def run_module(): module_args = dict( state=dict(required=False, default='present', choices=['present', 'absent']), type=dict(required=False, default='server'), refid=dict(required=True), # 13 hex digit crt=dict(required=True), prv=dict(required=True), descr=dict(required=True) ) result = dict( changed=False, ) module = AnsibleModule( argument_spec=module_args, supports_check_mode=True ) configuration = "" params = module.params pfsense_check(module) # get config and find our cert cfg = read_config(module,'cert') index = search(cfg,'refid',params['refid']) base = "$config['cert'][" + str(index) + "]" if params['state'] == 'present': for p in ['refid','descr','crt','prv']: if isstr(params[p]): validate(module,p,params[p]) if index=='': configuration += "$cert['"+p+"']='" + params[p] + "';\n" elif cfg[index][p] != params[p]: configuration += base + "['"+p+"']='" + params[p] + "';\n" if index=='': configuration += base + "=$cert;\n" elif params['state'] == 'absent': if index != '': configuration += "unset("+base+");\n" else: module.fail_json(msg='Incorrect state value, possible choices: absent, present(default)') result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': write_config(module,configuration) result['changed'] = True for section in params: if type(params[section]) is dict: result[section] = read_config(module,section) module.exit_json(**result)
def run_module(): module_args = dict(username=dict(required=True, default=None), password=dict(required=True, default=None), authorizedkeys=dict(required=False, default='')) result = dict(changed=False, ) module = AnsibleModule( argument_spec=module_args, supports_check_mode= False # Password is always a change since it's supplied in clear text and saved in bcrypt ) params = module.params configuration = "" pfsense_check(module) system = read_config(module, 'system') index = search(system['user'], 'name', params['username']) if index == '': module.fail_json(msg='username: '******'username'] + ' not found') base = "$config['system']['user'][" + str(index) + "]" for p in ['password', 'authorizedkeys']: if isstr(params[p]): validate(module, p, params[p]) if p not in system['user'][ index] or system['user'][index][p] != params[p]: configuration += base + "['" + p + "']='" + params[p] + "';\n" result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': configuration = 'require("auth.inc");\n' + configuration configuration += "local_user_set_password($config['system']['user'][" + str( index) + "], '" + params['password'] + "');\n" write_config(module, configuration, post="local_user_set($config['system']['user'][" + str(index) + "]);") result['changed'] = True system = read_config(module, 'system') result['user'] = system['user'] module.exit_json(**result)
def run_module(): module_args = dict( state=dict(required=False, default='present', choices=['present', 'absent']), name=dict(required=True), address=dict(required=False), descr=dict(required=False, default=''), type=dict(required=True, choices=[ 'host', 'network', 'port', 'url', 'url_ports', 'urltable', 'urltable_ports' ]), detail=dict(required=False), ) args = ['name', 'address', 'descr', 'type', 'detail'] result = dict(changed=False, ) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) configuration = "" params = module.params section = 'aliases' pfsense_check(module) # get config and find our alias cfg = read_config(module, section) try: index = search(cfg['alias'], 'name', params['name']) except: configuration = "if (empty($config['aliases'])) $config['aliases'] = [];\n" index = '' base = "$config['aliases']['alias'][" + str(index) + "]" if params['state'] == 'present': for p in args: if isstr(params[p]): validate(module, p, params[p]) if index == '': configuration += "$alias['" + p + "']='" + params[ p] + "';\n" elif not p in cfg['alias'][ index] or cfg['alias'][index][p] != params[p]: configuration += base + "['" + p + "']='" + params[ p] + "';\n" if index == '': configuration += base + "=$alias;\n" elif params['state'] == 'absent': if index != '': configuration += "unset(" + base + ");\n" else: module.fail_json( msg= 'Incorrect state value, possible choices: absent, present(default)' ) result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': write_config(module, configuration) result['changed'] = True result[section] = read_config(module, section) module.exit_json(**result)
def run_module(): module_args = dict( state=dict(required=False, default='present', choices=['present', 'absent']), tracker=dict(required=True), # 10 digit (e.g. timestamp) type=dict(required=False, default='pass', choices=['pass', 'block', 'reject']), disabled=dict(required=False), quick=dict(required=False), interface=dict(required=False, default='lan'), ipprotocol=dict(required=False, default='inet', choices=['inet', 'inet6', 'inet46']), icmptype=dict(required=False, default='any'), protocol=dict(required=False, default=None, choices=['tcp', 'udp', 'tcp/udp', 'icmp', 'esp', 'ah', 'gre', 'ipv6', 'igmp', 'ospf', 'any', 'carp', 'pfsync', None]), direction=dict(required=False, default='any', choices=['any','in','out']), statetype=dict(required=False, default='keep state', choices=['keep state','sloppy state','synproxy state','none']), floating=dict(required=False, choices=[None, True]), source=dict(required=False, type=dict, default=dict(any='') ), destination=dict(required=False, type=dict, default=dict(any='') ), log=dict(required=False), descr=dict(required=False) ) result = dict( changed=False, ) module = AnsibleModule( argument_spec=module_args, supports_check_mode=True ) params = module.params configuration = "" diff = False updated = "" pfsense_check(module) # get config and find our rule cfg = read_config(module,'filter') index = search(cfg['rule'],'tracker',params['tracker']) base = "$config['filter']['rule'][" + str(index) + "]" if params['state'] == 'present': if type(params['protocol']) in [str,unicode]: if params['protocol']!='icmp': params['icmptype'] = None for p in ['source','destination']: for el in params[p]: if index=='' or (el not in cfg['rule'][index][p]) or (str(cfg['rule'][index][p][el]) != str(params[p][el])): diff = True updated += ":"+p+"."+el for (k,v) in params[p].iteritems(): validate(module,p+":"+el+":"+k,v) for p in ['type','tracker','ipprotocol','interface','direction','statetype']: validate(module,p,params[p]) configuration += "$rule['" + p + "'] = '" + params[p] + "';\n" if index=='' or (str(params[p]) != str(cfg['rule'][index][p])): diff = True updated += ":"+p for p in ['descr','log','disabled','quick','protocol','icmptype']: if type(params[p]) in [str,unicode]: validate(module,p,params[p]) configuration += "$rule['" + p + "'] = '" + params[p] + "';\n" if index=='' or (p not in cfg['rule'][index]) or (str(params[p]) != str(cfg['rule'][index][p])): diff = True updated += ":"+p for p in ['floating']: if type(params[p]) in [bool]: configuration += "$rule['" + p + "'] = " + str(params[p]) + ";\n" if index=='' or (p not in cfg['rule'][index]): diff = True updated += ":"+p if diff: configuration += "$rule['source'] = [" + ', '.join("'%s'=>%r" % (key,val) for (key,val) in params['source'].iteritems()) + "];\n" configuration += "$rule['destination'] = [" + ', '.join("'%s'=>%r" % (key,val) for (key,val) in params['destination'].iteritems()) + "];\n" configuration += base + "=$rule;\n" elif params['state'] == 'absent': if index != '': configuration += "unset("+base+");\n" diff = True else: module.fail_json(msg='Incorrect state value, possible choices: absent, present(default)') result['phpcode'] = configuration result['updated'] = updated if module.check_mode: module.exit_json(**result) if diff: write_config(module,configuration) result['changed'] = True cfg = read_config(module,'filter') result['filter_rules'] = cfg['rule'] module.exit_json(**result)
def run_module(): module_args = dict(name=dict(required=True, default=None), scope=dict(required=False, default='remote', choices=['local', 'remote']), description=dict(required=False, default=''), priv=dict(required=True, type=list), state=dict(required=False, default='present', choices=['present', 'absent'])) result = dict(changed=False, ) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) params = module.params priv = params['priv'] configuration = "" pfsense_check(module) validate(module, 'name', params['name'], '^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]$') validate(module, 'priv', params['priv']) system = read_config(module, 'system') index = search(system['group'], 'name', params['name']) if index == '': gid = system['nextgid'] configuration += "$config['system']['nextgid']++;\n" else: gid = system['group'][index]['gid'] base = "$config['system']['group'][" + str(index) + "]" if params['state'] == 'present': for p in ['name', 'description', 'scope']: if isstr(params[p]): validate(module, p, params[p]) if index == '': configuration += "$group['" + p + "']='" + params[ p] + "';\n" elif system['group'][index][p] != params[p]: configuration += base + "['" + p + "']='" + params[ p] + "';\n" if index == '': configuration += "$group['gid']='" + gid + "';\n" configuration += "$group['priv']=['" + "','".join(priv) + "'];\n" configuration += base + "=$group;\n" elif set(system['group'][index]['priv']) != set(priv): configuration += base + "['priv']=['" + "','".join(priv) + "'];\n" elif params['state'] == 'absent': if index != '': configuration += "unset(" + base + ");\n" else: module.fail_json( msg= 'Incorrect state value, possible choices: absent, present(default)' ) result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': write_config(module, configuration) result['changed'] = True cfg = read_config(module, 'system') result['group'] = cfg['group'] module.exit_json(**result)
def run_module(): module_args = dict( safe_mode=dict(default='yes', choices=['yes','no']), snmpd=dict(type=dict), syslog=dict(type=dict), system=dict(type=dict), widgets=dict(type=dict), hasync=dict(type=dict), nat=dict(type=dict), installedpackages=dict(type=dict), ) result = dict( changed=False, ) module = AnsibleModule( argument_spec=module_args, supports_check_mode=True ) params = module.params DoNotCreate = ['rule','cert','user','group','authserver','alias','item','monitor_type','gateway_item','package']; # Arrays of Dict AllowCreateKeys = False if params['safe_mode'] == 'no': AllowCreateKeys = True del params['safe_mode'] configuration = "" pfsense_check(module) # Loop through all possible params for section in params: # Process provided sections if type(params[section]) is dict: # Read existing configuration result[section] = read_config(module,section) if not type(result[section]) is dict: result[section] = dict() # Loop through provided keys in the section for key in params[section]: # Check for keys we can't handle here if key in DoNotCreate: module.fail_json(msg='Cannot create array type, try pfsense_'+key+' module') # Check that key exists in config (unless we are allowing key create "safe: no") if (key in result[section]) or AllowCreateKeys: validate(module,section+":"+key,params[section][key]) # String Type if isstr(params[section][key]): # Validate Data type provided matches existing config if (key in result[section]): if not isstr(result[section][key]): module.fail_json(msg=section + ":" + key + " requires " + str(type(result[section][key]))) # Update if changed if not key in result[section] or str(result[section][key]) != params[section][key]: configuration += "$config['" + section + "']['" + key + "']='" + params[section][key] + "';\n" result[section][key] = params[section][key] # List Type elif type(params[section][key]) is list: # Validate Data type provided matches existing config if (key in result[section]): if type(result[section][key]) is not list: module.fail_json(msg=section + ":" + key + " requires " + str(type(result[section][key]))) # Update if changed if set(result[section][key]) != set(params[section][key]): configuration += "$config['" + section + "']['" + key + "']=['"+"','".join(params[section][key])+"'];\n" result[section][key] = params[section][key] # Dict Type elif type(params[section][key]) is dict: # Validate Data type provided matches existing config if (key in result[section]): if type(result[section][key]) is not dict: module.fail_json(msg=section + ":" + key + " requires " + str(type(result[section][key]))) # Loop thru subkeys k in dict for (k,v) in params[section][key].items(): validate(module,section+":"+key+":"+k,v) if (k in result[section][key]) or AllowCreateKeys: # Type validation if (k in result[section][key]): if not isstr(result[section][key][k]): module.fail_json(msg="String expected in config at "+section + ":" + key + ":" + k + " " + str(type(result[section][key][k])) + " found") if type(v) is not str: module.fail_json(msg="String value expected in "+section + ":" + key + ":" + k) # Update if changed if not k in result[section][key] or result[section][key][k] != params[section][key][k]: configuration += "$config['" + section + "']['" + key + "']['" + k + "'] = '" + v.replace("'","\\'") + "';\n" result[section][key][k]=v else: module.fail_json(msg='SubKey: '+k+' not found in '+section+":"+key+'. Cannot create new keys in safe mode') else: module.fail_json(msg= section + ":" + key + " has unexpected type " + str(type(params[section][key]))) else: module.fail_json(msg='Key: '+key+' not found in section: '+section+'. Cannot create new keys in safe mode') result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': write_config(module,configuration) result['changed'] = True for section in params: if type(params[section]) is dict: result[section] = read_config(module,section) module.exit_json(**result)
def run_module(): module_args = dict(name=dict(required=True, choices=['wan', 'lan', 'opt1', 'opt2']), enable=dict(required=False, default=True, type=str), ipaddr=dict(required=False), ipprotocol=dict(required=False, default='inet'), subnet=dict(required=False), gateway=dict(required=False), gateway_name=dict(required=False, default='Default_GW'), gateway_weight=dict(required=False, default='1'), descr=dict(required=False, default='')) result = dict(changed=False, ) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) params = module.params section = 'interfaces' configuration = "" pfsense_check(module) name = params['name'] cfg = read_config(module, section) try: if cfg[name]: pass except: module.fail_json(msg='interface ' + name + ' not found') interface = "$config['" + section + "']['" + name + "']" # Interface Params for key in ['ipaddr', 'subnet', 'descr']: if params[key]: if not key in cfg[name] or params[key] != cfg[name][key]: validate(module, key, params[key]) configuration += interface + "['" + key + "']='" + params[ key] + "';\n" # Handle enable param if params['enable'] and 'enable' not in cfg[name]: configuration += interface + "['enable']='';\n" if not params['enable'] and 'enable' in cfg[name]: configuration += "unset(" + interface + "['enable']);\n" # Setup Gateway if provided, (should really be in its own pfsense_gateways module) section = 'gateways' gw_diff = False gw_params = { 'name': 'interface', 'gateway': 'gateway', 'gateway_name': 'name', 'gateway_weight': 'weight' } if params['gateway']: gateways = read_config(module, section) gw = search(gateways['gateway_item'], 'name', params['gateway_name']) if gw == '': gw_diff = True else: for p, key in gw_params.iteritems(): if p in params: validate(module, p, params[p]) if (key not in gateways['gateway_item'][gw]) or ( params[p] != gateways['gateway_item'][gw][key]): gw_diff = True if gw_diff: configuration += interface + "['gateway']='" + params[ 'gateway_name'] + "';\n" configuration += "$config['gateways']['gateway_item'][" + gw + "]=[\n" configuration += "'interface'=>'" + params['name'] + "',\n" configuration += "'gateway'=>'" + params['gateway'] + "',\n" configuration += "'name'=>'" + params['gateway_name'] + "',\n" configuration += "'weight'=>'" + params['gateway_weight'] + "'];" result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': write_config(module, configuration) result['changed'] = True for section in ['interfaces', 'gateways']: result[section] = read_config(module, section) module.exit_json(**result)
def run_module(): module_args = dict(state=dict(required=False, default='present', choices=['present', 'absent']), zebra=dict(required=False), bgpd=dict(required=False), ospfd=dict(required=False), ospf6d=dict(required=False)) args = ['zebra', 'bgpd', 'ospfd', 'ospf6d'] result = dict(changed=False, ) module = AnsibleModule(argument_spec=module_args, required_one_of=[args], supports_check_mode=True) params = module.params configuration = "" pfsense_check(module) if not os.path.isfile('/usr/local/pkg/frr.inc'): module.fail_json(msg='pfsense-pkg-frr package not installed') index = 0 cfg = read_config(module, 'installedpackages') try: frr = cfg['frrglobalraw']['config'][0] except: index = "" base = "$config['installedpackages']['frrglobalraw']['config'][0]" if params['state'] == 'present': for p in args: if type(params[p]) in [str, unicode]: validate(module, p, params[p]) if index == "" or (p in frr and params[p] != frr[p]): configuration += base + "['" + p + "']='" + params[ p] + "';\n" elif params['state'] == 'absent': if index != '': configuration += "unset(" + base + ");\n" else: module.fail_json( msg= 'Incorrect state value, possible choices: absent, present(default)' ) result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': # uncomment these to overwrite gui config configuration += "unset($config['installedpackages']['frr']);\n" configuration += "unset($config['installedpackages']['frrbgp']);\n" configuration += "$frr['enable']='on';\n" configuration += "$config['installedpackages']['frrbgp']['config']=$frr;\n" configuration += "$frr['password']=uniqid();\n" configuration += "$config['installedpackages']['frr']['config']=$frr;\n" # Write new config configuration += "write_config();\n;" # Apply the config configuration += "include('/usr/local/pkg/frr.inc');frr_generate_config();\n" write_config(module, configuration) result['changed'] = True module.exit_json(**result)
def run_module(): module_args = dict( state=dict(required=False, default='present', choices=['present', 'absent']), uniqid=dict(required=False), interface=dict(required=False, default='lo0', choices=['lo0', 'wan', 'lan', 'opt1', 'opt2']), mode=dict(required=False, default='ipalias', choices=['ipalias', 'carp', 'proxyarp', 'other']), subnet=dict(Required=True), subnet_bits=dict(required=False, default='32'), type=dict(required=False, default='single'), vhid=dict(required=False, default=''), password=dict(required=False, default=''), advbase=dict(required=False, default='1'), advskew=dict(required=False, default='0'), descr=dict(required=False, default='')) result = dict(changed=False, ) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) section = 'virtualip' configuration = "" params = module.params pfsense_check(module) cfg = read_config(module, section) index = '' if type(cfg) is dict and 'vip' in cfg: if isstr(params['uniqid']): index = search(cfg['vip'], 'uniqid', params['uniqid']) else: params['uniqid'] = uniqid() if index == '': index = search(cfg['vip'], 'subnet', params['subnet']) base = "$config['virtualip']['vip'][" + str(index) + "]" if params['state'] == 'present': for p in [ 'mode', 'type', 'uniqid', 'interface', 'descr', 'subnet', 'subnet_bits', 'vhid', 'password', 'advbase', 'advskew' ]: if isstr(params[p]): validate(module, p, params[p]) if index == '': configuration += "$virtualip['" + p + "']='" + params[ p] + "';\n" elif cfg[index][p] != params[p]: configuration += base + "['" + p + "']='" + params[ p] + "';\n" if index == '': configuration += base + "=$virtualip;\n" elif params['state'] == 'absent': if index != '': configuration += "unset(" + base + ");\n" else: module.fail_json( msg= 'Incorrect state value, possible choices: absent, present(default)' ) result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': write_config(module, configuration) result['changed'] = True result[section] = read_config(module, section) module.exit_json(**result)
def run_module(): module_args = dict( state=dict(required=False, default='present', choices=['present', 'absent']), refid=dict(required=True), # 10 digit (e.g. timestamp) name=dict(required=True), host=dict(required=True), type=dict(required=False, default='ldap', choices=['ldap', 'radius']), radius_protocol=dict( required=False, default='MS-CHAPv2', choices=['PAP,', 'MD5-CHAP', 'MS-CHAPv1', 'MS-CHAPv2']), radius_nasip_attribute=dict(required=False), radius_secret=dict(required=False, ), radius_timeout=dict(required=False, default="10"), radius_auth_port=dict(required=False, default="1812"), radius_acct_port=dict(required=False, default="1813"), ldap_port=dict(required=False, default="389"), ldap_urltype=dict( required=False, default="TCP - Standard", choices=['TCP - Standard', 'TCP - STARTTLS', 'SSL - Encrypted']), ldap_protver=dict(required=False, default="3", choices=['2', '3']), ldap_scope=dict(required=False, default="one", choices=['one', 'subtree']), ldap_basedn=dict(required=False), ldap_authcn=dict(required=False), ldap_extended_enabled=dict(required=False, default=""), ldap_extended_query=dict(required=False, default=""), ldap_attr_user=dict(required=False, default="samAccountName"), ldap_attr_group=dict(required=False, default="cn"), ldap_attr_member=dict(required=False, default="memberOf"), ldap_attr_groupobj=dict(required=False, default="group"), ldap_timeout=dict(required=False, default="25"), ldap_binddn=dict(required=False), ldap_bindpw=dict(required=False)) result = dict(changed=False, ) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) params = module.params configuration = "" pfsense_check(module) # get config and find our authserver cfg = read_config(module, 'system') try: index = search(cfg['authserver'], 'refid', params['refid']) except: index = '' configuration = "$config['system']['authserver']=[];\n" base = "$config['system']['authserver'][" + str(index) + "]" if params['state'] == 'present': for p in ['type', 'refid', 'name', 'host']: validate(module, p, params[p]) if index == '': configuration += "$auth['" + p + "'] = '" + params[p] + "';\n" elif params[p] != cfg['authserver'][index][p]: configuration += base + "['" + p + "'] = '" + params[p] + "';\n" for p in params: if type(params[p]) is str and p.split('_')[0] == params['type']: validate(module, p, params[p]) if index == '': configuration += "$auth['" + p + "'] = '" + params[ p] + "';\n" elif params[p] != cfg['authserver'][index][p]: configuration += base + "['" + p + "'] = '" + params[ p] + "';\n" if index == '': configuration += base + "=$auth;\n" elif params['state'] == 'absent': if index != '': configuration += "unset(" + base + ");\n" else: module.fail_json( msg= 'Incorrect state value, possible choices: absent, present(default)' ) result['phpcode'] = configuration if module.check_mode: module.exit_json(**result) if configuration != '': write_config(module, configuration) result['changed'] = True cfg = read_config(module, 'system') result['authserver'] = cfg['authserver'] module.exit_json(**result)