def main():
"""main entry point for module execution
"""
argument_spec = dict(
netconf_port=dict(type='int', default=830, aliases=['listens_on']),
netconf_vrf=dict(aliases=['vrf'], default='default'),
state=dict(default='present', choices=['present', 'absent']),
)
argument_spec.update(iosxr_argument_spec)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
warnings = list()
result = {'changed': False, 'warnings': warnings}
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands((want, have))
result['commands'] = commands
if commands:
commit = not module.check_mode
diff = load_config(module, commands, commit=commit)
if diff:
result['diff'] = dict(prepared=diff)
result['changed'] = True
module.exit_json(**result)
def map_obj_to_commands(self):
commands = list()
for w in self._want:
name = w['name']
state = w['state']
obj_in_have = search_obj_in_list(name, self._have)
if state == 'absent' and obj_in_have:
commands.append('no username ' + name)
elif state == 'present' and not obj_in_have:
user_cmd = 'username ' + name
commands.append(user_cmd)
if w['configured_password']:
commands.append(user_cmd + ' secret ' + w['configured_password'])
if w['group']:
commands.append(user_cmd + ' group ' + w['group'])
elif w['groups']:
for group in w['groups']:
commands.append(user_cmd + ' group ' + group)
elif state == 'present' and obj_in_have:
user_cmd = 'username ' + name
if self._module.params['update_password'] == 'always' and w['configured_password']:
commands.append(user_cmd + ' secret ' + w['configured_password'])
if w['group'] and w['group'] != obj_in_have['group']:
commands.append(user_cmd + ' group ' + w['group'])
elif w['groups']:
for group in w['groups']:
commands.append(user_cmd + ' group ' + group)
if self._module.params['purge']:
want_users = [x['name'] for x in self._want]
have_users = [x['name'] for x in self._have]
for item in set(have_users).difference(set(want_users)):
if item != 'admin':
commands.append('no username %s' % item)
if 'no username admin' in commands:
self._module.fail_json(msg='cannot delete the `admin` account')
self._result['commands'] = []
if commands:
commit = not self._module.check_mode
diff = load_config(self._module, commands, commit=commit)
if diff:
self._result['diff'] = dict(prepared=diff)
self._result['commands'] = commands
self._result['changed'] = True
def run(module, result):
match = module.params['match']
replace = module.params['replace']
replace_config = replace == 'config'
path = module.params['parents']
comment = module.params['comment']
admin = module.params['admin']
check_mode = module.check_mode
candidate_config = get_candidate(module)
running_config = get_running_config(module)
sanitize_candidate_config(candidate_config.items)
sanitize_running_config(running_config.items)
commands = None
if match != 'none' and replace != 'config':
commands = candidate_config.difference(running_config, path=path, match=match, replace=replace)
elif replace_config:
can_config = candidate_config.difference(running_config, path=path, match=match, replace=replace)
candidate = dumps(can_config, 'commands').split('\n')
run_config = running_config.difference(candidate_config, path=path, match=match, replace=replace)
running = dumps(run_config, 'commands').split('\n')
if len(candidate) > 1 or len(running) > 1:
ret = copy_file_to_node(module)
if not ret:
module.fail_json(msg='Copy of config file to the node failed')
commands = ['load harddisk:/ansible_config.txt']
else:
commands = candidate_config.items
if commands:
if not replace_config:
commands = dumps(commands, 'commands').split('\n')
if any((module.params['lines'], module.params['src'])):
if module.params['before']:
commands[:0] = module.params['before']
if module.params['after']:
commands.extend(module.params['after'])
result['commands'] = commands
commit = not check_mode
diff = load_config(module, commands, commit=commit, replace=replace_config, comment=comment, admin=admin)
if diff:
result['diff'] = dict(prepared=diff)
result['changed'] = True
def map_obj_to_commands(self):
commands = list()
args = ('speed', 'description', 'duplex', 'mtu')
for want_item in self._want:
name = want_item['name']
disable = not want_item['enabled']
state = want_item['state']
obj_in_have = self.search_obj_in_list(name)
interface = 'interface ' + name
if state == 'absent' and obj_in_have:
commands.append('no ' + interface)
elif state in ('present', 'up', 'down'):
if obj_in_have:
for item in args:
candidate = want_item.get(item)
running = obj_in_have.get(item)
if candidate != running:
if candidate:
cmd = interface + ' ' + item + ' ' + str(candidate)
commands.append(cmd)
if disable and obj_in_have.get('enabled', False):
commands.append(interface + ' shutdown')
elif not disable and not obj_in_have.get('enabled', False):
commands.append('no ' + interface + ' shutdown')
else:
for item in args:
value = want_item.get(item)
if value:
commands.append(interface + ' ' + item + ' ' + str(value))
if not disable:
commands.append('no ' + interface + ' shutdown')
self._result['commands'] = commands
if commands:
commit = not self._module.check_mode
diff = load_config(self._module, commands, commit=commit)
if diff:
self._result['diff'] = dict(prepared=diff)
self._result['changed'] = True
def map_obj_to_xml_rpc(self):
self._system_meta.update([
('vrfs', {'xpath': 'ip-domain/vrfs', 'tag': True, 'operation': 'edit'}),
('vrf', {'xpath': 'ip-domain/vrfs/vrf', 'tag': True, 'operation': 'edit'}),
('a:vrf', {'xpath': 'ip-domain/vrfs/vrf/vrf-name', 'operation': 'edit'}),
('a:domain_name', {'xpath': 'ip-domain/vrfs/vrf/name', 'operation': 'edit', 'attrib': "operation"}),
])
self._system_domain_meta.update([
('vrfs', {'xpath': 'ip-domain/vrfs', 'tag': True, 'operation': 'edit'}),
('vrf', {'xpath': 'ip-domain/vrfs/vrf', 'tag': True, 'operation': 'edit'}),
('a:vrf', {'xpath': 'ip-domain/vrfs/vrf/vrf-name', 'operation': 'edit'}),
