def add_group(self, **cfg): section='user group' name = cfg['name'] new_userg = FortiConfig(config_type='edit', name=cfg['name']) new_userg.set_param('member', quote(cfg['group_members'])) self.d.load_config(section) self.d.candidate_config[section][name] = new_userg
def add_interface(self, **cfg): section='system interface' new_int = FortiConfig(config_type='edit', name=cfg['name']) name = cfg['name'] del cfg['name'] for e in cfg: new_int.set_param(e, cfg[e]) self.d.candidate_config[section][name] = new_int
def add_static_route(self, name=None, gateway = None, dst = None, device = None, vdom=None, comment = None): section = 'router static' new_r = FortiConfig(config_type='edit', name=name) if gateway: new_r.set_param('gateway', gateway) if comment: new_r.set_param('comment', comment) new_r.set_param('device', device) new_r.set_param('dst', dst) self.d.load_config(section) self.d.candidate_config[section][name] = new_r
def add_user(self, **cfg): section='user local' name = cfg['name'] new_user = FortiConfig(config_type='edit', name=cfg['name']) new_user.set_param('passwd', cfg['passwd']) new_user.set_param('email-to', cfg['email']) new_user.set_param('type', cfg['type']) self.d.load_config(section) self.d.candidate_config[section][name] = new_user
def main(): argument_spec = dict( src=dict(type='str', default=None), filter=dict(type='str', default=""), ) argument_spec.update(fortios_argument_spec) required_if = fortios_required_if module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, required_if=required_if, ) result = dict(changed=False) # fail if pyFG not present if not HAS_PYFG: module.fail_json( msg= 'Could not import the python library pyFG required by this module') #define device f = FortiOS(module.params['host'], username=module.params['username'], password=module.params['password'], timeout=module.params['timeout'], vdom=module.params['vdom']) #connect try: f.open() except: module.fail_json(msg='Error connecting device') #get config try: f.load_config(path=module.params['filter']) result['running_config'] = f.running_config.to_text() except: module.fail_json(msg='Error reading running config') #backup config if module.params['backup']: backup(module, f.running_config.to_text()) #update config if module.params['src'] is not None: #store config in str try: conf_str = module.params['src'] f.load_config(in_candidate=True, config_text=conf_str) except: module.fail_json( msg="Can't open configuration file, or configuration invalid") #get updates lines change_string = f.compare_config() #remove not updatable parts c = FortiConfig() c.parse_config_output(change_string) for o in NOT_UPDATABLE_CONFIG_OBJECTS: c.del_block(o) change_string = c.to_text() if change_string != "": result['change_string'] = change_string result['changed'] = True #Commit if not check mode if module.check_mode is False and change_string != "": try: f.commit(change_string) except CommandExecutionException as e: module.fail_json( msg= "Unable to execute command, check your args, the error was {0}" .format(e.message)) except FailedCommit as e: module.fail_json( msg="Unable to commit, check your args, the error was {0}". format(e.message)) except ForcedCommit as e: module.fail_json( msg= "Failed to force commit, check your args, the error was {0}" .format(e.message)) module.exit_json(**result)
def get_empty_configuration_block(self, block_name, block_type): return FortiConfig(block_name, block_type)
continue if 'snmp-index' in line: continue line = line.strip() result = regexp.match(line) #print 'check result' if result is not None: action = result.group(1).strip() detail = result.group(2).strip() if action == 'config' or action == 'edit': detail = detail.replace('"', '') if detail not in current_block.get_block_names(): config_block = FortiConfig(detail, action, current_block) current_block[detail] = config_block else: config_block = current_block[detail] current_block = config_block #print current_block.to_text() results['current_block'] = current_block.to_text() elif action == 'end' or action == 'next': current_block = current_block.get_parent() elif action == 'delete': current_block.del_block(detail) #print current_block.to_text() results['current_block'] = current_block.to_text() #print d.candidate_config.to_text()
