def configure_network(device):
eth1 = EthernetInterface(name='ethernet1/1',
mode='layer3',
ip=('192.168.55.20/24', ))
eth2 = EthernetInterface(name='ethernet1/2',
mode='layer3',
ip=('192.168.45.20/24', ))
eth3 = EthernetInterface(name='ethernet1/3',
mode='layer3',
ip=('192.168.35.20/24', ))
device.add(eth1)
device.add(eth2)
device.add(eth3)
eth1.create()
eth2.create()
eth3.create()
untrust = Zone(name='untrust', mode='layer3', interface=['ethernet1/1'])
web = Zone(name='web', mode='layer3', interface=['ethernet1/2'])
db = Zone(name='db', mode='layer3', interface=['ethernet1/3'])
device.add(untrust)
device.add(web)
device.add(db)
untrust.create()
web.create()
db.create()
vr_default = VirtualRouter(
name='default',
interface=['ethernet1/1', 'ethernet1/2', 'ethernet1/3'])
device.add(vr_default)
vr_default.create()
default_route = StaticRoute(name='default',
destination='0.0.0.0/0',
nexthop='192.168.55.2')
vr_default.add(default_route)
default_route.create()
def main():
helper = get_connection(
vsys_importable=True,
template=True,
template_stack=True,
with_state=True,
with_classic_provider_spec=True,
argument_spec=setup_args(),
)
module = AnsibleModule(
argument_spec=helper.argument_spec,
supports_check_mode=True,
required_one_of=helper.required_one_of,
)
# Verify imports, build pandevice object tree.
parent = helper.get_pandevice_parent(module)
# Exclude non-object items from kwargs passed to the object.
exclude_list = [
'ip_address',
'username',
'password',
'api_key',
'state',
'commit',
'provider',
'template',
'template_stack',
'vsys',
'port',
]
# Generate the kwargs for network.VirtualRouter.
obj_spec = dict((k, module.params[k]) for k in helper.argument_spec.keys()
if k not in exclude_list)
name = module.params['name']
state = module.params['state']
commit = module.params['commit']
# Retrieve current virtual routers.
try:
vr_list = VirtualRouter.refreshall(parent, add=False)
except PanDeviceError as e:
module.fail_json(msg='Failed refresh: {0}'.format(e))
# Create the new state object.
virtual_router = VirtualRouter(**obj_spec)
parent.add(virtual_router)
reference_params = {
'refresh': True,
'update': not module.check_mode,
'return_type': 'bool',
}
changed = False
if state == 'present':
for item in vr_list:
if item.name != name:
continue
if not item.equal(virtual_router, compare_children=False):
changed = True
virtual_router.extend(item.children)
if not module.check_mode:
try:
virtual_router.apply()
except PanDeviceError as e:
module.fail_json(msg='Failed apply: {0}'.format(e))
break
else:
changed = True
if not module.check_mode:
try:
virtual_router.create()
except PanDeviceError as e:
module.fail_json(msg='Failed apply: {0}'.format(e))
changed |= virtual_router.set_vsys(module.params['vsys'],
**reference_params)
else:
changed |= virtual_router.set_vsys(None, **reference_params)
if name in [x.name for x in vr_list]:
changed = True
if not module.check_mode:
try:
virtual_router.delete()
except PanDeviceError as e:
module.fail_json(msg='Failed delete: {0}'.format(e))
if commit and changed:
helper.commit(module)
if not changed:
msg = 'no changes required.'
elif module.check_mode:
msg = 'Changes are required.'
else:
msg = 'Virtual router update successful.'
module.exit_json(msg=msg, changed=changed)