('lists', {'xpath': 'ip-domain/vrfs/vrf/lists', 'tag': True, 'operation': 'edit'}),
('list', {'xpath': 'ip-domain/vrfs/vrf/lists/list', 'tag': True, 'operation': 'edit', 'attrib': "operation"}),
('a:order', {'xpath': 'ip-domain/vrfs/vrf/lists/list/order', 'operation': 'edit'}),
('a:domain_search', {'xpath': 'ip-domain/vrfs/vrf/lists/list/list-name', 'operation': 'edit'}),
])
self._system_server_meta.update([
('vrfs', {'xpath': 'ip-domain/vrfs', 'tag': True, 'operation': 'edit'}),
('vrf', {'xpath': 'ip-domain/vrfs/vrf', 'tag': True, 'operation': 'edit'}),
('a:vrf', {'xpath': 'ip-domain/vrfs/vrf/vrf-name', 'operation': 'edit'}),
('servers', {'xpath': 'ip-domain/vrfs/vrf/servers', 'tag': True, 'operation': 'edit'}),
('server', {'xpath': 'ip-domain/vrfs/vrf/servers/server', 'tag': True, 'operation': 'edit', 'attrib': "operation"}),
('a:order', {'xpath': 'ip-domain/vrfs/vrf/servers/server/order', 'operation': 'edit'}),
('a:name_servers', {'xpath': 'ip-domain/vrfs/vrf/servers/server/server-address', 'operation': 'edit'}),
])
self._hostname_meta.update([
('a:hostname', {'xpath': 'host-names/host-name', 'operation': 'edit', 'attrib': "operation"}),
])
self._lookup_source_meta.update([
('vrfs', {'xpath': 'ip-domain/vrfs', 'tag': True, 'operation': 'edit'}),
('vrf', {'xpath': 'ip-domain/vrfs/vrf', 'tag': True, 'operation': 'edit'}),
('a:vrf', {'xpath': 'ip-domain/vrfs/vrf/vrf-name', 'operation': 'edit'}),
('a:lookup_source', {'xpath': 'ip-domain/vrfs/vrf/source-interface', 'operation': 'edit', 'attrib': "operation"}),
])
self._lookup_meta.update([
('vrfs', {'xpath': 'ip-domain/vrfs', 'tag': True, 'operation': 'edit'}),
('vrf', {'xpath': 'ip-domain/vrfs/vrf', 'tag': True, 'operation': 'edit'}),
('a:vrf', {'xpath': 'ip-domain/vrfs/vrf/vrf-name', 'operation': 'edit'}),
('lookup', {'xpath': 'ip-domain/vrfs/vrf/lookup', 'tag': True, 'operation': 'edit', 'attrib': "operation"}),
])
state = self._module.params['state']
_get_filter = build_xml('ip-domain', opcode="filter")
running = get_config(self._module, source='running', config_filter=_get_filter)
_get_filter = build_xml('host-names', opcode="filter")
hostname_runn = get_config(self._module, source='running', config_filter=_get_filter)
hostname_ele = etree_find(hostname_runn, 'host-name')
hostname = hostname_ele.text if hostname_ele is not None else None
vrf_ele = etree_findall(running, 'vrf')
vrf_map = {}
for vrf in vrf_ele:
name_server_list = list()
domain_list = list()
vrf_name_ele = etree_find(vrf, 'vrf-name')
vrf_name = vrf_name_ele.text if vrf_name_ele is not None else None
domain_name_ele = etree_find(vrf, 'name')
domain_name = domain_name_ele.text if domain_name_ele is not None else None
domain_ele = etree_findall(vrf, 'list-name')
for domain in domain_ele:
domain_list.append(domain.text)
server_ele = etree_findall(vrf, 'server-address')
for server in server_ele:
name_server_list.append(server.text)
lookup_source_ele = etree_find(vrf, 'source-interface')
lookup_source = lookup_source_ele.text if lookup_source_ele is not None else None
lookup_enabled = False if etree_find(vrf, 'lookup') is not None else True
vrf_map[vrf_name] = {'domain_name': domain_name,
'domain_search': domain_list,
'name_servers': name_server_list,
'lookup_source': lookup_source,
'lookup_enabled': lookup_enabled}
opcode = None
hostname_param = {}
lookup_param = {}
system_param = {}
sys_server_params = list()
sys_domain_params = list()
add_domain_params = list()
del_domain_params = list()
add_server_params = list()
del_server_params = list()
lookup_source_params = {}
try:
sys_node = vrf_map[self._want['vrf']]
except KeyError:
sys_node = {'domain_name': None,
'domain_search': [],
'name_servers': [],
'lookup_source': None,
'lookup_enabled': True}
if state == 'absent':
opcode = "delete"
def needs_update(x):
return self._want[x] is not None and self._want[x] == sys_node[x]
if needs_update('domain_name'):
system_param = {'vrf': self._want['vrf'], 'domain_name': self._want['domain_name']}
if needs_update('hostname'):
hostname_param = {'hostname': hostname}
if not self._want['lookup_enabled'] and not sys_node['lookup_enabled']:
lookup_param['vrf'] = self._want['vrf']
if needs_update('lookup_source'):
lookup_source_params['vrf'] = self._want['vrf']
lookup_source_params['lookup_source'] = self._want['lookup_source']
if self._want['domain_search']:
domain_param = {}
domain_param['domain_name'] = self._want['domain_name']
domain_param['vrf'] = self._want['vrf']
domain_param['order'] = '0'
for domain in self._want['domain_search']:
if domain in sys_node['domain_search']:
domain_param['domain_search'] = domain
sys_domain_params.append(domain_param.copy())
if self._want['name_servers']:
server_param = {}
server_param['vrf'] = self._want['vrf']
server_param['order'] = '0'
for server in self._want['name_servers']:
if server in sys_node['name_servers']:
server_param['name_servers'] = server
sys_server_params.append(server_param.copy())
elif state == 'present':
opcode = "merge"
def needs_update(x):
return self._want[x] is not None and (sys_node[x] is None or
(sys_node[x] is not None and self._want[x] != sys_node[x]))
if needs_update('domain_name'):
system_param = {'vrf': self._want['vrf'], 'domain_name': self._want['domain_name']}
if self._want['hostname'] is not None and self._want['hostname'] != hostname:
hostname_param = {'hostname': self._want['hostname']}
if not self._want['lookup_enabled'] and sys_node['lookup_enabled']:
lookup_param['vrf'] = self._want['vrf']
if needs_update('lookup_source'):
lookup_source_params['vrf'] = self._want['vrf']
lookup_source_params['lookup_source'] = self._want['lookup_source']
if self._want['domain_search']:
domain_adds, domain_removes = diff_list(self._want['domain_search'], sys_node['domain_search'])
domain_param = {}
domain_param['domain_name'] = self._want['domain_name']
domain_param['vrf'] = self._want['vrf']
domain_param['order'] = '0'
for domain in domain_adds:
if domain not in sys_node['domain_search']:
domain_param['domain_search'] = domain
add_domain_params.append(domain_param.copy())
for domain in domain_removes:
if domain in sys_node['domain_search']:
domain_param['domain_search'] = domain
del_domain_params.append(domain_param.copy())
if self._want['name_servers']:
server_adds, server_removes = diff_list(self._want['name_servers'], sys_node['name_servers'])
server_param = {}
server_param['vrf'] = self._want['vrf']
server_param['order'] = '0'
for domain in server_adds:
if domain not in sys_node['name_servers']:
server_param['name_servers'] = domain
add_server_params.append(server_param.copy())
for domain in server_removes:
if domain in sys_node['name_servers']:
server_param['name_servers'] = domain
del_server_params.append(server_param.copy())
self._result['xml'] = []
_edit_filter_list = list()
if opcode:
if hostname_param:
_edit_filter_list.append(build_xml('host-names', xmap=self._hostname_meta,
params=hostname_param, opcode=opcode))
if system_param:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._system_meta,
params=system_param, opcode=opcode))
if lookup_source_params:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._lookup_source_meta,
params=lookup_source_params, opcode=opcode))
if lookup_param:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._lookup_meta,
params=lookup_param, opcode=opcode))
if opcode == 'delete':
if sys_domain_params:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._system_domain_meta,
params=sys_domain_params, opcode=opcode))
if sys_server_params:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._system_server_meta,
params=sys_server_params, opcode=opcode))
if self._want['vrf'] != 'default':
self._result['warnings'] = ["name-servers delete operation with non-default vrf is a success, "
"but with rpc-error. Recommended to use 'ignore_errors' option with the task as a workaround"]
elif opcode == 'merge':
if add_domain_params:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._system_domain_meta,
params=add_domain_params, opcode=opcode))
if del_domain_params:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._system_domain_meta,
params=del_domain_params, opcode="delete"))
if add_server_params:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._system_server_meta,
params=add_server_params, opcode=opcode))
if del_server_params:
_edit_filter_list.append(build_xml('ip-domain', xmap=self._system_server_meta,
params=del_server_params, opcode="delete"))
diff = None
if _edit_filter_list:
commit = not self._module.check_mode
diff = load_config(self._module, _edit_filter_list, commit=commit, running=running,
nc_get_filter=_get_filter)
if diff:
if self._module._diff:
self._result['diff'] = dict(prepared=diff)
self._result['xml'] = _edit_filter_list
self._result['changed'] = True
def map_obj_to_commands(self):
commands = list()
state = self._module.params['state']
def needs_update(x):
return self._want.get(x) and (self._want.get(x) != self._have.get(x))
if state == 'absent':
if self._have['hostname'] != 'ios':
commands.append('no hostname')
if self._have['domain_name']:
commands.append('no domain name')
if self._have['lookup_source']:
commands.append('no domain lookup source-interface {0!s}'.format(self._have['lookup_source']))
if not self._have['lookup_enabled']:
commands.append('no domain lookup disable')
for item in self._have['name_servers']:
commands.append('no domain name-server {0!s}'.format(item))
for item in self._have['domain_search']:
commands.append('no domain list {0!s}'.format(item))
elif state == 'present':
if needs_update('hostname'):
commands.append('hostname {0!s}'.format(self._want['hostname']))
if needs_update('domain_name'):
commands.append('domain name {0!s}'.format(self._want['domain_name']))
if needs_update('lookup_source'):
commands.append('domain lookup source-interface {0!s}'.format(self._want['lookup_source']))
cmd = None
if not self._want['lookup_enabled'] and self._have['lookup_enabled']:
cmd = 'domain lookup disable'
elif self._want['lookup_enabled'] and not self._have['lookup_enabled']:
cmd = 'no domain lookup disable'
if cmd is not None:
commands.append(cmd)
if self._want['name_servers'] is not None:
adds, removes = diff_list(self._want['name_servers'], self._have['name_servers'])
for item in adds:
commands.append('domain name-server {0!s}'.format(item))
for item in removes:
commands.append('no domain name-server {0!s}'.format(item))
if self._want['domain_search'] is not None:
adds, removes = diff_list(self._want['domain_search'], self._have['domain_search'])
for item in adds:
commands.append('domain list {0!s}'.format(item))
for item in removes:
commands.append('no domain list {0!s}'.format(item))
self._result['commands'] = []
if commands:
commit = not self._module.check_mode
diff = load_config(self._module, commands, commit=commit)
if diff:
self._result['diff'] = dict(prepared=diff)
self._result['commands'] = commands
self._result['changed'] = True
def map_obj_to_xml_rpc(self):
self._locald_meta.update([
('aaa_locald', {'xpath': 'aaa/usernames', 'tag': True, 'ns': True}),
('username', {'xpath': 'aaa/usernames/username', 'tag': True, 'attrib': "operation"}),
('a:name', {'xpath': 'aaa/usernames/username/name'}),
('a:configured_password', {'xpath': 'aaa/usernames/username/secret', 'operation': 'edit'}),
])
self._locald_group_meta.update([
('aaa_locald', {'xpath': 'aaa/usernames', 'tag': True, 'ns': True}),
('username', {'xpath': 'aaa/usernames/username', 'tag': True, 'attrib': "operation"}),
('a:name', {'xpath': 'aaa/usernames/username/name'}),
('usergroups', {'xpath': 'aaa/usernames/username/usergroup-under-usernames', 'tag': True, 'operation': 'edit'}),
('usergroup', {'xpath': 'aaa/usernames/username/usergroup-under-usernames/usergroup-under-username', 'tag': True, 'operation': 'edit'}),
('a:group', {'xpath': 'aaa/usernames/username/usergroup-under-usernames/usergroup-under-username/name', 'operation': 'edit'}),
])
state = self._module.params['state']
_get_filter = build_xml('aaa', opcode="filter")
running = get_config(self._module, source='running', config_filter=_get_filter)
elements = etree_findall(running, 'username')
users = list()
for element in elements:
name_list = etree_findall(element, 'name')
users.append(name_list[0].text)
list_size = len(name_list)
if list_size == 1:
self._have.append({'name': name_list[0].text, 'group': None, 'groups': None})
elif list_size == 2:
self._have.append({'name': name_list[0].text, 'group': name_list[1].text, 'groups': None})
elif list_size > 2:
name_iter = iter(name_list)
next(name_iter)
tmp_list = list()
for name in name_iter:
tmp_list.append(name.text)
self._have.append({'name': name_list[0].text, 'group': None, 'groups': tmp_list})
locald_params = list()
locald_group_params = list()
opcode = None
if state == 'absent':
opcode = "delete"
for want_item in self._want:
if want_item['name'] in users:
want_item['configured_password'] = None
locald_params.append(want_item)
elif state == 'present':
opcode = "merge"
for want_item in self._want:
if want_item['name'] not in users:
want_item['configured_password'] = self.generate_md5_hash(want_item['configured_password'])
locald_params.append(want_item)
if want_item['group'] is not None:
locald_group_params.append(want_item)
if want_item['groups'] is not None:
for group in want_item['groups']:
want_item['group'] = group
locald_group_params.append(want_item.copy())
else:
if self._module.params['update_password'] == 'always' and want_item['configured_password'] is not None:
want_item['configured_password'] = self.generate_md5_hash(want_item['configured_password'])
locald_params.append(want_item)
else:
want_item['configured_password'] = None
obj_in_have = search_obj_in_list(want_item['name'], self._have)
if want_item['group'] is not None and want_item['group'] != obj_in_have['group']:
locald_group_params.append(want_item)
elif want_item['groups'] is not None:
for group in want_item['groups']:
want_item['group'] = group
locald_group_params.append(want_item.copy())
purge_params = list()
if self._module.params['purge']:
want_users = [x['name'] for x in self._want]
have_users = [x['name'] for x in self._have]
for item in set(have_users).difference(set(want_users)):
if item != 'admin':
purge_params.append({'name': item})
self._result['xml'] = []
_edit_filter_list = list()
if opcode is not None:
if locald_params:
_edit_filter_list.append(build_xml('aaa', xmap=self._locald_meta,
params=locald_params, opcode=opcode))
if locald_group_params:
_edit_filter_list.append(build_xml('aaa', xmap=self._locald_group_meta,
params=locald_group_params, opcode=opcode))
if purge_params:
_edit_filter_list.append(build_xml('aaa', xmap=self._locald_meta,
params=purge_params, opcode="delete"))
diff = None
if _edit_filter_list:
commit = not self._module.check_mode
diff = load_config(self._module, _edit_filter_list, commit=commit, running=running,
nc_get_filter=_get_filter)
if diff:
if self._module._diff:
self._result['diff'] = dict(prepared=diff)
self._result['xml'] = _edit_filter_list
self._result['changed'] = True
def map_obj_to_xml_rpc(self):
self._locald_meta.update([
('aaa_locald', {
'xpath': 'aaa/usernames',
'tag': True,
'ns': True
}),
('username', {
'xpath': 'aaa/usernames/username',
'tag': True,
'attrib': "operation"
}),
('a:name', {
'xpath': 'aaa/usernames/username/name'
}),
('a:configured_password', {
'xpath': 'aaa/usernames/username/secret',
'operation': 'edit'
}),
])
self._locald_group_meta.update([
('aaa_locald', {
'xpath': 'aaa/usernames',
'tag': True,
'ns': True
}),
('username', {
'xpath': 'aaa/usernames/username',
'tag': True,
'attrib': "operation"
}),
('a:name', {
'xpath': 'aaa/usernames/username/name'
}),
('usergroups', {
'xpath': 'aaa/usernames/username/usergroup-under-usernames',
'tag': True,
'operation': 'edit'
}),
('usergroup', {
'xpath':
'aaa/usernames/username/usergroup-under-usernames/usergroup-under-username',
'tag': True,
'operation': 'edit'
}),
('a:group', {
'xpath':
'aaa/usernames/username/usergroup-under-usernames/usergroup-under-username/name',
'operation': 'edit'
}),
])
state = self._module.params['state']
_get_filter = build_xml('aaa', opcode="filter")
running = get_config(self._module,
source='running',
config_filter=_get_filter)
elements = etree_findall(running, 'username')
users = list()
for element in elements:
name_list = etree_findall(element, 'name')
users.append(name_list[0].text)
list_size = len(name_list)
if list_size == 1:
self._have.append({
'name': name_list[0].text,
'group': None,
'groups': None
})
elif list_size == 2:
self._have.append({
'name': name_list[0].text,
'group': name_list[1].text,
'groups': None
})
elif list_size > 2:
name_iter = iter(name_list)
next(name_iter)
tmp_list = list()
for name in name_iter:
tmp_list.append(name.text)
self._have.append({
'name': name_list[0].text,
'group': None,
'groups': tmp_list
})
locald_params = list()
locald_group_params = list()
opcode = None
if state == 'absent':
opcode = "delete"
for want_item in self._want:
if want_item['name'] in users:
want_item['configured_password'] = None
locald_params.append(want_item)
elif state == 'present':
opcode = "merge"
for want_item in self._want:
if want_item['name'] not in users:
want_item['configured_password'] = self.generate_md5_hash(
want_item['configured_password'])
locald_params.append(want_item)
if want_item['group'] is not None:
locald_group_params.append(want_item)
if want_item['groups'] is not None:
for group in want_item['groups']:
want_item['group'] = group
locald_group_params.append(want_item.copy())
else:
if self._module.params[
'update_password'] == 'always' and want_item[
'configured_password'] is not None:
want_item[
'configured_password'] = self.generate_md5_hash(
want_item['configured_password'])
locald_params.append(want_item)
else:
want_item['configured_password'] = None
obj_in_have = search_obj_in_list(want_item['name'],
self._have)
if want_item['group'] is not None and want_item[
'group'] != obj_in_have['group']:
locald_group_params.append(want_item)
elif want_item['groups'] is not None:
for group in want_item['groups']:
want_item['group'] = group
locald_group_params.append(want_item.copy())
purge_params = list()
if self._module.params['purge']:
want_users = [x['name'] for x in self._want]
have_users = [x['name'] for x in self._have]
for item in set(have_users).difference(set(want_users)):
if item != 'admin':
purge_params.append({'name': item})
self._result['xml'] = []
_edit_filter_list = list()
if opcode is not None:
if locald_params:
_edit_filter_list.append(
build_xml('aaa',
xmap=self._locald_meta,
params=locald_params,
opcode=opcode))
if locald_group_params:
_edit_filter_list.append(
build_xml('aaa',
xmap=self._locald_group_meta,
params=locald_group_params,
opcode=opcode))
if purge_params:
_edit_filter_list.append(
build_xml('aaa',
xmap=self._locald_meta,
params=purge_params,
opcode="delete"))
diff = None
if _edit_filter_list:
commit = not self._module.check_mode
diff = load_config(self._module,
_edit_filter_list,
commit=commit,
running=running,
nc_get_filter=_get_filter)
if diff:
if self._module._diff:
self._result['diff'] = dict(prepared=diff)
self._result['xml'] = _edit_filter_list
self._result['changed'] = True
def main():
""" main entry point for module execution
"""
element_spec = dict(
name=dict(),
configured_password=dict(no_log=True),
update_password=dict(default='always', choices=['on_create', 'always']),
public_key=dict(),
public_key_contents=dict(),
group=dict(aliases=['role']),
groups=dict(type='list', elements='dict'),
state=dict(default='present', choices=['present', 'absent'])
)
aggregate_spec = deepcopy(element_spec)
aggregate_spec['name'] = dict(required=True)
# remove default in aggregate spec, to handle common arguments
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type='list', elements='dict', options=aggregate_spec, aliases=['users', 'collection']),
purge=dict(type='bool', default=False)
)
argument_spec.update(element_spec)
argument_spec.update(iosxr_argument_spec)
mutually_exclusive = [('name', 'aggregate'), ('public_key', 'public_key_contents'), ('group', 'groups')]
module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
supports_check_mode=True)
if (module.params['public_key_contents'] or module.params['public_key']):
if not HAS_B64:
module.fail_json(
msg='library base64 is required but does not appear to be '
'installed. It can be installed using `pip install base64`'
)
if not HAS_PARAMIKO:
module.fail_json(
msg='library paramiko is required but does not appear to be '
'installed. It can be installed using `pip install paramiko`'
)
warnings = list()
if module.params['password'] and not module.params['configured_password']:
warnings.append(
'The "password" argument is used to authenticate the current connection. ' +
'To set a user password use "configured_password" instead.'
)
result = {'changed': False}
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands((want, have), module)
if module.params['purge']:
want_users = [x['name'] for x in want]
have_users = [x['name'] for x in have]
for item in set(have_users).difference(want_users):
if item != 'admin':
commands.append('no username %s' % item)
result['commands'] = commands
result['warnings'] = warnings
if 'no username admin' in commands:
module.fail_json(msg='cannot delete the `admin` account')
if commands:
commit = not module.check_mode
diff = load_config(module, commands, commit=commit)
if diff:
result['diff'] = dict(prepared=diff)
result['changed'] = True
if module.params['state'] == 'present' and (module.params['public_key_contents'] or module.params['public_key']):
if not module.check_mode:
key = convert_key_to_base64(module)
copykeys = copy_key_to_node(module, key)
if copykeys is False:
warnings.append('Please set up your provider before running this playbook')
if module.params['aggregate']:
for user in module.params['aggregate']:
cmdtodo = "admin crypto key import authentication rsa username %s harddisk:/publickey_aggregate.b64" % (user)
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
else:
cmdtodo = "admin crypto key import authentication rsa username %s harddisk:/publickey_%s.b64" % (module.params['name'], module.params['name'])
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
elif module.params['state'] == 'absent':
if not module.check_mode:
if module.params['aggregate']:
for user in module.params['aggregate']:
cmdtodo = "admin crypto key zeroize authentication rsa username %s" % (user)
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
else:
cmdtodo = "admin crypto key zeroize authentication rsa username %s" % (module.params['name'])
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
elif module.params['purge'] is True:
if not module.check_mode:
cmdtodo = "admin crypto key zeroize authentication rsa all"
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
module.exit_json(**result)
def run(module, result):
match = module.params['match']
replace = module.params['replace']
replace_config = replace == 'config'
path = module.params['parents']
comment = module.params['comment']
admin = module.params['admin']
check_mode = module.check_mode
candidate_config = get_candidate(module)
running_config = get_running_config(module)
commands = None
if match != 'none' and replace != 'config':
commands = candidate_config.difference(running_config,
path=path,
match=match,
replace=replace)
elif replace_config:
can_config = candidate_config.difference(running_config,
path=path,
match=match,
replace=replace)
candidate = dumps(can_config, 'commands').split('\n')
run_config = running_config.difference(candidate_config,
path=path,
match=match,
replace=replace)
running = dumps(run_config, 'commands').split('\n')
if len(candidate) > 1 or len(running) > 1:
ret = copy_file_to_node(module)
if not ret:
module.fail_json(msg='Copy of config file to the node failed')
commands = ['load harddisk:/ansible_config.txt']
else:
commands = candidate_config.items
if commands:
if not replace_config:
commands = dumps(commands, 'commands').split('\n')
if any((module.params['lines'], module.params['src'])):
if module.params['before']:
commands[:0] = module.params['before']
if module.params['after']:
commands.extend(module.params['after'])
result['commands'] = commands
commit = not check_mode
diff = load_config(module,
commands,
commit=commit,
replace=replace_config,
comment=comment,
admin=admin)
if diff:
result['diff'] = dict(prepared=diff)
result['changed'] = True
def run(module, result):
match = module.params['match']
replace = module.params['replace']
replace_config = replace == 'config'
path = module.params['parents']
comment = module.params['comment']
admin = module.params['admin']
exclusive = module.params['exclusive']
check_mode = module.check_mode
label = module.params['label']
candidate_config = get_candidate(module)
running_config = get_running_config(module)
commands = None
replace_file_path = None
connection = get_connection(module)
try:
response = connection.get_diff(candidate=candidate_config,
running=running_config,
diff_match=match,
path=path,
diff_replace=replace)
except ConnectionError as exc:
module.fail_json(msg=to_text(exc, errors='surrogate_then_replace'))
config_diff = response.get('config_diff')
if replace_config:
running_base_diff_resp = connection.get_diff(candidate=running_config,
running=candidate_config,
diff_match=match,
path=path,
diff_replace=replace)
if config_diff or running_base_diff_resp['config_diff']:
ret = copy_file_to_node(module)
if not ret:
module.fail_json(msg='Copy of config file to the node failed')
commands = ['load harddisk:/ansible_config.txt']
replace_file_path = 'harddisk:/ansible_config.txt'
if config_diff or commands:
if not replace_config:
commands = config_diff.split('\n')
if any((module.params['lines'], module.params['src'])):
if module.params['before']:
commands[:0] = module.params['before']
if module.params['after']:
commands.extend(module.params['after'])
result['commands'] = commands
commit = not check_mode
diff = load_config(module,
commands,
commit=commit,
replace=replace_file_path,
comment=comment,
admin=admin,
exclusive=exclusive,
label=label)
if diff:
result['diff'] = dict(prepared=diff)
result['changed'] = True
def map_obj_to_xml_rpc(self):
self._log_file_meta.update([
('files', {
'xpath': 'syslog/files',
'tag': True,
'operation': 'edit'
}),
('file', {
'xpath': 'syslog/files/file',
'tag': True,
'operation': 'edit',
'attrib': "operation"
}),
('a:name', {
'xpath': 'syslog/files/file/file-name',
'operation': 'edit'
}),
('file-attrib', {
'xpath': 'syslog/files/file/file-log-attributes',
'tag': True,
'operation': 'edit'
}),
('a:size', {
'xpath': 'syslog/files/file/file-log-attributes/max-file-size',
'operation': 'edit'
}),
('a:level', {
'xpath': 'syslog/files/file/file-log-attributes/severity',
'operation': 'edit'
}),
])
self._log_host_meta.update([
('host-server', {
'xpath': 'syslog/host-server',
'tag': True,
'operation': 'edit'
}),
('vrfs', {
'xpath': 'syslog/host-server/vrfs',
'tag': True,
'operation': 'edit'
}),
('vrf', {
'xpath': 'syslog/host-server/vrfs/vrf',
'tag': True,
'operation': 'edit'
}),
('a:vrf', {
'xpath': 'syslog/host-server/vrfs/vrf/vrf-name',
'operation': 'edit'
}),
('ipv4s', {
'xpath': 'syslog/host-server/vrfs/vrf/ipv4s',
'tag': True,
'operation': 'edit'
}),
('ipv4', {
'xpath': 'syslog/host-server/vrfs/vrf/ipv4s/ipv4',
'tag': True,
'operation': 'edit',
'attrib': "operation"
}),
('a:name', {
'xpath': 'syslog/host-server/vrfs/vrf/ipv4s/ipv4/address',
'operation': 'edit'
}),
('ipv4-sev', {
'xpath':
'syslog/host-server/vrfs/vrf/ipv4s/ipv4/ipv4-severity-port',
'tag': True,
'operation': 'edit'
}),
('a:level', {
'xpath':
'syslog/host-server/vrfs/vrf/ipv4s/ipv4/ipv4-severity-port/severity',
'operation': 'edit'
}),
])
self._log_console_meta.update([
('a:enable-console', {
'xpath': 'syslog/enable-console-logging',
'operation': 'edit',
'attrib': "operation"
}),
('console', {
'xpath': 'syslog/console-logging',
'tag': True,
'operation': 'edit',
'attrib': "operation"
}),
('a:console-level', {
'xpath': 'syslog/console-logging/logging-level',
'operation': 'edit'
}),
])
self._log_monitor_meta.update([
('monitor', {
'xpath': 'syslog/monitor-logging',
'tag': True,
'operation': 'edit',
'attrib': "operation"
}),
('a:monitor-level', {
'xpath': 'syslog/monitor-logging/logging-level',
'operation': 'edit'
}),
])
self._log_buffered_size_meta.update([
('buffered', {
'xpath': 'syslog/buffered-logging',
'tag': True,
'operation': 'edit',
'attrib': "operation"
}),
('a:size', {
'xpath': 'syslog/buffered-logging/buffer-size',
'operation': 'edit'
}),
])
self._log_buffered_level_meta.update([
('buffered', {
'xpath': 'syslog/buffered-logging',
'tag': True,
'operation': 'edit',
'attrib': "operation"
}),
('a:level', {
'xpath': 'syslog/buffered-logging/logging-level',
'operation': 'edit'
}),
])
self._log_facility_meta.update([
('facility', {
'xpath': 'syslog/logging-facilities',
'tag': True,
'operation': 'edit',
'attrib': "operation"
}),
('a:facility', {
'xpath': 'syslog/logging-facilities/facility-level',
'operation': 'edit'
}),
])
self._log_prefix_meta.update([
('a:hostnameprefix', {
'xpath': 'syslog/host-name-prefix',
'operation': 'edit',
'attrib': "operation"
}),
])
state = self._module.params['state']
_get_filter = build_xml('syslog', opcode="filter")
running = get_config(self._module,
source='running',
config_filter=_get_filter)
file_ele = etree_findall(running, 'file')
file_list = list()
if len(file_ele):
for file in file_ele:
file_name = etree_find(file, 'file-name')
file_list.append(
file_name.text if file_name is not None else None)
vrf_ele = etree_findall(running, 'vrf')
host_list = list()
for vrf in vrf_ele:
host_ele = etree_findall(vrf, 'ipv4')
for host in host_ele:
host_name = etree_find(host, 'address')
host_list.append(
host_name.text if host_name is not None else None)
console_ele = etree_find(running, 'console-logging')
console_level = etree_find(
console_ele, 'logging-level') if console_ele is not None else None
have_console = console_level.text if console_level is not None else None
monitor_ele = etree_find(running, 'monitor-logging')
monitor_level = etree_find(
monitor_ele, 'logging-level') if monitor_ele is not None else None
have_monitor = monitor_level.text if monitor_level is not None else None
buffered_ele = etree_find(running, 'buffered-logging')
buffered_size = etree_find(
buffered_ele, 'buffer-size') if buffered_ele is not None else None
have_buffered = buffered_size.text if buffered_size is not None else None
facility_ele = etree_find(running, 'logging-facilities')
facility_level = etree_find(
facility_ele,
'facility-level') if facility_ele is not None else None
have_facility = facility_level.text if facility_level is not None else None
prefix_ele = etree_find(running, 'host-name-prefix')
have_prefix = prefix_ele.text if prefix_ele is not None else None
console_enable_ele = etree_find(running, 'enable-console-logging')
have_console_enable = console_enable_ele.text if console_enable_ele is not None else None
file_params = list()
host_params = list()
console_params = dict()
monitor_params = dict()
buffered_params = dict()
facility_params = dict()
prefix_params = dict()
opcode = None
if state == 'absent':
opcode = "delete"
for item in self._want:
if item['dest'] == 'file' and item['name'] in file_list:
item['level'] = severity_level[item['level']]
file_params.append(item)
elif item['dest'] == 'host' and item['name'] in host_list:
item['level'] = severity_level[item['level']]
host_params.append(item)
elif item[
'dest'] == 'console' and have_console and have_console_enable:
console_params.update({'console-level': item['level']})
elif item['dest'] == 'monitor' and have_monitor:
monitor_params.update({'monitor-level': item['level']})
elif item['dest'] == 'buffered' and have_buffered:
buffered_params['size'] = str(
item['size']) if item['size'] else None
buffered_params[
'level'] = item['level'] if item['level'] else None
elif item['dest'] is None and item['hostnameprefix'] is None and \
item['facility'] is not None and have_facility:
facility_params.update({'facility': item['facility']})
elif item['dest'] is None and item[
'hostnameprefix'] is not None and have_prefix:
prefix_params.update(
{'hostnameprefix': item['hostnameprefix']})
elif state == 'present':
opcode = 'merge'
for item in self._want:
if item['dest'] == 'file':
item['level'] = severity_level[item['level']]
file_params.append(item)
elif item['dest'] == 'host':
item['level'] = severity_level[item['level']]
host_params.append(item)
elif item['dest'] == 'console':
console_params.update({'console-level': item['level']})
elif item['dest'] == 'monitor':
monitor_params.update({'monitor-level': item['level']})
elif item['dest'] == 'buffered':
buffered_params['size'] = str(
item['size']) if item['size'] else None
buffered_params[
'level'] = item['level'] if item['level'] else None
elif item['dest'] is None and item['hostnameprefix'] is None and \
item['facility'] is not None:
facility_params.update({'facility': item['facility']})
elif item['dest'] is None and item[
'hostnameprefix'] is not None:
prefix_params.update(
{'hostnameprefix': item['hostnameprefix']})
self._result['xml'] = []
_edit_filter_list = list()
if opcode:
if len(file_params):
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_file_meta,
params=file_params,
opcode=opcode))
if len(host_params):
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_host_meta,
params=host_params,
opcode=opcode))
if len(console_params):
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_console_meta,
params=console_params,
opcode=opcode))
if len(monitor_params):
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_monitor_meta,
params=monitor_params,
opcode=opcode))
if len(buffered_params):
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_buffered_size_meta,
params=buffered_params,
opcode=opcode))
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_buffered_level_meta,
params=buffered_params,
opcode=opcode))
if len(facility_params):
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_facility_meta,
params=facility_params,
opcode=opcode))
if len(prefix_params):
_edit_filter_list.append(
build_xml('syslog',
xmap=self._log_prefix_meta,
params=prefix_params,
opcode=opcode))
diff = None
if len(_edit_filter_list):
commit = not self._module.check_mode
diff = load_config(self._module,
_edit_filter_list,
commit=commit,
running=running,
nc_get_filter=_get_filter)
if diff:
if self._module._diff:
self._result['diff'] = dict(prepared=diff)
self._result['xml'] = _edit_filter_list
self._result['changed'] = True
def map_obj_to_commands(self):
commands = list()
for want_item in self._want:
dest = want_item['dest']
name = want_item['name']
size = want_item['size']
facility = want_item['facility']
level = want_item['level']
vrf = want_item['vrf']
hostnameprefix = want_item['hostnameprefix']
state = want_item['state']
del want_item['state']
have_size = None
have_console_level = None
have_monitor_level = None
have_prefix = None
have_facility = None
for item in self._have:
if item['dest'] == 'buffered':
have_size = item['size']
if item['dest'] == 'console':
have_console_level = item['level']
if item['dest'] == 'monitor':
have_monitor_level = item['level']
if item['dest'] is None and item['hostnameprefix'] is not None:
have_prefix = item['hostnameprefix']
if item['dest'] is None and item[
'hostnameprefix'] is None and item[
'facility'] is not None:
have_facility = item['facility']
if state == 'absent':
if dest == 'host' and name in self._host_list:
commands.append('no logging {0} vrf {1}'.format(name, vrf))
elif dest == 'file' and name in self._file_list:
commands.append('no logging file {0}'.format(name))
elif dest == 'console' and have_console_level is not None:
commands.append('no logging {0}'.format(dest))
elif dest == 'monitor' and have_monitor_level:
commands.append('no logging {0}'.format(dest))
elif dest == 'buffered' and have_size:
commands.append('no logging {0}'.format(dest))
if dest is None and hostnameprefix is not None and have_prefix == hostnameprefix:
commands.append(
'no logging hostnameprefix {0}'.format(hostnameprefix))
if dest is None and facility is not None and have_facility == facility:
commands.append('no logging facility {0}'.format(facility))
if state == 'present':
if dest == 'host' and name not in self._host_list:
if level == 'errors' or level == 'informational':
level = severity_transpose[level]
commands.append('logging {0} vrf {1} severity {2}'.format(
name, vrf, level))
elif dest == 'file' and name not in self._file_list:
if level == 'errors' or level == 'informational':
level = severity_transpose[level]
commands.append(
'logging file {0} maxfilesize {1} severity {2}'.format(
name, size, level))
elif dest == 'buffered' and (have_size is None or
(have_size is not None
and size != have_size)):
commands.append('logging buffered {0}'.format(size))
elif dest == 'console' and (have_console_level is None or
(have_console_level is not None
and have_console_level != level)):
commands.append('logging console {0}'.format(level))
elif dest == 'monitor' and (have_monitor_level is None or
(have_monitor_level is not None
and have_monitor_level != level)):
commands.append('logging monitor {0}'.format(level))
if dest is None and hostnameprefix is not None and (
have_prefix is None or
(have_prefix is not None
and hostnameprefix != have_prefix)):
commands.append(
'logging hostnameprefix {0}'.format(hostnameprefix))
if dest is None and hostnameprefix is None and facility != have_facility:
commands.append('logging facility {0}'.format(facility))
self._result['commands'] = commands
if commands:
commit = not self._module.check_mode
diff = load_config(self._module, commands, commit=commit)
if diff:
self._result['diff'] = dict(prepared=diff)
self._result['changed'] = True
def map_obj_to_xml_rpc(self):
self._intf_meta.update([
('interface-configuration', {'xpath': 'interface-configurations/interface-configuration', 'tag': True, 'attrib': 'operation'}),
('a:active', {'xpath': 'interface-configurations/interface-configuration/active', 'operation': 'edit'}),
('a:name', {'xpath': 'interface-configurations/interface-configuration/interface-name'}),
('a:description', {'xpath': 'interface-configurations/interface-configuration/description', 'operation': 'edit'}),
('mtus', {'xpath': 'interface-configurations/interface-configuration/mtus', 'tag': True, 'operation': 'edit'}),
('mtu', {'xpath': 'interface-configurations/interface-configuration/mtus/mtu', 'tag': True, 'operation': 'edit'}),
('a:owner', {'xpath': 'interface-configurations/interface-configuration/mtus/mtu/owner', 'operation': 'edit'}),
('a:mtu', {'xpath': 'interface-configurations/interface-configuration/mtus/mtu/mtu', 'operation': 'edit'}),
('CEthernet', {'xpath': 'interface-configurations/interface-configuration/ethernet', 'tag': True, 'operation': 'edit', 'ns': True}),
('a:speed', {'xpath': 'interface-configurations/interface-configuration/ethernet/speed', 'operation': 'edit'}),
('a:duplex', {'xpath': 'interface-configurations/interface-configuration/ethernet/duplex', 'operation': 'edit'}),
])
self._shut_meta.update([
('interface-configuration', {'xpath': 'interface-configurations/interface-configuration', 'tag': True}),
('a:active', {'xpath': 'interface-configurations/interface-configuration/active', 'operation': 'edit'}),
('a:name', {'xpath': 'interface-configurations/interface-configuration/interface-name'}),
('shutdown', {'xpath': 'interface-configurations/interface-configuration/shutdown', 'tag': True, 'operation': 'edit', 'attrib': 'operation'}),
])
state = self._module.params['state']
_get_filter = build_xml('interface-configurations', xmap=self._intf_meta, params=self._want, opcode="filter")
running = get_config(self._module, source='running', config_filter=_get_filter)
intfcfg_nodes = etree_findall(running, 'interface-configuration')
intf_list = set()
shut_list = set()
for item in intfcfg_nodes:
intf_name = etree_find(item, 'interface-name').text
if intf_name is not None:
intf_list.add(intf_name)
if etree_find(item, 'shutdown') is not None:
shut_list.add(intf_name)
intf_params = list()
shut_params = list()
noshut_params = list()
for index, item in enumerate(self._want):
if item['name'] in intf_list:
intf_params.append(item)
if not item['enabled']:
shut_params.append(item)
if item['name'] in shut_list and item['enabled']:
noshut_params.append(item)
opcode = None
if state == 'absent':
if intf_params:
opcode = "delete"
elif state in ('present', 'up', 'down'):
intf_params = self._want
opcode = 'merge'
self._result['xml'] = []
_edit_filter_list = list()
if opcode:
_edit_filter_list.append(build_xml('interface-configurations', xmap=self._intf_meta,
params=intf_params, opcode=opcode))
if opcode == 'merge':
if len(shut_params):
_edit_filter_list.append(build_xml('interface-configurations', xmap=self._shut_meta,
params=shut_params, opcode='merge'))
if len(noshut_params):
_edit_filter_list.append(build_xml('interface-configurations', xmap=self._shut_meta,
params=noshut_params, opcode='delete'))
diff = None
if len(_edit_filter_list):
commit = not self._module.check_mode
diff = load_config(self._module, _edit_filter_list, commit=commit, running=running,
nc_get_filter=_get_filter)
if diff:
if self._module._diff:
self._result['diff'] = dict(prepared=diff)
self._result['xml'] = _edit_filter_list
self._result['changed'] = True
