def main():
module = AnsibleModule(
argument_spec=dict(
server_url=dict(type='str', required=True),
username=dict(type='str', required=True, no_log=True),
password=dict(type='str', required=True, no_log=True),
entity=dict(type='str', required=True,
choices=['repository', 'manifest', 'repository_set', 'sync_plan',
'content_view', 'lifecycle_environment', 'activation_key', 'product']),
action=dict(type='str', choices=['sync', 'publish', 'promote']),
verify_ssl=dict(type='bool', default=False),
task_timeout=dict(type='int', default=1000),
params=dict(type='dict', required=True, no_log=True),
),
supports_check_mode=True,
)
if not HAS_NAILGUN_PACKAGE:
module.fail_json(msg="Missing required nailgun module (check docs or install with: pip install nailgun")
server_url = module.params['server_url']
username = module.params['username']
password = module.params['password']
entity = module.params['entity']
action = module.params['action']
params = module.params['params']
verify_ssl = module.params['verify_ssl']
task_timeout = module.params['task_timeout']
server = ServerConfig(
url=server_url,
auth=(username, password),
verify=verify_ssl
)
ng = NailGun(server, entities, module, task_timeout)
# Lets make an connection to the server with username and password
try:
org = entities.Organization(server)
org.search()
except Exception as e:
module.fail_json(msg="Failed to connect to Foreman server: %s " % e)
result = False
if entity == 'product':
if action == 'sync':
result = ng.sync_product(params)
else:
result = ng.product(params)
elif entity == 'repository':
if action == 'sync':
result = ng.sync_repository(params)
else:
result = ng.repository(params)
elif entity == 'manifest':
result = ng.manifest(params)
elif entity == 'repository_set':
result = ng.repository_set(params)
elif entity == 'sync_plan':
result = ng.sync_plan(params)
elif entity == 'content_view':
if action == 'publish':
result = ng.publish(params)
elif action == 'promote':
result = ng.promote(params)
else:
result = ng.content_view(params)
elif entity == 'lifecycle_environment':
result = ng.lifecycle_environment(params)
elif entity == 'activation_key':
result = ng.activation_key(params)
else:
module.fail_json(changed=False, result="Unsupported entity supplied")
module.exit_json(changed=result, result="%s updated" % entity)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"switch_controller_storm_control": {
"required": False,
"type": "dict",
"default": None,
"options": {
"broadcast": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"rate": {
"required": False,
"type": "int"
},
"unknown_multicast": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"unknown_unicast": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_switch_controller(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_switch_controller(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"webfilter_content_header": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"comment": {
"required": False,
"type": "str"
},
"entries": {
"required": False,
"type": "list",
"options": {
"action": {
"required": False,
"type": "str",
"choices": ["block", "allow", "exempt"]
},
"category": {
"required": False,
"type": "str"
},
"pattern": {
"required": True,
"type": "str"
}
}
},
"id": {
"required": True,
"type": "int"
},
"name": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_webfilter(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_webfilter(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
arg_spec = {
'name': {
'type': 'str',
'required': True
},
'path': {
'type': 'str',
'default': '/etc/sensu/conf.d/checks.json'
},
'state': {
'type': 'str',
'default': 'present',
'choices': ['present', 'absent']
},
'backup': {
'type': 'bool',
'default': 'no'
},
'command': {
'type': 'str'
},
'handlers': {
'type': 'list'
},
'subscribers': {
'type': 'list'
},
'interval': {
'type': 'int'
},
'timeout': {
'type': 'int'
},
'ttl': {
'type': 'int'
},
'handle': {
'type': 'bool'
},
'subdue_begin': {
'type': 'str'
},
'subdue_end': {
'type': 'str'
},
'dependencies': {
'type': 'list'
},
'metric': {
'type': 'bool',
'default': 'no'
},
'standalone': {
'type': 'bool'
},
'publish': {
'type': 'bool'
},
'occurrences': {
'type': 'int'
},
'refresh': {
'type': 'int'
},
'aggregate': {
'type': 'bool'
},
'low_flap_threshold': {
'type': 'int'
},
'high_flap_threshold': {
'type': 'int'
},
'custom': {
'type': 'dict'
},
'source': {
'type': 'str'
},
}
required_together = [['subdue_begin', 'subdue_end']]
module = AnsibleModule(argument_spec=arg_spec,
required_together=required_together,
supports_check_mode=True)
if module.params['state'] != 'absent' and module.params['command'] is None:
module.fail_json(msg="missing required arguments: %s" %
",".join(['command']))
path = module.params['path']
name = module.params['name']
state = module.params['state']
backup = module.params['backup']
changed, reasons = sensu_check(module, path, name, state, backup)
module.exit_json(path=path,
changed=changed,
msg='OK',
name=name,
reasons=reasons)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"dnsfilter_profile": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"block_action": {
"required": False,
"type": "str",
"choices": ["block", "redirect"]
},
"block_botnet": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
},
"comment": {
"required": False,
"type": "str"
},
"domain_filter": {
"required": False,
"type": "dict",
"options": {
"domain_filter_table": {
"required": False,
"type": "int"
}
}
},
"external_ip_blocklist": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"ftgd_dns": {
"required": False,
"type": "dict",
"options": {
"filters": {
"required": False,
"type": "list",
"options": {
"action": {
"required": False,
"type": "str",
"choices": ["block", "monitor"]
},
"category": {
"required": False,
"type": "int"
},
"id": {
"required": True,
"type": "int"
},
"log": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
},
"options": {
"required": False,
"type": "str",
"choices": ["error-allow", "ftgd-disable"]
}
}
},
"log_all_domain": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"name": {
"required": True,
"type": "str"
},
"redirect_portal": {
"required": False,
"type": "str"
},
"safe_search": {
"required": False,
"type": "str",
"choices": ["disable", "enable"]
},
"sdns_domain_log": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"sdns_ftgd_err_log": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"youtube_restrict": {
"required": False,
"type": "str",
"choices": ["strict", "moderate"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_dnsfilter(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_dnsfilter(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
argument_spec = dict(
comment=dict(type='str'),
id=dict(type='int', required=True),
src_intf=dict(type='list', default='any'),
dst_intf=dict(type='list', default='any'),
state=dict(choices=['present', 'absent'], default='present'),
src_addr=dict(type='list'),
dst_addr=dict(type='list'),
src_addr_negate=dict(type='bool', default=False),
dst_addr_negate=dict(type='bool', default=False),
policy_action=dict(choices=['accept', 'deny'], aliases=['action']),
service=dict(aliases=['services'], type='list'),
service_negate=dict(type='bool', default=False),
schedule=dict(type='str', default='always'),
nat=dict(type='bool', default=False),
fixedport=dict(type='bool', default=False),
poolname=dict(type='str'),
av_profile=dict(type='str'),
webfilter_profile=dict(type='str'),
ips_sensor=dict(type='str'),
application_list=dict(type='str'),
logtraffic=dict(choices=['disable', 'all', 'utm'], default='utm'),
logtraffic_start=dict(type='bool', default=False),
)
# merge global required_if & argument_spec from module_utils/fortios.py
argument_spec.update(fortios_argument_spec)
ipv4_policy_required_if = [
[
'state', 'present',
['src_addr', 'dst_addr', 'policy_action', 'service']
],
]
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=fortios_required_if + ipv4_policy_required_if,
)
# init forti object
fortigate = AnsibleFortios(module)
# Security policies root path
config_path = 'firewall policy'
# test params
# NAT related
if not module.params['nat']:
if module.params['poolname']:
module.fail_json(msg='Poolname param requires NAT to be true.')
if module.params['fixedport']:
module.fail_json(msg='Fixedport param requires NAT to be true.')
# log options
if module.params['logtraffic_start']:
if not module.params['logtraffic'] == 'all':
module.fail_json(
msg=
'Logtraffic_start param requires logtraffic to be set to "all".'
)
# id must be str(int) for pyFG to work
policy_id = str(module.params['id'])
# load config
fortigate.load_config(config_path)
# Absent State
if module.params['state'] == 'absent':
fortigate.candidate_config[config_path].del_block(policy_id)
# Present state
elif module.params['state'] == 'present':
new_policy = fortigate.get_empty_configuration_block(policy_id, 'edit')
# src / dest / service / interfaces
new_policy.set_param(
'srcintf',
" ".join('"' + item + '"' for item in module.params['src_intf']))
new_policy.set_param(
'dstintf',
" ".join('"' + item + '"' for item in module.params['dst_intf']))
new_policy.set_param(
'srcaddr',
" ".join('"' + item + '"' for item in module.params['src_addr']))
new_policy.set_param(
'dstaddr',
" ".join('"' + item + '"' for item in module.params['dst_addr']))
new_policy.set_param(
'service',
" ".join('"' + item + '"' for item in module.params['service']))
# negate src / dest / service
if module.params['src_addr_negate']:
new_policy.set_param('srcaddr-negate', 'enable')
if module.params['dst_addr_negate']:
new_policy.set_param('dstaddr-negate', 'enable')
if module.params['service_negate']:
new_policy.set_param('service-negate', 'enable')
# action
new_policy.set_param('action', '%s' % (module.params['policy_action']))
# logging
new_policy.set_param('logtraffic',
'%s' % (module.params['logtraffic']))
if module.params['logtraffic'] == 'all':
if module.params['logtraffic_start']:
new_policy.set_param('logtraffic-start', 'enable')
else:
new_policy.set_param('logtraffic-start', 'disable')
# Schedule
new_policy.set_param('schedule', '%s' % (module.params['schedule']))
# NAT
if module.params['nat']:
new_policy.set_param('nat', 'enable')
if module.params['fixedport']:
new_policy.set_param('fixedport', 'enable')
if module.params['poolname'] is not None:
new_policy.set_param('ippool', 'enable')
new_policy.set_param('poolname',
'"%s"' % (module.params['poolname']))
# security profiles:
if module.params['av_profile'] is not None:
new_policy.set_param('av-profile',
'"%s"' % (module.params['av_profile']))
if module.params['webfilter_profile'] is not None:
new_policy.set_param('webfilter-profile',
'"%s"' % (module.params['webfilter_profile']))
if module.params['ips_sensor'] is not None:
new_policy.set_param('ips-sensor',
'"%s"' % (module.params['ips_sensor']))
if module.params['application_list'] is not None:
new_policy.set_param('application-list',
'"%s"' % (module.params['application_list']))
# comment
if module.params['comment'] is not None:
new_policy.set_param('comment',
'"%s"' % (module.params['comment']))
# add the new policy to the device
fortigate.add_block(policy_id, new_policy)
# Apply changes
fortigate.apply_changes()
def main():
module_specific_arguments = dict(name=dict(type='str'),
ipaddress=dict(type='str'),
domain=dict(type='str'),
translationip=dict(type='str'),
translationmask=dict(type='str'),
domainresolveretry=dict(type='int'),
ipv6address=dict(type='bool',
default=False),
comment=dict(type='str'),
td=dict(type='float'),
graceful=dict(type='bool'),
delay=dict(type='float'))
hand_inserted_arguments = dict(disabled=dict(
type='bool',
default=False,
), )
argument_spec = dict()
argument_spec.update(netscaler_common_arguments)
argument_spec.update(module_specific_arguments)
argument_spec.update(hand_inserted_arguments)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
module_result = dict(
changed=False,
failed=False,
loglines=loglines,
)
# Fail the module if imports failed
if not PYTHON_SDK_IMPORTED:
module.fail_json(msg='Could not load nitro python sdk')
# Fallthrough to rest of execution
client = get_nitro_client(module)
try:
client.login()
except nitro_exception as e:
msg = "nitro exception during login. errorcode=%s, message=%s" % (str(
e.errorcode), e.message)
module.fail_json(msg=msg)
except Exception as e:
if str(type(e)) == "<class 'requests.exceptions.ConnectionError'>":
module.fail_json(msg='Connection error %s' % str(e))
elif str(type(e)) == "<class 'requests.exceptions.SSLError'>":
module.fail_json(msg='SSL Error %s' % str(e))
else:
module.fail_json(msg='Unexpected error during login %s' % str(e))
# Instantiate Server Config object
readwrite_attrs = [
'name',
'ipaddress',
'domain',
'translationip',
'translationmask',
'domainresolveretry',
'ipv6address',
'graceful',
'delay',
'comment',
'td',
]
readonly_attrs = [
'statechangetimesec',
'tickssincelaststatechange',
'autoscale',
'customserverid',
'monthreshold',
'maxclient',
'maxreq',
'maxbandwidth',
'usip',
'cka',
'tcpb',
'cmp',
'clttimeout',
'svrtimeout',
'cipheader',
'cip',
'cacheable',
'sc',
'sp',
'downstateflush',
'appflowlog',
'boundtd',
'__count',
]
immutable_attrs = [
'name',
'domain',
'ipv6address',
'td',
]
transforms = {
'graceful': ['bool_yes_no'],
'ipv6address': ['bool_yes_no'],
}
server_proxy = ConfigProxy(
actual=server(),
client=client,
attribute_values_dict=module.params,
readwrite_attrs=readwrite_attrs,
readonly_attrs=readonly_attrs,
immutable_attrs=immutable_attrs,
transforms=transforms,
)
try:
# Apply appropriate state
if module.params['state'] == 'present':
log('Applying actions for state present')
if not server_exists(client, module):
if not module.check_mode:
server_proxy.add()
if module.params['save_config']:
client.save_config()
module_result['changed'] = True
elif not server_identical(client, module, server_proxy):
# Check if we try to change value of immutable attributes
immutables_changed = get_immutables_intersection(
server_proxy,
diff_list(client, module, server_proxy).keys())
if immutables_changed != []:
msg = 'Cannot update immutable attributes %s' % (
immutables_changed, )
module.fail_json(msg=msg,
diff=diff_list(client, module,
server_proxy),
**module_result)
if not module.check_mode:
server_proxy.update()
if module.params['save_config']:
client.save_config()
module_result['changed'] = True
else:
module_result['changed'] = False
if not module.check_mode:
res = do_state_change(client, module, server_proxy)
if res.errorcode != 0:
msg = 'Error when setting disabled state. errorcode: %s message: %s' % (
res.errorcode, res.message)
module.fail_json(msg=msg, **module_result)
# Sanity check for result
log('Sanity checks for state present')
if not module.check_mode:
if not server_exists(client, module):
module.fail_json(msg='Server does not seem to exist',
**module_result)
if not server_identical(client, module, server_proxy):
module.fail_json(
msg=
'Server is not configured according to parameters given',
diff=diff_list(client, module, server_proxy),
**module_result)
elif module.params['state'] == 'absent':
log('Applying actions for state absent')
if server_exists(client, module):
if not module.check_mode:
server_proxy.delete()
if module.params['save_config']:
client.save_config()
module_result['changed'] = True
else:
module_result['changed'] = False
# Sanity check for result
log('Sanity checks for state absent')
if not module.check_mode:
if server_exists(client, module):
module.fail_json(msg='Server seems to be present',
**module_result)
except nitro_exception as e:
msg = "nitro exception errorcode=%s, message=%s" % (str(
e.errorcode), e.message)
module.fail_json(msg=msg, **module_result)
client.logout()
module.exit_json(**module_result)
def main():
module = AnsibleModule(argument_spec=dict(
name=dict(type='list', required=True),
state=dict(
type='str',
default='present',
choices=['absent', 'installed', 'latest', 'present', 'removed']),
build=dict(type='bool', default=False),
ports_dir=dict(type='path', default='/usr/ports'),
quick=dict(type='bool', default=False),
clean=dict(type='bool', default=False),
),
supports_check_mode=True)
name = module.params['name']
state = module.params['state']
build = module.params['build']
ports_dir = module.params['ports_dir']
rc = 0
stdout = ''
stderr = ''
