def _add_firewall_rules(module, oneandone_conn, firewall_id, rules):
"""
Adds new rules to a firewall policy.
"""
try:
firewall_rules = []
for rule in rules:
firewall_rule = oneandone.client.FirewallPolicyRule(
protocol=rule['protocol'],
port_from=rule['port_from'],
port_to=rule['port_to'],
source=rule['source'])
firewall_rules.append(firewall_rule)
if module.check_mode:
firewall_policy_id = get_firewall_policy(oneandone_conn,
firewall_id)
if (firewall_rules and firewall_policy_id):
return True
return False
firewall_policy = oneandone_conn.add_firewall_policy_rule(
firewall_id=firewall_id, firewall_policy_rules=firewall_rules)
return firewall_policy
except Exception as e:
module.fail_json(msg=str(e))
def create_firewall_policy(module, oneandone_conn):
"""
Create a new firewall policy.
module : AnsibleModule object
oneandone_conn: authenticated oneandone object
"""
try:
name = module.params.get('name')
description = module.params.get('description')
rules = module.params.get('rules')
wait = module.params.get('wait')
wait_timeout = module.params.get('wait_timeout')
wait_interval = module.params.get('wait_interval')
firewall_rules = []
for rule in rules:
firewall_rule = oneandone.client.FirewallPolicyRule(
protocol=rule['protocol'],
port_from=rule['port_from'],
port_to=rule['port_to'],
source=rule['source'])
firewall_rules.append(firewall_rule)
firewall_policy_obj = oneandone.client.FirewallPolicy(
name=name,
description=description
)
_check_mode(module, True)
firewall_policy = oneandone_conn.create_firewall_policy(
firewall_policy=firewall_policy_obj,
firewall_policy_rules=firewall_rules
)
if wait:
wait_for_resource_creation_completion(
oneandone_conn,
OneAndOneResources.firewall_policy,
firewall_policy['id'],
wait_timeout,
wait_interval)
firewall_policy = get_firewall_policy(oneandone_conn, firewall_policy['id'], True) # refresh
changed = True if firewall_policy else False
_check_mode(module, False)
return (changed, firewall_policy)
except Exception as e:
module.fail_json(msg=str(e))
def remove_firewall_policy(module, oneandone_conn):
"""
Removes a firewall policy.
module : AnsibleModule object
oneandone_conn: authenticated oneandone object
"""
try:
fp_id = module.params.get('name')
firewall_policy_id = get_firewall_policy(oneandone_conn, fp_id)
if module.check_mode:
if firewall_policy_id is None:
_check_mode(module, False)
_check_mode(module, True)
firewall_policy = oneandone_conn.delete_firewall(firewall_policy_id)
changed = True if firewall_policy else False
return (changed, {
'id': firewall_policy['id'],
'name': firewall_policy['name']
})
except Exception as e:
module.fail_json(msg=str(e))
def update_firewall_policy(module, oneandone_conn):
"""
Updates a firewall policy based on input arguments.
Firewall rules and server ips can be added/removed to/from
firewall policy. Firewall policy name and description can be
updated as well.
module : AnsibleModule object
oneandone_conn: authenticated oneandone object
"""
try:
firewall_policy_id = module.params.get('firewall_policy')
name = module.params.get('name')
description = module.params.get('description')
add_server_ips = module.params.get('add_server_ips')
remove_server_ips = module.params.get('remove_server_ips')
add_rules = module.params.get('add_rules')
remove_rules = module.params.get('remove_rules')
changed = False
firewall_policy = get_firewall_policy(oneandone_conn,
firewall_policy_id, True)
if firewall_policy is None:
_check_mode(module, False)
if name or description:
_check_mode(module, True)
firewall_policy = oneandone_conn.modify_firewall(
firewall_id=firewall_policy['id'],
name=name,
description=description)
changed = True
if add_server_ips:
if module.check_mode:
_check_mode(
module,
_add_server_ips(module, oneandone_conn,
firewall_policy['id'], add_server_ips))
firewall_policy = _add_server_ips(module, oneandone_conn,
firewall_policy['id'],
add_server_ips)
changed = True
if remove_server_ips:
chk_changed = False
for server_ip_id in remove_server_ips:
if module.check_mode:
chk_changed |= _remove_firewall_server(
module, oneandone_conn, firewall_policy['id'],
server_ip_id)
_remove_firewall_server(module, oneandone_conn,
firewall_policy['id'], server_ip_id)
_check_mode(module, chk_changed)
firewall_policy = get_firewall_policy(oneandone_conn,
firewall_policy['id'], True)
changed = True
if add_rules:
firewall_policy = _add_firewall_rules(module, oneandone_conn,
firewall_policy['id'],
add_rules)
_check_mode(module, firewall_policy)
changed = True
if remove_rules:
chk_changed = False
for rule_id in remove_rules:
if module.check_mode:
chk_changed |= _remove_firewall_rule(
module, oneandone_conn, firewall_policy['id'], rule_id)
_remove_firewall_rule(module, oneandone_conn,
firewall_policy['id'], rule_id)
_check_mode(module, chk_changed)
firewall_policy = get_firewall_policy(oneandone_conn,
firewall_policy['id'], True)
changed = True
return (changed, firewall_policy)
except Exception as e:
module.fail_json(msg=str(e))
def create_server(module, oneandone_conn):
"""
Create new server
module : AnsibleModule object
oneandone_conn: authenticated oneandone object
Returns a dictionary containing a 'changed' attribute indicating whether
any server was added, and a 'servers' attribute with the list of the
created servers' hostname, id and ip addresses.
"""
hostname = module.params.get('hostname')
description = module.params.get('description')
auto_increment = module.params.get('auto_increment')
count = module.params.get('count')
fixed_instance_size = module.params.get('fixed_instance_size')
vcore = module.params.get('vcore')
cores_per_processor = module.params.get('cores_per_processor')
ram = module.params.get('ram')
hdds = module.params.get('hdds')
datacenter = module.params.get('datacenter')
appliance = module.params.get('appliance')
ssh_key = module.params.get('ssh_key')
private_network = module.params.get('private_network')
monitoring_policy = module.params.get('monitoring_policy')
firewall_policy = module.params.get('firewall_policy')
load_balancer = module.params.get('load_balancer')
server_type = module.params.get('server_type')
wait = module.params.get('wait')
wait_timeout = module.params.get('wait_timeout')
wait_interval = module.params.get('wait_interval')
datacenter_id = get_datacenter(oneandone_conn, datacenter)
if datacenter_id is None:
_check_mode(module, False)
module.fail_json(msg='datacenter %s not found.' % datacenter)
fixed_instance_size_id = None
if fixed_instance_size:
fixed_instance_size_id = get_fixed_instance_size(
oneandone_conn, fixed_instance_size)
if fixed_instance_size_id is None:
_check_mode(module, False)
module.fail_json(msg='fixed_instance_size %s not found.' %
fixed_instance_size)
appliance_id = get_appliance(oneandone_conn, appliance)
if appliance_id is None:
_check_mode(module, False)
module.fail_json(msg='appliance %s not found.' % appliance)
private_network_id = None
if private_network:
private_network_id = get_private_network(oneandone_conn,
private_network)
if private_network_id is None:
_check_mode(module, False)
module.fail_json(msg='private network %s not found.' %
private_network)
monitoring_policy_id = None
if monitoring_policy:
monitoring_policy_id = get_monitoring_policy(oneandone_conn,
monitoring_policy)
if monitoring_policy_id is None:
_check_mode(module, False)
module.fail_json(msg='monitoring policy %s not found.' %
monitoring_policy)
firewall_policy_id = None
if firewall_policy:
firewall_policy_id = get_firewall_policy(oneandone_conn,
firewall_policy)
if firewall_policy_id is None:
_check_mode(module, False)
module.fail_json(msg='firewall policy %s not found.' %
firewall_policy)
load_balancer_id = None
if load_balancer:
load_balancer_id = get_load_balancer(oneandone_conn, load_balancer)
if load_balancer_id is None:
_check_mode(module, False)
module.fail_json(msg='load balancer %s not found.' % load_balancer)
if auto_increment:
hostnames = _auto_increment_hostname(count, hostname)
descriptions = _auto_increment_description(count, description)
else:
hostnames = [hostname] * count
descriptions = [description] * count
hdd_objs = []
if hdds:
for hdd in hdds:
hdd_objs.append(
oneandone.client.Hdd(size=hdd['size'], is_main=hdd['is_main']))
servers = []
for index, name in enumerate(hostnames):
server = _create_server(module=module,
oneandone_conn=oneandone_conn,
hostname=name,
description=descriptions[index],
fixed_instance_size_id=fixed_instance_size_id,
vcore=vcore,
cores_per_processor=cores_per_processor,
ram=ram,
hdds=hdd_objs,
datacenter_id=datacenter_id,
appliance_id=appliance_id,
ssh_key=ssh_key,
private_network_id=private_network_id,
monitoring_policy_id=monitoring_policy_id,
firewall_policy_id=firewall_policy_id,
load_balancer_id=load_balancer_id,
server_type=server_type,
wait=wait,
wait_timeout=wait_timeout,
wait_interval=wait_interval)
if server:
servers.append(server)
changed = False
if servers:
for server in servers:
if server:
_check_mode(module, True)
_check_mode(module, False)
servers = [_insert_network_data(_server) for _server in servers]
changed = True
_check_mode(module, False)
return (changed, servers)