#!/usr/bin/env python # Gets router bgp config from the device, then do some changes to the BGP parameters, deletes a neighbor, # creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig import sys if __name__ == '__main__': hostname = sys.argv[1] d = FortiOS(hostname, vdom='vpn') d.open() d.load_config('router bgp') new_neigh = FortiConfig('10.6.6.8', 'edit') new_neigh.set_param('remote-as', '123') new_neigh.set_param('remotas', '123') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) d.candidate_config['router bgp']['neighbor']['10.6.6.6'].set_param( 'remote-as', '444') d.candidate_config['router bgp']['neighbor'].del_block('10.6.6.7') print "This is the diff of the configs:" for line in d.compare_config(text=True): print line print "This is how to reach the desired state:" config_changes = d.compare_config() print config_changes
def add_fw_vip(self, name = None, vdom='root', extip = None, protocol = None, extintf = 'any', portforward=None, mappedip = None, extport = None, mappedport = None, comment = None): if not name: return None section = 'firewall vip' new_vip = FortiConfig(config_type='edit', name=name) new_vip.set_param('extip', extip) new_vip.set_param('extintf', extintf) new_vip.set_param('mappedip', mappedip) if portforward == 'enable': new_vip.set_param('portforward', portforward) new_vip.set_param('extport', extport) new_vip.set_param('mappedport', mappedport) if protocol: new_vip.set_param('protocol', protocol) if comment: new_vip.set_param('comment', '"%s"' % comment) self.d.load_config(section) self.d.candidate_config['firewall vip'][name] = new_vip
def add_fw_entry(self, vdom=None, name=None, srcintf=None, dstintf=None, srcaddr=None, dstaddr=None, service=None, nat="disable", auth_redirect_addr=None, auth_cert=None, status=None, profile_protocol_options=None, ips_sensor=None, utm_status=None, groups=None, action="accept", schedule='always', ippool=None, logtraffic=None, logtraffic_start=None, comments=""): section = 'firewall policy' new_fw = FortiConfig(config_type='edit', name=name) new_fw.set_param('srcintf', quote(srcintf)) new_fw.set_param('dstintf', quote(dstintf)) new_fw.set_param('srcaddr', quote(srcaddr)) new_fw.set_param('dstaddr', quote(dstaddr)) new_fw.set_param('service', quote(service)) new_fw.set_param('schedule', quote(schedule)) new_fw.set_param('nat', nat) new_fw.set_param('action', action) if status: new_fw.set_param('status', '"%s"' % status) if groups: new_fw.set_param('groups', '"%s"' % groups) if logtraffic: new_fw.set_param('logtraffic', '"%s"' % logtraffic) if logtraffic_start: new_fw.set_param('logtraffic_start', '"%s"' % logtraffic_start) if comments: new_fw.set_param('comments', '"%s"' % comments) self.d.load_config(section) self.d.candidate_config['firewall policy'][name] = new_fw
def add_address(self, name=None, subnet=None, fqdn=None, country=None, type=None, vdom=None, member=None, start_ip=None, end_ip=None, interface=None, comment=None): section = 'firewall address' new_addr = FortiConfig(config_type='edit', name=name) if comment: new_addr.set_param('comment', '"%s"' % comment) if country: type = 'geography' new_addr.set_param('country', country) if type: new_addr.set_param('type', type) if subnet: new_addr.set_param('subnet', subnet) if fqdn: new_addr.set_param('fqdn', fqdn) if start_ip and end_ip: new_addr.set_param('iprange', type) new_addr.set_param('start-ip', start_ip) new_addr.set_param('end-ip', end_ip) if member: new_addr.set_param('member', quote(member)) section = 'firewall addrgrp' if interface: new_addr.set_param('associated-interface', quote(interface)) self.d.load_config(section) self.d.candidate_config[section][name] = new_addr
def add_service(self, name=None, tcp_portrange=None, udp_portrange=None, vdom=None, comment=None, visibility=None, category='General'): section = 'firewall service custom' new_ser = FortiConfig(config_type='edit', name=name) new_ser.set_param('category', '"%s"' % category) if comment: new_ser.set_param('comment', '"%s"' % comment) if tcp_portrange: new_ser.set_param('tcp-portrange', quote(tcp_portrange)) if udp_portrange: new_ser.set_param('udp-portrange', quote(udp_portrange)) if visibility: new_ser.set_param('visibility', visibility) self.d.load_config(section) self.d.candidate_config[section][name] = new_ser
# Gets router bgp config from the device, then do some changes to the BGP parameters, deletes a neighbor, # creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig if __name__ == '__main__': f = open('running.conf', 'r') running = f.read() f.close() d = FortiOS('') d.load_config(config_text=running) d.candidate_config['router bgp'].set_param('as', 123) d.candidate_config['router bgp']['neighbor']['10.240.4.3'].set_param('bfd', 'disable') d.candidate_config['router bgp']['neighbor'].del_block('10.240.4.24') new_neigh = FortiConfig('10.6.6.6', 'edit') new_neigh.set_param('as', '666') new_neigh.set_param('route-map-out', 'my_route_map') new_neigh.set_param('update-source', 'port6') new_neigh.set_param('bfd', 'enable') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) print "This is the diff of the conigs:" for line in d.compare_config(text=True): print line print "\n\n" print "This is how to reach the desired state:" print d.compare_config()
def main(): argument_spec = dict( src=dict(type='str', default=None), filter=dict(type='str', default=""), ) argument_spec.update(fortios_argument_spec) required_if = fortios_required_if module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, required_if=required_if, ) result = dict(changed=False) # fail if pyFG not present if not HAS_PYFG: module.fail_json(msg='Could not import the python library pyFG required by this module') # define device f = FortiOS(module.params['host'], username=module.params['username'], password=module.params['password'], timeout=module.params['timeout'], vdom=module.params['vdom']) # connect try: f.open() except: module.fail_json(msg='Error connecting device') # get config try: f.load_config(path=module.params['filter']) result['running_config'] = f.running_config.to_text() except: module.fail_json(msg='Error reading running config') # backup config if module.params['backup']: backup(module, f.running_config.to_text()) # update config if module.params['src'] is not None: # store config in str try: conf_str = module.params['src'] f.load_config(in_candidate=True, config_text=conf_str) except: module.fail_json(msg="Can't open configuration file, or configuration invalid") # get updates lines change_string = f.compare_config() # remove not updatable parts c = FortiConfig() c.parse_config_output(change_string) for o in NOT_UPDATABLE_CONFIG_OBJECTS: c.del_block(o) change_string = c.to_text() if change_string != "": result['change_string'] = change_string result['changed'] = True # Commit if not check mode if module.check_mode is False and change_string != "": try: f.commit(change_string) except CommandExecutionException as e: module.fail_json(msg="Unable to execute command, check your args, the error was {0}".format(e.message)) except FailedCommit as e: module.fail_json(msg="Unable to commit, check your args, the error was {0}".format(e.message)) except ForcedCommit as e: module.fail_json(msg="Failed to force commit, check your args, the error was {0}".format(e.message)) module.exit_json(**result)
# creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig if __name__ == '__main__': f = open('running.conf', 'r') running = f.read() f.close() d = FortiOS('') d.load_config(config_text=running) d.candidate_config['router bgp'].set_param('as', 123) d.candidate_config['router bgp']['neighbor']['10.240.4.3'].set_param( 'bfd', 'disable') d.candidate_config['router bgp']['neighbor'].del_block('10.240.4.24') new_neigh = FortiConfig('10.6.6.6', 'edit') new_neigh.set_param('as', '666') new_neigh.set_param('route-map-out', 'my_route_map') new_neigh.set_param('update-source', 'port6') new_neigh.set_param('bfd', 'enable') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) print "This is the diff of the conigs:" for line in d.compare_config(text=True): print line print "\n\n" print "This is how to reach the desired state:" print d.compare_config()
#!/usr/bin/env python # Gets router bgp config from the device, then do some changes to the BGP parameters, deletes a neighbor, # creates a new one, modifies another and computes the difference from pyFG import FortiOS, FortiConfig import sys if __name__ == '__main__': hostname = sys.argv[1] d = FortiOS(hostname, vdom='vpn') d.open() d.load_config('router bgp') new_neigh = FortiConfig('10.6.6.8', 'edit') new_neigh.set_param('remote-as', '123') new_neigh.set_param('remotas', '123') d.candidate_config['router bgp']['neighbor'].set_block(new_neigh) d.candidate_config['router bgp']['neighbor']['10.6.6.6'].set_param('remote-as', '444') d.candidate_config['router bgp']['neighbor'].del_block('10.6.6.7') print "This is the diff of the configs:" for line in d.compare_config(text=True): print line print "This is how to reach the desired state:" config_changes = d.compare_config() print config_changes