result = {}
result['name'] = name
result['state'] = state
result['build'] = build
# The data structure used to keep track of package information.
pkg_spec = {}
if build is True:
if not os.path.isdir(ports_dir):
module.fail_json(
msg="the ports source directory %s does not exist" %
(ports_dir))
# build sqlports if its not installed yet
parse_package_name(['sqlports'], pkg_spec, module)
get_package_state(['sqlports'], pkg_spec, module)
if not pkg_spec['sqlports']['installed_state']:
module.debug("main(): installing 'sqlports' because build=%s" %
module.params['build'])
package_present(['sqlports'], pkg_spec, module)
asterisk_name = False
for n in name:
if n == '*':
if len(name) != 1:
module.fail_json(
msg="the package name '*' can not be mixed with other names"
)
asterisk_name = True
if asterisk_name:
if state != 'latest':
module.fail_json(
msg="the package name '*' is only valid when using state=latest"
)
else:
# Perform an upgrade of all installed packages.
upgrade_packages(pkg_spec, module)
else:
# Parse package names and put results in the pkg_spec dictionary.
parse_package_name(name, pkg_spec, module)
# Not sure how the branch syntax is supposed to play together
# with build mode. Disable it for now.
for n in name:
if pkg_spec[n]['branch'] and module.params['build'] is True:
module.fail_json(
msg=
"the combination of 'branch' syntax and build=%s is not supported: %s"
% (module.params['build'], n))
# Get state for all package names.
get_package_state(name, pkg_spec, module)
# Perform requested action.
if state in ['installed', 'present']:
package_present(name, pkg_spec, module)
elif state in ['absent', 'removed']:
package_absent(name, pkg_spec, module)
elif state == 'latest':
package_latest(name, pkg_spec, module)
# The combined changed status for all requested packages. If anything
# is changed this is set to True.
combined_changed = False
# The combined failed status for all requested packages. If anything
# failed this is set to True.
combined_failed = False
# We combine all error messages in this comma separated string, for example:
# "msg": "Can't find nmapp\n, Can't find nmappp\n"
combined_error_message = ''
# Loop over all requested package names and check if anything failed or
# changed.
for n in name:
if pkg_spec[n]['rc'] != 0:
combined_failed = True
if pkg_spec[n]['stderr']:
if combined_error_message:
combined_error_message += ", %s" % pkg_spec[n]['stderr']
else:
combined_error_message = pkg_spec[n]['stderr']
else:
if combined_error_message:
combined_error_message += ", %s" % pkg_spec[n]['stdout']
else:
combined_error_message = pkg_spec[n]['stdout']
if pkg_spec[n]['changed'] is True:
combined_changed = True
# If combined_error_message contains anything at least some part of the
# list of requested package names failed.
if combined_failed:
module.fail_json(msg=combined_error_message, **result)
result['changed'] = combined_changed
module.exit_json(**result)
def main():
argument_spec = ec2_argument_spec()
argument_spec.update(
dict(
policy_name=dict(required=True),
policy_description=dict(default=''),
policy=dict(type='json'),
make_default=dict(type='bool', default=True),
only_version=dict(type='bool', default=False),
fail_on_delete=dict(type='bool', removed_in_version='2.14'),
state=dict(default='present', choices=['present', 'absent']),
))
module = AnsibleModule(argument_spec=argument_spec,
required_if=[['state', 'present', ['policy']]])
if not HAS_BOTO3:
module.fail_json(msg='boto3 is required for this module')
name = module.params.get('policy_name')
description = module.params.get('policy_description')
state = module.params.get('state')
default = module.params.get('make_default')
only = module.params.get('only_version')
policy = None
if module.params.get('policy') is not None:
policy = json.dumps(json.loads(module.params.get('policy')))
try:
region, ec2_url, aws_connect_kwargs = get_aws_connection_info(
module, boto3=True)
iam = boto3_conn(module,
conn_type='client',
resource='iam',
region=region,
endpoint=ec2_url,
**aws_connect_kwargs)
except (botocore.exceptions.NoCredentialsError,
botocore.exceptions.ProfileNotFound) as e:
module.fail_json(
msg=
"Can't authorize connection. Check your credentials and profile.",
exceptions=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response))
p = get_policy_by_name(module, iam, name)
if state == 'present':
if p is None:
# No Policy so just create one
try:
rvalue = iam.create_policy(PolicyName=name,
Path='/',
PolicyDocument=policy,
Description=description)
except Exception as e:
module.fail_json(msg="Couldn't create policy %s: %s" %
(name, to_native(e)),
exception=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response))
module.exit_json(changed=True,
policy=camel_dict_to_snake_dict(rvalue['Policy']))
else:
policy_version, changed = get_or_create_policy_version(
module, iam, p, policy)
changed = set_if_default(module, iam, p, policy_version,
default) or changed
changed = set_if_only(module, iam, p, policy_version,
only) or changed
# If anything has changed we needto refresh the policy
if changed:
try:
p = iam.get_policy(PolicyArn=p['Arn'])['Policy']
except Exception as e:
module.fail_json(msg="Couldn't get policy: %s" %
to_native(e),
exception=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response))
module.exit_json(changed=changed,
policy=camel_dict_to_snake_dict(p))
else:
# Check for existing policy
if p:
# Detach policy
detach_all_entities(module, iam, p)
# Delete Versions
try:
versions = iam.list_policy_versions(
PolicyArn=p['Arn'])['Versions']
except botocore.exceptions.ClientError as e:
module.fail_json(msg="Couldn't list policy versions: %s" %
to_native(e),
exception=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response))
for v in versions:
if not v['IsDefaultVersion']:
try:
iam.delete_policy_version(PolicyArn=p['Arn'],
VersionId=v['VersionId'])
except botocore.exceptions.ClientError as e:
module.fail_json(
msg="Couldn't delete policy version %s: %s" %
(v['VersionId'], to_native(e)),
exception=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response))
# Delete policy
try:
iam.delete_policy(PolicyArn=p['Arn'])
except Exception as e:
module.fail_json(msg="Couldn't delete policy %s: %s" %
(p['PolicyName'], to_native(e)),
exception=traceback.format_exc(),
**camel_dict_to_snake_dict(e.response))
# This is the one case where we will return the old policy
module.exit_json(changed=True, policy=camel_dict_to_snake_dict(p))
else:
module.exit_json(changed=False, policy=None)
def main():
module = AnsibleModule(
argument_spec=dict(
api_token=dict(type='str', required=False, no_log=True),
account_api_key=dict(type='str',
required=False,
no_log=True,
aliases=['account_api_token']),
account_email=dict(type='str', required=False),
algorithm=dict(type='int'),
cert_usage=dict(type='int', choices=[0, 1, 2, 3]),
hash_type=dict(type='int', choices=[1, 2]),
key_tag=dict(type='int'),
port=dict(type='int'),
priority=dict(type='int', default=1),
proto=dict(type='str'),
proxied=dict(type='bool', default=False),
record=dict(type='str', default='@', aliases=['name']),
selector=dict(type='int', choices=[0, 1]),
service=dict(type='str'),
solo=dict(type='bool'),
state=dict(type='str',
default='present',
choices=['absent', 'present']),
timeout=dict(type='int', default=30),
ttl=dict(type='int', default=1),
type=dict(type='str',
choices=[
'A', 'AAAA', 'CNAME', 'DS', 'MX', 'NS', 'SPF', 'SRV',
'SSHFP', 'TLSA', 'TXT'
]),
value=dict(type='str', aliases=['content']),
weight=dict(type='int', default=1),
zone=dict(type='str', required=True, aliases=['domain']),
),
supports_check_mode=True,
required_if=[
('state', 'present', ['record', 'type', 'value']),
('state', 'absent', ['record']),
('type', 'SRV', ['proto', 'service']),
('type', 'TLSA', ['proto', 'port']),
],
)
if not module.params['api_token'] and not (module.params['account_api_key']
and
module.params['account_email']):
module.fail_json(
msg=
"Either api_token or account_api_key and account_email params are required."
)
if module.params['type'] == 'SRV':
if not ((module.params['weight'] is not None and module.params['port']
is not None and not (module.params['value'] is None
or module.params['value'] == '')) or
(module.params['weight'] is None
and module.params['port'] is None and
(module.params['value'] is None
or module.params['value'] == ''))):
module.fail_json(
msg=
"For SRV records the params weight, port and value all need to be defined, or not at all."
)
if module.params['type'] == 'SSHFP':
if not ((module.params['algorithm'] is not None
and module.params['hash_type'] is not None
and not (module.params['value'] is None
or module.params['value'] == '')) or
(module.params['algorithm'] is None
and module.params['hash_type'] is None and
(module.params['value'] is None
or module.params['value'] == ''))):
module.fail_json(
msg=
"For SSHFP records the params algorithm, hash_type and value all need to be defined, or not at all."
)
if module.params['type'] == 'TLSA':
if not ((module.params['cert_usage'] is not None
and module.params['selector'] is not None
and module.params['hash_type'] is not None
and not (module.params['value'] is None
or module.params['value'] == '')) or
(module.params['cert_usage'] is None
and module.params['selector'] is None
and module.params['hash_type'] is None and
(module.params['value'] is None
or module.params['value'] == ''))):
module.fail_json(
msg=
"For TLSA records the params cert_usage, selector, hash_type and value all need to be defined, or not at all."
)
if module.params['type'] == 'DS':
if not ((module.params['key_tag'] is not None
and module.params['algorithm'] is not None
and module.params['hash_type'] is not None
and not (module.params['value'] is None
or module.params['value'] == '')) or
(module.params['key_tag'] is None
and module.params['algorithm'] is None
and module.params['hash_type'] is None and
(module.params['value'] is None
or module.params['value'] == ''))):
module.fail_json(
msg=
"For DS records the params key_tag, algorithm, hash_type and value all need to be defined, or not at all."
