def config_acl(module):
params = module.params
if params.get('acl_direction') is None:
return {'msg': 'Missing parameter: acl_direction', 'changed': False}
# Check if acl is present
url = "/vlans-access-groups"
acl_type = params['acl_type']
direction = params['acl_direction']
data = {
'vlan_id': params['vlan_id'],
'acl_id': params['acl_id'] + "~" + acl_type,
'direction': direction
}
check_acl = '/acls/' + params['acl_id'] + "~" + acl_type
if not get_config(module, check_acl):
return {
'msg':
'Configure ACL first. {} does not exist'.format(params['acl_id']),
'changed':
False
}
delete_url = "{}/{}-{}~{}-{}".format(url, params['vlan_id'],
params['acl_id'], acl_type, direction)
config_present = False
current_acl = get_config(module, url)
if current_acl:
check_config = module.from_json(to_text(current_acl))
for ele in check_config['acl_vlan_policy_element']:
if ele['uri'] == delete_url:
config_present = ele
if params['config'] == 'create':
if config_present:
ret = {'changed': False}
ret.update(ele)
return ret
else:
result = run_commands(module, url, data, method='POST')
else:
if config_present:
result = run_commands(module, delete_url, method='DELETE')
else:
return {'changed': False, 'failed': False, 'msg': 'Not present'}
return result
def qos(module):
params = module.params
url = '/qos/ports-policies'
qptqos = '~QPT_QOS'
# check qos policy is present
qos_check = '/qos/policies/' + params['qos_policy'] + qptqos
if not get_config(module, qos_check):
return {
'msg':
'Configure QoS policy first. {} does not exist'.format(
params['qos_policy']),
'changed':
False
}
if params['state'] == 'create':
policy_id = params['qos_policy'] + qptqos
port_config = get_config(module, url)
if port_config:
check_config = module.from_json(to_text(port_config))
for ports in check_config['qos_port_policy_element']:
if ports['port_id'] == params['interface'] and \
ports['policy_id'] == policy_id and \
ports['direction'] == params['qos_direction']:
ret = {'changed': False}
ret.update(ports)
return ret
data = {
'port_id': params['interface'],
'policy_id': policy_id,
'direction': params['qos_direction']
}
result = run_commands(module, url, data, 'POST')
else:
url_delete = url + '/' + params['interface'] + '-' + \
params['qos_policy'] + qptqos + '-' + params['qos_direction']
check_url = url + '/' + params['interface'] + '-' + \
params['qos_policy'] + qptqos + '/stats'
result = run_commands(module,
url_delete, {},
'DELETE',
check=check_url)
return result
def config_igmp(module):
params = module.params
# Parameters
if params['vlan_id'] == "":
return {
'msg': "vlan_id cannot be null",
'changed': False,
'failed': True
}
else:
data = {'vlan_id': params['vlan_id']}
data['is_igmp_enabled'] = params['is_igmp_enabled']
data['last_member_query_interval'] = params['last_member_query_interval']
data['query_max_response_time'] = params['query_max_response_time']
data['robustness'] = params['robustness']
data['version'] = params['igmp_version']
data['querier'] = {
'is_querier_enabled': params['is_querier_enabled'],
'interval': params['interval']
}
method = 'PUT'
url = "/vlans/" + str(params['vlan_id']) + '/igmp'
result = run_commands(module, url, data, method)
return result
def community(module):
params = module.params
url = '/snmp-server/communities'
check_url = url + '/' + params['community_name']
if params['state'] == 'create':
snmp_config = get_config(module, check_url)
if snmp_config:
url = check_url
method = 'PUT'
else:
method = 'POST'
data = {
'access_type': params['access_type'],
'community_name': params['community_name'],
'restricted': params['restricted']
}
else:
url = check_url
method = 'DELETE'
data = {}
result = run_commands(module, url, data, method, check=check_url)
return result
def config_tacacs_server(module):
params = module.params
data = {}
if params['ip_address'] == "" or params['version'] == "":
return {'msg': "IP Address or version cannot be null",
'changed': False, 'failed': False}
else:
data["server_ip"] = {"version": params['version'],
"octets": params['ip_address']}
data["auth_key"] = params['auth_key']
data["is_oobm"] = params['is_oobm']
create_url = '/tacacs_profile/server'
check_url = '/tacacs_profile/server/' + str(params['ip_address'])
if params['config'] == "create":
check_presence = get_config(module, '/tacacs_profile/server/'
+ str(params['ip_address']))
if not check_presence:
url = create_url
method = 'POST'
else:
url = check_url
method = 'PUT'
else:
url = check_url
method = 'DELETE'
result = run_commands(module, url, data, method, check=check_url)
return result
def dot1x_port_security(module):
params = module.params
data = {}
data['port_id'] = params['port_id']
if params['port_id'] == "":
return {
'msg': 'Port_id cannot be null',
'changed': False,
'failed': False
}
data['is_port_speed_vsa_enabled'] = params['is_port_speed_vsa_enabled']
data['allow_mbv'] = params['allow_mbv']
data['controlled_direction'] = params['controlled_direction']
data['allow_mixed_users'] = params['allow_mixed_users']
url = '/dot1x/port_security/' + params['port_id']
method = 'PUT'
# Check if authentication is enabled
check_presence = get_config(module, "/dot1x")
if check_presence:
newdata = json.loads(check_presence)
if not newdata["is_dot1x_enabled"]:
return {
'msg': 'Cannot enable port security unless '
'dot1x is enabled',
'changed': False,
'failed': False
}
result = run_commands(module, url, data, method, check=url)
return result
def authenticator_port_reauthenticate(module):
params = module.params
data = {}
data['port_id'] = params['port_id']
if params['port_id'] == "":
return {
'msg': 'Port_id cannot be null',
'changed': False,
'failed': False
}
url = '/dot1x/authenticator/' + params['port_id'] + '/reauthenticate'
method = 'POST'
# Check if authentication is enabled
check_presence = get_config(module, "/dot1x")
if check_presence:
newdata = json.loads(check_presence)
if not newdata["is_dot1x_enabled"]:
return {
'msg': 'