diff --git a/.gitignore b/.gitignore index c45c871c..f1ecdf38 100644 --- a/.gitignore +++ b/.gitignore @@ -1,107 +1,108 @@ # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] *$py.class # C extensions *.so # Distribution / packaging .Python build/ develop-eggs/ dist/ downloads/ eggs/ .eggs/ lib/ lib64/ parts/ sdist/ var/ wheels/ *.egg-info/ .installed.cfg *.egg MANIFEST # PyInstaller # Usually these files are written by a python script from a template # before PyInstaller builds the exe, so as to inject date/other infos into it. *.manifest *.spec # Installer logs pip-log.txt pip-delete-this-directory.txt # Unit test / coverage reports htmlcov/ .tox/ .coverage .coverage.* .cache nosetests.xml coverage.xml *.cover .hypothesis/ .pytest_cache/ # Translations *.mo *.pot #ide .vscode +*.swp # Django stuff: *.log local_settings.py db.sqlite3 # Flask stuff: instance/ .webassets-cache # Scrapy stuff: .scrapy # Sphinx documentation docs/_build/ # PyBuilder target/ # Jupyter Notebook .ipynb_checkpoints # pyenv .python-version # celery beat schedule file celerybeat-schedule # SageMath parsed files *.sage.py # Environments .env .venv env/ venv/ ENV/ env.bak/ venv.bak/ # Spyder project settings .spyderproject .spyproject # Rope project settings .ropeproject # mkdocs documentation /site # mypy .mypy_cache/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9968d393..7661ca62 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,21 +1,21 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v3.1.0 hooks: - id: check-merge-conflict - id: check-symlinks - id: debug-statements - id: end-of-file-fixer - id: no-commit-to-branch args: [--branch, main] - id: trailing-whitespace - repo: https://github.com/psf/black rev: 19.3b0 hooks: - id: black args: [-l, "79"] - repo: https://github.com/ansible-network/collection_prep - rev: 0.9.2 + rev: 0.9.4 hooks: - id: update-docs diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1ef863c8..18e1a68e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,215 +1,256 @@ ============================= Vyos Collection Release Notes ============================= .. contents:: Topics +v2.6.0 +====== + +Minor Changes +------------- + +- Add vyos_ntp Resource Module +- Adds support for specifying an `afi` for an `address_group` for `vyos.vyos.firewall_global`. As a result, `address_group` now supports IPv6. +- Adds support for specifying an `afi` for an `network_group` for `vyos.vyos.firewall_global`. As a result, `network_group` now supports IPv6. + +Bugfixes +-------- + +- Fix vyos_firewall_rules with state replaced to only replace the specified rules. + +v2.5.1 +====== + +Bugfixes +-------- + +- fix issue in firewall rules facts code when IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent + +v2.5.0 +====== + +Minor Changes +------------- + +- vyos_logging_global logging resource module. + +Deprecated Features +------------------- + +- The vyos_logging module has been deprecated in favor of the new vyos_logging_global resource module and will be removed in a release after "2023-08-01". + +Bugfixes +-------- + +- fix issue in route-maps facts code when route-maps facts are empty. + v2.4.0 ====== Minor Changes ------------- - Add vyos_prefix_lists Resource Module. New Modules ----------- - vyos_prefix_lists - Prefix-Lists resource module for VyOS v2.3.1 ====== Bugfixes -------- - Fix KeyError 'source' - vyos_firewall_rules - Updated docs resolving spelling typos - change interface to next-hop-interface while generating static_routes nexthop command. v2.3.0 ====== Minor Changes ------------- - Add vyos_route_maps resource module (https://github.com/ansible-collections/vyos.vyos/pull/156.). Bugfixes -------- - change admin_distance to distance while generating static_routes nexthop command. - firewall_global - port-groups were not added (https://github.com/ansible-collections/vyos.vyos/issues/107) New Modules ----------- - vyos_route_maps - Route Map Resource Module. v2.2.0 ====== Minor Changes ------------- - Add support for available_network_resources key, which allows to fetch the available resources for a platform (https://github.com/ansible-collections/vyos.vyos/issues/138). Security Fixes -------------- - Mask values of sensitive keys in module result. v2.1.0 ====== Minor Changes ------------- - Add regex for delete failures to terminal_stderr_re - Add vyos BGP address_family resource module (https://github.com/ansible-collections/vyos.vyos/pull/132). - Enabled addition and parsing of wireguard interface. New Modules ----------- - vyos_bgp_address_family - BGP Address Family Resource Module. v2.0.0 ====== Major Changes ------------- - Please refer to ansible.netcommon `changelog `_ for more details. - Requires ansible.netcommon v2.0.0+ to support `ansible_network_single_user_mode` and `ansible_network_import_modules` - ipaddress is no longer in ansible.netcommon. For Python versions without ipaddress (< 3.0), the ipaddress package is now required. Minor Changes ------------- - Add support for configuration caching (single_user_mode). - Add vyos BGP global resource module.(https://github.com/ansible-collections/vyos.vyos/pull/125). - Re-use device_info dictionary in cliconf. Bugfixes -------- - Update docs to clarify the idemptonecy related caveat and add it in the output warnings (https://github.com/ansible-collections/ansible.netcommon/pull/189) - cliconf plugin - Prevent `get_capabilities()` from getting larger every time it is called New Modules ----------- - vyos_bgp_global - BGP Global Resource Module. v1.1.1 ====== Bugfixes -------- - Add version key to galaxy.yaml to work around ansible-galaxy bug - Enable configuring an interface which is not present in the running config. - vyos_config - Only process src files as commands when they actually contain commands. This fixes an issue were the whitespace preceding a configuration key named 'set' was stripped, tripping up the parser. v1.1.0 ====== Minor Changes ------------- - Added ospf_interfaces resource module. New Modules ----------- - vyos_ospf_interfaces - OSPF Interfaces resource module v1.0.5 ====== Bugfixes -------- - Added openvpn vtu interface support. - Update network integration auth timeout for connection local. - terminal plugin - Overhaul ansi_re to remove more escape sequences v1.0.4 ====== Minor Changes ------------- - Moved intent testcases from integration suite to unit tests. - Reformatted files with latest version of Black (20.8b1). v1.0.3 ====== v1.0.2 ====== Minor Changes ------------- - Fixed the typo in the modulename of ospfv2 and ospfv3 unit tests. - Updated docs. - terminal plugin - Added additional escape sequence to be removed from terminal output. Bugfixes -------- - Added workaround to avoid set_fact dynamically assigning value. This behavior seems to have been broken after ansible2.9. - Make `src`, `backup` and `backup_options` in vyos_config work when module alias is used (https://github.com/ansible-collections/vyos.vyos/pull/67). - vyos_config - fixed issue where config could be saved while in check mode (https://github.com/ansible-collections/vyos.vyos/pull/53) v1.0.1 ====== Minor Changes ------------- - Add doc plugin fixes (https://github.com/ansible-collections/vyos.vyos/pull/51) v1.0.0 ====== New Plugins ----------- Cliconf ~~~~~~~ - vyos - Use vyos cliconf to run command on VyOS platform New Modules ----------- - vyos_banner - Manage multiline banners on VyOS devices - vyos_command - Run one or more commands on VyOS devices - vyos_config - Manage VyOS configuration on remote device - vyos_facts - Get facts about vyos devices. - vyos_firewall_global - FIREWALL global resource module - vyos_firewall_interfaces - FIREWALL interfaces resource module - vyos_firewall_rules - FIREWALL rules resource module - vyos_interface - (deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices - vyos_interfaces - Interfaces resource module - vyos_l3_interface - (deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices - vyos_l3_interfaces - L3 interfaces resource module - vyos_lag_interfaces - LAG interfaces resource module - vyos_linkagg - (deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices - vyos_lldp - (deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices - vyos_lldp_global - LLDP global resource module - vyos_lldp_interface - (deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices - vyos_lldp_interfaces - LLDP interfaces resource module - vyos_logging - Manage logging on network devices - vyos_ospfv2 - OSPFv2 resource module - vyos_ospfv3 - OSPFV3 resource module - vyos_ping - Tests reachability using ping from VyOS network devices - vyos_static_route - (deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices - vyos_static_routes - Static routes resource module - vyos_system - Run `set system` commands on VyOS devices - vyos_user - Manage the collection of local users on VyOS device - vyos_vlan - Manage VLANs on VyOS network devices diff --git a/README.md b/README.md index 6f28eb57..89640154 100644 --- a/README.md +++ b/README.md @@ -1,170 +1,172 @@ # VyOS Collection [![CI](https://zuul-ci.org/gated.svg)](https://dashboard.zuul.ansible.com/t/ansible/project/github.com/ansible-collections/vyos.vyos) The Ansible VyOS collection includes a variety of Ansible content to help automate the management of VyOS network appliances. This collection has been tested against VyOS 1.1.8 (helium). ## Ansible version compatibility This collection has been tested against following Ansible versions: **>=2.9.10**. Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible. ### Supported connections The VyOS collection supports ``network_cli`` connections. ## Included content ### Cliconf plugins Name | Description --- | --- [vyos.vyos.vyos](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_cliconf.rst)|Use vyos cliconf to run command on VyOS platform ### Modules Name | Description --- | --- [vyos.vyos.vyos_banner](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_banner_module.rst)|Manage multiline banners on VyOS devices [vyos.vyos.vyos_bgp_address_family](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_bgp_address_family_module.rst)|BGP Address Family Resource Module. [vyos.vyos.vyos_bgp_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_bgp_global_module.rst)|BGP Global Resource Module. [vyos.vyos.vyos_command](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_command_module.rst)|Run one or more commands on VyOS devices [vyos.vyos.vyos_config](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_config_module.rst)|Manage VyOS configuration on remote device [vyos.vyos.vyos_facts](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_facts_module.rst)|Get facts about vyos devices. [vyos.vyos.vyos_firewall_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_global_module.rst)|FIREWALL global resource module [vyos.vyos.vyos_firewall_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_interfaces_module.rst)|FIREWALL interfaces resource module [vyos.vyos.vyos_firewall_rules](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_rules_module.rst)|FIREWALL rules resource module [vyos.vyos.vyos_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices [vyos.vyos.vyos_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interfaces_module.rst)|Interfaces resource module [vyos.vyos.vyos_l3_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices [vyos.vyos.vyos_l3_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interfaces_module.rst)|L3 interfaces resource module [vyos.vyos.vyos_lag_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lag_interfaces_module.rst)|LAG interfaces resource module [vyos.vyos.vyos_linkagg](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_linkagg_module.rst)|(deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices [vyos.vyos.vyos_lldp](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices [vyos.vyos.vyos_lldp_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_global_module.rst)|LLDP global resource module [vyos.vyos.vyos_lldp_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices [vyos.vyos.vyos_lldp_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interfaces_module.rst)|LLDP interfaces resource module [vyos.vyos.vyos_logging](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_logging_module.rst)|Manage logging on network devices [vyos.vyos.vyos_logging_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_logging_global_module.rst)|Logging resource module +[vyos.vyos.vyos_ntp_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ntp_global_module.rst)|Manages ntp modules of Vyos network devices [vyos.vyos.vyos_ospf_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospf_interfaces_module.rst)|OSPF Interfaces Resource Module. [vyos.vyos.vyos_ospfv2](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv2_module.rst)|OSPFv2 resource module [vyos.vyos.vyos_ospfv3](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv3_module.rst)|OSPFV3 resource module [vyos.vyos.vyos_ping](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ping_module.rst)|Tests reachability using ping from VyOS network devices [vyos.vyos.vyos_prefix_lists](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_prefix_lists_module.rst)|Prefix-Lists resource module for VyOS [vyos.vyos.vyos_route_maps](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_route_maps_module.rst)|Route Map Resource Module. +[vyos.vyos.vyos_snmp_serve](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_snmp_serve_module.rst)|Manages snmp_server resource module [vyos.vyos.vyos_static_route](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_route_module.rst)|(deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices [vyos.vyos.vyos_static_routes](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_routes_module.rst)|Static routes resource module [vyos.vyos.vyos_system](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_system_module.rst)|Run `set system` commands on VyOS devices [vyos.vyos.vyos_user](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_user_module.rst)|Manage the collection of local users on VyOS device [vyos.vyos.vyos_vlan](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_vlan_module.rst)|Manage VLANs on VyOS network devices Click the ``Content`` button to see the list of content included in this collection. ## Installing this collection You can install the VyOS collection with the Ansible Galaxy CLI: ansible-galaxy collection install vyos.vyos You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format: ```yaml --- collections: - name: vyos.vyos ``` ## Using this collection This collection includes [network resource modules](https://docs.ansible.com/ansible/latest/network/user_guide/network_resource_modules.html). ### Using modules from the VyOS collection in your playbooks You can call modules by their Fully Qualified Collection Namespace (FQCN), such as `vyos.vyos.vyos_static_routes`. The following example task replaces configuration changes in the existing configuration on a VyOS network device, using the FQCN: ```yaml --- - name: Replace device configurations of listed static routes with provided configurations register: result vyos.vyos.vyos_static_routes: &id001 config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: distance: 2 next_hops: - forward_router_address: 192.0.2.7 - forward_router_address: 192.0.2.8 - forward_router_address: 192.0.2.9 state: replaced ``` **NOTE**: For Ansible 2.9, you may not see deprecation warnings when you run your playbooks with this collection. Use this documentation to track when a module is deprecated. ### See Also: * [VyOS Platform Options](https://docs.ansible.com/ansible/latest/network/user_guide/platform_vyos.html) * [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details. ## Contributing to this collection We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the [VyOS collection repository](https://github.com/ansible-collections/vyos). See [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details. You can also join us on: - IRC - the ``#ansible-network`` [irc.libera.chat](https://libera.chat/) channel - Slack - https://ansiblenetwork.slack.com See the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for details on contributing to Ansible. ### Code of Conduct This collection follows the Ansible project's [Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html). Please read and familiarize yourself with this document. ## Changelogs ## Release notes Release notes are available [here](https://github.com/ansible-collections/vyos.vyos/blob/main/CHANGELOG.rst). ## Roadmap ## More information - [Ansible network resources](https://docs.ansible.com/ansible/latest/network/getting_started/network_resources.html) - [Ansible Collection overview](https://github.com/ansible-collections/overview) - [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) - [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html) - [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) ## Licensing GNU General Public License v3.0 or later. See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. diff --git a/bindep.txt b/bindep.txt index ba9c980f..af39ab0c 100644 --- a/bindep.txt +++ b/bindep.txt @@ -1,6 +1,9 @@ # This is a cross-platform list tracking distribution packages needed by tests; # see https://docs.openstack.org/infra/bindep/ for additional information. gcc-c++ [doc test platform:rpm] python3-devel [test platform:rpm] python3 [test platform:rpm] +libssh-devel [test platform:rpm] +libffi-devel [test platform:rpm] +openssl-devel [test platform:rpm] diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index cd6764ce..4e76489a 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -1,276 +1,318 @@ ancestor: null releases: 1.0.0: modules: - description: Manage multiline banners on VyOS devices name: vyos_banner namespace: '' - description: Run one or more commands on VyOS devices name: vyos_command namespace: '' - description: Manage VyOS configuration on remote device name: vyos_config namespace: '' - description: Get facts about vyos devices. name: vyos_facts namespace: '' - description: FIREWALL global resource module name: vyos_firewall_global namespace: '' - description: FIREWALL interfaces resource module name: vyos_firewall_interfaces namespace: '' - description: FIREWALL rules resource module name: vyos_firewall_rules namespace: '' - description: (deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices name: vyos_interface namespace: '' - description: Interfaces resource module name: vyos_interfaces namespace: '' - description: (deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices name: vyos_l3_interface namespace: '' - description: L3 interfaces resource module name: vyos_l3_interfaces namespace: '' - description: LAG interfaces resource module name: vyos_lag_interfaces namespace: '' - description: (deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices name: vyos_linkagg namespace: '' - description: (deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices name: vyos_lldp namespace: '' - description: LLDP global resource module name: vyos_lldp_global namespace: '' - description: (deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices name: vyos_lldp_interface namespace: '' - description: LLDP interfaces resource module name: vyos_lldp_interfaces namespace: '' - description: Manage logging on network devices name: vyos_logging namespace: '' - description: OSPFv2 resource module name: vyos_ospfv2 namespace: '' - description: OSPFV3 resource module name: vyos_ospfv3 namespace: '' - description: Tests reachability using ping from VyOS network devices name: vyos_ping namespace: '' - description: (deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices name: vyos_static_route namespace: '' - description: Static routes resource module name: vyos_static_routes namespace: '' - description: Run `set system` commands on VyOS devices name: vyos_system namespace: '' - description: Manage the collection of local users on VyOS device name: vyos_user namespace: '' - description: Manage VLANs on VyOS network devices name: vyos_vlan namespace: '' plugins: cliconf: - description: Use vyos cliconf to run command on VyOS platform name: vyos namespace: null release_date: '2020-06-23' 1.0.1: changes: minor_changes: - Add doc plugin fixes (https://github.com/ansible-collections/vyos.vyos/pull/51) fragments: - 51-doc-plugin-fixes.yaml release_date: '2020-06-23' 1.0.2: changes: bugfixes: - Added workaround to avoid set_fact dynamically assigning value. This behavior seems to have been broken after ansible2.9. - Make `src`, `backup` and `backup_options` in vyos_config work when module alias is used (https://github.com/ansible-collections/vyos.vyos/pull/67). - vyos_config - fixed issue where config could be saved while in check mode (https://github.com/ansible-collections/vyos.vyos/pull/53) minor_changes: - Fixed the typo in the modulename of ospfv2 and ospfv3 unit tests. - Updated docs. - terminal plugin - Added additional escape sequence to be removed from terminal output. fragments: - 65-remove-unwanted-terminal-chars.yaml - 70-workaround-set_fact.yaml - 72-modulename-typofix.yaml - 73-update-docs.yaml - fix_src_backup_with_module_alias.yaml - prevent-vyos_config-saving-in-check-mode.yaml release_date: '2020-07-31' 1.0.3: fragments: - 1.0.3.yaml release_date: '2020-08-06' 1.0.4: changes: minor_changes: - Moved intent testcases from integration suite to unit tests. - Reformatted files with latest version of Black (20.8b1). fragments: - 71-refactor-interface-test.yaml - 80-reformat-files.yaml release_date: '2020-08-27' 1.0.5: changes: bugfixes: - Added openvpn vtu interface support. - Update network integration auth timeout for connection local. - terminal plugin - Overhaul ansi_re to remove more escape sequences fragments: - 86-openvpn_vtu_interface.yaml - local_auth_timeout.yaml - terminal-escape-codes.yaml release_date: '2020-10-08' 1.1.0: changes: minor_changes: - Added ospf_interfaces resource module. fragments: - vyos_ospf_interfaces_rm.yaml modules: - description: OSPF Interfaces resource module name: vyos_ospf_interfaces namespace: '' release_date: '2020-10-30' 1.1.1: changes: bugfixes: - Add version key to galaxy.yaml to work around ansible-galaxy bug - Enable configuring an interface which is not present in the running config. - vyos_config - Only process src files as commands when they actually contain commands. This fixes an issue were the whitespace preceding a configuration key named 'set' was stripped, tripping up the parser. fragments: - 91-new-interface.yaml - config-processed-as-command.yaml - galaxy-version.yaml release_date: '2021-01-27' 2.0.0: changes: bugfixes: - Update docs to clarify the idemptonecy related caveat and add it in the output warnings (https://github.com/ansible-collections/ansible.netcommon/pull/189) - cliconf plugin - Prevent `get_capabilities()` from getting larger every time it is called major_changes: - Please refer to ansible.netcommon `changelog `_ for more details. - Requires ansible.netcommon v2.0.0+ to support `ansible_network_single_user_mode` and `ansible_network_import_modules` - ipaddress is no longer in ansible.netcommon. For Python versions without ipaddress (< 3.0), the ipaddress package is now required. minor_changes: - Add support for configuration caching (single_user_mode). - Add vyos BGP global resource module.(https://github.com/ansible-collections/vyos.vyos/pull/125). - Re-use device_info dictionary in cliconf. fragments: - 120-remove-ipaddress.yaml - 122-rpc-unbloat.yaml - bgp_global_resource_module.yaml - fix_docker_sanity_test_failures.yaml - major_release_2.0.0.yaml - modify_resource_module_class_import.yaml - single_user_mode.yaml - vyos_config_diff_doc_update.yaml modules: - description: BGP Global Resource Module. name: vyos_bgp_global namespace: '' release_date: '2021-02-24' 2.1.0: changes: minor_changes: - Add regex for delete failures to terminal_stderr_re - Add vyos BGP address_family resource module (https://github.com/ansible-collections/vyos.vyos/pull/132). - Enabled addition and parsing of wireguard interface. fragments: - 128-remove_tests_sanity_requirements.yml - 132-add-vyos-bgp-address-family.yml - parse_wireguard_interface.yml - replace-check_required.yaml - skip_no_log_sanity_error.yaml - terminal_stderr_delete.yml modules: - description: BGP Address Family Resource Module. name: vyos_bgp_address_family namespace: '' release_date: '2021-03-30' 2.2.0: changes: minor_changes: - Add support for available_network_resources key, which allows to fetch the available resources for a platform (https://github.com/ansible-collections/vyos.vyos/issues/138). security_fixes: - Mask values of sensitive keys in module result. fragments: - 147-add_ignore_txt.yml - 160_available_network_resources.yaml - no_log_mask.yaml - remove-old-test-deps.yml release_date: '2021-04-27' 2.3.0: changes: bugfixes: - change admin_distance to distance while generating static_routes nexthop command. - firewall_global - port-groups were not added (https://github.com/ansible-collections/vyos.vyos/issues/107) minor_changes: - Add vyos_route_maps resource module (https://github.com/ansible-collections/vyos.vyos/pull/156.). fragments: - changelog_doc_path_update.yaml - fix_delete_route_maps.yaml - fix_port_groups.yaml - fix_static_routes_distance.yaml - vyos-route-maps.yaml modules: - description: Route Map Resource Module. name: vyos_route_maps namespace: '' release_date: '2021-05-18' 2.3.1: changes: bugfixes: - Fix KeyError 'source' - vyos_firewall_rules - Updated docs resolving spelling typos - change interface to next-hop-interface while generating static_routes nexthop command. fragments: - 172-fix-source-keyerror-firewallrules.yml - docs_common_error_correction.yaml - fix_static_routes_next_hop_interface.yaml - update_readme_freenode_to_liberachat.yml release_date: '2021-06-22' 2.4.0: changes: minor_changes: - Add vyos_prefix_lists Resource Module. fragments: - vyos_prefix_lists.yml modules: - description: Prefix-Lists resource module for VyOS name: vyos_prefix_lists namespace: '' release_date: '2021-07-06' + 2.5.0: + changes: + bugfixes: + - fix issue in route-maps facts code when route-maps facts are empty. + deprecated_features: + - The vyos_logging module has been deprecated in favor of the new vyos_logging_global + resource module and will be removed in a release after "2023-08-01". + minor_changes: + - vyos_logging_global logging resource module. + fragments: + - fix_issue_vyos_facts.yaml + - vyos_logging_global_module.yaml + release_date: '2021-07-26' + 2.5.1: + changes: + bugfixes: + - fix issue in firewall rules facts code when IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules + is not idempotent + fragments: + - doc_updated_correct_platform.yaml + - fix_issue170_vyos_firewall_rules.yaml + - fix_pylint_issues.yaml + - tests_become.yaml + release_date: '2021-08-27' + 2.6.0: + changes: + bugfixes: + - Fix vyos_firewall_rules with state replaced to only replace the specified + rules. + minor_changes: + - Add vyos_ntp Resource Module + - Adds support for specifying an `afi` for an `address_group` for `vyos.vyos.firewall_global`. As + a result, `address_group` now supports IPv6. + - Adds support for specifying an `afi` for an `network_group` for `vyos.vyos.firewall_global`. As + a result, `network_group` now supports IPv6. + fragments: + - 0-copy_ignore_txt.yml + - fix-firewall_rules-state-replaced.yaml + - set_allow_duplicates.yaml + - support_ipv6_address_and_network_groups.yaml + - vyos_ntp.yml + release_date: '2021-10-02' diff --git a/changelogs/fragments/fix_issue_vyos_facts.yaml b/changelogs/fragments/fix_issue_vyos_facts.yaml deleted file mode 100644 index 81653a0d..00000000 --- a/changelogs/fragments/fix_issue_vyos_facts.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - fix issue in route-maps facts code when route-maps facts are empty. diff --git a/changelogs/fragments/remove-swap-file.yml b/changelogs/fragments/remove-swap-file.yml new file mode 100644 index 00000000..10e2b1dd --- /dev/null +++ b/changelogs/fragments/remove-swap-file.yml @@ -0,0 +1,3 @@ +--- +trivial: + - Removed unintended file tests/unit/modules/network/vyos/.test_vyos_firewall_rules.py.swp diff --git a/changelogs/fragments/sanity_issue_fix.yaml b/changelogs/fragments/sanity_issue_fix.yaml new file mode 100644 index 00000000..60bb3d23 --- /dev/null +++ b/changelogs/fragments/sanity_issue_fix.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - Add libssh dependency and fix doc issues. diff --git a/changelogs/fragments/vyos_logging_global_module.yaml b/changelogs/fragments/vyos_logging_global_module.yaml deleted file mode 100644 index d9f2c8f5..00000000 --- a/changelogs/fragments/vyos_logging_global_module.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -minor_changes: - - vyos_logging_global logging resource module. -deprecated_features: - - The vyos_logging module has been deprecated in favor of the new vyos_logging_global resource module and will be removed in a release after "2023-08-01". diff --git a/docs/vyos.vyos.vyos_bgp_address_family_module.rst b/docs/vyos.vyos.vyos_bgp_address_family_module.rst index 0c463d06..a213ff0d 100644 --- a/docs/vyos.vyos.vyos_bgp_address_family_module.rst +++ b/docs/vyos.vyos.vyos_bgp_address_family_module.rst @@ -1,2085 +1,2085 @@ .. _vyos.vyos.vyos_bgp_address_family_module: ********************************* vyos.vyos.vyos_bgp_address_family ********************************* **BGP Address Family Resource Module.** Version added: 2.1.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages BGP address family configuration of interfaces on devices running VYOS. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
dictionary
A dict of BGP global configuration for interfaces.
address_family
list / elements=dictionary
BGP address-family parameters.
afi
string
    Choices:
  • ipv4
  • ipv6
BGP address family settings.
aggregate_address
list / elements=dictionary
BGP aggregate network.
as_set
boolean
    Choices:
  • no
  • yes
Generate AS-set path information for this aggregate address.
prefix
string
BGP aggregate network.
summary_only
boolean
    Choices:
  • no
  • yes
Announce the aggregate summary network only.
networks
list / elements=dictionary
BGP network
backdoor
boolean
    Choices:
  • no
  • yes
Network as a backdoor route.
path_limit
integer
AS path hop count limit
prefix
string
BGP network address
route_map
string
Route-map to modify route attributes
redistribute
list / elements=dictionary
Redistribute routes from other protocols into BGP
metric
integer
Metric for redistributed routes.
protocol
string
    Choices:
  • connected
  • kernel
  • ospf
  • ospfv3
  • rip
  • ripng
  • static
types of routes to be redistributed.
route_map
string
Route map to filter redistributed routes
table
string
Redistribute non-main Kernel Routing Table.
as_number
integer
AS number.
neighbors
list / elements=dictionary
BGP neighbor
address_family
list / elements=dictionary
address family.
afi
string
    Choices:
  • ipv4
  • ipv6
BGP neighbor parameters.
allowas_in
integer
Number of occurrences of AS number.
as_override
boolean
    Choices:
  • no
  • yes
AS for routes sent to this neighbor to be the local AS.
attribute_unchanged
dictionary
BGP attributes are sent unchanged.
as_path
boolean
    Choices:
  • no
  • yes
as_path attribute
med
boolean
    Choices:
  • no
  • yes
med attribute
next_hop
boolean
    Choices:
  • no
  • yes
next_hop attribute
capability
dictionary
Advertise capabilities to this neighbor.
dynamic
boolean
    Choices:
  • no
  • yes
Advertise dynamic capability to this neighbor.
orf
string
    Choices:
  • send
  • receive
Advertise ORF capability to this neighbor.
default_originate
string
Send default route to this neighbor
distribute_list
list / elements=dictionary
Access-list to filter route updates to/from this neighbor.
acl
integer
Access-list number.
action
string
    Choices:
  • export
  • import
Access-list to filter outgoing/incoming route updates to this neighbor
filter_list
list / elements=dictionary
As-path-list to filter route updates to/from this neighbor.
action
string
    Choices:
  • export
  • import
filter outgoing/incoming route updates
path_list
string
As-path-list to filter
maximum_prefix
integer
Maximum number of prefixes to accept from this neighbor nexthop-self Nexthop for routes sent to this neighbor to be the local router.
nexthop_local
boolean
    Choices:
  • no
  • yes
Nexthop attributes.
nexthop_self
boolean
    Choices:
  • no
  • yes
Nexthop for routes sent to this neighbor to be the local router.
peer_group
string
IPv4 peer group for this peer
prefix_list
list / elements=dictionary
Prefix-list to filter route updates to/from this neighbor.
action
string
    Choices:
  • export
  • import
filter outgoing/incoming route updates
prefix_list
string
Prefix-list to filter
remove_private_as
boolean
    Choices:
  • no
  • yes
Remove private AS numbers from AS path in outbound route updates
route_map
list / elements=dictionary
Route-map to filter route updates to/from this neighbor.
action
string
    Choices:
  • export
  • import
filter outgoing/incoming route updates
route_map
string
route-map to filter
route_reflector_client
boolean
    Choices:
  • no
  • yes
Neighbor as a route reflector client
route_server_client
boolean
    Choices:
  • no
  • yes
Neighbor is route server client
soft_reconfiguration
boolean
    Choices:
  • no
  • yes
Soft reconfiguration for neighbor
unsupress_map
string
Route-map to selectively unsuppress suppressed routes
weight
integer
Default weight for routes from this neighbor
neighbor_address
string
BGP neighbor address (v4/v6).
running_config
string
This option is used only with state parsed.
-
The value of this option should be the output received from the IOS device by executing the command show configuration command | match bgp.
+
The value of this option should be the output received from the VYOS device by executing the command show configuration command | match bgp.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • deleted
  • gathered
  • parsed
  • rendered
  • purged
  • overridden
The state the configuration should be left in.

Examples -------- .. code-block:: yaml # Using merged # Before state # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # vyos@vyos:~$ - name: Merge provided configuration with device configuration vyos.vyos.vyos_bgp_address_family: config: as_number: "100" address_family: - afi: "ipv4" redistribute: - protocol: "static" metric: 50 neighbors: - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv4" allowas_in: 4 as_override: True attribute_unchanged: med: True - afi: "ipv6" default_originate: "map01" distribute_list: - action: "export" acl: 10 - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" maximum_prefix: 45 nexthop_self: True route_map: - action: "export" route_map: "map01" - action: "import" route_map: "map01" weight: 50 # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ # # Module Execution: # # "after": { # "address_family": [ # { # "afi": "ipv4", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "export", # "route_map": "map01" # }, # { # "action": "import", # "route_map": "map01" # } # ], # "weight": 50 # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "before": {}, # "changed": true, # "commands": [ # "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ], # # Using replaced: # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ - name: Replace provided configuration with device configuration vyos.vyos.vyos_bgp_address_family: config: as_number: "100" neighbors: - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" allowas_in: 4 as_override: True attribute_unchanged: med: True - afi: "ipv6" default_originate: "map01" distribute_list: - action: "export" acl: 10 - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv6" maximum_prefix: 45 nexthop_self: True state: replaced # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ # # # # Module Execution: # "after": { # "address_family": [ # { # "afi": "ipv4", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4" # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "before": { # "address_family": [ # { # "afi": "ipv4", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "export", # "route_map": "map01" # }, # { # "action": "import", # "route_map": "map01" # } # ], # "weight": 50 # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "changed": true, # "commands": [ # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" # ], # Using overridden # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only # set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ - name: Override vyos.vyos.vyos_bgp_address_family: config: as_number: "100" neighbors: - neighbor_address: "100.11.34.12" address_family: - afi: "ipv6" maximum_prefix: 45 nexthop_self: True route_map: - action: "import" route_map: "map01" address_family: - afi: "ipv4" aggregate_address: - prefix: "60.9.2.0/24" summary_only: True - afi: "ipv6" redistribute: - protocol: "static" metric: 50 state: overridden # Aft=validate-moduleser State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ # Module Execution: # "after": { # "address_family": [ # { # "afi": "ipv4", # "aggregate_address": [ # { # "prefix": "60.9.2.0/24", # "summary_only": true # } # ] # }, # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4" # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "import", # "route_map": "map01" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # } # ] # }, # "before": { # "address_family": [ # { # "afi": "ipv4", # "networks": [ # { # "backdoor": true, # "prefix": "35.1.1.0/24" # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # }, # { # "afi": "ipv6", # "aggregate_address": [ # { # "prefix": "6601:1:1:1::/64", # "summary_only": true # } # ], # "networks": [ # { # "prefix": "5001:1:1:1::/64", # "route_map": "map01" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4" # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "changed": true, # "commands": [ # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", # "delete protocols bgp 100 address-family ipv6 aggregate-address", # "delete protocols bgp 100 address-family ipv6 network", # "delete protocols bgp 100 address-family ipv4 network", # "delete protocols bgp 100 address-family ipv4 redistribute", # "set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", # "set protocols bgp 100 address-family ipv6-unicast redistribute static metric 50", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" # ], # # Using deleted: # Before State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ - name: Delete vyos.vyos.vyos_bgp_address_family: config: as_number: "100" neighbors: - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv6" - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" state: deleted # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 # vyos@vyos:~$ # # # Module Execution: # # "after": { # "address_family": [ # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "before": { # "address_family": [ # { # "afi": "ipv4", # "aggregate_address": [ # { # "prefix": "60.9.2.0/24", # "summary_only": true # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # }, # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "export", # "route_map": "map01" # }, # { # "action": "import", # "route_map": "map01" # } # ], # "weight": 50 # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "import", # "route_map": "map01" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "changed": true, # "commands": [ # "delete protocols bgp 100 address-family ipv4-unicast", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family" # ], # # using parsed: # parsed.cfg # set protocols bgp 65536 address-family ipv4-unicast aggregate-address 192.0.2.0/24 as-set # set protocols bgp 65536 address-family ipv4-unicast network 192.1.13.0/24 route-map 'map01' # set protocols bgp 65536 address-family ipv4-unicast network 192.2.13.0/24 backdoor # set protocols bgp 65536 address-family ipv6-unicast redistribute ripng metric '20' # set protocols bgp 65536 neighbor 192.0.2.25 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 65536 neighbor 192.0.2.25 address-family ipv4-unicast soft-reconfiguration inbound # set protocols bgp 65536 neighbor 203.0.113.5 address-family ipv6-unicast attribute-unchanged next-hop - name: parse configs vyos.vyos.vyos_bgp_address_family: running_config: "{{ lookup('file', './parsed.cfg') }}" state: parsed # Module Execution: # "parsed": { # "address_family": [ # { # "afi": "ipv4", # "aggregate_address": [ # { # "as_set": true, # "prefix": "192.0.2.0/24" # } # ], # "networks": [ # { # "prefix": "192.1.13.0/24", # "route_map": "map01" # }, # { # "backdoor": true, # "prefix": "192.2.13.0/24" # } # ] # }, # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 20, # "protocol": "ripng" # } # ] # } # ], # "as_number": 65536, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "route_map": [ # { # "action": "export", # "route_map": "map01" # } # ], # "soft_reconfiguration": true # } # ], # "neighbor_address": "192.0.2.25" # }, # { # "address_family": [ # { # "afi": "ipv6", # "attribute_unchanged": { # "next_hop": true # } # } # ], # "neighbor_address": "203.0.113.5" # } # ] # # Using gathered: # Native config: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only # set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 - name: gather configs vyos.vyos.vyos_bgp_address_family: state: gathered # Module Execution: # "gathered": { # "address_family": [ # { # "afi": "ipv4", # "networks": [ # { # "backdoor": true, # "prefix": "35.1.1.0/24" # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # }, # { # "afi": "ipv6", # "aggregate_address": [ # { # "prefix": "6601:1:1:1::/64", # "summary_only": true # } # ], # "networks": [ # { # "prefix": "5001:1:1:1::/64", # "route_map": "map01" # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # Using rendered: - name: Render vyos.vyos.vyos_bgp_address_family: config: as_number: "100" address_family: - afi: "ipv4" redistribute: - protocol: "static" metric: 50 neighbors: - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv4" allowas_in: 4 as_override: True attribute_unchanged: med: True - afi: "ipv6" default_originate: "map01" distribute_list: - action: "export" acl: 10 - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" maximum_prefix: 45 nexthop_self: True route_map: - action: "export" route_map: "map01" - action: "import" route_map: "map01" weight: 50 state: rendered # Module Execution: # "rendered": [ # "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ] Status ------ Authors ~~~~~~~ - Gomathi Selvi Srinivasan (@GomathiselviS) diff --git a/docs/vyos.vyos.vyos_facts_module.rst b/docs/vyos.vyos.vyos_facts_module.rst index b931d4c1..83606d06 100644 --- a/docs/vyos.vyos.vyos_facts_module.rst +++ b/docs/vyos.vyos.vyos_facts_module.rst @@ -1,446 +1,446 @@ .. _vyos.vyos.vyos_facts_module: ******************** vyos.vyos.vyos_facts ******************** **Get facts about vyos devices.** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Collects facts from network devices running the vyos operating system. This module places the facts gathered in the fact tree keyed by the respective resource name. The facts module will always collect a base set of facts from the device and can enable or disable collection of additional facts. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
available_network_resources
boolean
    Choices:
  • no ←
  • yes
When 'True' a list of network resources for which resource modules are available will be provided.
gather_network_resources
list / elements=string
-
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all and the resources like interfaces. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces', 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', 'firewall_interfaces', 'ospfv3', 'ospfv2'.
+
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all and the resources like interfaces. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces', 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', 'firewall_interfaces', 'ospfv3', 'ospfv2'.
gather_subset
list / elements=string
Default:
"!config"
 -
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all, default, config, and neighbors. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected.
+
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all, default, config, and neighbors. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.
A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml # Gather all facts - vyos.vyos.vyos_facts: gather_subset: all gather_network_resources: all # collect only the config and default facts - vyos.vyos.vyos_facts: gather_subset: config # collect everything exception the config - vyos.vyos.vyos_facts: gather_subset: '!config' # Collect only the interfaces facts - vyos.vyos.vyos_facts: gather_subset: - '!all' - '!min' gather_network_resources: - interfaces # Do not collect interfaces facts - vyos.vyos.vyos_facts: gather_network_resources: - '!interfaces' # Collect interfaces and minimal default facts - vyos.vyos.vyos_facts: gather_subset: min gather_network_resources: interfaces Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
ansible_net_api
string
always
The name of the transport
ansible_net_commits
list
when present
The set of available configuration revisions
ansible_net_config
string
when config is configured
The running-config from the device
ansible_net_gather_network_resources
list
always
The list of fact resource subsets collected from the device
ansible_net_gather_subset
list
always
The list of subsets gathered by the module
ansible_net_hostname
string
always
The configured system hostname
ansible_net_model
string
always
The device model string
ansible_net_neighbors
list
when interface is configured
The set of LLDP neighbors
ansible_net_python_version
string
always
The Python version Ansible controller is using
ansible_net_serialnum
string
always
The serial number of the device
ansible_net_version
string
always
The version of the software running


Status ------ Authors ~~~~~~~ - Nathaniel Case (@qalthos) - Nilashish Chakraborty (@Nilashishc) - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_firewall_global_module.rst b/docs/vyos.vyos.vyos_firewall_global_module.rst index ec84f559..0a9b615c 100644 --- a/docs/vyos.vyos.vyos_firewall_global_module.rst +++ b/docs/vyos.vyos.vyos_firewall_global_module.rst @@ -1,1749 +1,1793 @@ .. _vyos.vyos.vyos_firewall_global_module: ****************************** vyos.vyos.vyos_firewall_global ****************************** **FIREWALL global resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manage global policies or configurations for firewall on VyOS devices. Parameters ---------- .. raw:: html + + + + + + + + + + + + + + + +
Parameter Choices/Defaults Comments
config
dictionary
A dictionary of Firewall global configuration options.
config_trap
boolean
    Choices:
  • no
  • yes
SNMP trap generation on firewall configuration changes.
group
dictionary
Defines a group of objects for referencing in firewall rules.
address_group
list / elements=dictionary
Defines a group of IP addresses for referencing in firewall rules.
+
+ afi + +
+ string +
+ 		+
    Choices: +
  • ipv4 ←
    • +
  • ipv6
    • +
+ 		+
Specifies IP address type
+
description
string
Allows you to specify a brief description for the address group.
members
list / elements=dictionary
Address-group members.
IPv4 address to match.
IPv4 range to match.
address
string
IP address.
name
string / required
Name of the firewall address group.
network_group
list / elements=dictionary
Defines a group of networks for referencing in firewall rules.
+
+ afi + +
+ string +
+ 		+
    Choices: +
  • ipv4 ←
    • +
  • ipv6
    • +
+ 		+
Specifies network address type
+
description
string
Allows you to specify a brief description for the network group.
members
list / elements=dictionary
Adds an IPv4 network to the specified network group.
The format is ip-address/prefix.
address
string
IP address.
name
string / required
Name of the firewall network group.
port_group
list / elements=dictionary
Defines a group of ports for referencing in firewall rules.
description
string
Allows you to specify a brief description for the port group.
members
list / elements=dictionary
Port-group member.
port
string
Defines the number.
name
string / required
Name of the firewall port group.
log_martians
boolean
    Choices:
  • no
  • yes
Specifies whether or not to record packets with invalid addresses in the log.
(True) Logs packets with invalid addresses.
(False) Does not log packets with invalid addresses.
ping
dictionary
Policy for handling of all IPv4 ICMP echo requests.
all
boolean
    Choices:
  • no
  • yes
Enables or disables response to all IPv4 ICMP Echo Request (ping) messages.
The system responds to IPv4 ICMP Echo Request messages.
broadcast
boolean
    Choices:
  • no
  • yes
Enables or disables response to broadcast IPv4 ICMP Echo Request and Timestamp Request messages.
IPv4 ICMP Echo and Timestamp Request messages are not processed.
route_redirects
list / elements=dictionary
-A dictionary of Firewall icmp redirect and source route global configuration options.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Specifies IP address type
icmp_redirects
dictionary
Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect messages.
receive
boolean
    Choices:
  • no
  • yes
Permits or denies receiving packets ICMP redirect messages.
send
boolean
    Choices:
  • no
  • yes
Permits or denies transmitting packets ICMP redirect messages.
ip_src_route
boolean
    Choices:
  • no
  • yes
Specifies whether or not to process source route IP options.
state_policy
list / elements=dictionary
Specifies global firewall state-policy.
action
string
    Choices:
  • accept
  • drop
  • reject
Action for packets part of an established connection.
connection_type
string
    Choices:
  • established
  • invalid
  • related
Specifies connection type.
log
boolean
    Choices:
  • no
  • yes
Enable logging of packets part of an established connection.
syn_cookies
boolean
    Choices:
  • no
  • yes
Specifies policy for using TCP SYN cookies with IPv4.
(True) Enables TCP SYN cookies with IPv4.
(False) Disables TCP SYN cookies with IPv4.
twa_hazards_protection
boolean
    Choices:
  • no
  • yes
RFC1337 TCP TIME-WAIT assassination hazards protection.
validation
string
    Choices:
  • strict
  • loose
  • disable
Specifies a policy for source validation by reversed path, as defined in RFC 3704.
(disable) No source validation is performed.
(loose) Enable Loose Reverse Path Forwarding as defined in RFC3704.
(strict) Enable Strict Reverse Path Forwarding as defined in RFC3704.
running_config
string
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command show configuration commands | grep 'firewall'
state
string
    Choices:
  • merged ←
  • replaced
  • deleted
  • gathered
  • rendered
  • parsed
The state the configuration should be left in.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- .. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep firewall # # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set firewall group address-group MGMT-HOSTS address 192.0.1.1", # "set firewall group address-group MGMT-HOSTS address 192.0.1.3", # "set firewall group address-group MGMT-HOSTS address 192.0.1.5", # "set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'", # "set firewall group address-group MGMT-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using parsed # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: running_config: "set firewall all-ping 'enable' set firewall broadcast-ping 'enable' set firewall config-trap 'enable' set firewall group address-group ENG-HOSTS address '192.0.3.1' set firewall group address-group ENG-HOSTS address '192.0.3.2' set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' set firewall group address-group SALES-HOSTS address '192.0.2.1' set firewall group address-group SALES-HOSTS address '192.0.2.2' set firewall group address-group SALES-HOSTS address '192.0.2.3' set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' set firewall group network-group MGMT description 'This group has the Management network addresses' set firewall group network-group MGMT network '192.0.1.0/24' set firewall ip-src-route 'enable' set firewall log-martians 'enable' set firewall receive-redirects 'disable' set firewall send-redirects 'enable' set firewall source-validation 'strict' set firewall state-policy established action 'accept' set firewall state-policy established log 'enable' set firewall state-policy invalid action 'reject' set firewall syn-cookies 'enable' set firewall twa-hazards-protection 'enable'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # } # # # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' - name: Delete attributes of firewall. vyos.vyos.vyos_firewall_global: config: state_policy: config_trap: log_martians: syn_cookies: twa_hazards_protection: route_redirects: ping: group: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # "commands": [ # "delete firewall source-validation", # "delete firewall group", # "delete firewall log-martians", # "delete firewall ip-src-route", # "delete firewall receive-redirects", # "delete firewall send-redirects", # "delete firewall config-trap", # "delete firewall state-policy", # "delete firewall syn-cookies", # "delete firewall broadcast-ping", # "delete firewall all-ping", # "delete firewall twa-hazards-protection" # ] # # "after": [] # After state # ------------ # vyos@192# run show configuration commands | grep firewall # set 'firewall' # # # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Replace firewall global attributes configuration. vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # "commands": [ # "delete firewall group address-group MGMT-HOSTS", # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Gather firewall global config with provided configurations vyos.vyos.vyos_firewall_global: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set firewall group address-group ENG-HOSTS', 'set firewall group address-group ENG-HOSTS address 192.0.3.1']


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_ntp_global_module.rst b/docs/vyos.vyos.vyos_ntp_global_module.rst new file mode 100644 index 00000000..7f27493c --- /dev/null +++ b/docs/vyos.vyos.vyos_ntp_global_module.rst @@ -0,0 +1,974 @@ +.. _vyos.vyos.vyos_ntp_global_module: + + +************************* +vyos.vyos.vyos_ntp_global +************************* + +**Manages ntp modules of Vyos network devices** + + +Version added: 2.4.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module manages ntp configuration on devices running Vyos + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ dictionary +
+ 		+ +
List of configurations for ntp module
+
+
+ allow_clients + +
+ list + / elements=string +
+ 		+ +
Network Time Protocol (NTP) server options
+
+
+ listen_addresses + +
+ list + / elements=string +
+ 		+ +
local IP addresses for service to listen on
+
+
+ servers + +
+ list + / elements=dictionary +
+ 		+ +
Network Time Protocol (NTP) server
+
+
+ options + +
+ list + / elements=string +
+ 		+
    Choices: +
  • noselect
    • +
  • dynamic
    • +
  • preempt
    • +
  • prefer
    • +
+ 		+
server options for NTP
+
+
+ server + +
+ string +
+ 		+ +
server name for NTP
+
+
+ running_config + +
+ string +
+ 		+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VYOS device by executing the command show configuration commands | grep ntp.
+
The states replaced and overridden have identical behaviour for this module.
+
The state parsed reads the configuration from show configuration commands | grep ntp option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • deleted
    • +
  • merged ←
    • +
  • overridden
    • +
  • replaced
    • +
  • gathered
    • +
  • rendered
    • +
  • parsed
    • +
+ 		+
The state the configuration should be left in.
+
+
+ + +Notes +----- + +.. note:: + - Tested against vyos 1.3 + - This module works with connection ``network_cli``. + + + +Examples +-------- + +.. code-block:: yaml + + # # ------------------- + # # 1. Using merged + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + # # Task + # # ------------- + - name: Replace the existing ntp config with the new config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.6.6.0/24 + listen_addresses: + - 10.1.3.1 + servers: + - server: 203.0.113.0 + options: + - prefer + + + # # Task output: + # # ------------- + # "after": { + # "allow_clients": [ + # "10.6.6.0/24" + # ], + # "listen_addresses": [ + # "10.1.3.1" + # ], + # "servers": [ + # { + # "server": "ser", + # "options": [ + # "prefer" + # ] + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # }, + # "before": { + # }, + # "changed": true, + # "commands": [ + # "set system ntp allow-clients address 10.6.6.0/24", + # "set system ntp listen-address 10.1.3.1", + # "set system ntp server 203.0.113.0 prefer" + # ] + + # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.6.6.0/24' + # set system ntp listen-address '10.1.3.1' + # set system ntp server 203.0.113.0 prefer, + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + + # # ------------------- + # # 2. Using replaced + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.4.9.0/24' + # set system ntp allow-clients address '10.4.7.0/24' + # set system ntp allow-clients address '10.1.2.0/24' + # set system ntp allow-clients address '10.2.3.0/24' + # set system ntp listen-address '10.1.9.16' + # set system ntp listen-address '10.5.3.2' + # set system ntp listen-address '10.7.9.21' + # set system ntp listen-address '10.8.9.4' + # set system ntp listen-address '10.4.5.1' + # set system ntp server 10.3.6.5 noselect + # set system ntp server 10.3.6.5 dynamic + # set system ntp server 10.3.6.5 preempt + # set system ntp server 10.3.6.5 prefer + # set system ntp server server4 noselect + # set system ntp server server4 dynamic + # set system ntp server server5 + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + # # Task + # # ------------- + - name: Replace the existing ntp config with the new config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.6.6.0/24 + listen_addresses: + - 10.1.3.1 + servers: + - server: 203.0.113.0 + options: + - prefer + state: replaced + + + # # Task output: + # # ------------- + # "after": { + # "allow_clients": [ + # "10.6.6.0/24" + # ], + # "listen_addresses": [ + # "10.1.3.1" + # ], + # "servers": [ + # { + # "server": "ser", + # "options": [ + # "prefer" + # ] + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # }, + # "before": { + # "allow_clients": [ + # "10.4.7.0/24", + # "10.2.3.0/24", + # "10.1.2.0/24", + # "10.4.9.0/24" + # ], + # "listen_addresses": [ + # "10.7.9.21", + # "10.4.5.1", + # "10.5.3.2", + # "10.8.9.4", + # "10.1.9.16" + # ], + # "servers": [ + # { + # "server": "10.3.6.5", + # "options": [ + # "noselect", + # "dynamic", + # "preempt", + # "prefer" + # ] + # }, + # { + # "server": "server4", + # "options": [ + # "noselect", + # "dynamic" + # ] + # }, + # { + # "server": "server5" + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # }, + # "changed": true, + # "commands": [ + # "delete system ntp allow-clients address 10.4.7.0/24", + # "delete system ntp allow-clients address 10.2.3.0/24", + # "delete system ntp allow-clients address 10.1.2.0/24", + # "delete system ntp allow-clients address 10.4.9.0/24", + # "delete system ntp listen-address 10.7.9.21", + # "delete system ntp listen-address 10.4.5.1", + # "delete system ntp listen-address 10.5.3.2", + # "delete system ntp listen-address 10.8.9.4", + # "delete system ntp listen-address 10.1.9.16", + # "delete system ntp server 10.3.6.5", + # "delete system ntp server server4", + # "delete system ntp server server5", + # "set system ntp allow-clients address 10.6.6.0/24", + # "set system ntp listen-address 10.1.3.1", + # "set system ntp server 203.0.113.0 prefer" + # ] + + # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.6.6.0/24' + # set system ntp listen-address '10.1.3.1' + # set system ntp server 203.0.113.0 prefer, + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + + + # # ------------------- + # # 3. Using overridden + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.6.6.0/24' + # set system ntp listen-address '10.1.3.1' + # set system ntp server 203.0.113.0 prefer, + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + # # Task + # # ------------- + - name: Override ntp config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.3.3.0/24 + listen_addresses: + - 10.7.8.1 + servers: + - server: server1 + options: + - dynamic + - prefer + + - server: server2 + options: + - noselect + - preempt + + - server: serv + state: overridden + + + + # # Task output: + # # ------------- + # "after": { + # "allow_clients": [ + # "10.3.3.0/24" + # ], + # "listen_addresses": [ + # "10.7.8.1" + # ], + # "servers": [ + # { + # "server": "serv" + # }, + # { + # "server": "server1", + # "options": [ + # "dynamic", + # "prefer" + # ] + # }, + # { + # "server": "server2", + # "options": [ + # "noselect", + # "preempt" + # ] + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # }, + # "before": { + # "allow_clients": [ + # "10.6.6.0/24" + # ], + # "listen_addresses": [ + # "10.1.3.1" + # ], + # "servers": [ + # { + # "server": "ser", + # "options": [ + # "prefer" + # ] + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # }, + # "changed": true, + # "commands": [ + # "delete system ntp allow-clients address 10.6.6.0/24", + # "delete system ntp listen-address 10.1.3.1", + # "delete system ntp server ser", + # "set system ntp allow-clients address 10.3.3.0/24", + # "set system ntp listen-address 10.7.8.1", + # "set system ntp server server1 dynamic", + # "set system ntp server server1 prefer", + # "set system ntp server server2 noselect", + # "set system ntp server server2 preempt", + # "set system ntp server serv" + # ] + + # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.3.3.0/24' + # set system ntp listen-address '10.7.8.1' + # set system ntp server serv + # set system ntp server server1 dynamic + # set system ntp server server1 prefer + # set system ntp server server2 noselect + # set system ntp server server2 preempt + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + + + # # ------------------- + # # 4. Using gathered + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.3.3.0/24' + # set system ntp listen-address '10.7.8.1' + # set system ntp server serv + # set system ntp server server1 dynamic + # set system ntp server server1 prefer + # set system ntp server server2 noselect + # set system ntp server server2 preempt + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + # # Task + # # ------------- + - name: Gather ntp config + vyos.vyos.vyos_ntp_global: + state: gathered + + # # Task output: + # # ------------- + # "gathered": { + # "allow_clients": [ + # "10.3.3.0/24" + # ], + # "listen_addresses": [ + # "10.7.8.1" + # ], + # "servers": [ + # { + # "server": "serv" + # }, + # { + # "server": "server1", + # "options": [ + # "dynamic", + # "prefer" + # ] + # }, + # { + # "server": "server2", + # "options": [ + # "noselect", + # "preempt" + # ] + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # } + + # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.3.3.0/24' + # set system ntp listen-address '10.7.8.1' + # set system ntp server serv + # set system ntp server server1 dynamic + # set system ntp server server1 prefer + # set system ntp server server2 noselect + # set system ntp server server2 preempt + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + + # # ------------------- + # # 5. Using deleted + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp allow-clients address '10.3.3.0/24' + # set system ntp listen-address '10.7.8.1' + # set system ntp server serv + # set system ntp server server1 dynamic + # set system ntp server server1 prefer + # set system ntp server server2 noselect + # set system ntp server server2 preempt + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + # # Task + # # ------------- + - name: Delete ntp config + vyos.vyos.vyos_ntp_global: + state: deleted + + + # # Task output: + # # ------------- + # "after": { + # "servers": [ + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # }, + # "before": { + # "allow_clients": [ + # "10.3.3.0/24" + # ], + # "listen_addresses": [ + # "10.7.8.1" + # ], + # "servers": [ + # { + # "server": "serv" + # }, + # { + # "server": "server1", + # "options": [ + # "dynamic", + # "prefer" + # ] + # }, + # { + # "server": "server2", + # "options": [ + # "noselect", + # "preempt" + # ] + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # ] + # }, + # "changed": true, + # "commands": [ + # "delete system ntp allow-clients", + # "delete system ntp listen-address", + # "delete system ntp server serv", + # "delete system ntp server server1", + # "delete system ntp server server2" + # + # ] + + # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + + # # ------------------- + # # 6. Using rendered + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep ntp + # set system ntp server time1.vyos.net + # set system ntp server time2.vyos.net + # set system ntp server time3.vyos.net + # vyos@vyos:~$ + + # # Task + # # ------------- + - name: Gather ntp config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.7.7.0/24 + - 10.8.8.0/24 + listen_addresses: + - 10.7.9.1 + servers: + - server: server7 + + - server: server45 + options: + - noselect + - prefer + - server: time1.vyos.net + + - server: time2.vyos.net + + - server: time3.vyos.net + + state: rendered + + + # # Task output: + # # ------------- + # "rendered": [ + # "set system ntp allow-clients address 10.7.7.0/24", + # "set system ntp allow-clients address 10.8.8.0/24", + # "set system ntp listen-address 10.7.9.1", + # "set system ntp server server7", + # "set system ntp server server45 noselect", + # "set system ntp server server45 prefer", + # "set system ntp server time1.vyos.net", + # "set system ntp server time2.vyos.net", + # "set system ntp server time3.vyos.net" + # ] + + + # # ------------------- + # # 7. Using parsed + # # ------------------- + + # # sample_config.cfg: + # # ------------- + # "set system ntp allow-clients address 10.7.7.0/24", + # "set system ntp listen-address 10.7.9.1", + # "set system ntp server server45 noselect", + # "set system ntp allow-clients addres 10.8.6.0/24", + # "set system ntp listen-address 10.5.4.1", + # "set system ntp server server45 dynamic", + # "set system ntp server time1.vyos.net", + # "set system ntp server time2.vyos.net", + # "set system ntp server time3.vyos.net" + + # # Task: + # # ------------- + - name: Parse externally provided ntp configuration + vyos.vyos.vyos_ntp_global: + running_config: "{{ lookup('file', './sample_config.cfg') }}" + state: parsed + + # # Task output: + # # ------------- + # parsed = { + # "allow_clients": [ + # "10.7.7.0/24", + # "10.8.6.0/24 + # ], + # "listen_addresses": [ + # "10.5.4.1", + # "10.7.9.1" + # ], + # "servers": [ + # { + # "server": "server45", + # "options": [ + # "noselect", + # "dynamic" + # + # ] + # }, + # { + # "server": "time1.vyos.net" + # }, + # { + # "server": "time2.vyos.net" + # }, + # { + # "server": "time3.vyos.net" + # } + # + # ] + # } + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ dictionary +
+ 		when changed +
The resulting configuration after module execution.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ before + +
+ dictionary +
+ 		when state is merged, replaced, overridden, deleted or purged +
The configuration prior to the module execution.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ commands + +
+ list +
+ 		when state is merged, replaced, overridden, deleted or purged +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set system ntp server server1 dynamic', 'set system ntp server server1 prefer', 'set system ntp server server2 noselect', 'set system ntp server server2 preempt', 'set system ntp server server_add preempt']
+
+
+ gathered + +
+ list +
+ 		when state is gathered +
Facts about the network resource gathered from the remote device as structured data.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ parsed + +
+ list +
+ 		when state is parsed +
The device native config provided in running_config option parsed into structured data as per module argspec.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ rendered + +
+ list +
+ 		when state is rendered +
The provided configuration in the task rendered in device-native format (offline).
+
+
Sample:
+
['set system ntp server server1 dynamic', 'set system ntp server server1 prefer', 'set system ntp server server2 noselect', 'set system ntp server server2 preempt', 'set system ntp server server_add preempt']
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Varshitha Yataluru (@YVarshitha) diff --git a/docs/vyos.vyos.vyos_ospf_interfaces_module.rst b/docs/vyos.vyos.vyos_ospf_interfaces_module.rst index 0417088c..c2c5db6a 100644 --- a/docs/vyos.vyos.vyos_ospf_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_ospf_interfaces_module.rst @@ -1,1204 +1,1204 @@ .. _vyos.vyos.vyos_ospf_interfaces_module: ****************************** vyos.vyos.vyos_ospf_interfaces ****************************** **OSPF Interfaces Resource Module.** Version added: 1.2.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages OSPF configuration of interfaces on devices running VYOS. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A list of OSPF configuration for interfaces.
address_family
list / elements=dictionary
OSPF settings on the interfaces in address-family context.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Address Family Identifier (AFI) for OSPF settings on the interfaces.
authentication
dictionary
Authentication settings on the interface.
md5_key
dictionary
md5 parameters.
key
string
md5 key.
key_id
integer
key id.
plaintext_password
string
Plain Text password.
bandwidth
integer
Bandwidth of interface (kilobits/sec)
cost
integer
metric associated with interface.
dead_interval
integer
Time interval to detect a dead router.
hello_interval
integer
Timer interval between transmission of hello packets.
ifmtu
integer
interface MTU.
instance
string
Instance ID.
mtu_ignore
boolean
    Choices:
  • no
  • yes
if True, Disable MTU check for Database Description packets.
network
string
Interface type.
passive
boolean
    Choices:
  • no
  • yes
If True, disables forming adjacency.
priority
integer
Interface priority.
retransmit_interval
integer
LSA retransmission interval.
transmit_delay
integer
LSA transmission delay.
name
string
Name/Identifier of the interface.
running_config
string
This option is used only with state parsed.
-
The value of this option should be the output received from the IOS device by executing the command sh running-config | section ^interface.
+
The value of this option should be the output received from the VYOS device by executing the command show configuration commands | match "set interfaces".
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • gathered
  • parsed
  • rendered
The state the configuration should be left in.

Examples -------- .. code-block:: yaml # Using merged # # Before state: # ------------- # # @vyos:~$ show configuration commands | match "ospf" - name: Merge provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" transmit_delay: 50 priority: 26 network: "point-to-point" - afi: "ipv6" dead_interval: 39 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 bandwidth: 70 authentication: md5_key: key_id: 10 key: "1111111111232345" - afi: "ipv6" passive: True state: merged # After State: # -------------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # "after": [ # " # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "set interfaces ethernet eth1 ip ospf transmit-delay 50", # "set interfaces ethernet eth1 ip ospf priority 26", # "set interfaces ethernet eth1 ip ospf network point-to-point", # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "set interfaces bonding bond2 ip ospf transmit-delay 45", # "set interfaces bonding bond2 ip ospf bandwidth 70", # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", # "set interfaces bonding bond2 ipv6 ospfv3 passive" # ], # Using replaced: # Before State: # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' - name: Replace provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" cost: 100 - afi: "ipv6" ifmtu: 33 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 - afi: "ipv6" passive: True state: replaced # After State: # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf cost '100' # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' # vyos@vyos:~$ # Module Execution # ---------------- # "after": [ # { # "address_family": [ # { # "afi": "ipv4", # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "set interfaces ethernet eth1 ip ospf cost 100", # "set interfaces ethernet eth1 ipv6 ospfv3 ifmtu 33", # "delete interfaces ethernet eth1 ip ospf network point-to-point", # "delete interfaces ethernet eth1 ip ospf priority 26", # "delete interfaces ethernet eth1 ip ospf transmit-delay 50", # "delete interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "delete interfaces bonding bond2 ip ospf authentication", # "delete interfaces bonding bond2 ip ospf bandwidth 70" # ], # # Using Overridden: # ----------------- # Before State: # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf cost '100' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' # vyos@vyos:~$ - name: Override device configuration with provided configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth0" address_family: - afi: "ipv4" cost: 100 - afi: "ipv6" ifmtu: 33 passive: True state: overridden # After State: # ----------- # 200~vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces ethernet eth0 ip ospf cost '100' # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' # set interfaces ethernet eth0 ipv6 ospfv3 'passive' # vyos@vyos:~$ # # # "after": [ # { # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33, # "passive": true # } # ], # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100, # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39, # "ifmtu": 33 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "delete interfaces bonding bond2 ip ospf", # "delete interfaces bonding bond2 ipv6 ospfv3", # "delete interfaces ethernet eth1 ip ospf", # "delete interfaces ethernet eth1 ipv6 ospfv3", # "set interfaces ethernet eth0 ip ospf cost 100", # "set interfaces ethernet eth0 ipv6 ospfv3 ifmtu 33", # "set interfaces ethernet eth0 ipv6 ospfv3 passive" # ], # # Using deleted: # ------------- # before state: # ------------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth0 ip ospf cost '100' # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' # set interfaces ethernet eth0 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ - name: Delete device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth0" state: deleted # After State: # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ # # # "after": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33, # "passive": true # } # ], # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "delete interfaces ethernet eth0 ip ospf", # "delete interfaces ethernet eth0 ipv6 ospfv3" # ], # # Using parsed: # parsed.cfg: # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth0 ip ospf cost '50' # set interfaces ethernet eth0 ip ospf priority '26' # set interfaces ethernet eth0 ipv6 ospfv3 instance-id '33' # set interfaces ethernet eth0 ipv6 ospfv3 'mtu-ignore' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # - name: parse configs vyos.vyos.vyos_ospf_interfaces: running_config: "{{ lookup('file', './parsed.cfg') }}" state: parsed # Module Execution: # ---------------- # "parsed": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 50, # "priority": 26 # }, # { # "afi": "ipv6", # "instance": "33", # "mtu_ignore": true # } # ], # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # } # ] # Using rendered: # -------------- - name: Render vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" transmit_delay: 50 priority: 26 network: "point-to-point" - afi: "ipv6" dead_interval: 39 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 bandwidth: 70 authentication: md5_key: key_id: 10 key: "1111111111232345" - afi: "ipv6" passive: True state: rendered # Module Execution: # ---------------- # "rendered": [ # "set interfaces ethernet eth1 ip ospf transmit-delay 50", # "set interfaces ethernet eth1 ip ospf priority 26", # "set interfaces ethernet eth1 ip ospf network point-to-point", # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "set interfaces bonding bond2 ip ospf transmit-delay 45", # "set interfaces bonding bond2 ip ospf bandwidth 70", # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", # "set interfaces bonding bond2 ipv6 ospfv3 passive" # ] # # Using Gathered: # -------------- # Native Config: # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ - name: gather configs vyos.vyos.vyos_ospf_interfaces: state: gathered # Module Execution: # ----------------- # "gathered": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], Status ------ Authors ~~~~~~~ - Gomathi Selvi Srinivasan (@GomathiselviS) diff --git a/docs/vyos.vyos.vyos_ping_module.rst b/docs/vyos.vyos.vyos_ping_module.rst index 59e4a745..841ca819 100644 --- a/docs/vyos.vyos.vyos_ping_module.rst +++ b/docs/vyos.vyos.vyos_ping_module.rst @@ -1,422 +1,422 @@ .. _vyos.vyos.vyos_ping_module: ******************* vyos.vyos.vyos_ping ******************* **Tests reachability using ping from VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Tests reachability using ping from a VyOS device to a remote destination. - Tested against VyOS 1.1.8 (helium) -- For a general purpose network module, see the :ref:`net_ping ` module. -- For Windows targets, use the :ref:`win_ping ` module instead. -- For targets running Python, use the :ref:`ping ` module instead. +- For a general purpose network module, see the net_ping module. +- For Windows targets, use the win_ping module instead. +- For targets running Python, use the ping module instead. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
count
integer
Default:
5
Number of packets to send to check reachability.
dest
string / required
The IP Address or hostname (resolvable by the device) of the remote node.
interval
integer
Determines the interval (in seconds) between consecutive pings.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.
A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
size
integer
Determines the size (in bytes) of the ping packet(s).
source
string
The source interface or IP Address to use while sending the ping packet(s).
state
string
    Choices:
  • absent
  • present ←
Determines if the expected result is success or fail.
ttl
integer
The time-to-live value for the ICMP packet(s).

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - - For a general purpose network module, see the :ref:`net_ping ` module. - - For Windows targets, use the :ref:`win_ping ` module instead. - - For targets running Python, use the :ref:`ping ` module instead. + - For a general purpose network module, see the net_ping module. + - For Windows targets, use the win_ping module instead. + - For targets running Python, use the ping module instead. - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml - name: Test reachability to 10.10.10.10 vyos.vyos.vyos_ping: dest: 10.10.10.10 - name: Test reachability to 10.20.20.20 using source and ttl set vyos.vyos.vyos_ping: dest: 10.20.20.20 source: eth0 ttl: 128 - name: Test reachability to 10.30.30.30 using interval vyos.vyos.vyos_ping: dest: 10.30.30.30 interval: 3 state: absent - name: Test reachability to 10.40.40.40 setting count and source vyos.vyos.vyos_ping: dest: 10.40.40.40 source: eth1 count: 20 size: 512 Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
List of commands sent.

Sample:
['ping 10.8.38.44 count 10 interface eth0 ttl 128']
packet_loss
string
always
Percentage of packets lost.

Sample:
0%
packets_rx
integer
always
Packets successfully received.

Sample:
20
packets_tx
integer
always
Packets successfully transmitted.

Sample:
20
rtt
dictionary
when ping succeeds
The round trip time (RTT) stats.

Sample:
{'avg': 2, 'max': 8, 'min': 1, 'mdev': 24}


Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@NilashishC) diff --git a/docs/vyos.vyos.vyos_route_maps_module.rst b/docs/vyos.vyos.vyos_route_maps_module.rst index 828ce347..c548e9bb 100644 --- a/docs/vyos.vyos.vyos_route_maps_module.rst +++ b/docs/vyos.vyos.vyos_route_maps_module.rst @@ -1,2042 +1,2042 @@ .. _vyos.vyos.vyos_route_maps_module: ************************* vyos.vyos.vyos_route_maps ************************* **Route Map Resource Module.** Version added: 2.3.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages route map configurations on devices running VYOS. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A list of route-map configuration.
entries
list / elements=dictionary
Route Map rules.

aliases: rules
action
string
    Choices:
  • deny
  • permit
Action for matching routes
call
string
Route map name
continue_sequence
integer
Continue on a different entry within the route-map.
description
string
Description for the rule.
match
dictionary
Route parameters to match.
as_path
string
Set as-path.
community
dictionary
BGP community attribute.
community_list
string
BGP community-list to match
exact_match
boolean
    Choices:
  • no
  • yes
BGP community-list to match
extcommunity
string
Extended community name.
interface
string
First hop interface of a route to match.
ip
dictionary
IP prefix parameters to match.
address
dictionary
IP address of route to match.
list_type
string
    Choices:
  • access-list
  • prefix-list
type of list
value
string
value of access-list and prefix list
next_hop
dictionary
next hop prefix list.
list_type
string
    Choices:
  • access-list
  • prefix-list
type of list
value
string
value of access-list and prefix list
route_source
dictionary
IP route-source to match
list_type
string
    Choices:
  • access-list
  • prefix-list
type of list
value
string
value of access-list and prefix list
ipv6
dictionary
IPv6 prefix parameters to match.
address
dictionary
IPv6 address of route to match.
list_type
string
    Choices:
  • access-list
  • prefix-list
type of list
value
string
value of access-list and prefix list
next_hop
string
next-hop ipv6 address IPv6 <h:h:h:h:h:h:h:h>.
large_community_large_community_list
string
BGP large-community-list to match.
metric
integer
Route metric <1-65535>.
origin
string
    Choices:
  • ebgp
  • ibgp
  • incomplete
bgp origin.
peer
string
Peer IP address <x.x.x.x>.
rpki
string
    Choices:
  • notfound
  • invalid
  • valid
RPKI validation value.
on_match
dictionary
Exit policy on matches.
goto
integer
Rule number to goto on match <1-65535>.
next
boolean
    Choices:
  • no
  • yes
Next sequence number to goto on match.
sequence
integer
Route map rule number <1-65535>.
set
dictionary
Route parameters.
aggregator
dictionary
Border Gateway Protocol (BGP) aggregator attribute.
as
string
AS number of an aggregation.
ip
string
IP address.
as_path_exclude
string
BGP AS path exclude string ex "456 64500 45001"
as_path_prepend
string
Prepend string for a Border Gateway Protocol (BGP) AS-path attribute.
atomic_aggregate
boolean
    Choices:
  • no
  • yes
Border Gateway Protocol (BGP) atomic aggregate attribute.
bgp_extcommunity_rt
string
ExtCommunity in format AS:value
comm_list
dictionary
Border Gateway Protocol (BGP) communities matching a community-list.
comm_list
string
BGP communities with a community-list.
delete
boolean
    Choices:
  • no
  • yes
Delete BGP communities matching the community-list.
community
dictionary
Border Gateway Protocol (BGP) community attribute.
value
string
Community in 4 octet AS:value format or it can be from local-AS, no-advertise,no-expert,internet,additive,none.
extcommunity_rt
string
Set route target value.ASN:nn_or_IP_address:nn VPN extended community.
extcommunity_soo
string
Set Site of Origin value. ASN:nn_or_IP_address:nn VPN extended community
ip_next_hop
string
IP address.
ipv6_next_hop
dictionary
Nexthop IPv6 address.
ip_type
string
    Choices:
  • global
  • local
Global or Local
value
string
ipv6 address
large_community
string
Set BGP large community value.
local_preference
string
Border Gateway Protocol (BGP) local preference attribute.Example <0-4294967295>.
metric
string
Destination routing protocol metric. Example <0-4294967295>.
metric_type
string
    Choices:
  • type-1
  • type-2
Open Shortest Path First (OSPF) external metric-type.
origin
string
    Choices:
  • egp
  • igp
  • incomplete
Set bgp origin.
originator_id
string
Border Gateway Protocol (BGP) originator ID attribute. Originator IP address.
src
string
Source address for route. Example <x.x.x.x> IP address.
tag
string
Tag value for routing protocol. Example <1-65535>
weight
string
Border Gateway Protocol (BGP) weight attribute. Example <0-4294967295>
route_map
string
Route map name.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VYOS device by executing the command show configuration commands | grep route-map.
The state parsed reads the configuration from show configuration commands | grep route-map option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • deleted
  • merged ←
  • overridden
  • replaced
  • gathered
  • rendered
  • parsed
The state the configuration should be left in.

Notes ----- .. note:: - Tested against vyos 1.2. - This module works with connection ``network_cli``. Examples -------- .. code-block:: yaml # Using merged # Before state # vyos@vyos:~$ show configuration commands | match "set policy route-map" # vyos@vyos:~$ - name: Merge the provided configuration with the existing running configuration register: result vyos.vyos.vyos_route_maps: &id001 config: - route_map: test1 entries: - sequence: 1 description: "test" action: permit continue: 2 on_match: next: True - route_map: test3 entries: - sequence: 1 action: permit match: rpki: invalid metric: 1 peer: 192.0.2.32 set: local_preference: 4 metric: 5 metric_type: "type-1" origin: egp originator_id: 192.0.2.34 tag: 5 weight: 4 state: merged # After State # vyos@vyos:~$ show configuration commands | match "set policy route-maps" # set policy route-map test1 rule 1 description test # set policy route-map test1 rule 1 action permit # set policy route-map test1 rule 1 continue 2 # set policy route-map test1 rule 1 on-match next # set policy route-map test3 rule 1 action permit # set policy route-map test3 rule 1 set local-preference 4 # set policy route-map test3 rule 1 set metric 5 # set policy route-map test3 rule 1 set metric-type type-1 # set policy route-map test3 rule 1 set origin egp # set policy route-map test3 rule 1 set originator-id 192.0.2.34 # set policy route-map test3 rule 1 set tag 5 # set policy route-map test3 rule 1 set weight 4 # set policy route-map test3 rule 1 match metric 1 # set policy route-map test3 rule 1 match peer 192.0.2.32 # set policy route-map test3 rule 1 match rpki invalid # "after": [ # { # "entries": [ # { # "action": "permit", # "continue_sequence": 2, # "description": "test", # "on_match": { # "next": true # }, # "sequence": 1 # } # ], # "route_map": "test1" # }, # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 1, # "peer": "192.0.2.32", # "rpki": "invalid" # }, # "sequence": 1, # "set": { # "local_preference": "4", # "metric": "5", # "metric_type": "type-1", # "origin": "egp", # "originator_id": "192.0.2.34", # "tag": "5", # "weight": "4" # } # } # ], # "route_map": "test3" # } # ], - # "before": {}, + # "before": [], # "changed": true, # "commands": [ # "set policy route-map test1 rule 1 description test", # "set policy route-map test1 rule 1 action permit", # "set policy route-map test1 rule 1 continue 2", # "set policy route-map test1 rule 1 on-match next", # "set policy route-map test3 rule 1 action permit", # "set policy route-map test3 rule 1 set local-preference 4", # "set policy route-map test3 rule 1 set metric 5", # "set policy route-map test3 rule 1 set metric-type type-1", # "set policy route-map test3 rule 1 set origin egp", # "set policy route-map test3 rule 1 set originator-id 192.0.2.34", # "set policy route-map test3 rule 1 set tag 5", # "set policy route-map test3 rule 1 set weight 4", # "set policy route-map test3 rule 1 match metric 1", # "set policy route-map test3 rule 1 match peer 192.0.2.32", # "set policy route-map test3 rule 1 match rpki invalid" # ], # Using replaced: # -------------- # Before state: # vyos@vyos:~$ show configuration commands | match "set route-map policy" # set policy route-map test2 rule 1 action 'permit' # set policy route-map test2 rule 1 description 'test' # set policy route-map test2 rule 1 on-match next # set policy route-map test2 rule 2 action 'permit' # set policy route-map test2 rule 2 on-match goto '4' # set policy route-map test3 rule 1 action 'permit' # set policy route-map test3 rule 1 match metric '1' # set policy route-map test3 rule 1 match peer '192.0.2.32' # set policy route-map test3 rule 1 match rpki 'invalid' # set policy route-map test3 rule 1 set community 'internet' # set policy route-map test3 rule 1 set ip-next-hop '192.0.2.33' # set policy route-map test3 rule 1 set local-preference '4' # set policy route-map test3 rule 1 set metric '5' # set policy route-map test3 rule 1 set metric-type 'type-1' # set policy route-map test3 rule 1 set origin 'egp' # set policy route-map test3 rule 1 set originator-id '192.0.2.34' # set policy route-map test3 rule 1 set tag '5' # set policy route-map test3 rule 1 set weight '4' # # - name: Replace the provided configuration with the existing running configuration # register: result # vyos.vyos.vyos_route_maps: &id001 # config: # - route_map: test3 # entries: # - sequence: 1 # action: permit # match: # rpki: invalid # metric: 3 # peer: 192.0.2.35 # set: # local_preference: 6 # metric: 4 # metric_type: "type-1" # origin: egp # originator_id: 192.0.2.34 # tag: 4 # weight: 4 # state: replaced # After state: # vyos@vyos:~$ show configuration commands | match "set policy route-map" # set policy route-map test3 rule 1 set local-preference 6 # set policy route-map test3 rule 1 set metric 4 # set policy route-map test3 rule 1 set tag 4 # set policy route-map test3 rule 1 match metric 3 # set policy route-map test3 rule 1 match peer 192.0.2.35 # vyos@vyos:~$ # # # Module Execution: # # "after": [ # { # "entries": [ # { # "action": "permit", # "description": "test", # "on_match": { # "next": true # }, # "sequence": 1 # }, # { # "action": "permit", # "on_match": { # "goto": 4 # }, # "sequence": 2 # } # ], # "route_map": "test2" # }, # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 3, # "peer": "192.0.2.35", # "rpki": "invalid" # }, # "sequence": 1, # "set": { # "local_preference": "6", # "metric": "4", # "metric_type": "type-1", # "origin": "egp", # "originator_id": "192.0.2.34", # "tag": "4", # "weight": "4" # } # } # ], # "route_map": "test3" # } # ], # "before": [ # { # "entries": [ # { # "action": "permit", # "description": "test", # "on_match": { # "next": true # }, # "sequence": 1 # }, # { # "action": "permit", # "on_match": { # "goto": 4 # }, # "sequence": 2 # } # ], # "route_map": "test2" # }, # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 1, # "peer": "192.0.2.32", # "rpki": "invalid" # }, # "sequence": 1, # "set": { # "community": { # "value": "internet" # }, # "ip_next_hop": "192.0.2.33", # "local_preference": "4", # "metric": "5", # "metric_type": "type-1", # "origin": "egp", # "originator_id": "192.0.2.34", # "tag": "5", # "weight": "4" # } # } # ], # "route_map": "test3" # } # ], # "changed": true, # "commands": [ # "delete policy route-map test3 rule 1 set ip-next-hop 192.0.2.33", # "set policy route-map test3 rule 1 set local-preference 6", # "set policy route-map test3 rule 1 set metric 4", # "set policy route-map test3 rule 1 set tag 4", # "delete policy route-map test3 rule 1 set community internet", # "set policy route-map test3 rule 1 match metric 3", # "set policy route-map test3 rule 1 match peer 192.0.2.35" # ], # # Using deleted: # ------------- # Before state: # vyos@vyos:~$ show configuration commands | match "set policy route-map" # set policy route-map test3 rule 1 set local-preference 6 # set policy route-map test3 rule 1 set metric 4 # set policy route-map test3 rule 1 set tag 4 # set policy route-map test3 rule 1 match metric 3 # set policy route-map test3 rule 1 match peer 192.0.2.35 # vyos@vyos:~$ # # - name: Delete the provided configuration # register: result # vyos.vyos.vyos_route_maps: # config: # state: deleted # After state: # vyos@vyos:~$ show configuration commands | match "set policy route-map" # vyos@vyos:~$ # # # Module Execution: # - # "after": {}, + # "after": [], # "before": [ # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 3, # "peer": "192.0.2.35", # }, # "sequence": 1, # "set": { # "local_preference": "6", # "metric": "4", # "tag": "4", # } # } # ], # "route_map": "test3" # } # ], # "changed": true, # "commands": [ # "delete policy route-map test3" # ], # # using gathered: # -------------- # # Before state: # vyos@vyos:~$ show configuration commands | match "set policy route-maps" # set policy route-map test1 rule 1 description test # set policy route-map test1 rule 1 action permit # set policy route-map test1 rule 1 continue 2 # set policy route-map test1 rule 1 on-match next # set policy route-map test3 rule 1 action permit # set policy route-map test3 rule 1 set local-preference 4 # set policy route-map test3 rule 1 set metric 5 # set policy route-map test3 rule 1 set metric-type type-1 # set policy route-map test3 rule 1 set origin egp # set policy route-map test3 rule 1 set originator-id 192.0.2.34 # set policy route-map test3 rule 1 set tag 5 # set policy route-map test3 rule 1 set weight 4 # set policy route-map test3 rule 1 match metric 1 # set policy route-map test3 rule 1 match peer 192.0.2.32 # set policy route-map test3 rule 1 match rpki invalid # # - name: gather configs # vyos.vyos.vyos_route_maps: # state: gathered # "gathered": [ # { # "entries": [ # { # "action": "permit", # "continue_sequence": 2, # "description": "test", # "on_match": { # "next": true # }, # "sequence": 1 # } # ], # "route_map": "test1" # }, # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 1, # "peer": "192.0.2.32", # "rpki": "invalid" # }, # "sequence": 1, # "set": { # "local_preference": "4", # "metric": "5", # "metric_type": "type-1", # "origin": "egp", # "originator_id": "192.0.2.34", # "tag": "5", # "weight": "4" # } # } # ], # "route_map": "test3" # } # ] # Using parsed: # ------------ # parsed.cfg # set policy route-map test1 rule 1 description test # set policy route-map test1 rule 1 action permit # set policy route-map test1 rule 1 continue 2 # set policy route-map test1 rule 1 on-match next # set policy route-map test3 rule 1 action permit # set policy route-map test3 rule 1 set local-preference 4 # set policy route-map test3 rule 1 set metric 5 # set policy route-map test3 rule 1 set metric-type type-1 # set policy route-map test3 rule 1 set origin egp # set policy route-map test3 rule 1 set originator-id 192.0.2.34 # set policy route-map test3 rule 1 set tag 5 # set policy route-map test3 rule 1 set weight 4 # set policy route-map test3 rule 1 match metric 1 # set policy route-map test3 rule 1 match peer 192.0.2.32 # set policy route-map test3 rule 1 match rpki invalid # # - name: parse configs # vyos.vyos.vyos_route_maps: # running_config: "{{ lookup('file', './parsed.cfg') }}" # state: parsed # tags: # - parsed # # Module execution: # "parsed": [ # { # "entries": [ # { # "action": "permit", # "continue_sequence": 2, # "description": "test", # "on_match": { # "next": true # }, # "sequence": 1 # } # ], # "route_map": "test1" # }, # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 1, # "peer": "192.0.2.32", # "rpki": "invalid" # }, # "sequence": 1, # "set": { # "local_preference": "4", # "metric": "5", # "metric_type": "type-1", # "origin": "egp", # "originator_id": "192.0.2.34", # "tag": "5", # "weight": "4" # } # } # ], # "route_map": "test3" # } # ] # # # Using rendered: # -------------- # - name: Structure provided configuration into device specific commands # register: result # vyos.vyos.vyos_route_maps: &id001 # config: # - route_map: test1 # entries: # - sequence: 1 # description: "test" # action: permit # continue_sequence: 2 # on_match: # next: True # - route_map: test3 # entries: # - sequence: 1 # action: permit # match: # rpki: invalid # metric: 1 # peer: 192.0.2.32 # set: # local_preference: 4 # metric: 5 # metric_type: "type-1" # origin: egp # originator_id: 192.0.2.34 # tag: 5 # weight: 4 # state: rendered # Module Execution: # "rendered": [ # "set policy route-map test1 rule 1 description test", # "set policy route-map test1 rule 1 action permit", # "set policy route-map test1 rule 1 continue 2", # "set policy route-map test1 rule 1 on-match next", # "set policy route-map test3 rule 1 action permit", # "set policy route-map test3 rule 1 set local-preference 4", # "set policy route-map test3 rule 1 set metric 5", # "set policy route-map test3 rule 1 set metric-type type-1", # "set policy route-map test3 rule 1 set origin egp", # "set policy route-map test3 rule 1 set originator-id 192.0.2.34", # "set policy route-map test3 rule 1 set tag 5", # "set policy route-map test3 rule 1 set weight 4", # "set policy route-map test3 rule 1 match metric 1", # "set policy route-map test3 rule 1 match peer 192.0.2.32", # "set policy route-map test3 rule 1 match rpki invalid" # ] # # # Using overridden: # -------------- # Before state: # vyos@vyos:~$ show configuration commands | match "set policy route-map" # set policy route-map test2 rule 1 action 'permit' # set policy route-map test2 rule 1 description 'test' # set policy route-map test2 rule 1 on-match next # set policy route-map test2 rule 2 action 'permit' # set policy route-map test2 rule 2 on-match goto '4' # set policy route-map test3 rule 1 action 'permit' # set policy route-map test3 rule 1 match metric '1' # set policy route-map test3 rule 1 match peer '192.0.2.32' # set policy route-map test3 rule 1 match rpki 'invalid' # set policy route-map test3 rule 1 set community 'internet' # set policy route-map test3 rule 1 set ip-next-hop '192.0.2.33' # set policy route-map test3 rule 1 set local-preference '4' # set policy route-map test3 rule 1 set metric '5' # set policy route-map test3 rule 1 set metric-type 'type-1' # set policy route-map test3 rule 1 set origin 'egp' # set policy route-map test3 rule 1 set originator-id '192.0.2.34' # set policy route-map test3 rule 1 set tag '5' # set policy route-map test3 rule 1 set weight '4' # # - name: Override the existing configuration with the provided running configuration # register: result # vyos.vyos.vyos_route_maps: &id001 # config: # - route_map: test3 # entries: # - sequence: 1 # action: permit # match: # rpki: invalid # metric: 3 # peer: 192.0.2.35 # set: # local_preference: 6 # metric: 4 # metric_type: "type-1" # origin: egp # originator_id: 192.0.2.34 # tag: 4 # weight: 4 # state: overridden # After state: # vyos@vyos:~$ show configuration commands | match "set policy route-map" # set policy route-map test3 rule 1 set metric-type 'type-1' # set policy route-map test3 rule 1 set origin 'egp' # set policy route-map test3 rule 1 set originator-id '192.0.2.34' # set policy route-map test3 rule 1 set weight '4' # set policy route-map test3 rule 1 set local-preference 6 # set policy route-map test3 rule 1 set metric 4 # set policy route-map test3 rule 1 set tag 4 # set policy route-map test3 rule 1 match metric 3 # set policy route-map test3 rule 1 match peer 192.0.2.35 # set policy route-map test3 rule 1 match rpki 'invalid' # Module Execution: # "after": [ # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 3, # "peer": "192.0.2.35", # "rpki": "invalid" # }, # "sequence": 1, # "set": { # "local_preference": "6", # "metric": "4", # "metric_type": "type-1", # "origin": "egp", # "originator_id": "192.0.2.34", # "tag": "4", # "weight": "4" # } # } # ], # "route_map": "test3" # } # ], # "before": [ # { # "entries": [ # { # "action": "permit", # "description": "test", # "on_match": { # "next": true # }, # "sequence": 1 # }, # { # "action": "permit", # "on_match": { # "goto": 4 # }, # "sequence": 2 # } # ], # "route_map": "test2" # }, # { # "entries": [ # { # "action": "permit", # "match": { # "metric": 1, # "peer": "192.0.2.32", # "rpki": "invalid" # }, # "sequence": 1, # "set": { # "community": { # "value": "internet" # }, # "ip_next_hop": "192.0.2.33", # "local_preference": "4", # "metric": "5", # "metric_type": "type-1", # "origin": "egp", # "originator_id": "192.0.2.34", # "tag": "5", # "weight": "4" # } # } # ], # "route_map": "test3" # } # ], # "changed": true, # "commands": [ # "delete policy route-map test2", # "delete policy route-map test3 rule 1 set ip-next-hop 192.0.2.33", # "set policy route-map test3 rule 1 set local-preference 6", # "set policy route-map test3 rule 1 set metric 4", # "set policy route-map test3 rule 1 set tag 4", # "delete policy route-map test3 rule 1 set community internet", # "set policy route-map test3 rule 1 match metric 3", # "set policy route-map test3 rule 1 match peer 192.0.2.35" # ], # Status ------ Authors ~~~~~~~ - Ashwini Mhatre (@amhatre) diff --git a/galaxy.yml b/galaxy.yml index 3eb12baf..ceaed7a3 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,15 +1,16 @@ --- authors: - Ansible Network Community (ansible-network) dependencies: "ansible.netcommon": ">=2.0.1" license_file: LICENSE name: vyos description: Ansible Network Collection for VYOS devices. namespace: vyos readme: README.md repository: https://github.com/ansible-collections/vyos.vyos +issues: https://github.com/ansible-collections/vyos.vyos/issues tags: [vyos, networking] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. version: null diff --git a/meta/runtime.yml b/meta/runtime.yml index 92cb2605..35dbf506 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,240 +1,246 @@ --- requires_ansible: ">=2.9.10" plugin_routing: action: vyos_banner: redirect: vyos.vyos.vyos banner: redirect: vyos.vyos.vyos vyos_bgp_global: redirect: vyos.vyos.vyos bgp_global: redirect: vyos.vyos.vyos vyos_bgp_address_family: redirect: vyos.vyos.vyos bgp_address_family: redirect: vyos.vyos.vyos vyos_command: redirect: vyos.vyos.vyos command: redirect: vyos.vyos.vyos vyos_config: redirect: vyos.vyos.vyos config: redirect: vyos.vyos.vyos vyos_facts: redirect: vyos.vyos.vyos facts: redirect: vyos.vyos.vyos vyos_firewall_global: redirect: vyos.vyos.vyos firewall_global: redirect: vyos.vyos.vyos vyos_firewall_interfaces: redirect: vyos.vyos.vyos firewall_interfaces: redirect: vyos.vyos.vyos vyos_firewall_rules: redirect: vyos.vyos.vyos firewall_rules: redirect: vyos.vyos.vyos vyos_interface: redirect: vyos.vyos.vyos interface: redirect: vyos.vyos.vyos vyos_interfaces: redirect: vyos.vyos.vyos interfaces: redirect: vyos.vyos.vyos vyos_l3_interface: redirect: vyos.vyos.vyos l3_interface: redirect: vyos.vyos.vyos vyos_l3_interfaces: redirect: vyos.vyos.vyos l3_interfaces: redirect: vyos.vyos.vyos vyos_lag_interfaces: redirect: vyos.vyos.vyos lag_interfaces: redirect: vyos.vyos.vyos vyos_linkagg: redirect: vyos.vyos.vyos linkagg: redirect: vyos.vyos.vyos vyos_lldp: redirect: vyos.vyos.vyos lldp: redirect: vyos.vyos.vyos vyos_lldp_global: redirect: vyos.vyos.vyos lldp_global: redirect: vyos.vyos.vyos vyos_lldp_interface: redirect: vyos.vyos.vyos lldp_interface: redirect: vyos.vyos.vyos vyos_lldp_interfaces: redirect: vyos.vyos.vyos lldp_interfaces: redirect: vyos.vyos.vyos vyos_logging: redirect: vyos.vyos.vyos vyos_logging_global: redirect: vyos.vyos.vyos logging_global: redirect: vyos.vyos.vyos logging: redirect: vyos.vyos.vyos + vyos_ntp_global: + redirect: vyos.vyos.vyos + ntp_global: + redirect: vyos.vyos.vyos vyos_ospfv2: redirect: vyos.vyos.vyos ospfv2: redirect: vyos.vyos.vyos vyos_ospfv3: redirect: vyos.vyos.vyos ospfv3: redirect: vyos.vyos.vyos vyos_ospf_interfaces: redirect: vyos.vyos.vyos ospf_interfaces: redirect: vyos.vyos.vyos vyos_ping: redirect: vyos.vyos.vyos ping: redirect: vyos.vyos.vyos vyos_prefix_lists: redirect: vyos.vyos.vyos prefix_lists: redirect: vyos.vyos.vyos vyos_static_route: redirect: vyos.vyos.vyos static_route: redirect: vyos.vyos.vyos vyos_static_routes: redirect: vyos.vyos.vyos static_routes: redirect: vyos.vyos.vyos vyos_system: redirect: vyos.vyos.vyos system: redirect: vyos.vyos.vyos vyos_user: redirect: vyos.vyos.vyos user: redirect: vyos.vyos.vyos vyos_vlan: redirect: vyos.vyos.vyos vlan: redirect: vyos.vyos.vyos modules: banner: redirect: vyos.vyos.vyos_banner bgp_global: redirect: vyos.vyos.vyos_bgp_global bgp_address_family: redirect: vyos.vyos.vyos_bgp_address_family command: redirect: vyos.vyos.vyos_command config: redirect: vyos.vyos.vyos_config facts: redirect: vyos.vyos.vyos_facts firewall_global: redirect: vyos.vyos.vyos_firewall_global firewall_interfaces: redirect: vyos.vyos.vyos_firewall_interfaces firewall_rules: redirect: vyos.vyos.vyos_firewall_rules interface: redirect: vyos.vyos.vyos_interface deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_interface: deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details interfaces: redirect: vyos.vyos.vyos_interfaces l3_interface: redirect: vyos.vyos.vyos_l3_interface deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_l3_interface: deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details l3_interfaces: redirect: vyos.vyos.vyos_l3_interfaces lag_interfaces: redirect: vyos.vyos.vyos_lag_interfaces linkagg: redirect: vyos.vyos.vyos_linkagg deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_linkagg: deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp: redirect: vyos.vyos.vyos_lldp deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_lldp: deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp_global: redirect: vyos.vyos.vyos_lldp_global lldp_interface: redirect: vyos.vyos.vyos_lldp_interface deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_lldp_interface: deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp_interfaces: redirect: vyos.vyos.vyos_lldp_interfaces logging: redirect: vyos.vyos.vyos_logging deprecation: removal_date: '2023-08-01' warning_text: See the plugin documentation for more details vyos_logging: deprecation: removal_date: '2023-08-01' warning_text: See the plugin documentation for more details logging_global: redirect: vyos.vyos.vyos_logging_global + ntp_global: + redirect: vyos.vyos.vyos_ntp_global ospfv2: redirect: vyos.vyos.vyos_ospfv2 ospfv3: redirect: vyos.vyos.vyos_ospfv3 ospf_interfaces: redirect: vyos.vyos.vyos_ospf_interfaces ping: redirect: vyos.vyos.vyos_ping prefix_lists: redirect: vyos.vyos.vyos_prefix_lists static_route: redirect: vyos.vyos.vyos_static_route deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_static_route: deprecation: removal_date: "2022-06-01" warning_text: See the plugin documentation for more details static_routes: redirect: vyos.vyos.vyos_static_routes system: redirect: vyos.vyos.vyos_system user: redirect: vyos.vyos.vyos_user vlan: redirect: vyos.vyos.vyos_vlan diff --git a/plugins/cliconf/vyos.py b/plugins/cliconf/vyos.py index 0471fd5e..6829425f 100644 --- a/plugins/cliconf/vyos.py +++ b/plugins/cliconf/vyos.py @@ -1,370 +1,370 @@ # # (c) 2017 Red Hat Inc. # # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . # from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ author: Ansible Networking Team cliconf: vyos short_description: Use vyos cliconf to run command on VyOS platform description: - This vyos plugin provides low level abstraction apis for sending and receiving CLI commands from VyOS network devices. version_added: 1.0.0 options: config_commands: description: - Specifies a list of commands that can make configuration changes to the target device. - When `ansible_network_single_user_mode` is enabled, if a command sent to the device is present in this list, the existing cache is invalidated. version_added: 2.0.0 type: list default: [] vars: - name: ansible_vyos_config_commands """ import re import json from ansible.errors import AnsibleConnectionFailure from ansible.module_utils._text import to_text from ansible.module_utils.common._collections_compat import Mapping from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.config import ( NetworkConfig, ) from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( to_list, ) from ansible.plugins.cliconf import CliconfBase from ansible_collections.vyos.vyos.plugins.cliconf_utils.vyosconf import ( VyosConf, ) class Cliconf(CliconfBase): __rpc__ = CliconfBase.__rpc__ + [ "commit", "discard_changes", "get_diff", "run_commands", ] def __init__(self, *args, **kwargs): super(Cliconf, self).__init__(*args, **kwargs) self._device_info = {} def get_device_info(self): if not self._device_info: device_info = {} device_info["network_os"] = "vyos" reply = self.get("show version") data = to_text(reply, errors="surrogate_or_strict").strip() match = re.search(r"Version:\s*(.*)", data) if match: device_info["network_os_version"] = match.group(1) match = re.search(r"HW model:\s*(\S+)", data) if match: device_info["network_os_model"] = match.group(1) reply = self.get("show host name") device_info["network_os_hostname"] = to_text( reply, errors="surrogate_or_strict" ).strip() self._device_info = device_info return self._device_info def get_config(self, flags=None, format=None): if format: option_values = self.get_option_values() if format not in option_values["format"]: raise ValueError( "'format' value %s is invalid. Valid values of format are %s" % (format, ", ".join(option_values["format"])) ) if not flags: flags = [] if format == "text": command = "show configuration" else: command = "show configuration commands" command += " ".join(to_list(flags)) command = command.strip() out = self.send_command(command) return out def edit_config( self, candidate=None, commit=True, replace=None, comment=None ): resp = {} operations = self.get_device_operations() self.check_edit_config_capability( operations, candidate, commit, replace, comment ) results = [] requests = [] self.send_command("configure") for cmd in to_list(candidate): if not isinstance(cmd, Mapping): cmd = {"command": cmd} results.append(self.send_command(**cmd)) requests.append(cmd["command"]) out = self.get("compare") out = to_text(out, errors="surrogate_or_strict") diff_config = out if not out.startswith("No changes") else None if diff_config: if commit: try: self.commit(comment) except AnsibleConnectionFailure as e: msg = "commit failed: %s" % e.message self.discard_changes() raise AnsibleConnectionFailure(msg) else: self.send_command("exit") else: self.discard_changes() else: self.send_command("exit") if ( to_text( self._connection.get_prompt(), errors="surrogate_or_strict" ) .strip() .endswith("#") ): self.discard_changes() if diff_config: resp["diff"] = diff_config resp["response"] = results resp["request"] = requests return resp def get( self, command=None, prompt=None, answer=None, sendonly=False, - output=None, newline=True, + output=None, check_all=False, ): if not command: raise ValueError("must provide value of command to execute") if output: raise ValueError( "'output' value %s is not supported for get" % output ) return self.send_command( command=command, prompt=prompt, answer=answer, sendonly=sendonly, newline=newline, check_all=check_all, ) def commit(self, comment=None): if comment: command = 'commit comment "{0}"'.format(comment) else: command = "commit" self.send_command(command) def discard_changes(self): self.send_command("exit discard") def get_diff( self, candidate=None, running=None, diff_match="line", diff_ignore_lines=None, path=None, diff_replace=None, ): diff = {} device_operations = self.get_device_operations() option_values = self.get_option_values() if candidate is None and device_operations["supports_generate_diff"]: raise ValueError( "candidate configuration is required to generate diff" ) if diff_match not in option_values["diff_match"]: raise ValueError( "'match' value %s in invalid, valid values are %s" % (diff_match, ", ".join(option_values["diff_match"])) ) if diff_replace: raise ValueError("'replace' in diff is not supported") if diff_ignore_lines: raise ValueError("'diff_ignore_lines' in diff is not supported") if path: raise ValueError("'path' in diff is not supported") set_format = candidate.startswith("set") or candidate.startswith( "delete" ) candidate_obj = NetworkConfig(indent=4, contents=candidate) if not set_format: config = [c.line for c in candidate_obj.items] commands = list() # this filters out less specific lines for item in config: for index, entry in enumerate(commands): if item.startswith(entry): del commands[index] break commands.append(item) candidate_commands = [ "set %s" % cmd.replace(" {", "") for cmd in commands ] else: candidate_commands = str(candidate).strip().split("\n") if diff_match == "none": diff["config_diff"] = list(candidate_commands) return diff if diff_match == "smart": running_conf = VyosConf(running.splitlines()) candidate_conf = VyosConf(candidate_commands) diff["config_diff"] = running_conf.diff_commands_to(candidate_conf) return diff running_commands = [ str(c).replace("'", "") for c in running.splitlines() ] updates = list() visited = set() for line in candidate_commands: item = str(line).replace("'", "") if not item.startswith("set") and not item.startswith("delete"): raise ValueError( "line must start with either `set` or `delete`" ) elif item.startswith("set") and item not in running_commands: updates.append(line) elif item.startswith("delete"): if not running_commands: updates.append(line) else: item = re.sub(r"delete", "set", item) for entry in running_commands: if entry.startswith(item) and line not in visited: updates.append(line) visited.add(line) diff["config_diff"] = list(updates) return diff def run_commands(self, commands=None, check_rc=True): if commands is None: raise ValueError("'commands' value is required") responses = list() for cmd in to_list(commands): if not isinstance(cmd, Mapping): cmd = {"command": cmd} output = cmd.pop("output", None) if output: raise ValueError( "'output' value %s is not supported for run_commands" % output ) try: out = self.send_command(**cmd) except AnsibleConnectionFailure as e: if check_rc: raise out = getattr(e, "err", e) responses.append(out) return responses def get_device_operations(self): return { "supports_diff_replace": False, "supports_commit": True, "supports_rollback": False, "supports_defaults": False, "supports_onbox_diff": True, "supports_commit_comment": True, "supports_multiline_delimiter": False, "supports_diff_match": True, "supports_diff_ignore_lines": False, "supports_generate_diff": False, "supports_replace": False, } def get_option_values(self): return { "format": ["text", "set"], "diff_match": ["line", "smart", "none"], "diff_replace": [], "output": [], } def get_capabilities(self): result = super(Cliconf, self).get_capabilities() result["device_operations"] = self.get_device_operations() result.update(self.get_option_values()) return json.dumps(result) def set_cli_prompt_context(self): """ Make sure we are in the operational cli mode :return: None """ if self._connection.connected: self._update_cli_prompt_context( config_context="#", exit_command="exit discard" ) diff --git a/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py index 92a02559..baafa899 100644 --- a/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py @@ -1,151 +1,161 @@ # # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) ############################################# # WARNING # ############################################# # # This file is auto generated by the resource # module builder playbook. # # Do not edit this file manually. # # Changes to this file will be over written # by the resource module builder. # # Changes should be made in the model used to # generate this file or in the resource module # builder template. # ############################################# """ The arg spec for the vyos_firewall_global module """ from __future__ import absolute_import, division, print_function __metaclass__ = type class Firewall_globalArgs(object): # pylint: disable=R0903 """The arg spec for the vyos_firewall_global module""" def __init__(self, **kwargs): pass argument_spec = { "config": { "options": { "config_trap": {"type": "bool"}, "group": { "options": { "address_group": { "elements": "dict", "options": { + "afi": { + "choices": ["ipv4", "ipv6"], + "default": "ipv4", + "type": "str", + }, "description": {"type": "str"}, "members": { "elements": "dict", "options": {"address": {"type": "str"}}, "type": "list", }, "name": {"required": True, "type": "str"}, }, "type": "list", }, "network_group": { "elements": "dict", "options": { + "afi": { + "choices": ["ipv4", "ipv6"], + "default": "ipv4", + "type": "str", + }, "description": {"type": "str"}, "members": { "elements": "dict", "options": {"address": {"type": "str"}}, "type": "list", }, "name": {"required": True, "type": "str"}, }, "type": "list", }, "port_group": { "elements": "dict", "options": { "description": {"type": "str"}, "members": { "elements": "dict", "options": {"port": {"type": "str"}}, "type": "list", }, "name": {"required": True, "type": "str"}, }, "type": "list", }, }, "type": "dict", }, "log_martians": {"type": "bool"}, "ping": { "options": { "all": {"type": "bool"}, "broadcast": {"type": "bool"}, }, "type": "dict", }, "route_redirects": { "elements": "dict", "options": { "afi": { "choices": ["ipv4", "ipv6"], "required": True, "type": "str", }, "icmp_redirects": { "options": { "receive": {"type": "bool"}, "send": {"type": "bool"}, }, "type": "dict", }, "ip_src_route": {"type": "bool"}, }, "type": "list", }, "state_policy": { "elements": "dict", "options": { "action": { "choices": ["accept", "drop", "reject"], "type": "str", }, "connection_type": { "choices": ["established", "invalid", "related"], "type": "str", }, "log": {"type": "bool"}, }, "type": "list", }, "syn_cookies": {"type": "bool"}, "twa_hazards_protection": {"type": "bool"}, "validation": { "choices": ["strict", "loose", "disable"], "type": "str", }, }, "type": "dict", }, "running_config": {"type": "str"}, "state": { "choices": [ "merged", "replaced", "deleted", "gathered", "rendered", "parsed", ], "default": "merged", "type": "str", }, } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/vyos/argspec/ntp_global/__init__.py b/plugins/module_utils/network/vyos/argspec/ntp_global/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/plugins/module_utils/network/vyos/argspec/ntp_global/ntp_global.py b/plugins/module_utils/network/vyos/argspec/ntp_global/ntp_global.py new file mode 100644 index 00000000..63262154 --- /dev/null +++ b/plugins/module_utils/network/vyos/argspec/ntp_global/ntp_global.py @@ -0,0 +1,72 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +############################################# +# WARNING # +############################################# +# +# This file is auto generated by the +# cli_rm_builder. +# +# Manually editing this file is not advised. +# +# To update the argspec make the desired changes +# in the module docstring and re-run +# cli_rm_builder. +# +############################################# + +""" +The arg spec for the vyos_ntp module +""" + + +class Ntp_globalArgs(object): # pylint: disable=R0903 + """The arg spec for the vyos_ntp module""" + + argument_spec = { + "config": { + "type": "dict", + "options": { + "allow_clients": {"type": "list", "elements": "str"}, + "listen_addresses": {"type": "list", "elements": "str"}, + "servers": { + "type": "list", + "elements": "dict", + "options": { + "server": {"type": "str"}, + "options": { + "type": "list", + "elements": "str", + "choices": [ + "noselect", + "dynamic", + "preempt", + "prefer", + ], + }, + }, + }, + }, + }, + "running_config": {"type": "str"}, + "state": { + "type": "str", + "choices": [ + "deleted", + "merged", + "overridden", + "replaced", + "gathered", + "rendered", + "parsed", + ], + "default": "merged", + }, + } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py index 29da3ece..be8b172a 100644 --- a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py @@ -1,805 +1,812 @@ # # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) """ The vyos_firewall_global class It is in this file where the current configuration (as dict) is compared to the provided configuration (as dict) and the command set necessary to bring the current configuration to it's desired end-state is created """ from __future__ import absolute_import, division, print_function __metaclass__ = type from copy import deepcopy from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.cfg.base import ( ConfigBase, ) from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( to_list, remove_empties, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import ( Facts, ) from ansible.module_utils.six import iteritems from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import ( list_diff_want_only, ) class Firewall_global(ConfigBase): """ The vyos_firewall_global class """ gather_subset = ["!all", "!min"] gather_network_resources = ["firewall_global"] def __init__(self, module): super(Firewall_global, self).__init__(module) def get_firewall_global_facts(self, data=None): """Get the 'facts' (the current configuration) :rtype: A dictionary :returns: The current configuration as a dictionary """ facts, _warnings = Facts(self._module).get_facts( self.gather_subset, self.gather_network_resources, data=data ) firewall_global_facts = facts["ansible_network_resources"].get( "firewall_global" ) if not firewall_global_facts: return [] return firewall_global_facts def execute_module(self): """Execute the module :rtype: A dictionary :returns: The result from module execution """ result = {"changed": False} warnings = list() commands = list() if self.state in self.ACTION_STATES: existing_firewall_global_facts = self.get_firewall_global_facts() else: existing_firewall_global_facts = [] if self.state in self.ACTION_STATES or self.state == "rendered": commands.extend(self.set_config(existing_firewall_global_facts)) if commands and self.state in self.ACTION_STATES: if not self._module.check_mode: self._connection.edit_config(commands) result["changed"] = True if self.state in self.ACTION_STATES: result["commands"] = commands if self.state in self.ACTION_STATES or self.state == "gathered": changed_firewall_global_facts = self.get_firewall_global_facts() elif self.state == "rendered": result["rendered"] = commands elif self.state == "parsed": running_config = self._module.params["running_config"] if not running_config: self._module.fail_json( msg="value of running_config parameter must not be empty for state parsed" ) result["parsed"] = self.get_firewall_global_facts( data=running_config ) else: changed_firewall_global_facts = [] if self.state in self.ACTION_STATES: result["before"] = existing_firewall_global_facts if result["changed"]: result["after"] = changed_firewall_global_facts elif self.state == "gathered": result["gathered"] = changed_firewall_global_facts result["warnings"] = warnings return result def set_config(self, existing_firewall_global_facts): """Collect the configuration from the args passed to the module, collect the current configuration (as a dict from facts) :rtype: A list :returns: the commands necessary to migrate the current configuration to the desired configuration """ want = self._module.params["config"] have = existing_firewall_global_facts resp = self.set_state(want, have) return to_list(resp) def set_state(self, w, h): """Select the appropriate function based on the state provided :param want: the desired configuration as a dictionary :param have: the current configuration as a dictionary :rtype: A list :returns: the commands necessary to migrate the current configuration to the desired configuration """ commands = [] if self.state in ("merged", "replaced", "rendered") and not w: self._module.fail_json( msg="value of config parameter must not be empty for state {0}".format( self.state ) ) if self.state == "deleted": commands.extend(self._state_deleted(want=None, have=h)) elif w: if self.state == "merged" or self.state == "rendered": commands.extend(self._state_merged(w, h)) elif self.state == "replaced": commands.extend(self._state_replaced(w, h)) return commands def _state_replaced(self, w, h): """The command generator when state is replaced :rtype: A list :returns: the commands necessary to migrate the current configuration to the desired configuration """ commands = [] if h: commands.extend(self._state_deleted(h, w)) commands.extend(self._state_merged(w, h)) return commands def _state_merged(self, want, have): """The command generator when state is merged :rtype: A list :returns: the commands necessary to merge the provided into the current configuration """ commands = [] commands.extend(self._add_global_attr(want, have)) return commands def _state_deleted(self, want, have): """The command generator when state is deleted :rtype: A list :returns: the commands necessary to remove the current configuration of the provided objects """ commands = [] b_set = ( "config_trap", "validation", "log_martians", "syn_cookies", "twa_hazards_protection", ) if want: for key, val in iteritems(want): if val and key in b_set and not have: commands.append(self._form_attr_cmd(attr=key, opr=False)) elif ( val and key in b_set and have and key in have and have[key] != val ): commands.append(self._form_attr_cmd(attr=key, opr=False)) else: commands.extend(self._render_attr_config(want, have, key)) elif not want and have: commands.append(self._compute_command(opr=False)) elif have: for key, val in iteritems(have): if val and key in b_set: commands.append(self._form_attr_cmd(attr=key, opr=False)) else: commands.extend(self._render_attr_config(want, have, key)) return commands def _render_attr_config(self, w, h, key, opr=False): """ This function invoke the function to extend commands based on the key. :param w: the desired configuration. :param h: the current configuration. :param key: attribute name :param opr: operation :return: list of commands """ commands = [] if key == "ping": commands.extend(self._render_ping(key, w, h, opr=opr)) elif key == "group": commands.extend(self._render_group(key, w, h, opr=opr)) elif key == "state_policy": commands.extend(self._render_state_policy(key, w, h, opr=opr)) elif key == "route_redirects": commands.extend(self._render_route_redirects(key, w, h, opr=opr)) return commands def _add_global_attr(self, w, h, opr=True): """ This function forms the set/delete commands based on the 'opr' type for firewall_global attributes. :param w: the desired config. :param h: the target config. :param opr: True/False. :return: generated commands list. """ commands = [] w_fg = deepcopy(remove_empties(w)) l_set = ( "config_trap", "validation", "log_martians", "syn_cookies", "twa_hazards_protection", ) if w_fg: for key, val in iteritems(w_fg): if ( opr and key in l_set and not (h and self._is_w_same(w_fg, h, key)) ): commands.append( self._form_attr_cmd( attr=key, val=self._bool_to_str(val), opr=opr ) ) elif not opr: if key and self._is_del(l_set, h): commands.append( self._form_attr_cmd( attr=key, key=self._bool_to_str(val), opr=opr ) ) continue if ( key in l_set and not (h and self._in_target(h, key)) and not self._is_del(l_set, h) ): commands.append( self._form_attr_cmd( attr=key, val=self._bool_to_str(val), opr=opr ) ) else: commands.extend( self._render_attr_config(w_fg, h, key, opr) ) return commands def _render_ping(self, attr, w, h, opr): """ This function forms the commands for 'ping' attributes based on the 'opr'. :param attr: attribute name. :param w: the desired configuration. :param h: the target config. :param opr: True/False. :return: generated list of commands. """ commands = [] h_ping = {} l_set = ("all", "broadcast") if h: h_ping = h.get(attr) or {} if self._is_root_del(w[attr], h_ping, attr): for item, value in iteritems(h[attr]): if not opr and item in l_set: commands.append(self._form_attr_cmd(attr=item, opr=opr)) elif w[attr]: if h and attr in h.keys(): h_ping = h.get(attr) or {} for item, value in iteritems(w[attr]): if ( opr and item in l_set and not (h_ping and self._is_w_same(w[attr], h_ping, item)) ): commands.append( self._form_attr_cmd( attr=item, val=self._bool_to_str(value), opr=opr ) ) elif ( not opr and item in l_set and not (h_ping and self._is_w_same(w[attr], h_ping, item)) ): commands.append(self._form_attr_cmd(attr=item, opr=opr)) return commands def _render_group(self, attr, w, h, opr): """ This function forms the commands for 'group' attribute based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param opr: True/False. :return: generated list of commands. """ commands = [] h_grp = {} if not opr and self._is_root_del(h, w, attr): commands.append(self._form_attr_cmd(attr=attr, opr=opr)) else: if h: h_grp = h.get("group") or {} if w: commands.extend( self._render_grp_mem("port_group", w["group"], h_grp, opr) ) commands.extend( self._render_grp_mem( "address_group", w["group"], h_grp, opr ) ) commands.extend( self._render_grp_mem( "network_group", w["group"], h_grp, opr ) ) return commands def _render_grp_mem(self, attr, w, h, opr): """ This function forms the commands for group list/members attributes based on the 'opr'. :param attr: attribute name. :param w: the desired config. :param h: the target config. :param opr: True/False. :return: generated list of commands. """ commands = [] h_grp = [] w_grp = [] l_set = ("name", "description") if w: w_grp = w.get(attr) or [] if h: h_grp = h.get(attr) or [] if w_grp: for want in w_grp: - cmd = self._compute_command(key="group", attr=attr, opr=opr) h = self.search_attrib_in_have(h_grp, want, "name") + if "afi" in want and want["afi"] == "ipv6": + cmd = self._compute_command( + key="group", attr="ipv6-" + attr, opr=opr + ) + else: + cmd = self._compute_command( + key="group", attr=attr, opr=opr + ) for key, val in iteritems(want): if val: if ( opr and key in l_set and not (h and self._is_w_same(want, h, key)) ): if key == "name": commands.append(cmd + " " + str(val)) else: commands.append( cmd + " " + want["name"] + " " + key + " '" + str(want[key]) + "'" ) elif not opr and key in l_set: if key == "name" and self._is_grp_del( h, want, key ): commands.append(cmd + " " + want["name"]) continue if not ( h and self._in_target(h, key) ) and not self._is_grp_del(h, want, key): commands.append( cmd + " " + want["name"] + " " + key ) elif key == "members": commands.extend( self._render_ports_addrs( key, want, h, opr, cmd, want["name"], attr ) ) return commands def _render_ports_addrs(self, attr, w, h, opr, cmd, name, type): """ This function forms the commands for port/address/network group members based on the 'opr'. :param attr: attribute name. :param w: the desired config. :param h: the target config. :param cmd: commands to be prepend. :param name: name of group. :param type: group type. :return: generated list of commands. """ commands = [] have = [] if w: want = w.get(attr) or [] if h: have = h.get(attr) or [] if want: if opr: members = list_diff_want_only(want, have) for member in members: commands.append( cmd + " " + name + " " + self._grp_type(type) + " " + member[self._get_mem_type(type)] ) elif not opr and have: members = list_diff_want_only(want, have) for member in members: commands.append( cmd + " " + name + " " + self._grp_type(type) + " " + member[self._get_mem_type(type)] ) return commands def _get_mem_type(self, group): """ This function returns the member type based on the type of group. """ return "port" if group == "port_group" else "address" def _render_state_policy(self, attr, w, h, opr): """ This function forms the commands for 'state-policy' attributes based on the 'opr'. :param attr: attribute name. :param w: the desired config. :param h: the target config. :param opr: True/False. :return: generated list of commands. """ commands = [] have = [] l_set = ("log", "action", "connection_type") if not opr and self._is_root_del(h, w, attr): commands.append(self._form_attr_cmd(attr=attr, opr=opr)) else: w_sp = deepcopy(remove_empties(w)) want = w_sp.get(attr) or [] if h: have = h.get(attr) or [] if want: for w in want: h = self.search_attrib_in_have(have, w, "connection_type") for key, val in iteritems(w): if val and key != "connection_type": if ( opr and key in l_set and not (h and self._is_w_same(w, h, key)) ): commands.append( self._form_attr_cmd( key=attr + " " + w["connection_type"], attr=key, val=self._bool_to_str(val), opr=opr, ) ) elif not opr and key in l_set: if not ( h and self._in_target(h, key) ) and not self._is_del(l_set, h): if key == "action": commands.append( self._form_attr_cmd( attr=attr + " " + w["connection_type"], opr=opr, ) ) else: commands.append( self._form_attr_cmd( attr=attr + " " + w["connection_type"], val=self._bool_to_str(val), opr=opr, ) ) return commands def _render_route_redirects(self, attr, w, h, opr): """ This function forms the commands for 'route_redirects' attributes based on the 'opr'. :param attr: attribute name. :param w: the desired config. :param h: the target config. :param opr: True/False. :return: generated list of commands. """ commands = [] have = [] l_set = ("afi", "ip_src_route") if w: want = w.get(attr) or [] if h: have = h.get(attr) or [] if want: for w in want: h = self.search_attrib_in_have(have, w, "afi") for key, val in iteritems(w): if val and key != "afi": if ( opr and key in l_set and not (h and self._is_w_same(w, h, key)) ): commands.append( self._form_attr_cmd( attr=key, val=self._bool_to_str(val), opr=opr, ) ) elif not opr and key in l_set: if self._is_del(l_set, h): commands.append( self._form_attr_cmd( attr=key, val=self._bool_to_str(val), opr=opr, ) ) continue if not ( h and self._in_target(h, key) ) and not self._is_del(l_set, h): commands.append( self._form_attr_cmd( attr=key, val=self._bool_to_str(val), opr=opr, ) ) elif key == "icmp_redirects": commands.extend( self._render_icmp_redirects(key, w, h, opr) ) return commands def _render_icmp_redirects(self, attr, w, h, opr): """ This function forms the commands for 'icmp_redirects' attributes based on the 'opr'. :param attr: attribute name. :param w: the desired config. :param h: the target config. :param opr: True/False. :return: generated list of commands. """ commands = [] h_red = {} l_set = ("send", "receive") if w[attr]: if h and attr in h.keys(): h_red = h.get(attr) or {} for item, value in iteritems(w[attr]): if ( opr and item in l_set and not (h_red and self._is_w_same(w[attr], h_red, item)) ): commands.append( self._form_attr_cmd( attr=item, val=self._bool_to_str(value), opr=opr ) ) elif ( not opr and item in l_set and not (h_red and self._is_w_same(w[attr], h_red, item)) ): commands.append(self._form_attr_cmd(attr=item, opr=opr)) return commands def search_attrib_in_have(self, have, want, attr): """ This function returns the attribute if it is present in target config. :param have: the target config. :param want: the desired config. :param attr: attribute name . :return: attribute/None """ if have: for h in have: if h[attr] == want[attr]: return h return None def _form_attr_cmd(self, key=None, attr=None, val=None, opr=True): """ This function forms the command for leaf attribute. :param key: parent key. :param attr: attribute name :param value: value :param opr: True/False. :return: generated command. """ command = self._compute_command( key=key, attr=self._map_attrib(attr), val=val, opr=opr ) return command def _compute_command( self, key=None, attr=None, val=None, remove=False, opr=True ): """ This function construct the add/delete command based on passed attributes. :param key: parent key. :param attr: attribute name :param value: value :param remove: True/False. :param opr: True/False. :return: generated command. """ if remove or not opr: cmd = "delete firewall " else: cmd = "set firewall " if key: cmd += key.replace("_", "-") + " " if attr: cmd += attr.replace("_", "-") if val and opr: cmd += " '" + str(val) + "'" return cmd def _bool_to_str(self, val): """ This function converts the bool value into string. :param val: bool value. :return: enable/disable. """ return ( "enable" if str(val) == "True" else "disable" if str(val) == "False" else val ) def _grp_type(self, val): """ This function returns the group member type based on value argument. :param val: value. :return: member type. """ return ( "address" if val == "address_group" else "network" if val == "network_group" else "port" ) def _is_w_same(self, w, h, key): """ This function checks whether the key value is same in desired and target config dictionary. :param w: base config. :param h: target config. :param key:attribute name. :return: True/False. """ return True if h and key in h and h[key] == w[key] else False def _in_target(self, h, key): """ This function checks whether the target exist and key present in target config. :param h: target config. :param key: attribute name. :return: True/False. """ return True if h and key in h else False def _is_grp_del(self, w, h, key): """ This function checks whether group needed to be deleted based on desired and target configs. :param w: the desired config. :param h: the target config. :param key: group name. :return: True/False. """ return ( True if h and key in h and (not w or key not in w or not w[key]) else False ) def _is_root_del(self, w, h, key): """ This function checks whether a root attribute which can have further child attributes needed to be deleted. :param w: the desired config. :param h: the target config. :param key: attribute name. :return: True/False. """ return ( True if h and key in h and (not w or key not in w or not w[key]) else False ) def _is_del(self, b_set, h, key="number"): """ This function checks whether attribute needs to be deleted when operation is false and attribute present in present target config. :param b_set: attribute set. :param h: target config. :param key: number. :return: True/False. """ return key in b_set and not (h and self._in_target(h, key)) def _map_attrib(self, attrib, type=None): """ - This function construct the regex string. - replace the underscore with hyphen. :param attrib: attribute :return: regex string """ regex = attrib.replace("_", "-") if attrib == "send": if type == "ipv6": regex = "ipv6-send-redirects" else: regex = "send-redirects" elif attrib == "ip_src_route": if type == "ipv6": regex = "ipv6-src-route" elif attrib == "receive": if type == "ipv6": regex = "ipv6-receive-redirects" else: regex = "receive-redirects" elif attrib == "disabled": regex = "disable" elif attrib == "all": regex = "all-ping" elif attrib == "broadcast": regex = "broadcast-ping" elif attrib == "validation": regex = "source-validation" return regex diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py index fd5a4f59..3c56626f 100644 --- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py @@ -1,1018 +1,1034 @@ # # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) """ The vyos_firewall_rules class It is in this file where the current configuration (as dict) is compared to the provided configuration (as dict) and the command set necessary to bring the current configuration to it's desired end-state is created """ from __future__ import absolute_import, division, print_function __metaclass__ = type from copy import deepcopy from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.cfg.base import ( ConfigBase, ) from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( to_list, remove_empties, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import ( Facts, ) from ansible.module_utils.six import iteritems from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import ( list_diff_want_only, ) class Firewall_rules(ConfigBase): """ The vyos_firewall_rules class """ gather_subset = [ "!all", "!min", ] gather_network_resources = [ "firewall_rules", ] def __init__(self, module): super(Firewall_rules, self).__init__(module) def get_firewall_rules_facts(self, data=None): """Get the 'facts' (the current configuration) :rtype: A dictionary :returns: The current configuration as a dictionary """ facts, _warnings = Facts(self._module).get_facts( self.gather_subset, self.gather_network_resources, data=data ) firewall_rules_facts = facts["ansible_network_resources"].get( "firewall_rules" ) if not firewall_rules_facts: return [] return firewall_rules_facts def execute_module(self): """Execute the module :rtype: A dictionary :returns: The result from module execution """ result = {"changed": False} warnings = list() commands = list() if self.state in self.ACTION_STATES: existing_firewall_rules_facts = self.get_firewall_rules_facts() else: existing_firewall_rules_facts = [] if self.state in self.ACTION_STATES or self.state == "rendered": commands.extend(self.set_config(existing_firewall_rules_facts)) if commands and self.state in self.ACTION_STATES: if not self._module.check_mode: self._connection.edit_config(commands) result["changed"] = True if self.state in self.ACTION_STATES: result["commands"] = commands if self.state in self.ACTION_STATES or self.state == "gathered": changed_firewall_rules_facts = self.get_firewall_rules_facts() elif self.state == "rendered": result["rendered"] = commands elif self.state == "parsed": running_config = self._module.params["running_config"] if not running_config: self._module.fail_json( msg="value of running_config parameter must not be empty for state parsed" ) result["parsed"] = self.get_firewall_rules_facts( data=running_config ) else: changed_firewall_rules_facts = [] if self.state in self.ACTION_STATES: result["before"] = existing_firewall_rules_facts if result["changed"]: result["after"] = changed_firewall_rules_facts elif self.state == "gathered": result["gathered"] = changed_firewall_rules_facts result["warnings"] = warnings return result def set_config(self, existing_firewall_rules_facts): """Collect the configuration from the args passed to the module, collect the current configuration (as a dict from facts) :rtype: A list :returns: the commands necessary to migrate the current configuration to the desired configuration """ want = self._module.params["config"] have = existing_firewall_rules_facts resp = self.set_state(want, have) return to_list(resp) def set_state(self, w, h): """Select the appropriate function based on the state provided :param want: the desired configuration as a dictionary :param have: the current configuration as a dictionary :rtype: A list :returns: the commands necessary to migrate the current configuration to the desired configuration """ commands = [] if ( self.state in ("merged", "replaced", "overridden", "rendered") and not w ): self._module.fail_json( msg="value of config parameter must not be empty for state {0}".format( self.state ) ) if self.state == "overridden": commands.extend(self._state_overridden(w, h)) elif self.state == "deleted": commands.extend(self._state_deleted(w, h)) elif w: if self.state == "merged" or self.state == "rendered": commands.extend(self._state_merged(w, h)) elif self.state == "replaced": commands.extend(self._state_replaced(w, h)) return commands def _state_replaced(self, want, have): """The command generator when state is replaced :rtype: A list :returns: the commands necessary to migrate the current configuration to the desired configuration """ commands = [] if have: + # Iterate over the afi rule sets we already have. for h in have: r_sets = self._get_r_sets(h) + # Iterate over each rule set we already have. for rs in r_sets: - w = self.search_r_sets_in_have(want, rs["name"], "r_list") - commands.extend( - self._add_r_sets(h["afi"], rs, w, opr=False) + # In the desired configuration, search for the rule set we + # already have (to be replaced by our desired + # configuration's rule set). + wanted_rule_set = self.search_r_sets_in_have( + want, rs["name"], "r_list" ) + if wanted_rule_set is not None: + # Remove the rules that we already have if the wanted + # rules exist under the same name. + commands.extend( + self._add_r_sets( + h["afi"], + want=rs, + have=wanted_rule_set, + opr=False, + ) + ) + # Merge the desired configuration into what we already have. commands.extend(self._state_merged(want, have)) return commands def _state_overridden(self, want, have): """The command generator when state is overridden :rtype: A list :returns: the commands necessary to migrate the current configuration to the desired configuration """ commands = [] if have: for h in have: r_sets = self._get_r_sets(h) for rs in r_sets: w = self.search_r_sets_in_have(want, rs["name"], "r_list") if not w: commands.append( self._compute_command( h["afi"], rs["name"], remove=True ) ) else: commands.extend( self._add_r_sets(h["afi"], rs, w, opr=False) ) commands.extend(self._state_merged(want, have)) return commands def _state_merged(self, want, have): """The command generator when state is merged :rtype: A list :returns: the commands necessary to merge the provided into the current configuration """ commands = [] for w in want: r_sets = self._get_r_sets(w) for rs in r_sets: h = self.search_r_sets_in_have(have, rs["name"], "r_list") commands.extend(self._add_r_sets(w["afi"], rs, h)) return commands def _state_deleted(self, want, have): """The command generator when state is deleted :rtype: A list :returns: the commands necessary to remove the current configuration of the provided objects """ commands = [] if want: for w in want: r_sets = self._get_r_sets(w) if r_sets: for rs in r_sets: h = self.search_r_sets_in_have( have, rs["name"], "r_list" ) if h: commands.append( self._compute_command( w["afi"], h["name"], remove=True ) ) elif have: for h in have: if h["afi"] == w["afi"]: commands.append( self._compute_command(w["afi"], remove=True) ) elif have: for h in have: r_sets = self._get_r_sets(h) if r_sets: commands.append( self._compute_command(afi=h["afi"], remove=True) ) return commands def _add_r_sets(self, afi, want, have, opr=True): """ This function forms the set/delete commands based on the 'opr' type for rule-sets attributes. :param afi: address type. :param want: desired config. :param have: target config. :param opr: True/False. :return: generated commands list. """ commands = [] l_set = ("description", "default_action", "enable_default_log") h_rs = {} h_rules = {} w_rs = deepcopy(remove_empties(want)) w_rules = w_rs.pop("rules", None) if have: h_rs = deepcopy(remove_empties(have)) h_rules = h_rs.pop("rules", None) if w_rs: for key, val in iteritems(w_rs): if ( opr and key in l_set and not (h_rs and self._is_w_same(w_rs, h_rs, key)) ): if key == "enable_default_log": if val and ( not h_rs or key not in h_rs or not h_rs[key] ): commands.append( self._add_rs_base_attrib( afi, want["name"], key, w_rs ) ) else: commands.append( self._add_rs_base_attrib( afi, want["name"], key, w_rs ) ) elif not opr and key in l_set: if ( key == "enable_default_log" and val and h_rs and (key not in h_rs or not h_rs[key]) ): commands.append( self._add_rs_base_attrib( afi, want["name"], key, w_rs, opr ) ) elif not (h_rs and self._in_target(h_rs, key)): commands.append( self._add_rs_base_attrib( afi, want["name"], key, w_rs, opr ) ) commands.extend( self._add_rules(afi, want["name"], w_rules, h_rules, opr) ) if h_rules: have["rules"] = h_rules if w_rules: want["rules"] = w_rules return commands def _add_rules(self, afi, name, w_rules, h_rules, opr=True): """ This function forms the set/delete commands based on the 'opr' type for rules attributes. :param want: desired config. :param have: target config. :return: generated commands list. """ commands = [] l_set = ( "ipsec", "action", "number", "protocol", "fragment", "disabled", "description", ) if w_rules: for w in w_rules: cmd = self._compute_command(afi, name, w["number"], opr=opr) h = self.search_r_sets_in_have( h_rules, w["number"], type="rules" ) for key, val in iteritems(w): if val: if ( opr and key in l_set and not (h and self._is_w_same(w, h, key)) ): if key == "disabled": if not ( not val and (not h or key not in h or not h[key]) ): commands.append( self._add_r_base_attrib( afi, name, key, w ) ) else: commands.append( self._add_r_base_attrib(afi, name, key, w) ) elif not opr: if key == "number" and self._is_del(l_set, h): commands.append( self._add_r_base_attrib( afi, name, key, w, opr=opr ) ) continue if ( key == "disabled" and val and h and (key not in h or not h[key]) ): commands.append( self._add_r_base_attrib( afi, name, key, w, opr=opr ) ) elif ( key in l_set and not (h and self._in_target(h, key)) and not self._is_del(l_set, h) ): commands.append( self._add_r_base_attrib( afi, name, key, w, opr=opr ) ) elif key == "p2p": commands.extend(self._add_p2p(key, w, h, cmd, opr)) elif key == "tcp": commands.extend(self._add_tcp(key, w, h, cmd, opr)) elif key == "time": commands.extend( self._add_time(key, w, h, cmd, opr) ) elif key == "icmp": commands.extend( self._add_icmp(key, w, h, cmd, opr) ) elif key == "state": commands.extend( self._add_state(key, w, h, cmd, opr) ) elif key == "limit": commands.extend( self._add_limit(key, w, h, cmd, opr) ) elif key == "recent": commands.extend( self._add_recent(key, w, h, cmd, opr) ) elif key == "destination" or key == "source": commands.extend( self._add_src_or_dest(key, w, h, cmd, opr) ) return commands def _add_p2p(self, attr, w, h, cmd, opr): """ This function forms the set/delete commands based on the 'opr' type for p2p applications attributes. :param want: desired config. :param have: target config. :return: generated commands list. """ commands = [] have = [] if w: want = w.get(attr) or [] if h: have = h.get(attr) or [] if want: if opr: applications = list_diff_want_only(want, have) for app in applications: commands.append( cmd + (" " + attr + " " + app["application"]) ) elif not opr and have: applications = list_diff_want_only(want, have) for app in applications: commands.append( cmd + (" " + attr + " " + app["application"]) ) return commands def _add_state(self, attr, w, h, cmd, opr): """ This function forms the command for 'state' attributes based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param cmd: commands to be prepend. :return: generated list of commands. """ h_state = {} commands = [] l_set = ("new", "invalid", "related", "established") if w[attr]: if h and attr in h.keys(): h_state = h.get(attr) or {} for item, val in iteritems(w[attr]): if ( opr and item in l_set and not ( h_state and self._is_w_same(w[attr], h_state, item) ) ): commands.append( cmd + ( " " + attr + " " + item + " " + self._bool_to_str(val) ) ) elif ( not opr and item in l_set and not (h_state and self._in_target(h_state, item)) ): commands.append(cmd + (" " + attr + " " + item)) return commands def _add_recent(self, attr, w, h, cmd, opr): """ This function forms the command for 'recent' attributes based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param cmd: commands to be prepend. :return: generated list of commands. """ commands = [] h_recent = {} l_set = ("count", "time") if w[attr]: if h and attr in h.keys(): h_recent = h.get(attr) or {} for item, val in iteritems(w[attr]): if ( opr and item in l_set and not ( h_recent and self._is_w_same(w[attr], h_recent, item) ) ): commands.append( cmd + (" " + attr + " " + item + " " + str(val)) ) elif ( not opr and item in l_set and not (h_recent and self._in_target(h_recent, item)) ): commands.append(cmd + (" " + attr + " " + item)) return commands def _add_icmp(self, attr, w, h, cmd, opr): """ This function forms the commands for 'icmp' attributes based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param cmd: commands to be prepend. :return: generated list of commands. """ commands = [] h_icmp = {} l_set = ("code", "type", "type_name") if w[attr]: if h and attr in h.keys(): h_icmp = h.get(attr) or {} for item, val in iteritems(w[attr]): if ( opr and item in l_set and not (h_icmp and self._is_w_same(w[attr], h_icmp, item)) ): if item == "type_name": if "ipv6-name" in cmd: commands.append( cmd + (" " + "icmpv6" + " " + "type" + " " + val) ) else: commands.append( cmd + ( " " + attr + " " + item.replace("_", "-") + " " + val ) ) else: commands.append( cmd + (" " + attr + " " + item + " " + str(val)) ) elif ( not opr and item in l_set and not (h_icmp and self._in_target(h_icmp, item)) ): commands.append(cmd + (" " + attr + " " + item)) return commands def _add_time(self, attr, w, h, cmd, opr): """ This function forms the commands for 'time' attributes based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param cmd: commands to be prepend. :return: generated list of commands. """ commands = [] h_time = {} l_set = ( "utc", "stopdate", "stoptime", "weekdays", "monthdays", "startdate", "starttime", ) if w[attr]: if h and attr in h.keys(): h_time = h.get(attr) or {} for item, val in iteritems(w[attr]): if ( opr and item in l_set and not (h_time and self._is_w_same(w[attr], h_time, item)) ): if item == "utc": if not ( not val and (not h_time or item not in h_time) ): commands.append(cmd + (" " + attr + " " + item)) else: commands.append( cmd + (" " + attr + " " + item + " " + val) ) elif ( not opr and item in l_set and not (h_time and self._is_w_same(w[attr], h_time, item)) ): commands.append(cmd + (" " + attr + " " + item)) return commands def _add_tcp(self, attr, w, h, cmd, opr): """ This function forms the commands for 'tcp' attributes based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param cmd: commands to be prepend. :return: generated list of commands. """ h_tcp = {} commands = [] if w[attr]: key = "flags" flags = w[attr].get(key) or {} if flags: if h and key in h[attr].keys(): h_tcp = h[attr].get(key) or {} if flags: if opr and not ( h_tcp and self._is_w_same(w[attr], h[attr], key) ): commands.append( cmd + (" " + attr + " " + key + " " + flags) ) if not opr and not ( h_tcp and self._is_w_same(w[attr], h[attr], key) ): commands.append( cmd + (" " + attr + " " + key + " " + flags) ) return commands def _add_limit(self, attr, w, h, cmd, opr): """ This function forms the commands for 'limit' attributes based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param cmd: commands to be prepend. :return: generated list of commands. """ h_limit = {} commands = [] if w[attr]: key = "burst" if ( opr and key in w[attr].keys() and not ( h and attr in h.keys() and self._is_w_same(w[attr], h[attr], key) ) ): commands.append( cmd + (" " + attr + " " + key + " " + str(w[attr].get(key))) ) elif ( not opr and key in w[attr].keys() and not ( h and attr in h.keys() and self._in_target(h[attr], key) ) ): commands.append( cmd + (" " + attr + " " + key + " " + str(w[attr].get(key))) ) key = "rate" rate = w[attr].get(key) or {} if rate: if h and key in h[attr].keys(): h_limit = h[attr].get(key) or {} if "unit" in rate and "number" in rate: if opr and not ( h_limit and self._is_w_same(rate, h_limit, "unit") and self.is_w_same(rate, h_limit, "number") ): commands.append( cmd + ( " " + attr + " " + key + " " + str(rate["number"]) + "/" + rate["unit"] ) ) if not opr and not ( h_limit and self._is_w_same(rate, h_limit, "unit") and self._is_w_same(rate, h_limit, "number") ): commands.append(cmd + (" " + attr + " " + key)) return commands def _add_src_or_dest(self, attr, w, h, cmd, opr=True): """ This function forms the commands for 'src/dest' attributes based on the 'opr'. :param attr: attribute name. :param w: base config. :param h: target config. :param cmd: commands to be prepend. :return: generated list of commands. """ commands = [] h_group = {} g_set = ("port_group", "address_group", "network_group") if w[attr]: keys = ("address", "mac_address", "port") for key in keys: if ( opr and key in w[attr].keys() and not ( h and attr in h.keys() and self._is_w_same(w[attr], h[attr], key) ) ): commands.append( cmd + ( " " + attr + " " + key.replace("_", "-") + " " + w[attr].get(key) ) ) elif ( not opr and key in w[attr].keys() and not ( h and attr in h.keys() and self._in_target(h[attr], key) ) ): commands.append(cmd + (" " + attr + " " + key)) key = "group" group = w[attr].get(key) or {} if group: h_group = {} if h and h.get(attr) and key in h[attr].keys(): h_group = h[attr].get(key) for item, val in iteritems(group): if val: if ( opr and item in g_set and not ( h_group and self._is_w_same(group, h_group, item) ) ): commands.append( cmd + ( " " + attr + " " + key + " " + item.replace("_", "-") + " " + val ) ) elif ( not opr and item in g_set and not ( h_group and self._in_target(h_group, item) ) ): commands.append( cmd + ( " " + attr + " " + key + " " + item.replace("_", "-") ) ) return commands def search_r_sets_in_have(self, have, w_name, type="rule_sets"): """ This function returns the rule-set/rule if it is present in target config. :param have: target config. :param w_name: rule-set name. :param type: rule_sets/rule/r_list. :return: rule-set/rule. """ if have: key = "name" if type == "rules": key = "number" for r in have: if r[key] == w_name: return r elif type == "r_list": for h in have: r_sets = self._get_r_sets(h) for rs in r_sets: if rs[key] == w_name: return rs else: for rs in have: if rs[key] == w_name: return rs return None def _get_r_sets(self, item, type="rule_sets"): """ This function returns the list of rule-sets/rules. :param item: config dictionary. :param type: rule_sets/rule/r_list. :return: list of rule-sets/rules. """ rs_list = [] r_sets = item[type] if r_sets: for rs in r_sets: rs_list.append(rs) return rs_list def _compute_command( self, afi, name=None, number=None, attrib=None, value=None, remove=False, opr=True, ): """ This function construct the add/delete command based on passed attributes. :param afi: address type. :param name: rule-set name. :param number: rule-number. :param attrib: attribute name. :param value: value. :param remove: True if delete command needed to be construct. :param opr: opeeration flag. :return: generated command. """ if remove or not opr: cmd = "delete firewall " + self._get_fw_type(afi) else: cmd = "set firewall " + self._get_fw_type(afi) if name: cmd += " " + name if number: cmd += " rule " + str(number) if attrib: cmd += " " + attrib.replace("_", "-") if ( value and opr and attrib != "enable_default_log" and attrib != "disabled" ): cmd += " '" + str(value) + "'" return cmd def _add_r_base_attrib(self, afi, name, attr, rule, opr=True): """ This function forms the command for 'rules' attributes which doesn't have further sub attributes. :param afi: address type. :param name: rule-set name :param attrib: attribute name :param rule: rule config dictionary. :param opr: True/False. :return: generated command. """ if attr == "number": command = self._compute_command( afi=afi, name=name, number=rule["number"], opr=opr ) else: command = self._compute_command( afi=afi, name=name, number=rule["number"], attrib=attr, value=rule[attr], opr=opr, ) return command def _add_rs_base_attrib(self, afi, name, attrib, rule, opr=True): """ This function forms the command for 'rule-sets' attributes which doesn't have further sub attributes. :param afi: address type. :param name: rule-set name :param attrib: attribute name :param rule: rule config dictionary. :param opr: True/False. :return: generated command. """ command = self._compute_command( afi=afi, name=name, attrib=attrib, value=rule[attrib], opr=opr ) return command def _bool_to_str(self, val): """ This function converts the bool value into string. :param val: bool value. :return: enable/disable. """ return "enable" if val else "disable" def _get_fw_type(self, afi): """ This function returns the firewall rule-set type based on IP address. :param afi: address type :return: rule-set type. """ return "ipv6-name" if afi == "ipv6" else "name" def _is_del(self, l_set, h, key="number"): """ This function checks whether rule needs to be deleted based on the rule number. :param l_set: attribute set. :param h: target config. :param key: number. :return: True/False. """ return key in l_set and not (h and self._in_target(h, key)) def _is_w_same(self, w, h, key): """ This function checks whether the key value is same in base and target config dictionary. :param w: base config. :param h: target config. :param key:attribute name. :return: True/False. """ return True if h and key in h and h[key] == w[key] else False def _in_target(self, h, key): """ This function checks whether the target nexist and key present in target config. :param h: target config. :param key: attribute name. :return: True/False. """ return True if h and key in h else False def _is_base_attrib(self, key): """ This function checks whether key is present in predefined based attribute set. :param key: :return: True/False. """ r_set = ( "p2p", "ipsec", "action", "fragment", "protocol", "disabled", "description", "mac_address", "default_action", "enable_default_log", ) return True if key in r_set else False diff --git a/plugins/module_utils/network/vyos/config/ntp_global/__init__.py b/plugins/module_utils/network/vyos/config/ntp_global/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/plugins/module_utils/network/vyos/config/ntp_global/ntp_global.py b/plugins/module_utils/network/vyos/config/ntp_global/ntp_global.py new file mode 100644 index 00000000..0a0e389f --- /dev/null +++ b/plugins/module_utils/network/vyos/config/ntp_global/ntp_global.py @@ -0,0 +1,197 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The vyos_ntp config file. +It is in this file where the current configuration (as dict) +is compared to the provided configuration (as dict) and the command set +necessary to bring the current configuration to its desired end-state is +created. +""" + +from ansible.module_utils.six import iteritems +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( + dict_merge, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module import ( + ResourceModule, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import ( + Facts, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.ntp_global import ( + NtpTemplate, +) + + +class Ntp_global(ResourceModule): + """ + The vyos_ntp config class + """ + + def __init__(self, module): + super(Ntp_global, self).__init__( + empty_fact_val={}, + facts_module=Facts(module), + module=module, + resource="ntp_global", + tmplt=NtpTemplate(), + ) + self.parsers = [ + "allow_clients", + "listen_addresses", + "server", + "options", + "allow_clients_delete", + "listen_addresses_delete", + ] + + def execute_module(self): + """Execute the module + + :rtype: A dictionary + :returns: The result from module execution + """ + if self.state not in ["parsed", "gathered"]: + self.generate_commands() + self.run_commands() + return self.result + + def generate_commands(self): + """Generate configuration commands to send based on + want, have and desired state. + """ + + wantd = self._ntp_list_to_dict(self.want) + haved = self._ntp_list_to_dict(self.have) + + # if state is merged, merge want onto have and then compare + if self.state == "merged": + wantd = dict_merge(haved, wantd) + + # if state is deleted, empty out wantd and set haved to wantd + if self.state == "deleted": + haved = { + k: v for k, v in iteritems(haved) if k in wantd or not wantd + } + wantd = {} + + commandlist = self._commandlist(haved) + servernames = self._servernames(haved) + # removing the servername and commandlist from the list after deleting it from haved + for k, have in iteritems(haved): + if k not in wantd: + for hk, hval in iteritems(have): + if hk == "allow_clients" and hk in commandlist: + self.commands.append( + self._tmplt.render( + {"": hk}, "allow_clients_delete", True + ) + ) + commandlist.remove(hk) + elif hk == "listen_addresses" and hk in commandlist: + self.commands.append( + self._tmplt.render( + {"": hk}, "listen_addresses_delete", True + ) + ) + commandlist.remove(hk) + elif hk == "server" and have["server"] in servernames: + self._compareoverride(want={}, have=have) + servernames.remove(have["server"]) + + # remove existing config for overridden,replaced and deleted + # Getting the list of the server names from haved + # to avoid the duplication of overridding/replacing the servers + if self.state in ["overridden", "replaced"]: + + commandlist = self._commandlist(haved) + servernames = self._servernames(haved) + + for k, have in iteritems(haved): + if k not in wantd and "server" not in have: + self._compareoverride(want={}, have=have) + # removing the servername from the list after deleting it from haved + elif k not in wantd and have["server"] in servernames: + self._compareoverride(want={}, have=have) + servernames.remove(have["server"]) + + for k, want in iteritems(wantd): + self._compare(want=want, have=haved.pop(k, {})) + + def _compare(self, want, have): + """Leverages the base class `compare()` method and + populates the list of commands to be run by comparing + the `want` and `have` data with the `parsers` defined + for the Ntp network resource. + """ + if "options" in want: + self.compare(parsers="options", want=want, have=have) + else: + self.compare(parsers=self.parsers, want=want, have=have) + + def _compareoverride(self, want, have): + # do not delete configuration with options level + for i, val in iteritems(have): + if i == "options": + pass + else: + self.compare(parsers=i, want={}, have=have) + + def _ntp_list_to_dict(self, entry): + servers_dict = {} + for k, data in iteritems(entry): + if k == "servers": + for value in data: + if "options" in value: + result = self._serveroptions_list_to_dict(value) + for res, resvalue in iteritems(result): + servers_dict.update({res: resvalue}) + else: + servers_dict.update({value["server"]: value}) + else: + for value in data: + servers_dict.update({"ip_" + value: {k: value}}) + return servers_dict + + def _serveroptions_list_to_dict(self, entry): + serveroptions_dict = {} + for Opk, Op in iteritems(entry): + if Opk == "options": + for val in Op: + dict = {} + dict.update({"server": entry["server"]}) + dict.update({Opk: val}) + serveroptions_dict.update( + {entry["server"] + "_" + val: dict} + ) + return serveroptions_dict + + def _commandlist(self, haved): + commandlist = [] + for k, have in iteritems(haved): + for ck, cval in iteritems(have): + if ck != "options" and ck not in commandlist: + commandlist.append(ck) + return commandlist + + def _servernames(self, haved): + servernames = [] + for k, have in iteritems(haved): + for sk, sval in iteritems(have): + if sk == "server" and sval not in [ + "0.pool.ntp.org", + "1.pool.ntp.org", + "2.pool.ntp.org", + ]: + if sval not in servernames: + servernames.append(sval) + return servernames diff --git a/plugins/module_utils/network/vyos/facts/facts.py b/plugins/module_utils/network/vyos/facts/facts.py index ab074b00..e560a48a 100644 --- a/plugins/module_utils/network/vyos/facts/facts.py +++ b/plugins/module_utils/network/vyos/facts/facts.py @@ -1,123 +1,127 @@ # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) """ The facts class for vyos this file validates each subset of facts and selectively calls the appropriate facts gathering function """ from __future__ import absolute_import, division, print_function __metaclass__ = type from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.facts.facts import ( FactsBase, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.interfaces.interfaces import ( InterfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.l3_interfaces.l3_interfaces import ( L3_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.lag_interfaces.lag_interfaces import ( Lag_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.lldp_global.lldp_global import ( Lldp_globalFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.lldp_interfaces.lldp_interfaces import ( Lldp_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_rules.firewall_rules import ( Firewall_rulesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.static_routes.static_routes import ( Static_routesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_global.firewall_global import ( Firewall_globalFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_interfaces.firewall_interfaces import ( Firewall_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.ospfv3.ospfv3 import ( Ospfv3Facts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.ospfv2.ospfv2 import ( Ospfv2Facts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.ospf_interfaces.ospf_interfaces import ( Ospf_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_global.bgp_global import ( Bgp_globalFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_address_family.bgp_address_family import ( Bgp_address_familyFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.route_maps.route_maps import ( Route_mapsFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.prefix_lists.prefix_lists import ( Prefix_listsFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.logging_global.logging_global import ( Logging_globalFacts, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.ntp_global.ntp_global import ( + Ntp_globalFacts, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.legacy.base import ( Default, Neighbors, Config, ) FACT_LEGACY_SUBSETS = dict(default=Default, neighbors=Neighbors, config=Config) FACT_RESOURCE_SUBSETS = dict( interfaces=InterfacesFacts, l3_interfaces=L3_interfacesFacts, lag_interfaces=Lag_interfacesFacts, lldp_global=Lldp_globalFacts, lldp_interfaces=Lldp_interfacesFacts, static_routes=Static_routesFacts, firewall_rules=Firewall_rulesFacts, firewall_global=Firewall_globalFacts, firewall_interfaces=Firewall_interfacesFacts, ospfv3=Ospfv3Facts, ospfv2=Ospfv2Facts, ospf_interfaces=Ospf_interfacesFacts, bgp_global=Bgp_globalFacts, bgp_address_family=Bgp_address_familyFacts, route_maps=Route_mapsFacts, prefix_lists=Prefix_listsFacts, logging_global=Logging_globalFacts, + ntp_global=Ntp_globalFacts, ) class Facts(FactsBase): """The fact class for vyos""" VALID_LEGACY_GATHER_SUBSETS = frozenset(FACT_LEGACY_SUBSETS.keys()) VALID_RESOURCE_SUBSETS = frozenset(FACT_RESOURCE_SUBSETS.keys()) def __init__(self, module): super(Facts, self).__init__(module) def get_facts( self, legacy_facts_type=None, resource_facts_type=None, data=None ): """Collect the facts for vyos :param legacy_facts_type: List of legacy facts types :param resource_facts_type: List of resource fact types :param data: previously collected conf :rtype: dict :return: the facts gathered """ if self.VALID_RESOURCE_SUBSETS: self.get_network_resources_facts( FACT_RESOURCE_SUBSETS, resource_facts_type, data ) if self.VALID_LEGACY_GATHER_SUBSETS: self.get_network_legacy_facts( FACT_LEGACY_SUBSETS, legacy_facts_type ) return self.ansible_facts, self._warnings diff --git a/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py index e6e42d70..1b1076c0 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py @@ -1,387 +1,403 @@ # # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) """ The vyos firewall_global fact class It is in this file the configuration is collected from the device for a given resource, parsed, and the facts tree is populated based on the configuration. """ from __future__ import absolute_import, division, print_function __metaclass__ = type from copy import deepcopy from re import findall, search, M from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( utils, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_global.firewall_global import ( Firewall_globalArgs, ) class Firewall_globalFacts(object): """The vyos firewall_global fact class""" def __init__(self, module, subspec="config", options="options"): self._module = module self.argument_spec = Firewall_globalArgs.argument_spec spec = deepcopy(self.argument_spec) if subspec: if options: facts_argument_spec = spec[subspec][options] else: facts_argument_spec = spec[subspec] else: facts_argument_spec = spec self.generated_spec = utils.generate_dict(facts_argument_spec) def get_device_data(self, connection): return connection.get_config() def populate_facts(self, connection, ansible_facts, data=None): """Populate the facts for firewall_global :param connection: the device connection :param ansible_facts: Facts dictionary :param data: previously collected conf :rtype: dictionary :returns: facts """ if not data: # typically data is populated from the current device configuration # data = connection.get('show running-config | section ^interface') # using mock data instead data = self.get_device_data(connection) objs = {} firewalls = findall(r"^set firewall .*$", data, M) if firewalls: objs = self.render_config(firewalls) facts = {} params = utils.validate_config(self.argument_spec, {"config": objs}) facts["firewall_global"] = utils.remove_empties(params["config"]) ansible_facts["ansible_network_resources"].update(facts) return ansible_facts def render_config(self, conf): """ Render config as dictionary structure and delete keys from spec for null values :param spec: The facts tree, generated from the argspec :param conf: The configuration :rtype: dictionary :returns: The generated config """ conf = "\n".join( filter( lambda x: ("firewall ipv6-name" and "firewall name" not in x), conf, ) ) a_lst = [ "config_trap", "validation", "log_martians", "syn_cookies", "twa_hazards_protection", ] firewall = self.parse_attr(conf, a_lst) f_sub = { "ping": self.parse_ping(conf), "group": self.parse_group(conf), "route_redirects": self.route_redirects(conf), "state_policy": self.parse_state_policy(conf), } firewall.update(f_sub) return firewall def route_redirects(self, conf): """ This function forms the regex to fetch the afi and invoke functions to fetch route redirects and source routes :param conf: configuration data. :return: generated rule list configuration. """ rr_lst = [] v6_attr = findall( r"^set firewall (?:ipv6-src-route|ipv6-receive-redirects) (\S+)", conf, M, ) if v6_attr: obj = self.parse_rr_attrib(conf, "ipv6") if obj: rr_lst.append(obj) v4_attr = findall( r"^set firewall (?:ip-src-route|receive-redirects|send-redirects) (\S+)", conf, M, ) if v4_attr: obj = self.parse_rr_attrib(conf, "ipv4") if obj: rr_lst.append(obj) return rr_lst def parse_rr_attrib(self, conf, attrib=None): """ This function fetches the 'ip_src_route' invoke function to parse icmp redirects. :param conf: configuration to be parsed. :param attrib: 'ipv4/ipv6'. :return: generated config dictionary. """ cfg_dict = self.parse_attr(conf, ["ip_src_route"], type=attrib) cfg_dict["icmp_redirects"] = self.parse_icmp_redirects(conf, attrib) cfg_dict["afi"] = attrib return cfg_dict def parse_icmp_redirects(self, conf, attrib=None): """ This function triggers the parsing of 'icmp_redirects' attributes. :param conf: configuration to be parsed. :param attrib: 'ipv4/ipv6'. :return: generated config dictionary. """ a_lst = ["send", "receive"] cfg_dict = self.parse_attr(conf, a_lst, type=attrib) return cfg_dict def parse_ping(self, conf): """ This function triggers the parsing of 'ping' attributes. :param conf: configuration to be parsed. :return: generated config dictionary. """ a_lst = ["all", "broadcast"] cfg_dict = self.parse_attr(conf, a_lst) return cfg_dict def parse_state_policy(self, conf): """ This function fetched the connecton type and invoke function to parse other state-policy attributes. :param conf: configuration data. :return: generated rule list configuration. """ sp_lst = [] attrib = "state-policy" policies = findall(r"^set firewall " + attrib + " (\\S+)", conf, M) if policies: rules_lst = [] for sp in set(policies): sp_regex = r" %s .+$" % sp cfg = "\n".join(findall(sp_regex, conf, M)) obj = self.parse_policies(cfg, sp) obj["connection_type"] = sp if obj: rules_lst.append(obj) sp_lst = sorted(rules_lst, key=lambda i: i["connection_type"]) return sp_lst def parse_policies(self, conf, attrib=None): """ This function triggers the parsing of policy attributes action and log. :param conf: configuration :param attrib: connection type. :return: generated rule configuration dictionary. """ a_lst = ["action", "log"] cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict def parse_group(self, conf): """ This function triggers the parsing of 'group' attributes. :param conf: configuration. :return: generated config dictionary. """ cfg_dict = {} - cfg_dict["port_group"] = self.parse_group_lst(conf, "port-group") - cfg_dict["address_group"] = self.parse_group_lst(conf, "address-group") - cfg_dict["network_group"] = self.parse_group_lst(conf, "network-group") + cfg_dict["port_group"] = self.parse_group_lst( + conf, "port-group", False + ) + cfg_dict["address_group"] = self.parse_group_lst( + conf, "address-group" + ) + self.parse_group_lst(conf, "ipv6-address-group") + cfg_dict["network_group"] = self.parse_group_lst( + conf, "network-group" + ) + self.parse_group_lst(conf, "ipv6-network-group") return cfg_dict - def parse_group_lst(self, conf, type): + def parse_group_lst(self, conf, type, include_afi=True): """ This function fetches the name of group and invoke function to parse group attributes'. :param conf: configuration data. :param type: type of group. + :param include_afi: if the afi should be included in the parsed object :return: generated group list configuration. """ g_lst = [] groups = findall(r"^set firewall group " + type + " (\\S+)", conf, M) if groups: rules_lst = [] for gr in set(groups): gr_regex = r" %s .+$" % gr cfg = "\n".join(findall(gr_regex, conf, M)) - obj = self.parse_groups(cfg, type, gr) + if "ipv6" in type: + # fmt: off + obj = self.parse_groups(cfg, type[len("ipv6-"):], gr) + # fmt: on + if include_afi: + obj["afi"] = "ipv6" + else: + obj = self.parse_groups(cfg, type, gr) + if include_afi: + obj["afi"] = "ipv4" obj["name"] = gr.strip("'") if obj: rules_lst.append(obj) g_lst = sorted(rules_lst, key=lambda i: i["name"]) return g_lst def parse_groups(self, conf, type, name): """ This function fetches the description and invoke the parsing of group members. :param conf: configuration. :param type: type of group. :param name: name of group. :return: generated configuration dictionary. """ a_lst = ["name", "description"] group = self.parse_attr(conf, a_lst) key = self.get_key(type) r_sub = {key[0]: self.parse_address_port_lst(conf, name, key[1])} group.update(r_sub) return group def parse_address_port_lst(self, conf, name, key): """ This function forms the regex to fetch the group members attributes. :param conf: configuration data. :param name: name of group. :param key: key value. :return: generated member list configuration. """ l_lst = [] attribs = findall(r"^.*" + name + " " + key + " (\\S+)", conf, M) if attribs: for attr in attribs: if key == "port": l_lst.append({"port": attr.strip("'")}) else: l_lst.append({"address": attr.strip("'")}) return l_lst def parse_attr(self, conf, attr_list, match=None, type=None): """ This function peforms the following: - Form the regex to fetch the required attribute config. - Type cast the output in desired format. :param conf: configuration. :param attr_list: list of attributes. :param match: parent node/attribute name. :return: generated config dictionary. """ config = {} for attrib in attr_list: regex = self.map_regex(attrib, type) if match: regex = match + " " + regex if conf: if self.is_bool(attrib): attr = self.map_regex(attrib, type) out = conf.find(attr.replace("_", "-")) dis = conf.find(attr.replace("_", "-") + " 'disable'") if out >= 1: if dis >= 1: config[attrib] = False else: config[attrib] = True else: out = search(r"^.*" + regex + " (.+)", conf, M) if out: val = out.group(1).strip("'") if self.is_num(attrib): val = int(val) config[attrib] = val return config def get_key(self, type): """ This function map the group type to member type :param type: :return: """ key = () if type == "port-group": key = ("members", "port") elif type == "address-group": key = ("members", "address") elif type == "network-group": key = ("members", "network") return key def map_regex(self, attrib, type=None): """ - This function construct the regex string. - replace the underscore with hyphen. :param attrib: attribute :return: regex string """ regex = attrib.replace("_", "-") if attrib == "all": regex = "all-ping" elif attrib == "disabled": regex = "disable" elif attrib == "broadcast": regex = "broadcast-ping" elif attrib == "send": if type == "ipv6": regex = "ipv6-send-redirects" else: regex = "send-redirects" elif attrib == "ip_src_route": if type == "ipv6": regex = "ipv6-src-route" elif attrib == "receive": if type == "ipv6": regex = "ipv6-receive-redirects" else: regex = "receive-redirects" return regex def is_num(self, attrib): """ This function looks for the attribute in predefined integer type set. :param attrib: attribute. :return: True/false. """ num_set = ("time", "code", "type", "count", "burst", "number") return True if attrib in num_set else False def get_src_route(self, attrib): """ This function looks for the attribute in predefined integer type set. :param attrib: attribute. :return: True/false. """ return "ipv6_src_route" if attrib == "ipv6" else "ip_src_route" def is_bool(self, attrib): """ This function looks for the attribute in predefined bool type set. :param attrib: attribute. :return: True/False """ bool_set = ( "all", "log", "send", "receive", "broadcast", "config_trap", "log_martians", "syn_cookies", "ip_src_route", "twa_hazards_protection", ) return True if attrib in bool_set else False diff --git a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py index 44242929..63a159e6 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py @@ -1,379 +1,384 @@ # # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) """ The vyos firewall_rules fact class It is in this file the configuration is collected from the device for a given resource, parsed, and the facts tree is populated based on the configuration. """ from __future__ import absolute_import, division, print_function __metaclass__ = type +import re from re import findall, search, M from copy import deepcopy from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( utils, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_rules.firewall_rules import ( Firewall_rulesArgs, ) class Firewall_rulesFacts(object): """The vyos firewall_rules fact class""" def __init__(self, module, subspec="config", options="options"): self._module = module self.argument_spec = Firewall_rulesArgs.argument_spec spec = deepcopy(self.argument_spec) if subspec: if options: facts_argument_spec = spec[subspec][options] else: facts_argument_spec = spec[subspec] else: facts_argument_spec = spec self.generated_spec = utils.generate_dict(facts_argument_spec) def get_device_data(self, connection): return connection.get_config() def populate_facts(self, connection, ansible_facts, data=None): """Populate the facts for firewall_rules :param connection: the device connection :param ansible_facts: Facts dictionary :param data: previously collected conf :rtype: dictionary :returns: facts """ if not data: # typically data is populated from the current device configuration # data = connection.get('show running-config | section ^interface') # using mock data instead data = self.get_device_data(connection) # split the config into instances of the resource objs = [] v6_rules = findall( r"^set firewall ipv6-name (?:\'*)(\S+)(?:\'*)", data, M ) v4_rules = findall(r"^set firewall name (?:\'*)(\S+)(?:\'*)", data, M) if v6_rules: config = self.get_rules(data, v6_rules, type="ipv6") if config: config = utils.remove_empties(config) objs.append(config) if v4_rules: config = self.get_rules(data, v4_rules, type="ipv4") if config: config = utils.remove_empties(config) objs.append(config) ansible_facts["ansible_network_resources"].pop("firewall_rules", None) facts = {} if objs: facts["firewall_rules"] = [] params = utils.validate_config( self.argument_spec, {"config": objs} ) for cfg in params["config"]: facts["firewall_rules"].append(utils.remove_empties(cfg)) ansible_facts["ansible_network_resources"].update(facts) return ansible_facts def get_rules(self, data, rules, type): """ This function performs following: - Form regex to fetch 'rule-sets' specific config from data. - Form the rule-set list based on ip address. :param data: configuration. :param rules: list of rule-sets. :param type: ip address type. :return: generated rule-sets configuration. """ r_v4 = [] r_v6 = [] for r in set(rules): rule_regex = r" %s .+$" % r.strip("'") cfg = findall(rule_regex, data, M) fr = self.render_config(cfg, r.strip("'")) fr["name"] = r.strip("'") if type == "ipv6": r_v6.append(fr) else: r_v4.append(fr) if r_v4: config = {"afi": "ipv4", "rule_sets": r_v4} if r_v6: config = {"afi": "ipv6", "rule_sets": r_v6} return config def render_config(self, conf, match): """ Render config as dictionary structure and delete keys from spec for null values :param spec: The facts tree, generated from the argspec :param conf: The configuration :rtype: dictionary :returns: The generated config """ conf = "\n".join(filter(lambda x: x, conf)) a_lst = ["description", "default_action", "enable_default_log"] config = self.parse_attr(conf, a_lst, match) if not config: config = {} config["rules"] = self.parse_rules_lst(conf) return config def parse_rules_lst(self, conf): """ This function forms the regex to fetch the 'rules' with in 'rule-sets' :param conf: configuration data. :return: generated rule list configuration. """ r_lst = [] rules = findall(r"rule (?:\'*)(\d+)(?:\'*)", conf, M) if rules: rules_lst = [] for r in set(rules): r_regex = r" %s .+$" % r cfg = "\n".join(findall(r_regex, conf, M)) obj = self.parse_rules(cfg) obj["number"] = int(r) if obj: rules_lst.append(obj) r_lst = sorted(rules_lst, key=lambda i: i["number"]) return r_lst def parse_rules(self, conf): """ This function triggers the parsing of 'rule' attributes. a_lst is a list having rule attributes which doesn't have further sub attributes. :param conf: configuration :return: generated rule configuration dictionary. """ a_lst = [ "ipsec", "action", "protocol", "fragment", "disabled", "description", + "icmp", ] rule = self.parse_attr(conf, a_lst) r_sub = { "p2p": self.parse_p2p(conf), "tcp": self.parse_tcp(conf, "tcp"), "icmp": self.parse_icmp(conf, "icmp"), "time": self.parse_time(conf, "time"), "limit": self.parse_limit(conf, "limit"), "state": self.parse_state(conf, "state"), "recent": self.parse_recent(conf, "recent"), "source": self.parse_src_or_dest(conf, "source"), "destination": self.parse_src_or_dest(conf, "destination"), } rule.update(r_sub) return rule def parse_p2p(self, conf): """ This function forms the regex to fetch the 'p2p' with in 'rules' :param conf: configuration data. :return: generated rule list configuration. """ a_lst = [] applications = findall(r"p2p (?:\'*)(\d+)(?:\'*)", conf, M) if applications: app_lst = [] for r in set(applications): obj = {"application": r.strip("'")} app_lst.append(obj) a_lst = sorted(app_lst, key=lambda i: i["application"]) return a_lst def parse_src_or_dest(self, conf, attrib=None): """ This function triggers the parsing of 'source or destination' attributes. :param conf: configuration. :param attrib:'source/destination'. :return:generated source/destination configuration dictionary. """ a_lst = ["port", "address", "mac_address"] cfg_dict = self.parse_attr(conf, a_lst, match=attrib) cfg_dict["group"] = self.parse_group(conf, attrib + " group") return cfg_dict def parse_recent(self, conf, attrib=None): """ This function triggers the parsing of 'recent' attributes :param conf: configuration. :param attrib: 'recent'. :return: generated config dictionary. """ a_lst = ["time", "count"] cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict def parse_tcp(self, conf, attrib=None): """ This function triggers the parsing of 'tcp' attributes. :param conf: configuration. :param attrib: 'tcp'. :return: generated config dictionary. """ cfg_dict = self.parse_attr(conf, ["flags"], match=attrib) return cfg_dict def parse_time(self, conf, attrib=None): """ This function triggers the parsing of 'time' attributes. :param conf: configuration. :param attrib: 'time'. :return: generated config dictionary. """ a_lst = [ "stopdate", "stoptime", "weekdays", "monthdays", "startdate", "starttime", ] cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict def parse_state(self, conf, attrib=None): """ This function triggers the parsing of 'state' attributes. :param conf: configuration :param attrib: 'state'. :return: generated config dictionary. """ a_lst = ["new", "invalid", "related", "established"] cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict def parse_group(self, conf, attrib=None): """ This function triggers the parsing of 'group' attributes. :param conf: configuration. :param attrib: 'group'. :return: generated config dictionary. """ a_lst = ["port_group", "address_group", "network_group"] cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict def parse_icmp(self, conf, attrib=None): """ This function triggers the parsing of 'icmp' attributes. :param conf: configuration to be parsed. :param attrib: 'icmp'. :return: generated config dictionary. """ a_lst = ["code", "type", "type_name"] + if attrib == "icmp": + attrib = "icmpv6" + conf = re.sub("icmpv6 type", "icmpv6 type-name", conf) cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict def parse_limit(self, conf, attrib=None): """ This function triggers the parsing of 'limit' attributes. :param conf: configuration to be parsed. :param attrib: 'limit' :return: generated config dictionary. """ cfg_dict = self.parse_attr(conf, ["burst"], match=attrib) cfg_dict["rate"] = self.parse_rate(conf, "rate") return cfg_dict def parse_rate(self, conf, attrib=None): """ This function triggers the parsing of 'rate' attributes. :param conf: configuration. :param attrib: 'rate' :return: generated config dictionary. """ a_lst = ["unit", "number"] cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict def parse_attr(self, conf, attr_list, match=None): """ This function peforms the following: - Form the regex to fetch the required attribute config. - Type cast the output in desired format. :param conf: configuration. :param attr_list: list of attributes. :param match: parent node/attribute name. :return: generated config dictionary. """ config = {} for attrib in attr_list: regex = self.map_regex(attrib) if match: regex = match + " " + regex if conf: if self.is_bool(attrib): out = conf.find(attrib.replace("_", "-")) dis = conf.find(attrib.replace("_", "-") + " 'disable'") if out >= 1: if dis >= 1: config[attrib] = False else: config[attrib] = True else: out = search(r"^.*" + regex + " (.+)", conf, M) if out: val = out.group(1).strip("'") if self.is_num(attrib): val = int(val) config[attrib] = val return config def map_regex(self, attrib): """ - This function construct the regex string. - replace the underscore with hyphen. :param attrib: attribute :return: regex string """ regex = attrib.replace("_", "-") if attrib == "disabled": regex = "disable" return regex def is_bool(self, attrib): """ This function looks for the attribute in predefined bool type set. :param attrib: attribute. :return: True/False """ bool_set = ( "new", "invalid", "related", "disabled", "established", "enable_default_log", ) return True if attrib in bool_set else False def is_num(self, attrib): """ This function looks for the attribute in predefined integer type set. :param attrib: attribute. :return: True/false. """ num_set = ("time", "code", "type", "count", "burst", "number") return True if attrib in num_set else False diff --git a/plugins/module_utils/network/vyos/facts/ntp_global/__init__.py b/plugins/module_utils/network/vyos/facts/ntp_global/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/plugins/module_utils/network/vyos/facts/ntp_global/ntp_global.py b/plugins/module_utils/network/vyos/facts/ntp_global/ntp_global.py new file mode 100644 index 00000000..bb20e2d6 --- /dev/null +++ b/plugins/module_utils/network/vyos/facts/ntp_global/ntp_global.py @@ -0,0 +1,99 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +""" +The vyos ntp fact class +It is in this file the configuration is collected from the device +for a given resource, parsed, and the facts tree is populated +based on the configuration. +""" + +import re + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.ntp_global import ( + NtpTemplate, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.ntp_global.ntp_global import ( + Ntp_globalArgs, +) + + +class Ntp_globalFacts(object): + """The vyos ntp facts class""" + + def __init__(self, module, subspec="config", options="options"): + self._module = module + self.argument_spec = Ntp_globalArgs.argument_spec + + def get_config(self, connection): + return connection.get("show configuration commands | grep ntp") + + def populate_facts(self, connection, ansible_facts, data=None): + """Populate the facts for Ntp network resource + + :param connection: the device connection + :param ansible_facts: Facts dictionary + :param data: previously collected conf + + :rtype: dictionary + :returns: facts + """ + facts = {} + objs = [] + config_lines = [] + + if not data: + data = self.get_config(connection) + + for resource in data.splitlines(): + config_lines.append(re.sub("'", "", resource)) + # parse native config using the Ntp template + ntp_parser = NtpTemplate(lines=config_lines, module=self._module) + + objs = ntp_parser.parse() + + if objs: + if "allow_clients" in objs: + objs["allow_clients"] = sorted(list(objs["allow_clients"])) + + if "listen_addresses" in objs: + objs["listen_addresses"] = sorted( + list(objs["listen_addresses"]) + ) + + """ if "options" in objs["servers"].values(): + val = objs["servers"].values() + val["options"] = sorted(val["options"]) """ + + if "servers" in objs: + objs["servers"] = list(objs["servers"].values()) + objs["servers"] = sorted( + objs["servers"], key=lambda k: k["server"] + ) + for i in objs["servers"]: + if "options" in i: + i["options"] = sorted(list(i["options"])) + + ansible_facts["ansible_network_resources"].pop("ntp_global", None) + + params = utils.remove_empties( + ntp_parser.validate_config( + self.argument_spec, {"config": objs}, redact=True + ) + ) + + if params.get("config"): + facts["ntp_global"] = params["config"] + ansible_facts["ansible_network_resources"].update(facts) + + return ansible_facts diff --git a/plugins/module_utils/network/vyos/rm_templates/ntp_global.py b/plugins/module_utils/network/vyos/rm_templates/ntp_global.py new file mode 100644 index 00000000..ac0bcbbf --- /dev/null +++ b/plugins/module_utils/network/vyos/rm_templates/ntp_global.py @@ -0,0 +1,129 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The Ntp parser templates file. This contains +a list of parser definitions and associated functions that +facilitates both facts gathering and native command generation for +the given network resource. +""" + +import re +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.network_template import ( + NetworkTemplate, +) + + +class NtpTemplate(NetworkTemplate): + def __init__(self, lines=None, module=None): + prefix = {"set": "set", "remove": "delete"} + super(NtpTemplate, self).__init__( + lines=lines, tmplt=self, prefix=prefix, module=module + ) + + # fmt: off + PARSERS = [ + + # set system ntp allow_clients address
+ { + "name": "allow_clients", + "getval": re.compile( + r""" + ^set\ssystem\sntp\sallow-clients\saddress (\s(?P\S+))? + $""", + re.VERBOSE), + "setval": "system ntp allow-clients address {{allow_clients}}", + "result": { + "allow_clients": ["{{ipaddress}}"] + } + }, + + # set system ntp allow_clients + { + "name": "allow_clients_delete", + "getval": re.compile( + r""" + ^set\ssystem\sntp\sallow-clients + $""", + re.VERBOSE), + "setval": "system ntp allow-clients", + "result": { + + } + + }, + + # set system ntp listen_address
+ { + "name": "listen_addresses", + "getval": re.compile( + r""" + ^set\ssystem\sntp\slisten-address (\s(?P\S+))? + $""", + re.VERBOSE), + "setval": "system ntp listen-address {{listen_addresses}}", + "result": { + "listen_addresses": ["{{ip_address}}"] + } + }, + + # set system ntp listen_address + { + "name": "listen_addresses_delete", + "getval": re.compile( + r""" + ^set\ssystem\sntp\slisten-address + $""", + re.VERBOSE), + "setval": "system ntp listen-address", + "result": { + } + }, + + # set system ntp server + { + "name": "server", + "getval": re.compile( + r""" + ^set\ssystem\sntp\sserver (\s(?P\S+))? + $""", + re.VERBOSE), + "setval": "system ntp server {{server}}", + "result": { + "servers": { + "{{name}}": { + "server": "{{name}}" + } + } + + } + }, + + # set system ntp server + { + "name": "options", + "getval": re.compile( + r""" + ^set\ssystem\sntp\sserver + \s(?P\S+) + \s(?Pnoselect|dynamic|preempt|prefer)? + $""", + re.VERBOSE), + "setval": "system ntp server {{server}} {{options}}", + "result": { + "servers": { + "{{name}}": { + "server": "{{name}}", + "options": ["{{options}}"] + } + } + } + } + ] + # fmt: on diff --git a/plugins/modules/vyos_bgp_address_family.py b/plugins/modules/vyos_bgp_address_family.py index 782669f4..ab98e3bd 100644 --- a/plugins/modules/vyos_bgp_address_family.py +++ b/plugins/modules/vyos_bgp_address_family.py @@ -1,1192 +1,1192 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # Copyright 2021 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) ############################################# # WARNING # ############################################# # # This file is auto generated by the resource # module builder playbook. # # Do not edit this file manually. # # Changes to this file will be over written # by the resource module builder. # # Changes should be made in the model used to # generate this file or in the resource module # builder template. # ############################################# """ The module file for vyos_bgp_address_family """ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ module: vyos_bgp_address_family version_added: 2.1.0 short_description: BGP Address Family Resource Module. description: - This module manages BGP address family configuration of interfaces on devices running VYOS. author: Gomathi Selvi Srinivasan (@GomathiselviS) options: config: description: A dict of BGP global configuration for interfaces. type: dict suboptions: as_number: description: - AS number. type: int address_family: description: BGP address-family parameters. type: list elements: dict suboptions: afi: description: BGP address family settings. type: str choices: ['ipv4', 'ipv6'] aggregate_address: description: - BGP aggregate network. type: list elements: dict suboptions: prefix: description: BGP aggregate network. type: str as_set: description: Generate AS-set path information for this aggregate address. type: bool summary_only: description: Announce the aggregate summary network only. type: bool networks: description: BGP network type: list elements: dict suboptions: prefix: description: BGP network address type: str path_limit: description: AS path hop count limit type: int backdoor: description: Network as a backdoor route. type: bool route_map: description: Route-map to modify route attributes type: str redistribute: description: Redistribute routes from other protocols into BGP type: list elements: dict suboptions: protocol: description: types of routes to be redistributed. type: str choices: ['connected', 'kernel', 'ospf', 'ospfv3', 'rip', 'ripng', 'static'] table: description: Redistribute non-main Kernel Routing Table. type: str route_map: description: Route map to filter redistributed routes type: str metric: description: Metric for redistributed routes. type: int neighbors: description: BGP neighbor type: list elements: dict suboptions: neighbor_address: description: BGP neighbor address (v4/v6). type: str address_family: description: address family. type: list elements: dict suboptions: afi: description: BGP neighbor parameters. type: str choices: ['ipv4', 'ipv6'] allowas_in: description: Number of occurrences of AS number. type: int as_override: description: AS for routes sent to this neighbor to be the local AS. type: bool attribute_unchanged: description: BGP attributes are sent unchanged. type: dict suboptions: as_path: description: as_path attribute type: bool med: description: med attribute type: bool next_hop: description: next_hop attribute type: bool capability: description: Advertise capabilities to this neighbor. type: dict suboptions: dynamic: description: Advertise dynamic capability to this neighbor. type: bool orf: description: Advertise ORF capability to this neighbor. type: str choices: ['send', 'receive'] default_originate: description: Send default route to this neighbor type: str distribute_list: description: Access-list to filter route updates to/from this neighbor. type: list elements: dict suboptions: action: description: Access-list to filter outgoing/incoming route updates to this neighbor type: str choices: ['export', 'import'] acl: description: Access-list number. type: int filter_list: description: As-path-list to filter route updates to/from this neighbor. type: list elements: dict suboptions: action: description: filter outgoing/incoming route updates type: str choices: ['export', 'import'] path_list: description: As-path-list to filter type: str maximum_prefix: description: Maximum number of prefixes to accept from this neighbor nexthop-self Nexthop for routes sent to this neighbor to be the local router. type: int nexthop_local: description: Nexthop attributes. type: bool nexthop_self: description: Nexthop for routes sent to this neighbor to be the local router. type: bool peer_group: description: IPv4 peer group for this peer type: str prefix_list: description: Prefix-list to filter route updates to/from this neighbor. type: list elements: dict suboptions: action: description: filter outgoing/incoming route updates type: str choices: ['export', 'import'] prefix_list: description: Prefix-list to filter type: str remove_private_as: description: Remove private AS numbers from AS path in outbound route updates type: bool route_map: description: Route-map to filter route updates to/from this neighbor. type: list elements: dict suboptions: action: description: filter outgoing/incoming route updates type: str choices: ['export', 'import'] route_map: description: route-map to filter type: str route_reflector_client: description: Neighbor as a route reflector client type: bool route_server_client: description: Neighbor is route server client type: bool soft_reconfiguration: description: Soft reconfiguration for neighbor type: bool unsupress_map: description: Route-map to selectively unsuppress suppressed routes type: str weight: description: Default weight for routes from this neighbor type: int running_config: type: str description: - This option is used only with state I(parsed). - - The value of this option should be the output received from the IOS device by + - The value of this option should be the output received from the VYOS device by executing the command B(show configuration command | match bgp). - The state I(parsed) reads the configuration from C(running_config) option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the I(parsed) key within the result. state: description: - The state the configuration should be left in. type: str choices: - merged - replaced - deleted - gathered - parsed - rendered - purged - overridden default: merged """ EXAMPLES = """ # Using merged # Before state # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # vyos@vyos:~$ - name: Merge provided configuration with device configuration vyos.vyos.vyos_bgp_address_family: config: as_number: "100" address_family: - afi: "ipv4" redistribute: - protocol: "static" metric: 50 neighbors: - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv4" allowas_in: 4 as_override: True attribute_unchanged: med: True - afi: "ipv6" default_originate: "map01" distribute_list: - action: "export" acl: 10 - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" maximum_prefix: 45 nexthop_self: True route_map: - action: "export" route_map: "map01" - action: "import" route_map: "map01" weight: 50 # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ # # Module Execution: # # "after": { # "address_family": [ # { # "afi": "ipv4", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "export", # "route_map": "map01" # }, # { # "action": "import", # "route_map": "map01" # } # ], # "weight": 50 # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "before": {}, # "changed": true, # "commands": [ # "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ], # # Using replaced: # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ - name: Replace provided configuration with device configuration vyos.vyos.vyos_bgp_address_family: config: as_number: "100" neighbors: - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" allowas_in: 4 as_override: True attribute_unchanged: med: True - afi: "ipv6" default_originate: "map01" distribute_list: - action: "export" acl: 10 - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv6" maximum_prefix: 45 nexthop_self: True state: replaced # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ # # # # Module Execution: # "after": { # "address_family": [ # { # "afi": "ipv4", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4" # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "before": { # "address_family": [ # { # "afi": "ipv4", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "export", # "route_map": "map01" # }, # { # "action": "import", # "route_map": "map01" # } # ], # "weight": 50 # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "changed": true, # "commands": [ # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" # ], # Using overridden # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only # set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ - name: Override vyos.vyos.vyos_bgp_address_family: config: as_number: "100" neighbors: - neighbor_address: "100.11.34.12" address_family: - afi: "ipv6" maximum_prefix: 45 nexthop_self: True route_map: - action: "import" route_map: "map01" address_family: - afi: "ipv4" aggregate_address: - prefix: "60.9.2.0/24" summary_only: True - afi: "ipv6" redistribute: - protocol: "static" metric: 50 state: overridden # Aft=validate-moduleser State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ # Module Execution: # "after": { # "address_family": [ # { # "afi": "ipv4", # "aggregate_address": [ # { # "prefix": "60.9.2.0/24", # "summary_only": true # } # ] # }, # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4" # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "import", # "route_map": "map01" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # } # ] # }, # "before": { # "address_family": [ # { # "afi": "ipv4", # "networks": [ # { # "backdoor": true, # "prefix": "35.1.1.0/24" # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # }, # { # "afi": "ipv6", # "aggregate_address": [ # { # "prefix": "6601:1:1:1::/64", # "summary_only": true # } # ], # "networks": [ # { # "prefix": "5001:1:1:1::/64", # "route_map": "map01" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4" # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "changed": true, # "commands": [ # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", # "delete protocols bgp 100 address-family ipv6 aggregate-address", # "delete protocols bgp 100 address-family ipv6 network", # "delete protocols bgp 100 address-family ipv4 network", # "delete protocols bgp 100 address-family ipv4 redistribute", # "set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", # "set protocols bgp 100 address-family ipv6-unicast redistribute static metric 50", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" # ], # # Using deleted: # Before State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ - name: Delete vyos.vyos.vyos_bgp_address_family: config: as_number: "100" neighbors: - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv6" - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" state: deleted # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 # vyos@vyos:~$ # # # Module Execution: # # "after": { # "address_family": [ # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "before": { # "address_family": [ # { # "afi": "ipv4", # "aggregate_address": [ # { # "prefix": "60.9.2.0/24", # "summary_only": true # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # }, # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "export", # "route_map": "map01" # }, # { # "action": "import", # "route_map": "map01" # } # ], # "weight": 50 # }, # { # "afi": "ipv6", # "maximum_prefix": 45, # "nexthop_self": true, # "route_map": [ # { # "action": "import", # "route_map": "map01" # } # ] # } # ], # "neighbor_address": "100.11.34.12" # }, # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # }, # { # "afi": "ipv6", # "default_originate": "map01", # "distribute_list": [ # { # "acl": 10, # "action": "export" # } # ] # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # }, # "changed": true, # "commands": [ # "delete protocols bgp 100 address-family ipv4-unicast", # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast", # "delete protocols bgp 100 neighbor 100.11.34.12 address-family" # ], # # using parsed: # parsed.cfg # set protocols bgp 65536 address-family ipv4-unicast aggregate-address 192.0.2.0/24 as-set # set protocols bgp 65536 address-family ipv4-unicast network 192.1.13.0/24 route-map 'map01' # set protocols bgp 65536 address-family ipv4-unicast network 192.2.13.0/24 backdoor # set protocols bgp 65536 address-family ipv6-unicast redistribute ripng metric '20' # set protocols bgp 65536 neighbor 192.0.2.25 address-family ipv4-unicast route-map export 'map01' # set protocols bgp 65536 neighbor 192.0.2.25 address-family ipv4-unicast soft-reconfiguration inbound # set protocols bgp 65536 neighbor 203.0.113.5 address-family ipv6-unicast attribute-unchanged next-hop - name: parse configs vyos.vyos.vyos_bgp_address_family: running_config: "{{ lookup('file', './parsed.cfg') }}" state: parsed # Module Execution: # "parsed": { # "address_family": [ # { # "afi": "ipv4", # "aggregate_address": [ # { # "as_set": true, # "prefix": "192.0.2.0/24" # } # ], # "networks": [ # { # "prefix": "192.1.13.0/24", # "route_map": "map01" # }, # { # "backdoor": true, # "prefix": "192.2.13.0/24" # } # ] # }, # { # "afi": "ipv6", # "redistribute": [ # { # "metric": 20, # "protocol": "ripng" # } # ] # } # ], # "as_number": 65536, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "route_map": [ # { # "action": "export", # "route_map": "map01" # } # ], # "soft_reconfiguration": true # } # ], # "neighbor_address": "192.0.2.25" # }, # { # "address_family": [ # { # "afi": "ipv6", # "attribute_unchanged": { # "next_hop": true # } # } # ], # "neighbor_address": "203.0.113.5" # } # ] # # Using gathered: # Native config: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" # set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' # set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only # set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med # set protocols bgp 100 neighbor 100.11.34.12 - name: gather configs vyos.vyos.vyos_bgp_address_family: state: gathered # Module Execution: # "gathered": { # "address_family": [ # { # "afi": "ipv4", # "networks": [ # { # "backdoor": true, # "prefix": "35.1.1.0/24" # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # }, # { # "afi": "ipv6", # "aggregate_address": [ # { # "prefix": "6601:1:1:1::/64", # "summary_only": true # } # ], # "networks": [ # { # "prefix": "5001:1:1:1::/64", # "route_map": "map01" # } # ], # "redistribute": [ # { # "metric": 50, # "protocol": "static" # } # ] # } # ], # "as_number": 100, # "neighbors": [ # { # "address_family": [ # { # "afi": "ipv4", # "allowas_in": 4, # "as_override": true, # "attribute_unchanged": { # "med": true # } # } # ], # "neighbor_address": "20.33.1.1/24" # } # ] # Using rendered: - name: Render vyos.vyos.vyos_bgp_address_family: config: as_number: "100" address_family: - afi: "ipv4" redistribute: - protocol: "static" metric: 50 neighbors: - neighbor_address: "20.33.1.1/24" address_family: - afi: "ipv4" allowas_in: 4 as_override: True attribute_unchanged: med: True - afi: "ipv6" default_originate: "map01" distribute_list: - action: "export" acl: 10 - neighbor_address: "100.11.34.12" address_family: - afi: "ipv4" maximum_prefix: 45 nexthop_self: True route_map: - action: "export" route_map: "map01" - action: "import" route_map: "map01" weight: 50 state: rendered # Module Execution: # "rendered": [ # "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ] """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.bgp_address_family.bgp_address_family import ( Bgp_address_familyArgs, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.bgp_address_family.bgp_address_family import ( Bgp_address_family, ) def main(): """ Main entry point for module execution :returns: the result form module invocation """ module = AnsibleModule( argument_spec=Bgp_address_familyArgs.argument_spec, mutually_exclusive=[], required_if=[], supports_check_mode=False, ) result = Bgp_address_family(module).execute_module() module.exit_json(**result) if __name__ == "__main__": main() diff --git a/plugins/modules/vyos_facts.py b/plugins/modules/vyos_facts.py index 8bffcda3..ef19ec09 100644 --- a/plugins/modules/vyos_facts.py +++ b/plugins/modules/vyos_facts.py @@ -1,187 +1,187 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type """ The module file for vyos_facts """ DOCUMENTATION = """ module: vyos_facts short_description: Get facts about vyos devices. description: - Collects facts from network devices running the vyos operating system. This module places the facts gathered in the fact tree keyed by the respective resource name. The facts module will always collect a base set of facts from the device and can enable or disable collection of additional facts. version_added: 1.0.0 author: - Nathaniel Case (@qalthos) - Nilashish Chakraborty (@Nilashishc) - Rohit Thakur (@rohitthakur2590) extends_documentation_fragment: - vyos.vyos.vyos notes: - Tested against VyOS 1.1.8 (helium). - This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: gather_subset: description: - When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all, default, config, and neighbors. Can specify a list of values to include a larger subset. Values can also be used with an - initial C(M(!)) to specify that a specific subset should not be collected. + initial C(!) to specify that a specific subset should not be collected. required: false default: '!config' type: list elements: str gather_network_resources: description: - When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all and the resources like interfaces. Can specify a list of values to include a larger subset. Values can also be - used with an initial C(M(!)) to specify that a specific subset should not be + used with an initial C(!) to specify that a specific subset should not be collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces', 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', 'firewall_interfaces', 'ospfv3', 'ospfv2'. required: false type: list elements: str available_network_resources: description: When 'True' a list of network resources for which resource modules are available will be provided. type: bool default: false """ EXAMPLES = """ # Gather all facts - vyos.vyos.vyos_facts: gather_subset: all gather_network_resources: all # collect only the config and default facts - vyos.vyos.vyos_facts: gather_subset: config # collect everything exception the config - vyos.vyos.vyos_facts: gather_subset: '!config' # Collect only the interfaces facts - vyos.vyos.vyos_facts: gather_subset: - '!all' - '!min' gather_network_resources: - interfaces # Do not collect interfaces facts - vyos.vyos.vyos_facts: gather_network_resources: - '!interfaces' # Collect interfaces and minimal default facts - vyos.vyos.vyos_facts: gather_subset: min gather_network_resources: interfaces """ RETURN = """ ansible_net_config: description: The running-config from the device returned: when config is configured type: str ansible_net_commits: description: The set of available configuration revisions returned: when present type: list ansible_net_hostname: description: The configured system hostname returned: always type: str ansible_net_model: description: The device model string returned: always type: str ansible_net_serialnum: description: The serial number of the device returned: always type: str ansible_net_version: description: The version of the software running returned: always type: str ansible_net_neighbors: description: The set of LLDP neighbors returned: when interface is configured type: list ansible_net_gather_subset: description: The list of subsets gathered by the module returned: always type: list ansible_net_api: description: The name of the transport returned: always type: str ansible_net_python_version: description: The Python version Ansible controller is using returned: always type: str ansible_net_gather_network_resources: description: The list of fact resource subsets collected from the device returned: always type: list """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.facts.facts import ( FactsArgs, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import ( Facts, FACT_RESOURCE_SUBSETS, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import ( vyos_argument_spec, ) def main(): """ Main entry point for module execution :returns: ansible_facts """ argument_spec = FactsArgs.argument_spec argument_spec.update(vyos_argument_spec) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True ) warnings = [] if module.params["gather_subset"] == "!config": warnings.append( "default value for `gather_subset` will be changed to `min` from `!config` v2.11 onwards" ) ansible_facts = {} if module.params.get("available_network_resources"): ansible_facts["available_network_resources"] = sorted( FACT_RESOURCE_SUBSETS.keys() ) result = Facts(module).get_facts() additional_facts, additional_warnings = result ansible_facts.update(additional_facts) warnings.extend(additional_warnings) module.exit_json(ansible_facts=ansible_facts, warnings=warnings) if __name__ == "__main__": main() diff --git a/plugins/modules/vyos_firewall_global.py b/plugins/modules/vyos_firewall_global.py index 71dc4a6c..91d97a93 100644 --- a/plugins/modules/vyos_firewall_global.py +++ b/plugins/modules/vyos_firewall_global.py @@ -1,1202 +1,1220 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) ############################################# # WARNING # ############################################# # # This file is auto generated by the resource # module builder playbook. # # Do not edit this file manually. # # Changes to this file will be over written # by the resource module builder. # # Changes should be made in the model used to # generate this file or in the resource module # builder template. # ############################################# """ The module file for vyos_firewall_global """ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ module: vyos_firewall_global short_description: FIREWALL global resource module description: This module manage global policies or configurations for firewall on VyOS devices. version_added: 1.0.0 notes: - Tested against VyOS 1.1.8 (helium). - This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: - Rohit Thakur (@rohitthakur2590) options: config: description: - A dictionary of Firewall global configuration options. type: dict suboptions: route_redirects: description: -A dictionary of Firewall icmp redirect and source route global configuration options. type: list elements: dict suboptions: afi: description: - Specifies IP address type type: str choices: - ipv4 - ipv6 required: true icmp_redirects: description: - Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect messages. type: dict suboptions: send: description: - Permits or denies transmitting packets ICMP redirect messages. type: bool receive: description: - Permits or denies receiving packets ICMP redirect messages. type: bool ip_src_route: description: - Specifies whether or not to process source route IP options. type: bool ping: description: - Policy for handling of all IPv4 ICMP echo requests. type: dict suboptions: all: description: - Enables or disables response to all IPv4 ICMP Echo Request (ping) messages. - The system responds to IPv4 ICMP Echo Request messages. type: bool broadcast: description: - Enables or disables response to broadcast IPv4 ICMP Echo Request and Timestamp Request messages. - IPv4 ICMP Echo and Timestamp Request messages are not processed. type: bool config_trap: description: - SNMP trap generation on firewall configuration changes. type: bool validation: description: - Specifies a policy for source validation by reversed path, as defined in RFC 3704. - (disable) No source validation is performed. - (loose) Enable Loose Reverse Path Forwarding as defined in RFC3704. - (strict) Enable Strict Reverse Path Forwarding as defined in RFC3704. type: str choices: - strict - loose - disable group: description: - Defines a group of objects for referencing in firewall rules. type: dict suboptions: address_group: description: - Defines a group of IP addresses for referencing in firewall rules. type: list elements: dict suboptions: + afi: + description: + - Specifies IP address type + type: str + default: ipv4 + choices: + - ipv4 + - ipv6 + required: false name: description: - Name of the firewall address group. type: str required: true description: description: - Allows you to specify a brief description for the address group. type: str members: description: - Address-group members. - IPv4 address to match. - IPv4 range to match. type: list elements: dict suboptions: address: description: IP address. type: str network_group: description: - Defines a group of networks for referencing in firewall rules. type: list elements: dict suboptions: + afi: + description: + - Specifies network address type + type: str + default: ipv4 + choices: + - ipv4 + - ipv6 + required: false name: description: - Name of the firewall network group. type: str required: true description: description: - Allows you to specify a brief description for the network group. type: str members: description: - Adds an IPv4 network to the specified network group. - The format is ip-address/prefix. type: list elements: dict suboptions: address: description: IP address. type: str port_group: description: - Defines a group of ports for referencing in firewall rules. type: list elements: dict suboptions: name: description: - Name of the firewall port group. type: str required: true description: description: - Allows you to specify a brief description for the port group. type: str members: description: - Port-group member. type: list elements: dict suboptions: port: description: Defines the number. type: str log_martians: description: - Specifies whether or not to record packets with invalid addresses in the log. - (True) Logs packets with invalid addresses. - (False) Does not log packets with invalid addresses. type: bool syn_cookies: description: - Specifies policy for using TCP SYN cookies with IPv4. - (True) Enables TCP SYN cookies with IPv4. - (False) Disables TCP SYN cookies with IPv4. type: bool twa_hazards_protection: description: - RFC1337 TCP TIME-WAIT assassination hazards protection. type: bool state_policy: description: - Specifies global firewall state-policy. type: list elements: dict suboptions: connection_type: description: Specifies connection type. type: str choices: - established - invalid - related action: description: - Action for packets part of an established connection. type: str choices: - accept - drop - reject log: description: - Enable logging of packets part of an established connection. type: bool running_config: description: - The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The I(running_config) argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command C(show configuration commands | grep 'firewall') type: str state: description: - The state the configuration should be left in. type: str choices: - merged - replaced - deleted - gathered - rendered - parsed default: merged """ EXAMPLES = """ # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep firewall # # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set firewall group address-group MGMT-HOSTS address 192.0.1.1", # "set firewall group address-group MGMT-HOSTS address 192.0.1.3", # "set firewall group address-group MGMT-HOSTS address 192.0.1.5", # "set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'", # "set firewall group address-group MGMT-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using parsed # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: running_config: "set firewall all-ping 'enable' set firewall broadcast-ping 'enable' set firewall config-trap 'enable' set firewall group address-group ENG-HOSTS address '192.0.3.1' set firewall group address-group ENG-HOSTS address '192.0.3.2' set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' set firewall group address-group SALES-HOSTS address '192.0.2.1' set firewall group address-group SALES-HOSTS address '192.0.2.2' set firewall group address-group SALES-HOSTS address '192.0.2.3' set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' set firewall group network-group MGMT description 'This group has the Management network addresses' set firewall group network-group MGMT network '192.0.1.0/24' set firewall ip-src-route 'enable' set firewall log-martians 'enable' set firewall receive-redirects 'disable' set firewall send-redirects 'enable' set firewall source-validation 'strict' set firewall state-policy established action 'accept' set firewall state-policy established log 'enable' set firewall state-policy invalid action 'reject' set firewall syn-cookies 'enable' set firewall twa-hazards-protection 'enable'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # } # # # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' - name: Delete attributes of firewall. vyos.vyos.vyos_firewall_global: config: state_policy: config_trap: log_martians: syn_cookies: twa_hazards_protection: route_redirects: ping: group: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # "commands": [ # "delete firewall source-validation", # "delete firewall group", # "delete firewall log-martians", # "delete firewall ip-src-route", # "delete firewall receive-redirects", # "delete firewall send-redirects", # "delete firewall config-trap", # "delete firewall state-policy", # "delete firewall syn-cookies", # "delete firewall broadcast-ping", # "delete firewall all-ping", # "delete firewall twa-hazards-protection" # ] # # "after": [] # After state # ------------ # vyos@192# run show configuration commands | grep firewall # set 'firewall' # # # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Replace firewall global attributes configuration. vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # "commands": [ # "delete firewall group address-group MGMT-HOSTS", # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Gather firewall global config with provided configurations vyos.vyos.vyos_firewall_global: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # """ RETURN = """ before: description: The configuration prior to the model invocation. returned: always type: list sample: > The configuration returned will always be in the same format of the parameters above. after: description: The resulting configuration model