)
changed = False
cf_api = CloudflareAPI(module)
# sanity checks
if cf_api.is_solo and cf_api.state == 'absent':
module.fail_json(msg="solo=true can only be used with state=present")
# perform add, delete or update (only the TTL can be updated) of one or
# more records
if cf_api.state == 'present':
# delete all records matching record name + type
if cf_api.is_solo:
changed = cf_api.delete_dns_records(solo=cf_api.is_solo)
result, changed = cf_api.ensure_dns_record()
if isinstance(result, list):
module.exit_json(changed=changed, result={'record': result[0]})
module.exit_json(changed=changed, result={'record': result})
else:
# force solo to False, just to be sure
changed = cf_api.delete_dns_records(solo=False)
module.exit_json(changed=changed)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"user_local": {
"required": False,
"type": "dict",
"default": None,
"options": {
"auth_concurrent_override": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"auth_concurrent_value": {
"required": False,
"type": "int"
},
"authtimeout": {
"required": False,
"type": "int"
},
"email_to": {
"required": False,
"type": "str"
},
"fortitoken": {
"required": False,
"type": "str"
},
"id": {
"required": False,
"type": "int"
},
"ldap_server": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"passwd": {
"required": False,
"type": "str"
},
"passwd_policy": {
"required": False,
"type": "str"
},
"passwd_time": {
"required": False,
"type": "str"
},
"ppk_identity": {
"required": False,
"type": "str"
},
"ppk_secret": {
"required": False,
"type": "str"
},
"radius_server": {
"required": False,
"type": "str"
},
"sms_custom_server": {
"required": False,
"type": "str"
},
"sms_phone": {
"required": False,
"type": "str"
},
"sms_server": {
"required": False,
"type": "str",
"choices": ["fortiguard", "custom"]
},
"status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"two_factor": {
"required": False,
"type": "str",
"choices": ["disable", "fortitoken", "email", "sms"]
},
"type": {
"required": False,
"type": "str",
"choices": ["password", "radius", "tacacs+", "ldap"]
},
"workstation": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_user(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_user(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
class MgmtInterface(object):
MAX_RETRIES = 15
def __init__(self):
argument_spec = eseries_host_argument_spec()
argument_spec.update(dict(
state=dict(type="str", choices=["enable", "disable"],
aliases=["enable_interface"], required=False),
controller=dict(type="str", required=True, choices=["A", "B"]),
name=dict(type="str", aliases=["port", "iface"]),
channel=dict(type="int"),
address=dict(type="str", required=False),
subnet_mask=dict(type="str", required=False),
gateway=dict(type="str", required=False),
config_method=dict(type="str", required=False, choices=["dhcp", "static"]),
dns_config_method=dict(type="str", required=False, choices=["dhcp", "static"]),
dns_address=dict(type="str", required=False),
dns_address_backup=dict(type="str", required=False),
ntp_config_method=dict(type="str", required=False, choices=["disable", "dhcp", "static"]),
ntp_address=dict(type="str", required=False),
ntp_address_backup=dict(type="str", required=False),
ssh=dict(type="bool", required=False),
log_path=dict(type="str", required=False),
))
required_if = [
["state", "enable", ["config_method"]],
["config_method", "static", ["address", "subnet_mask"]],
["dns_config_method", "static", ["dns_address"]],
["ntp_config_method", "static", ["ntp_address"]],
]
mutually_exclusive = [
["name", "channel"],
]
self.module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
required_if=required_if,
mutually_exclusive=mutually_exclusive)
args = self.module.params
self.controller = args["controller"]
self.name = args["name"]
self.channel = args["channel"]
self.config_method = args["config_method"]
self.address = args["address"]
self.subnet_mask = args["subnet_mask"]
self.gateway = args["gateway"]
self.enable_interface = None if args["state"] is None else args["state"] == "enable"
self.dns_config_method = args["dns_config_method"]
self.dns_address = args["dns_address"]
self.dns_address_backup = args["dns_address_backup"]
self.ntp_config_method = args["ntp_config_method"]
self.ntp_address = args["ntp_address"]
self.ntp_address_backup = args["ntp_address_backup"]
self.ssh = args["ssh"]
self.ssid = args["ssid"]
self.url = args["api_url"]
self.creds = dict(url_password=args["api_password"],
validate_certs=args["validate_certs"],
url_username=args["api_username"], )
self.retries = 0
self.check_mode = self.module.check_mode
self.post_body = dict()
log_path = args["log_path"]
# logging setup
self._logger = logging.getLogger(self.__class__.__name__)
if log_path:
logging.basicConfig(
level=logging.DEBUG, filename=log_path, filemode='w',
format='%(relativeCreated)dms %(levelname)s %(module)s.%(funcName)s:%(lineno)d\n %(message)s')
if not self.url.endswith('/'):
self.url += '/'
@property
def controllers(self):
"""Retrieve a mapping of controller labels to their references
{
'A': '070000000000000000000001',
'B': '070000000000000000000002',
}
:return: the controllers defined on the system
"""
try:
(rc, controllers) = request(self.url + 'storage-systems/%s/controllers'
% self.ssid, headers=HEADERS, **self.creds)
except Exception as err:
controllers = list()
self.module.fail_json(
msg="Failed to retrieve the controller settings. Array Id [%s]. Error [%s]."
% (self.ssid, to_native(err)))
controllers.sort(key=lambda c: c['physicalLocation']['slot'])
controllers_dict = dict()
i = ord('A')
for controller in controllers:
label = chr(i)
settings = dict(controllerSlot=controller['physicalLocation']['slot'],
controllerRef=controller['controllerRef'],
ssh=controller['networkSettings']['remoteAccessEnabled'])
controllers_dict[label] = settings
i += 1
return controllers_dict
@property
def interface(self):
net_interfaces = list()
try:
(rc, net_interfaces) = request(self.url + 'storage-systems/%s/configuration/ethernet-interfaces'
% self.ssid, headers=HEADERS, **self.creds)
except Exception as err:
self.module.fail_json(
msg="Failed to retrieve defined management interfaces. Array Id [%s]. Error [%s]."
% (self.ssid, to_native(err)))
controllers = self.controllers
controller = controllers[self.controller]
net_interfaces = [iface for iface in net_interfaces if iface["controllerRef"] == controller["controllerRef"]]
# Find the correct interface
iface = None
for net in net_interfaces:
if self.name:
if net["alias"] == self.name or net["interfaceName"] == self.name:
iface = net
break
elif self.channel:
if net["channel"] == self.channel:
iface = net
break
if iface is None:
identifier = self.name if self.name is not None else self.channel
self.module.fail_json(msg="We could not find an interface matching [%s] on Array=[%s]."
% (identifier, self.ssid))
return dict(alias=iface["alias"],
channel=iface["channel"],
link_status=iface["linkStatus"],
enabled=iface["ipv4Enabled"],
address=iface["ipv4Address"],
gateway=iface["ipv4GatewayAddress"],
subnet_mask=iface["ipv4SubnetMask"],
dns_config_method=iface["dnsProperties"]["acquisitionProperties"]["dnsAcquisitionType"],
dns_servers=iface["dnsProperties"]["acquisitionProperties"]["dnsServers"],
ntp_config_method=iface["ntpProperties"]["acquisitionProperties"]["ntpAcquisitionType"],
ntp_servers=iface["ntpProperties"]["acquisitionProperties"]["ntpServers"],
config_method=iface["ipv4AddressConfigMethod"],
controllerRef=iface["controllerRef"],
controllerSlot=iface["controllerSlot"],
ipv6Enabled=iface["ipv6Enabled"],
id=iface["interfaceRef"], )
def get_enable_interface_settings(self, iface, expected_iface, update, body):
"""Enable or disable the IPv4 network interface."""
if self.enable_interface:
if not iface["enabled"]:
update = True
body["ipv4Enabled"] = True
else:
if iface["enabled"]:
update = True
body["ipv4Enabled"] = False
expected_iface["enabled"] = body["ipv4Enabled"]
return update, expected_iface, body
def get_interface_settings(self, iface, expected_iface, update, body):
"""Update network interface settings."""
if self.config_method == "dhcp":
if iface["config_method"] != "configDhcp":
update = True
body["ipv4AddressConfigMethod"] = "configDhcp"
else:
if iface["config_method"] != "configStatic":
update = True
body["ipv4AddressConfigMethod"] = "configStatic"
if iface["address"] != self.address:
update = True
body["ipv4Address"] = self.address
if iface["subnet_mask"] != self.subnet_mask:
update = True
body["ipv4SubnetMask"] = self.subnet_mask
if self.gateway and iface["gateway"] != self.gateway:
update = True
body["ipv4GatewayAddress"] = self.gateway
expected_iface["address"] = body["ipv4Address"]
expected_iface["subnet_mask"] = body["ipv4SubnetMask"]
expected_iface["gateway"] = body["ipv4GatewayAddress"]
expected_iface["config_method"] = body["ipv4AddressConfigMethod"]
return update, expected_iface, body
def get_dns_server_settings(self, iface, expected_iface, update, body):
"""Add DNS server information to the request body."""
if self.dns_config_method == "dhcp":
if iface["dns_config_method"] != "dhcp":
update = True
body["dnsAcquisitionDescriptor"] = dict(dnsAcquisitionType="dhcp")
elif self.dns_config_method == "static":
dns_servers = [dict(addressType="ipv4", ipv4Address=self.dns_address)]
if self.dns_address_backup:
dns_servers.append(dict(addressType="ipv4", ipv4Address=self.dns_address_backup))
body["dnsAcquisitionDescriptor"] = dict(dnsAcquisitionType="stat", dnsServers=dns_servers)
if (iface["dns_config_method"] != "stat" or
len(iface["dns_servers"]) != len(dns_servers) or
(len(iface["dns_servers"]) == 2 and
(iface["dns_servers"][0]["ipv4Address"] != self.dns_address or
iface["dns_servers"][1]["ipv4Address"] != self.dns_address_backup)) or
(len(iface["dns_servers"]) == 1 and
iface["dns_servers"][0]["ipv4Address"] != self.dns_address)):
update = True
expected_iface["dns_servers"] = dns_servers
expected_iface["dns_config_method"] = body["dnsAcquisitionDescriptor"]["dnsAcquisitionType"]
return update, expected_iface, body
def get_ntp_server_settings(self, iface, expected_iface, update, body):
"""Add NTP server information to the request body."""
if self.ntp_config_method == "disable":
if iface["ntp_config_method"] != "disabled":
update = True
body["ntpAcquisitionDescriptor"] = dict(ntpAcquisitionType="disabled")
elif self.ntp_config_method == "dhcp":
if iface["ntp_config_method"] != "dhcp":
update = True
body["ntpAcquisitionDescriptor"] = dict(ntpAcquisitionType="dhcp")
elif self.ntp_config_method == "static":
ntp_servers = [dict(addrType="ipvx", ipvxAddress=dict(addressType="ipv4", ipv4Address=self.ntp_address))]
if self.ntp_address_backup:
ntp_servers.append(dict(addrType="ipvx",
ipvxAddress=dict(addressType="ipv4", ipv4Address=self.ntp_address_backup)))
body["ntpAcquisitionDescriptor"] = dict(ntpAcquisitionType="stat", ntpServers=ntp_servers)
if (iface["ntp_config_method"] != "stat" or
len(iface["ntp_servers"]) != len(ntp_servers) or
((len(iface["ntp_servers"]) == 2 and
(iface["ntp_servers"][0]["ipvxAddress"]["ipv4Address"] != self.ntp_address or
iface["ntp_servers"][1]["ipvxAddress"]["ipv4Address"] != self.ntp_address_backup)) or
(len(iface["ntp_servers"]) == 1 and
iface["ntp_servers"][0]["ipvxAddress"]["ipv4Address"] != self.ntp_address))):
update = True
expected_iface["ntp_servers"] = ntp_servers
expected_iface["ntp_config_method"] = body["ntpAcquisitionDescriptor"]["ntpAcquisitionType"]
return update, expected_iface, body
def get_remote_ssh_settings(self, settings, update, body):
"""Configure network interface ports for remote ssh access."""
if self.ssh != settings["ssh"]:
update = True
body["enableRemoteAccess"] = self.ssh
return update, body
def update_array(self, settings, iface):
"""Update controller with new interface, dns service, ntp service and/or remote ssh access information.
:returns: whether information passed will modify the controller's current state
:rtype: bool
"""
update = False
body = dict(controllerRef=settings['controllerRef'],
interfaceRef=iface['id'])
expected_iface = iface.copy()
# Check if api url is using the effected management interface to change itself
update_used_matching_address = False
if self.enable_interface and self.config_method:
netloc = list(urlparse.urlparse(self.url))[1]
address = netloc.split(":")[0]
address_info = socket.getaddrinfo(address, 8443)
url_address_info = socket.getaddrinfo(iface["address"], 8443)
update_used_matching_address = any(info in url_address_info for info in address_info)
self._logger.info("update_used_matching_address: %s", update_used_matching_address)
# Populate the body of the request and check for changes
if self.enable_interface is not None:
update, expected_iface, body = self.get_enable_interface_settings(iface, expected_iface, update, body)
if self.config_method is not None:
update, expected_iface, body = self.get_interface_settings(iface, expected_iface, update, body)
if self.dns_config_method is not None:
update, expected_iface, body = self.get_dns_server_settings(iface, expected_iface, update, body)
if self.ntp_config_method is not None:
update, expected_iface, body = self.get_ntp_server_settings(iface, expected_iface, update, body)
if self.ssh is not None:
update, body = self.get_remote_ssh_settings(settings, update, body)
iface["ssh"] = self.ssh
expected_iface["ssh"] = self.ssh
# debug information
self._logger.info(pformat(body))
self._logger.info(pformat(iface))
self._logger.info(pformat(expected_iface))
if self.check_mode:
return update
if update and not self.check_mode:
if not update_used_matching_address:
try:
(rc, data) = request(self.url + 'storage-systems/%s/configuration/ethernet-interfaces'
% self.ssid, method='POST', data=json.dumps(body), headers=HEADERS,
timeout=300, ignore_errors=True, **self.creds)
if rc == 422:
if data['retcode'] == "4" or data['retcode'] == "illegalParam":
if not (body['ipv4Enabled'] or iface['ipv6Enabled']):
self.module.fail_json(msg="This storage-system already has IPv6 connectivity disabled. "
"DHCP configuration for IPv4 is required at a minimum."
" Array Id [%s] Message [%s]."
% (self.ssid, data['errorMessage']))
else:
self.module.fail_json(msg="We failed to configure the management interface. Array Id "
"[%s] Message [%s]." % (self.ssid, data))
elif rc >= 300:
self.module.fail_json(
msg="We failed to configure the management interface. Array Id [%s] Message [%s]." %
(self.ssid, data))
# This is going to catch cases like a connection failure
except Exception as err:
self.module.fail_json(
msg="Connection failure: we failed to modify the network settings! Array Id [%s]. Error [%s]."
% (self.ssid, to_native(err)))
else:
self.update_api_address_interface_match(body)
return self.validate_changes(expected_iface) if update and iface["link_status"] != "up" else update
def update_api_address_interface_match(self, body):
"""Change network interface address which matches the api_address"""
try:
try:
(rc, data) = request(self.url + 'storage-systems/%s/configuration/ethernet-interfaces' % self.ssid,
use_proxy=False, force=True, ignore_errors=True, method='POST',
data=json.dumps(body), headers=HEADERS, timeout=10, **self.creds)
except Exception:
url_parts = list(urlparse.urlparse(self.url))
domain = url_parts[1].split(":")
domain[0] = self.address
url_parts[1] = ":".join(domain)
expected_url = urlparse.urlunparse(url_parts)
self._logger.info(pformat(expected_url))
(rc, data) = request(expected_url + 'storage-systems/%s/configuration/ethernet-interfaces' % self.ssid,
headers=HEADERS, timeout=300, **self.creds)
return
except Exception as err:
self._logger.info(type(err))
self.module.fail_json(
msg="Connection failure: we failed to modify the network settings! Array Id [%s]. Error [%s]."
% (self.ssid, to_native(err)))
def validate_changes(self, expected_iface, retry=6):
"""Validate interface changes were applied to the controller interface port. 30 second timeout"""
if self.interface != expected_iface:
time.sleep(5)
if retry:
return self.validate_changes(expected_iface, retry - 1)
self.module.fail_json(msg="Update failure: we failed to verify the necessary state change.")
return True
def check_health(self):
"""It's possible, due to a previous operation, for the API to report a 424 (offline) status for the
storage-system. Therefore, we run a manual check with retries to attempt to contact the system before we
continue.
"""
try:
(rc, data) = request(self.url + 'storage-systems/%s/controllers'
% self.ssid, headers=HEADERS,
ignore_errors=True, **self.creds)
# We've probably recently changed the interface settings and it's still coming back up: retry.
if rc == 424:
if self.retries < self.MAX_RETRIES:
self.retries += 1
self._logger.info("We hit a 424, retrying in 5s.")
time.sleep(5)
self.check_health()
else:
self.module.fail_json(
msg="We failed to pull storage-system information. Array Id [%s] Message [%s]." %
(self.ssid, data))
elif rc >= 300:
self.module.fail_json(
msg="We failed to pull storage-system information. Array Id [%s] Message [%s]." %
(self.ssid, data))
# This is going to catch cases like a connection failure
except Exception as err:
if self.retries < self.MAX_RETRIES:
self._logger.info("We hit a connection failure, retrying in 5s.")
self.retries += 1
time.sleep(5)
self.check_health()
else:
self.module.fail_json(
msg="Connection failure: we failed to modify the network settings! Array Id [%s]. Error [%s]."
% (self.ssid, to_native(err)))
def update(self):
"""Update storage system with necessary changes."""
# Check if the storage array can be contacted
self.check_health()
# make the necessary changes to the storage system
settings = self.controllers[self.controller]
iface = self.interface
self._logger.info(pformat(settings))
self._logger.info(pformat(iface))
update = self.update_array(settings, iface)
self.module.exit_json(msg="The interface settings have been updated.", changed=update)
def __call__(self, *args, **kwargs):
self.update()
def main():
module = AnsibleModule(
argument_spec=dict(
path=dict(type='path', required=True, aliases=['filename']),
dialect=dict(type='str', default='excel'),
key=dict(type='str'),
fieldnames=dict(type='list'),
unique=dict(type='bool', default=True),
delimiter=dict(type='str'),
skipinitialspace=dict(type='bool'),
strict=dict(type='bool'),
),
supports_check_mode=True,
)
path = module.params['path']
dialect = module.params['dialect']
key = module.params['key']
fieldnames = module.params['fieldnames']
unique = module.params['unique']
if dialect not in csv.list_dialects():
module.fail_json(
msg="Dialect '%s' is not supported by your version of python." %
dialect)
dialect_options = dict(
delimiter=module.params['delimiter'],
skipinitialspace=module.params['skipinitialspace'],
strict=module.params['strict'],
)
# Create a dictionary from only set options
dialect_params = dict(
(k, v) for k, v in dialect_options.items() if v is not None)
if dialect_params:
try:
csv.register_dialect('custom', dialect, **dialect_params)
except TypeError as e:
module.fail_json(msg="Unable to create custom dialect: %s" %
to_text(e))
dialect = 'custom'
try:
with open(path, 'rb') as f:
data = f.read()
except (IOError, OSError) as e:
module.fail_json(msg="Unable to open file: %s" % to_text(e))
if PY3:
# Manually decode on Python3 so that we can use the surrogateescape error handler
data = to_text(data, errors='surrogate_or_strict')
fake_fh = StringIO(data)
else:
fake_fh = BytesIO(data)
reader = csv.DictReader(fake_fh, fieldnames=fieldnames, dialect=dialect)
if key and key not in reader.fieldnames:
module.fail_json(
msg="Key '%s' was not found in the CSV header fields: %s" %
(key, ', '.join(reader.fieldnames)))
data_dict = dict()
data_list = list()
if key is None:
try:
for row in reader:
data_list.append(row)
except csv.Error as e:
module.fail_json(msg="Unable to process file: %s" % to_text(e))
else:
try:
for row in reader:
if unique and row[key] in data_dict:
module.fail_json(
msg="Key '%s' is not unique for value '%s'" %
(key, row[key]))
data_dict[row[key]] = row
except csv.Error as e:
module.fail_json(msg="Unable to process file: %s" % to_text(e))
module.exit_json(dict=data_dict, list=data_list)
def main():
argument_spec = ucs_argument_spec
argument_spec.update(
org_dn=dict(type='str', default='org-root'),
name=dict(type='str', required=True),
descr=dict(type='str',
default='',
aliases=['descrption', 'description']),
order=dict(type='str',
default='default',
choices=['default', 'sequential']),
first_addr=dict(type='str'),
last_addr=dict(type='str'),
subnet_mask=dict(type='str', default='255.255.255.0'),
default_gw=dict(type='str', default='0.0.0.0'),
primary_dns=dict(type='str', default='0.0.0.0'),
secondary_dns=dict(type='str', default='0.0.0.0'),
ipv6_first_addr=dict(type='str'),
ipv6_last_addr=dict(type='str'),
ipv6_prefix=dict(type='str', default='64'),
ipv6_default_gw=dict(type='str', default='::'),
ipv6_primary_dns=dict(type='str', default='::'),
ipv6_secondary_dns=dict(type='str', default='::'),
state=dict(type='str',
default='present',
choices=['present', 'absent']),
)
module = AnsibleModule(
argument_spec,
supports_check_mode=True,
)
# UCSModule verifies ucsmsdk is present and exits on failure. Imports are below ucs object creation.
ucs = UCSModule(module)
err = False
from ucsmsdk.mometa.ippool.IppoolPool import IppoolPool
from ucsmsdk.mometa.ippool.IppoolBlock import IppoolBlock
from ucsmsdk.mometa.ippool.IppoolIpV6Block import IppoolIpV6Block
changed = False
try:
mo_exists = False
props_match = False
# dn is <org_dn>/ip-pool-<name>
dn = module.params['org_dn'] + '/ip-pool-' + module.params['name']
mo = ucs.login_handle.query_dn(dn)
if mo:
mo_exists = True
if module.params['state'] == 'absent':
if mo_exists:
if not module.check_mode:
ucs.login_handle.remove_mo(mo)
ucs.login_handle.commit()
changed = True
else:
if mo_exists:
# check top-level mo props
kwargs = dict(assignment_order=module.params['order'])
kwargs['descr'] = module.params['descr']
if (mo.check_prop_match(**kwargs)):
# top-level props match, check next level mo/props
if module.params['last_addr'] and module.params[
'first_addr']:
# ipv4 block specified, check properties
block_dn = dn + '/block-' + module.params[
'first_addr'] + '-' + module.params['last_addr']
mo_1 = ucs.login_handle.query_dn(block_dn)
if mo_1:
kwargs = dict(subnet=module.params['subnet_mask'])
kwargs['def_gw'] = module.params['default_gw']
kwargs['prim_dns'] = module.params['primary_dns']
kwargs['sec_dns'] = module.params['secondary_dns']
if (mo_1.check_prop_match(**kwargs)):
# ipv4 block exists and properties match
props_match = True
else:
# no ipv4 block specified, but top-level props matched
props_match = True
# only check ipv6 props if the top-level and ipv4 props matched
if props_match and module.params[
'ipv6_last_addr'] and module.params[
'ipv6_first_addr']:
# ipv6 block specified, check properties
block_dn = dn + '/v6block-' + module.params[
'ipv6_first_addr'].lower(
) + '-' + module.params['ipv6_last_addr'].lower()
mo_1 = ucs.login_handle.query_dn(block_dn)
if mo_1:
kwargs = dict(prefix=module.params['ipv6_prefix'])
kwargs['def_gw'] = module.params['ipv6_default_gw']
kwargs['prim_dns'] = module.params[
'ipv6_primary_dns']
kwargs['sec_dns'] = module.params[
'ipv6_secondary_dns']
if (mo_1.check_prop_match(**kwargs)):
# ipv6 block exists and properties match
props_match = True
else:
# no ipv6 block specified, but previous checks matched
props_match = True
if not props_match:
if not module.check_mode:
# create if mo does not already exist
mo = IppoolPool(
parent_mo_or_dn=module.params['org_dn'],
name=module.params['name'],
descr=module.params['descr'],
assignment_order=module.params['order'],
)
if module.params['last_addr'] and module.params[
'first_addr']:
mo_1 = IppoolBlock(
parent_mo_or_dn=mo,
to=module.params['last_addr'],
r_from=module.params['first_addr'],
subnet=module.params['subnet_mask'],
def_gw=module.params['default_gw'],
prim_dns=module.params['primary_dns'],
sec_dns=module.params['secondary_dns'],
)
if module.params['ipv6_last_addr'] and module.params[
'ipv6_first_addr']:
mo_1 = IppoolIpV6Block(
parent_mo_or_dn=mo,
to=module.params['ipv6_last_addr'],
r_from=module.params['ipv6_first_addr'],
prefix=module.params['ipv6_prefix'],
def_gw=module.params['ipv6_default_gw'],
prim_dns=module.params['ipv6_primary_dns'],
sec_dns=module.params['ipv6_secondary_dns'],
)
ucs.login_handle.add_mo(mo, True)
ucs.login_handle.commit()
changed = True
except Exception as e:
err = True
ucs.result['msg'] = "setup error: %s " % str(e)
ucs.result['changed'] = changed
if err:
module.fail_json(**ucs.result)
module.exit_json(**ucs.result)
def main():
module = AnsibleModule(argument_spec=dict(
protocol=dict(required=True, choices=SUPPORTED_PROTOCOLS),
property=dict(required=True, aliases=['name']),
value=dict(required=False),
temporary=dict(default=False, type='bool'),
interface=dict(required=True, default=None, aliases=['nic']),
state=dict(default='present', choices=['absent', 'present', 'reset']),
),
supports_check_mode=True)
ifprop = IfProp(module)
rc = None
out = ''
err = ''
result = {}
result['protocol'] = ifprop.protocol
result['property'] = ifprop.property
result['interface'] = ifprop.interface
result['state'] = ifprop.state
if ifprop.value:
result['value'] = ifprop.value
if ifprop.state == 'absent' or ifprop.state == 'reset':
if ifprop.property_exists():
if not ifprop.property_is_modified():
if module.check_mode:
module.exit_json(changed=True)
(rc, out, err) = ifprop.reset_property()
if rc != 0:
module.fail_json(protocol=ifprop.protocol,
property=ifprop.property,
interface=ifprop.interface,
msg=err,
rc=rc)
elif ifprop.state == 'present':
if ifprop.value is None:
module.fail_json(msg='Value is mandatory with state "present"')
if ifprop.property_exists():
if not ifprop.property_is_set():
if module.check_mode:
module.exit_json(changed=True)
(rc, out, err) = ifprop.set_property()
if rc != 0:
module.fail_json(protocol=ifprop.protocol,
property=ifprop.property,
interface=ifprop.interface,
msg=err,
rc=rc)
if rc is None:
result['changed'] = False
else:
result['changed'] = True
if out:
result['stdout'] = out
if err:
result['stderr'] = err
module.exit_json(**result)
def main():
module = AnsibleModule(
argument_spec=dict(
timeout=dict(type='str', default='30m'),
puppetmaster=dict(type='str'),
modulepath=dict(type='str'),
manifest=dict(type='str'),
noop=dict(required=False, type='bool'),
logdest=dict(type='str',
default='stdout',
choices=['all', 'stdout', 'syslog']),
# internal code to work with --diff, do not use
show_diff=dict(type='bool', default=False, aliases=['show-diff']),
facts=dict(type='dict'),
facter_basename=dict(type='str', default='ansible'),
environment=dict(type='str'),
certname=dict(type='str'),
tags=dict(type='list'),
execute=dict(type='str'),
summarize=dict(type='bool', default=False),
debug=dict(type='bool', default=False),
verbose=dict(type='bool', default=False),
use_srv_records=dict(type='bool'),
),
supports_check_mode=True,
mutually_exclusive=[
('puppetmaster', 'manifest'),
('puppetmaster', 'manifest', 'execute'),
('puppetmaster', 'modulepath'),
],
)
p = module.params
global PUPPET_CMD
PUPPET_CMD = module.get_bin_path("puppet", False, ['/opt/puppetlabs/bin'])
if not PUPPET_CMD:
module.fail_json(
msg="Could not find puppet. Please ensure it is installed.")
global TIMEOUT_CMD
TIMEOUT_CMD = module.get_bin_path("timeout", False)
if p['manifest']:
if not os.path.exists(p['manifest']):
module.fail_json(msg="Manifest file %(manifest)s not found." %
dict(manifest=p['manifest']))
# Check if puppet is disabled here
if not p['manifest']:
rc, stdout, stderr = module.run_command(
PUPPET_CMD + " config print agent_disabled_lockfile")
if os.path.exists(stdout.strip()):
module.fail_json(msg="Puppet agent is administratively disabled.",
disabled=True)
elif rc != 0:
module.fail_json(msg="Puppet agent state could not be determined.")
if module.params['facts'] and not module.check_mode:
_write_structured_data(_get_facter_dir(),
module.params['facter_basename'],
module.params['facts'])
if TIMEOUT_CMD:
base_cmd = "%(timeout_cmd)s -s 9 %(timeout)s %(puppet_cmd)s" % dict(
timeout_cmd=TIMEOUT_CMD,
timeout=shlex_quote(p['timeout']),
puppet_cmd=PUPPET_CMD)
else:
base_cmd = PUPPET_CMD
if not p['manifest'] and not p['execute']:
cmd = ("%(base_cmd)s agent --onetime"
" --no-daemonize --no-usecacheonfailure --no-splay"
" --detailed-exitcodes --verbose --color 0") % dict(
base_cmd=base_cmd)
if p['puppetmaster']:
cmd += " --server %s" % shlex_quote(p['puppetmaster'])
if p['show_diff']:
cmd += " --show_diff"
if p['environment']:
cmd += " --environment '%s'" % p['environment']
if p['tags']:
cmd += " --tags '%s'" % ','.join(p['tags'])
if p['certname']:
cmd += " --certname='%s'" % p['certname']
if module.check_mode:
cmd += " --noop"
if p['use_srv_records'] is not None:
if not p['use_srv_records']:
cmd += " --no-use_srv_records"
else:
cmd += " --use_srv_records"
elif 'noop' in p:
if p['noop']:
cmd += " --noop"
else:
cmd += " --no-noop"
else:
cmd = "%s apply --detailed-exitcodes " % base_cmd
if p['logdest'] == 'syslog':
cmd += "--logdest syslog "
if p['logdest'] == 'all':
cmd += " --logdest syslog --logdest stdout"
if p['modulepath']:
cmd += "--modulepath='%s'" % p['modulepath']
if p['environment']:
cmd += "--environment '%s' " % p['environment']
if p['certname']:
cmd += " --certname='%s'" % p['certname']
if p['tags']:
cmd += " --tags '%s'" % ','.join(p['tags'])
if module.check_mode:
cmd += "--noop "
elif 'noop' in p:
if p['noop']:
cmd += " --noop"
else:
cmd += " --no-noop"
if p['execute']:
cmd += " --execute '%s'" % p['execute']
else:
cmd += shlex_quote(p['manifest'])
if p['summarize']:
cmd += " --summarize"
if p['debug']:
cmd += " --debug"
if p['verbose']:
cmd += " --verbose"
rc, stdout, stderr = module.run_command(cmd)
if rc == 0:
# success
module.exit_json(rc=rc, changed=False, stdout=stdout, stderr=stderr)
elif rc == 1:
# rc==1 could be because it's disabled
# rc==1 could also mean there was a compilation failure
disabled = "administratively disabled" in stdout
if disabled:
msg = "puppet is disabled"
else:
msg = "puppet did not run"
module.exit_json(rc=rc,
disabled=disabled,
msg=msg,
error=True,
stdout=stdout,
stderr=stderr)
elif rc == 2:
# success with changes
module.exit_json(rc=0, changed=True, stdout=stdout, stderr=stderr)
elif rc == 124:
# timeout
module.exit_json(rc=rc,
msg="%s timed out" % cmd,
stdout=stdout,
stderr=stderr)
else:
# failure
module.fail_json(rc=rc,
msg="%s failed with return code: %d" % (cmd, rc),
stdout=stdout,
stderr=stderr)
def main():
argument_spec = ec2_argument_spec()
argument_spec.update(
dict(stack_name=dict(required=True),
template_parameters=dict(required=False, type='dict', default={}),
state=dict(default='present', choices=['present', 'absent']),
template=dict(default=None, required=False, type='path'),
notification_arns=dict(default=None, required=False),
stack_policy=dict(default=None, required=False),
disable_rollback=dict(default=False, type='bool'),
on_create_failure=dict(
default=None,
required=False,
choices=['DO_NOTHING', 'ROLLBACK', 'DELETE']),
create_timeout=dict(default=None, type='int'),
template_url=dict(default=None, required=False),
template_body=dict(default=None, required=False),
template_format=dict(removed_in_version='2.14'),
create_changeset=dict(default=False, type='bool'),
changeset_name=dict(default=None, required=False),
role_arn=dict(default=None, required=False),
tags=dict(default=None, type='dict'),
termination_protection=dict(default=None, type='bool'),
events_limit=dict(default=200, type='int'),
backoff_retries=dict(type='int', default=10, required=False),
backoff_delay=dict(type='int', default=3, required=False),
backoff_max_delay=dict(type='int', default=30, required=False),
capabilities=dict(
type='list',
default=['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM'])))
module = AnsibleModule(
argument_spec=argument_spec,
mutually_exclusive=[['template_url', 'template', 'template_body']],
supports_check_mode=True)
if not HAS_BOTO3:
module.fail_json(msg='boto3 and botocore are required for this module')
invalid_capabilities = []
user_capabilities = module.params.get('capabilities')
for user_cap in user_capabilities:
if user_cap not in [
'CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM',
'CAPABILITY_AUTO_EXPAND'
]:
invalid_capabilities.append(user_cap)
if invalid_capabilities:
module.fail_json(msg="Specified capabilities are invalid : %r,"
" please check documentation for valid capabilities" %
invalid_capabilities)
# collect the parameters that are passed to boto3. Keeps us from having so many scalars floating around.
stack_params = {
'Capabilities': user_capabilities,
'ClientRequestToken': to_native(uuid.uuid4()),
}
state = module.params['state']
stack_params['StackName'] = module.params['stack_name']
if module.params['template'] is not None:
with open(module.params['template'], 'r') as template_fh:
stack_params['TemplateBody'] = template_fh.read()
elif module.params['template_body'] is not None:
stack_params['TemplateBody'] = module.params['template_body']
elif module.params['template_url'] is not None:
stack_params['TemplateURL'] = module.params['template_url']
if module.params.get('notification_arns'):
stack_params['NotificationARNs'] = module.params[
'notification_arns'].split(',')
else:
stack_params['NotificationARNs'] = []
# can't check the policy when verifying.
if module.params[
'stack_policy'] is not None and not module.check_mode and not module.params[
'create_changeset']:
with open(module.params['stack_policy'], 'r') as stack_policy_fh:
stack_params['StackPolicyBody'] = stack_policy_fh.read()
template_parameters = module.params['template_parameters']
stack_params['Parameters'] = []
for k, v in template_parameters.items():
if isinstance(v, dict):
# set parameter based on a dict to allow additional CFN Parameter Attributes
param = dict(ParameterKey=k)
if 'value' in v:
param['ParameterValue'] = str(v['value'])
if 'use_previous_value' in v and bool(v['use_previous_value']):
param['UsePreviousValue'] = True
param.pop('ParameterValue', None)
stack_params['Parameters'].append(param)
else:
# allow default k/v configuration to set a template parameter
stack_params['Parameters'].append({
'ParameterKey': k,
'ParameterValue': str(v)
})
if isinstance(module.params.get('tags'), dict):
stack_params['Tags'] = ansible_dict_to_boto3_tag_list(
module.params['tags'])
if module.params.get('role_arn'):
stack_params['RoleARN'] = module.params['role_arn']
result = {}
try:
region, ec2_url, aws_connect_kwargs = get_aws_connection_info(
module, boto3=True)
cfn = boto3_conn(module,
conn_type='client',
resource='cloudformation',
region=region,
endpoint=ec2_url,
**aws_connect_kwargs)
except botocore.exceptions.NoCredentialsError as e:
module.fail_json(msg=boto_exception(e))
# Wrap the cloudformation client methods that this module uses with
# automatic backoff / retry for throttling error codes
backoff_wrapper = AWSRetry.jittered_backoff(
retries=module.params.get('backoff_retries'),
delay=module.params.get('backoff_delay'),
max_delay=module.params.get('backoff_max_delay'))
cfn.describe_stack_events = backoff_wrapper(cfn.describe_stack_events)
cfn.create_stack = backoff_wrapper(cfn.create_stack)
cfn.list_change_sets = backoff_wrapper(cfn.list_change_sets)
cfn.create_change_set = backoff_wrapper(cfn.create_change_set)
cfn.update_stack = backoff_wrapper(cfn.update_stack)
cfn.describe_stacks = backoff_wrapper(cfn.describe_stacks)
cfn.list_stack_resources = backoff_wrapper(cfn.list_stack_resources)
cfn.delete_stack = backoff_wrapper(cfn.delete_stack)
if boto_supports_termination_protection(cfn):
cfn.update_termination_protection = backoff_wrapper(
cfn.update_termination_protection)
stack_info = get_stack_facts(cfn, stack_params['StackName'])
if module.check_mode:
if state == 'absent' and stack_info:
module.exit_json(changed=True,
msg='Stack would be deleted',
meta=[])
elif state == 'absent' and not stack_info:
module.exit_json(changed=False,
msg='Stack doesn\'t exist',
meta=[])
elif state == 'present' and not stack_info:
module.exit_json(changed=True,
msg='New stack would be created',
meta=[])
else:
module.exit_json(**check_mode_changeset(module, stack_params, cfn))
if state == 'present':
if not stack_info:
result = create_stack(module, stack_params, cfn,
module.params.get('events_limit'))
elif module.params.get('create_changeset'):
result = create_changeset(module, stack_params, cfn,
module.params.get('events_limit'))
else:
if module.params.get('termination_protection') is not None:
update_termination_protection(
module, cfn, stack_params['StackName'],
bool(module.params.get('termination_protection')))
result = update_stack(module, stack_params, cfn,
module.params.get('events_limit'))
# format the stack output
stack = get_stack_facts(cfn, stack_params['StackName'])
if stack is not None:
if result.get('stack_outputs') is None:
# always define stack_outputs, but it may be empty
result['stack_outputs'] = {}
for output in stack.get('Outputs', []):
result['stack_outputs'][
output['OutputKey']] = output['OutputValue']
stack_resources = []
reslist = cfn.list_stack_resources(
StackName=stack_params['StackName'])
for res in reslist.get('StackResourceSummaries', []):
stack_resources.append({
"logical_resource_id":
res['LogicalResourceId'],
"physical_resource_id":
res.get('PhysicalResourceId', ''),
"resource_type":
res['ResourceType'],
"last_updated_time":
res['LastUpdatedTimestamp'],
"status":
res['ResourceStatus'],
"status_reason":
res.get('ResourceStatusReason') # can be blank, apparently
})
result['stack_resources'] = stack_resources
elif state == 'absent':
# absent state is different because of the way delete_stack works.
# problem is it it doesn't give an error if stack isn't found
# so must describe the stack first
try:
stack = get_stack_facts(cfn, stack_params['StackName'])
if not stack:
result = {'changed': False, 'output': 'Stack not found.'}
else:
if stack_params.get('RoleARN') is None:
cfn.delete_stack(StackName=stack_params['StackName'])
else:
cfn.delete_stack(StackName=stack_params['StackName'],
RoleARN=stack_params['RoleARN'])
result = stack_operation(
cfn, stack_params['StackName'], 'DELETE',
module.params.get('events_limit'),
stack_params.get('ClientRequestToken', None))
except Exception as err:
module.fail_json(msg=boto_exception(err),
exception=traceback.format_exc())
module.exit_json(**result)
class ElementSWClusterConfig(object):
"""
Element Software Configure Element SW Cluster
"""
def __init__(self):
self.argument_spec = netapp_utils.ontap_sf_host_argument_spec()
self.argument_spec.update(
dict(modify_cluster_full_threshold=dict(
type='dict',
options=dict(stage2_aware_threshold=dict(type='int',
default=None),
stage3_block_threshold_percent=dict(type='int',
default=None),
max_metadata_over_provision_factor=dict(
type='int', default=None))),
encryption_at_rest=dict(type='str',
choices=['present', 'absent']),
set_ntp_info=dict(type='dict',
options=dict(
broadcastclient=dict(type='bool',
default=False),
ntp_servers=dict(type='list'))),
enable_virtual_volumes=dict(type='bool', default=True)))
self.module = AnsibleModule(argument_spec=self.argument_spec,
supports_check_mode=True)
self.na_helper = NetAppModule()
self.parameters = self.na_helper.set_parameters(self.module.params)
if HAS_SF_SDK is False:
self.module.fail_json(
msg="Unable to import the SolidFire Python SDK")
else:
self.sfe = netapp_utils.create_sf_connection(module=self.module)
def get_ntp_details(self):
"""
get ntp info
"""
# Get ntp details
ntp_details = self.sfe.get_ntp_info()
return ntp_details
def cmp(self, provided_ntp_servers, existing_ntp_servers):
# As python3 doesn't have default cmp function, defining manually to provide same functionality.
return (provided_ntp_servers > existing_ntp_servers) - (
provided_ntp_servers < existing_ntp_servers)
def get_cluster_details(self):
"""
get cluster info
"""
cluster_details = self.sfe.get_cluster_info()
return cluster_details
def get_vvols_status(self):
"""
get vvols status
"""
feature_status = self.sfe.get_feature_status(feature='vvols')
if feature_status is not None:
return feature_status.features[0].enabled
return None
def get_cluster_full_threshold_status(self):
"""
get cluster full threshold
"""
cluster_full_threshold_status = self.sfe.get_cluster_full_threshold()
return cluster_full_threshold_status
def setup_ntp_info(self, servers, broadcastclient=None):
"""
configure ntp
"""
# Set ntp servers
try:
self.sfe.set_ntp_info(servers, broadcastclient)
except Exception as exception_object:
self.module.fail_json(msg='Error configuring ntp %s' %
(to_native(exception_object)),
exception=traceback.format_exc())
def set_encryption_at_rest(self, state=None):
"""
enable/disable encryption at rest
"""
try:
if state == 'present':
encryption_state = 'enable'
self.sfe.enable_encryption_at_rest()
elif state == 'absent':
encryption_state = 'disable'
self.sfe.disable_encryption_at_rest()
except Exception as exception_object:
self.module.fail_json(
msg='Failed to %s rest encryption %s' %
(encryption_state, to_native(exception_object)),
exception=traceback.format_exc())
def enable_feature(self, feature):
"""
enable feature
"""
try:
self.sfe.enable_feature(feature=feature)
except Exception as exception_object:
self.module.fail_json(msg='Error enabling %s %s' %
(feature, to_native(exception_object)),
exception=traceback.format_exc())
def set_cluster_full_threshold(self,
stage2_aware_threshold=None,
stage3_block_threshold_percent=None,
max_metadata_over_provision_factor=None):
"""
modify cluster full threshold
"""
try:
self.sfe.modify_cluster_full_threshold(
stage2_aware_threshold=stage2_aware_threshold,
stage3_block_threshold_percent=stage3_block_threshold_percent,
max_metadata_over_provision_factor=
max_metadata_over_provision_factor)
except Exception as exception_object:
self.module.fail_json(
msg='Failed to modify cluster full threshold %s' %
(to_native(exception_object)),
exception=traceback.format_exc())
def apply(self):
"""
Cluster configuration
"""
changed = False
result_message = None
if self.parameters.get('modify_cluster_full_threshold') is not None:
# get cluster full threshold
cluster_full_threshold_details = self.get_cluster_full_threshold_status(
)
# maxMetadataOverProvisionFactor
current_mmopf = cluster_full_threshold_details.max_metadata_over_provision_factor
# stage3BlockThresholdPercent
current_s3btp = cluster_full_threshold_details.stage3_block_threshold_percent
# stage2AwareThreshold
current_s2at = cluster_full_threshold_details.stage2_aware_threshold
# is cluster full threshold state change required?
if self.parameters.get("modify_cluster_full_threshold")['max_metadata_over_provision_factor'] is not None and \
current_mmopf != self.parameters['modify_cluster_full_threshold']['max_metadata_over_provision_factor'] or \
self.parameters.get("modify_cluster_full_threshold")['stage3_block_threshold_percent'] is not None and \
current_s3btp != self.parameters['modify_cluster_full_threshold']['stage3_block_threshold_percent'] or \
self.parameters.get("modify_cluster_full_threshold")['stage2_aware_threshold'] is not None and \
current_s2at != self.parameters['modify_cluster_full_threshold']['stage2_aware_threshold']:
changed = True
self.set_cluster_full_threshold(
self.parameters['modify_cluster_full_threshold']
['stage2_aware_threshold'],
self.parameters['modify_cluster_full_threshold']
['stage3_block_threshold_percent'],
self.parameters['modify_cluster_full_threshold']
['max_metadata_over_provision_factor'])
if self.parameters.get('encryption_at_rest') is not None:
# get all cluster info
cluster_info = self.get_cluster_details()
# register rest state
current_encryption_at_rest_state = cluster_info.cluster_info.encryption_at_rest_state
# is encryption state change required?
if current_encryption_at_rest_state == 'disabled' and self.parameters['encryption_at_rest'] == 'present' or \
current_encryption_at_rest_state == 'enabled' and self.parameters['encryption_at_rest'] == 'absent':
changed = True
self.set_encryption_at_rest(
self.parameters['encryption_at_rest'])
if self.parameters.get('set_ntp_info') is not None:
# get all ntp details
ntp_details = self.get_ntp_details()
# register list of ntp servers
ntp_servers = ntp_details.servers
# broadcastclient
broadcast_client = ntp_details.broadcastclient
# has either the broadcastclient or the ntp server list changed?
if self.parameters.get('set_ntp_info')['broadcastclient'] != broadcast_client or \
self.cmp(self.parameters.get('set_ntp_info')['ntp_servers'], ntp_servers) != 0:
changed = True
self.setup_ntp_info(
self.parameters.get('set_ntp_info')['ntp_servers'],
self.parameters.get('set_ntp_info')['broadcastclient'])
if self.parameters.get('enable_virtual_volumes') is not None:
# check vvols status
current_vvols_status = self.get_vvols_status()
# has the vvols state changed?
if current_vvols_status is False and self.parameters.get(
'enable_virtual_volumes') is True:
changed = True
self.enable_feature('vvols')
elif current_vvols_status is True and self.parameters.get(
'enable_virtual_volumes') is not True:
# vvols, once enabled, cannot be disabled
self.module.fail_json(
msg='Error disabling vvols: this feature cannot be undone')
if self.module.check_mode is True:
result_message = "Check mode, skipping changes"
self.module.exit_json(changed=changed, msg=result_message)
def main():
# Setup the Ansible module
module = AnsibleModule(argument_spec=dict(
channel=dict(required=True, type='str'),
property=dict(required=True, type='str'),
value_type=dict(required=False,
choices=['int', 'bool', 'float', 'string'],
type='str'),
value=dict(required=False, default=None, type='str'),
state=dict(default='present',
choices=['present', 'get', 'absent'],
type='str')),
supports_check_mode=True)
state_values = {"present": "set", "absent": "unset", "get": "get"}
# Assign module values to dictionary values
channel = module.params['channel']
property = module.params['property']
value_type = module.params['value_type']
if module.params['value'].lower() == "true":
value = "true"
elif module.params['value'] == "false":
value = "false"
else:
value = module.params['value']
state = state_values[module.params['state']]
# Initialize some variables for later
change = False
new_value = ''
if state != "get":
if value is None or value == "":
module.fail_json(msg='State %s requires "value" to be set' %
str(state))
elif value_type is None or value_type == "":
module.fail_json(msg='State %s requires "value_type" to be set' %
str(state))
# Create a Xfconf preference
xfconf = XfconfPreference(module, channel, property, value_type, value)
# Now we get the current value, if not found don't fail
dummy, current_value = xfconf.call("get", fail_onerr=False)
# Check if the current value equals the value we want to set. If not, make
# a change
if current_value != value:
# If check mode, we know a change would have occurred.
if module.check_mode:
# So we will set the change to True
change = True
# And set the new_value to the value that would have been set
new_value = value
# If not check mode make the change.
else:
change, new_value = xfconf.call(state)
# If the value we want to set is the same as the current_value, we will
# set the new_value to the current_value for reporting
else:
new_value = current_value
facts = dict(
xfconf={
'changed': change,
'channel': channel,
'property': property,
'value_type': value_type,
'new_value': new_value,
'previous_value': current_value,
'playbook_value': module.params['value']
})
module.exit_json(changed=change, ansible_facts=facts)
def main():
argument_spec = ovirt_full_argument_spec(
state=dict(
choices=['present', 'absent'],
default='present',
),
name=dict(aliases=['host'], required=True),
bond=dict(default=None, type='dict'),
interface=dict(default=None),
networks=dict(default=None, type='list'),
labels=dict(default=None, type='list'),
check=dict(default=None, type='bool'),
save=dict(default=True, type='bool'),
sync_networks=dict(default=False, type='bool'),
)
module = AnsibleModule(argument_spec=argument_spec)
check_sdk(module)
try:
auth = module.params.pop('auth')
connection = create_connection(auth)
hosts_service = connection.system_service().hosts_service()
host_networks_module = HostNetworksModule(
connection=connection,
module=module,
service=hosts_service,
)
host = host_networks_module.search_entity()
if host is None:
raise Exception("Host '%s' was not found." % module.params['name'])
bond = module.params['bond']
interface = module.params['interface']
networks = module.params['networks']
labels = module.params['labels']
nic_name = bond.get('name') if bond else module.params['interface']
host_service = hosts_service.host_service(host.id)
nics_service = host_service.nics_service()
nic = search_by_name(nics_service, nic_name)
if module.params["sync_networks"]:
if needs_sync(nics_service):
if not module.check_mode:
host_service.sync_all_networks()
host_networks_module.changed = True
network_names = [network['name'] for network in networks or []]
state = module.params['state']
if (state == 'present'
and (nic is None or host_networks_module.has_update(
nics_service.service(nic.id)))):
# Remove networks which are attached to different interface then user want:
attachments_service = host_service.network_attachments_service()
# Append attachment ID to network if needs update:
for a in attachments_service.list():
current_network_name = get_link_name(connection, a.network)
if current_network_name in network_names:
for n in networks:
if n['name'] == current_network_name:
n['id'] = a.id
# Check if we have to break some bonds:
removed_bonds = []
if nic is not None:
for host_nic in nics_service.list():
if host_nic.bonding and nic.id in [
slave.id for slave in host_nic.bonding.slaves
]:
removed_bonds.append(otypes.HostNic(id=host_nic.id))
# Assign the networks:
setup_params = dict(
entity=host,
action='setup_networks',
check_connectivity=module.params['check'],
removed_bonds=removed_bonds if removed_bonds else None,
modified_bonds=[
otypes.HostNic(
name=bond.get('name'),
bonding=otypes.Bonding(
options=get_bond_options(bond.get('mode'),
bond.get('options')),
slaves=[
otypes.HostNic(name=i)
for i in bond.get('interfaces', [])
],
),
),
] if bond else None,
modified_labels=[
otypes.NetworkLabel(
id=str(name),
host_nic=otypes.HostNic(
name=bond.get('name') if bond else interface),
) for name in labels
] if labels else None,
modified_network_attachments=[
otypes.NetworkAttachment(
id=network.get('id'),
network=otypes.Network(
name=network['name']) if network['name'] else None,
host_nic=otypes.HostNic(
name=bond.get('name') if bond else interface),
ip_address_assignments=[
otypes.IpAddressAssignment(
assignment_method=otypes.BootProtocol(
network.get('boot_protocol', 'none')),
ip=otypes.Ip(
address=network.get('address'),
gateway=network.get('gateway'),
netmask=network.get('netmask'),
version=otypes.IpVersion(
network.get('version'))
if network.get('version') else None,
),
),
],
) for network in networks
] if networks else None,
)
if engine_supported(connection, '4.3'):
setup_params['commit_on_success'] = module.params['save']
elif module.params['save']:
setup_params[
'post_action'] = host_networks_module._action_save_configuration
host_networks_module.action(**setup_params)
elif state == 'absent' and nic:
attachments = []
nic_service = nics_service.nic_service(nic.id)
attached_labels = set([
str(lbl.id)
for lbl in nic_service.network_labels_service().list()
])
if networks:
attachments_service = nic_service.network_attachments_service()
attachments = attachments_service.list()
attachments = [
attachment for attachment in attachments if get_link_name(
connection, attachment.network) in network_names
]
# Remove unmanaged networks:
unmanaged_networks_service = host_service.unmanaged_networks_service(
)
unmanaged_networks = [(u.id, u.name)
for u in unmanaged_networks_service.list()]
for net_id, net_name in unmanaged_networks:
if net_name in network_names:
if not module.check_mode:
unmanaged_networks_service.unmanaged_network_service(
net_id).remove()
host_networks_module.changed = True
# Need to check if there are any labels to be removed, as backend fail
# if we try to send remove non existing label, for bond and attachments it's OK:
if (labels and set(labels).intersection(attached_labels)
) or bond or attachments:
setup_params = dict(
entity=host,
action='setup_networks',
check_connectivity=module.params['check'],
removed_bonds=[
otypes.HostNic(name=bond.get('name'), ),
] if bond else None,
removed_labels=[
otypes.NetworkLabel(id=str(name)) for name in labels
] if labels else None,
removed_network_attachments=attachments
if attachments else None,
)
if engine_supported(connection, '4.3'):
setup_params['commit_on_success'] = module.params['save']
elif module.params['save']:
setup_params[
'post_action'] = host_networks_module._action_save_configuration
host_networks_module.action(**setup_params)
nic = search_by_name(nics_service, nic_name)
module.exit_json(
**{
'changed': host_networks_module.changed,
'id': nic.id if nic else None,
'host_nic': get_dict_of_struct(nic),
})
except Exception as e:
module.fail_json(msg=str(e), exception=traceback.format_exc())
finally:
connection.close(logout=auth.get('token') is None)
def main():
argument_spec = rax_argument_spec()
argument_spec.update(
dict(
auto_increment=dict(default=True, type='bool'),
boot_from_volume=dict(default=False, type='bool'),
boot_volume=dict(type='str'),
boot_volume_size=dict(type='int', default=100),
boot_volume_terminate=dict(type='bool', default=False),
config_drive=dict(default=False, type='bool'),
count=dict(default=1, type='int'),
count_offset=dict(default=1, type='int'),
disk_config=dict(choices=['auto', 'manual']),
exact_count=dict(default=False, type='bool'),
extra_client_args=dict(type='dict', default={}),
extra_create_args=dict(type='dict', default={}),
files=dict(type='dict', default={}),
flavor=dict(),
group=dict(),
image=dict(),
instance_ids=dict(type='list'),
key_name=dict(aliases=['keypair']),
meta=dict(type='dict', default={}),
name=dict(),
networks=dict(type='list', default=['public', 'private']),
service=dict(),
state=dict(default='present', choices=['present', 'absent']),
user_data=dict(no_log=True),
wait=dict(default=False, type='bool'),
wait_timeout=dict(default=300, type='int'),
))
module = AnsibleModule(
argument_spec=argument_spec,
required_together=rax_required_together(),
)
if not HAS_PYRAX:
module.fail_json(msg='pyrax is required for this module')
service = module.params.get('service')
if service is not None:
module.fail_json(msg='The "service" attribute has been deprecated, '
'please remove "service: cloudservers" from your '
'playbook pertaining to the "rax" module')
auto_increment = module.params.get('auto_increment')
boot_from_volume = module.params.get('boot_from_volume')
boot_volume = module.params.get('boot_volume')
boot_volume_size = module.params.get('boot_volume_size')
boot_volume_terminate = module.params.get('boot_volume_terminate')
config_drive = module.params.get('config_drive')
count = module.params.get('count')
count_offset = module.params.get('count_offset')
disk_config = module.params.get('disk_config')
if disk_config:
disk_config = disk_config.upper()
exact_count = module.params.get('exact_count', False)
extra_client_args = module.params.get('extra_client_args')
extra_create_args = module.params.get('extra_create_args')
files = module.params.get('files')
flavor = module.params.get('flavor')
group = module.params.get('group')
image = module.params.get('image')
instance_ids = module.params.get('instance_ids')
key_name = module.params.get('key_name')
meta = module.params.get('meta')
name = module.params.get('name')
networks = module.params.get('networks')
state = module.params.get('state')
user_data = module.params.get('user_data')
wait = module.params.get('wait')
wait_timeout = int(module.params.get('wait_timeout'))
setup_rax_module(module, pyrax)
if extra_client_args:
pyrax.cloudservers = pyrax.connect_to_cloudservers(
region=pyrax.cloudservers.client.region_name, **extra_client_args)
client = pyrax.cloudservers.client
if 'bypass_url' in extra_client_args:
client.management_url = extra_client_args['bypass_url']
if pyrax.cloudservers is None:
module.fail_json(msg='Failed to instantiate client. This '
'typically indicates an invalid region or an '
'incorrectly capitalized region name.')
cloudservers(module,
state=state,
name=name,
flavor=flavor,
image=image,
meta=meta,
key_name=key_name,
files=files,
wait=wait,
wait_timeout=wait_timeout,
disk_config=disk_config,
count=count,
group=group,
instance_ids=instance_ids,
exact_count=exact_count,
networks=networks,
count_offset=count_offset,
auto_increment=auto_increment,
extra_create_args=extra_create_args,
user_data=user_data,
config_drive=config_drive,
boot_from_volume=boot_from_volume,
boot_volume=boot_volume,
boot_volume_size=boot_volume_size,
boot_volume_terminate=boot_volume_terminate)
def main():
# Setup the Ansible module
module = AnsibleModule(argument_spec=dict(
key=dict(type='str', required=True),
value_type=dict(type='str', choices=['bool', 'float', 'int',
'string']),
value=dict(type='str'),
state=dict(type='str',
required=True,
choices=['absent', 'get', 'present']),
direct=dict(type='bool', default=False),
config_source=dict(type='str'),
),
supports_check_mode=True)
state_values = {"present": "set", "absent": "unset", "get": "get"}
# Assign module values to dictionary values
key = module.params['key']
value_type = module.params['value_type']
if module.params['value'].lower() == "true":
value = "true"
elif module.params['value'] == "false":
value = "false"
else:
value = module.params['value']
state = state_values[module.params['state']]
direct = module.params['direct']
config_source = module.params['config_source']
# Initialize some variables for later
change = False
new_value = ''
if state != "get":
if value is None or value == "":
module.fail_json(msg='State %s requires "value" to be set' %
str(state))
elif value_type is None or value_type == "":
module.fail_json(msg='State %s requires "value_type" to be set' %
str(state))
if direct and config_source is None:
module.fail_json(msg='If "direct" is "yes" then the ' +
'"config_source" must be specified')
elif not direct and config_source is not None:
module.fail_json(msg='If the "config_source" is specified ' +
'then "direct" must be "yes"')
# Create a gconf2 preference
gconf_pref = GConf2Preference(module, key, value_type, value, direct,
config_source)
# Now we get the current value, if not found don't fail
_, current_value = gconf_pref.call("get", fail_onerr=False)
# Check if the current value equals the value we want to set. If not, make
# a change
if current_value != value:
# If check mode, we know a change would have occurred.
if module.check_mode:
# So we will set the change to True
change = True
# And set the new_value to the value that would have been set
new_value = value
# If not check mode make the change.
else:
change, new_value = gconf_pref.call(state)
# If the value we want to set is the same as the current_value, we will
# set the new_value to the current_value for reporting
else:
new_value = current_value
facts = dict(
gconftool2={
'changed': change,
'key': key,
'value_type': value_type,
'new_value': new_value,
'previous_value': current_value,
'playbook_value': module.params['value']
})
module.exit_json(changed=change, ansible_facts=facts)
def main():
""" This section is for arguments parsing """
state_map = dict(present='ipv6security-raguard-create',
absent='ipv6security-raguard-delete',
update='ipv6security-raguard-modify')
argument_spec = dict(
pn_cliswitch=dict(required=False, type='str'),
state=dict(required=False,
type='str',
choices=state_map.keys(),
default='present'),
pn_device=dict(required=False, type='str', choices=['host', 'router']),
pn_access_list=dict(required=False, type='str'),
pn_prefix_list=dict(required=False, type='str'),
pn_router_priority=dict(required=False,
type='str',
choices=['low', 'medium', 'high']),
pn_name=dict(required=True, type='str'),
)
module = AnsibleModule(
argument_spec=argument_spec,
required_if=(["state", "present", ['pn_device']], ),
)
# Accessing the arguments
cliswitch = module.params['pn_cliswitch']
state = module.params['state']
device = module.params['pn_device']
access_list = module.params['pn_access_list']
prefix_list = module.params['pn_prefix_list']
router_priority = module.params['pn_router_priority']
name = module.params['pn_name']
command = state_map[state]
# Building the CLI command string
cli = pn_cli(module, cliswitch)
NAME_EXISTS = check_cli(module)
if command == 'ipv6security-raguard-modify':
if not device and not access_list and not prefix_list and not router_priority:
module.fail_json(
failed=True,
msg=
'required one of device, access_list, prefix_list or router_priority'
)
if command == 'ipv6security-raguard-create':
if NAME_EXISTS is True:
module.exit_json(
skipped=True,
msg='ipv6 security raguard with name %s already exists' % name)
if command != 'ipv6security-raguard-create':
if NAME_EXISTS is False:
module.exit_json(
skipped=True,
msg='ipv6 security raguard with name %s does not exist' % name)
cli += ' %s name %s ' % (command, name)
if command != 'ipv6security-raguard-delete':
if device == 'router':
cli += ' device ' + device
if access_list:
check_list(module, access_list, 'access-list-show')
cli += ' access-list ' + access_list
if prefix_list:
check_list(module, prefix_list, 'prefix-list-show')
cli += ' prefix-list ' + prefix_list
if router_priority:
cli += ' router-priority ' + router_priority
if device == 'host':
cli += ' device ' + device
run_cli(module, cli, state_map)
class NetAppOntapUnixGroup(object):
"""
Common operations to manage UNIX groups
"""
def __init__(self):
self.argument_spec = netapp_utils.na_ontap_host_argument_spec()
self.argument_spec.update(
dict(state=dict(required=False,
choices=['present', 'absent'],
default='present'),
name=dict(required=True, type='str'),
id=dict(required=False, type='int'),
skip_name_validation=dict(required=False, type='bool'),
vserver=dict(required=True, type='str'),
users=dict(required=False, type='list')))
self.module = AnsibleModule(argument_spec=self.argument_spec,
supports_check_mode=True)
self.na_helper = NetAppModule()
self.parameters = self.na_helper.set_parameters(self.module.params)
self.set_playbook_zapi_key_map()
if HAS_NETAPP_LIB is False:
self.module.fail_json(
msg="the python NetApp-Lib module is required")
else:
self.server = netapp_utils.setup_na_ontap_zapi(
module=self.module, vserver=self.parameters['vserver'])
def set_playbook_zapi_key_map(self):
self.na_helper.zapi_string_keys = {'name': 'group-name'}
self.na_helper.zapi_int_keys = {'id': 'group-id'}
self.na_helper.zapi_bool_keys = {
'skip_name_validation': 'skip-name-validation'
}
def get_unix_group(self):
"""
Checks if the UNIX group exists.
:return:
dict() if group found
None if group is not found
"""
get_unix_group = netapp_utils.zapi.NaElement(
'name-mapping-unix-group-get-iter')
attributes = {
'query': {
'unix-group-info': {
'group-name': self.parameters['name'],
'vserver': self.parameters['vserver'],
}
}
}
get_unix_group.translate_struct(attributes)
try:
result = self.server.invoke_successfully(get_unix_group,
enable_tunneling=True)
if result.get_child_by_name('num-records') and int(
result.get_child_content('num-records')) >= 1:
group_info = result['attributes-list']['unix-group-info']
group_details = dict()
else:
return None
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='Error getting UNIX group %s: %s' %
(self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
for item_key, zapi_key in self.na_helper.zapi_string_keys.items():
group_details[item_key] = group_info[zapi_key]
for item_key, zapi_key in self.na_helper.zapi_int_keys.items():
group_details[item_key] = self.na_helper.get_value_for_int(
from_zapi=True, value=group_info[zapi_key])
if group_info.get_child_by_name('users') is not None:
group_details['users'] = [
user.get_child_content('user-name') for user in
group_info.get_child_by_name('users').get_children()
]
else:
group_details['users'] = None
return group_details
def create_unix_group(self):
"""
Creates an UNIX group in the specified Vserver
:return: None
"""
if self.parameters.get('id') is None:
self.module.fail_json(
msg='Error: Missing a required parameter for create: (id)')
group_create = netapp_utils.zapi.NaElement(
'name-mapping-unix-group-create')
group_details = {}
for item in self.parameters:
if item in self.na_helper.zapi_string_keys:
zapi_key = self.na_helper.zapi_string_keys.get(item)
group_details[zapi_key] = self.parameters[item]
elif item in self.na_helper.zapi_bool_keys:
zapi_key = self.na_helper.zapi_bool_keys.get(item)
group_details[zapi_key] = self.na_helper.get_value_for_bool(
from_zapi=False, value=self.parameters[item])
elif item in self.na_helper.zapi_int_keys:
zapi_key = self.na_helper.zapi_int_keys.get(item)
group_details[zapi_key] = self.na_helper.get_value_for_int(
from_zapi=True, value=self.parameters[item])
group_create.translate_struct(group_details)
try:
self.server.invoke_successfully(group_create,
enable_tunneling=True)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='Error creating UNIX group %s: %s' %
(self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
if self.parameters.get('users') is not None:
self.modify_users_in_group()
def delete_unix_group(self):
"""
Deletes an UNIX group from a vserver
:return: None
"""
group_delete = netapp_utils.zapi.NaElement.create_node_with_children(
'name-mapping-unix-group-destroy',
**{'group-name': self.parameters['name']})
try:
self.server.invoke_successfully(group_delete,
enable_tunneling=True)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='Error removing UNIX group %s: %s' %
(self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
def modify_unix_group(self, params):
"""
Modify an UNIX group from a vserver
:param params: modify parameters
:return: None
"""
# modify users requires separate zapi.
if 'users' in params:
self.modify_users_in_group()
if len(params) == 1:
return
group_modify = netapp_utils.zapi.NaElement(
'name-mapping-unix-group-modify')
group_details = {'group-name': self.parameters['name']}
for key in params:
if key in self.na_helper.zapi_int_keys:
zapi_key = self.na_helper.zapi_int_keys.get(key)
group_details[zapi_key] = self.na_helper.get_value_for_int(
from_zapi=True, value=params[key])
group_modify.translate_struct(group_details)
try:
self.server.invoke_successfully(group_modify,
enable_tunneling=True)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='Error modifying UNIX group %s: %s' %
(self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
def modify_users_in_group(self):
"""
Add/delete one or many users in a UNIX group
:return: None
"""
current_users = self.get_unix_group().get('users')
expect_users = self.parameters.get('users')
if current_users is None:
current_users = []
if expect_users[0] == '' and len(expect_users) == 1:
expect_users = []
users_to_remove = list(set(current_users) - set(expect_users))
users_to_add = list(set(expect_users) - set(current_users))
if len(users_to_add) > 0:
for user in users_to_add:
add_user = netapp_utils.zapi.NaElement(
'name-mapping-unix-group-add-user')
group_details = {
'group-name': self.parameters['name'],
'user-name': user
}
add_user.translate_struct(group_details)
try:
self.server.invoke_successfully(add_user,
enable_tunneling=True)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(
msg='Error adding user %s to UNIX group %s: %s' %
(user, self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
if len(users_to_remove) > 0:
for user in users_to_remove:
delete_user = netapp_utils.zapi.NaElement(
'name-mapping-unix-group-delete-user')
group_details = {
'group-name': self.parameters['name'],
'user-name': user
}
delete_user.translate_struct(group_details)
try:
self.server.invoke_successfully(delete_user,
enable_tunneling=True)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(
msg='Error deleting user %s from UNIX group %s: %s' %
(user, self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
def autosupport_log(self):
"""
Autosupport log for unix_group
:return: None
"""
netapp_utils.ems_log_event("na_ontap_unix_group", self.server)
def apply(self):
"""
Invoke appropriate action based on playbook parameters
:return: None
"""
self.autosupport_log()
current = self.get_unix_group()
cd_action = self.na_helper.get_cd_action(current, self.parameters)
if self.parameters['state'] == 'present' and cd_action is None:
modify = self.na_helper.get_modified_attributes(
current, self.parameters)
if self.na_helper.changed:
if self.module.check_mode:
pass
else:
if cd_action == 'create':
self.create_unix_group()
elif cd_action == 'delete':
self.delete_unix_group()
else:
self.modify_unix_group(modify)
self.module.exit_json(changed=self.na_helper.changed)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"wireless_controller_hotspot20_h2qp_osu_provider": {
"required": False,
"type": "dict",
"default": None,
"options": {
"friendly_name": {
"required": False,
"type": "list",
"options": {
"friendly_name": {
"required": False,
"type": "str"
},
"index": {
"required": True,
"type": "int"
},
"lang": {
"required": False,
"type": "str"
}
}
},
"icon": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"osu_method": {
"required": False,
"type": "str",
"choices": ["oma-dm", "soap-xml-spp", "reserved"]
},
"osu_nai": {
"required": False,
"type": "str"
},
"server_uri": {
"required": False,
"type": "str"
},
"service_description": {
"required": False,
"type": "list",
"options": {
"lang": {
"required": False,
"type": "str"
},
"service_description": {
"required": False,
"type": "str"
},
"service_id": {
"required": False,
"type": "int"
}
}
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_wireless_controller_hotspot20(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_wireless_controller_hotspot20(
module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
class NetAppONTAPasup(object):
"""Class with autosupport methods"""
def __init__(self):
self.argument_spec = netapp_utils.na_ontap_host_argument_spec()
self.argument_spec.update(
dict(
state=dict(required=False,
choices=['present', 'absent'],
default='present'),
node_name=dict(required=True, type='str'),
transport=dict(required=False,
type='str',
choices=['smtp', 'http', 'https']),
noteto=dict(required=False, type='list'),
post_url=dict(required=False, type='str'),
support=dict(required=False, type='bool'),
mail_hosts=dict(required=False, type='list'),
from_address=dict(required=False, type='str'),
partner_addresses=dict(required=False, type='list'),
to_addresses=dict(required=False, type='list'),
proxy_url=dict(required=False, type='str'),
hostname_in_subject=dict(required=False, type='bool'),
))
self.module = AnsibleModule(argument_spec=self.argument_spec,
supports_check_mode=False)
self.na_helper = NetAppModule()
self.parameters = self.na_helper.set_parameters(self.module.params)
# present or absent requires modifying state to enabled or disabled
self.parameters['service_state'] = 'started' if self.parameters[
'state'] == 'present' else 'stopped'
self.set_playbook_zapi_key_map()
if HAS_NETAPP_LIB is False:
self.module.fail_json(
msg="the python NetApp-Lib module is required")
else:
self.server = netapp_utils.setup_na_ontap_zapi(module=self.module)
def set_playbook_zapi_key_map(self):
self.na_helper.zapi_string_keys = {
'node_name': 'node-name',
'transport': 'transport',
'post_url': 'post-url',
'from_address': 'from',
'proxy_url': 'proxy-url'
}
self.na_helper.zapi_list_keys = {
'noteto': ('noteto', 'mail-address'),
'mail_hosts': ('mail-hosts', 'string'),
'partner_addresses': ('partner-address', 'mail-address'),
'to_addresses': ('to', 'mail-address'),
}
self.na_helper.zapi_bool_keys = {
'support': 'is-support-enabled',
'hostname_in_subject': 'is-node-in-subject'
}
def get_autosupport_config(self):
"""
Invoke zapi - get current autosupport details
:return: dict()
"""
asup_details = netapp_utils.zapi.NaElement('autosupport-config-get')
asup_details.add_new_child('node-name', self.parameters['node_name'])
asup_info = dict()
try:
result = self.server.invoke_successfully(asup_details,
enable_tunneling=True)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='%s' % to_native(error),
exception=traceback.format_exc())
# zapi invoke successful
asup_attr_info = result.get_child_by_name(
'attributes').get_child_by_name('autosupport-config-info')
asup_info['service_state'] = 'started' if asup_attr_info[
'is-enabled'] == 'true' else 'stopped'
for item_key, zapi_key in self.na_helper.zapi_string_keys.items():
asup_info[item_key] = asup_attr_info[zapi_key]
for item_key, zapi_key in self.na_helper.zapi_bool_keys.items():
asup_info[item_key] = self.na_helper.get_value_for_bool(
from_zapi=True, value=asup_attr_info[zapi_key])
for item_key, zapi_key in self.na_helper.zapi_list_keys.items():
parent, dummy = zapi_key
asup_info[item_key] = self.na_helper.get_value_for_list(
from_zapi=True,
zapi_parent=asup_attr_info.get_child_by_name(parent))
return asup_info
def modify_autosupport_config(self, modify):
"""
Invoke zapi - modify autosupport config
@return: NaElement object / FAILURE with an error_message
"""
asup_details = {'node-name': self.parameters['node_name']}
if modify.get('service_state'):
asup_details['is-enabled'] = 'true' if modify.get(
'service_state') == 'started' else 'false'
asup_config = netapp_utils.zapi.NaElement('autosupport-config-modify')
for item_key in modify:
if item_key in self.na_helper.zapi_string_keys:
zapi_key = self.na_helper.zapi_string_keys.get(item_key)
asup_details[zapi_key] = modify[item_key]
elif item_key in self.na_helper.zapi_bool_keys:
zapi_key = self.na_helper.zapi_bool_keys.get(item_key)
asup_details[zapi_key] = self.na_helper.get_value_for_bool(
from_zapi=False, value=modify[item_key])
elif item_key in self.na_helper.zapi_list_keys:
parent_key, child_key = self.na_helper.zapi_list_keys.get(
item_key)
asup_config.add_child_elem(
self.na_helper.get_value_for_list(
from_zapi=False,
zapi_parent=parent_key,
zapi_child=child_key,
data=modify.get(item_key)))
asup_config.translate_struct(asup_details)
try:
return self.server.invoke_successfully(asup_config,
enable_tunneling=True)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='%s' % to_native(error),
exception=traceback.format_exc())
def autosupport_log(self):
results = netapp_utils.get_cserver(self.server)
cserver = netapp_utils.setup_na_ontap_zapi(module=self.module,
vserver=results)
netapp_utils.ems_log_event("na_ontap_autosupport", cserver)
def apply(self):
"""
Apply action to autosupport
"""
current = self.get_autosupport_config()
modify = self.na_helper.get_modified_attributes(
current, self.parameters)
if self.na_helper.changed:
if self.module.check_mode:
pass
else:
self.modify_autosupport_config(modify)
self.module.exit_json(changed=self.na_helper.changed)
def main():
module = AnsibleModule(argument_spec=hpe3par.cpg_argument_spec(),
required_together=[['raid_type', 'set_size']])
if not HAS_3PARCLIENT:
module.fail_json(
msg=
'the python hpe3par_sdk library is required (https://pypi.org/project/hpe3par_sdk)'
)
if len(module.params["cpg_name"]) < 1 or len(
module.params["cpg_name"]) > 31:
module.fail_json(
msg=
"CPG name must be at least 1 character and not more than 31 characters"
)
storage_system_ip = module.params["storage_system_ip"]
storage_system_username = module.params["storage_system_username"]
storage_system_password = module.params["storage_system_password"]
cpg_name = module.params["cpg_name"]
domain = module.params["domain"]
growth_increment = module.params["growth_increment"]
growth_limit = module.params["growth_limit"]
growth_warning = module.params["growth_warning"]
raid_type = module.params["raid_type"]
set_size = module.params["set_size"]
high_availability = module.params["high_availability"]
disk_type = module.params["disk_type"]
secure = module.params["secure"]
wsapi_url = 'https://%s:8080/api/v1' % storage_system_ip
try:
client_obj = client.HPE3ParClient(wsapi_url, secure)
except exceptions.SSLCertFailed:
module.fail_json(msg="SSL Certificate Failed")
except exceptions.ConnectionError:
module.fail_json(msg="Connection Error")
except exceptions.UnsupportedVersion:
module.fail_json(msg="Unsupported WSAPI version")
except Exception as e:
module.fail_json(msg="Initializing client failed. %s" % e)
if storage_system_username is None or storage_system_password is None:
module.fail_json(msg="Storage system username or password is None")
if cpg_name is None:
module.fail_json(msg="CPG Name is None")
# States
if module.params["state"] == "present":
try:
client_obj.login(storage_system_username, storage_system_password)
return_status, changed, msg = create_cpg(
client_obj, cpg_name, domain, growth_increment, growth_limit,
growth_warning, raid_type, set_size, high_availability,
disk_type)
except Exception as e:
module.fail_json(msg="CPG create failed | %s" % e)
finally:
client_obj.logout()
elif module.params["state"] == "absent":
try:
client_obj.login(storage_system_username, storage_system_password)
return_status, changed, msg = delete_cpg(client_obj, cpg_name)
except Exception as e:
module.fail_json(msg="CPG create failed | %s" % e)
finally:
client_obj.logout()
if return_status:
module.exit_json(changed=changed, msg=msg)
else:
module.fail_json(msg=msg)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"system_ddns": {
"required": False, "type": "dict", "default": None,
"options": {
"bound_ip": {"required": False, "type": "str"},
"clear_text": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"ddns_auth": {"required": False, "type": "str",
"choices": ["disable", "tsig"]},
"ddns_domain": {"required": False, "type": "str"},
"ddns_key": {"required": False, "type": "str"},
"ddns_keyname": {"required": False, "type": "str"},
"ddns_password": {"required": False, "type": "str"},
"ddns_server": {"required": False, "type": "str",
"choices": ["dyndns.org", "dyns.net", "tzo.com",
"vavic.com", "dipdns.net", "now.net.cn",
"dhs.org", "easydns.com", "genericDDNS",
"FortiGuardDDNS", "noip.com"]},
"ddns_server_ip": {"required": False, "type": "str"},
"ddns_sn": {"required": False, "type": "str"},
"ddns_ttl": {"required": False, "type": "int"},
"ddns_username": {"required": False, "type": "str"},
"ddns_zone": {"required": False, "type": "str"},
"ddnsid": {"required": True, "type": "int"},
"monitor_interface": {"required": False, "type": "list",
"options": {
"interface_name": {"required": False, "type": "str"}
}},
"ssl_certificate": {"required": False, "type": "str"},
"update_interval": {"required": False, "type": "int"},
"use_public_ip": {"required": False, "type": "str",
"choices": ["disable", "enable"]}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
class ElementSWCluster(object):
"""
Element Software Initialize node with ownership for cluster formation
"""
def __init__(self):
self.argument_spec = netapp_utils.ontap_sf_host_argument_spec()
self.argument_spec.update(dict(
management_virtual_ip=dict(required=True, type='str'),
storage_virtual_ip=dict(required=True, type='str'),
replica_count=dict(required=False, type='str', default='2'),
cluster_admin_username=dict(required=False, type='str'),
cluster_admin_password=dict(required=False, type='str', no_log=True),
accept_eula=dict(required=False, type='bool'),
nodes=dict(required=True, type=list),
attributes=dict(required=False, type='dict', default=None)
))
self.module = AnsibleModule(
argument_spec=self.argument_spec,
supports_check_mode=True
)
input_params = self.module.params
self.management_virtual_ip = input_params['management_virtual_ip']
self.storage_virtual_ip = input_params['storage_virtual_ip']
self.replica_count = input_params['replica_count']
self.accept_eula = input_params.get('accept_eula')
self.attributes = input_params.get('attributes')
self.nodes = input_params['nodes']
self.cluster_admin_username = input_params.get('cluster_admin_username')
self.cluster_admin_password = input_params.get('cluster_admin_password')
if HAS_SF_SDK is False:
self.module.fail_json(msg="Unable to import the SolidFire Python SDK")
else:
self.sfe = netapp_utils.create_sf_connection(module=self.module)
self.elementsw_helper = NaElementSWModule(self.sfe)
# add telemetry attributes
if self.attributes is not None:
self.attributes.update(self.elementsw_helper.set_element_attributes(source='na_elementsw_cluster'))
else:
self.attributes = self.elementsw_helper.set_element_attributes(source='na_elementsw_cluster')
def create_cluster(self):
"""
Create Cluster
"""
options = {
'mvip': self.management_virtual_ip,
'svip': self.storage_virtual_ip,
'rep_count': self.replica_count,
'accept_eula': self.accept_eula,
'nodes': self.nodes,
'attributes': self.attributes
}
if self.cluster_admin_username is not None:
options['username'] = self.cluster_admin_username
if self.cluster_admin_password is not None:
options['password'] = self.cluster_admin_password
try:
self.sfe.create_cluster(**options)
except Exception as exception_object:
self.module.fail_json(msg='Error create cluster %s' % (to_native(exception_object)),
exception=traceback.format_exc())
def check_connection(self):
"""
Check connections to mvip, svip address.
:description: To test connection to given IP addressed for mvip and svip
:rtype: bool
"""
try:
mvip_test = self.sfe.test_connect_mvip(mvip=self.management_virtual_ip)
svip_test = self.sfe.test_connect_svip(svip=self.storage_virtual_ip)
if mvip_test.details.connected and svip_test.details.connected:
return True
else:
return False
except Exception as e:
return False
def apply(self):
"""
Check connection and initialize node with cluster ownership
"""
changed = False
result_message = None
if self.module.supports_check_mode and self.accept_eula:
if self.check_connection():
self.create_cluster()
changed = True
else:
self.module.fail_json(msg='Error connecting mvip and svip address')
else:
result_message = "Skipping changes, No change requested"
self.module.exit_json(changed=changed, msg=result_message)
def main():
module = AnsibleModule(argument_spec=dict(
login_user=dict(default=None, type='str'),
login_password=dict(default=None, no_log=True, type='str'),
login_host=dict(default="127.0.0.1"),
login_unix_socket=dict(default=None),
login_port=dict(default=6032, type='int'),
config_file=dict(default="", type='path'),
rule_id=dict(type='int'),
active=dict(type='bool'),
username=dict(type='str'),
schemaname=dict(type='str'),
flagIN=dict(type='int'),
client_addr=dict(type='str'),
proxy_addr=dict(type='str'),
proxy_port=dict(type='int'),
digest=dict(type='str'),
match_digest=dict(type='str'),
match_pattern=dict(type='str'),
negate_match_pattern=dict(type='bool'),
flagOUT=dict(type='int'),
replace_pattern=dict(type='str'),
destination_hostgroup=dict(type='int'),
cache_ttl=dict(type='int'),
timeout=dict(type='int'),
retries=dict(type='int'),
delay=dict(type='int'),
mirror_flagOUT=dict(type='int'),
mirror_hostgroup=dict(type='int'),
error_msg=dict(type='str'),
log=dict(type='bool'),
apply=dict(type='bool'),
comment=dict(type='str'),
state=dict(default='present', choices=['present', 'absent']),
force_delete=dict(default=False, type='bool'),
save_to_disk=dict(default=True, type='bool'),
load_to_runtime=dict(default=True, type='bool')),
supports_check_mode=True)
perform_checks(module)
login_user = module.params["login_user"]
login_password = module.params["login_password"]
config_file = module.params["config_file"]
cursor = None
try:
cursor, db_conn = mysql_connect(
module,
login_user,
login_password,
config_file,
cursor_class=mysql_driver.cursors.DictCursor)
except mysql_driver.Error as e:
module.fail_json(
msg="unable to connect to ProxySQL Admin Module.. %s" %
to_native(e))
proxysql_query_rule = ProxyQueryRule(module)
result = {}
result['state'] = proxysql_query_rule.state
if proxysql_query_rule.state == "present":
try:
if not proxysql_query_rule.check_rule_cfg_exists(cursor):
if proxysql_query_rule.config_data["rule_id"] and \
proxysql_query_rule.check_rule_pk_exists(cursor):
proxysql_query_rule.update_rule(module.check_mode, result,
cursor)
else:
proxysql_query_rule.create_rule(module.check_mode, result,
cursor)
else:
result['changed'] = False
result['msg'] = ("The rule already exists in" +
" mysql_query_rules and doesn't need to be" +
" updated.")
result['rules'] = \
proxysql_query_rule.get_rule_config(cursor)
except mysql_driver.Error as e:
module.fail_json(msg="unable to modify rule.. %s" % to_native(e))
elif proxysql_query_rule.state == "absent":
try:
existing_rules = proxysql_query_rule.check_rule_cfg_exists(cursor)
if existing_rules > 0:
if existing_rules == 1 or \
proxysql_query_rule.force_delete:
proxysql_query_rule.delete_rule(module.check_mode, result,
cursor)
else:
module.fail_json(
msg=("Operation would delete multiple rules" +
" use force_delete to override this"))
else:
result['changed'] = False
result['msg'] = ("The rule is already absent from the" +
" mysql_query_rules memory configuration")
except mysql_driver.Error as e:
module.fail_json(msg="unable to remove rule.. %s" % to_native(e))
module.exit_json(**result)
