diff --git a/README.md b/README.md index 2a63d7d..2bd4565 100644 --- a/README.md +++ b/README.md @@ -1,173 +1,173 @@ # VyOS Collection [![CI](https://zuul-ci.org/gated.svg)](https://dashboard.zuul.ansible.com/t/ansible/project/github.com/ansible-collections/vyos) The Ansible VyOS collection includes a variety of Ansible content to help automate the management of VyOS network appliances. This collection has been tested against VyOS 1.1.8 (helium). ## Ansible version compatibility This collection has been tested against following Ansible versions: **>=2.9.10**. Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible. ### Supported connections The VyOS collection supports ``network_cli`` connections. ## Included content ### Cliconf plugins Name | Description --- | --- [vyos.vyos.vyos](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_cliconf.rst)|Use vyos cliconf to run command on VyOS platform ### Filter plugins Name | Description --- | --- +### Inventory plugins +Name | Description +--- | --- + ### Modules Name | Description --- | --- [vyos.vyos.vyos_banner](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_banner_module.rst)|Manage multiline banners on VyOS devices [vyos.vyos.vyos_command](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_command_module.rst)|Run one or more commands on VyOS devices [vyos.vyos.vyos_config](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_config_module.rst)|Manage VyOS configuration on remote device [vyos.vyos.vyos_facts](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_facts_module.rst)|Get facts about vyos devices. [vyos.vyos.vyos_firewall_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_global_module.rst)|FIREWALL global resource module [vyos.vyos.vyos_firewall_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_interfaces_module.rst)|FIREWALL interfaces resource module [vyos.vyos.vyos_firewall_rules](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_rules_module.rst)|FIREWALL rules resource module [vyos.vyos.vyos_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices [vyos.vyos.vyos_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interfaces_module.rst)|Interfaces resource module [vyos.vyos.vyos_l3_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices [vyos.vyos.vyos_l3_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interfaces_module.rst)|L3 interfaces resource module [vyos.vyos.vyos_lag_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lag_interfaces_module.rst)|LAG interfaces resource module [vyos.vyos.vyos_linkagg](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_linkagg_module.rst)|(deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices [vyos.vyos.vyos_lldp](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices [vyos.vyos.vyos_lldp_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_global_module.rst)|LLDP global resource module [vyos.vyos.vyos_lldp_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices [vyos.vyos.vyos_lldp_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interfaces_module.rst)|LLDP interfaces resource module [vyos.vyos.vyos_logging](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_logging_module.rst)|Manage logging on network devices [vyos.vyos.vyos_ospf_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospf_interfaces_module.rst)|OSPF Interfaces Resource Module. [vyos.vyos.vyos_ospfv2](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv2_module.rst)|OSPFv2 resource module [vyos.vyos.vyos_ospfv3](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv3_module.rst)|OSPFV3 resource module [vyos.vyos.vyos_ping](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ping_module.rst)|Tests reachability using ping from VyOS network devices [vyos.vyos.vyos_static_route](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_route_module.rst)|(deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices [vyos.vyos.vyos_static_routes](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_routes_module.rst)|Static routes resource module [vyos.vyos.vyos_system](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_system_module.rst)|Run `set system` commands on VyOS devices [vyos.vyos.vyos_user](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_user_module.rst)|Manage the collection of local users on VyOS device [vyos.vyos.vyos_vlan](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_vlan_module.rst)|Manage VLANs on VyOS network devices -### Inventory plugins -Name | Description ---- | --- - Click the ``Content`` button to see the list of content included in this collection. ## Installing this collection You can install the VyOS collection with the Ansible Galaxy CLI: ansible-galaxy collection install vyos.vyos You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format: ```yaml --- collections: - name: vyos.vyos ``` ## Using this collection This collection includes [network resource modules](https://docs.ansible.com/ansible/latest/network/user_guide/network_resource_modules.html). ### Using modules from the VyOS collection in your playbooks You can call modules by their Fully Qualified Collection Namespace (FQCN), such as `vyos.vyos.vyos_static_routes`. The following example task replaces configuration changes in the existing configuration on a VyOS network device, using the FQCN: ```yaml --- - name: Replace device configurations of listed static routes with provided configurations register: result vyos.vyos.vyos_static_routes: &id001 config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: distance: 2 next_hops: - forward_router_address: 192.0.2.7 - forward_router_address: 192.0.2.8 - forward_router_address: 192.0.2.9 state: replaced ``` **NOTE**: For Ansible 2.9, you may not see deprecation warnings when you run your playbooks with this collection. Use this documentation to track when a module is deprecated. ### See Also: * [VyOS Platform Options](https://docs.ansible.com/ansible/latest/network/user_guide/platform_vyos.html) * [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details. ## Contributing to this collection We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the [VyOS collection repository](https://github.com/ansible-collections/vyos). See [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details. You can also join us on: - Freenode IRC - ``#ansible-network`` Freenode channel - Slack - https://ansiblenetwork.slack.com See the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for details on contributing to Ansible. ### Code of Conduct This collection follows the Ansible project's [Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html). Please read and familiarize yourself with this document. ## Changelogs ## Release notes Release notes are available [here](https://github.com/ansible-collections/vyos.vyos/blob/main/changelogs/CHANGELOG.rst). ## Roadmap ## More information - [Ansible network resources](https://docs.ansible.com/ansible/latest/network/getting_started/network_resources.html) - [Ansible Collection overview](https://github.com/ansible-collections/overview) - [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) - [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html) - [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) ## Licensing GNU General Public License v3.0 or later. See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. diff --git a/changelogs/fragments/.keep b/changelogs/fragments/.keep new file mode 100644 index 0000000..e69de29 diff --git a/changelogs/fragments/122-rpc-unbloat.yaml b/changelogs/fragments/122-rpc-unbloat.yaml new file mode 100644 index 0000000..0bee3e8 --- /dev/null +++ b/changelogs/fragments/122-rpc-unbloat.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - cliconf plugin - Prevent `get_capabilities()` from getting larger every time it is called diff --git a/docs/vyos.vyos.vyos_banner_module.rst b/docs/vyos.vyos.vyos_banner_module.rst index 8e14ce3..d046cc4 100644 --- a/docs/vyos.vyos.vyos_banner_module.rst +++ b/docs/vyos.vyos.vyos_banner_module.rst @@ -1,280 +1,280 @@ .. _vyos.vyos.vyos_banner_module: ********************* vyos.vyos.vyos_banner ********************* **Manage multiline banners on VyOS devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This will configure both pre-login and post-login banners on remote devices running VyOS. It allows playbooks to add or remote banner text from the active running configuration. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
banner
string / required
    Choices:
  • pre-login
  • post-login
Specifies which banner that should be configured on the remote device.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
Specifies whether or not the configuration is present in the current devices active running configuration.
text
string
The banner text that should be present in the remote device running configuration. This argument accepts a multiline string, with no empty lines. Requires state=present.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: configure the pre-login banner vyos.vyos.vyos_banner: banner: pre-login text: | this is my pre-login banner that contains a multiline string state: present - name: remove the post-login banner vyos.vyos.vyos_banner: banner: post-login state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
The list of configuration mode commands to send to the device

Sample:
['banner pre-login', 'this is my pre-login banner', 'that contains a multiline', 'string']


Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) diff --git a/docs/vyos.vyos.vyos_command_module.rst b/docs/vyos.vyos.vyos_command_module.rst index 41041bc..36ae764 100644 --- a/docs/vyos.vyos.vyos_command_module.rst +++ b/docs/vyos.vyos.vyos_command_module.rst @@ -1,377 +1,377 @@ .. _vyos.vyos.vyos_command_module: ********************** vyos.vyos.vyos_command ********************** **Run one or more commands on VyOS devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - The command module allows running one or more commands on remote devices running VyOS. This module can also be introspected to validate key parameters before returning successfully. If the conditional statements are not met in the wait period, the task fails. - Certain ``show`` commands in VyOS produce many lines of output and use a custom pager that can cause this module to hang. If the value of the environment variable ``ANSIBLE_VYOS_TERMINAL_LENGTH`` is not set, the default number of 10000 is used. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
commands
list / elements=raw / required
The ordered set of commands to execute on the remote device running VyOS. The output from the command execution is returned to the playbook. If the wait_for argument is provided, the module is not returned until the condition is satisfied or the number of retries has been exceeded.
If a command sent to the device requires answering a prompt, it is possible to pass a dict containing command, answer and prompt. Common answers are 'y' or "\r" (carriage return, must be double quotes). Refer below examples.
interval
integer
Default:
1
Configures the interval in seconds to wait between retries of the command. If the command does not pass the specified conditions, the interval indicates how long to wait before trying the command again.
match
string
    Choices:
  • any
  • all ←
The match argument is used in conjunction with the wait_for argument to specify the match policy. Valid values are all or any. If the value is set to all then all conditionals in the wait_for must be satisfied. If the value is set to any then only one of the values must be satisfied.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
retries
integer
Default:
10
Specifies the number of retries a command should be tried before it is considered failed. The command is run on the target device every retry and evaluated against the wait_for conditionals.
wait_for
list / elements=string
Specifies what to evaluate from the output of the command and what conditionals to apply. This argument will cause the task to wait for a particular conditional to be true before moving forward. If the conditional is not true by the configured retries, the task fails. See examples.

aliases: waitfor

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - Running ``show system boot-messages all`` will cause the module to hang since VyOS is using a custom pager setting to display the output of that command. - If a command sent to the device requires answering a prompt, it is possible to pass a dict containing *command*, *answer* and *prompt*. See examples. - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: show configuration on ethernet devices eth0 and eth1 vyos.vyos.vyos_command: commands: - show interfaces ethernet {{ item }} with_items: - eth0 - eth1 - name: run multiple commands and check if version output contains specific version string vyos.vyos.vyos_command: commands: - show version - show hardware cpu wait_for: - result[0] contains 'VyOS 1.1.7' - name: run command that requires answering a prompt vyos.vyos.vyos_command: commands: - command: rollback 1 prompt: Proceed with reboot? [confirm][y] answer: y Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
failed_conditions
list
failed
The list of conditionals that have failed

Sample:
['...', '...']
stdout
list
always apart from low level errors (such as action plugin)
The set of responses from the commands

Sample:
['...', '...']
stdout_lines
list
always
The value of stdout split into a list

Sample:
[['...', '...'], ['...'], ['...']]
warnings
list
always
The list of warnings (if any) generated by module based on arguments

Sample:
['...', '...']


Status ------ Authors ~~~~~~~ - Nathaniel Case (@Qalthos) diff --git a/docs/vyos.vyos.vyos_config_module.rst b/docs/vyos.vyos.vyos_config_module.rst index 0914d8e..d6f2f6b 100644 --- a/docs/vyos.vyos.vyos_config_module.rst +++ b/docs/vyos.vyos.vyos_config_module.rst @@ -1,511 +1,511 @@ .. _vyos.vyos.vyos_config_module: ********************* vyos.vyos.vyos_config ********************* **Manage VyOS configuration on remote device** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides configuration file management of VyOS devices. It provides arguments for managing both the configuration file and state of the active configuration. All configuration statements are based on `set` and `delete` commands in the device configuration. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
backup
boolean
    Choices:
  • no ←
  • yes
The backup argument will backup the current devices active configuration to the Ansible control host prior to making any changes. If the backup_options value is not given, the backup file will be located in the backup folder in the playbook root directory or role root directory, if playbook is part of an ansible role. If the directory does not exist, it is created.
backup_options
dictionary
This is a dict object containing configurable options related to backup file path. The value of this option is read only when backup is set to yes, if backup is set to no this option will be silently ignored.
dir_path
path
This option provides the path ending with directory name in which the backup configuration file will be stored. If the directory does not exist it will be first created and the filename is either the value of filename or default filename as described in filename options description. If the path value is not given in that case a backup directory will be created in the current working directory and backup configuration will be copied in filename within backup directory.
filename
string
The filename to be used to store the backup configuration. If the filename is not given it will be generated based on the hostname, current time and date in format defined by <hostname>_config.<current-date>@<current-time>
comment
string
Default:
"configured by vyos_config"
Allows a commit description to be specified to be included when the configuration is committed. If the configuration is not changed or committed, this argument is ignored.
config
string
The config argument specifies the base configuration to use to compare against the desired configuration. If this value is not specified, the module will automatically retrieve the current active configuration from the remote device.
lines
list / elements=string
The ordered set of configuration lines to be managed and compared with the existing configuration on the remote device.
match
string
    Choices:
  • line ←
  • none
The match argument controls the method used to match against the current active configuration. By default, the desired config is matched against the active config and the deltas are loaded. If the match argument is set to none the active configuration is ignored and the configuration is always loaded.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
save
boolean
    Choices:
  • no ←
  • yes
The save argument controls whether or not changes made to the active configuration are saved to disk. This is independent of committing the config. When set to True, the active configuration is saved.
src
path
The src argument specifies the path to the source config file to load. The source config file can either be in bracket format or set format. The source file can include Jinja2 template variables.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: configure the remote device vyos.vyos.vyos_config: lines: - set system host-name {{ inventory_hostname }} - set service lldp - delete service dhcp-server - name: backup and load from file vyos.vyos.vyos_config: src: vyos.cfg backup: yes - name: render a Jinja2 template onto the VyOS router vyos.vyos.vyos_config: src: vyos_template.j2 - name: for idempotency, use full-form commands vyos.vyos.vyos_config: lines: # - set int eth eth2 description 'OUTSIDE' - set interface ethernet eth2 description 'OUTSIDE' - name: configurable backup path vyos.vyos.vyos_config: backup: yes backup_options: filename: backup.cfg dir_path: /home/user Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
backup_path
string
when backup is yes
The full path to the backup file

Sample:
/playbooks/ansible/backup/vyos_config.2016-07-16@22:28:34
commands
list
always
The list of configuration commands sent to the device

Sample:
['...', '...']
date
string
when backup is yes
The date extracted from the backup file name

Sample:
2016-07-16
filename
string
when backup is yes and filename is not specified in backup options
The name of the backup file

Sample:
vyos_config.2016-07-16@22:28:34
filtered
list
always
The list of configuration commands removed to avoid a load failure

Sample:
['...', '...']
shortname
string
when backup is yes and filename is not specified in backup options
The full path to the backup file excluding the timestamp

Sample:
/playbooks/ansible/backup/vyos_config
time
string
when backup is yes
The time extracted from the backup file name

Sample:
22:28:34


Status ------ Authors ~~~~~~~ - Nathaniel Case (@Qalthos) diff --git a/docs/vyos.vyos.vyos_facts_module.rst b/docs/vyos.vyos.vyos_facts_module.rst index d285864..3177888 100644 --- a/docs/vyos.vyos.vyos_facts_module.rst +++ b/docs/vyos.vyos.vyos_facts_module.rst @@ -1,427 +1,427 @@ .. _vyos.vyos.vyos_facts_module: ******************** vyos.vyos.vyos_facts ******************** **Get facts about vyos devices.** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Collects facts from network devices running the vyos operating system. This module places the facts gathered in the fact tree keyed by the respective resource name. The facts module will always collect a base set of facts from the device and can enable or disable collection of additional facts. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
gather_network_resources
list / elements=string
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all and the resources like interfaces. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces', 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', 'firewall_interfaces', 'ospfv3', 'ospfv2'.
gather_subset
list / elements=string
Default:
"!config"
When supplied, this argument will restrict the facts collected to a given subset. Possible values for this argument include all, default, config, and neighbors. Can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Gather all facts - vyos.vyos.vyos_facts: gather_subset: all gather_network_resources: all # collect only the config and default facts - vyos.vyos.vyos_facts: gather_subset: config # collect everything exception the config - vyos.vyos.vyos_facts: gather_subset: '!config' # Collect only the interfaces facts - vyos.vyos.vyos_facts: gather_subset: - '!all' - '!min' gather_network_resources: - interfaces # Do not collect interfaces facts - vyos.vyos.vyos_facts: gather_network_resources: - '!interfaces' # Collect interfaces and minimal default facts - vyos.vyos.vyos_facts: gather_subset: min gather_network_resources: interfaces Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
ansible_net_api
string
always
The name of the transport

ansible_net_commits
list
when present
The set of available configuration revisions

ansible_net_config
string
when config is configured
The running-config from the device

ansible_net_gather_network_resources
list
always
The list of fact resource subsets collected from the device

ansible_net_gather_subset
list
always
The list of subsets gathered by the module

ansible_net_hostname
string
always
The configured system hostname

ansible_net_model
string
always
The device model string

ansible_net_neighbors
list
when interface is configured
The set of LLDP neighbors

ansible_net_python_version
string
always
The Python version Ansible controller is using

ansible_net_serialnum
string
always
The serial number of the device

ansible_net_version
string
always
The version of the software running



Status ------ Authors ~~~~~~~ - Nathaniel Case (@qalthos) - Nilashish Chakraborty (@Nilashishc) - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_firewall_global_module.rst b/docs/vyos.vyos.vyos_firewall_global_module.rst index 30f7ecf..b37cf02 100644 --- a/docs/vyos.vyos.vyos_firewall_global_module.rst +++ b/docs/vyos.vyos.vyos_firewall_global_module.rst @@ -1,1749 +1,1749 @@ .. _vyos.vyos.vyos_firewall_global_module: ****************************** vyos.vyos.vyos_firewall_global ****************************** **FIREWALL global resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manage global policies or configurations for firewall on VyOS devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
dictionary
A dictionary of Firewall global configuration options.
config_trap
boolean
    Choices:
  • no
  • yes
SNMP trap generation on firewall configuration changes.
group
dictionary
Defines a group of objects for referencing in firewall rules.
address_group
list / elements=dictionary
Defines a group of IP addresses for referencing in firewall rules.
description
string
Allows you to specify a brief description for the address group.
members
list / elements=dictionary
Address-group members.
IPv4 address to match.
IPv4 range to match.
address
string
IP address.
name
string / required
Name of the firewall address group.
network_group
list / elements=dictionary
Defines a group of networks for referencing in firewall rules.
description
string
Allows you to specify a brief description for the network group.
members
list / elements=dictionary
Adds an IPv4 network to the specified network group.
The format is ip-address/prefix.
address
string
IP address.
name
string / required
Name of the firewall network group.
port_group
list / elements=dictionary
Defines a group of ports for referencing in firewall rules.
description
string
Allows you to specify a brief description for the port group.
members
list / elements=dictionary
Port-group member.
port
string
Defines the number.
name
string / required
Name of the firewall port group.
log_martians
boolean
    Choices:
  • no
  • yes
Specifies whether or not to record packets with invalid addresses in the log.
(True) Logs packets with invalid addresses.
(False) Does not log packets with invalid addresses.
ping
dictionary
Policy for handling of all IPv4 ICMP echo requests.
all
boolean
    Choices:
  • no
  • yes
Enables or disables response to all IPv4 ICMP Echo Request (ping) messages.
The system responds to IPv4 ICMP Echo Request messages.
broadcast
boolean
    Choices:
  • no
  • yes
Enables or disables response to broadcast IPv4 ICMP Echo Request and Timestamp Request messages.
IPv4 ICMP Echo and Timestamp Request messages are not processed.
route_redirects
list / elements=dictionary
-A dictionary of Firewall icmp redirect and source route global configuration options.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Specifies IP address type
icmp_redirects
dictionary
Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect messages.
receive
boolean
    Choices:
  • no
  • yes
Permits or denies receiving packets ICMP redirect messages.
send
boolean
    Choices:
  • no
  • yes
Permits or denies transmitting packets ICMP redirect messages.
ip_src_route
boolean
    Choices:
  • no
  • yes
Specifies whether or not to process source route IP options.
state_policy
list / elements=dictionary
Specifies global firewall state-policy.
action
string
    Choices:
  • accept
  • drop
  • reject
Action for packets part of an established connection.
connection_type
string
    Choices:
  • established
  • invalid
  • related
Specifies connection type.
log
boolean
    Choices:
  • no
  • yes
Enable logging of packets part of an established connection.
syn_cookies
boolean
    Choices:
  • no
  • yes
Specifies policy for using TCP SYN cookies with IPv4.
(True) Enables TCP SYN cookies with IPv4.
(False) Disables TCP SYN cookies with IPv4.
twa_hazards_protection
boolean
    Choices:
  • no
  • yes
RFC1337 TCP TIME-WAIT assasination hazards protection.
validation
string
    Choices:
  • strict
  • loose
  • disable
Specifies a policy for source validation by reversed path, as defined in RFC 3704.
(disable) No source validation is performed.
(loose) Enable Loose Reverse Path Forwarding as defined in RFC3704.
(strict) Enable Strict Reverse Path Forwarding as defined in RFC3704.
running_config
string
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command show configuration commands | grep 'firewall'
state
string
    Choices:
  • merged ←
  • replaced
  • deleted
  • gathered
  • rendered
  • parsed
The state the configuration should be left in.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep firewall # # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set firewall group address-group MGMT-HOSTS address 192.0.1.1", # "set firewall group address-group MGMT-HOSTS address 192.0.1.3", # "set firewall group address-group MGMT-HOSTS address 192.0.1.5", # "set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'", # "set firewall group address-group MGMT-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using parsed # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: running_config: "set firewall all-ping 'enable' set firewall broadcast-ping 'enable' set firewall config-trap 'enable' set firewall group address-group ENG-HOSTS address '192.0.3.1' set firewall group address-group ENG-HOSTS address '192.0.3.2' set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' set firewall group address-group SALES-HOSTS address '192.0.2.1' set firewall group address-group SALES-HOSTS address '192.0.2.2' set firewall group address-group SALES-HOSTS address '192.0.2.3' set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' set firewall group network-group MGMT description 'This group has the Management network addresses' set firewall group network-group MGMT network '192.0.1.0/24' set firewall ip-src-route 'enable' set firewall log-martians 'enable' set firewall receive-redirects 'disable' set firewall send-redirects 'enable' set firewall source-validation 'strict' set firewall state-policy established action 'accept' set firewall state-policy established log 'enable' set firewall state-policy invalid action 'reject' set firewall syn-cookies 'enable' set firewall twa-hazards-protection 'enable'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # } # # # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' - name: Delete attributes of firewall. vyos.vyos.vyos_firewall_global: config: state_policy: config_trap: log_martians: syn_cookies: twa_hazards_protection: route_redirects: ping: group: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # "commands": [ # "delete firewall source-validation", # "delete firewall group", # "delete firewall log-martians", # "delete firewall ip-src-route", # "delete firewall receive-redirects", # "delete firewall send-redirects", # "delete firewall config-trap", # "delete firewall state-policy", # "delete firewall syn-cookies", # "delete firewall broadcast-ping", # "delete firewall all-ping", # "delete firewall twa-hazards-protection" # ] # # "after": [] # After state # ------------ # vyos@192# run show configuration commands | grep firewall # set 'firewall' # # # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group MGMT-HOSTS address '192.0.1.1' # set firewall group address-group MGMT-HOSTS address '192.0.1.3' # set firewall group address-group MGMT-HOSTS address '192.0.1.5' # set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Replace firewall global attributes configuration. vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "This group has the Management hosts address list", # "members": [ # { # "address": "192.0.1.1" # }, # { # "address": "192.0.1.3" # }, # { # "address": "192.0.1.5" # } # ], # "name": "MGMT-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # "commands": [ # "delete firewall group address-group MGMT-HOSTS", # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS" # ] # # "after": { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # # # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # - name: Gather firewall global config with provided configurations vyos.vyos.vyos_firewall_global: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall all-ping 'enable' # set firewall broadcast-ping 'enable' # set firewall config-trap 'enable' # set firewall group address-group ENG-HOSTS address '192.0.3.1' # set firewall group address-group ENG-HOSTS address '192.0.3.2' # set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' # set firewall group address-group SALES-HOSTS address '192.0.2.1' # set firewall group address-group SALES-HOSTS address '192.0.2.2' # set firewall group address-group SALES-HOSTS address '192.0.2.3' # set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' # set firewall group network-group MGMT description 'This group has the Management network addresses' # set firewall group network-group MGMT network '192.0.1.0/24' # set firewall ip-src-route 'enable' # set firewall log-martians 'enable' # set firewall receive-redirects 'disable' # set firewall send-redirects 'enable' # set firewall source-validation 'strict' # set firewall state-policy established action 'accept' # set firewall state-policy established log 'enable' # set firewall state-policy invalid action 'reject' # set firewall syn-cookies 'enable' # set firewall twa-hazards-protection 'enable' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_global: config: validation: strict config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set firewall group address-group SALES-HOSTS address 192.0.2.1", # "set firewall group address-group SALES-HOSTS address 192.0.2.2", # "set firewall group address-group SALES-HOSTS address 192.0.2.3", # "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group SALES-HOSTS", # "set firewall group address-group ENG-HOSTS address 192.0.3.1", # "set firewall group address-group ENG-HOSTS address 192.0.3.2", # "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'", # "set firewall group address-group ENG-HOSTS", # "set firewall group network-group MGMT network 192.0.1.0/24", # "set firewall group network-group MGMT description 'This group has the Management network addresses'", # "set firewall group network-group MGMT", # "set firewall ip-src-route 'enable'", # "set firewall receive-redirects 'disable'", # "set firewall send-redirects 'enable'", # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", # "set firewall log-martians 'enable'", # "set firewall twa-hazards-protection 'enable'", # "set firewall syn-cookies 'enable'", # "set firewall source-validation 'strict'" # ] # # Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set firewall group address-group ENG-HOSTS', 'set firewall group address-group ENG-HOSTS address 192.0.3.1']


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_firewall_interfaces_module.rst b/docs/vyos.vyos.vyos_firewall_interfaces_module.rst index 7c55b04..8a18fc6 100644 --- a/docs/vyos.vyos.vyos_firewall_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_firewall_interfaces_module.rst @@ -1,1413 +1,1413 @@ .. _vyos.vyos.vyos_firewall_interfaces_module: ********************************** vyos.vyos.vyos_firewall_interfaces ********************************** **FIREWALL interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Manage firewall rules of interfaces on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A list of firewall rules options for interfaces.
access_rules
list / elements=dictionary
Specifies firewall rules attached to the interfaces.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Specifies the AFI for the Firewall rules to be configured on this interface.
rules
list / elements=dictionary
Specifies the firewall rules for the provided AFI.
direction
string / required
    Choices:
  • in
  • local
  • out
Specifies the direction of packets that the firewall rule will be applied on.
name
string
Specifies the name of the IPv4/IPv6 Firewall rule for the interface.
name
string / required
Name/Identifier for the interface.
running_config
string
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command C(show configuration commands | grep 'firewall'
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • parsed
  • rendered
  • gathered
The state the configuration should be left in.

Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@192# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_firewall_interfaces: config: - access_rules: - afi: ipv4 rules: - name: INBOUND direction: in - name: OUTBOUND direction: out - name: LOCAL direction: local - afi: ipv6 rules: - name: V6-LOCAL direction: local name: eth1 - access_rules: - afi: ipv4 rules: - name: INBOUND direction: in - name: OUTBOUND direction: out - name: LOCAL direction: local - afi: ipv6 rules: - name: V6-LOCAL direction: local name: eth3 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ] # # "commands": [ # "set interfaces ethernet eth1 firewall in name 'INBOUND'", # "set interfaces ethernet eth1 firewall out name 'OUTBOUND'", # "set interfaces ethernet eth1 firewall local name 'LOCAL'", # "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'", # "set interfaces ethernet eth3 firewall in name 'INBOUND'", # "set interfaces ethernet eth3 firewall out name 'OUTBOUND'", # "set interfaces ethernet eth3 firewall local name 'LOCAL'", # "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'" # ] # # "after": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_firewall_interfaces: config: - access_rules: - afi: ipv4 rules: - name: OUTBOUND direction: in - name: INBOUND direction: out name: eth1 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # "commands": [ # "set interfaces ethernet eth1 firewall in name 'OUTBOUND'", # "set interfaces ethernet eth1 firewall out name 'INBOUND'" # ] # # "after": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "OUTBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "INBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'OUTBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'INBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Replace device configurations of listed firewall interfaces with provided configurations vyos.vyos.vyos_firewall_interfaces: config: - name: eth1 access_rules: - afi: ipv4 rules: - name: OUTBOUND direction: out - afi: ipv6 rules: - name: V6-LOCAL direction: local - name: eth3 access_rules: - afi: ipv4 rules: - name: INBOUND direction: in state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # # "commands": [ # "delete interfaces ethernet eth1 firewall in name", # "delete interfaces ethernet eth1 firewall local name", # "delete interfaces ethernet eth3 firewall local name", # "delete interfaces ethernet eth3 firewall out name", # "delete interfaces ethernet eth3 firewall local ipv6-name" # ] # # "after": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_firewall_interfaces: config: - name: eth3 access_rules: - afi: ipv4 rules: - name: INBOUND direction: out state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before":[ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # "commands": [ # "delete interfaces ethernet eth1 firewall", # "delete interfaces ethernet eth3 firewall in name", # "set interfaces ethernet eth3 firewall out name 'INBOUND'" # # # "after": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # # After state # ------------ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth3 firewall 'in' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall out name 'INBOUND' # Using deleted per interface name # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Delete firewall interfaces based on interface name. vyos.vyos.vyos_firewall_interfaces: config: - name: eth1 - name: eth3 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth3" # } # ] # "commands": [ # "delete interfaces ethernet eth1 firewall", # "delete interfaces ethernet eth3 firewall" # ] # # "after": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ] # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # Using deleted per afi # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Delete firewall interfaces config per afi. vyos.vyos.vyos_firewall_interfaces: config: - name: eth1 access_rules: - afi: ipv4 - afi: ipv6 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "commands": [ # "delete interfaces ethernet eth1 firewall in name", # "delete interfaces ethernet eth1 firewall out name", # "delete interfaces ethernet eth1 firewall local name", # "delete interfaces ethernet eth1 firewall local ipv6-name" # ] # # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # Using deleted without config # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall in name 'INBOUND' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall local name 'LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth3 firewall local name 'LOCAL' # set interfaces ethernet eth3 firewall out name 'OUTBOUND' # - name: Delete firewall interfaces config when empty config provided. vyos.vyos.vyos_firewall_interfaces: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "commands": [ # "delete interfaces ethernet eth1 firewall", # "delete interfaces ethernet eth1 firewall" # ] # # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # Using parsed # # - name: Parse the provided configuration vyos.vyos.vyos_firewall_interfaces: running_config: "set interfaces ethernet eth1 firewall in name 'INBOUND' set interfaces ethernet eth1 firewall out name 'OUTBOUND' set interfaces ethernet eth1 firewall local name 'LOCAL' set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' set interfaces ethernet eth2 firewall in name 'INBOUND' set interfaces ethernet eth2 firewall out name 'OUTBOUND' set interfaces ethernet eth2 firewall local name 'LOCAL' set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # }, # { # "direction": "local", # "name": "LOCAL" # }, # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth2" # }, # { # "name": "eth3" # } # ] # Using gathered # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # - name: Gather listed firewall interfaces. vyos.vyos.vyos_firewall_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "name": "eth0" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "out", # "name": "OUTBOUND" # } # ] # }, # { # "afi": "ipv6", # "rules": [ # { # "direction": "local", # "name": "V6-LOCAL" # } # ] # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "access_rules": [ # { # "afi": "ipv4", # "rules": [ # { # "direction": "in", # "name": "INBOUND" # } # ] # } # ], # "name": "eth3" # } # ] # # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name 'V6-LOCAL' # set firewall name 'INBOUND' # set firewall name 'LOCAL' # set firewall name 'OUTBOUND' # set interfaces ethernet eth1 firewall 'in' # set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' # set interfaces ethernet eth1 firewall out name 'OUTBOUND' # set interfaces ethernet eth3 firewall in name 'INBOUND' # set interfaces ethernet eth3 firewall 'local' # set interfaces ethernet eth3 firewall 'out' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_interfaces: config: - name: eth2 access_rules: - afi: ipv4 rules: - direction: in name: INGRESS - direction: out name: OUTGRESS - direction: local name: DROP state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces ethernet eth2 firewall in name 'INGRESS'", # "set interfaces ethernet eth2 firewall out name 'OUTGRESS'", # "set interfaces ethernet eth2 firewall local name 'DROP'", # "set interfaces ethernet eth2 firewall local ipv6-name 'LOCAL'" # ] Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
["set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'", "set interfaces ethernet eth3 firewall in name 'INBOUND'"]


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_firewall_rules_module.rst b/docs/vyos.vyos.vyos_firewall_rules_module.rst index 15073b1..cebe64c 100644 --- a/docs/vyos.vyos.vyos_firewall_rules_module.rst +++ b/docs/vyos.vyos.vyos_firewall_rules_module.rst @@ -1,2440 +1,2440 @@ .. _vyos.vyos.vyos_firewall_rules_module: ***************************** vyos.vyos.vyos_firewall_rules ***************************** **FIREWALL rules resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages firewall rule-set attributes on VyOS devices Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A dictionary of Firewall rule-set options.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Specifies the type of rule-set.
rule_sets
list / elements=dictionary
The Firewall rule-set list.
default_action
string
    Choices:
  • drop
  • reject
  • accept
Default action for rule-set.
drop (Drop if no prior rules are hit (default))
reject (Drop and notify source if no prior rules are hit)
accept (Accept if no prior rules are hit)
description
string
Rule set description.
enable_default_log
boolean
    Choices:
  • no
  • yes
Option to log packets hitting default-action.
name
string
Firewall rule set name.
rules
list / elements=dictionary
A ditionary that specifies the rule-set configurations.
action
string
    Choices:
  • drop
  • reject
  • accept
  • inspect
Specifying the action.
description
string
Description of this rule.
destination
dictionary
Specifying the destination parameters.
address
string
Destination ip address subnet or range.
IPv4/6 address, subnet or range to match.
Match everything except the specified address, subnet or range.
Destination ip address subnet or range.
group
dictionary
Destination group.
address_group
string
Group of addresses.
network_group
string
Group of networks.
port_group
string
Group of ports.
port
string
Multiple destination ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'.
For example:'!22,telnet,http,123,1001-1005'.
disabled
boolean
    Choices:
  • no
  • yes
Option to disable firewall rule.
fragment
string
    Choices:
  • match-frag
  • match-non-frag
IP fragment match.
icmp
dictionary
ICMP type and code information.
code
integer
ICMP code.
type
integer
ICMP type.
type_name
string
    Choices:
  • any
  • echo-reply
  • destination-unreachable
  • network-unreachable
  • host-unreachable
  • protocol-unreachable
  • port-unreachable
  • fragmentation-needed
  • source-route-failed
  • network-unknown
  • host-unknown
  • network-prohibited
  • host-prohibited
  • TOS-network-unreachable
  • TOS-host-unreachable
  • communication-prohibited
  • host-precedence-violation
  • precedence-cutoff
  • source-quench
  • redirect
  • network-redirect
  • host-redirect
  • TOS-network-redirect
  • TOS-host-redirect
  • echo-request
  • router-advertisement
  • router-solicitation
  • time-exceeded
  • ttl-zero-during-transit
  • ttl-zero-during-reassembly
  • parameter-problem
  • ip-header-bad
  • required-option-missing
  • timestamp-request
  • timestamp-reply
  • address-mask-request
  • address-mask-reply
  • ping
  • pong
  • ttl-exceeded
ICMP type-name.
ipsec
string
    Choices:
  • match-ipsec
  • match-none
Inboud ip sec packets.
limit
dictionary
Rate limit using a token bucket filter.
burst
integer
Maximum number of packets to allow in excess of rate.
rate
dictionary
format for rate (integer/time unit).
any one of second, minute, hour or day may be used to specify time unit.
eg. 1/second implies rule to be matched at an average of once per second.
number
integer
This is the integer value.
unit
string
This is the time unit.
number
integer / required
Rule number.
p2p
list / elements=dictionary
P2P application packets.
application
string
    Choices:
  • all
  • applejuice
  • bittorrent
  • directconnect
  • edonkey
  • gnutella
  • kazaa
Name of the application.
protocol
string
Protocol to match (protocol name in /etc/protocols or protocol number or all).
<text> IP protocol name from /etc/protocols (e.g. "tcp" or "udp").
<0-255> IP protocol number.
tcp_udp Both TCP and UDP.
all All IP protocols.
(!)All IP protocols except for the specified name or number.
recent
dictionary
Parameters for matching recently seen sources.
count
integer
Source addresses seen more than N times.
time
integer
Source addresses seen in the last N seconds.
source
dictionary
Source parameters.
address
string
Source ip address subnet or range.
IPv4/6 address, subnet or range to match.
Match everything except the specified address, subnet or range.
Source ip address subnet or range.
group
dictionary
Source group.
address_group
string
Group of addresses.
network_group
string
Group of networks.
port_group
string
Group of ports.
mac_address
string
<MAC address> MAC address to match.
<!MAC address> Match everything except the specified MAC address.
port
string
Multiple source ports can be specified as a comma-separated list.
The whole list can also be "negated" using '!'.
For example:'!22,telnet,http,123,1001-1005'.
state
dictionary
Session state.
established
boolean
    Choices:
  • no
  • yes
Established state.
invalid
boolean
    Choices:
  • no
  • yes
Invalid state.
new
boolean
    Choices:
  • no
  • yes
New state.
related
boolean
    Choices:
  • no
  • yes
Related state.
tcp
dictionary
TCP flags to match.
flags
string
TCP flags to be matched.
time
dictionary
Time to match rule.
monthdays
string
Monthdays to match rule on.
startdate
string
Date to start matching rule.
starttime
string
Time of day to start matching rule.
stopdate
string
Date to stop matching rule.
stoptime
string
Time of day to stop matching rule.
utc
boolean
    Choices:
  • no
  • yes
Interpret times for startdate, stopdate, starttime and stoptime to be UTC.
weekdays
string
Weekdays to match rule on.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep firewall.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • gathered
  • rendered
  • parsed
The state the configuration should be left in

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using deleted to delete firewall rules based on rule-set name # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: config: - afi: ipv4 rule_sets: - name: Downlink state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # "commands": [ # "delete firewall name Downlink" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall group address-group 'inbound' # Using deleted to delete firewall rules based on afi # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: config: - afi: ipv4 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # "commands": [ # "delete firewall name" # ] # # "after": [] # After state # ------------ # vyos@vyos:~$ show configuration commands| grep firewall # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # Using deleted to delete all the the firewall rules when provided config is empty # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # "commands": [ # "delete firewall name" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep firewall # set firewall group address-group 'inbound' # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep firewall # set firewall group address-group 'inbound' # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_firewall_rules: config: - afi: ipv6 rule_sets: - name: UPLINK description: This is ipv6 specific rule-set default_action: accept rules: - number: 1 action: accept description: Fwipv6-Rule 1 is configured by Ansible ipsec: match-ipsec - number: 2 action: accept description: Fwipv6-Rule 2 is configured by Ansible ipsec: match-ipsec - afi: ipv4 rule_sets: - name: INBOUND description: IPv4 INBOUND rule set default_action: accept rules: - number: 101 action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec - number: 102 action: reject description: Rule 102 is configured by Ansible ipsec: match-ipsec - number: 103 action: accept description: Rule 103 is configured by Ansible destination: group: address_group: inbound source: address: 192.0.2.0 state: established: true new: false invalid: false related: true state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set firewall ipv6-name UPLINK default-action 'accept'", # "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", # "set firewall ipv6-name UPLINK rule 1 action 'accept'", # "set firewall ipv6-name UPLINK rule 1", # "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", # "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'", # "set firewall ipv6-name UPLINK rule 2 action 'accept'", # "set firewall ipv6-name UPLINK rule 2", # "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", # "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'", # "set firewall name INBOUND default-action 'accept'", # "set firewall name INBOUND description 'IPv4 INBOUND rule set'", # "set firewall name INBOUND rule 101 action 'accept'", # "set firewall name INBOUND rule 101", # "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", # "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 102 action 'reject'", # "set firewall name INBOUND rule 102", # "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", # "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", # "set firewall name INBOUND rule 103 destination group address-group inbound", # "set firewall name INBOUND rule 103", # "set firewall name INBOUND rule 103 source address 192.0.2.0", # "set firewall name INBOUND rule 103 state established enable", # "set firewall name INBOUND rule 103 state related enable", # "set firewall name INBOUND rule 103 state invalid disable", # "set firewall name INBOUND rule 103 state new disable", # "set firewall name INBOUND rule 103 action 'accept'" # ] # # "after": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # - name: Replace device configurations of listed firewall rules with provided configurations vyos.vyos.vyos_firewall_rules: config: - afi: ipv6 rule_sets: - name: UPLINK description: This is ipv6 specific rule-set default_action: accept - afi: ipv4 rule_sets: - name: INBOUND description: IPv4 INBOUND rule set default_action: accept rules: - number: 101 action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec - number: 104 action: reject description: Rule 104 is configured by Ansible ipsec: match-none state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # "commands": [ # "delete firewall ipv6-name UPLINK rule 1", # "delete firewall ipv6-name UPLINK rule 2", # "delete firewall name INBOUND rule 102", # "delete firewall name INBOUND rule 103", # "set firewall name INBOUND rule 104 action 'reject'", # "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", # "set firewall name INBOUND rule 104", # "set firewall name INBOUND rule 104 ipsec 'match-none'" # ] # # "after": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK" # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 104 is configured by Ansible", # "ipsec": "match-none", # "number": 104 # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 104 action 'reject' # set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' # set firewall name INBOUND rule 104 ipsec 'match-none' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 104 action 'reject' # set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' # set firewall name INBOUND rule 104 ipsec 'match-none' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_firewall_rules: config: - afi: ipv4 rule_sets: - name: Downlink description: IPv4 INBOUND rule set default_action: accept rules: - number: 501 action: accept description: Rule 501 is configured by Ansible ipsec: match-ipsec - number: 502 action: reject description: Rule 502 is configured by Ansible ipsec: match-ipsec state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK" # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 104 is configured by Ansible", # "ipsec": "match-none", # "number": 104 # } # ] # } # ] # } # ] # # "commands": [ # "delete firewall ipv6-name UPLINK", # "delete firewall name INBOUND", # "set firewall name Downlink default-action 'accept'", # "set firewall name Downlink description 'IPv4 INBOUND rule set'", # "set firewall name Downlink rule 501 action 'accept'", # "set firewall name Downlink rule 501", # "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'", # "set firewall name Downlink rule 501 ipsec 'match-ipsec'", # "set firewall name Downlink rule 502 action 'reject'", # "set firewall name Downlink rule 502", # "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", # "set firewall name Downlink rule 502 ipsec 'match-ipsec'" # # # "after": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] # # # After state # ------------ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' # set firewall name Downlink rule 501 action 'accept' # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' # set firewall name Downlink rule 501 ipsec 'match-ipsec' # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' # Using gathered # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # - name: Gather listed firewall rules with provided configurations vyos.vyos.vyos_firewall_rules: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' # set firewall ipv6-name UPLINK default-action 'accept' # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' # set firewall ipv6-name UPLINK rule 1 action 'accept' # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' # set firewall ipv6-name UPLINK rule 2 action 'accept' # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall name INBOUND default-action 'accept' # set firewall name INBOUND description 'IPv4 INBOUND rule set' # set firewall name INBOUND rule 101 action 'accept' # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' # set firewall name INBOUND rule 101 ipsec 'match-ipsec' # set firewall name INBOUND rule 102 action 'reject' # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' # set firewall name INBOUND rule 102 ipsec 'match-ipsec' # set firewall name INBOUND rule 103 action 'accept' # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' # set firewall name INBOUND rule 103 destination group address-group 'inbound' # set firewall name INBOUND rule 103 source address '192.0.2.0' # set firewall name INBOUND rule 103 state established 'enable' # set firewall name INBOUND rule 103 state invalid 'disable' # set firewall name INBOUND rule 103 state new 'disable' # set firewall name INBOUND rule 103 state related 'enable' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_firewall_rules: config: - afi: ipv6 rule_sets: - name: UPLINK description: This is ipv6 specific rule-set default_action: accept - afi: ipv4 rule_sets: - name: INBOUND description: IPv4 INBOUND rule set default_action: accept rules: - number: 101 action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec - number: 102 action: reject description: Rule 102 is configured by Ansible ipsec: match-ipsec - number: 103 action: accept description: Rule 103 is configured by Ansible destination: group: address_group: inbound source: address: 192.0.2.0 state: established: true new: false invalid: false related: true state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set firewall ipv6-name UPLINK default-action 'accept'", # "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", # "set firewall name INBOUND default-action 'accept'", # "set firewall name INBOUND description 'IPv4 INBOUND rule set'", # "set firewall name INBOUND rule 101 action 'accept'", # "set firewall name INBOUND rule 101", # "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", # "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 102 action 'reject'", # "set firewall name INBOUND rule 102", # "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", # "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", # "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", # "set firewall name INBOUND rule 103 destination group address-group inbound", # "set firewall name INBOUND rule 103", # "set firewall name INBOUND rule 103 source address 192.0.2.0", # "set firewall name INBOUND rule 103 state established enable", # "set firewall name INBOUND rule 103 state related enable", # "set firewall name INBOUND rule 103 state invalid disable", # "set firewall name INBOUND rule 103 state new disable", # "set firewall name INBOUND rule 103 action 'accept'" # ] # Using parsed # # - name: Parsed the provided input commands. vyos.vyos.vyos_firewall_rules: running_config: "set firewall group address-group 'inbound' set firewall name Downlink default-action 'accept' set firewall name Downlink description 'IPv4 INBOUND rule set' set firewall name Downlink rule 501 action 'accept' set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' set firewall name Downlink rule 501 ipsec 'match-ipsec' set firewall name Downlink rule 502 action 'reject' set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' set firewall name Downlink rule 502 ipsec 'match-ipsec'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "Downlink", # "rules": [ # { # "action": "accept", # "description": "Rule 501 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 501 # }, # { # "action": "reject", # "description": "Rule 502 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 502 # } # ] # } # ] # } # ] Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
["set firewall name Downlink default-action 'accept'", "set firewall name Downlink description 'IPv4 INBOUND rule set'", "set firewall name Downlink rule 501 action 'accept'", "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", "set firewall name Downlink rule 502 ipsec 'match-ipsec'"]


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_interface_module.rst b/docs/vyos.vyos.vyos_interface_module.rst index 111ff31..46af72d 100644 --- a/docs/vyos.vyos.vyos_interface_module.rst +++ b/docs/vyos.vyos.vyos_interface_module.rst @@ -1,684 +1,684 @@ .. _vyos.vyos.vyos_interface_module: ************************ vyos.vyos.vyos_interface ************************ **(deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_interfaces Synopsis -------- - This module provides declarative management of Interfaces on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
aggregate
list / elements=dictionary
List of Interfaces definitions.
delay
integer
Time in seconds to wait before checking for the operational state on remote device. This wait is applicable for operational state argument which are state with values up/down and neighbors.
description
string
Description of Interface.
duplex
string
    Choices:
  • full
  • half
  • auto
Interface link status.
enabled
boolean
    Choices:
  • no
  • yes
Interface link status.
mtu
integer
Maximum size of transmit packet.
name
string / required
Name of the Interface.
neighbors
list / elements=dictionary
Check the operational state of given interface name for LLDP neighbor.
The following suboptions are available.
host
string
LLDP neighbor host for given interface name.
port
string
LLDP neighbor port to which given interface name is connected.
speed
string
Interface link speed.
state
string
    Choices:
  • present
  • absent
  • up
  • down
State of the Interface configuration, up means present and operationally up and down means present and operationally down
delay
integer
Default:
10
Time in seconds to wait before checking for the operational state on remote device. This wait is applicable for operational state argument which are state with values up/down and neighbors.
description
string
Description of Interface.
duplex
string
    Choices:
  • full
  • half
  • auto
Interface link status.
enabled
boolean
    Choices:
  • no
  • yes ←
Interface link status.
mtu
integer
Maximum size of transmit packet.
name
string
Name of the Interface.
neighbors
list / elements=dictionary
Check the operational state of given interface name for LLDP neighbor.
The following suboptions are available.
host
string
LLDP neighbor host for given interface name.
port
string
LLDP neighbor port to which given interface name is connected.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
speed
string
Interface link speed.
state
string
    Choices:
  • present ←
  • absent
  • up
  • down
State of the Interface configuration, up means present and operationally up and down means present and operationally down

Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: configure interface vyos.vyos.vyos_interface: name: eth0 description: test-interface - name: remove interface vyos.vyos.vyos_interface: name: eth0 state: absent - name: make interface down vyos.vyos.vyos_interface: name: eth0 enabled: false - name: make interface up vyos.vyos.vyos_interface: name: eth0 enabled: true - name: Configure interface speed, mtu, duplex vyos.vyos.vyos_interface: name: eth5 state: present speed: 100 mtu: 256 duplex: full - name: Set interface using aggregate vyos.vyos.vyos_interface: aggregate: - {name: eth1, description: test-interface-1, speed: 100, duplex: half, mtu: 512} - {name: eth2, description: test-interface-2, speed: 1000, duplex: full, mtu: 256} - name: Disable interface on aggregate net_interface: aggregate: - name: eth1 - name: eth2 enabled: false - name: Delete interface using aggregate net_interface: aggregate: - name: eth1 - name: eth2 state: absent - name: Check lldp neighbors intent arguments vyos.vyos.vyos_interface: name: eth0 neighbors: - port: eth0 host: netdev - name: Config + intent vyos.vyos.vyos_interface: name: eth1 enabled: false state: down Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always, except for the platforms that use Netconf transport to manage the device.
The list of configuration mode commands to send to the device

Sample:
['set interfaces ethernet eth0 description "test-interface"', 'set interfaces ethernet eth0 speed 100', 'set interfaces ethernet eth0 mtu 256', 'set interfaces ethernet eth0 duplex full']


Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ganesh Nalawade (@ganeshrn) diff --git a/docs/vyos.vyos.vyos_interfaces_module.rst b/docs/vyos.vyos.vyos_interfaces_module.rst index 5bf5d23..52ae1cc 100644 --- a/docs/vyos.vyos.vyos_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_interfaces_module.rst @@ -1,1328 +1,1328 @@ .. _vyos.vyos.vyos_interfaces_module: ************************* vyos.vyos.vyos_interfaces ************************* **Interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages the interface attributes on VyOS network devices. - This module supports managing base attributes of Ethernet, Bonding, VXLAN, Loopback and Virtual Tunnel Interfaces. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
The provided interfaces configuration.
description
string
Interface description.
duplex
string
    Choices:
  • full
  • half
  • auto
Interface duplex mode.
Applicable for Ethernet interfaces only.
enabled
boolean
    Choices:
  • no
  • yes ←
Administrative state of the interface.
Set the value to true to administratively enable the interface or false to disable it.
mtu
integer
MTU for a specific interface. Refer to vendor documentation for valid values.
Applicable for Ethernet, Bonding, VXLAN and Virtual Tunnel interfaces.
name
string / required
Full name of the interface, e.g. eth0, eth1, bond0, vti1, vxlan2.
speed
string
    Choices:
  • auto
  • 10
  • 100
  • 1000
  • 2500
  • 10000
Interface link speed.
Applicable for Ethernet interfaces only.
vifs
list / elements=dictionary
Virtual sub-interfaces related configuration.
802.1Q VLAN interfaces are represented as virtual sub-interfaces in VyOS.
description
string
Virtual sub-interface description.
enabled
boolean
    Choices:
  • no
  • yes ←
Administrative state of the virtual sub-interface.
Set the value to true to administratively enable the interface or false to disable it.
mtu
integer
MTU for the virtual sub-interface.
Refer to vendor documentation for valid values.
vlan_id
integer
Identifier for the virtual sub-interface.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep interfaces.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • rendered
  • gathered
  • parsed
The state of the configuration after module completion.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # ------------- # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo - name: Merge provided configuration with device configuration vyos.vyos.vyos_interfaces: config: - name: eth2 description: Configured by Ansible enabled: true vifs: - vlan_id: 200 description: VIF 200 - ETH2 - name: eth3 description: Configured by Ansible mtu: 1500 - name: bond1 description: Bond - 1 mtu: 1200 - name: vti2 description: VTI - 2 enabled: false state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "enabled": true, # "name": "lo" # }, # { # "enabled": true, # "name": "eth3" # }, # { # "enabled": true, # "name": "eth2" # }, # { # "enabled": true, # "name": "eth1" # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "set interfaces ethernet eth2 description 'Configured by Ansible'", # "set interfaces ethernet eth2 vif 200", # "set interfaces ethernet eth2 vif 200 description 'VIF 200 - ETH2'", # "set interfaces ethernet eth3 description 'Configured by Ansible'", # "set interfaces ethernet eth3 mtu '1500'", # "set interfaces bonding bond1", # "set interfaces bonding bond1 description 'Bond - 1'", # "set interfaces bonding bond1 mtu '1200'", # "set interfaces vti vti2", # "set interfaces vti vti2 description 'VTI - 2'", # "set interfaces vti vti2 disable" # ] # # "after": [ # { # "description": "Bond - 1", # "enabled": true, # "mtu": 1200, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "VTI - 2", # "enabled": false, # "name": "vti2" # }, # { # "description": "Configured by Ansible", # "enabled": true, # "mtu": 1500, # "name": "eth3" # }, # { # "description": "Configured by Ansible", # "enabled": true, # "name": "eth2", # "vifs": [ # { # "description": "VIF 200 - ETH2", # "enabled": true, # "vlan_id": "200" # } # ] # }, # { # "enabled": true, # "name": "eth1" # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------- # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond1 description 'Bond - 1' # set interfaces bonding bond1 mtu '1200' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 vif 200 description 'VIF 200 - ETH2' # set interfaces ethernet eth3 description 'Configured by Ansible' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 mtu '1500' # set interfaces loopback lo # set interfaces vti vti2 description 'VTI - 2' # set interfaces vti vti2 disable # # Using replaced # # ------------- # Before state: # ------------- # # vyos:~$ show configuration commands | grep eth # set interfaces bonding bond1 description 'Bond - 1' # set interfaces bonding bond1 mtu '1400' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 description 'Management Interface for the Appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:f3:6c:b5' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible Eng Team' # set interfaces ethernet eth1 duplex 'full' # set interfaces ethernet eth1 hw-id '08:00:27:ad:ef:65' # set interfaces ethernet eth1 smp_affinity 'auto' # set interfaces ethernet eth1 speed '100' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 duplex 'full' # set interfaces ethernet eth2 hw-id '08:00:27:ab:4e:79' # set interfaces ethernet eth2 mtu '500' # set interfaces ethernet eth2 smp_affinity 'auto' # set interfaces ethernet eth2 speed '100' # set interfaces ethernet eth2 vif 200 description 'Configured by Ansible' # set interfaces ethernet eth3 description 'Configured by Ansible' # set interfaces ethernet eth3 duplex 'full' # set interfaces ethernet eth3 hw-id '08:00:27:17:3c:85' # set interfaces ethernet eth3 mtu '1500' # set interfaces ethernet eth3 smp_affinity 'auto' # set interfaces ethernet eth3 speed '100' # set interfaces loopback lo # # - name: Replace device configurations of listed interfaces with provided configurations vyos.vyos.vyos_interfaces: config: - name: eth2 description: Replaced by Ansible - name: eth3 description: Replaced by Ansible - name: eth1 description: Replaced by Ansible state: replaced # # # ----------------------- # Module Execution Result # ----------------------- # # "before": [ # { # "description": "Bond - 1", # "enabled": true, # "mtu": 1400, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "Configured by Ansible", # "duplex": "full", # "enabled": true, # "mtu": 1500, # "name": "eth3", # "speed": "100" # }, # { # "description": "Configured by Ansible", # "duplex": "full", # "enabled": true, # "mtu": 500, # "name": "eth2", # "speed": "100", # "vifs": [ # { # "description": "VIF 200 - ETH2", # "enabled": true, # "vlan_id": "200" # } # ] # }, # { # "description": "Configured by Ansible Eng Team", # "duplex": "full", # "enabled": true, # "name": "eth1", # "speed": "100" # }, # { # "description": "Management Interface for the Appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "delete interfaces ethernet eth2 speed", # "delete interfaces ethernet eth2 duplex", # "delete interfaces ethernet eth2 mtu", # "delete interfaces ethernet eth2 vif 200 description", # "set interfaces ethernet eth2 description 'Replaced by Ansible'", # "delete interfaces ethernet eth3 speed", # "delete interfaces ethernet eth3 duplex", # "delete interfaces ethernet eth3 mtu", # "set interfaces ethernet eth3 description 'Replaced by Ansible'", # "delete interfaces ethernet eth1 speed", # "delete interfaces ethernet eth1 duplex", # "set interfaces ethernet eth1 description 'Replaced by Ansible'" # ] # # "after": [ # { # "description": "Bond - 1", # "enabled": true, # "mtu": 1400, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "Replaced by Ansible", # "enabled": true, # "name": "eth3" # }, # { # "description": "Replaced by Ansible", # "enabled": true, # "name": "eth2", # "vifs": [ # { # "enabled": true, # "vlan_id": "200" # } # ] # }, # { # "description": "Replaced by Ansible", # "enabled": true, # "name": "eth1" # }, # { # "description": "Management Interface for the Appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------- # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond1 description 'Bond - 1' # set interfaces bonding bond1 mtu '1400' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Management Interface for the Appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Replaced by Ansible' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 description 'Replaced by Ansible' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 vif 200 # set interfaces ethernet eth3 description 'Replaced by Ansible' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo # # # Using overridden # # # -------------- # Before state # -------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Ethernet Interface - 0' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 mtu '1200' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible Eng Team' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 mtu '100' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth1 vif 100 description 'VIF 100 - ETH1' # set interfaces ethernet eth1 vif 100 disable # set interfaces ethernet eth2 description 'Configured by Ansible Team (Admin Down)' # set interfaces ethernet eth2 disable # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 mtu '600' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth3 description 'Configured by Ansible Network' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo # set interfaces vti vti1 description 'Virtual Tunnel Interface - 1' # set interfaces vti vti1 mtu '68' # # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_interfaces: config: - name: eth0 description: Outbound Interface For The Appliance speed: auto duplex: auto - name: eth2 speed: auto duplex: auto - name: eth3 mtu: 1200 state: overridden # # # ------------------------ # Module Execution Result # ------------------------ # # "before": [ # { # "enabled": true, # "name": "lo" # }, # { # "description": "Virtual Tunnel Interface - 1", # "enabled": true, # "mtu": 68, # "name": "vti1" # }, # { # "description": "Configured by Ansible Network", # "enabled": true, # "name": "eth3" # }, # { # "description": "Configured by Ansible Team (Admin Down)", # "enabled": false, # "mtu": 600, # "name": "eth2" # }, # { # "description": "Configured by Ansible Eng Team", # "enabled": true, # "mtu": 100, # "name": "eth1", # "vifs": [ # { # "description": "VIF 100 - ETH1", # "enabled": false, # "vlan_id": "100" # } # ] # }, # { # "description": "Ethernet Interface - 0", # "duplex": "auto", # "enabled": true, # "mtu": 1200, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "delete interfaces vti vti1 description", # "delete interfaces vti vti1 mtu", # "delete interfaces ethernet eth1 description", # "delete interfaces ethernet eth1 mtu", # "delete interfaces ethernet eth1 vif 100 description", # "delete interfaces ethernet eth1 vif 100 disable", # "delete interfaces ethernet eth0 mtu", # "set interfaces ethernet eth0 description 'Outbound Interface For The Appliance'", # "delete interfaces ethernet eth2 description", # "delete interfaces ethernet eth2 mtu", # "set interfaces ethernet eth2 duplex 'auto'", # "delete interfaces ethernet eth2 disable", # "set interfaces ethernet eth2 speed 'auto'", # "delete interfaces ethernet eth3 description", # "set interfaces ethernet eth3 mtu '1200'" # ], # # "after": [ # { # "enabled": true, # "name": "lo" # }, # { # "enabled": true, # "name": "vti1" # }, # { # "enabled": true, # "mtu": 1200, # "name": "eth3" # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth2", # "speed": "auto" # }, # { # "enabled": true, # "name": "eth1", # "vifs": [ # { # "enabled": true, # "vlan_id": "100" # } # ] # }, # { # "description": "Outbound Interface For The Appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------ # After state # ------------ # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Outbound Interface For The Appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth1 vif 100 # set interfaces ethernet eth2 duplex 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 speed 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 mtu '1200' # set interfaces loopback lo # set interfaces vti vti1 # # # Using deleted # # # ------------- # Before state # ------------- # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond0 mtu '1300' # set interfaces bonding bond1 description 'LAG - 1' # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Outbound Interface for this appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible Network' # set interfaces ethernet eth1 duplex 'full' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth1 speed '100' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 disable # set interfaces ethernet eth2 duplex 'full' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 mtu '600' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth2 speed '100' # set interfaces ethernet eth3 description 'Configured by Ansible Network' # set interfaces ethernet eth3 duplex 'full' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 speed '100' # set interfaces loopback lo # # - name: Delete attributes of given interfaces (Note - This won't delete the interfaces themselves) vyos.vyos.vyos_interfaces: config: - name: bond1 - name: eth1 - name: eth2 - name: eth3 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "enabled": true, # "mtu": 1300, # "name": "bond0" # }, # { # "description": "LAG - 1", # "enabled": true, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "description": "Configured by Ansible Network", # "duplex": "full", # "enabled": true, # "name": "eth3", # "speed": "100" # }, # { # "description": "Configured by Ansible", # "duplex": "full", # "enabled": false, # "mtu": 600, # "name": "eth2", # "speed": "100" # }, # { # "description": "Configured by Ansible Network", # "duplex": "full", # "enabled": true, # "name": "eth1", # "speed": "100" # }, # { # "description": "Outbound Interface for this appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # "commands": [ # "delete interfaces bonding bond1 description", # "delete interfaces ethernet eth1 speed", # "delete interfaces ethernet eth1 duplex", # "delete interfaces ethernet eth1 description", # "delete interfaces ethernet eth2 speed", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth2 duplex", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth2 description", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth2 mtu", # "delete interfaces ethernet eth2 disable", # "delete interfaces ethernet eth3 speed", # "delete interfaces ethernet eth3 duplex", # "delete interfaces ethernet eth3 description" # ] # # "after": [ # { # "enabled": true, # "mtu": 1300, # "name": "bond0" # }, # { # "enabled": true, # "name": "bond1" # }, # { # "enabled": true, # "name": "lo" # }, # { # "enabled": true, # "name": "eth3" # }, # { # "enabled": true, # "name": "eth2" # }, # { # "enabled": true, # "name": "eth1" # }, # { # "description": "Outbound Interface for this appliance", # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # ------------ # After state # ------------ # # vyos@vyos:~$ show configuration commands | grep interfaces # set interfaces bonding bond0 mtu '1300' # set interfaces bonding bond1 # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 description 'Outbound Interface for this appliance' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ea:0f:b9' # set interfaces ethernet eth1 smp-affinity 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth2 smp-affinity 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces loopback lo # # # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible' # set interfaces ethernet eth1 duplex 'auto' # set interfaces ethernet eth1 mtu '1500' # set interfaces ethernet eth1 speed 'auto' # set interfaces ethernet eth1 vif 200 description 'VIF - 200' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 duplex 'auto' # set interfaces ethernet eth2 mtu '1500' # set interfaces ethernet eth2 speed 'auto' # set interfaces ethernet eth2 vif 200 description 'VIF - 200' # - name: Gather listed interfaces with provided configurations vyos.vyos.vyos_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth2", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth1", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] # # # After state: # ------------- # # vyos@192# run show configuration commands | grep interfaces # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 description 'Configured by Ansible' # set interfaces ethernet eth1 duplex 'auto' # set interfaces ethernet eth1 mtu '1500' # set interfaces ethernet eth1 speed 'auto' # set interfaces ethernet eth1 vif 200 description 'VIF - 200' # set interfaces ethernet eth2 description 'Configured by Ansible' # set interfaces ethernet eth2 duplex 'auto' # set interfaces ethernet eth2 mtu '1500' # set interfaces ethernet eth2 speed 'auto' # set interfaces ethernet eth2 vif 200 description 'VIF - 200' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_interfaces: config: - name: eth0 enabled: true duplex: auto speed: auto - name: eth1 description: Configured by Ansible - Interface 1 mtu: 1500 speed: auto duplex: auto enabled: true vifs: - vlan_id: 100 description: Eth1 - VIF 100 mtu: 400 enabled: true - vlan_id: 101 description: Eth1 - VIF 101 enabled: true - name: eth2 description: Configured by Ansible - Interface 2 (ADMIN DOWN) mtu: 600 enabled: false state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces ethernet eth0 duplex 'auto'", # "set interfaces ethernet eth0 speed 'auto'", # "delete interfaces ethernet eth0 disable", # "set interfaces ethernet eth1 duplex 'auto'", # "delete interfaces ethernet eth1 disable", # "set interfaces ethernet eth1 speed 'auto'", # "set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1'", # "set interfaces ethernet eth1 mtu '1500'", # "set interfaces ethernet eth1 vif 100 description 'Eth1 - VIF 100'", # "set interfaces ethernet eth1 vif 100 mtu '400'", # "set interfaces ethernet eth1 vif 101 description 'Eth1 - VIF 101'", # "set interfaces ethernet eth2 disable", # "set interfaces ethernet eth2 description 'Configured by Ansible - Interface 2 (ADMIN DOWN)'", # "set interfaces ethernet eth2 mtu '600'" # ] # Using parsed # # - name: Parse the configuration. vyos.vyos.vyos_interfaces: running_config: "set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' set interfaces ethernet eth0 smp_affinity 'auto' set interfaces ethernet eth0 speed 'auto' set interfaces ethernet eth1 description 'Configured by Ansible' set interfaces ethernet eth1 duplex 'auto' set interfaces ethernet eth1 mtu '1500' set interfaces ethernet eth1 speed 'auto' set interfaces ethernet eth1 vif 200 description 'VIF - 200' set interfaces ethernet eth2 description 'Configured by Ansible' set interfaces ethernet eth2 duplex 'auto' set interfaces ethernet eth2 mtu '1500' set interfaces ethernet eth2 speed 'auto' set interfaces ethernet eth2 vif 200 description 'VIF - 200'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth2", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "description": "Configured by Ansible", # "duplex": "auto", # "enabled": true, # "mtu": 1500, # "name": "eth1", # "speed": "auto", # "vifs": [ # { # "description": "VIF - 200", # "enabled": true, # "vlan_id": 200 # } # ] # }, # { # "duplex": "auto", # "enabled": true, # "name": "eth0", # "speed": "auto" # } # ] Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The configuration as structured data after module completion.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration as structured data prior to module invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set interfaces ethernet eth1 mtu 1200', 'set interfaces ethernet eth2 vif 100 description VIF 100']


Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@nilashishc) - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_l3_interface_module.rst b/docs/vyos.vyos.vyos_l3_interface_module.rst index a8fe604..8c76dcb 100644 --- a/docs/vyos.vyos.vyos_l3_interface_module.rst +++ b/docs/vyos.vyos.vyos_l3_interface_module.rst @@ -1,396 +1,396 @@ .. _vyos.vyos.vyos_l3_interface_module: *************************** vyos.vyos.vyos_l3_interface *************************** **(deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_l3_interfaces Synopsis -------- - This module provides declarative management of L3 interfaces on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
aggregate
list / elements=dictionary
List of L3 interfaces definitions
ipv4
string
IPv4 of the L3 interface.
ipv6
string
IPv6 of the L3 interface.
name
string / required
Name of the L3 interface.
state
string
    Choices:
  • present
  • absent
State of the L3 interface configuration.
ipv4
string
IPv4 of the L3 interface.
ipv6
string
IPv6 of the L3 interface.
name
string
Name of the L3 interface.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
State of the L3 interface configuration.

Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: Set eth0 IPv4 address vyos.vyos.vyos_l3_interface: name: eth0 ipv4: 192.168.0.1/24 - name: Remove eth0 IPv4 address vyos.vyos.vyos_l3_interface: name: eth0 state: absent - name: Set IP addresses on aggregate vyos.vyos.vyos_l3_interface: aggregate: - {name: eth1, ipv4: 192.168.2.10/24} - {name: eth2, ipv4: 192.168.3.10/24, ipv6: fd5d:12c9:2201:1::1/64} - name: Remove IP addresses on aggregate vyos.vyos.vyos_l3_interface: aggregate: - {name: eth1, ipv4: 192.168.2.10/24} - {name: eth2, ipv4: 192.168.3.10/24, ipv6: fd5d:12c9:2201:1::1/64} state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always, except for the platforms that use Netconf transport to manage the device.
The list of configuration mode commands to send to the device

Sample:
["set interfaces ethernet eth0 address '192.168.0.1/24'"]


Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) diff --git a/docs/vyos.vyos.vyos_l3_interfaces_module.rst b/docs/vyos.vyos.vyos_l3_interfaces_module.rst index 38dd3e9..94b3d58 100644 --- a/docs/vyos.vyos.vyos_l3_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_l3_interfaces_module.rst @@ -1,771 +1,771 @@ .. _vyos.vyos.vyos_l3_interfaces_module: **************************** vyos.vyos.vyos_l3_interfaces **************************** **L3 interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages the L3 interface attributes on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
The provided L3 interfaces configuration.
ipv4
list / elements=dictionary
List of IPv4 addresses of the interface.
address
string
IPv4 address of the interface.
ipv6
list / elements=dictionary
List of IPv6 addresses of the interface.
address
string
IPv6 address of the interface.
name
string / required
Full name of the interface, e.g. eth0, eth1.
vifs
list / elements=dictionary
Virtual sub-interfaces L3 configurations.
ipv4
list / elements=dictionary
List of IPv4 addresses of the virtual interface.
address
string
IPv4 address of the virtual interface.
ipv6
list / elements=dictionary
List of IPv6 addresses of the virtual interface.
address
string
IPv6 address of the virtual interface.
vlan_id
integer
Identifier for the virtual sub-interface.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep -e eth[2,3].
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • parsed
  • gathered
  • rendered
The state of the configuration after module completion.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3] # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 # set interfaces ethernet eth3 vif 102 - name: Merge provided configuration with device configuration vyos.vyos.vyos_l3_interfaces: config: - name: eth2 ipv4: - address: 192.0.2.10/28 - address: 198.51.100.40/27 ipv6: - address: 2001:db8:100::2/32 - address: 2001:db8:400::10/32 - name: eth3 ipv4: - address: 203.0.113.65/26 vifs: - vlan_id: 101 ipv4: - address: 192.0.2.71/28 - address: 198.51.100.131/25 - vlan_id: 102 ipv6: - address: 2001:db8:1000::5/38 - address: 2001:db8:1400::3/38 state: merged # After state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3] # set interfaces ethernet eth2 address '192.0.2.10/28' # set interfaces ethernet eth2 address '198.51.100.40/27' # set interfaces ethernet eth2 address '2001:db8:100::2/32' # set interfaces ethernet eth2 address '2001:db8:400::10/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '203.0.113.65/26' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '192.0.2.71/28' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:1000::5/38' # set interfaces ethernet eth3 vif 102 address '2001:db8:1400::3/38' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' # Using replaced # # Before state: # ------------- # # vyos:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::11/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '198.51.100.10/24' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '198.51.100.130/25' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' # - name: Replace device configurations of listed interfaces with provided configurations vyos.vyos.vyos_l3_interfaces: config: - name: eth2 ipv4: - address: 192.0.2.10/24 - name: eth3 ipv6: - address: 2001:db8::11/32 state: replaced # After state: # ------------- # # vyos:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 address '2001:db8::11/32' # set interfaces ethernet eth3 vif 101 # set interfaces ethernet eth3 vif 102 # Using overridden # # Before state # -------------- # # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::11/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '198.51.100.10/24' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '198.51.100.130/25' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_l3_interfaces: config: - name: eth0 ipv4: - address: dhcp ipv6: - address: dhcpv6 state: overridden # After state # ------------ # # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 address 'dhcpv6' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 # set interfaces ethernet eth3 vif 102 # Using deleted # # Before state # ------------- # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:30:f0:22' # set interfaces ethernet eth0 smp-affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:EA:0F:B9' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::11/32' # set interfaces ethernet eth2 hw-id '08:00:27:c2:98:23' # set interfaces ethernet eth3 address '198.51.100.10/24' # set interfaces ethernet eth3 hw-id '08:00:27:43:70:8c' # set interfaces ethernet eth3 vif 101 address '198.51.100.130/25' # set interfaces ethernet eth3 vif 101 address '198.51.100.131/25' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::3/34' # set interfaces ethernet eth3 vif 102 address '2001:db8:4000::2/34' - name: Delete L3 attributes of given interfaces (Note - This won't delete the interface itself) vyos.vyos.vyos_l3_interfaces: config: - name: eth1 - name: eth2 - name: eth3 state: deleted # After state # ------------ # vyos@vyos-appliance:~$ show configuration commands | grep eth # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:f3:6c:b5' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 hw-id '08:00:27:ad:ef:65' # set interfaces ethernet eth1 smp_affinity 'auto' # set interfaces ethernet eth2 hw-id '08:00:27:ab:4e:79' # set interfaces ethernet eth2 smp_affinity 'auto' # set interfaces ethernet eth3 hw-id '08:00:27:17:3c:85' # set interfaces ethernet eth3 smp_affinity 'auto' # Using gathered # # Before state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3,0] # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::12/32' # - name: Gather listed l3 interfaces with provided configurations vyos.vyos.vyos_l3_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "ipv4": [ # { # "address": "192.0.2.11/24" # }, # { # "address": "192.0.2.10/24" # } # ], # "ipv6": [ # { # "address": "2001:db8::10/32" # }, # { # "address": "2001:db8::12/32" # } # ], # "name": "eth2" # }, # { # "ipv4": [ # { # "address": "192.0.2.14/24" # } # ], # "name": "eth1" # }, # { # "ipv4": [ # { # "address": "dhcp" # } # ], # "name": "eth0" # } # ] # # # After state: # ------------- # # vyos:~$ show configuration commands | grep -e eth[2,3] # set interfaces ethernet eth0 address 'dhcp' # set interfaces ethernet eth0 duplex 'auto' # set interfaces ethernet eth0 hw-id '08:00:27:50:5e:19' # set interfaces ethernet eth0 smp_affinity 'auto' # set interfaces ethernet eth0 speed 'auto' # set interfaces ethernet eth1 address '192.0.2.14/24' # set interfaces ethernet eth2 address '192.0.2.11/24' # set interfaces ethernet eth2 address '192.0.2.10/24' # set interfaces ethernet eth2 address '2001:db8::10/32' # set interfaces ethernet eth2 address '2001:db8::12/32' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_l3_interfaces: config: - name: eth1 ipv4: - address: 192.0.2.14/24 - name: eth2 ipv4: - address: 192.0.2.10/24 - address: 192.0.2.11/24 ipv6: - address: 2001:db8::10/32 - address: 2001:db8::12/32 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces ethernet eth1 address '192.0.2.14/24'", # "set interfaces ethernet eth2 address '192.0.2.11/24'", # "set interfaces ethernet eth2 address '192.0.2.10/24'", # "set interfaces ethernet eth2 address '2001:db8::10/32'", # "set interfaces ethernet eth2 address '2001:db8::12/32'" # ] # Using parsed # # - name: parse the provided running configuration vyos.vyos.vyos_l3_interfaces: running_config: "set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth1 address '192.0.2.14/24' set interfaces ethernet eth2 address '192.0.2.10/24' set interfaces ethernet eth2 address '192.0.2.11/24' set interfaces ethernet eth2 address '2001:db8::10/32' set interfaces ethernet eth2 address '2001:db8::12/32'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "ipv4": [ # { # "address": "192.0.2.10/24" # }, # { # "address": "192.0.2.11/24" # } # ], # "ipv6": [ # { # "address": "2001:db8::10/32" # }, # { # "address": "2001:db8::12/32" # } # ], # "name": "eth2" # }, # { # "ipv4": [ # { # "address": "192.0.2.14/24" # } # ], # "name": "eth1" # }, # { # "ipv4": [ # { # "address": "dhcp" # } # ], # "name": "eth0" # } # ] Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The configuration as structured data after module completion.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration as structured data prior to module invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set interfaces ethernet eth1 192.0.2.14/2', 'set interfaces ethernet eth3 vif 101 address 198.51.100.130/25']


Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@NilashishC) - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_lag_interfaces_module.rst b/docs/vyos.vyos.vyos_lag_interfaces_module.rst index 153e20e..52da867 100644 --- a/docs/vyos.vyos.vyos_lag_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_lag_interfaces_module.rst @@ -1,947 +1,947 @@ .. _vyos.vyos.vyos_lag_interfaces_module: ***************************** vyos.vyos.vyos_lag_interfaces ***************************** **LAG interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages attributes of link aggregation groups on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A list of link aggregation group configurations.
arp_monitor
dictionary
ARP Link monitoring parameters.
interval
integer
ARP link monitoring frequency in milliseconds.
target
list / elements=string
IP address to use for ARP monitoring.
hash_policy
string
    Choices:
  • layer2
  • layer2+3
  • layer3+4
LAG or bonding transmit hash policy.
members
list / elements=dictionary
List of member interfaces for the LAG (bond).
member
string
Name of the member interface.
mode
string
    Choices:
  • 802.3ad
  • active-backup
  • broadcast
  • round-robin
  • transmit-load-balance
  • adaptive-load-balance
  • xor-hash
LAG or bond mode.
name
string / required
Name of the link aggregation group (LAG) or bond.
primary
string
Primary device interfaces for the LAG (bond).
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep bond.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • parsed
  • gathered
  • rendered
The state of the configuration after module completion.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 # set interfaces bonding bond3 # - name: Merge provided configuration with device configuration vyos.vyos.vyos_lag_interfaces: config: - name: bond2 mode: active-backup members: - member: eth2 - member: eth1 hash_policy: layer2 primary: eth2 - name: bond3 mode: active-backup hash_policy: layer2+3 members: - member: eth3 primary: eth3 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "name": "bond2" # }, # { # "name": "bond3" # } # ], # # "commands": [ # "set interfaces bonding bond2 hash-policy 'layer2'", # "set interfaces bonding bond2 mode 'active-backup'", # "set interfaces ethernet eth2 bond-group bond2", # "set interfaces ethernet eth1 bond-group bond2", # "set interfaces bonding bond2 primary 'eth2'", # "set interfaces bonding bond3 hash-policy 'layer2+3'", # "set interfaces bonding bond3 mode 'active-backup'", # "set interfaces ethernet eth3 bond-group bond3", # "set interfaces bonding bond3 primary 'eth3'" # ] # # "after": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2+3' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2+3' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # - name: Replace device configurations of listed LAGs with provided configurations vyos.vyos.vyos_lag_interfaces: config: - name: bond3 mode: 802.3ad hash_policy: layer2 members: - member: eth3 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ], # # "commands": [ # "delete interfaces bonding bond3 primary", # "set interfaces bonding bond3 hash-policy 'layer2'", # "set interfaces bonding bond3 mode '802.3ad'" # ], # # "after": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth3" # } # ], # "mode": "802.3ad", # "name": "bond3" # } # ], # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2' # set interfaces bonding bond3 mode '802.3ad' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2' # set interfaces bonding bond3 mode '802.3ad' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_lag_interfaces: config: - name: bond3 mode: active-backup members: - member: eth1 - member: eth2 - member: eth3 primary: eth3 hash_policy: layer2 state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth3" # } # ], # "mode": "802.3ad", # "name": "bond3" # } # ], # # "commands": [ # "delete interfaces bonding bond2 hash-policy", # "delete interfaces ethernet eth1 bond-group bond2", # "delete interfaces ethernet eth2 bond-group bond2", # "delete interfaces bonding bond2 mode", # "delete interfaces bonding bond2 primary", # "set interfaces bonding bond3 mode 'active-backup'", # "set interfaces ethernet eth1 bond-group bond3", # "set interfaces ethernet eth2 bond-group bond3", # "set interfaces bonding bond3 primary 'eth3'" # ], # # "after": [ # { # "name": "bond2" # }, # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # }, # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ], # # # After state # ------------ # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 # set interfaces bonding bond3 hash-policy 'layer2' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond3' # set interfaces ethernet eth2 bond-group 'bond3' # set interfaces ethernet eth3 bond-group 'bond3' # Using deleted # # Before state # ------------- # # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 hash-policy 'layer2' # set interfaces bonding bond2 mode 'active-backup' # set interfaces bonding bond2 primary 'eth2' # set interfaces bonding bond3 hash-policy 'layer2+3' # set interfaces bonding bond3 mode 'active-backup' # set interfaces bonding bond3 primary 'eth3' # set interfaces ethernet eth1 bond-group 'bond2' # set interfaces ethernet eth2 bond-group 'bond2' # set interfaces ethernet eth3 bond-group 'bond3' # - name: Delete LAG attributes of given interfaces (Note This won't delete the interface itself) vyos.vyos.vyos_lag_interfaces: config: - name: bond2 - name: bond3 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # }, # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond2", # "primary": "eth2" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth3" # } # ], # "mode": "active-backup", # "name": "bond3", # "primary": "eth3" # } # ], # "commands": [ # "delete interfaces bonding bond2 hash-policy", # "delete interfaces ethernet eth1 bond-group bond2", # "delete interfaces ethernet eth2 bond-group bond2", # "delete interfaces bonding bond2 mode", # "delete interfaces bonding bond2 primary", # "delete interfaces bonding bond3 hash-policy", # "delete interfaces ethernet eth3 bond-group bond3", # "delete interfaces bonding bond3 mode", # "delete interfaces bonding bond3 primary" # ], # # "after": [ # { # "name": "bond2" # }, # { # "name": "bond3" # } # ], # # After state # ------------ # vyos@vyos:~$ show configuration commands | grep bond # set interfaces bonding bond2 # set interfaces bonding bond3 # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep bond # set interfaces bonding bond0 hash-policy 'layer2' # set interfaces bonding bond0 mode 'active-backup' # set interfaces bonding bond0 primary 'eth1' # set interfaces bonding bond1 hash-policy 'layer2+3' # set interfaces bonding bond1 mode 'active-backup' # set interfaces bonding bond1 primary 'eth2' # set interfaces ethernet eth1 bond-group 'bond0' # set interfaces ethernet eth2 bond-group 'bond1' # - name: Gather listed lag interfaces with provided configurations vyos.vyos.vyos_lag_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", # "description": "This is ipv6 specific rule-set", # "name": "UPLINK", # "rules": [ # { # "action": "accept", # "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 1 # }, # { # "action": "accept", # "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 2 # } # ] # } # ] # }, # { # "afi": "ipv4", # "rule_sets": [ # { # "default_action": "accept", # "description": "IPv4 INBOUND rule set", # "name": "INBOUND", # "rules": [ # { # "action": "accept", # "description": "Rule 101 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 101 # }, # { # "action": "reject", # "description": "Rule 102 is configured by Ansible", # "ipsec": "match-ipsec", # "number": 102 # }, # { # "action": "accept", # "description": "Rule 103 is configured by Ansible", # "destination": { # "group": { # "address_group": "inbound" # } # }, # "number": 103, # "source": { # "address": "192.0.2.0" # }, # "state": { # "established": true, # "invalid": false, # "new": false, # "related": true # } # } # ] # } # ] # } # ] # # # After state: # ------------- # # vyos@192# run show configuration commands | grep bond # set interfaces bonding bond0 hash-policy 'layer2' # set interfaces bonding bond0 mode 'active-backup' # set interfaces bonding bond0 primary 'eth1' # set interfaces bonding bond1 hash-policy 'layer2+3' # set interfaces bonding bond1 mode 'active-backup' # set interfaces bonding bond1 primary 'eth2' # set interfaces ethernet eth1 bond-group 'bond0' # set interfaces ethernet eth2 bond-group 'bond1' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_lag_interfaces: config: - name: bond0 hash_policy: layer2 members: - member: eth1 mode: active-backup primary: eth1 - name: bond1 hash_policy: layer2+3 members: - member: eth2 mode: active-backup primary: eth2 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set interfaces bonding bond0 hash-policy 'layer2'", # "set interfaces ethernet eth1 bond-group 'bond0'", # "set interfaces bonding bond0 mode 'active-backup'", # "set interfaces bonding bond0 primary 'eth1'", # "set interfaces bonding bond1 hash-policy 'layer2+3'", # "set interfaces ethernet eth2 bond-group 'bond1'", # "set interfaces bonding bond1 mode 'active-backup'", # "set interfaces bonding bond1 primary 'eth2'" # ] # Using parsed # # - name: Parsed the commands for provided configuration vyos.vyos.vyos_l3_interfaces: running_config: "set interfaces bonding bond0 hash-policy 'layer2' set interfaces bonding bond0 mode 'active-backup' set interfaces bonding bond0 primary 'eth1' set interfaces bonding bond1 hash-policy 'layer2+3' set interfaces bonding bond1 mode 'active-backup' set interfaces bonding bond1 primary 'eth2' set interfaces ethernet eth1 bond-group 'bond0' set interfaces ethernet eth2 bond-group 'bond1'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "hash_policy": "layer2", # "members": [ # { # "member": "eth1" # } # ], # "mode": "active-backup", # "name": "bond0", # "primary": "eth1" # }, # { # "hash_policy": "layer2+3", # "members": [ # { # "member": "eth2" # } # ], # "mode": "active-backup", # "name": "bond1", # "primary": "eth2" # } # ] Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The configuration as structured data after module completion.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration as structured data prior to module invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set interfaces bonding bond2', 'set interfaces bonding bond2 hash-policy layer2']


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_linkagg_module.rst b/docs/vyos.vyos.vyos_linkagg_module.rst index ae7eea7..f7586d6 100644 --- a/docs/vyos.vyos.vyos_linkagg_module.rst +++ b/docs/vyos.vyos.vyos_linkagg_module.rst @@ -1,424 +1,424 @@ .. _vyos.vyos.vyos_linkagg_module: ********************** vyos.vyos.vyos_linkagg ********************** **(deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_lag_interfaces Synopsis -------- - This module provides declarative management of link aggregation groups on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
aggregate
list / elements=dictionary
List of link aggregation definitions.
members
list / elements=string
List of members of the link aggregation group.
mode
string
    Choices:
  • 802.3ad
  • active-backup
  • broadcast
  • round-robin
  • transmit-load-balance
  • adaptive-load-balance
  • xor-hash
  • on
Mode of the link aggregation group.
name
string / required
Name of the link aggregation group.
state
string
    Choices:
  • present
  • absent
  • up
  • down
State of the link aggregation group.
members
list / elements=string
List of members of the link aggregation group.
mode
string
    Choices:
  • 802.3ad ←
  • active-backup
  • broadcast
  • round-robin
  • transmit-load-balance
  • adaptive-load-balance
  • xor-hash
  • on
Mode of the link aggregation group.
name
string
Name of the link aggregation group.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
  • up
  • down
State of the link aggregation group.

Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: configure link aggregation group vyos.vyos.vyos_linkagg: name: bond0 members: - eth0 - eth1 - name: remove configuration vyos.vyos.vyos_linkagg: name: bond0 state: absent - name: Create aggregate of linkagg definitions vyos.vyos.vyos_linkagg: aggregate: - {name: bond0, members: [eth1]} - {name: bond1, members: [eth2]} - name: Remove aggregate of linkagg definitions vyos.vyos.vyos_linkagg: aggregate: - name: bond0 - name: bond1 state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always, except for the platforms that use Netconf transport to manage the device.
The list of configuration mode commands to send to the device

Sample:
['set interfaces bonding bond0', "set interfaces ethernet eth0 bond-group 'bond0'", "set interfaces ethernet eth1 bond-group 'bond0'"]


Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) diff --git a/docs/vyos.vyos.vyos_lldp_global_module.rst b/docs/vyos.vyos.vyos_lldp_global_module.rst index 9224421..851ed20 100644 --- a/docs/vyos.vyos.vyos_lldp_global_module.rst +++ b/docs/vyos.vyos.vyos_lldp_global_module.rst @@ -1,609 +1,609 @@ .. _vyos.vyos.vyos_lldp_global_module: ************************** vyos.vyos.vyos_lldp_global ************************** **LLDP global resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages link layer discovery protocol (LLDP) attributes on VyOS devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
dictionary
The provided link layer discovery protocol (LLDP) configuration.
address
string
This argument defines management-address.
enable
boolean
    Choices:
  • no
  • yes
This argument is a boolean value to enable or disable LLDP.
legacy_protocols
list / elements=string
    Choices:
  • cdp
  • edp
  • fdp
  • sonmp
List of the supported legacy protocols.
snmp
string
This argument enable the SNMP queries to LLDP database.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep lldp.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • deleted
  • gathered
  • rendered
  • parsed
The state of the configuration after module completion.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands|grep lldp # - name: Merge provided configuration with device configuration vyos.vyos.vyos_lldp_global: config: legacy_protocols: - fdp - cdp snmp: enable address: 192.0.2.11 state: merged # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [] # # "commands": [ # "set service lldp legacy-protocols fdp", # "set service lldp legacy-protocols cdp", # "set service lldp snmp enable", # "set service lldp management-address '192.0.2.11'" # ] # # "after": [ # { # "snmp": "enable" # }, # { # "address": "192.0.2.11" # }, # { # "legacy_protocols": [ # "cdp", # "fdp" # ] # } # { # "enable": true # } # ] # # After state: # ------------- # # set service lldp legacy-protocols cdp # set service lldp legacy-protocols fdp # set service lldp management-address '192.0.2.11' # set service lldp snmp enable # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp legacy-protocols cdp # set service lldp legacy-protocols fdp # set service lldp management-address '192.0.2.11' # set service lldp snmp enable # - name: Replace device configurations with provided configurations vyos.vyos.vyos_lldp_global: config: legacy_protocols: - edp - sonmp - cdp address: 192.0.2.14 state: replaced # # # ------------------------ # Module Execution Results # ------------------------ # # # "before": [ # { # "snmp": "enable" # }, # { # "address": "192.0.2.11" # }, # { # "legacy_protocols": [ # "cdp", # "fdp" # ] # } # { # "enable": true # } # ] # "commands": [ # "delete service lldp snmp", # "delete service lldp legacy-protocols fdp", # "set service lldp management-address '192.0.2.14'", # "set service lldp legacy-protocols edp", # "set service lldp legacy-protocols sonmp" # ] # # "after": [ # { # "address": "192.0.2.14" # }, # { # "legacy_protocols": [ # "cdp", # "edp", # "sonmp" # ] # } # { # "enable": true # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands|grep lldp # set service lldp legacy-protocols cdp # set service lldp legacy-protocols edp # set service lldp legacy-protocols sonmp # set service lldp management-address '192.0.2.14' # Using deleted # # Before state # ------------- # vyos@vyos:~$ show configuration commands|grep lldp # set service lldp legacy-protocols cdp # set service lldp legacy-protocols edp # set service lldp legacy-protocols sonmp # set service lldp management-address '192.0.2.14' # - name: Delete attributes of given lldp service (This won't delete the LLDP service itself) vyos.vyos.vyos_lldp_global: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "address": "192.0.2.14" # }, # { # "legacy_protocols": [ # "cdp", # "edp", # "sonmp" # ] # } # { # "enable": true # } # ] # # "commands": [ # "delete service lldp management-address", # "delete service lldp legacy-protocols" # ] # # "after": [ # { # "enable": true # } # ] # # After state # ------------ # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp legacy-protocols 'cdp' # set service lldp management-address '192.0.2.17' # - name: Gather lldp global config with provided configurations vyos.vyos.vyos_lldp_global: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "config_trap": true, # "group": { # "address_group": [ # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.3.1" # }, # { # "address": "192.0.3.2" # } # ], # "name": "ENG-HOSTS" # }, # { # "description": "Sales office hosts address list", # "members": [ # { # "address": "192.0.2.1" # }, # { # "address": "192.0.2.2" # }, # { # "address": "192.0.2.3" # } # ], # "name": "SALES-HOSTS" # } # ], # "network_group": [ # { # "description": "This group has the Management network addresses", # "members": [ # { # "address": "192.0.1.0/24" # } # ], # "name": "MGMT" # } # ] # }, # "log_martians": true, # "ping": { # "all": true, # "broadcast": true # }, # "route_redirects": [ # { # "afi": "ipv4", # "icmp_redirects": { # "receive": false, # "send": true # }, # "ip_src_route": true # } # ], # "state_policy": [ # { # "action": "accept", # "connection_type": "established", # "log": true # }, # { # "action": "reject", # "connection_type": "invalid" # } # ], # "syn_cookies": true, # "twa_hazards_protection": true, # "validation": "strict" # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp legacy-protocols 'cdp' # set service lldp management-address '192.0.2.17' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_lldp_global: config: address: 192.0.2.17 enable: true legacy_protocols: - cdp state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set service lldp legacy-protocols 'cdp'", # "set service lldp", # "set service lldp management-address '192.0.2.17'" # ] # # Using parsed # # - name: Parse the provided commands to provide structured configuration vyos.vyos.vyos_lldp_global: running_config: "set service lldp legacy-protocols 'cdp' set service lldp legacy-protocols 'fdp' set service lldp management-address '192.0.2.11'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "address": "192.0.2.11", # "enable": true, # "legacy_protocols": [ # "cdp", # "fdp" # ] # } # Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The configuration as structured data after module completion.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration as structured data prior to module invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set service lldp legacy-protocols sonmp', "set service lldp management-address '192.0.2.14'"]


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_lldp_interface_module.rst b/docs/vyos.vyos.vyos_lldp_interface_module.rst index 1c860e7..0103664 100644 --- a/docs/vyos.vyos.vyos_lldp_interface_module.rst +++ b/docs/vyos.vyos.vyos_lldp_interface_module.rst @@ -1,344 +1,344 @@ .. _vyos.vyos.vyos_lldp_interface_module: ***************************** vyos.vyos.vyos_lldp_interface ***************************** **(deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_lldp_interfaces Synopsis -------- - This module provides declarative management of LLDP interfaces configuration on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
aggregate
list / elements=dictionary
List of interfaces LLDP should be configured on.
name
string / required
Name of the interface LLDP should be configured on.
state
string
    Choices:
  • present
  • absent
  • enabled
  • disabled
State of the LLDP configuration.
name
string
Name of the interface LLDP should be configured on.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
  • enabled
  • disabled
State of the LLDP configuration.

Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: Enable LLDP on eth1 net_lldp_interface: state: present - name: Enable LLDP on specific interfaces net_lldp_interface: interfaces: - eth1 - eth2 state: present - name: Disable LLDP globally net_lldp_interface: state: disabled - name: Create aggregate of LLDP interface configurations vyos.vyos.vyos_lldp_interface: aggregate: - name: eth1 - name: eth2 state: present - name: Delete aggregate of LLDP interface configurations vyos.vyos.vyos_lldp_interface: aggregate: - name: eth1 - name: eth2 state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always, except for the platforms that use Netconf transport to manage the device.
The list of configuration mode commands to send to the device

Sample:
['set service lldp eth1', 'set service lldp eth2 disable']


Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) diff --git a/docs/vyos.vyos.vyos_lldp_interfaces_module.rst b/docs/vyos.vyos.vyos_lldp_interfaces_module.rst index c5ea47b..030cd73 100644 --- a/docs/vyos.vyos.vyos_lldp_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_lldp_interfaces_module.rst @@ -1,928 +1,928 @@ .. _vyos.vyos.vyos_lldp_interfaces_module: ****************************** vyos.vyos.vyos_lldp_interfaces ****************************** **LLDP interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages attributes of lldp interfaces on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A list of lldp interfaces configurations.
enable
boolean
    Choices:
  • no
  • yes ←
to disable lldp on the interface.
location
dictionary
LLDP-MED location data.
civic_based
dictionary
Civic-based location data.
ca_info
list / elements=dictionary
LLDP-MED address info
ca_type
integer
LLDP-MED Civic Address type.
ca_value
string
LLDP-MED Civic Address value.
country_code
string / required
Country Code
coordinate_based
dictionary
Coordinate-based location.
altitude
integer
Altitude in meters.
datum
string
    Choices:
  • WGS84
  • NAD83
  • MLLW
Coordinate datum type.
latitude
string / required
Latitude.
longitude
string / required
Longitude.
elin
string
Emergency Call Service ELIN number (between 10-25 numbers).
name
string / required
Name of the lldp interface.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep lldp.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • rendered
  • parsed
  • gathered
The state of the configuration after module completion.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # - name: Merge provided configuration with device configuration vyos.vyos.vyos_lldp_interfaces: config: - name: eth1 location: civic_based: country_code: US ca_info: - ca_type: 0 ca_value: ENGLISH - name: eth2 location: coordinate_based: altitude: 2200 datum: WGS84 longitude: 222.267255W latitude: 33.524449N state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set service lldp interface eth1 location civic-based country-code 'US'", # "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'", # "set service lldp interface eth1", # "set service lldp interface eth2 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth2 location coordinate-based altitude '2200'", # "set service lldp interface eth2 location coordinate-based datum 'WGS84'", # "set service lldp interface eth2 location coordinate-based longitude '222.267255W'", # "set service lldp interface eth2 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth2 location coordinate-based altitude '2200'", # "set service lldp interface eth2 location coordinate-based datum 'WGS84'", # "set service lldp interface eth2 location coordinate-based longitude '222.267255W'", # "set service lldp interface eth2" # # "after": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ], # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # - name: Replace device configurations of listed LLDP interfaces with provided configurations vyos.vyos.vyos_lldp_interfaces: config: - name: eth2 location: civic_based: country_code: US ca_info: - ca_type: 0 ca_value: ENGLISH - name: eth1 location: coordinate_based: altitude: 2200 datum: WGS84 longitude: 222.267255W latitude: 33.524449N state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ] # # "commands": [ # "delete service lldp interface eth2 location", # "set service lldp interface eth2 'disable'", # "set service lldp interface eth2 location civic-based country-code 'US'", # "set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'", # "delete service lldp interface eth1 location", # "set service lldp interface eth1 'disable'", # "set service lldp interface eth1 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth1 location coordinate-based altitude '2200'", # "set service lldp interface eth1 location coordinate-based datum 'WGS84'", # "set service lldp interface eth1 location coordinate-based longitude '222.267255W'" # ] # # "after": [ # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth2" # }, # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth1" # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 'disable' # set service lldp interface eth1 location coordinate-based altitude '2200' # set service lldp interface eth1 location coordinate-based datum 'WGS84' # set service lldp interface eth1 location coordinate-based latitude '33.524449N' # set service lldp interface eth1 location coordinate-based longitude '222.267255W' # set service lldp interface eth2 'disable' # set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth2 location civic-based country-code 'US' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands | grep lldp # set service lldp interface eth1 'disable' # set service lldp interface eth1 location coordinate-based altitude '2200' # set service lldp interface eth1 location coordinate-based datum 'WGS84' # set service lldp interface eth1 location coordinate-based latitude '33.524449N' # set service lldp interface eth1 location coordinate-based longitude '222.267255W' # set service lldp interface eth2 'disable' # set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth2 location civic-based country-code 'US' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_lldp_interfaces: config: - name: eth2 location: elin: 0000000911 state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "enable": false, # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth2" # }, # { # "enable": false, # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth1" # } # ] # # "commands": [ # "delete service lldp interface eth2 location", # "delete service lldp interface eth2 disable", # "set service lldp interface eth2 location elin 0000000911" # # # "after": [ # { # "location": { # "elin": 0000000911 # }, # "name": "eth2" # } # ] # # # After state # ------------ # # vyos@vyos# run show configuration commands | grep lldp # set service lldp interface eth2 location elin '0000000911' # Using deleted # # Before state # ------------- # # vyos@vyos# run show configuration commands | grep lldp # set service lldp interface eth2 location elin '0000000911' # - name: Delete lldp interface attributes of given interfaces. vyos.vyos.vyos_lldp_interfaces: config: - name: eth2 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # before: [{location: {elin: 0000000911}, name: eth2}] # "commands": [ # "commands": [ # "delete service lldp interface eth2" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep lldp # set service 'lldp' # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # - name: Gather listed lldp interfaces from running configuration vyos.vyos.vyos_lldp_interfaces: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ] # # # After state: # ------------- # # vyos@192# run show configuration commands | grep lldp # set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' # set service lldp interface eth1 location civic-based country-code 'US' # set service lldp interface eth2 location coordinate-based altitude '2200' # set service lldp interface eth2 location coordinate-based datum 'WGS84' # set service lldp interface eth2 location coordinate-based latitude '33.524449N' # set service lldp interface eth2 location coordinate-based longitude '222.267255W' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_lldp_interfaces: config: - name: eth1 location: civic_based: country_code: US ca_info: - ca_type: 0 ca_value: ENGLISH - name: eth2 location: coordinate_based: altitude: 2200 datum: WGS84 longitude: 222.267255W latitude: 33.524449N state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set service lldp interface eth1 location civic-based country-code 'US'", # "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH'", # "set service lldp interface eth1", # "set service lldp interface eth2 location coordinate-based latitude '33.524449N'", # "set service lldp interface eth2 location coordinate-based altitude '2200'", # "set service lldp interface eth2 location coordinate-based datum 'WGS84'", # "set service lldp interface eth2 location coordinate-based longitude '222.267255W'", # "set service lldp interface eth2" # ] # Using parsed # # - name: Parsed the commands to provide structured configuration. vyos.vyos.vyos_lldp_interfaces: running_config: "set service lldp interface eth1 location civic-based ca-type 0 ca-value 'ENGLISH' set service lldp interface eth1 location civic-based country-code 'US' set service lldp interface eth2 location coordinate-based altitude '2200' set service lldp interface eth2 location coordinate-based datum 'WGS84' set service lldp interface eth2 location coordinate-based latitude '33.524449N' set service lldp interface eth2 location coordinate-based longitude '222.267255W'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "location": { # "coordinate_based": { # "altitude": 2200, # "datum": "WGS84", # "latitude": "33.524449N", # "longitude": "222.267255W" # } # }, # "name": "eth2" # }, # { # "location": { # "civic_based": { # "ca_info": [ # { # "ca_type": 0, # "ca_value": "ENGLISH" # } # ], # "country_code": "US" # } # }, # "name": "eth1" # } # ] Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The configuration as structured data after module completion.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration as structured data prior to module invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
["set service lldp interface eth2 'disable'", 'delete service lldp interface eth1 location']


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_lldp_module.rst b/docs/vyos.vyos.vyos_lldp_module.rst index 92aa732..88d0211 100644 --- a/docs/vyos.vyos.vyos_lldp_module.rst +++ b/docs/vyos.vyos.vyos_lldp_module.rst @@ -1,268 +1,268 @@ .. _vyos.vyos.vyos_lldp_module: ******************* vyos.vyos.vyos_lldp ******************* **(deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_lldp_global Synopsis -------- - This module provides declarative management of LLDP service on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
interfaces
list / elements=string
Name of the interfaces.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
  • enabled
  • disabled
State of the link aggregation group.

Notes ----- .. note:: - Tested against VYOS 1.1.7 - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: Enable LLDP service vyos.vyos.vyos_lldp: state: present - name: Disable LLDP service vyos.vyos.vyos_lldp: state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always, except for the platforms that use Netconf transport to manage the device.
The list of configuration mode commands to send to the device

Sample:
['set service lldp']


Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Ricardo Carrillo Cruz (@rcarrillocruz) diff --git a/docs/vyos.vyos.vyos_logging_module.rst b/docs/vyos.vyos.vyos_logging_module.rst index f651b7a..9cb024d 100644 --- a/docs/vyos.vyos.vyos_logging_module.rst +++ b/docs/vyos.vyos.vyos_logging_module.rst @@ -1,440 +1,440 @@ .. _vyos.vyos.vyos_logging_module: ********************** vyos.vyos.vyos_logging ********************** **Manage logging on network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides declarative management of logging on Vyatta Vyos devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
aggregate
list / elements=dictionary
List of logging definitions.
dest
string
    Choices:
  • console
  • file
  • global
  • host
  • user
Destination of the logs.
facility
string
Set logging facility.
level
string
Set logging severity levels.
name
string
If value of dest is file it indicates file-name, for user it indicates username and for host indicates the host name to be notified.
state
string
    Choices:
  • present
  • absent
State of the logging configuration.
dest
string
    Choices:
  • console
  • file
  • global
  • host
  • user
Destination of the logs.
facility
string
Set logging facility.
level
string
Set logging severity levels.
name
string
If value of dest is file it indicates file-name, for user it indicates username and for host indicates the host name to be notified.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
State of the logging configuration.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: configure console logging vyos.vyos.vyos_logging: dest: console facility: all level: crit - name: remove console logging configuration vyos.vyos.vyos_logging: dest: console state: absent - name: configure file logging vyos.vyos.vyos_logging: dest: file name: test facility: local3 level: err - name: Add logging aggregate vyos.vyos.vyos_logging: aggregate: - {dest: file, name: test1, facility: all, level: info} - {dest: file, name: test2, facility: news, level: debug} state: present - name: Remove logging aggregate vyos.vyos.vyos_logging: aggregate: - {dest: console, facility: all, level: info} - {dest: console, facility: daemon, level: warning} - {dest: file, name: test2, facility: news, level: debug} state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
The list of configuration mode commands to send to the device

Sample:
['set system syslog global facility all level notice']


Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) diff --git a/docs/vyos.vyos.vyos_ospf_interfaces_module.rst b/docs/vyos.vyos.vyos_ospf_interfaces_module.rst index 141c0cf..0417088 100644 --- a/docs/vyos.vyos.vyos_ospf_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_ospf_interfaces_module.rst @@ -1,1204 +1,1204 @@ .. _vyos.vyos.vyos_ospf_interfaces_module: ****************************** vyos.vyos.vyos_ospf_interfaces ****************************** **OSPF Interfaces Resource Module.** Version added: 1.2.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages OSPF configuration of interfaces on devices running VYOS. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A list of OSPF configuration for interfaces.
address_family
list / elements=dictionary
OSPF settings on the interfaces in address-family context.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Address Family Identifier (AFI) for OSPF settings on the interfaces.
authentication
dictionary
Authentication settings on the interface.
md5_key
dictionary
md5 parameters.
key
string
md5 key.
key_id
integer
key id.
plaintext_password
string
Plain Text password.
bandwidth
integer
Bandwidth of interface (kilobits/sec)
cost
integer
metric associated with interface.
dead_interval
integer
Time interval to detect a dead router.
hello_interval
integer
Timer interval between transmission of hello packets.
ifmtu
integer
interface MTU.
instance
string
Instance ID.
mtu_ignore
boolean
    Choices:
  • no
  • yes
if True, Disable MTU check for Database Description packets.
network
string
Interface type.
passive
boolean
    Choices:
  • no
  • yes
If True, disables forming adjacency.
priority
integer
Interface priority.
retransmit_interval
integer
LSA retransmission interval.
transmit_delay
integer
LSA transmission delay.
name
string
Name/Identifier of the interface.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the IOS device by executing the command sh running-config | section ^interface.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • gathered
  • parsed
  • rendered
The state the configuration should be left in.

Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # @vyos:~$ show configuration commands | match "ospf" - name: Merge provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" transmit_delay: 50 priority: 26 network: "point-to-point" - afi: "ipv6" dead_interval: 39 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 bandwidth: 70 authentication: md5_key: key_id: 10 key: "1111111111232345" - afi: "ipv6" passive: True state: merged # After State: # -------------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # "after": [ # " # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "set interfaces ethernet eth1 ip ospf transmit-delay 50", # "set interfaces ethernet eth1 ip ospf priority 26", # "set interfaces ethernet eth1 ip ospf network point-to-point", # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "set interfaces bonding bond2 ip ospf transmit-delay 45", # "set interfaces bonding bond2 ip ospf bandwidth 70", # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", # "set interfaces bonding bond2 ipv6 ospfv3 passive" # ], # Using replaced: # Before State: # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' - name: Replace provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" cost: 100 - afi: "ipv6" ifmtu: 33 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 - afi: "ipv6" passive: True state: replaced # After State: # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf cost '100' # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' # vyos@vyos:~$ # Module Execution # ---------------- # "after": [ # { # "address_family": [ # { # "afi": "ipv4", # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "set interfaces ethernet eth1 ip ospf cost 100", # "set interfaces ethernet eth1 ipv6 ospfv3 ifmtu 33", # "delete interfaces ethernet eth1 ip ospf network point-to-point", # "delete interfaces ethernet eth1 ip ospf priority 26", # "delete interfaces ethernet eth1 ip ospf transmit-delay 50", # "delete interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "delete interfaces bonding bond2 ip ospf authentication", # "delete interfaces bonding bond2 ip ospf bandwidth 70" # ], # # Using Overridden: # ----------------- # Before State: # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf cost '100' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' # vyos@vyos:~$ - name: Override device configuration with provided configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth0" address_family: - afi: "ipv4" cost: 100 - afi: "ipv6" ifmtu: 33 passive: True state: overridden # After State: # ----------- # 200~vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces ethernet eth0 ip ospf cost '100' # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' # set interfaces ethernet eth0 ipv6 ospfv3 'passive' # vyos@vyos:~$ # # # "after": [ # { # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33, # "passive": true # } # ], # "name": "eth0" # }, # { # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100, # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39, # "ifmtu": 33 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "delete interfaces bonding bond2 ip ospf", # "delete interfaces bonding bond2 ipv6 ospfv3", # "delete interfaces ethernet eth1 ip ospf", # "delete interfaces ethernet eth1 ipv6 ospfv3", # "set interfaces ethernet eth0 ip ospf cost 100", # "set interfaces ethernet eth0 ipv6 ospfv3 ifmtu 33", # "set interfaces ethernet eth0 ipv6 ospfv3 passive" # ], # # Using deleted: # ------------- # before state: # ------------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth0 ip ospf cost '100' # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' # set interfaces ethernet eth0 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ - name: Delete device configuration vyos.vyos.vyos_ospf_interfaces: config: - name: "eth0" state: deleted # After State: # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ # # # "after": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "before": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 100 # }, # { # "afi": "ipv6", # "ifmtu": 33, # "passive": true # } # ], # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], # "changed": true, # "commands": [ # "delete interfaces ethernet eth0 ip ospf", # "delete interfaces ethernet eth0 ipv6 ospfv3" # ], # # Using parsed: # parsed.cfg: # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth0 ip ospf cost '50' # set interfaces ethernet eth0 ip ospf priority '26' # set interfaces ethernet eth0 ipv6 ospfv3 instance-id '33' # set interfaces ethernet eth0 ipv6 ospfv3 'mtu-ignore' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # - name: parse configs vyos.vyos.vyos_ospf_interfaces: running_config: "{{ lookup('file', './parsed.cfg') }}" state: parsed # Module Execution: # ---------------- # "parsed": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "address_family": [ # { # "afi": "ipv4", # "cost": 50, # "priority": 26 # }, # { # "afi": "ipv6", # "instance": "33", # "mtu_ignore": true # } # ], # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # } # ] # Using rendered: # -------------- - name: Render vyos.vyos.vyos_ospf_interfaces: config: - name: "eth1" address_family: - afi: "ipv4" transmit_delay: 50 priority: 26 network: "point-to-point" - afi: "ipv6" dead_interval: 39 - name: "bond2" address_family: - afi: "ipv4" transmit_delay: 45 bandwidth: 70 authentication: md5_key: key_id: 10 key: "1111111111232345" - afi: "ipv6" passive: True state: rendered # Module Execution: # ---------------- # "rendered": [ # "set interfaces ethernet eth1 ip ospf transmit-delay 50", # "set interfaces ethernet eth1 ip ospf priority 26", # "set interfaces ethernet eth1 ip ospf network point-to-point", # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", # "set interfaces bonding bond2 ip ospf transmit-delay 45", # "set interfaces bonding bond2 ip ospf bandwidth 70", # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", # "set interfaces bonding bond2 ipv6 ospfv3 passive" # ] # # Using Gathered: # -------------- # Native Config: # vyos@vyos:~$ show configuration commands | match "ospf" # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' # set interfaces bonding bond2 ip ospf bandwidth '70' # set interfaces bonding bond2 ip ospf transmit-delay '45' # set interfaces bonding bond2 ipv6 ospfv3 'passive' # set interfaces ethernet eth1 ip ospf network 'point-to-point' # set interfaces ethernet eth1 ip ospf priority '26' # set interfaces ethernet eth1 ip ospf transmit-delay '50' # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' # vyos@vyos:~$ - name: gather configs vyos.vyos.vyos_ospf_interfaces: state: gathered # Module Execution: # ----------------- # "gathered": [ # { # "address_family": [ # { # "afi": "ipv4", # "authentication": { # "md5_key": { # "key": "1111111111232345", # "key_id": 10 # } # }, # "bandwidth": 70, # "transmit_delay": 45 # }, # { # "afi": "ipv6", # "passive": true # } # ], # "name": "bond2" # }, # { # "name": "eth0" # }, # { # "address_family": [ # { # "afi": "ipv4", # "network": "point-to-point", # "priority": 26, # "transmit_delay": 50 # }, # { # "afi": "ipv6", # "dead_interval": 39 # } # ], # "name": "eth1" # }, # { # "name": "eth2" # }, # { # "name": "eth3" # } # ], Status ------ Authors ~~~~~~~ - Gomathi Selvi Srinivasan (@GomathiselviS) diff --git a/docs/vyos.vyos.vyos_ospfv2_module.rst b/docs/vyos.vyos.vyos_ospfv2_module.rst index 50ed5d3..9433538 100644 --- a/docs/vyos.vyos.vyos_ospfv2_module.rst +++ b/docs/vyos.vyos.vyos_ospfv2_module.rst @@ -1,3127 +1,3127 @@ .. _vyos.vyos.vyos_ospfv2_module: ********************* vyos.vyos.vyos_ospfv2 ********************* **OSPFv2 resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This resource module configures and manages attributes of OSPFv2 routes on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
dictionary
A provided OSPFv2 route configuration.
areas
list / elements=dictionary
OSPFv2 area.
area_id
string
OSPFv2 area identity.
area_type
dictionary
Area type.
normal
boolean
    Choices:
  • no
  • yes
Normal OSPFv2 area.
nssa
dictionary
NSSA OSPFv2 area.
default_cost
integer
Summary-default cost of NSSA area.
no_summary
boolean
    Choices:
  • no
  • yes
Do not inject inter-area routes into stub.
set
boolean
    Choices:
  • no
  • yes
Enabling NSSA.
translate
string
    Choices:
  • always
  • candidate
  • never
NSSA-ABR.
stub
dictionary
Stub OSPFv2 area.
default_cost
integer
Summary-default cost of stub area.
no_summary
boolean
    Choices:
  • no
  • yes
Do not inject inter-area routes into stub.
set
boolean
    Choices:
  • no
  • yes
Enabling stub.
authentication
string
    Choices:
  • plaintext-password
  • md5
OSPFv2 area authentication type.
network
list / elements=dictionary
OSPFv2 network.
address
string / required
OSPFv2 IPv4 network address.
range
list / elements=dictionary
Summarize routes matching prefix (border routers only).
address
string
border router IPv4 address.
cost
integer
Metric for this range.
not_advertise
boolean
    Choices:
  • no
  • yes
Don't advertise this range.
substitute
string
Announce area range (IPv4 address) as another prefix.
shortcut
string
    Choices:
  • default
  • disable
  • enable
Area's shortcut mode.
virtual_link
list / elements=dictionary
Virtual link address.
address
string
virtual link address.
authentication
dictionary
OSPFv2 area authentication type.
md5
list / elements=dictionary
MD5 key id based authentication.
key_id
integer
MD5 key id.
md5_key
string
MD5 key.
plaintext_password
string
Plain text password.
dead_interval
integer
Interval after which a neighbor is declared dead.
hello_interval
integer
Interval between hello packets.
retransmit_interval
integer
Interval between retransmitting lost link state advertisements.
transmit_delay
integer
Link state transmit delay.
auto_cost
dictionary
Calculate OSPFv2 interface cost according to bandwidth.
reference_bandwidth
integer
Reference bandwidth cost in Mbits/sec.
default_information
dictionary
Control distribution of default information.
originate
dictionary
Distribute a default route.
always
boolean
    Choices:
  • no
  • yes
Always advertise default route.
metric
integer
OSPFv2 default metric.
metric_type
integer
OSPFv2 Metric types for default routes.
route_map
string
Route map references.
default_metric
integer
Metric of redistributed routes
distance
dictionary
Administrative distance.
global
integer
Global OSPFv2 administrative distance.
ospf
dictionary
OSPFv2 administrative distance.
external
integer
Distance for external routes.
inter_area
integer
Distance for inter-area routes.
intra_area
integer
Distance for intra-area routes.
log_adjacency_changes
string
    Choices:
  • detail
Log changes in adjacency state.
max_metric
dictionary
OSPFv2 maximum/infinite-distance metric.
router_lsa
dictionary
Advertise own Router-LSA with infinite distance (stub router).
administrative
boolean
    Choices:
  • no
  • yes
Administratively apply, for an indefinite period.
on_shutdown
integer
Time to advertise self as stub-router.
on_startup
integer
Time to advertise self as stub-router
mpls_te
dictionary
MultiProtocol Label Switching-Traffic Engineering (MPLS-TE) parameters.
enabled
boolean
    Choices:
  • no
  • yes
Enable MPLS-TE functionality.
router_address
string
Stable IP address of the advertising router.
neighbor
list / elements=dictionary
Neighbor IP address.
neighbor_id
string
Identity (number/IP address) of neighbor.
poll_interval
integer
Seconds between dead neighbor polling interval.
priority
integer
Neighbor priority.
parameters
dictionary
OSPFv2 specific parameters.
abr_type
string
    Choices:
  • cisco
  • ibm
  • shortcut
  • standard
OSPFv2 ABR Type.
opaque_lsa
boolean
    Choices:
  • no
  • yes
Enable the Opaque-LSA capability (rfc2370).
rfc1583_compatibility
boolean
    Choices:
  • no
  • yes
Enable rfc1583 criteria for handling AS external routes.
router_id
string
Override the default router identifier.
passive_interface
list / elements=string
Suppress routing updates on an interface.
passive_interface_exclude
list / elements=string
Interface to exclude when using passive-interface default.
redistribute
list / elements=dictionary
Redistribute information from another routing protocol.
metric
integer
Metric for redistribution routes.
metric_type
integer
OSPFv2 Metric types.
route_map
string
Route map references.
route_type
string
    Choices:
  • bgp
  • connected
  • kernel
  • rip
  • static
Route type to redistribute.
route_map
list / elements=string
Filter routes installed in local route map.
timers
dictionary
Adjust routing timers.
refresh
dictionary
Adjust refresh parameters.
timers
integer
refresh timer.
throttle
dictionary
Throttling adaptive timers.
spf
dictionary
OSPFv2 SPF timers.
delay
integer
Delay (msec) from first change received till SPF calculation.
initial_holdtime
integer
Initial hold time(msec) between consecutive SPF calculations.
max_holdtime
integer
maximum hold time (sec).
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep ospf.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • deleted
  • parsed
  • gathered
  • rendered
The state the configuration should be left in.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep ospf # # - name: Merge the provided configuration with the existing running configuration vyos.vyos.vyos_ospfv2: config: log_adjacency_changes: detail max_metric: router_lsa: administrative: true on_shutdown: 10 on_startup: 10 default_information: originate: always: true metric: 10 metric_type: 2 route_map: ingress mpls_te: enabled: true router_address: 192.0.11.11 auto_cost: reference_bandwidth: 2 neighbor: - neighbor_id: 192.0.11.12 poll_interval: 10 priority: 2 redistribute: - route_type: bgp metric: 10 metric_type: 2 passive_interface: - eth1 - eth2 parameters: router_id: 192.0.1.1 opaque_lsa: true rfc1583_compatibility: true abr_type: cisco areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '3' area_type: nssa: set: true - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 range: - address: 192.0.3.0/24 cost: 10 - address: 192.0.4.0/24 cost: 12 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": {} # # "commands": [ # "set protocols ospf mpls-te enable", # "set protocols ospf mpls-te router-address '192.0.11.11'", # "set protocols ospf redistribute bgp", # "set protocols ospf redistribute bgp metric-type 2", # "set protocols ospf redistribute bgp metric 10", # "set protocols ospf default-information originate metric-type 2", # "set protocols ospf default-information originate always", # "set protocols ospf default-information originate metric 10", # "set protocols ospf default-information originate route-map ingress", # "set protocols ospf auto-cost reference-bandwidth '2'", # "set protocols ospf parameters router-id '192.0.1.1'", # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", # "set protocols ospf passive-interface eth1", # "set protocols ospf passive-interface eth2", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", # "set protocols ospf log-adjacency-changes 'detail'", # "set protocols ospf neighbor 192.0.11.12 priority 2", # "set protocols ospf neighbor 192.0.11.12 poll-interval 10", # "set protocols ospf neighbor 192.0.11.12", # "set protocols ospf area '2'", # "set protocols ospf area 2 authentication plaintext-password", # "set protocols ospf area 2 shortcut enable", # "set protocols ospf area 2 area-type normal", # "set protocols ospf area '3'", # "set protocols ospf area 3 area-type nssa", # "set protocols ospf area 4 range 192.0.3.0/24 cost 10", # "set protocols ospf area 4 range 192.0.3.0/24", # "set protocols ospf area 4 range 192.0.4.0/24 cost 12", # "set protocols ospf area 4 range 192.0.4.0/24", # "set protocols ospf area 4 area-type stub default-cost 20", # "set protocols ospf area '4'", # "set protocols ospf area 4 network 192.0.2.0/24" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep ospf # # - name: Merge the provided configuration to update existing running configuration vyos.vyos.vyos_ospfv2: config: areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '3' area_type: nssa: set: false - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 - address: 192.0.22.0/24 - address: 192.0.32.0/24 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # "commands": [ # "delete protocols ospf area 4 area-type stub", # "set protocols ospf area 4 network 192.0.22.0/24" # "set protocols ospf area 4 network 192.0.32.0/24" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # }, # "network": [ # { # "address": "192.0.2.0/24" # }, # { # "address": "192.0.22.0/24" # }, # { # "address": "192.0.32.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 network '192.0.22.0/24' # set protocols ospf area 4 network '192.0.32.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using replaced # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # - name: Replace ospfv2 routes attributes configuration. vyos.vyos.vyos_ospfv2: config: log_adjacency_changes: detail max_metric: router_lsa: administrative: true on_shutdown: 10 on_startup: 10 default_information: originate: always: true metric: 10 metric_type: 2 route_map: ingress mpls_te: enabled: true router_address: 192.0.22.22 auto_cost: reference_bandwidth: 2 neighbor: - neighbor_id: 192.0.11.12 poll_interval: 10 priority: 2 redistribute: - route_type: bgp metric: 10 metric_type: 2 passive_interface: - eth1 parameters: router_id: 192.0.1.1 opaque_lsa: true rfc1583_compatibility: true abr_type: cisco areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 - address: 192.0.12.0/24 - address: 192.0.22.0/24 - address: 192.0.32.0/24 range: - address: 192.0.42.0/24 cost: 10 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # "commands": [ # "delete protocols ospf passive-interface eth2", # "delete protocols ospf area 3", # "delete protocols ospf area 4 range 192.0.3.0/24 cost", # "delete protocols ospf area 4 range 192.0.3.0/24", # "delete protocols ospf area 4 range 192.0.4.0/24 cost", # "delete protocols ospf area 4 range 192.0.4.0/24", # "set protocols ospf mpls-te router-address '192.0.22.22'", # "set protocols ospf area 4 range 192.0.42.0/24 cost 10", # "set protocols ospf area 4 range 192.0.42.0/24", # "set protocols ospf area 4 network 192.0.12.0/24", # "set protocols ospf area 4 network 192.0.22.0/24", # "set protocols ospf area 4 network 192.0.32.0/24" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.12.0/24" # }, # { # "address": "192.0.2.0/24" # }, # { # "address": "192.0.22.0/24" # }, # { # "address": "192.0.32.0/24" # } # ], # "range": [ # { # "address": "192.0.42.0/24", # "cost": 10 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.22.22" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 network '192.0.12.0/24' # set protocols ospf area 4 network '192.0.22.0/24' # set protocols ospf area 4 network '192.0.32.0/24' # set protocols ospf area 4 range 192.0.42.0/24 cost '10' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.22.22' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_ospfv2: config: log_adjacency_changes: detail max_metric: router_lsa: administrative: true on_shutdown: 10 on_startup: 10 default_information: originate: always: true metric: 10 metric_type: 2 route_map: ingress mpls_te: enabled: true router_address: 192.0.11.11 auto_cost: reference_bandwidth: 2 neighbor: - neighbor_id: 192.0.11.12 poll_interval: 10 priority: 2 redistribute: - route_type: bgp metric: 10 metric_type: 2 passive_interface: - eth1 - eth2 parameters: router_id: 192.0.1.1 opaque_lsa: true rfc1583_compatibility: true abr_type: cisco areas: - area_id: '2' area_type: normal: true authentication: plaintext-password shortcut: enable - area_id: '3' area_type: nssa: set: true - area_id: '4' area_type: stub: default_cost: 20 network: - address: 192.0.2.0/24 range: - address: 192.0.3.0/24 cost: 10 - address: 192.0.4.0/24 cost: 12 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # [ # "set protocols ospf mpls-te enable", # "set protocols ospf mpls-te router-address '192.0.11.11'", # "set protocols ospf redistribute bgp", # "set protocols ospf redistribute bgp metric-type 2", # "set protocols ospf redistribute bgp metric 10", # "set protocols ospf default-information originate metric-type 2", # "set protocols ospf default-information originate always", # "set protocols ospf default-information originate metric 10", # "set protocols ospf default-information originate route-map ingress", # "set protocols ospf auto-cost reference-bandwidth '2'", # "set protocols ospf parameters router-id '192.0.1.1'", # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", # "set protocols ospf passive-interface eth1", # "set protocols ospf passive-interface eth2", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", # "set protocols ospf log-adjacency-changes 'detail'", # "set protocols ospf neighbor 192.0.11.12 priority 2", # "set protocols ospf neighbor 192.0.11.12 poll-interval 10", # "set protocols ospf neighbor 192.0.11.12", # "set protocols ospf area '2'", # "set protocols ospf area 2 authentication plaintext-password", # "set protocols ospf area 2 shortcut enable", # "set protocols ospf area 2 area-type normal", # "set protocols ospf area '3'", # "set protocols ospf area 3 area-type nssa", # "set protocols ospf area 4 range 192.0.3.0/24 cost 10", # "set protocols ospf area 4 range 192.0.3.0/24", # "set protocols ospf area 4 range 192.0.4.0/24 cost 12", # "set protocols ospf area 4 range 192.0.4.0/24", # "set protocols ospf area 4 area-type stub default-cost 20", # "set protocols ospf area '4'", # "set protocols ospf area 4 network 192.0.2.0/24" # ] # Using parsed # # - name: Parse the commands for provided structured configuration vyos.vyos.vyos_ospfv2: running_config: "set protocols ospf area 2 area-type 'normal' set protocols ospf area 2 authentication 'plaintext-password' set protocols ospf area 2 shortcut 'enable' set protocols ospf area 3 area-type 'nssa' set protocols ospf area 4 area-type stub default-cost '20' set protocols ospf area 4 network '192.0.2.0/24' set protocols ospf area 4 range 192.0.3.0/24 cost '10' set protocols ospf area 4 range 192.0.4.0/24 cost '12' set protocols ospf auto-cost reference-bandwidth '2' set protocols ospf default-information originate 'always' set protocols ospf default-information originate metric '10' set protocols ospf default-information originate metric-type '2' set protocols ospf default-information originate route-map 'ingress' set protocols ospf log-adjacency-changes 'detail' set protocols ospf max-metric router-lsa 'administrative' set protocols ospf max-metric router-lsa on-shutdown '10' set protocols ospf max-metric router-lsa on-startup '10' set protocols ospf mpls-te 'enable' set protocols ospf mpls-te router-address '192.0.11.11' set protocols ospf neighbor 192.0.11.12 poll-interval '10' set protocols ospf neighbor 192.0.11.12 priority '2' set protocols ospf parameters abr-type 'cisco' set protocols ospf parameters 'opaque-lsa' set protocols ospf parameters 'rfc1583-compatibility' set protocols ospf parameters router-id '192.0.1.1' set protocols ospf passive-interface 'eth1' set protocols ospf passive-interface 'eth2' set protocols ospf redistribute bgp metric '10' set protocols ospf redistribute bgp metric-type '2'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # } # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # - name: Gather ospfv2 routes config with provided configurations vyos.vyos.vyos_ospfv2: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep ospf # set protocols ospf area 2 area-type 'normal' # set protocols ospf area 2 authentication 'plaintext-password' # set protocols ospf area 2 shortcut 'enable' # set protocols ospf area 3 area-type 'nssa' # set protocols ospf area 4 area-type stub default-cost '20' # set protocols ospf area 4 network '192.0.2.0/24' # set protocols ospf area 4 range 192.0.3.0/24 cost '10' # set protocols ospf area 4 range 192.0.4.0/24 cost '12' # set protocols ospf auto-cost reference-bandwidth '2' # set protocols ospf default-information originate 'always' # set protocols ospf default-information originate metric '10' # set protocols ospf default-information originate metric-type '2' # set protocols ospf default-information originate route-map 'ingress' # set protocols ospf log-adjacency-changes 'detail' # set protocols ospf max-metric router-lsa 'administrative' # set protocols ospf max-metric router-lsa on-shutdown '10' # set protocols ospf max-metric router-lsa on-startup '10' # set protocols ospf mpls-te 'enable' # set protocols ospf mpls-te router-address '192.0.11.11' # set protocols ospf neighbor 192.0.11.12 poll-interval '10' # set protocols ospf neighbor 192.0.11.12 priority '2' # set protocols ospf parameters abr-type 'cisco' # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' # set protocols ospf passive-interface 'eth1' # set protocols ospf passive-interface 'eth2' # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # - name: Delete attributes of ospfv2 routes. vyos.vyos.vyos_ospfv2: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "areas": [ # { # "area_id": "2", # "area_type": { # "normal": true # }, # "authentication": "plaintext-password", # "shortcut": "enable" # }, # { # "area_id": "3", # "area_type": { # "nssa": { # "set": true # } # } # }, # { # "area_id": "4", # "area_type": { # "stub": { # "default_cost": 20, # "set": true # } # }, # "network": [ # { # "address": "192.0.2.0/24" # } # ], # "range": [ # { # "address": "192.0.3.0/24", # "cost": 10 # }, # { # "address": "192.0.4.0/24", # "cost": 12 # } # ] # } # ], # "auto_cost": { # "reference_bandwidth": 2 # }, # "default_information": { # "originate": { # "always": true, # "metric": 10, # "metric_type": 2, # "route_map": "ingress" # } # }, # "log_adjacency_changes": "detail", # "max_metric": { # "router_lsa": { # "administrative": true, # "on_shutdown": 10, # "on_startup": 10 # } # }, # "mpls_te": { # "enabled": true, # "router_address": "192.0.11.11" # }, # "neighbor": [ # { # "neighbor_id": "192.0.11.12", # "poll_interval": 10, # "priority": 2 # } # ], # "parameters": { # "abr_type": "cisco", # "opaque_lsa": true, # "rfc1583_compatibility": true, # "router_id": "192.0.1.1" # }, # "passive_interface": [ # "eth2", # "eth1" # ], # "redistribute": [ # { # "metric": 10, # "metric_type": 2, # "route_type": "bgp" # } # ] # } # "commands": [ # "delete protocols ospf" # ] # # "after": {} # After state # ------------ # vyos@192# run show configuration commands | grep ospf # Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
dictionary
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
dictionary
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospf passive-interface 'eth1'"]


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_ospfv3_module.rst b/docs/vyos.vyos.vyos_ospfv3_module.rst index d1ee1b1..568dbab 100644 --- a/docs/vyos.vyos.vyos_ospfv3_module.rst +++ b/docs/vyos.vyos.vyos_ospfv3_module.rst @@ -1,916 +1,916 @@ .. _vyos.vyos.vyos_ospfv3_module: ********************* vyos.vyos.vyos_ospfv3 ********************* **OSPFV3 resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This resource module configures and manages attributes of OSPFv3 routes on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
dictionary
A provided OSPFv3 route configuration.
areas
list / elements=dictionary
OSPFv3 area.
area_id
string
OSPFv3 Area name/identity.
export_list
string
Name of export-list.
import_list
string
Name of import-list.
range
list / elements=dictionary
Summarize routes matching prefix (border routers only).
address
string
border router IPv4 address.
advertise
boolean
    Choices:
  • no
  • yes
Advertise this range.
not_advertise
boolean
    Choices:
  • no
  • yes
Don't advertise this range.
parameters
dictionary
OSPFv3 specific parameters.
router_id
string
Override the default router identifier.
redistribute
list / elements=dictionary
Redistribute information from another routing protocol.
route_map
string
Route map references.
route_type
string
    Choices:
  • bgp
  • connected
  • kernel
  • ripng
  • static
Route type to redistribute.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep ospfv3.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • deleted
  • parsed
  • gathered
  • rendered
The state the configuration should be left in.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos# run show configuration commands | grep ospfv3 # # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_ospfv3: config: redistribute: - route_type: bgp parameters: router_id: 192.0.2.10 areas: - area_id: '2' export_list: export1 import_list: import1 range: - address: 2001:db10::/32 - address: 2001:db20::/32 - address: 2001:db30::/32 - area_id: '3' range: - address: 2001:db40::/32 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": {} # # "commands": [ # "set protocols ospfv3 redistribute bgp", # "set protocols ospfv3 parameters router-id '192.0.2.10'", # "set protocols ospfv3 area 2 range 2001:db10::/32", # "set protocols ospfv3 area 2 range 2001:db20::/32", # "set protocols ospfv3 area 2 range 2001:db30::/32", # "set protocols ospfv3 area '2'", # "set protocols ospfv3 area 2 export-list export1", # "set protocols ospfv3 area 2 import-list import1", # "set protocols ospfv3 area '3'", # "set protocols ospfv3 area 3 range 2001:db40::/32" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # Using replaced # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # - name: Replace ospfv3 routes attributes configuration. vyos.vyos.vyos_ospfv3: config: redistribute: - route_type: bgp parameters: router_id: 192.0.2.10 areas: - area_id: '2' export_list: export1 import_list: import1 range: - address: 2001:db10::/32 - address: 2001:db30::/32 - address: 2001:db50::/32 - area_id: '4' range: - address: 2001:db60::/32 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # "commands": [ # "delete protocols ospfv3 area 2 range 2001:db20::/32", # "delete protocols ospfv3 area 3", # "set protocols ospfv3 area 2 range 2001:db50::/32", # "set protocols ospfv3 area '4'", # "set protocols ospfv3 area 4 range 2001:db60::/32" # ] # # "after": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db30::/32" # }, # { # "address": "2001:db50::/32" # } # ] # }, # { # "area_id": "4", # "range": [ # { # "address": "2001:db60::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 2 range '2001:db50::/32' # set protocols ospfv3 area 4 range '2001:db60::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_ospfv3: config: redistribute: - route_type: bgp parameters: router_id: 192.0.2.10 areas: - area_id: '2' export_list: export1 import_list: import1 range: - address: 2001:db10::/32 - address: 2001:db20::/32 - address: 2001:db30::/32 - area_id: '3' range: - address: 2001:db40::/32 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # [ # "set protocols ospfv3 redistribute bgp", # "set protocols ospfv3 parameters router-id '192.0.2.10'", # "set protocols ospfv3 area 2 range 2001:db10::/32", # "set protocols ospfv3 area 2 range 2001:db20::/32", # "set protocols ospfv3 area 2 range 2001:db30::/32", # "set protocols ospfv3 area '2'", # "set protocols ospfv3 area 2 export-list export1", # "set protocols ospfv3 area 2 import-list import1", # "set protocols ospfv3 area '3'", # "set protocols ospfv3 area 3 range 2001:db40::/32" # ] # Using parsed # # - name: Parse the commands to provide structured configuration. vyos.vyos.vyos_ospfv3: running_config: "set protocols ospfv3 area 2 export-list 'export1' set protocols ospfv3 area 2 import-list 'import1' set protocols ospfv3 area 2 range '2001:db10::/32' set protocols ospfv3 area 2 range '2001:db20::/32' set protocols ospfv3 area 2 range '2001:db30::/32' set protocols ospfv3 area 3 range '2001:db40::/32' set protocols ospfv3 parameters router-id '192.0.2.10' set protocols ospfv3 redistribute 'bgp'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # Using gathered # # Before state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # - name: Gather ospfv3 routes config with provided configurations vyos.vyos.vyos_ospfv3: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # # After state: # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # Using deleted # # Before state # ------------- # # vyos@192# run show configuration commands | grep ospfv3 # set protocols ospfv3 area 2 export-list 'export1' # set protocols ospfv3 area 2 import-list 'import1' # set protocols ospfv3 area 2 range '2001:db10::/32' # set protocols ospfv3 area 2 range '2001:db20::/32' # set protocols ospfv3 area 2 range '2001:db30::/32' # set protocols ospfv3 area 3 range '2001:db40::/32' # set protocols ospfv3 parameters router-id '192.0.2.10' # set protocols ospfv3 redistribute 'bgp' # - name: Delete attributes of ospfv3 routes. vyos.vyos.vyos_ospfv3: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": { # "areas": [ # { # "area_id": "2", # "export_list": "export1", # "import_list": "import1", # "range": [ # { # "address": "2001:db10::/32" # }, # { # "address": "2001:db20::/32" # }, # { # "address": "2001:db30::/32" # } # ] # }, # { # "area_id": "3", # "range": [ # { # "address": "2001:db40::/32" # } # ] # } # ], # "parameters": { # "router_id": "192.0.2.10" # }, # "redistribute": [ # { # "route_type": "bgp" # } # ] # } # "commands": [ # "delete protocols ospfv3" # ] # # "after": {} # After state # ------------ # vyos@192# run show configuration commands | grep ospfv3 Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
dictionary
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
dictionary
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospfv3 area 2 range '2001:db10::/32'"]


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_ping_module.rst b/docs/vyos.vyos.vyos_ping_module.rst index e3377fc..f9c4a68 100644 --- a/docs/vyos.vyos.vyos_ping_module.rst +++ b/docs/vyos.vyos.vyos_ping_module.rst @@ -1,422 +1,422 @@ .. _vyos.vyos.vyos_ping_module: ******************* vyos.vyos.vyos_ping ******************* **Tests reachability using ping from VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Tests reachability using ping from a VyOS device to a remote destination. - Tested against VyOS 1.1.8 (helium) - For a general purpose network module, see the :ref:`net_ping ` module. - For Windows targets, use the :ref:`win_ping ` module instead. - For targets running Python, use the :ref:`ping ` module instead. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
count
integer
Default:
5
Number of packets to send to check reachability.
dest
string / required
The IP Address or hostname (resolvable by the device) of the remote node.
interval
integer
Determines the interval (in seconds) between consecutive pings.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
size
integer
Determines the size (in bytes) of the ping packet(s).
source
string
The source interface or IP Address to use while sending the ping packet(s).
state
string
    Choices:
  • absent
  • present ←
Determines if the expected result is success or fail.
ttl
integer
The time-to-live value for the ICMP packet(s).

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - For a general purpose network module, see the :ref:`net_ping ` module. - For Windows targets, use the :ref:`win_ping ` module instead. - For targets running Python, use the :ref:`ping ` module instead. - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: Test reachability to 10.10.10.10 vyos.vyos.vyos_ping: dest: 10.10.10.10 - name: Test reachability to 10.20.20.20 using source and ttl set vyos.vyos.vyos_ping: dest: 10.20.20.20 source: eth0 ttl: 128 - name: Test unreachability to 10.30.30.30 using interval vyos.vyos.vyos_ping: dest: 10.30.30.30 interval: 3 state: absent - name: Test reachability to 10.40.40.40 setting count and source vyos.vyos.vyos_ping: dest: 10.40.40.40 source: eth1 count: 20 size: 512 Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
List of commands sent.

Sample:
['ping 10.8.38.44 count 10 interface eth0 ttl 128']
packet_loss
string
always
Percentage of packets lost.

Sample:
0%
packets_rx
integer
always
Packets successfully received.

Sample:
20
packets_tx
integer
always
Packets successfully transmitted.

Sample:
20
rtt
dictionary
when ping succeeds
The round trip time (RTT) stats.

Sample:
-
AnsibleMapping([('avg', 2), ('max', 8), ('min', 1), ('mdev', 24)])
+
{'avg': 2, 'max': 8, 'min': 1, 'mdev': 24}


Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@NilashishC) diff --git a/docs/vyos.vyos.vyos_static_route_module.rst b/docs/vyos.vyos.vyos_static_route_module.rst index 74f296d..69afb56 100644 --- a/docs/vyos.vyos.vyos_static_route_module.rst +++ b/docs/vyos.vyos.vyos_static_route_module.rst @@ -1,437 +1,437 @@ .. _vyos.vyos.vyos_static_route_module: *************************** vyos.vyos.vyos_static_route *************************** **(deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 DEPRECATED ---------- :Removed in collection release after 2022-06-01 :Why: Updated modules released with more functionality. :Alternative: vyos_static_routes Synopsis -------- - This module provides declarative management of static IP routes on Vyatta VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
admin_distance
integer
Admin distance of the static route.
aggregate
list / elements=dictionary
List of static route definitions
admin_distance
integer
Admin distance of the static route.
mask
string
Network prefix mask of the static route.
next_hop
string
Next hop IP of the static route.
prefix
string / required
Network prefix of the static route. mask param should be ignored if prefix is provided with mask value prefix/mask.
state
string
    Choices:
  • present
  • absent
State of the static route configuration.
mask
string
Network prefix mask of the static route.
next_hop
string
Next hop IP of the static route.
prefix
string
Network prefix of the static route. mask param should be ignored if prefix is provided with mask value prefix/mask.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
State of the static route configuration.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: configure static route vyos.vyos.vyos_static_route: prefix: 192.168.2.0 mask: 24 next_hop: 10.0.0.1 - name: configure static route prefix/mask vyos.vyos.vyos_static_route: prefix: 192.168.2.0/16 next_hop: 10.0.0.1 - name: remove configuration vyos.vyos.vyos_static_route: prefix: 192.168.2.0 mask: 16 next_hop: 10.0.0.1 state: absent - name: configure aggregates of static routes vyos.vyos.vyos_static_route: aggregate: - {prefix: 192.168.2.0, mask: 24, next_hop: 10.0.0.1} - {prefix: 192.168.3.0, mask: 16, next_hop: 10.0.2.1} - {prefix: 192.168.3.0/16, next_hop: 10.0.2.1} - name: Remove static route collections vyos.vyos.vyos_static_route: aggregate: - {prefix: 172.24.1.0/24, next_hop: 192.168.42.64} - {prefix: 172.24.3.0/24, next_hop: 192.168.42.64} state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
The list of configuration mode commands to send to the device

Sample:
['set protocols static route 192.168.2.0/16 next-hop 10.0.0.1']


Status ------ - This module will be removed in version . *[deprecated]* - For more information see `DEPRECATED`_. Authors ~~~~~~~ - Trishna Guha (@trishnaguha) diff --git a/docs/vyos.vyos.vyos_static_routes_module.rst b/docs/vyos.vyos.vyos_static_routes_module.rst index 53942a5..5a6884b 100644 --- a/docs/vyos.vyos.vyos_static_routes_module.rst +++ b/docs/vyos.vyos.vyos_static_routes_module.rst @@ -1,1165 +1,1165 @@ .. _vyos.vyos.vyos_static_routes_module: **************************** vyos.vyos.vyos_static_routes **************************** **Static routes resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module manages attributes of static routes on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A provided static route configuration.
address_families
list / elements=dictionary
A dictionary specifying the address family to which the static route(s) belong.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Specifies the type of route.
routes
list / elements=dictionary
A ditionary that specify the static route configurations.
blackhole_config
dictionary
Configured to silently discard packets.
distance
integer
Distance for the route.
type
string
This is to configure only blackhole.
dest
string / required
An IPv4/v6 address in CIDR notation that specifies the destination network for the static route.
next_hops
list / elements=dictionary
Next hops to the specified destination.
admin_distance
integer
Distance value for the route.
enabled
boolean
    Choices:
  • no
  • yes
Disable IPv4/v6 next-hop static route.
forward_router_address
string / required
The IP address of the next hop that can be used to reach the destination network.
interface
string
Name of the outgoing interface.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep static route.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • gathered
  • rendered
  • parsed
The state of the configuration after module completion.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml # Using merged # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands | grep static # - name: Merge the provided configuration with the exisiting running configuration vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: type: blackhole next_hops: - forward_router_address: 192.0.2.6 - forward_router_address: 192.0.2.7 - address_families: - afi: ipv6 routes: - dest: 2001:db8:1000::/36 blackhole_config: distance: 2 next_hops: - forward_router_address: 2001:db8:2000:2::1 - forward_router_address: 2001:db8:2000:2::2 state: merged # # # ------------------------- # Module Execution Result # ------------------------- # # before": [] # # "commands": [ # "set protocols static route 192.0.2.32/28", # "set protocols static route 192.0.2.32/28 blackhole", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route6 2001:db8:1000::/36", # "set protocols static route6 2001:db8:1000::/36 blackhole distance '2'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'" # ] # # "after": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # Using replaced # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route 192.0.2.33/28 'blackhole' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.3' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.4' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Replace device configurations of listed static routes with provided configurations vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: distance: 2 next_hops: - forward_router_address: 192.0.2.7 enabled: false - forward_router_address: 192.0.2.9 state: replaced # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # }, # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.33/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.3" # }, # { # "forward_router_address": "192.0.2.4" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # "commands": [ # "delete protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", # "delete protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.9'", # "set protocols static route 192.0.2.32/28 blackhole distance '2'" # ] # # "after": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "enabled": false, # "forward_router_address": "192.0.2.7" # }, # { # "forward_router_address": "192.0.2.9" # } # ] # }, # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.33/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.3" # }, # { # "forward_router_address": "192.0.2.4" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 blackhole distance '2' # set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.9' # set protocols static route 192.0.2.33/28 'blackhole' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.3' # set protocols static route 192.0.2.33/28 next-hop '192.0.2.4' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # Using overridden # # Before state # -------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 blackhole distance '2' # set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.9' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 198.0.2.48/28 next_hops: - forward_router_address: 192.0.2.18 state: overridden # # # ------------------------- # Module Execution Result # ------------------------- # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "enabled": false, # "forward_router_address": "192.0.2.7" # }, # { # "forward_router_address": "192.0.2.9" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # "commands": [ # "delete protocols static route 192.0.2.32/28", # "delete protocols static route6 2001:db8:1000::/36", # "set protocols static route 198.0.2.48/28", # "set protocols static route 198.0.2.48/28 next-hop '192.0.2.18'" # # # "after": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "dest": "198.0.2.48/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.18" # } # ] # } # ] # } # ] # } # ] # # # After state # ------------ # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 198.0.2.48/28 next-hop '192.0.2.18' # Using deleted to delete static route based on afi # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Delete static route based on afi. vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 - afi: ipv6 state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # "commands": [ # "delete protocols static route", # "delete protocols static route6" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep static # set protocols 'static' # Using deleted to delete all the static routes when passes config is empty # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Delete all the static routes. vyos.vyos.vyos_static_routes: config: state: deleted # # # ------------------------ # Module Execution Results # ------------------------ # # "before": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # "commands": [ # "delete protocols static route", # "delete protocols static route6" # ] # # "after": [] # After state # ------------ # vyos@vyos# run show configuration commands | grep static # set protocols 'static' # Using rendered # # - name: Render the commands for provided configuration vyos.vyos.vyos_static_routes: config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: type: blackhole next_hops: - forward_router_address: 192.0.2.6 - forward_router_address: 192.0.2.7 - address_families: - afi: ipv6 routes: - dest: 2001:db8:1000::/36 blackhole_config: distance: 2 next_hops: - forward_router_address: 2001:db8:2000:2::1 - forward_router_address: 2001:db8:2000:2::2 state: rendered # # # ------------------------- # Module Execution Result # ------------------------- # # # "rendered": [ # "set protocols static route 192.0.2.32/28", # "set protocols static route 192.0.2.32/28 blackhole", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", # "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'", # "set protocols static route6 2001:db8:1000::/36", # "set protocols static route6 2001:db8:1000::/36 blackhole distance '2'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'", # "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'" # ] # Using parsed # # - name: Parse the provided running configuration vyos.vyos.vyos_static_routes: running_config: "set protocols static route 192.0.2.32/28 'blackhole' set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' set protocols static route6 2001:db8:1000::/36 blackhole distance '2' set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'" state: parsed # # # ------------------------- # Module Execution Result # ------------------------- # # # "parsed": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # Using gathered # # Before state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' # - name: Gather listed static routes with provided configurations vyos.vyos.vyos_static_routes: config: state: gathered # # # ------------------------- # Module Execution Result # ------------------------- # # "gathered": [ # { # "address_families": [ # { # "afi": "ipv4", # "routes": [ # { # "blackhole_config": { # "type": "blackhole" # }, # "dest": "192.0.2.32/28", # "next_hops": [ # { # "forward_router_address": "192.0.2.6" # }, # { # "forward_router_address": "192.0.2.7" # } # ] # } # ] # }, # { # "afi": "ipv6", # "routes": [ # { # "blackhole_config": { # "distance": 2 # }, # "dest": "2001:db8:1000::/36", # "next_hops": [ # { # "forward_router_address": "2001:db8:2000:2::1" # }, # { # "forward_router_address": "2001:db8:2000:2::2" # } # ] # } # ] # } # ] # } # ] # # # After state: # ------------- # # vyos@vyos:~$ show configuration commands| grep static # set protocols static route 192.0.2.32/28 'blackhole' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.6' # set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' # set protocols static route6 2001:db8:1000::/36 blackhole distance '2' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' # set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
list
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
list
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
["set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'", "set protocols static route 192.0.2.32/28 'blackhole'"]


Status ------ Authors ~~~~~~~ - Rohit Thakur (@rohitthakur2590) diff --git a/docs/vyos.vyos.vyos_system_module.rst b/docs/vyos.vyos.vyos_system_module.rst index a71303c..bc521f0 100644 --- a/docs/vyos.vyos.vyos_system_module.rst +++ b/docs/vyos.vyos.vyos_system_module.rst @@ -1,312 +1,312 @@ .. _vyos.vyos.vyos_system_module: ********************* vyos.vyos.vyos_system ********************* **Run `set system` commands on VyOS devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Runs one or more commands on remote devices running VyOS. This module can also be introspected to validate key parameters before returning successfully. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
domain_name
string
The new domain name to apply to the device.
domain_search
list / elements=string
A list of domain names to search. Mutually exclusive with name_server
host_name
string
Configure the device hostname parameter. This option takes an ASCII string value.
name_server
list / elements=string
A list of name servers to use with the device. Mutually exclusive with domain_search

aliases: name_servers
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
state
string
    Choices:
  • present ←
  • absent
Whether to apply (present) or remove (absent) the settings.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: configure hostname and domain-name vyos.vyos.vyos_system: host_name: vyos01 domain_name: test.example.com - name: remove all configuration vyos.vyos.vyos_system: state: absent - name: configure name servers vyos.vyos.vyos_system: name_servers - 8.8.8.8 - 8.8.4.4 - name: configure domain search suffixes vyos.vyos.vyos_system: domain_search: - sub1.example.com - sub2.example.com Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
The list of configuration mode commands to send to the device

Sample:
['set system hostname vyos01', 'set system domain-name foo.example.com']


Status ------ Authors ~~~~~~~ - Nathaniel Case (@Qalthos) diff --git a/docs/vyos.vyos.vyos_user_module.rst b/docs/vyos.vyos.vyos_user_module.rst index 04a7a6e..f47ab01 100644 --- a/docs/vyos.vyos.vyos_user_module.rst +++ b/docs/vyos.vyos.vyos_user_module.rst @@ -1,477 +1,477 @@ .. _vyos.vyos.vyos_user_module: ******************* vyos.vyos.vyos_user ******************* **Manage the collection of local users on VyOS device** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides declarative management of the local usernames configured on network devices. It allows playbooks to manage either individual usernames or the collection of usernames in the current running config. It also supports purging usernames from the configuration that are not explicitly defined. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
aggregate
list / elements=dictionary
The set of username objects to be configured on the remote VyOS device. The list entries can either be the username or a hash of username and properties. This argument is mutually exclusive with the name argument.

aliases: users, collection
configured_password
string
The password to be configured on the VyOS device. The password needs to be provided in clear and it will be encrypted on the device. Please note that this option is not same as provider password.
full_name
string
The full_name argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
level
string
The level argument configures the level of the user when logged into the system. This argument accepts string values admin or operator.

aliases: role
name
string / required
The username to be configured on the VyOS device. This argument accepts a string value and is mutually exclusive with the aggregate argument. Please note that this option is not same as provider username.
state
string
    Choices:
  • present
  • absent
Configures the state of the username definition as it relates to the device operational configuration. When set to present, the username(s) should be configured in the device active configuration and when set to absent the username(s) should not be in the device active configuration
update_password
string
    Choices:
  • on_create
  • always
Since passwords are encrypted in the device running config, this argument will instruct the module when to change the password. When set to always, the password will always be updated in the device and when set to on_create the password will be updated only if the username is created.
configured_password
string
The password to be configured on the VyOS device. The password needs to be provided in clear and it will be encrypted on the device. Please note that this option is not same as provider password.
full_name
string
The full_name argument provides the full name of the user account to be created on the remote device. This argument accepts any text string value.
level
string
The level argument configures the level of the user when logged into the system. This argument accepts string values admin or operator.

aliases: role
name
string
The username to be configured on the VyOS device. This argument accepts a string value and is mutually exclusive with the aggregate argument. Please note that this option is not same as provider username.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
purge
boolean
    Choices:
  • no ←
  • yes
Instructs the module to consider the resource definition absolute. It will remove any previously configured usernames on the device with the exception of the `admin` user (the current defined set of users).
state
string
    Choices:
  • present ←
  • absent
Configures the state of the username definition as it relates to the device operational configuration. When set to present, the username(s) should be configured in the device active configuration and when set to absent the username(s) should not be in the device active configuration
update_password
string
    Choices:
  • on_create
  • always ←
Since passwords are encrypted in the device running config, this argument will instruct the module when to change the password. When set to always, the password will always be updated in the device and when set to on_create the password will be updated only if the username is created.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: create a new user vyos.vyos.vyos_user: name: ansible configured_password: password state: present - name: remove all users except admin vyos.vyos.vyos_user: purge: yes - name: set multiple users to level operator vyos.vyos.vyos_user: aggregate: - name: netop - name: netend level: operator state: present - name: Change Password for User netop vyos.vyos.vyos_user: name: netop configured_password: '{{ new_password }}' update_password: always state: present Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
The list of configuration mode commands to send to the device

Sample:
['set system login user test level operator', 'set system login user authentication plaintext-password password']


Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) diff --git a/docs/vyos.vyos.vyos_vlan_module.rst b/docs/vyos.vyos.vyos_vlan_module.rst index d00260e..b6e3ccf 100644 --- a/docs/vyos.vyos.vyos_vlan_module.rst +++ b/docs/vyos.vyos.vyos_vlan_module.rst @@ -1,521 +1,521 @@ .. _vyos.vyos.vyos_vlan_module: ******************* vyos.vyos.vyos_vlan ******************* **Manage VLANs on VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module provides declarative management of VLANs on VyOS network devices. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
address
string
Configure Virtual interface address.
aggregate
list / elements=dictionary
List of VLANs definitions.
address
string
Configure Virtual interface address.
associated_interfaces
list / elements=string
This is a intent option and checks the operational state of the for given vlan name for associated interfaces. If the value in the associated_interfaces does not match with the operational state of vlan on device it will result in failure.
delay
integer
Delay the play should wait to check for declarative intent params values.
interfaces
list / elements=string / required
List of interfaces that should be associated to the VLAN.
name
string
Name of the VLAN.
state
string
    Choices:
  • present
  • absent
State of the VLAN configuration.
vlan_id
integer / required
ID of the VLAN. Range 0-4094.
associated_interfaces
list / elements=string
This is a intent option and checks the operational state of the for given vlan name for associated interfaces. If the value in the associated_interfaces does not match with the operational state of vlan on device it will result in failure.
delay
integer
Default:
10
Delay the play should wait to check for declarative intent params values.
interfaces
list / elements=string
List of interfaces that should be associated to the VLAN.
name
string
Name of the VLAN.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.

A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
purge
boolean
    Choices:
  • no ←
  • yes
Purge VLANs not defined in the aggregate parameter.
state
string
    Choices:
  • present ←
  • absent
State of the VLAN configuration.
vlan_id
integer
ID of the VLAN. Range 0-4094.

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- -.. code-block:: yaml+jinja +.. code-block:: yaml - name: Create vlan vyos.vyos.vyos_vlan: vlan_id: 100 name: vlan-100 interfaces: eth1 state: present - name: Add interfaces to VLAN vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: - eth1 - eth2 - name: Configure virtual interface address vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: eth1 address: 172.26.100.37/24 - name: vlan interface config + intent vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: eth0 associated_interfaces: - eth0 - name: vlan intent check vyos.vyos.vyos_vlan: vlan_id: 100 associated_interfaces: - eth3 - eth4 - name: Delete vlan vyos.vyos.vyos_vlan: vlan_id: 100 interfaces: eth1 state: absent Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
The list of configuration mode commands to send to the device

Sample:
['set interfaces ethernet eth1 vif 100 description VLAN 100', 'set interfaces ethernet eth1 vif 100 address 172.26.100.37/24', 'delete interfaces ethernet eth1 vif 100']


Status ------ Authors ~~~~~~~ - Trishna Guha (@trishnaguha) diff --git a/plugins/cliconf/vyos.py b/plugins/cliconf/vyos.py index c8aaff9..d63c677 100644 --- a/plugins/cliconf/vyos.py +++ b/plugins/cliconf/vyos.py @@ -1,360 +1,361 @@ # # (c) 2017 Red Hat Inc. # # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . # from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ author: Ansible Networking Team cliconf: vyos short_description: Use vyos cliconf to run command on VyOS platform description: - This vyos plugin provides low level abstraction apis for sending and receiving CLI commands from VyOS network devices. version_added: 1.0.0 options: config_commands: description: - Specifies a list of commands that can make configuration changes to the target device. - When `ansible_network_single_user_mode` is enabled, if a command sent to the device is present in this list, the existing cache is invalidated. version_added: 2.0.0 type: list default: [] vars: - name: ansible_vyos_config_commands """ import re import json from ansible.errors import AnsibleConnectionFailure from ansible.module_utils._text import to_text from ansible.module_utils.common._collections_compat import Mapping from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.config import ( NetworkConfig, ) from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( to_list, ) from ansible.plugins.cliconf import CliconfBase class Cliconf(CliconfBase): + __rpc__ = CliconfBase.__rpc__ + [ + "commit", + "discard_changes", + "get_diff", + "run_commands", + ] + def __init__(self, *args, **kwargs): super(Cliconf, self).__init__(*args, **kwargs) self._device_info = {} def get_device_info(self): if not self._device_info: device_info = {} device_info["network_os"] = "vyos" reply = self.get("show version") data = to_text(reply, errors="surrogate_or_strict").strip() match = re.search(r"Version:\s*(.*)", data) if match: device_info["network_os_version"] = match.group(1) match = re.search(r"HW model:\s*(\S+)", data) if match: device_info["network_os_model"] = match.group(1) reply = self.get("show host name") device_info["network_os_hostname"] = to_text( reply, errors="surrogate_or_strict" ).strip() self._device_info = device_info return self._device_info def get_config(self, flags=None, format=None): if format: option_values = self.get_option_values() if format not in option_values["format"]: raise ValueError( "'format' value %s is invalid. Valid values of format are %s" % (format, ", ".join(option_values["format"])) ) if not flags: flags = [] if format == "text": command = "show configuration" else: command = "show configuration commands" command += " ".join(to_list(flags)) command = command.strip() out = self.send_command(command) return out def edit_config( self, candidate=None, commit=True, replace=None, comment=None ): resp = {} operations = self.get_device_operations() self.check_edit_config_capability( operations, candidate, commit, replace, comment ) results = [] requests = [] self.send_command("configure") for cmd in to_list(candidate): if not isinstance(cmd, Mapping): cmd = {"command": cmd} results.append(self.send_command(**cmd)) requests.append(cmd["command"]) out = self.get("compare") out = to_text(out, errors="surrogate_or_strict") diff_config = out if not out.startswith("No changes") else None if diff_config: if commit: try: self.commit(comment) except AnsibleConnectionFailure as e: msg = "commit failed: %s" % e.message self.discard_changes() raise AnsibleConnectionFailure(msg) else: self.send_command("exit") else: self.discard_changes() else: self.send_command("exit") if ( to_text( self._connection.get_prompt(), errors="surrogate_or_strict" ) .strip() .endswith("#") ): self.discard_changes() if diff_config: resp["diff"] = diff_config resp["response"] = results resp["request"] = requests return resp def get( self, command=None, prompt=None, answer=None, sendonly=False, output=None, newline=True, check_all=False, ): if not command: raise ValueError("must provide value of command to execute") if output: raise ValueError( "'output' value %s is not supported for get" % output ) return self.send_command( command=command, prompt=prompt, answer=answer, sendonly=sendonly, newline=newline, check_all=check_all, ) def commit(self, comment=None): if comment: command = 'commit comment "{0}"'.format(comment) else: command = "commit" self.send_command(command) def discard_changes(self): self.send_command("exit discard") def get_diff( self, candidate=None, running=None, diff_match="line", diff_ignore_lines=None, path=None, diff_replace=None, ): diff = {} device_operations = self.get_device_operations() option_values = self.get_option_values() if candidate is None and device_operations["supports_generate_diff"]: raise ValueError( "candidate configuration is required to generate diff" ) if diff_match not in option_values["diff_match"]: raise ValueError( "'match' value %s in invalid, valid values are %s" % (diff_match, ", ".join(option_values["diff_match"])) ) if diff_replace: raise ValueError("'replace' in diff is not supported") if diff_ignore_lines: raise ValueError("'diff_ignore_lines' in diff is not supported") if path: raise ValueError("'path' in diff is not supported") set_format = candidate.startswith("set") or candidate.startswith( "delete" ) candidate_obj = NetworkConfig(indent=4, contents=candidate) if not set_format: config = [c.line for c in candidate_obj.items] commands = list() # this filters out less specific lines for item in config: for index, entry in enumerate(commands): if item.startswith(entry): del commands[index] break commands.append(item) candidate_commands = [ "set %s" % cmd.replace(" {", "") for cmd in commands ] else: candidate_commands = str(candidate).strip().split("\n") if diff_match == "none": diff["config_diff"] = list(candidate_commands) return diff running_commands = [ str(c).replace("'", "") for c in running.splitlines() ] updates = list() visited = set() for line in candidate_commands: item = str(line).replace("'", "") if not item.startswith("set") and not item.startswith("delete"): raise ValueError( "line must start with either `set` or `delete`" ) elif item.startswith("set") and item not in running_commands: updates.append(line) elif item.startswith("delete"): if not running_commands: updates.append(line) else: item = re.sub(r"delete", "set", item) for entry in running_commands: if entry.startswith(item) and line not in visited: updates.append(line) visited.add(line) diff["config_diff"] = list(updates) return diff def run_commands(self, commands=None, check_rc=True): if commands is None: raise ValueError("'commands' value is required") responses = list() for cmd in to_list(commands): if not isinstance(cmd, Mapping): cmd = {"command": cmd} output = cmd.pop("output", None) if output: raise ValueError( "'output' value %s is not supported for run_commands" % output ) try: out = self.send_command(**cmd) except AnsibleConnectionFailure as e: if check_rc: raise out = getattr(e, "err", e) responses.append(out) return responses def get_device_operations(self): return { "supports_diff_replace": False, "supports_commit": True, "supports_rollback": False, "supports_defaults": False, "supports_onbox_diff": True, "supports_commit_comment": True, "supports_multiline_delimiter": False, "supports_diff_match": True, "supports_diff_ignore_lines": False, "supports_generate_diff": False, "supports_replace": False, } def get_option_values(self): return { "format": ["text", "set"], "diff_match": ["line", "none"], "diff_replace": [], "output": [], } def get_capabilities(self): result = super(Cliconf, self).get_capabilities() - result["rpc"] += [ - "commit", - "discard_changes", - "get_diff", - "run_commands", - ] result["device_operations"] = self.get_device_operations() result.update(self.get_option_values()) return json.dumps(result) def set_cli_prompt_context(self): """ Make sure we are in the operational cli mode :return: None """ if self._connection.connected: self._update_cli_prompt_context( config_context="#", exit_command="exit discard" )