Ansible'", # "delete interfaces ethernet eth3 speed", # "delete interfaces ethernet eth3 duplex", # "delete interfaces ethernet eth3 mtu", # "set interfaces ethernet eth3 description 'Replaced by Ansible'", # "delete interfaces ethernet eth1 speed", # "delete interfaces ethernet eth1 duplex", # "set interfaces ethernet eth1 description 'Replaced by Ansible'" # ] # # "after": [ # { # "description": "Bond - 1", # "enabled": true, # "mtu": 1400, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "Replaced by Ansible", # "enabled": true, # "name": "eth3" # }, # { # "description": "Replaced by Ansible", # "enabled": true, # "name": "eth2", # "vifs": [ # { # "enabled": true, # "vlan_id": "200" # } # ] # }, # { # "description": "Replaced by Ansible", # "enabled": true, # "name": "eth1" # }, # { # "description": "Management Interface for the Appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------- # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond1 description 'Bond - 1' # set interfaces bonding bond1 mtu '1400' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Management Interface for the Appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Replaced by Ansible' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 description 'Replaced by Ansible' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 vif 200 # set interfaces ethernet eth3 description 'Replaced by Ansible' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo # # # Using overridden # # # -------------- # Before state # -------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Ethernet Interface - 0' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 mtu '1200' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible Eng Team' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 mtu '100' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth1 vif 100 description 'VIF 100 - ETH1' # set interfaces ethernet eth1 vif 100 disable # set interfaces ethernet eth2 description 'Configured by Ansible Team (Admin Down)' # set interfaces ethernet eth2 disable # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 mtu '600' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth3 description 'Configured by Ansible Network' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo # set interfaces vti vti1 description 'Virtual Tunnel Interface - 1' # set interfaces vti vti1 mtu '68' # # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_interfaces: config: - name: eth0 description: Outbound Interface For The Appliance speed: auto duplex: auto - name: eth2 speed: auto duplex: auto - name: eth3 mtu: 1200 state: overridden # # # ------------------------ # Module Execution Result # ------------------------ # # "before": [ # { # "enabled": true, # "name": "lo" # }, # { # "description": "Virtual Tunnel Interface - 1", # "enabled": true, # "mtu": 68, # "name": "vti1" # }, # { # "description": "Configured by Ansible Network", # "enabled": true, # "name": "eth3" # }, # { # "description": "Configured by Ansible Team (Admin Down)", # "enabled": false, # "mtu": 600, # "name": "eth2" # }, # { # "description": "Configured by Ansible Eng Team", # "enabled": true, # "mtu": 100, # "name": "eth1", # "vifs": [ # { # "description": "VIF 100 - ETH1", # "enabled": false, # "vlan_id": "100" # } # ] # }, # { # "description": "Ethernet Interface - 0", # "duplex": "auto", # "enabled": true, # "mtu": 1200, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "delete interfaces vti vti1 description", # "delete interfaces vti vti1 mtu", # "delete interfaces ethernet eth1 description", # "delete interfaces ethernet eth1 mtu", # "delete interfaces ethernet eth1 vif 100 description", # "delete interfaces ethernet eth1 vif 100 disable", # "delete interfaces ethernet eth0 mtu", # "set interfaces ethernet eth0 description 'Outbound Interface For The Appliance'", # "delete interfaces ethernet eth2 description", # "delete interfaces ethernet eth2 mtu", # "set interfaces ethernet eth2 duplex 'auto'", # "delete interfaces ethernet eth2 disable", # "set interfaces ethernet eth2 speed 'auto'", # "delete interfaces ethernet eth3 description", # "set interfaces ethernet eth3 mtu '1200'" # ], # # "after": [ # { # "enabled": true, # "name": "lo" # }, # { # "enabled": true, # "name": "vti1" # }, # { # "enabled": true, # "mtu": 1200, # "name": "eth3" # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth2", # "speed": "auto" # }, # { # "enabled": true, # "name": "eth1", # "vifs": [ # { # "enabled": true, # "vlan_id": "100" # } # ] # }, # { # "description": "Outbound Interface For The Appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------ # After state # ------------ # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Outbound Interface For The Appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth1 vif 100 # set interfaces ethernet eth2 duplex 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 speed 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 mtu '1200' # set interfaces loopback lo # set interfaces vti vti1 # # # Using deleted # # # ------------- # Before state # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond0 mtu '1300' # set interfaces bonding bond1 description 'LAG - 1' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Outbound Interface for this appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible Network' # set interfaces ethernet eth1 duplex 'full' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth1 speed '100' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 disable # set interfaces ethernet eth2 duplex 'full' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 mtu '600' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 speed '100' # set interfaces ethernet eth3 description 'Configured by Ansible Network' # set interfaces ethernet eth3 duplex 'full' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 speed '100' # set interfaces loopback lo # # - name: Delete attributes of given interfaces (Note - This won't delete the interfaces themselves) vyos.vyos.vyos_interfaces: config: - name: bond1 - name: eth1 - name: eth2 - name: eth3 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "enabled": true, # "mtu": 1300, # "name": "bond0" # }, # { # "description": "LAG - 1", # "enabled": true, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "Configured by Ansible Network", # "duplex": "full", # "enabled": true, # "name": "eth3", # "speed": "100" # }, # { # "description": "Configured by Ansible", # "duplex": "full", # "enabled": false, # "mtu": 600, # "name": "eth2", # "speed": "100" # }, # { # "description": "Configured by Ansible Network", # "duplex": "full", # "enabled": true, # "name": "eth1", # "speed": "100" # }, # { # "description": "Outbound Interface for this appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "delete interfaces bonding bond1 description", # "delete interfaces ethernet eth1 speed", # "delete interfaces ethernet eth1 duplex", # "delete interfaces ethernet eth1 description", # "delete interfaces ethernet eth2 speed", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth2 duplex", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth2 description", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth2 mtu", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth3 speed", # "delete interfaces ethernet eth3 duplex", # "delete interfaces ethernet eth3 description" # ] # # "after": [ # { # "enabled": true, # "mtu": 1300, # "name": "bond0" # }, # { # "enabled": true, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "enabled": true, # "name": "eth3" # }, # { # "enabled": true, # "name": "eth2" # }, # { # "enabled": true, # "name": "eth1" # }, # { # "description": "Outbound Interface for this appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------ # After state # ------------ # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond0 mtu '1300' # set interfaces bonding bond1 # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Outbound Interface for this appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo # # # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible' # set interfaces ethernet eth1 duplex 'auto' # set interfaces ethernet eth1 mtu '1500' # set interfaces ethernet eth1 speed 'auto' # set interfaces ethernet eth1 vif 200 description 'VIF - 200' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 duplex 'auto' # set interfaces ethernet eth2 mtu '1500' # set interfaces ethernet eth2 speed 'auto' # set interfaces ethernet eth2 vif 200 description 'VIF - 200' # - name: Gather listed interfaces with provided configurations vyos.vyos.vyos_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth2", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth1", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # After state: # ------------- # # vyos@192# run show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible' # set interfaces ethernet eth1 duplex 'auto' # set interfaces ethernet eth1 mtu '1500' # set interfaces ethernet eth1 speed 'auto' # set interfaces ethernet eth1 vif 200 description 'VIF - 200' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 duplex 'auto' # set interfaces ethernet eth2 mtu '1500' # set interfaces ethernet eth2 speed 'auto' # set interfaces ethernet eth2 vif 200 description 'VIF - 200' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_interfaces: config: - name: eth0 enabled: true duplex: auto speed: auto - name: eth1 description: Configured by Ansible - Interface 1 mtu: 1500 speed: auto duplex: auto enabled: true vifs: - vlan_id: 100 description: Eth1 - VIF 100 mtu: 400 enabled: true - vlan_id: 101 description: Eth1 - VIF 101 enabled: true - name: eth2 description: Configured by Ansible - Interface 2 (ADMIN DOWN) mtu: 600 enabled: false state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces ethernet eth0 duplex 'auto'", # "set interfaces ethernet eth0 speed 'auto'", # "delete interfaces ethernet eth0 disable", # "set interfaces ethernet eth1 duplex 'auto'", # "delete interfaces ethernet eth1 disable", # "set interfaces ethernet eth1 speed 'auto'", # "set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1'", # "set interfaces ethernet eth1 mtu '1500'", # "set interfaces ethernet eth1 vif 100 description 'Eth1 - VIF 100'", # "set interfaces ethernet eth1 vif 100 mtu '400'", # "set interfaces ethernet eth1 vif 101 description 'Eth1 - VIF 101'", # "set interfaces ethernet eth2 disable", # "set interfaces ethernet eth2 description 'Configured by Ansible - Interface 2 (ADMIN DOWN)'", # "set interfaces ethernet eth2 mtu '600'" # ] # Using parsed # # - name: Parse the configuration. vyos.vyos.vyos_interfaces: running_config: "set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' set interfaces ethernet eth0 smp_affinity 'auto' set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth1 description 'Configured by Ansible' set interfaces ethernet eth1 duplex 'auto' set interfaces ethernet eth1 mtu '1500' set interfaces ethernet eth1 speed 'auto' set interfaces ethernet eth1 vif 200 description 'VIF - 200' set interfaces ethernet eth2 description 'Configured by Ansible' set interfaces ethernet eth2 duplex 'auto' set interfaces ethernet eth2 mtu '1500' set interfaces ethernet eth2 speed 'auto' set interfaces ethernet eth2 vif 200 description 'VIF - 200'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth2", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth1", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set interfaces ethernet eth1 mtu 1200', 'set interfaces ethernet eth2 vif 100 description VIF 100']
+ -
Key Returned Description
+
after
list -
-
when changed -
The configuration as structured data after module completion.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration as structured data prior to module invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
['set interfaces ethernet eth1 mtu 1200', 'set interfaces ethernet eth2 vif 100 description VIF 100']
-
+

Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@nilashishc) - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_l3_interface_module.rst b/docs/vyos.vyos.vyos_l3_interface_module.rst index 8745ffd..a8fe604 100644 --- a/docs/vyos.vyos.vyos_l3_interface_module.rst +++ b/docs/vyos.vyos.vyos_l3_interface_module.rst @@ -1,398 +1,396 @@ .. _vyos.vyos.vyos_l3_interface_module: *************************** vyos.vyos.vyos_l3_interface *************************** **(deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_l3_interfaces Synopsis -------- - This module provides declarative management of L3 interfaces on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + / required + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
aggregate
list - / elements=dictionary
-
- -
List of L3 interfaces definitions
-
+ +
List of L3 interfaces definitions
+
+
ipv4
string -
-
- -
IPv4 of the L3 interface.
-
+ +
IPv4 of the L3 interface.
+
+
ipv6
string -
-
- -
IPv6 of the L3 interface.
-
+ +
IPv6 of the L3 interface.
+
+
name
string - / required
-
- -
Name of the L3 interface.
-
+ +
Name of the L3 interface.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
-
-
State of the L3 interface configuration.
-
+
    Choices: +
  • present
  • +
  • absent
  • +
+
+
State of the L3 interface configuration.
+
+ +
ipv4
string -
-
- -
IPv4 of the L3 interface.
-
+ +
IPv4 of the L3 interface.
+
+
ipv6
string -
-
- -
IPv6 of the L3 interface.
-
+ +
IPv6 of the L3 interface.
+
+
name
string -
-
- -
Name of the L3 interface.
-
+ +
Name of the L3 interface.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
-
-
State of the L3 interface configuration.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
State of the L3 interface configuration.
+
+
Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: Set eth0 IPv4 address vyos.vyos.vyos_l3_interface: name: eth0 ipv4: 192.168.0.1/24 - name: Remove eth0 IPv4 address vyos.vyos.vyos_l3_interface: name: eth0 state: absent - name: Set IP addresses on aggregate vyos.vyos.vyos_l3_interface: aggregate: - {name: eth1, ipv4: 192.168.2.10/24} - {name: eth2, ipv4: 192.168.3.10/24, ipv6: fd5d:12c9:2201:1::1/64} - name: Remove IP addresses on aggregate vyos.vyos.vyos_l3_interface: aggregate: - {name: eth1, ipv4: 192.168.2.10/24} - {name: eth2, ipv4: 192.168.3.10/24, ipv6: fd5d:12c9:2201:1::1/64} state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
["set interfaces ethernet eth0 address '192.168.0.1/24'"]
+ -
Key Returned Description
+
commands
list -
-
always, except for the platforms that use Netconf transport to manage the device. -
The list of configuration mode commands to send to the device
-
-
Sample:
-
["set interfaces ethernet eth0 address '192.168.0.1/24'"]
-
+

Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) - - diff --git a/docs/vyos.vyos.vyos_l3_interfaces_module.rst b/docs/vyos.vyos.vyos_l3_interfaces_module.rst index 106c90d..38dd3e9 100644 --- a/docs/vyos.vyos.vyos_l3_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_l3_interfaces_module.rst @@ -1,770 +1,771 @@ .. _vyos.vyos.vyos_l3_interfaces_module: **************************** vyos.vyos.vyos_l3_interfaces **************************** **L3 interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages the L3 interface attributes on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + - - + / required + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + + + + - - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + + + + - - - - - + + + - - + + + + - - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
list - / elements=dictionary
-
- -
The provided L3 interfaces configuration.
-
+ +
The provided L3 interfaces configuration.
+
+
ipv4
list - / elements=dictionary
-
- -
List of IPv4 addresses of the interface.
-
+ +
List of IPv4 addresses of the interface.
+
+
address
string -
-
- -
IPv4 address of the interface.
-
+ +
IPv4 address of the interface.
+
+ +
ipv6
list - / elements=dictionary
-
- -
List of IPv6 addresses of the interface.
-
+ +
List of IPv6 addresses of the interface.
+
+
address
string -
-
- -
IPv6 address of the interface.
-
+ +
IPv6 address of the interface.
+
+ +
name
string - / required
-
- -
Full name of the interface, e.g. eth0, eth1.
-
+ +
Full name of the interface, e.g. eth0, eth1.
+
+
vifs
list - / elements=dictionary
-
- -
Virtual sub-interfaces L3 configurations.
-
+ +
Virtual sub-interfaces L3 configurations.
+
+
ipv4
list - / elements=dictionary
-
- -
List of IPv4 addresses of the virtual interface.
-
+ +
List of IPv4 addresses of the virtual interface.
+
+
address
string -
-
- -
IPv4 address of the virtual interface.
-
+ +
IPv4 address of the virtual interface.
+
+ +
ipv6
list - / elements=dictionary
-
- -
List of IPv6 addresses of the virtual interface.
-
+ +
List of IPv6 addresses of the virtual interface.
+
+
address
string -
-
- -
IPv6 address of the virtual interface.
-
+ +
IPv6 address of the virtual interface.
+
+ +
vlan_id
integer -
-
- -
Identifier for the virtual sub-interface.
-
+ +
Identifier for the virtual sub-interface.
+
+ + +
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep -e eth[2,3].
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep -e eth[2,3].
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • overridden
  • -
  • deleted
  • -
  • parsed
  • -
  • gathered
  • -
  • rendered
  • -
-
-
The state of the configuration after module completion.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • overridden
  • +
  • deleted
  • +
  • parsed
  • +
  • gathered
  • +
  • rendered
  • +
+
+
The state of the configuration after module completion.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3] # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 # set interfaces ethernet eth3 vif 102 - name: Merge provided configuration with device configuration vyos.vyos.vyos_l3_interfaces: config: - name: eth2 ipv4: - address: 192.0.2.10/28 - address: 198.51.100.40/27 ipv6: - address: 2001:db8:100::2/32 - address: 2001:db8:400::10/32 - name: eth3 ipv4: - address: 203.0.113.65/26 vifs: - vlan_id: 101 ipv4: - address: 192.0.2.71/28 - address: 198.51.100.131/25 - vlan_id: 102 ipv6: - address: 2001:db8:1000::5/38 - address: 2001:db8:1400::3/38 state: merged # After state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3] # set interfaces ethernet eth2 address '192.0.2.10/28' # set interfaces ethernet eth2 address '198.51.100.40/27' # set interfaces ethernet eth2 address '2001:db8:100::2/32' # set interfaces ethernet eth2 address '2001:db8:400::10/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '203.0.113.65/26' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '192.0.2.71/28' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:1000::5/38' # set interfaces ethernet eth3 vif 102 address '2001:db8:1400::3/38' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' # Using replaced # # Before state: # ------------- # # vyos:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::11/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '198.51.100.10/24' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '198.51.100.130/25' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' # - name: Replace device configurations of listed interfaces with provided configurations vyos.vyos.vyos_l3_interfaces: config: - name: eth2 ipv4: - address: 192.0.2.10/24 - name: eth3 ipv6: - address: 2001:db8::11/32 state: replaced # After state: # ------------- # # vyos:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 address '2001:db8::11/32' # set interfaces ethernet eth3 vif 101 # set interfaces ethernet eth3 vif 102 # Using overridden # # Before state # -------------- # # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::11/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '198.51.100.10/24' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '198.51.100.130/25' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_l3_interfaces: config: - name: eth0 ipv4: - address: dhcp ipv6: - address: dhcpv6 state: overridden # After state # ------------ # # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 # set interfaces ethernet eth3 vif 102 # Using deleted # # Before state # ------------- # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::11/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '198.51.100.10/24' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '198.51.100.130/25' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' - name: Delete L3 attributes of given interfaces (Note - This won't delete the interface itself) vyos.vyos.vyos_l3_interfaces: config: - name: eth1 - name: eth2 - name: eth3 state: deleted # After state # ------------ # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:f3:6c:b5' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ad:ef:65' # set interfaces ethernet eth1 smp_affinity 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:ab:4e:79' # set interfaces ethernet eth2 smp_affinity 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:17:3c:85' # set interfaces ethernet eth3 smp_affinity 'auto' # Using gathered # # Before state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3,0] # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::12/32' # - name: Gather listed l3 interfaces with provided configurations vyos.vyos.vyos_l3_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "ipv4": [ # { # "address": "192.0.2.11/24" # }, # { # "address": "192.0.2.10/24" # } # ], # "ipv6": [ # { # "address": "2001:db8::10/32" # }, # { # "address": "2001:db8::12/32" # } # ], # "name": "eth2" # }, # { # "ipv4": [ # { # "address": "192.0.2.14/24" # } # ], # "name": "eth1" # }, # { # "ipv4": [ # { # "address": "dhcp" # } # ], # "name": "eth0" # } # ] # # # After state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3] # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::12/32' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_l3_interfaces: config: - name: eth1 ipv4: - address: 192.0.2.14/24 - name: eth2 ipv4: - address: 192.0.2.10/24 - address: 192.0.2.11/24 ipv6: - address: 2001:db8::10/32 - address: 2001:db8::12/32 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces ethernet eth1 address '192.0.2.14/24'", # "set interfaces ethernet eth2 address '192.0.2.11/24'", # "set interfaces ethernet eth2 address '192.0.2.10/24'", # "set interfaces ethernet eth2 address '2001:db8::10/32'", # "set interfaces ethernet eth2 address '2001:db8::12/32'" # ] # Using parsed # # - name: parse the provided running configuration vyos.vyos.vyos_l3_interfaces: running_config: "set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth1 address '192.0.2.14/24' set interfaces ethernet eth2 address '192.0.2.10/24' set interfaces ethernet eth2 address '192.0.2.11/24' set interfaces ethernet eth2 address '2001:db8::10/32' set interfaces ethernet eth2 address '2001:db8::12/32'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "ipv4": [ # { # "address": "192.0.2.10/24" # }, # { # "address": "192.0.2.11/24" # } # ], # "ipv6": [ # { # "address": "2001:db8::10/32" # }, # { # "address": "2001:db8::12/32" # } # ], # "name": "eth2" # }, # { # "ipv4": [ # { # "address": "192.0.2.14/24" # } # ], # "name": "eth1" # }, # { # "ipv4": [ # { # "address": "dhcp" # } # ], # "name": "eth0" # } # ] - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set interfaces ethernet eth1 192.0.2.14/2', 'set interfaces ethernet eth3 vif 101 address 198.51.100.130/25']
+ -
Key Returned Description
+
after
list -
-
when changed -
The configuration as structured data after module completion.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration as structured data prior to module invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
['set interfaces ethernet eth1 192.0.2.14/2', 'set interfaces ethernet eth3 vif 101 address 198.51.100.130/25']
-
+

Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@NilashishC) - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_lag_interfaces_module.rst b/docs/vyos.vyos.vyos_lag_interfaces_module.rst index b09a846..153e20e 100644 --- a/docs/vyos.vyos.vyos_lag_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_lag_interfaces_module.rst @@ -1,949 +1,947 @@ .. _vyos.vyos.vyos_lag_interfaces_module: ***************************** vyos.vyos.vyos_lag_interfaces ***************************** **LAG interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages attributes of link aggregation groups on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + / elements=string + + + + - - - - + + - - + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + - - + + + + - - - + + - - + / required + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
list - / elements=dictionary
-
- -
A list of link aggregation group configurations.
-
+ +
A list of link aggregation group configurations.
+
+
arp_monitor
dictionary -
-
- -
ARP Link monitoring parameters.
-
+ +
ARP Link monitoring parameters.
+
+
interval
integer -
-
- -
ARP link monitoring frequency in milliseconds.
-
+ +
ARP link monitoring frequency in milliseconds.
+
+
target
list - / elements=string
-
- -
IP address to use for ARP monitoring.
-
+ +
IP address to use for ARP monitoring.
+
+ +
hash_policy
string -
-
-
    Choices: -
  • layer2
  • -
  • layer2+3
  • -
  • layer3+4
  • -
-
-
LAG or bonding transmit hash policy.
-
+
    Choices: +
  • layer2
  • +
  • layer2+3
  • +
  • layer3+4
  • +
+
+
LAG or bonding transmit hash policy.
+
+
members
list - / elements=dictionary
-
- -
List of member interfaces for the LAG (bond).
-
+ +
List of member interfaces for the LAG (bond).
+
+
member
string -
-
- -
Name of the member interface.
-
+ +
Name of the member interface.
+
+ +
mode
string -
-
-
    Choices: -
  • 802.3ad
  • -
  • active-backup
  • -
  • broadcast
  • -
  • round-robin
  • -
  • transmit-load-balance
  • -
  • adaptive-load-balance
  • -
  • xor-hash
  • -
-
-
LAG or bond mode.
-
+
    Choices: +
  • 802.3ad
  • +
  • active-backup
  • +
  • broadcast
  • +
  • round-robin
  • +
  • transmit-load-balance
  • +
  • adaptive-load-balance
  • +
  • xor-hash
  • +
+
+
LAG or bond mode.
+
+
name
string - / required
-
- -
Name of the link aggregation group (LAG) or bond.
-
+ +
Name of the link aggregation group (LAG) or bond.
+
+
primary
string -
-
- -
Primary device interfaces for the LAG (bond).
-
+ +
Primary device interfaces for the LAG (bond).
+
+ +
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep bond.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep bond.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • overridden
  • -
  • deleted
  • -
  • parsed
  • -
  • gathered
  • -
  • rendered
  • -
-
-
The state of the configuration after module completion.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • overridden
  • +
  • deleted
  • +
  • parsed
  • +
  • gathered
  • +
  • rendered
  • +
+
+
The state of the configuration after module completion.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 # set interfaces bonding bond3 # - name: Merge provided configuration with device configuration vyos.vyos.vyos_lag_interfaces: config: - name: bond2 mode: active-backup members: - member: eth2 - member: eth1 hash_policy: layer2 primary: eth2 - name: bond3 mode: active-backup hash_policy: layer2+3 members: - member: eth3 primary: eth3 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "name": "bond2" # }, # { # "name": "bond3" # } # ], # # "commands": [ # "set interfaces bonding bond2 hash-policy 'layer2'", # "set interfaces bonding bond2 mode 'active-backup'", # "set interfaces ethernet eth2 bond-group bond2", # "set interfaces ethernet eth1 bond-group bond2", # "set interfaces bonding bond2 primary 'eth2'", # "set interfaces bonding bond3 hash-policy 'layer2+3'", # "set interfaces bonding bond3 mode 'active-backup'", # "set interfaces ethernet eth3 bond-group bond3", # "set interfaces bonding bond3 primary 'eth3'" # ] # # "after": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2+3' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2+3' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # - name: Replace device configurations of listed LAGs with provided configurations vyos.vyos.vyos_lag_interfaces: config: - name: bond3 mode: 802.3ad hash_policy: layer2 members: - member: eth3 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ], # # "commands": [ # "delete interfaces bonding bond3 primary", # "set interfaces bonding bond3 hash-policy 'layer2'", # "set interfaces bonding bond3 mode '802.3ad'" # ], # # "after": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth3" # } # ], # "mode": "802.3ad", # "name": "bond3" # } # ], # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2' # set interfaces bonding bond3 mode '802.3ad' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2' # set interfaces bonding bond3 mode '802.3ad' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_lag_interfaces: config: - name: bond3 mode: active-backup members: - member: eth1 - member: eth2 - member: eth3 primary: eth3 hash_policy: layer2 state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth3" # } # ], # "mode": "802.3ad", # "name": "bond3" # } # ], # # "commands": [ # "delete interfaces bonding bond2 hash-policy", # "delete interfaces ethernet eth1 bond-group bond2", # "delete interfaces ethernet eth2 bond-group bond2", # "delete interfaces bonding bond2 mode", # "delete interfaces bonding bond2 primary", # "set interfaces bonding bond3 mode 'active-backup'", # "set interfaces ethernet eth1 bond-group bond3", # "set interfaces ethernet eth2 bond-group bond3", # "set interfaces bonding bond3 primary 'eth3'" # ], # # "after": [ # { # "name": "bond2" # }, # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # }, # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ], # # # After state # ------------ # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 # set interfaces bonding bond3 hash-policy 'layer2' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond3' # set interfaces ethernet eth2 bond-group 'bond3' # set interfaces ethernet eth3 bond-group 'bond3' # Using deleted # # Before state # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2+3' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # - name: Delete LAG attributes of given interfaces (Note This won't delete the interface itself) vyos.vyos.vyos_lag_interfaces: config: - name: bond2 - name: bond3 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ], # "commands": [ # "delete interfaces bonding bond2 hash-policy", # "delete interfaces ethernet eth1 bond-group bond2", # "delete interfaces ethernet eth2 bond-group bond2", # "delete interfaces bonding bond2 mode", # "delete interfaces bonding bond2 primary", # "delete interfaces bonding bond3 hash-policy", # "delete interfaces ethernet eth3 bond-group bond3", # "delete interfaces bonding bond3 mode", # "delete interfaces bonding bond3 primary" # ], # # "after": [ # { # "name": "bond2" # }, # { # "name": "bond3" # } # ], # # After state # ------------ # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 # set interfaces bonding bond3 # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep bond # set interfaces bonding bond0 hash-policy 'layer2' # set interfaces bonding bond0 mode 'active-backup' # set interfaces bonding bond0 primary 'eth1' # set interfaces bonding bond1 hash-policy 'layer2+3' # set interfaces bonding bond1 mode 'active-backup' # set interfaces bonding bond1 primary 'eth2' # set interfaces ethernet eth1 bond-group 'bond0' # set interfaces ethernet eth2 bond-group 'bond1' # - name: Gather listed lag interfaces with provided configurations vyos.vyos.vyos_lag_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # # After state: # ------------- # # vyos@192# run show configuration commands | grep bond # set interfaces bonding bond0 hash-policy 'layer2' # set interfaces bonding bond0 mode 'active-backup' # set interfaces bonding bond0 primary 'eth1' # set interfaces bonding bond1 hash-policy 'layer2+3' # set interfaces bonding bond1 mode 'active-backup' # set interfaces bonding bond1 primary 'eth2' # set interfaces ethernet eth1 bond-group 'bond0' # set interfaces ethernet eth2 bond-group 'bond1' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_lag_interfaces: config: - name: bond0 hash_policy: layer2 members: - member: eth1 mode: active-backup primary: eth1 - name: bond1 hash_policy: layer2+3 members: - member: eth2 mode: active-backup primary: eth2 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces bonding bond0 hash-policy 'layer2'", # "set interfaces ethernet eth1 bond-group 'bond0'", # "set interfaces bonding bond0 mode 'active-backup'", # "set interfaces bonding bond0 primary 'eth1'", # "set interfaces bonding bond1 hash-policy 'layer2+3'", # "set interfaces ethernet eth2 bond-group 'bond1'", # "set interfaces bonding bond1 mode 'active-backup'", # "set interfaces bonding bond1 primary 'eth2'" # ] # Using parsed # # - name: Parsed the commands for provided configuration vyos.vyos.vyos_l3_interfaces: running_config: "set interfaces bonding bond0 hash-policy 'layer2' set interfaces bonding bond0 mode 'active-backup' set interfaces bonding bond0 primary 'eth1' set interfaces bonding bond1 hash-policy 'layer2+3' set interfaces bonding bond1 mode 'active-backup' set interfaces bonding bond1 primary 'eth2' set interfaces ethernet eth1 bond-group 'bond0' set interfaces ethernet eth2 bond-group 'bond1'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # } # ], # "mode": "active-backup", # "name": "bond0", # "primary": "eth1" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond1", # "primary": "eth2" # } # ] - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set interfaces bonding bond2', 'set interfaces bonding bond2 hash-policy layer2']
+ -
Key Returned Description
+
after
list -
-
when changed -
The configuration as structured data after module completion.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration as structured data prior to module invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
['set interfaces bonding bond2', 'set interfaces bonding bond2 hash-policy layer2']
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_linkagg_module.rst b/docs/vyos.vyos.vyos_linkagg_module.rst index 471de9b..ae7eea7 100644 --- a/docs/vyos.vyos.vyos_linkagg_module.rst +++ b/docs/vyos.vyos.vyos_linkagg_module.rst @@ -1,424 +1,424 @@ .. _vyos.vyos.vyos_linkagg_module: ********************** vyos.vyos.vyos_linkagg ********************** **(deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_lag_interfaces Synopsis -------- - This module provides declarative management of link aggregation groups on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + / elements=string + + + + - - - + + - - + + + + - - - + + - - + / required + + + + - - - + + - - + + + + - - - + - - + / elements=string + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
aggregate
list - / elements=dictionary
-
- -
List of link aggregation definitions.
-
+ +
List of link aggregation definitions.
+
+
members
list - / elements=string
-
- -
List of members of the link aggregation group.
-
+ +
List of members of the link aggregation group.
+
+
mode
string -
-
-
    Choices: -
  • 802.3ad
  • -
  • active-backup
  • -
  • broadcast
  • -
  • round-robin
  • -
  • transmit-load-balance
  • -
  • adaptive-load-balance
  • -
  • xor-hash
  • -
  • on
  • -
-
-
Mode of the link aggregation group.
-
+
    Choices: +
  • 802.3ad
  • +
  • active-backup
  • +
  • broadcast
  • +
  • round-robin
  • +
  • transmit-load-balance
  • +
  • adaptive-load-balance
  • +
  • xor-hash
  • +
  • on
  • +
+
+
Mode of the link aggregation group.
+
+
name
string - / required
-
- -
Name of the link aggregation group.
-
+ +
Name of the link aggregation group.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
  • up
  • -
  • down
  • -
-
-
State of the link aggregation group.
-
+
    Choices: +
  • present
  • +
  • absent
  • +
  • up
  • +
  • down
  • +
+
+
State of the link aggregation group.
+
+ +
members
list - / elements=string
-
- -
List of members of the link aggregation group.
-
+ +
List of members of the link aggregation group.
+
+
mode
string -
-
-
    Choices: -
  • 802.3ad ←
  • -
  • active-backup
  • -
  • broadcast
  • -
  • round-robin
  • -
  • transmit-load-balance
  • -
  • adaptive-load-balance
  • -
  • xor-hash
  • -
  • on
  • -
-
-
Mode of the link aggregation group.
-
+
    Choices: +
  • 802.3ad ←
  • +
  • active-backup
  • +
  • broadcast
  • +
  • round-robin
  • +
  • transmit-load-balance
  • +
  • adaptive-load-balance
  • +
  • xor-hash
  • +
  • on
  • +
+
+
Mode of the link aggregation group.
+
+
name
string -
-
- -
Name of the link aggregation group.
-
+ +
Name of the link aggregation group.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
  • up
  • -
  • down
  • -
-
-
State of the link aggregation group.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
  • up
  • +
  • down
  • +
+
+
State of the link aggregation group.
+
+
Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: configure link aggregation group vyos.vyos.vyos_linkagg: name: bond0 members: - eth0 - eth1 - name: remove configuration vyos.vyos.vyos_linkagg: name: bond0 state: absent - name: Create aggregate of linkagg definitions vyos.vyos.vyos_linkagg: aggregate: - {name: bond0, members: [eth1]} - {name: bond1, members: [eth2]} - name: Remove aggregate of linkagg definitions vyos.vyos.vyos_linkagg: aggregate: - name: bond0 - name: bond1 state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set interfaces bonding bond0', "set interfaces ethernet eth0 bond-group 'bond0'", "set interfaces ethernet eth1 bond-group 'bond0'"]
+ -
Key Returned Description
+
commands
list -
-
always, except for the platforms that use Netconf transport to manage the device. -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set interfaces bonding bond0', "set interfaces ethernet eth0 bond-group 'bond0'", "set interfaces ethernet eth1 bond-group 'bond0'"]
-
+

Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) - - diff --git a/docs/vyos.vyos.vyos_lldp_global_module.rst b/docs/vyos.vyos.vyos_lldp_global_module.rst index bf803ff..9224421 100644 --- a/docs/vyos.vyos.vyos_lldp_global_module.rst +++ b/docs/vyos.vyos.vyos_lldp_global_module.rst @@ -1,614 +1,609 @@ .. _vyos.vyos.vyos_lldp_global_module: ************************** vyos.vyos.vyos_lldp_global ************************** **LLDP global resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages link layer discovery protocol (LLDP) attributes on VyOS devices. Parameters ---------- .. raw:: html - + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + / elements=string + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
dictionary -
-
- -
The provided link layer discovery protocol (LLDP) configuration.
-
+ +
The provided link layer discovery protocol (LLDP) configuration.
+
+
address
string -
-
- -
This argument defines management-address.
-
+ +
This argument defines management-address.
+
+
enable
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
This argument is a boolean value to enable or disable LLDP.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
This argument is a boolean value to enable or disable LLDP.
+
+
legacy_protocols
list - / elements=string
-
-
    Choices: -
  • cdp
  • -
  • edp
  • -
  • fdp
  • -
  • sonmp
  • -
-
-
List of the supported legacy protocols.
-
+
    Choices: +
  • cdp
  • +
  • edp
  • +
  • fdp
  • +
  • sonmp
  • +
+
+
List of the supported legacy protocols.
+
+
snmp
string -
-
- -
This argument enable the SNMP queries to LLDP database.
-
+ +
This argument enable the SNMP queries to LLDP database.
+
+ +
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep lldp.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep lldp.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • deleted
  • -
  • gathered
  • -
  • rendered
  • -
  • parsed
  • -
-
-
The state of the configuration after module completion.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • deleted
  • +
  • gathered
  • +
  • rendered
  • +
  • parsed
  • +
+
+
The state of the configuration after module completion.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands|grep lldp # - name: Merge provided configuration with device configuration vyos.vyos.vyos_lldp_global: config: legacy_protocols: - fdp - cdp snmp: enable address: 192.0.2.11 state: merged # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [] # # "commands": [ # "set service lldp legacy-protocols fdp", # "set service lldp legacy-protocols cdp", # "set service lldp snmp enable", # "set service lldp management-address '192.0.2.11'" # ] # # "after": [ # { # "snmp": "enable" # }, # { # "address": "192.0.2.11" # }, # { # "legacy_protocols": [ # "cdp", # "fdp" # ] # } # { # "enable": true # } # ] # # After state: # ------------- # # set service lldp legacy-protocols cdp # set service lldp legacy-protocols fdp # set service lldp management-address '192.0.2.11' # set service lldp snmp enable # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp legacy-protocols cdp # set service lldp legacy-protocols fdp # set service lldp management-address '192.0.2.11' # set service lldp snmp enable # - name: Replace device configurations with provided configurations vyos.vyos.vyos_lldp_global: config: legacy_protocols: - edp - sonmp - cdp address: 192.0.2.14 state: replaced # # # ------------------------ # Module Execution Results # ------------------------ # # # "before": [ # { # "snmp": "enable" # }, # { # "address": "192.0.2.11" # }, # { # "legacy_protocols": [ # "cdp", # "fdp" # ] # } # { # "enable": true # } # ] # "commands": [ # "delete service lldp snmp", # "delete service lldp legacy-protocols fdp", # "set service lldp management-address '192.0.2.14'", # "set service lldp legacy-protocols edp", # "set service lldp legacy-protocols sonmp" # ] # # "after": [ # { # "address": "192.0.2.14" # }, # { # "legacy_protocols": [ # "cdp", # "edp", # "sonmp" # ] # } # { # "enable": true # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands|grep lldp # set service lldp legacy-protocols cdp # set service lldp legacy-protocols edp # set service lldp legacy-protocols sonmp # set service lldp management-address '192.0.2.14' # Using deleted # # Before state # ------------- # vyos@vyos:~$ show configuration commands|grep lldp # set service lldp legacy-protocols cdp # set service lldp legacy-protocols edp # set service lldp legacy-protocols sonmp # set service lldp management-address '192.0.2.14' # - name: Delete attributes of given lldp service (This won't delete the LLDP service itself) vyos.vyos.vyos_lldp_global: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "address": "192.0.2.14" # }, # { # "legacy_protocols": [ # "cdp", # "edp", # "sonmp" # ] # } # { # "enable": true # } # ] # # "commands": [ # "delete service lldp management-address", # "delete service lldp legacy-protocols" # ] # # "after": [ # { # "enable": true # } # ] # # After state # ------------ # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp legacy-protocols 'cdp' # set service lldp management-address '192.0.2.17' # - name: Gather lldp global config with provided configurations vyos.vyos.vyos_lldp_global: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp legacy-protocols 'cdp' # set service lldp management-address '192.0.2.17' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_lldp_global: config: address: 192.0.2.17 enable: true legacy_protocols: - cdp state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set service lldp legacy-protocols 'cdp'", # "set service lldp", # "set service lldp management-address '192.0.2.17'" # ] # # Using parsed # # - name: Parse the provided commands to provide structured configuration vyos.vyos.vyos_lldp_global: running_config: "set service lldp legacy-protocols 'cdp' set service lldp legacy-protocols 'fdp' set service lldp management-address '192.0.2.11'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "address": "192.0.2.11", # "enable": true, # "legacy_protocols": [ # "cdp", # "fdp" # ] # } # - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set service lldp legacy-protocols sonmp', "set service lldp management-address '192.0.2.14'"]
+ -
Key Returned Description
+
after
list -
-
when changed -
The configuration as structured data after module completion.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration as structured data prior to module invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
['set service lldp legacy-protocols sonmp', "set service lldp management-address '192.0.2.14'"]
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_lldp_interface_module.rst b/docs/vyos.vyos.vyos_lldp_interface_module.rst index 98d5c70..1c860e7 100644 --- a/docs/vyos.vyos.vyos_lldp_interface_module.rst +++ b/docs/vyos.vyos.vyos_lldp_interface_module.rst @@ -1,346 +1,344 @@ .. _vyos.vyos.vyos_lldp_interface_module: ***************************** vyos.vyos.vyos_lldp_interface ***************************** **(deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_lldp_interfaces Synopsis -------- - This module provides declarative management of LLDP interfaces configuration on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + / required + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
aggregate
list - / elements=dictionary
-
- -
List of interfaces LLDP should be configured on.
-
+ +
List of interfaces LLDP should be configured on.
+
+
name
string - / required
-
- -
Name of the interface LLDP should be configured on.
-
+ +
Name of the interface LLDP should be configured on.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
  • enabled
  • -
  • disabled
  • -
-
-
State of the LLDP configuration.
-
+
    Choices: +
  • present
  • +
  • absent
  • +
  • enabled
  • +
  • disabled
  • +
+
+
State of the LLDP configuration.
+
+ +
name
string -
-
- -
Name of the interface LLDP should be configured on.
-
+ +
Name of the interface LLDP should be configured on.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
  • enabled
  • -
  • disabled
  • -
-
-
State of the LLDP configuration.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
  • enabled
  • +
  • disabled
  • +
+
+
State of the LLDP configuration.
+
+
Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: Enable LLDP on eth1 net_lldp_interface: state: present - name: Enable LLDP on specific interfaces net_lldp_interface: interfaces: - eth1 - eth2 state: present - name: Disable LLDP globally net_lldp_interface: state: disabled - name: Create aggregate of LLDP interface configurations vyos.vyos.vyos_lldp_interface: aggregate: - name: eth1 - name: eth2 state: present - name: Delete aggregate of LLDP interface configurations vyos.vyos.vyos_lldp_interface: aggregate: - name: eth1 - name: eth2 state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set service lldp eth1', 'set service lldp eth2 disable']
+ -
Key Returned Description
+
commands
list -
-
always, except for the platforms that use Netconf transport to manage the device. -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set service lldp eth1', 'set service lldp eth2 disable']
-
+

Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) - - diff --git a/docs/vyos.vyos.vyos_lldp_interfaces_module.rst b/docs/vyos.vyos.vyos_lldp_interfaces_module.rst index d64b20c..c5ea47b 100644 --- a/docs/vyos.vyos.vyos_lldp_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_lldp_interfaces_module.rst @@ -1,928 +1,928 @@ .. _vyos.vyos.vyos_lldp_interfaces_module: ****************************** vyos.vyos.vyos_lldp_interfaces ****************************** **LLDP interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages attributes of lldp interfaces on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - - + + + - - + + + + - - - - - + + + + - - + / elements=dictionary + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + - - + / required + + + + - - - - - + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + / required + + + + - - - - - + + + + - - + / required + + + + - - - - - + + + - - + + + + - - - - + + - - + / required + + + + - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
list - / elements=dictionary
-
- -
A list of lldp interfaces configurations.
-
+ +
A list of lldp interfaces configurations.
+
+
enable
boolean -
-
-
    Choices: -
  • no
  • -
  • yes ←
  • -
-
-
to disable lldp on the interface.
-
+
    Choices: +
  • no
  • +
  • yes ←
  • +
+
+
to disable lldp on the interface.
+
+
location
dictionary -
-
- -
LLDP-MED location data.
-
+ +
LLDP-MED location data.
+
+
civic_based
dictionary -
-
- -
Civic-based location data.
-
+ +
Civic-based location data.
+
+
ca_info
list - / elements=dictionary
-
- -
LLDP-MED address info
-
+ +
LLDP-MED address info
+
+
ca_type
integer -
-
- -
LLDP-MED Civic Address type.
-
+ +
LLDP-MED Civic Address type.
+
+
ca_value
string -
-
- -
LLDP-MED Civic Address value.
-
+ +
LLDP-MED Civic Address value.
+
+ +
country_code
string - / required
-
- -
Country Code
-
+ +
Country Code
+
+ +
coordinate_based
dictionary -
-
- -
Coordinate-based location.
-
+ +
Coordinate-based location.
+
+
altitude
integer -
-
- -
Altitude in meters.
-
+ +
Altitude in meters.
+
+
datum
string -
-
-
    Choices: -
  • WGS84
  • -
  • NAD83
  • -
  • MLLW
  • -
-
-
Coordinate datum type.
-
+
    Choices: +
  • WGS84
  • +
  • NAD83
  • +
  • MLLW
  • +
+
+
Coordinate datum type.
+
+
latitude
string - / required
-
- -
Latitude.
-
+ +
Latitude.
+
+
longitude
string - / required
-
- -
Longitude.
-
+ +
Longitude.
+
+ +
elin
string -
-
- -
Emergency Call Service ELIN number (between 10-25 numbers).
-
+ +
Emergency Call Service ELIN number (between 10-25 numbers).
+
+ +
name
string - / required
-
- -
Name of the lldp interface.
-
+ +
Name of the lldp interface.
+
+ +
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep lldp.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep lldp.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • overridden
  • -
  • deleted
  • -
  • rendered
  • -
  • parsed
  • -
  • gathered
  • -
-
-
The state of the configuration after module completion.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • overridden
  • +
  • deleted
  • +
  • rendered
  • +
  • parsed
  • +
  • gathered
  • +
+
+
The state of the configuration after module completion.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # - name: Merge provided configuration with device configuration vyos.vyos.vyos_lldp_interfaces: config: - name: eth1 location: civic_based: country_code: US ca_info: - ca_type: 0 ca_value: ENGLISH - name: eth2 location: coordinate_based: altitude: 2200 datum: WGS84 longitude: 222.267255W latitude: 33.524449N state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set service lldp interface eth1 location civic-based country-code 'US'", # "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'", # "set service lldp interface eth1", # "set service lldp interface eth2 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth2 location coordinate-based altitude '2200'", # "set service lldp interface eth2 location coordinate-based datum 'WGS84'", # "set service lldp interface eth2 location coordinate-based longitude '222.267255W'", # "set service lldp interface eth2 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth2 location coordinate-based altitude '2200'", # "set service lldp interface eth2 location coordinate-based datum 'WGS84'", # "set service lldp interface eth2 location coordinate-based longitude '222.267255W'", # "set service lldp interface eth2" # # "after": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ], # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # - name: Replace device configurations of listed LLDP interfaces with provided configurations vyos.vyos.vyos_lldp_interfaces: config: - name: eth2 location: civic_based: country_code: US ca_info: - ca_type: 0 ca_value: ENGLISH - name: eth1 location: coordinate_based: altitude: 2200 datum: WGS84 longitude: 222.267255W latitude: 33.524449N state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ] # # "commands": [ # "delete service lldp interface eth2 location", # "set service lldp interface eth2 'disable'", # "set service lldp interface eth2 location civic-based country-code 'US'", # "set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'", # "delete service lldp interface eth1 location", # "set service lldp interface eth1 'disable'", # "set service lldp interface eth1 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth1 location coordinate-based altitude '2200'", # "set service lldp interface eth1 location coordinate-based datum 'WGS84'", # "set service lldp interface eth1 location coordinate-based longitude '222.267255W'" # ] # # "after": [ # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth2" # }, # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth1" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 'disable' # set service lldp interface eth1 location coordinate-based altitude '2200' # set service lldp interface eth1 location coordinate-based datum 'WGS84' # set service lldp interface eth1 location coordinate-based latitude '33.524449N' # set service lldp interface eth1 location coordinate-based longitude '222.267255W' # set service lldp interface eth2 'disable' # set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth2 location civic-based country-code 'US' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 'disable' # set service lldp interface eth1 location coordinate-based altitude '2200' # set service lldp interface eth1 location coordinate-based datum 'WGS84' # set service lldp interface eth1 location coordinate-based latitude '33.524449N' # set service lldp interface eth1 location coordinate-based longitude '222.267255W' # set service lldp interface eth2 'disable' # set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth2 location civic-based country-code 'US' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_lldp_interfaces: config: - name: eth2 location: elin: 0000000911 state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "enable": false, # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth2" # }, # { # "enable": false, # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth1" # } # ] # # "commands": [ # "delete service lldp interface eth2 location", # "delete service lldp interface eth2 disable", # "set service lldp interface eth2 location elin 0000000911" # # # "after": [ # { # "location": { # "elin": 0000000911 # }, # "name": "eth2" # } # ] # # # After state # ------------ # # vyos@vyos# run show configuration commands | grep lldp # set service lldp interface eth2 location elin '0000000911' # Using deleted # # Before state # ------------- # # vyos@vyos# run show configuration commands | grep lldp # set service lldp interface eth2 location elin '0000000911' # - name: Delete lldp interface attributes of given interfaces. vyos.vyos.vyos_lldp_interfaces: config: - name: eth2 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # before: [{location: {elin: 0000000911}, name: eth2}] # "commands": [ # "commands": [ # "delete service lldp interface eth2" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep lldp # set service 'lldp' # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # - name: Gather listed lldp interfaces from running configuration vyos.vyos.vyos_lldp_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ] # # # After state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_lldp_interfaces: config: - name: eth1 location: civic_based: country_code: US ca_info: - ca_type: 0 ca_value: ENGLISH - name: eth2 location: coordinate_based: altitude: 2200 datum: WGS84 longitude: 222.267255W latitude: 33.524449N state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set service lldp interface eth1 location civic-based country-code 'US'", # "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'", # "set service lldp interface eth1", # "set service lldp interface eth2 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth2 location coordinate-based altitude '2200'", # "set service lldp interface eth2 location coordinate-based datum 'WGS84'", # "set service lldp interface eth2 location coordinate-based longitude '222.267255W'", # "set service lldp interface eth2" # ] # Using parsed # # - name: Parsed the commands to provide structured configuration. vyos.vyos.vyos_lldp_interfaces: running_config: "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' set service lldp interface eth1 location civic-based country-code 'US' set service lldp interface eth2 location coordinate-based altitude '2200' set service lldp interface eth2 location coordinate-based datum 'WGS84' set service lldp interface eth2 location coordinate-based latitude '33.524449N' set service lldp interface eth2 location coordinate-based longitude '222.267255W'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ] - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
["set service lldp interface eth2 'disable'", 'delete service lldp interface eth1 location']
+ -
Key Returned Description
+
after
list -
-
when changed -
The configuration as structured data after module completion.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data after module completion.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration as structured data prior to module invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration as structured data prior to module invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
["set service lldp interface eth2 'disable'", 'delete service lldp interface eth1 location']
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_lldp_module.rst b/docs/vyos.vyos.vyos_lldp_module.rst index 30dae36..92aa732 100644 --- a/docs/vyos.vyos.vyos_lldp_module.rst +++ b/docs/vyos.vyos.vyos_lldp_module.rst @@ -1,271 +1,268 @@ .. _vyos.vyos.vyos_lldp_module: ******************* vyos.vyos.vyos_lldp ******************* **(deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_lldp_global Synopsis -------- - This module provides declarative management of LLDP service on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=string + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
interfaces
list - / elements=string
-
- -
Name of the interfaces.
-
+ +
Name of the interfaces.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
  • enabled
  • -
  • disabled
  • -
-
-
State of the link aggregation group.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
  • enabled
  • +
  • disabled
  • +
+
+
State of the link aggregation group.
+
+
Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: Enable LLDP service vyos.vyos.vyos_lldp: state: present - name: Disable LLDP service vyos.vyos.vyos_lldp: state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set service lldp']
+ -
Key Returned Description
+
commands
list -
-
always, except for the platforms that use Netconf transport to manage the device. -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set service lldp']
-
+

Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) - - diff --git a/docs/vyos.vyos.vyos_logging_module.rst b/docs/vyos.vyos.vyos_logging_module.rst index c54f636..f651b7a 100644 --- a/docs/vyos.vyos.vyos_logging_module.rst +++ b/docs/vyos.vyos.vyos_logging_module.rst @@ -1,443 +1,440 @@ .. _vyos.vyos.vyos_logging_module: ********************** vyos.vyos.vyos_logging ********************** **Manage logging on network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides declarative management of logging on Vyatta Vyos devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
aggregate
list - / elements=dictionary
-
- -
List of logging definitions.
-
+ +
List of logging definitions.
+
+
dest
string -
-
-
    Choices: -
  • console
  • -
  • file
  • -
  • global
  • -
  • host
  • -
  • user
  • -
-
-
Destination of the logs.
-
+
    Choices: +
  • console
  • +
  • file
  • +
  • global
  • +
  • host
  • +
  • user
  • +
+
+
Destination of the logs.
+
+
facility
string -
-
- -
Set logging facility.
-
+ +
Set logging facility.
+
+
level
string -
-
- -
Set logging severity levels.
-
+ +
Set logging severity levels.
+
+
name
string -
-
- -
If value of dest is file it indicates file-name, for user it indicates username and for host indicates the host name to be notified.
-
+ +
If value of dest is file it indicates file-name, for user it indicates username and for host indicates the host name to be notified.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
-
-
State of the logging configuration.
-
+
    Choices: +
  • present
  • +
  • absent
  • +
+
+
State of the logging configuration.
+
+ +
dest
string -
-
-
    Choices: -
  • console
  • -
  • file
  • -
  • global
  • -
  • host
  • -
  • user
  • -
-
-
Destination of the logs.
-
+
    Choices: +
  • console
  • +
  • file
  • +
  • global
  • +
  • host
  • +
  • user
  • +
+
+
Destination of the logs.
+
+
facility
string -
-
- -
Set logging facility.
-
+ +
Set logging facility.
+
+
level
string -
-
- -
Set logging severity levels.
-
+ +
Set logging severity levels.
+
+
name
string -
-
- -
If value of dest is file it indicates file-name, for user it indicates username and for host indicates the host name to be notified.
-
+ +
If value of dest is file it indicates file-name, for user it indicates username and for host indicates the host name to be notified.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
-
-
State of the logging configuration.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
State of the logging configuration.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: configure console logging vyos.vyos.vyos_logging: dest: console facility: all level: crit - name: remove console logging configuration vyos.vyos.vyos_logging: dest: console state: absent - name: configure file logging vyos.vyos.vyos_logging: dest: file name: test facility: local3 level: err - name: Add logging aggregate vyos.vyos.vyos_logging: aggregate: - {dest: file, name: test1, facility: all, level: info} - {dest: file, name: test2, facility: news, level: debug} state: present - name: Remove logging aggregate vyos.vyos.vyos_logging: aggregate: - {dest: console, facility: all, level: info} - {dest: console, facility: daemon, level: warning} - {dest: file, name: test2, facility: news, level: debug} state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set system syslog global facility all level notice']
+ -
Key Returned Description
+
commands
list -
-
always -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set system syslog global facility all level notice']
-
+

Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) - - diff --git a/docs/vyos.vyos.vyos_ospfv2_module.rst b/docs/vyos.vyos.vyos_ospfv2_module.rst index 1d23305..50ed5d3 100644 --- a/docs/vyos.vyos.vyos_ospfv2_module.rst +++ b/docs/vyos.vyos.vyos_ospfv2_module.rst @@ -1,3121 +1,3127 @@ .. _vyos.vyos.vyos_ospfv2_module: ********************* vyos.vyos.vyos_ospfv2 ********************* **OSPFv2 resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This resource module configures and manages attributes of OSPFv2 routes on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - - - - - + + + + + + - - - - - - - + + + + + + + - - + + + + - - - - + + + - - - - - - - - + + + + + + + + - - + + + + - - - - - + + + + - - - - - - - - - + + + + + + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - - - - - - - - + + + + + + + + + - - + + + + - - - - + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - - - - - - - + + + + + + + + - - + + + + - - - - + + + - - - - - - - - + + + + + + + + - - + + + + - - - - - + + + + - - - - - - - - - + + + + + + + + + - - - - - - - - - - + + + + + + + + + + - - + + + + - - - - - - - + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - - - - - - - + + + + + + + + - - - - - - - + + + + + + + - - - - - - - + + + + + + + - - - - - - - + + + + + + + - - - - - - - - + + + + + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - - - - - - - + + + + + + + + - - + + + + - - - + + - - - - - - - + + + + + + + - - + + + + - - - - + + + - - - - - - - - + + + + + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - - - - - - - + + + + + + + + - - + + + + - - - + + - - - - - - - + + + + + + + - - - - - - - - + + + + + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - - - - - - - + + + + + + + + - - - - - - - + + + + + + + - - + + + + - - - - + + + - - - - - - - + + + + + + + - - - - - - - + + + + + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - - - - - - + + + + + + + - - - - - - - + + + + + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - - - - - - + + + + + + + - - + / elements=string + + + + - - - + + - - + / elements=string + + + + - - - + + - - - - - - - + + + + + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - - - - - - + + + + + + + - - + / elements=string + + + + - - - + + - - - - - - - + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - - - - - - - - + + + + + + + + + - - + + + + - - + - - - -
Parameter Choices/DefaultsCommentsComments
+
config
dictionary -
-
- -
A provided OSPFv2 route configuration.
-
+ + + +
A provided OSPFv2 route configuration.
+
areas
list - / elements=dictionary
-
- -
OSPFv2 area.
-
+ / elements=dictionary + + + +
OSPFv2 area.
+
area_id
string -
-
- -
OSPFv2 area identity.
-
+ +
OSPFv2 area identity.
+
+
area_type
dictionary -
-
- -
Area type.
-
+ + + +
Area type.
+
normal
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Normal OSPFv2 area.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Normal OSPFv2 area.
+
+
nssa
dictionary -
-
- -
NSSA OSPFv2 area.
-
+ + + +
NSSA OSPFv2 area.
+
default_cost
integer -
-
- -
Summary-default cost of NSSA area.
-
+ +
Summary-default cost of NSSA area.
+
+
no_summary
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Do not inject inter-area routes into stub.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Do not inject inter-area routes into stub.
+
+
set
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enabling NSSA.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enabling NSSA.
+
+
translate
string -
-
-
    Choices: -
  • always
  • -
  • candidate
  • -
  • never
  • -
-
-
NSSA-ABR.
-
+ + +
    Choices: +
  • always
  • +
  • candidate
  • +
  • never
  • +
+
+
NSSA-ABR.
+
stub
dictionary -
-
- -
Stub OSPFv2 area.
-
+ + + +
Stub OSPFv2 area.
+
default_cost
integer -
-
- -
Summary-default cost of stub area.
-
+ +
Summary-default cost of stub area.
+
+
no_summary
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Do not inject inter-area routes into stub.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Do not inject inter-area routes into stub.
+
+
set
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enabling stub.
-
+ + +
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enabling stub.
+
authentication
string -
-
-
    Choices: -
  • plaintext-password
  • -
  • md5
  • -
-
-
OSPFv2 area authentication type.
-
+
    Choices: +
  • plaintext-password
  • +
  • md5
  • +
+
+
OSPFv2 area authentication type.
+
+
network
list - / elements=dictionary
-
- -
OSPFv2 network.
-
+ / elements=dictionary + + + +
OSPFv2 network.
+
address
string - / required
-
- -
OSPFv2 IPv4 network address.
-
+ / required + + + +
OSPFv2 IPv4 network address.
+
range
list - / elements=dictionary
-
- -
Summarize routes matching prefix (border routers only).
-
+ / elements=dictionary + + + +
Summarize routes matching prefix (border routers only).
+
address
string -
-
- -
border router IPv4 address.
-
+ +
border router IPv4 address.
+
+
cost
integer -
-
- -
Metric for this range.
-
+ +
Metric for this range.
+
+
not_advertise
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Don't advertise this range.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Don't advertise this range.
+
+
substitute
string -
-
- -
Announce area range (IPv4 address) as another prefix.
-
+ + + +
Announce area range (IPv4 address) as another prefix.
+
shortcut
string -
-
-
    Choices: -
  • default
  • -
  • disable
  • -
  • enable
  • -
-
-
Area's shortcut mode.
-
+
    Choices: +
  • default
  • +
  • disable
  • +
  • enable
  • +
+
+
Area's shortcut mode.
+
+
virtual_link
list - / elements=dictionary
-
- -
Virtual link address.
-
+ / elements=dictionary + + + +
Virtual link address.
+
address
string -
-
- -
virtual link address.
-
+ +
virtual link address.
+
+
authentication
dictionary -
-
- -
OSPFv2 area authentication type.
-
+ + + +
OSPFv2 area authentication type.
+
md5
list - / elements=dictionary
-
- -
MD5 key id based authentication.
-
+ / elements=dictionary + + + +
MD5 key id based authentication.
+
key_id
integer -
-
- -
MD5 key id.
-
+ +
MD5 key id.
+
+
md5_key
string -
-
- -
MD5 key.
-
+ + + +
MD5 key.
+
plaintext_password
string -
-
- -
Plain text password.
-
+ + + +
Plain text password.
+
dead_interval
integer -
-
- -
Interval after which a neighbor is declared dead.
-
+ +
Interval after which a neighbor is declared dead.
+
+
hello_interval
integer -
-
- -
Interval between hello packets.
-
+ +
Interval between hello packets.
+
+
retransmit_interval
integer -
-
- -
Interval between retransmitting lost link state advertisements.
-
+ +
Interval between retransmitting lost link state advertisements.
+
+
transmit_delay
integer -
-
- -
Link state transmit delay.
-
+ + + +
Link state transmit delay.
+
auto_cost
dictionary -
-
- -
Calculate OSPFv2 interface cost according to bandwidth.
-
+ + + +
Calculate OSPFv2 interface cost according to bandwidth.
+
reference_bandwidth
integer -
-
- -
Reference bandwidth cost in Mbits/sec.
-
+ + + +
Reference bandwidth cost in Mbits/sec.
+
default_information
dictionary -
-
- -
Control distribution of default information.
-
+ + + +
Control distribution of default information.
+
originate
dictionary -
-
- -
Distribute a default route.
-
+ + + +
Distribute a default route.
+
always
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Always advertise default route.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Always advertise default route.
+
+
metric
integer -
-
- -
OSPFv2 default metric.
-
+ +
OSPFv2 default metric.
+
+
metric_type
integer -
-
- -
OSPFv2 Metric types for default routes.
-
+ +
OSPFv2 Metric types for default routes.
+
+
route_map
string -
-
- -
Route map references.
-
+ + + +
Route map references.
+
default_metric
integer -
-
- -
Metric of redistributed routes
-
+ +
Metric of redistributed routes
+
+
distance
dictionary -
-
- -
Administrative distance.
-
+ + + +
Administrative distance.
+
global
integer -
-
- -
Global OSPFv2 administrative distance.
-
+ +
Global OSPFv2 administrative distance.
+
+
ospf
dictionary -
-
- -
OSPFv2 administrative distance.
-
+ + + +
OSPFv2 administrative distance.
+
external
integer -
-
- -
Distance for external routes.
-
+ +
Distance for external routes.
+
+
inter_area
integer -
-
- -
Distance for inter-area routes.
-
+ +
Distance for inter-area routes.
+
+
intra_area
integer -
-
- -
Distance for intra-area routes.
-
+ + + +
Distance for intra-area routes.
+
log_adjacency_changes
string -
-
-
    Choices: -
  • detail
  • -
-
-
Log changes in adjacency state.
-
+
    Choices: +
  • detail
  • +
+
+
Log changes in adjacency state.
+
+
max_metric
dictionary -
-
- -
OSPFv2 maximum/infinite-distance metric.
-
+ + + +
OSPFv2 maximum/infinite-distance metric.
+
router_lsa
dictionary -
-
- -
Advertise own Router-LSA with infinite distance (stub router).
-
+ + + +
Advertise own Router-LSA with infinite distance (stub router).
+
administrative
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Administratively apply, for an indefinite period.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Administratively apply, for an indefinite period.
+
+
on_shutdown
integer -
-
- -
Time to advertise self as stub-router.
-
+ +
Time to advertise self as stub-router.
+
+
on_startup
integer -
-
- -
Time to advertise self as stub-router
-
+ + + +
Time to advertise self as stub-router
+
mpls_te
dictionary -
-
- -
MultiProtocol Label Switching-Traffic Engineering (MPLS-TE) parameters.
-
+ + + +
MultiProtocol Label Switching-Traffic Engineering (MPLS-TE) parameters.
+
enabled
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enable MPLS-TE functionality.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enable MPLS-TE functionality.
+
+
router_address
string -
-
- -
Stable IP address of the advertising router.
-
+ + + +
Stable IP address of the advertising router.
+
neighbor
list - / elements=dictionary
-
- -
Neighbor IP address.
-
+ / elements=dictionary + + + +
Neighbor IP address.
+
neighbor_id
string -
-
- -
Identity (number/IP address) of neighbor.
-
+ +
Identity (number/IP address) of neighbor.
+
+
poll_interval
integer -
-
- -
Seconds between dead neighbor polling interval.
-
+ +
Seconds between dead neighbor polling interval.
+
+
priority
integer -
-
- -
Neighbor priority.
-
+ + + +
Neighbor priority.
+
parameters
dictionary -
-
- -
OSPFv2 specific parameters.
-
+ + + +
OSPFv2 specific parameters.
+
abr_type
string -
-
-
    Choices: -
  • cisco
  • -
  • ibm
  • -
  • shortcut
  • -
  • standard
  • -
-
-
OSPFv2 ABR Type.
-
+
    Choices: +
  • cisco
  • +
  • ibm
  • +
  • shortcut
  • +
  • standard
  • +
+
+
OSPFv2 ABR Type.
+
+
opaque_lsa
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enable the Opaque-LSA capability (rfc2370).
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enable the Opaque-LSA capability (rfc2370).
+
+
rfc1583_compatibility
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Enable rfc1583 criteria for handling AS external routes.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Enable rfc1583 criteria for handling AS external routes.
+
+
router_id
string -
-
- -
Override the default router identifier.
-
+ + + +
Override the default router identifier.
+
passive_interface
list - / elements=string
-
- -
Suppress routing updates on an interface.
-
+ +
Suppress routing updates on an interface.
+
+
passive_interface_exclude
list - / elements=string
-
- -
Interface to exclude when using passive-interface default.
-
+ +
Interface to exclude when using passive-interface default.
+
+
redistribute
list - / elements=dictionary
-
- -
Redistribute information from another routing protocol.
-
+ / elements=dictionary + + + +
Redistribute information from another routing protocol.
+
metric
integer -
-
- -
Metric for redistribution routes.
-
+ +
Metric for redistribution routes.
+
+
metric_type
integer -
-
- -
OSPFv2 Metric types.
-
+ +
OSPFv2 Metric types.
+
+
route_map
string -
-
- -
Route map references.
-
+ +
Route map references.
+
+
route_type
string -
-
-
    Choices: -
  • bgp
  • -
  • connected
  • -
  • kernel
  • -
  • rip
  • -
  • static
  • -
-
-
Route type to redistribute.
-
+ + +
    Choices: +
  • bgp
  • +
  • connected
  • +
  • kernel
  • +
  • rip
  • +
  • static
  • +
+
+
Route type to redistribute.
+
route_map
list - / elements=string
-
- -
Filter routes installed in local route map.
-
+ +
Filter routes installed in local route map.
+
+
timers
dictionary -
-
- -
Adjust routing timers.
-
+ + + +
Adjust routing timers.
+
refresh
dictionary -
-
- -
Adjust refresh parameters.
-
+ + + +
Adjust refresh parameters.
+
timers
integer -
-
- -
refresh timer.
-
+ + + +
refresh timer.
+
throttle
dictionary -
-
- -
Throttling adaptive timers.
-
+ + + +
Throttling adaptive timers.
+
spf
dictionary -
-
- -
OSPFv2 SPF timers.
-
+ + + +
OSPFv2 SPF timers.
+
delay
integer -
-
- -
Delay (msec) from first change received till SPF calculation.
-
+ +
Delay (msec) from first change received till SPF calculation.
+
+
initial_holdtime
integer -
-
- -
Initial hold time(msec) between consecutive SPF calculations.
-
+ +
Initial hold time(msec) between consecutive SPF calculations.
+
+
max_holdtime
integer -
-
- -
maximum hold time (sec).
-
+ + + +
maximum hold time (sec).
+
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep ospf.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep ospf.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • deleted
  • -
  • parsed
  • -
  • gathered
  • -
  • rendered
  • -
-
-
The state the configuration should be left in.
-
+ + + +
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • deleted
  • +
  • parsed
  • +
  • gathered
  • +
  • rendered
  • +
+ + +
The state the configuration should be left in.
+ + +
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep ospf # # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_ospfv2: config: log_adjacency_changes: detail max_metric: router_lsa: administrative: true on_shutdown: 10 on_startup: 10 default_information: originate: always: true metric: 10 metric_type: 2 route_map: ingress mpls_te: enabled: true router_address: 192.0.11.11 auto_cost: reference_bandwidth: 2 neighbor: - neighbor_id: 192.0.11.12 poll_interval: 10 priority: 2 redistribute: - route_type: bgp metric: 10 metric_type: 2 passive_interface: - eth1 - eth2 parameters: router_id: 192.0.1.1 opaque_lsa: true rfc1583_compatibility: true abr_type: cisco areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '3' area_type: nssa: set: true - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 range: - address: 192.0.3.0/24 cost: 10 - address: 192.0.4.0/24 cost: 12 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": {} # # "commands": [ # "set protocols ospf mpls-te enable", # "set protocols ospf mpls-te router-address '192.0.11.11'", # "set protocols ospf redistribute bgp", # "set protocols ospf redistribute bgp metric-type 2", # "set protocols ospf redistribute bgp metric 10", # "set protocols ospf default-information originate metric-type 2", # "set protocols ospf default-information originate always", # "set protocols ospf default-information originate metric 10", # "set protocols ospf default-information originate route-map ingress", # "set protocols ospf auto-cost reference-bandwidth '2'", # "set protocols ospf parameters router-id '192.0.1.1'", # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", # "set protocols ospf passive-interface eth1", # "set protocols ospf passive-interface eth2", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", # "set protocols ospf log-adjacency-changes 'detail'", # "set protocols ospf neighbor 192.0.11.12 priority 2", # "set protocols ospf neighbor 192.0.11.12 poll-interval 10", # "set protocols ospf neighbor 192.0.11.12", # "set protocols ospf area '2'", # "set protocols ospf area 2 authentication plaintext-password", # "set protocols ospf area 2 shortcut enable", # "set protocols ospf area 2 area-type normal", # "set protocols ospf area '3'", # "set protocols ospf area 3 area-type nssa", # "set protocols ospf area 4 range 192.0.3.0/24 cost 10", # "set protocols ospf area 4 range 192.0.3.0/24", # "set protocols ospf area 4 range 192.0.4.0/24 cost 12", # "set protocols ospf area 4 range 192.0.4.0/24", # "set protocols ospf area 4 area-type stub default-cost 20", # "set protocols ospf area '4'", # "set protocols ospf area 4 network 192.0.2.0/24" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep ospf # # - name: Merge the provided configuration to update existing running configuration vyos.vyos.vyos_ospfv2: config: areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '3' area_type: nssa: set: false - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 - address: 192.0.22.0/24 - address: 192.0.32.0/24 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # "commands": [ # "delete protocols ospf area 4 area-type stub", # "set protocols ospf area 4 network 192.0.22.0/24" # "set protocols ospf area 4 network 192.0.32.0/24" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # }, # "network": [ # { # "address": "192.0.2.0/24" # }, # { # "address": "192.0.22.0/24" # }, # { # "address": "192.0.32.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 network '192.0.22.0/24' # set protocols ospf area 4 network '192.0.32.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using replaced # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # - name: Replace ospfv2 routes attributes configuration. vyos.vyos.vyos_ospfv2: config: log_adjacency_changes: detail max_metric: router_lsa: administrative: true on_shutdown: 10 on_startup: 10 default_information: originate: always: true metric: 10 metric_type: 2 route_map: ingress mpls_te: enabled: true router_address: 192.0.22.22 auto_cost: reference_bandwidth: 2 neighbor: - neighbor_id: 192.0.11.12 poll_interval: 10 priority: 2 redistribute: - route_type: bgp metric: 10 metric_type: 2 passive_interface: - eth1 parameters: router_id: 192.0.1.1 opaque_lsa: true rfc1583_compatibility: true abr_type: cisco areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 - address: 192.0.12.0/24 - address: 192.0.22.0/24 - address: 192.0.32.0/24 range: - address: 192.0.42.0/24 cost: 10 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # "commands": [ # "delete protocols ospf passive-interface eth2", # "delete protocols ospf area 3", # "delete protocols ospf area 4 range 192.0.3.0/24 cost", # "delete protocols ospf area 4 range 192.0.3.0/24", # "delete protocols ospf area 4 range 192.0.4.0/24 cost", # "delete protocols ospf area 4 range 192.0.4.0/24", # "set protocols ospf mpls-te router-address '192.0.22.22'", # "set protocols ospf area 4 range 192.0.42.0/24 cost 10", # "set protocols ospf area 4 range 192.0.42.0/24", # "set protocols ospf area 4 network 192.0.12.0/24", # "set protocols ospf area 4 network 192.0.22.0/24", # "set protocols ospf area 4 network 192.0.32.0/24" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.12.0/24" # }, # { # "address": "192.0.2.0/24" # }, # { # "address": "192.0.22.0/24" # }, # { # "address": "192.0.32.0/24" # } # ], # "range": [ # { # "address": "192.0.42.0/24", # "cost": 10 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.22.22" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 network '192.0.12.0/24' # set protocols ospf area 4 network '192.0.22.0/24' # set protocols ospf area 4 network '192.0.32.0/24' # set protocols ospf area 4 range 192.0.42.0/24 cost '10' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.22.22' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_ospfv2: config: log_adjacency_changes: detail max_metric: router_lsa: administrative: true on_shutdown: 10 on_startup: 10 default_information: originate: always: true metric: 10 metric_type: 2 route_map: ingress mpls_te: enabled: true router_address: 192.0.11.11 auto_cost: reference_bandwidth: 2 neighbor: - neighbor_id: 192.0.11.12 poll_interval: 10 priority: 2 redistribute: - route_type: bgp metric: 10 metric_type: 2 passive_interface: - eth1 - eth2 parameters: router_id: 192.0.1.1 opaque_lsa: true rfc1583_compatibility: true abr_type: cisco areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '3' area_type: nssa: set: true - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 range: - address: 192.0.3.0/24 cost: 10 - address: 192.0.4.0/24 cost: 12 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # [ # "set protocols ospf mpls-te enable", # "set protocols ospf mpls-te router-address '192.0.11.11'", # "set protocols ospf redistribute bgp", # "set protocols ospf redistribute bgp metric-type 2", # "set protocols ospf redistribute bgp metric 10", # "set protocols ospf default-information originate metric-type 2", # "set protocols ospf default-information originate always", # "set protocols ospf default-information originate metric 10", # "set protocols ospf default-information originate route-map ingress", # "set protocols ospf auto-cost reference-bandwidth '2'", # "set protocols ospf parameters router-id '192.0.1.1'", # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", # "set protocols ospf passive-interface eth1", # "set protocols ospf passive-interface eth2", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", # "set protocols ospf log-adjacency-changes 'detail'", # "set protocols ospf neighbor 192.0.11.12 priority 2", # "set protocols ospf neighbor 192.0.11.12 poll-interval 10", # "set protocols ospf neighbor 192.0.11.12", # "set protocols ospf area '2'", # "set protocols ospf area 2 authentication plaintext-password", # "set protocols ospf area 2 shortcut enable", # "set protocols ospf area 2 area-type normal", # "set protocols ospf area '3'", # "set protocols ospf area 3 area-type nssa", # "set protocols ospf area 4 range 192.0.3.0/24 cost 10", # "set protocols ospf area 4 range 192.0.3.0/24", # "set protocols ospf area 4 range 192.0.4.0/24 cost 12", # "set protocols ospf area 4 range 192.0.4.0/24", # "set protocols ospf area 4 area-type stub default-cost 20", # "set protocols ospf area '4'", # "set protocols ospf area 4 network 192.0.2.0/24" # ] # Using parsed # # - name: Parse the commands for provided structured configuration vyos.vyos.vyos_ospfv2: running_config: "set protocols ospf area 2 area-type 'normal' set protocols ospf area 2 authentication 'plaintext-password' set protocols ospf area 2 shortcut 'enable' set protocols ospf area 3 area-type 'nssa' set protocols ospf area 4 area-type stub default-cost '20' set protocols ospf area 4 network '192.0.2.0/24' set protocols ospf area 4 range 192.0.3.0/24 cost '10' set protocols ospf area 4 range 192.0.4.0/24 cost '12' set protocols ospf auto-cost reference-bandwidth '2' set protocols ospf default-information originate 'always' set protocols ospf default-information originate metric '10' set protocols ospf default-information originate metric-type '2' set protocols ospf default-information originate route-map 'ingress' set protocols ospf log-adjacency-changes 'detail' set protocols ospf max-metric router-lsa 'administrative' set protocols ospf max-metric router-lsa on-shutdown '10' set protocols ospf max-metric router-lsa on-startup '10' set protocols ospf mpls-te 'enable' set protocols ospf mpls-te router-address '192.0.11.11' set protocols ospf neighbor 192.0.11.12 poll-interval '10' set protocols ospf neighbor 192.0.11.12 priority '2' set protocols ospf parameters abr-type 'cisco' set protocols ospf parameters 'opaque-lsa' set protocols ospf parameters 'rfc1583-compatibility' set protocols ospf parameters router-id '192.0.1.1' set protocols ospf passive-interface 'eth1' set protocols ospf passive-interface 'eth2' set protocols ospf redistribute bgp metric '10' set protocols ospf redistribute bgp metric-type '2'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # } # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # - name: Gather ospfv2 routes config with provided configurations vyos.vyos.vyos_ospfv2: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # - name: Delete attributes of ospfv2 routes. vyos.vyos.vyos_ospfv2: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # "commands": [ # "delete protocols ospf" # ] # # "after": {} # After state # ------------ # vyos@192# run show configuration commands | grep ospf # - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospf passive-interface 'eth1'"]
+ -
Key Returned Description
+
after
dictionary -
-
when changed -
The resulting configuration model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The resulting configuration model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
dictionary -
-
always -
The configuration prior to the model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration prior to the model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospf passive-interface 'eth1'"]
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_ospfv3_module.rst b/docs/vyos.vyos.vyos_ospfv3_module.rst index 1bfbde0..d1ee1b1 100644 --- a/docs/vyos.vyos.vyos_ospfv3_module.rst +++ b/docs/vyos.vyos.vyos_ospfv3_module.rst @@ -1,919 +1,916 @@ .. _vyos.vyos.vyos_ospfv3_module: ********************* vyos.vyos.vyos_ospfv3 ********************* **OSPFV3 resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This resource module configures and manages attributes of OSPFv3 routes on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + + + - - + + + + - - - - - + + - - + + + + - - - - + + + - - + + + + - - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + + + + - - - - + + + - - + + + + - - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
dictionary -
-
- -
A provided OSPFv3 route configuration.
-
+ +
A provided OSPFv3 route configuration.
+
+
areas
list - / elements=dictionary
-
- -
OSPFv3 area.
-
+ +
OSPFv3 area.
+
+
area_id
string -
-
- -
OSPFv3 Area name/identity.
-
+ +
OSPFv3 Area name/identity.
+
+
export_list
string -
-
- -
Name of export-list.
-
+ +
Name of export-list.
+
+
import_list
string -
-
- -
Name of import-list.
-
+ +
Name of import-list.
+
+
range
list - / elements=dictionary
-
- -
Summarize routes matching prefix (border routers only).
-
+ +
Summarize routes matching prefix (border routers only).
+
+
address
string -
-
- -
border router IPv4 address.
-
+ +
border router IPv4 address.
+
+
advertise
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Advertise this range.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Advertise this range.
+
+
not_advertise
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Don't advertise this range.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Don't advertise this range.
+
+ + +
parameters
dictionary -
-
- -
OSPFv3 specific parameters.
-
+ +
OSPFv3 specific parameters.
+
+
router_id
string -
-
- -
Override the default router identifier.
-
+ +
Override the default router identifier.
+
+ +
redistribute
list - / elements=dictionary
-
- -
Redistribute information from another routing protocol.
-
+ +
Redistribute information from another routing protocol.
+
+
route_map
string -
-
- -
Route map references.
-
+ +
Route map references.
+
+
route_type
string -
-
-
    Choices: -
  • bgp
  • -
  • connected
  • -
  • kernel
  • -
  • ripng
  • -
  • static
  • -
-
-
Route type to redistribute.
-
+
    Choices: +
  • bgp
  • +
  • connected
  • +
  • kernel
  • +
  • ripng
  • +
  • static
  • +
+
+
Route type to redistribute.
+
+ + +
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep ospfv3.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep ospfv3.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • deleted
  • -
  • parsed
  • -
  • gathered
  • -
  • rendered
  • -
-
-
The state the configuration should be left in.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • deleted
  • +
  • parsed
  • +
  • gathered
  • +
  • rendered
  • +
+
+
The state the configuration should be left in.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep ospfv3 # # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_ospfv3: config: redistribute: - route_type: bgp parameters: router_id: 192.0.2.10 areas: - area_id: '2' export_list: export1 import_list: import1 range: - address: 2001:db10::/32 - address: 2001:db20::/32 - address: 2001:db30::/32 - area_id: '3' range: - address: 2001:db40::/32 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": {} # # "commands": [ # "set protocols ospfv3 redistribute bgp", # "set protocols ospfv3 parameters router-id '192.0.2.10'", # "set protocols ospfv3 area 2 range 2001:db10::/32", # "set protocols ospfv3 area 2 range 2001:db20::/32", # "set protocols ospfv3 area 2 range 2001:db30::/32", # "set protocols ospfv3 area '2'", # "set protocols ospfv3 area 2 export-list export1", # "set protocols ospfv3 area 2 import-list import1", # "set protocols ospfv3 area '3'", # "set protocols ospfv3 area 3 range 2001:db40::/32" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # Using replaced # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # - name: Replace ospfv3 routes attributes configuration. vyos.vyos.vyos_ospfv3: config: redistribute: - route_type: bgp parameters: router_id: 192.0.2.10 areas: - area_id: '2' export_list: export1 import_list: import1 range: - address: 2001:db10::/32 - address: 2001:db30::/32 - address: 2001:db50::/32 - area_id: '4' range: - address: 2001:db60::/32 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # "commands": [ # "delete protocols ospfv3 area 2 range 2001:db20::/32", # "delete protocols ospfv3 area 3", # "set protocols ospfv3 area 2 range 2001:db50::/32", # "set protocols ospfv3 area '4'", # "set protocols ospfv3 area 4 range 2001:db60::/32" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db30::/32" # }, # { # "address": "2001:db50::/32" # } # ] # }, # { # "area_id": "4", # "range": [ # { # "address": "2001:db60::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 2 range '2001:db50::/32' # set protocols ospfv3 area 4 range '2001:db60::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_ospfv3: config: redistribute: - route_type: bgp parameters: router_id: 192.0.2.10 areas: - area_id: '2' export_list: export1 import_list: import1 range: - address: 2001:db10::/32 - address: 2001:db20::/32 - address: 2001:db30::/32 - area_id: '3' range: - address: 2001:db40::/32 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # [ # "set protocols ospfv3 redistribute bgp", # "set protocols ospfv3 parameters router-id '192.0.2.10'", # "set protocols ospfv3 area 2 range 2001:db10::/32", # "set protocols ospfv3 area 2 range 2001:db20::/32", # "set protocols ospfv3 area 2 range 2001:db30::/32", # "set protocols ospfv3 area '2'", # "set protocols ospfv3 area 2 export-list export1", # "set protocols ospfv3 area 2 import-list import1", # "set protocols ospfv3 area '3'", # "set protocols ospfv3 area 3 range 2001:db40::/32" # ] # Using parsed # # - name: Parse the commands to provide structured configuration. vyos.vyos.vyos_ospfv3: running_config: "set protocols ospfv3 area 2 export-list 'export1' set protocols ospfv3 area 2 import-list 'import1' set protocols ospfv3 area 2 range '2001:db10::/32' set protocols ospfv3 area 2 range '2001:db20::/32' set protocols ospfv3 area 2 range '2001:db30::/32' set protocols ospfv3 area 3 range '2001:db40::/32' set protocols ospfv3 parameters router-id '192.0.2.10' set protocols ospfv3 redistribute 'bgp'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # - name: Gather ospfv3 routes config with provided configurations vyos.vyos.vyos_ospfv3: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # - name: Delete attributes of ospfv3 routes. vyos.vyos.vyos_ospfv3: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # "commands": [ # "delete protocols ospfv3" # ] # # "after": {} # After state # ------------ # vyos@192# run show configuration commands | grep ospfv3 - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospfv3 area 2 range '2001:db10::/32'"]
+ -
Key Returned Description
+
after
dictionary -
-
when changed -
The resulting configuration model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The resulting configuration model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
dictionary -
-
always -
The configuration prior to the model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration prior to the model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospfv3 area 2 range '2001:db10::/32'"]
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_ping_module.rst b/docs/vyos.vyos.vyos_ping_module.rst index 69bc418..e3377fc 100644 --- a/docs/vyos.vyos.vyos_ping_module.rst +++ b/docs/vyos.vyos.vyos_ping_module.rst @@ -1,425 +1,422 @@ .. _vyos.vyos.vyos_ping_module: ******************* vyos.vyos.vyos_ping ******************* **Tests reachability using ping from VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Tests reachability using ping from a VyOS device to a remote destination. - Tested against VyOS 1.1.8 (helium) - For a general purpose network module, see the :ref:`net_ping ` module. - For Windows targets, use the :ref:`win_ping ` module instead. - For targets running Python, use the :ref:`ping ` module instead. Parameters ---------- .. raw:: html - + - - + - - + + + + - - + - - + / required + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
count
integer -
-
- Default:
5
-
-
Number of packets to send to check reachability.
-
+ Default:
5
+
+
Number of packets to send to check reachability.
+
+
dest
string - / required
-
- -
The IP Address or hostname (resolvable by the device) of the remote node.
-
+ +
The IP Address or hostname (resolvable by the device) of the remote node.
+
+
interval
integer -
-
- -
Determines the interval (in seconds) between consecutive pings.
-
+ +
Determines the interval (in seconds) between consecutive pings.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
size
integer -
-
- -
Determines the size (in bytes) of the ping packet(s).
-
+ +
Determines the size (in bytes) of the ping packet(s).
+
+
source
string -
-
- -
The source interface or IP Address to use while sending the ping packet(s).
-
+ +
The source interface or IP Address to use while sending the ping packet(s).
+
+
state
string -
-
-
    Choices: -
  • absent
  • -
  • present ←
  • -
-
-
Determines if the expected result is success or fail.
-
+
    Choices: +
  • absent
  • +
  • present ←
  • +
+
+
Determines if the expected result is success or fail.
+
+
ttl
integer -
-
- -
The time-to-live value for the ICMP packet(s).
-
+ +
The time-to-live value for the ICMP packet(s).
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - For a general purpose network module, see the :ref:`net_ping ` module. - For Windows targets, use the :ref:`win_ping ` module instead. - For targets running Python, use the :ref:`ping ` module instead. - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: Test reachability to 10.10.10.10 vyos.vyos.vyos_ping: dest: 10.10.10.10 - name: Test reachability to 10.20.20.20 using source and ttl set vyos.vyos.vyos_ping: dest: 10.20.20.20 source: eth0 ttl: 128 - name: Test unreachability to 10.30.30.30 using interval vyos.vyos.vyos_ping: dest: 10.30.30.30 interval: 3 state: absent - name: Test reachability to 10.40.40.40 setting count and source vyos.vyos.vyos_ping: dest: 10.40.40.40 source: eth1 count: 20 size: 512 - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
List of commands sent.
+
+
Sample:
+
['ping 10.8.38.44 count 10 interface eth0 ttl 128']
+ - - + + + +
Percentage of packets lost.
+
+
Sample:
+
0%
+ - - + + + +
Packets successfully received.
+
+
Sample:
+
20
+ - - + + + +
Packets successfully transmitted.
+
+
Sample:
+
20
+ - - + + + +
The round trip time (RTT) stats.
+
+
Sample:
+
AnsibleMapping([('avg', 2), ('max', 8), ('min', 1), ('mdev', 24)])
+ -
Key Returned Description
+
commands
list -
-
always -
List of commands sent.
-
-
Sample:
-
['ping 10.8.38.44 count 10 interface eth0 ttl 128']
-
+
packet_loss
string -
-
always -
Percentage of packets lost.
-
-
Sample:
-
0%
-
+
packets_rx
integer -
-
always -
Packets successfully received.
-
-
Sample:
-
20
-
+
packets_tx
integer -
-
always -
Packets successfully transmitted.
-
-
Sample:
-
20
-
+
rtt
dictionary -
-
when ping succeeds -
The round trip time (RTT) stats.
-
-
Sample:
-
{'avg': 2, 'max': 8, 'min': 1, 'mdev': 24}
-
+

Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@NilashishC) - - diff --git a/docs/vyos.vyos.vyos_static_route_module.rst b/docs/vyos.vyos.vyos_static_route_module.rst index 848d5a0..74f296d 100644 --- a/docs/vyos.vyos.vyos_static_route_module.rst +++ b/docs/vyos.vyos.vyos_static_route_module.rst @@ -1,439 +1,437 @@ .. _vyos.vyos.vyos_static_route_module: *************************** vyos.vyos.vyos_static_route *************************** **(deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_static_routes Synopsis -------- - This module provides declarative management of static IP routes on Vyatta VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + + + + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + / required + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
admin_distance
integer -
-
- -
Admin distance of the static route.
-
+ +
Admin distance of the static route.
+
+
aggregate
list - / elements=dictionary
-
- -
List of static route definitions
-
+ +
List of static route definitions
+
+
admin_distance
integer -
-
- -
Admin distance of the static route.
-
+ +
Admin distance of the static route.
+
+
mask
string -
-
- -
Network prefix mask of the static route.
-
+ +
Network prefix mask of the static route.
+
+
next_hop
string -
-
- -
Next hop IP of the static route.
-
+ +
Next hop IP of the static route.
+
+
prefix
string - / required
-
- -
Network prefix of the static route. mask param should be ignored if prefix is provided with mask value prefix/mask.
-
+ +
Network prefix of the static route. mask param should be ignored if prefix is provided with mask value prefix/mask.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
-
-
State of the static route configuration.
-
+
    Choices: +
  • present
  • +
  • absent
  • +
+
+
State of the static route configuration.
+
+ +
mask
string -
-
- -
Network prefix mask of the static route.
-
+ +
Network prefix mask of the static route.
+
+
next_hop
string -
-
- -
Next hop IP of the static route.
-
+ +
Next hop IP of the static route.
+
+
prefix
string -
-
- -
Network prefix of the static route. mask param should be ignored if prefix is provided with mask value prefix/mask.
-
+ +
Network prefix of the static route. mask param should be ignored if prefix is provided with mask value prefix/mask.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
-
-
State of the static route configuration.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
State of the static route configuration.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: configure static route vyos.vyos.vyos_static_route: prefix: 192.168.2.0 mask: 24 next_hop: 10.0.0.1 - name: configure static route prefix/mask vyos.vyos.vyos_static_route: prefix: 192.168.2.0/16 next_hop: 10.0.0.1 - name: remove configuration vyos.vyos.vyos_static_route: prefix: 192.168.2.0 mask: 16 next_hop: 10.0.0.1 state: absent - name: configure aggregates of static routes vyos.vyos.vyos_static_route: aggregate: - {prefix: 192.168.2.0, mask: 24, next_hop: 10.0.0.1} - {prefix: 192.168.3.0, mask: 16, next_hop: 10.0.2.1} - {prefix: 192.168.3.0/16, next_hop: 10.0.2.1} - name: Remove static route collections vyos.vyos.vyos_static_route: aggregate: - {prefix: 172.24.1.0/24, next_hop: 192.168.42.64} - {prefix: 172.24.3.0/24, next_hop: 192.168.42.64} state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set protocols static route 192.168.2.0/16 next-hop 10.0.0.1']
+ -
Key Returned Description
+
commands
list -
-
always -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set protocols static route 192.168.2.0/16 next-hop 10.0.0.1']
-
+

Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Trishna Guha (@trishnaguha) - - diff --git a/docs/vyos.vyos.vyos_static_routes_module.rst b/docs/vyos.vyos.vyos_static_routes_module.rst index 1808538..53942a5 100644 --- a/docs/vyos.vyos.vyos_static_routes_module.rst +++ b/docs/vyos.vyos.vyos_static_routes_module.rst @@ -1,1164 +1,1165 @@ .. _vyos.vyos.vyos_static_routes_module: **************************** vyos.vyos.vyos_static_routes **************************** **Static routes resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages attributes of static routes on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + / elements=dictionary + + + + - - - - + + + - - + / required + + + + - - - - + + + - - + / elements=dictionary + + + + - - - - - + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + - - + / required + + + + - - - - - + + + + - - + / elements=dictionary + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - + + + + - - - - - - + + + + + - - + / required + + + + - - - - - - + + + + + - - + + + + - - - - - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
config
list - / elements=dictionary
-
- -
A provided static route configuration.
-
+ +
A provided static route configuration.
+
+
address_families
list - / elements=dictionary
-
- -
A dictionary specifying the address family to which the static route(s) belong.
-
+ +
A dictionary specifying the address family to which the static route(s) belong.
+
+
afi
string - / required
-
-
    Choices: -
  • ipv4
  • -
  • ipv6
  • -
-
-
Specifies the type of route.
-
+
    Choices: +
  • ipv4
  • +
  • ipv6
  • +
+
+
Specifies the type of route.
+
+
routes
list - / elements=dictionary
-
- -
A ditionary that specify the static route configurations.
-
+ +
A ditionary that specify the static route configurations.
+
+
blackhole_config
dictionary -
-
- -
Configured to silently discard packets.
-
+ +
Configured to silently discard packets.
+
+
distance
integer -
-
- -
Distance for the route.
-
+ +
Distance for the route.
+
+
type
string -
-
- -
This is to configure only blackhole.
-
+ +
This is to configure only blackhole.
+
+ +
dest
string - / required
-
- -
An IPv4/v6 address in CIDR notation that specifies the destination network for the static route.
-
+ +
An IPv4/v6 address in CIDR notation that specifies the destination network for the static route.
+
+
next_hops
list - / elements=dictionary
-
- -
Next hops to the specified destination.
-
+ +
Next hops to the specified destination.
+
+
admin_distance
integer -
-
- -
Distance value for the route.
-
+ +
Distance value for the route.
+
+
enabled
boolean -
-
-
    Choices: -
  • no
  • -
  • yes
  • -
-
-
Disable IPv4/v6 next-hop static route.
-
+
    Choices: +
  • no
  • +
  • yes
  • +
+
+
Disable IPv4/v6 next-hop static route.
+
+
forward_router_address
string - / required
-
- -
The IP address of the next hop that can be used to reach the destination network.
-
+ +
The IP address of the next hop that can be used to reach the destination network.
+
+
interface
string -
-
- -
Name of the outgoing interface.
-
+ +
Name of the outgoing interface.
+
+ + + + +
running_config
string -
-
- -
This option is used only with state parsed.
-
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep static route.
-
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
-
+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep static route.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
state
string -
-
-
    Choices: -
  • merged ←
  • -
  • replaced
  • -
  • overridden
  • -
  • deleted
  • -
  • gathered
  • -
  • rendered
  • -
  • parsed
  • -
-
-
The state of the configuration after module completion.
-
+
    Choices: +
  • merged ←
  • +
  • replaced
  • +
  • overridden
  • +
  • deleted
  • +
  • gathered
  • +
  • rendered
  • +
  • parsed
  • +
+
+
The state of the configuration after module completion.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml+jinja - # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep static # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: type: blackhole next_hops: - forward_router_address: 192.0.2.6 - forward_router_address: 192.0.2.7 - address_families: - afi: ipv6 routes: - dest: 2001:db8:1000::/36 blackhole_config: distance: 2 next_hops: - forward_router_address: 2001:db8:2000:2::1 - forward_router_address: 2001:db8:2000:2::2 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set protocols static route 192.0.2.32/28", # "set protocols static route 192.0.2.32/28 blackhole", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route6 2001:db8:1000::/36", # "set protocols static route6 2001:db8:1000::/36 blackhole distance '2'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'" # ] # # "after": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route 192.0.2.33/28 'blackhole' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.3' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.4' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Replace device configurations of listed static routes with provided configurations vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: distance: 2 next_hops: - forward_router_address: 192.0.2.7 enabled: false - forward_router_address: 192.0.2.9 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # }, # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.33/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.3" # }, # { # "forward_router_address": "192.0.2.4" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # "commands": [ # "delete protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", # "delete protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.9'", # "set protocols static route 192.0.2.32/28 blackhole distance '2'" # ] # # "after": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "enabled": false, # "forward_router_address": "192.0.2.7" # }, # { # "forward_router_address": "192.0.2.9" # } # ] # }, # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.33/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.3" # }, # { # "forward_router_address": "192.0.2.4" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 blackhole distance '2' # set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.9' # set protocols static route 192.0.2.33/28 'blackhole' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.3' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.4' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 blackhole distance '2' # set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.9' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 198.0.2.48/28 next_hops: - forward_router_address: 192.0.2.18 state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "enabled": false, # "forward_router_address": "192.0.2.7" # }, # { # "forward_router_address": "192.0.2.9" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # "commands": [ # "delete protocols static route 192.0.2.32/28", # "delete protocols static route6 2001:db8:1000::/36", # "set protocols static route 198.0.2.48/28", # "set protocols static route 198.0.2.48/28 next-hop '192.0.2.18'" # # # "after": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "dest": "198.0.2.48/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.18" # } # ] # } # ] # } # ] # } # ] # # # After state # ------------ # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 198.0.2.48/28 next-hop '192.0.2.18' # Using deleted to delete static route based on afi # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Delete static route based on afi. vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 - afi: ipv6 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # "commands": [ # "delete protocols static route", # "delete protocols static route6" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep static # set protocols 'static' # Using deleted to delete all the static routes when passes config is empty # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Delete all the static routes. vyos.vyos.vyos_static_routes: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # "commands": [ # "delete protocols static route", # "delete protocols static route6" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep static # set protocols 'static' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: type: blackhole next_hops: - forward_router_address: 192.0.2.6 - forward_router_address: 192.0.2.7 - address_families: - afi: ipv6 routes: - dest: 2001:db8:1000::/36 blackhole_config: distance: 2 next_hops: - forward_router_address: 2001:db8:2000:2::1 - forward_router_address: 2001:db8:2000:2::2 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set protocols static route 192.0.2.32/28", # "set protocols static route 192.0.2.32/28 blackhole", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route6 2001:db8:1000::/36", # "set protocols static route6 2001:db8:1000::/36 blackhole distance '2'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'" # ] # Using parsed # # - name: Parse the provided running configuration vyos.vyos.vyos_static_routes: running_config: "set protocols static route 192.0.2.32/28 'blackhole' set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' set protocols static route6 2001:db8:1000::/36 blackhole distance '2' set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # Using gathered # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Gather listed static routes with provided configurations vyos.vyos.vyos_static_routes: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' - - - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + + - - + + + + - - + + + +
The set of commands pushed to the remote device.
+
+
Sample:
+
["set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", "set protocols static route 192.0.2.32/28 'blackhole'"]
+ -
Key Returned Description
+
after
list -
-
when changed -
The resulting configuration model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The resulting configuration model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
before
list -
-
always -
The configuration prior to the model invocation.
-
-
Sample:
-
The configuration returned will always be in the same format +
The configuration prior to the model invocation.
+
+
Sample:
+
The configuration returned will always be in the same format of the parameters above.
-
+
commands
list -
-
always -
The set of commands pushed to the remote device.
-
-
Sample:
-
["set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", "set protocols static route 192.0.2.32/28 'blackhole'"]
-
+

Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) - - diff --git a/docs/vyos.vyos.vyos_system_module.rst b/docs/vyos.vyos.vyos_system_module.rst index acca366..a71303c 100644 --- a/docs/vyos.vyos.vyos_system_module.rst +++ b/docs/vyos.vyos.vyos_system_module.rst @@ -1,314 +1,312 @@ .. _vyos.vyos.vyos_system_module: ********************* vyos.vyos.vyos_system ********************* **Run `set system` commands on VyOS devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Runs one or more commands on remote devices running VyOS. This module can also be introspected to validate key parameters before returning successfully. Parameters ---------- .. raw:: html - + - - + - - + + + + - - + - - + / elements=string + + + + - - + - - + + + + - - + - - + / elements=string + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
domain_name
string -
-
- -
The new domain name to apply to the device.
-
+ +
The new domain name to apply to the device.
+
+
domain_search
list - / elements=string
-
- -
A list of domain names to search. Mutually exclusive with name_server
-
+ +
A list of domain names to search. Mutually exclusive with name_server
+
+
host_name
string -
-
- -
Configure the device hostname parameter. This option takes an ASCII string value.
-
+ +
Configure the device hostname parameter. This option takes an ASCII string value.
+
+
name_server
list - / elements=string
-
- -
A list of name servers to use with the device. Mutually exclusive with domain_search
-

aliases: name_servers
-
+ +
A list of name servers to use with the device. Mutually exclusive with domain_search
+

aliases: name_servers
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
-
-
Whether to apply (present) or remove (absent) the settings.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
Whether to apply (present) or remove (absent) the settings.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: configure hostname and domain-name vyos.vyos.vyos_system: host_name: vyos01 domain_name: test.example.com - name: remove all configuration vyos.vyos.vyos_system: state: absent - name: configure name servers vyos.vyos.vyos_system: name_servers - 8.8.8.8 - 8.8.4.4 - name: configure domain search suffixes vyos.vyos.vyos_system: domain_search: - sub1.example.com - sub2.example.com - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set system hostname vyos01', 'set system domain-name foo.example.com']
+ -
Key Returned Description
+
commands
list -
-
always -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set system hostname vyos01', 'set system domain-name foo.example.com']
-
+

Status ------ Authors ~~~~~~~ - Nathaniel Case (@Qalthos) - - diff --git a/docs/vyos.vyos.vyos_user_module.rst b/docs/vyos.vyos.vyos_user_module.rst index 3011448..04a7a6e 100644 --- a/docs/vyos.vyos.vyos_user_module.rst +++ b/docs/vyos.vyos.vyos_user_module.rst @@ -1,479 +1,477 @@ .. _vyos.vyos.vyos_user_module: ******************* vyos.vyos.vyos_user ******************* **Manage the collection of local users on VyOS device** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides declarative management of the local usernames configured on network devices. It allows playbooks to manage either individual usernames or the collection of usernames in the current running config. It also supports purging usernames from the configuration that are not explicitly defined. Parameters ---------- .. raw:: html - + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + / required + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
aggregate
list - / elements=dictionary
-
- -
The set of username objects to be configured on the remote VyOS device. The list entries can either be the username or a hash of username and properties. This argument is mutually exclusive with the name argument.
-

aliases: users, collection
-
+ +
The set of username objects to be configured on the remote VyOS device. The list entries can either be the username or a hash of username and properties. This argument is mutually exclusive with the name argument.
+

aliases: users, collection
+
+
configured_password
string -
-
- -
The password to be configured on the VyOS device. The password needs to be provided in clear and it will be encrypted on the device. Please note that this option is not same as provider password.
-
+ +
The password to be configured on the VyOS device. The password needs to be provided in clear and it will be encrypted on the device. Please note that this option is not same as provider password.
+
+
full_name
string -
-
- -
The full_name argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
-
+ +
The full_name argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
+
+
level
string -
-
- -
The level argument configures the level of the user when logged into the system. This argument accepts string values admin or operator.
-

aliases: role
-
+ +
The level argument configures the level of the user when logged into the system. This argument accepts string values admin or operator.
+

aliases: role
+
+
name
string - / required
-
- -
The username to be configured on the VyOS device. This argument accepts a string value and is mutually exclusive with the aggregate argument. Please note that this option is not same as provider username.
-
+ +
The username to be configured on the VyOS device. This argument accepts a string value and is mutually exclusive with the aggregate argument. Please note that this option is not same as provider username.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
-
-
Configures the state of the username definition as it relates to the device operational configuration. When set to present, the username(s) should be configured in the device active configuration and when set to absent the username(s) should not be in the device active configuration
-
+
    Choices: +
  • present
  • +
  • absent
  • +
+
+
Configures the state of the username definition as it relates to the device operational configuration. When set to present, the username(s) should be configured in the device active configuration and when set to absent the username(s) should not be in the device active configuration
+
+
update_password
string -
-
-
    Choices: -
  • on_create
  • -
  • always
  • -
-
-
Since passwords are encrypted in the device running config, this argument will instruct the module when to change the password. When set to always, the password will always be updated in the device and when set to on_create the password will be updated only if the username is created.
-
+
    Choices: +
  • on_create
  • +
  • always
  • +
+
+
Since passwords are encrypted in the device running config, this argument will instruct the module when to change the password. When set to always, the password will always be updated in the device and when set to on_create the password will be updated only if the username is created.
+
+ +
configured_password
string -
-
- -
The password to be configured on the VyOS device. The password needs to be provided in clear and it will be encrypted on the device. Please note that this option is not same as provider password.
-
+ +
The password to be configured on the VyOS device. The password needs to be provided in clear and it will be encrypted on the device. Please note that this option is not same as provider password.
+
+
full_name
string -
-
- -
The full_name argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
-
+ +
The full_name argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
+
+
level
string -
-
- -
The level argument configures the level of the user when logged into the system. This argument accepts string values admin or operator.
-

aliases: role
-
+ +
The level argument configures the level of the user when logged into the system. This argument accepts string values admin or operator.
+

aliases: role
+
+
name
string -
-
- -
The username to be configured on the VyOS device. This argument accepts a string value and is mutually exclusive with the aggregate argument. Please note that this option is not same as provider username.
-
+ +
The username to be configured on the VyOS device. This argument accepts a string value and is mutually exclusive with the aggregate argument. Please note that this option is not same as provider username.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
purge
boolean -
-
-
    Choices: -
  • no ←
  • -
  • yes
  • -
-
-
Instructs the module to consider the resource definition absolute. It will remove any previously configured usernames on the device with the exception of the `admin` user (the current defined set of users).
-
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Instructs the module to consider the resource definition absolute. It will remove any previously configured usernames on the device with the exception of the `admin` user (the current defined set of users).
+
+
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
-
-
Configures the state of the username definition as it relates to the device operational configuration. When set to present, the username(s) should be configured in the device active configuration and when set to absent the username(s) should not be in the device active configuration
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
Configures the state of the username definition as it relates to the device operational configuration. When set to present, the username(s) should be configured in the device active configuration and when set to absent the username(s) should not be in the device active configuration
+
+
update_password
string -
-
-
    Choices: -
  • on_create
  • -
  • always ←
  • -
-
-
Since passwords are encrypted in the device running config, this argument will instruct the module when to change the password. When set to always, the password will always be updated in the device and when set to on_create the password will be updated only if the username is created.
-
+
    Choices: +
  • on_create
  • +
  • always ←
  • +
+
+
Since passwords are encrypted in the device running config, this argument will instruct the module when to change the password. When set to always, the password will always be updated in the device and when set to on_create the password will be updated only if the username is created.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: create a new user vyos.vyos.vyos_user: name: ansible configured_password: password state: present - name: remove all users except admin vyos.vyos.vyos_user: purge: yes - name: set multiple users to level operator vyos.vyos.vyos_user: aggregate: - name: netop - name: netend level: operator state: present - name: Change Password for User netop vyos.vyos.vyos_user: name: netop configured_password: '{{ new_password }}' update_password: always state: present - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set system login user test level operator', 'set system login user authentication plaintext-password password']
+ -
Key Returned Description
+
commands
list -
-
always -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set system login user test level operator', 'set system login user authentication plaintext-password password']
-
+

Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) - - diff --git a/docs/vyos.vyos.vyos_vlan_module.rst b/docs/vyos.vyos.vyos_vlan_module.rst index 084649f..d00260e 100644 --- a/docs/vyos.vyos.vyos_vlan_module.rst +++ b/docs/vyos.vyos.vyos_vlan_module.rst @@ -1,518 +1,521 @@ .. _vyos.vyos.vyos_vlan_module: ******************* vyos.vyos.vyos_vlan ******************* **Manage VLANs on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides declarative management of VLANs on VyOS network devices. Parameters ---------- .. raw:: html - + - - + - - + + + + - - + - - + / elements=dictionary + + + + - - - + + - - + + + + - - - + + - - + / elements=string + + + + - - - + + - - + + + + - - - + + - - + / elements=string + / required + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + / required + + + + - - - + - - + / elements=string + + + + - - + - - + + + + - - + - - + / elements=string + + + + - - + - - + + + + - - + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + + - - + + + + - - - + - - + + + + - - + - - + + + + - - + - - + + + + -
Parameter Choices/DefaultsCommentsComments
+
address
string -
-
- -
Configure Virtual interface address.
-
+ +
Configure Virtual interface address.
+
+
aggregate
list - / elements=dictionary
-
- -
List of VLANs definitions.
-
+ +
List of VLANs definitions.
+
+
address
string -
-
- -
Configure Virtual interface address.
-
+ +
Configure Virtual interface address.
+
+
associated_interfaces
list - / elements=string
-
- -
This is a intent option and checks the operational state of the for given vlan name for associated interfaces. If the value in the associated_interfaces does not match with the operational state of vlan on device it will result in failure.
-
+ +
This is a intent option and checks the operational state of the for given vlan name for associated interfaces. If the value in the associated_interfaces does not match with the operational state of vlan on device it will result in failure.
+
+
delay
integer -
-
- -
Delay the play should wait to check for declarative intent params values.
-
+ +
Delay the play should wait to check for declarative intent params values.
+
+
interfaces
list - / elements=string / required
-
- -
List of interfaces that should be associated to the VLAN.
-
+ +
List of interfaces that should be associated to the VLAN.
+
+
name
string -
-
- -
Name of the VLAN.
-
+ +
Name of the VLAN.
+
+
state
string -
-
-
    Choices: -
  • present
  • -
  • absent
  • -
-
-
State of the VLAN configuration.
-
+
    Choices: +
  • present
  • +
  • absent
  • +
+
+
State of the VLAN configuration.
+
+
vlan_id
integer - / required
-
- -
ID of the VLAN. Range 0-4094.
-
+ +
ID of the VLAN. Range 0-4094.
+
+ +
associated_interfaces
list - / elements=string
-
- -
This is a intent option and checks the operational state of the for given vlan name for associated interfaces. If the value in the associated_interfaces does not match with the operational state of vlan on device it will result in failure.
-
+ +
This is a intent option and checks the operational state of the for given vlan name for associated interfaces. If the value in the associated_interfaces does not match with the operational state of vlan on device it will result in failure.
+
+
delay
integer -
-
- Default:
10
-
-
Delay the play should wait to check for declarative intent params values.
-
+ Default:
10
+
+
Delay the play should wait to check for declarative intent params values.
+
+
interfaces
list - / elements=string
-
- -
List of interfaces that should be associated to the VLAN.
-
+ +
List of interfaces that should be associated to the VLAN.
+
+
name
string -
-
- -
Name of the VLAN.
-
+ +
Name of the VLAN.
+
+
provider
dictionary -
-
- -
Deprecated
-
Starting with Ansible 2.5 we recommend using connection: network_cli.
-
For more information please see the Network Guide.
-

-
A dict object containing connection details.
-
+ +
Deprecated
+
Starting with Ansible 2.5 we recommend using connection: network_cli.
+
For more information please see the Network Guide.
+

+
A dict object containing connection details.
+
+
host
string -
-
- -
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
-
+ +
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
+
+
password
string -
-
- -
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
-
+ +
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
+
+
port
integer -
-
- -
Specifies the port to use when building the connection to the remote device.
-
+ +
Specifies the port to use when building the connection to the remote device.
+
+
ssh_keyfile
path -
-
- -
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
-
+ +
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
+
+
timeout
integer -
-
- -
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
-
+ +
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
+
+
username
string -
-
- -
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
-
+ +
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
+
+ +
purge
boolean -
-
-
    Choices: -
  • no ←
  • -
  • yes
  • -
-
-
Purge VLANs not defined in the aggregate parameter.
-
+
    Choices: +
  • no ←
  • +
  • yes
  • +
+
+
Purge VLANs not defined in the aggregate parameter.
+
+
state
string -
-
-
    Choices: -
  • present ←
  • -
  • absent
  • -
-
-
State of the VLAN configuration.
-
+
    Choices: +
  • present ←
  • +
  • absent
  • +
+
+
State of the VLAN configuration.
+
+
vlan_id
integer -
-
- -
ID of the VLAN. Range 0-4094.
-
+ +
ID of the VLAN. Range 0-4094.
+
+
Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml+jinja - - name: Create vlan vyos.vyos.vyos_vlan: vlan_id: 100 name: vlan-100 interfaces: eth1 state: present - name: Add interfaces to VLAN vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: - eth1 - eth2 - name: Configure virtual interface address vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: eth1 address: 172.26.100.37/24 - name: vlan interface config + intent vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: eth0 associated_interfaces: - eth0 - name: vlan intent check vyos.vyos.vyos_vlan: vlan_id: 100 associated_interfaces: - eth3 - eth4 - name: Delete vlan vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: eth1 state: absent - Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html - - + + + +
The list of configuration mode commands to send to the device
+
+
Sample:
+
['set interfaces ethernet eth1 vif 100 description VLAN 100', 'set interfaces ethernet eth1 vif 100 address 172.26.100.37/24', 'delete interfaces ethernet eth1 vif 100']
+ -
Key Returned Description
+
commands
list -
-
always -
The list of configuration mode commands to send to the device
-
-
Sample:
-
['set interfaces ethernet eth1 vif 100 description VLAN 100', 'set interfaces ethernet eth1 vif 100 address 172.26.100.37/24', 'delete interfaces ethernet eth1 vif 100']
-
+

Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) - - diff --git a/galaxy.yml b/galaxy.yml index b628581..b47d6ab 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,11 +1,12 @@ --- authors: - Ansible Network Community (ansible-network) dependencies: "ansible.netcommon": "*" license_file: LICENSE name: vyos +description: Ansible Network Collection for VYOS devices. namespace: vyos readme: README.md repository: https://github.com/ansible-collections/vyos.vyos tags: [vyos, networking]