invocation. returned: when changed type: list sample: > The configuration returned will always be in the same format of the parameters above. commands: description: The set of commands pushed to the remote device. returned: always type: list sample: ['set firewall group address-group ENG-HOSTS', 'set firewall group address-group ENG-HOSTS address 192.0.3.1'] """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_global.firewall_global import ( Firewall_globalArgs, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_global.firewall_global import ( Firewall_global, ) def main(): """ Main entry point for module execution :returns: the result form module invocation """ required_if = [ ("state", "merged", ("config",)), ("state", "replaced", ("config",)), ("state", "parsed", ("running_config",)), ] mutually_exclusive = [("config", "running_config")] module = AnsibleModule( argument_spec=Firewall_globalArgs.argument_spec, required_if=required_if, supports_check_mode=True, mutually_exclusive=mutually_exclusive, ) result = Firewall_global(module).execute_module() module.exit_json(**result) if __name__ == "__main__": main() diff --git a/plugins/modules/vyos_ntp_global.py b/plugins/modules/vyos_ntp_global.py new file mode 100644 index 00000000..6686aa41 --- /dev/null +++ b/plugins/modules/vyos_ntp_global.py @@ -0,0 +1,812 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for vyos_ntp_global +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = """ + module: vyos_ntp_global + version_added: 2.4.0 + short_description: Manages ntp modules of Vyos network devices + description: + - This module manages ntp configuration on devices running Vyos + author: Varshitha Yataluru (@YVarshitha) + notes: + - Tested against vyos 1.3 + - This module works with connection C(network_cli). + options: + config: + description: List of configurations for ntp module + type: dict + suboptions: + allow_clients: + description: Network Time Protocol (NTP) server options + type: list + elements: str + listen_addresses: + description: local IP addresses for service to listen on + type: list + elements: str + servers: + description: Network Time Protocol (NTP) server + type: list + elements: dict + suboptions: + server: + description: server name for NTP + type: str + options: + description: server options for NTP + type: list + elements: str + choices: + - noselect + - dynamic + - preempt + - prefer + running_config: + description: + - This option is used only with state I(parsed). + - The value of this option should be the output received from the VYOS device by + executing the command B(show configuration commands | grep ntp). + - The states I(replaced) and I(overridden) have identical + behaviour for this module. + - The state I(parsed) reads the configuration from C(show configuration commands | grep ntp) option and + transforms it into Ansible structured data as per the resource module's argspec + and the value is then returned in the I(parsed) key within the result. + type: str + state: + description: + - The state the configuration should be left in. + type: str + choices: + - deleted + - merged + - overridden + - replaced + - gathered + - rendered + - parsed + default: merged +""" +EXAMPLES = """ + +# # ------------------- +# # 1. Using merged +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + +# # Task +# # ------------- +- name: Replace the existing ntp config with the new config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.6.6.0/24 + listen_addresses: + - 10.1.3.1 + servers: + - server: 203.0.113.0 + options: + - prefer + + +# # Task output: +# # ------------- +# "after": { +# "allow_clients": [ +# "10.6.6.0/24" +# ], +# "listen_addresses": [ +# "10.1.3.1" +# ], +# "servers": [ +# { +# "server": "ser", +# "options": [ +# "prefer" +# ] +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# }, +# "before": { +# }, +# "changed": true, +# "commands": [ +# "set system ntp allow-clients address 10.6.6.0/24", +# "set system ntp listen-address 10.1.3.1", +# "set system ntp server 203.0.113.0 prefer" +# ] + +# After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.6.6.0/24' +# set system ntp listen-address '10.1.3.1' +# set system ntp server 203.0.113.0 prefer, +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + + +# # ------------------- +# # 2. Using replaced +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.4.9.0/24' +# set system ntp allow-clients address '10.4.7.0/24' +# set system ntp allow-clients address '10.1.2.0/24' +# set system ntp allow-clients address '10.2.3.0/24' +# set system ntp listen-address '10.1.9.16' +# set system ntp listen-address '10.5.3.2' +# set system ntp listen-address '10.7.9.21' +# set system ntp listen-address '10.8.9.4' +# set system ntp listen-address '10.4.5.1' +# set system ntp server 10.3.6.5 noselect +# set system ntp server 10.3.6.5 dynamic +# set system ntp server 10.3.6.5 preempt +# set system ntp server 10.3.6.5 prefer +# set system ntp server server4 noselect +# set system ntp server server4 dynamic +# set system ntp server server5 +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + +# # Task +# # ------------- +- name: Replace the existing ntp config with the new config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.6.6.0/24 + listen_addresses: + - 10.1.3.1 + servers: + - server: 203.0.113.0 + options: + - prefer + state: replaced + + +# # Task output: +# # ------------- +# "after": { +# "allow_clients": [ +# "10.6.6.0/24" +# ], +# "listen_addresses": [ +# "10.1.3.1" +# ], +# "servers": [ +# { +# "server": "ser", +# "options": [ +# "prefer" +# ] +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# }, +# "before": { +# "allow_clients": [ +# "10.4.7.0/24", +# "10.2.3.0/24", +# "10.1.2.0/24", +# "10.4.9.0/24" +# ], +# "listen_addresses": [ +# "10.7.9.21", +# "10.4.5.1", +# "10.5.3.2", +# "10.8.9.4", +# "10.1.9.16" +# ], +# "servers": [ +# { +# "server": "10.3.6.5", +# "options": [ +# "noselect", +# "dynamic", +# "preempt", +# "prefer" +# ] +# }, +# { +# "server": "server4", +# "options": [ +# "noselect", +# "dynamic" +# ] +# }, +# { +# "server": "server5" +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# }, +# "changed": true, +# "commands": [ +# "delete system ntp allow-clients address 10.4.7.0/24", +# "delete system ntp allow-clients address 10.2.3.0/24", +# "delete system ntp allow-clients address 10.1.2.0/24", +# "delete system ntp allow-clients address 10.4.9.0/24", +# "delete system ntp listen-address 10.7.9.21", +# "delete system ntp listen-address 10.4.5.1", +# "delete system ntp listen-address 10.5.3.2", +# "delete system ntp listen-address 10.8.9.4", +# "delete system ntp listen-address 10.1.9.16", +# "delete system ntp server 10.3.6.5", +# "delete system ntp server server4", +# "delete system ntp server server5", +# "set system ntp allow-clients address 10.6.6.0/24", +# "set system ntp listen-address 10.1.3.1", +# "set system ntp server 203.0.113.0 prefer" +# ] + +# After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.6.6.0/24' +# set system ntp listen-address '10.1.3.1' +# set system ntp server 203.0.113.0 prefer, +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + + + +# # ------------------- +# # 3. Using overridden +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.6.6.0/24' +# set system ntp listen-address '10.1.3.1' +# set system ntp server 203.0.113.0 prefer, +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + +# # Task +# # ------------- +- name: Override ntp config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.3.3.0/24 + listen_addresses: + - 10.7.8.1 + servers: + - server: server1 + options: + - dynamic + - prefer + + - server: server2 + options: + - noselect + - preempt + + - server: serv + state: overridden + + + +# # Task output: +# # ------------- +# "after": { +# "allow_clients": [ +# "10.3.3.0/24" +# ], +# "listen_addresses": [ +# "10.7.8.1" +# ], +# "servers": [ +# { +# "server": "serv" +# }, +# { +# "server": "server1", +# "options": [ +# "dynamic", +# "prefer" +# ] +# }, +# { +# "server": "server2", +# "options": [ +# "noselect", +# "preempt" +# ] +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# }, +# "before": { +# "allow_clients": [ +# "10.6.6.0/24" +# ], +# "listen_addresses": [ +# "10.1.3.1" +# ], +# "servers": [ +# { +# "server": "ser", +# "options": [ +# "prefer" +# ] +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# }, +# "changed": true, +# "commands": [ +# "delete system ntp allow-clients address 10.6.6.0/24", +# "delete system ntp listen-address 10.1.3.1", +# "delete system ntp server ser", +# "set system ntp allow-clients address 10.3.3.0/24", +# "set system ntp listen-address 10.7.8.1", +# "set system ntp server server1 dynamic", +# "set system ntp server server1 prefer", +# "set system ntp server server2 noselect", +# "set system ntp server server2 preempt", +# "set system ntp server serv" +# ] + +# After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.3.3.0/24' +# set system ntp listen-address '10.7.8.1' +# set system ntp server serv +# set system ntp server server1 dynamic +# set system ntp server server1 prefer +# set system ntp server server2 noselect +# set system ntp server server2 preempt +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + + + +# # ------------------- +# # 4. Using gathered +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.3.3.0/24' +# set system ntp listen-address '10.7.8.1' +# set system ntp server serv +# set system ntp server server1 dynamic +# set system ntp server server1 prefer +# set system ntp server server2 noselect +# set system ntp server server2 preempt +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + +# # Task +# # ------------- +- name: Gather ntp config + vyos.vyos.vyos_ntp_global: + state: gathered + +# # Task output: +# # ------------- +# "gathered": { +# "allow_clients": [ +# "10.3.3.0/24" +# ], +# "listen_addresses": [ +# "10.7.8.1" +# ], +# "servers": [ +# { +# "server": "serv" +# }, +# { +# "server": "server1", +# "options": [ +# "dynamic", +# "prefer" +# ] +# }, +# { +# "server": "server2", +# "options": [ +# "noselect", +# "preempt" +# ] +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# } + +# After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.3.3.0/24' +# set system ntp listen-address '10.7.8.1' +# set system ntp server serv +# set system ntp server server1 dynamic +# set system ntp server server1 prefer +# set system ntp server server2 noselect +# set system ntp server server2 preempt +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + + +# # ------------------- +# # 5. Using deleted +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp allow-clients address '10.3.3.0/24' +# set system ntp listen-address '10.7.8.1' +# set system ntp server serv +# set system ntp server server1 dynamic +# set system ntp server server1 prefer +# set system ntp server server2 noselect +# set system ntp server server2 preempt +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + +# # Task +# # ------------- +- name: Delete ntp config + vyos.vyos.vyos_ntp_global: + state: deleted + + +# # Task output: +# # ------------- +# "after": { +# "servers": [ +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# }, +# "before": { +# "allow_clients": [ +# "10.3.3.0/24" +# ], +# "listen_addresses": [ +# "10.7.8.1" +# ], +# "servers": [ +# { +# "server": "serv" +# }, +# { +# "server": "server1", +# "options": [ +# "dynamic", +# "prefer" +# ] +# }, +# { +# "server": "server2", +# "options": [ +# "noselect", +# "preempt" +# ] +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# ] +# }, +# "changed": true, +# "commands": [ +# "delete system ntp allow-clients", +# "delete system ntp listen-address", +# "delete system ntp server serv", +# "delete system ntp server server1", +# "delete system ntp server server2" +# +# ] + +# After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + + +# # ------------------- +# # 6. Using rendered +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep ntp +# set system ntp server time1.vyos.net +# set system ntp server time2.vyos.net +# set system ntp server time3.vyos.net +# vyos@vyos:~$ + +# # Task +# # ------------- +- name: Gather ntp config + vyos.vyos.vyos_ntp_global: + config: + allow_clients: + - 10.7.7.0/24 + - 10.8.8.0/24 + listen_addresses: + - 10.7.9.1 + servers: + - server: server7 + + - server: server45 + options: + - noselect + - prefer + - server: time1.vyos.net + + - server: time2.vyos.net + + - server: time3.vyos.net + + state: rendered + + +# # Task output: +# # ------------- +# "rendered": [ +# "set system ntp allow-clients address 10.7.7.0/24", +# "set system ntp allow-clients address 10.8.8.0/24", +# "set system ntp listen-address 10.7.9.1", +# "set system ntp server server7", +# "set system ntp server server45 noselect", +# "set system ntp server server45 prefer", +# "set system ntp server time1.vyos.net", +# "set system ntp server time2.vyos.net", +# "set system ntp server time3.vyos.net" +# ] + + +# # ------------------- +# # 7. Using parsed +# # ------------------- + +# # sample_config.cfg: +# # ------------- +# "set system ntp allow-clients address 10.7.7.0/24", +# "set system ntp listen-address 10.7.9.1", +# "set system ntp server server45 noselect", +# "set system ntp allow-clients addres 10.8.6.0/24", +# "set system ntp listen-address 10.5.4.1", +# "set system ntp server server45 dynamic", +# "set system ntp server time1.vyos.net", +# "set system ntp server time2.vyos.net", +# "set system ntp server time3.vyos.net" + +# # Task: +# # ------------- +- name: Parse externally provided ntp configuration + vyos.vyos.vyos_ntp_global: + running_config: "{{ lookup('file', './sample_config.cfg') }}" + state: parsed + +# # Task output: +# # ------------- +# parsed = { +# "allow_clients": [ +# "10.7.7.0/24", +# "10.8.6.0/24 +# ], +# "listen_addresses": [ +# "10.5.4.1", +# "10.7.9.1" +# ], +# "servers": [ +# { +# "server": "server45", +# "options": [ +# "noselect", +# "dynamic" +# +# ] +# }, +# { +# "server": "time1.vyos.net" +# }, +# { +# "server": "time2.vyos.net" +# }, +# { +# "server": "time3.vyos.net" +# } +# +# ] +# } + +""" +RETURN = """ +before: + description: The configuration prior to the module execution. + returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after module execution. + returned: when changed + type: dict + sample: > + This output will always be in the same format as the + module argspec. +commands: + description: The set of commands pushed to the remote device. + returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) + type: list + sample: + - set system ntp server server1 dynamic + - set system ntp server server1 prefer + - set system ntp server server2 noselect + - set system ntp server server2 preempt + - set system ntp server server_add preempt +rendered: + description: The provided configuration in the task rendered in device-native format (offline). + returned: when I(state) is C(rendered) + type: list + sample: + - set system ntp server server1 dynamic + - set system ntp server server1 prefer + - set system ntp server server2 noselect + - set system ntp server server2 preempt + - set system ntp server server_add preempt + +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when I(state) is C(gathered) + type: list + sample: > + This output will always be in the same format as the + module argspec. +parsed: + description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. + returned: when I(state) is C(parsed) + type: list + sample: > + This output will always be in the same format as the + module argspec. +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.ntp_global.ntp_global import ( + Ntp_globalArgs, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.ntp_global.ntp_global import ( + Ntp_global, +) + + +def main(): + """ + Main entry point for module execution + + :returns: the result form module invocation + """ + module = AnsibleModule( + argument_spec=Ntp_globalArgs.argument_spec, + mutually_exclusive=[["config", "running_config"]], + required_if=[ + ["state", "merged", ["config"]], + ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], + ["state", "rendered", ["config"]], + ["state", "parsed", ["running_config"]], + ], + supports_check_mode=True, + ) + + result = Ntp_global(module).execute_module() + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/vyos_ospf_interfaces.py b/plugins/modules/vyos_ospf_interfaces.py index 732a5e7f..61ef32ee 100644 --- a/plugins/modules/vyos_ospf_interfaces.py +++ b/plugins/modules/vyos_ospf_interfaces.py @@ -1,917 +1,917 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # Copyright 2020 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) ############################################# # WARNING # ############################################# # # This file is auto generated by the resource # module builder playbook. # # Do not edit this file manually. # # Changes to this file will be over written # by the resource module builder. # # Changes should be made in the model used to # generate this file or in the resource module # builder template. # ############################################# """ The module file for vyos_ospf_interfaces """ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ module: vyos_ospf_interfaces version_added: 1.2.0 short_description: OSPF Interfaces Resource Module. description: - This module manages OSPF configuration of interfaces on devices running VYOS. author: Gomathi Selvi Srinivasan (@GomathiselviS) options: config: description: A list of OSPF configuration for interfaces. type: list elements: dict suboptions: name: description: - Name/Identifier of the interface. type: str address_family: description: - OSPF settings on the interfaces in address-family context. type: list elements: dict suboptions: afi: description: - Address Family Identifier (AFI) for OSPF settings on the interfaces. type: str choices: ['ipv4', 'ipv6'] required: True authentication: description: - Authentication settings on the interface. type: dict suboptions: plaintext_password: description: - Plain Text password. type: str md5_key: description: - md5 parameters. type: dict suboptions: key_id: description: - key id. type: int key: description: - md5 key. type: str bandwidth: description: - Bandwidth of interface (kilobits/sec) type: int cost: description: - metric associated with interface. type: int dead_interval: description: - Time interval to detect a dead router. type: int hello_interval: description: - Timer interval between transmission of hello packets. type: int mtu_ignore: description: - if True, Disable MTU check for Database Description packets. type: bool network: description: - Interface type. type: str priority: description: - Interface priority. type: int retransmit_interval: description: - LSA retransmission interval. type: int transmit_delay: description: - LSA transmission delay. type: int ifmtu: description: - interface MTU. type: int instance: description: - Instance ID. type: str passive: description: - If True, disables forming adjacency. type: bool running_config: description: - This option is used only with state I(parsed). - - The value of this option should be the output received from the IOS device by - executing the command B(sh running-config | section ^interface). + - The value of this option should be the output received from the VYOS device by + executing the command B(show configuration commands | match "set interfaces"). - The state I(parsed) reads the configuration from C(running_config) option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the I(parsed) key within the result. type: str state: description: - The state the configuration should be left in. type: str choices: - merged - replaced - overridden - deleted - gathered - parsed - rendered default: merged """ EXAMPLES = """ # Using merged # # Before state: # ------------- # # @vyos:~$ show configuration commands | match "ospf" - name: Merge provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" transmit_delay: 50 priority: 26 network: "point-to-point" - afi: "ipv6" dead_interval: 39 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 bandwidth: 70 authentication: md5_key: key_id: 10 key: "1111111111232345" - afi: "ipv6" passive: True state: merged # After State: # -------------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # "after": [ # " # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "set interfaces ethernet eth1 ip ospf transmit-delay 50", # "set interfaces ethernet eth1 ip ospf priority 26", # "set interfaces ethernet eth1 ip ospf network point-to-point", # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "set interfaces bonding bond2 ip ospf transmit-delay 45", # "set interfaces bonding bond2 ip ospf bandwidth 70", # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", # "set interfaces bonding bond2 ipv6 ospfv3 passive" # ], # Using replaced: # Before State: # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' - name: Replace provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" cost: 100 - afi: "ipv6" ifmtu: 33 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 - afi: "ipv6" passive: True state: replaced # After State: # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf cost '100' # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' # vyos@vyos:~$ # Module Execution # ---------------- # "after": [ # { # "address_family": [ # { # "afi": "ipv4", # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "set interfaces ethernet eth1 ip ospf cost 100", # "set interfaces ethernet eth1 ipv6 ospfv3 ifmtu 33", # "delete interfaces ethernet eth1 ip ospf network point-to-point", # "delete interfaces ethernet eth1 ip ospf priority 26", # "delete interfaces ethernet eth1 ip ospf transmit-delay 50", # "delete interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "delete interfaces bonding bond2 ip ospf authentication", # "delete interfaces bonding bond2 ip ospf bandwidth 70" # ], # # Using Overridden: # ----------------- # Before State: # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf cost '100' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' # vyos@vyos:~$ - name: Override device configuration with provided configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth0" address_family: - afi: "ipv4" cost: 100 - afi: "ipv6" ifmtu: 33 passive: True state: overridden # After State: # ----------- # 200~vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces ethernet eth0 ip ospf cost '100' # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' # set interfaces ethernet eth0 ipv6 ospfv3 'passive' # vyos@vyos:~$ # # # "after": [ # { # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33, # "passive": true # } # ], # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100, # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39, # "ifmtu": 33 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "delete interfaces bonding bond2 ip ospf", # "delete interfaces bonding bond2 ipv6 ospfv3", # "delete interfaces ethernet eth1 ip ospf", # "delete interfaces ethernet eth1 ipv6 ospfv3", # "set interfaces ethernet eth0 ip ospf cost 100", # "set interfaces ethernet eth0 ipv6 ospfv3 ifmtu 33", # "set interfaces ethernet eth0 ipv6 ospfv3 passive" # ], # # Using deleted: # ------------- # before state: # ------------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth0 ip ospf cost '100' # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' # set interfaces ethernet eth0 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ - name: Delete device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth0" state: deleted # After State: # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ # # # "after": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33, # "passive": true # } # ], # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "delete interfaces ethernet eth0 ip ospf", # "delete interfaces ethernet eth0 ipv6 ospfv3" # ], # # Using parsed: # parsed.cfg: # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth0 ip ospf cost '50' # set interfaces ethernet eth0 ip ospf priority '26' # set interfaces ethernet eth0 ipv6 ospfv3 instance-id '33' # set interfaces ethernet eth0 ipv6 ospfv3 'mtu-ignore' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # - name: parse configs vyos.vyos.vyos_ospf_interfaces: running_config: "{{ lookup('file', './parsed.cfg') }}" state: parsed # Module Execution: # ---------------- # "parsed": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 50, # "priority": 26 # }, # { # "afi": "ipv6", # "instance": "33", # "mtu_ignore": true # } # ], # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # } # ] # Using rendered: # -------------- - name: Render vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" transmit_delay: 50 priority: 26 network: "point-to-point" - afi: "ipv6" dead_interval: 39 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 bandwidth: 70 authentication: md5_key: key_id: 10 key: "1111111111232345" - afi: "ipv6" passive: True state: rendered # Module Execution: # ---------------- # "rendered": [ # "set interfaces ethernet eth1 ip ospf transmit-delay 50", # "set interfaces ethernet eth1 ip ospf priority 26", # "set interfaces ethernet eth1 ip ospf network point-to-point", # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "set interfaces bonding bond2 ip ospf transmit-delay 45", # "set interfaces bonding bond2 ip ospf bandwidth 70", # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", # "set interfaces bonding bond2 ipv6 ospfv3 passive" # ] # # Using Gathered: # -------------- # Native Config: # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ - name: gather configs vyos.vyos.vyos_ospf_interfaces: state: gathered # Module Execution: # ----------------- # "gathered": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.ospf_interfaces.ospf_interfaces import ( Ospf_interfacesArgs, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.ospf_interfaces.ospf_interfaces import ( Ospf_interfaces, ) def main(): """ Main entry point for module execution :returns: the result form module invocation """ module = AnsibleModule( argument_spec=Ospf_interfacesArgs.argument_spec, mutually_exclusive=[], required_if=[], supports_check_mode=False, ) result = Ospf_interfaces(module).execute_module() module.exit_json(**result) if __name__ == "__main__": main() diff --git a/plugins/modules/vyos_ping.py b/plugins/modules/vyos_ping.py index 90aa6d30..1052a9e2 100644 --- a/plugins/modules/vyos_ping.py +++ b/plugins/modules/vyos_ping.py @@ -1,261 +1,261 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # (c) 2017, Ansible by Red Hat, inc # # This file is part of Ansible by Red Hat # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . # from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ module: vyos_ping short_description: Tests reachability using ping from VyOS network devices description: - Tests reachability using ping from a VyOS device to a remote destination. - Tested against VyOS 1.1.8 (helium) -- For a general purpose network module, see the M(net_ping) module. -- For Windows targets, use the M(win_ping) module instead. -- For targets running Python, use the M(ping) module instead. +- For a general purpose network module, see the net_ping module. +- For Windows targets, use the win_ping module instead. +- For targets running Python, use the ping module instead. version_added: 1.0.0 author: - Nilashish Chakraborty (@NilashishC) options: dest: description: - The IP Address or hostname (resolvable by the device) of the remote node. required: true type: str count: description: - Number of packets to send to check reachability. type: int default: 5 source: description: - The source interface or IP Address to use while sending the ping packet(s). type: str ttl: description: - The time-to-live value for the ICMP packet(s). type: int size: description: - Determines the size (in bytes) of the ping packet(s). type: int interval: description: - Determines the interval (in seconds) between consecutive pings. type: int state: description: - Determines if the expected result is success or fail. type: str choices: - absent - present default: present notes: - Tested against VyOS 1.1.8 (helium). -- For a general purpose network module, see the M(net_ping) module. -- For Windows targets, use the M(win_ping) module instead. -- For targets running Python, use the M(ping) module instead. +- For a general purpose network module, see the net_ping module. +- For Windows targets, use the win_ping module instead. +- For targets running Python, use the ping module instead. - This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). extends_documentation_fragment: - vyos.vyos.vyos """ EXAMPLES = """ - name: Test reachability to 10.10.10.10 vyos.vyos.vyos_ping: dest: 10.10.10.10 - name: Test reachability to 10.20.20.20 using source and ttl set vyos.vyos.vyos_ping: dest: 10.20.20.20 source: eth0 ttl: 128 - name: Test reachability to 10.30.30.30 using interval vyos.vyos.vyos_ping: dest: 10.30.30.30 interval: 3 state: absent - name: Test reachability to 10.40.40.40 setting count and source vyos.vyos.vyos_ping: dest: 10.40.40.40 source: eth1 count: 20 size: 512 """ RETURN = """ commands: description: List of commands sent. returned: always type: list sample: ["ping 10.8.38.44 count 10 interface eth0 ttl 128"] packet_loss: description: Percentage of packets lost. returned: always type: str sample: "0%" packets_rx: description: Packets successfully received. returned: always type: int sample: 20 packets_tx: description: Packets successfully transmitted. returned: always type: int sample: 20 rtt: description: The round trip time (RTT) stats. returned: when ping succeeds type: dict sample: {"avg": 2, "max": 8, "min": 1, "mdev": 24} """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import ( run_commands, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import ( vyos_argument_spec, ) import re def main(): """main entry point for module execution""" argument_spec = dict( count=dict(type="int", default=5), dest=dict(type="str", required=True), source=dict(type="str"), ttl=dict(type="int"), size=dict(type="int"), interval=dict(type="int"), state=dict( type="str", choices=["absent", "present"], default="present" ), ) argument_spec.update(vyos_argument_spec) module = AnsibleModule(argument_spec=argument_spec) count = module.params["count"] dest = module.params["dest"] source = module.params["source"] size = module.params["size"] ttl = module.params["ttl"] interval = module.params["interval"] warnings = list() results = {} if warnings: results["warnings"] = warnings results["commands"] = [ build_ping(dest, count, size, interval, source, ttl) ] ping_results = run_commands(module, commands=results["commands"]) ping_results_list = ping_results[0].split("\n") rtt_info, rate_info = None, None for line in ping_results_list: if line.startswith("rtt"): rtt_info = line if line.startswith("%s packets transmitted" % count): rate_info = line if rtt_info: rtt = parse_rtt(rtt_info) for k, v in rtt.items(): if rtt[k] is not None: rtt[k] = int(v) results["rtt"] = rtt pkt_loss, rx, tx = parse_rate(rate_info) results["packet_loss"] = str(pkt_loss) + "%" results["packets_rx"] = int(rx) results["packets_tx"] = int(tx) validate_results(module, pkt_loss, results) module.exit_json(**results) def build_ping(dest, count, size=None, interval=None, source=None, ttl=None): cmd = "ping {0} count {1}".format(dest, str(count)) if source: cmd += " interface {0}".format(source) if ttl: cmd += " ttl {0}".format(str(ttl)) if size: cmd += " size {0}".format(str(size)) if interval: cmd += " interval {0}".format(str(interval)) return cmd def parse_rate(rate_info): rate_re = re.compile( r"(?P\d+) (?:\w+) (?:\w+), (?P\d+) (?:\w+), (?P\d+)% (?:\w+) (?:\w+), (?:\w+) (?P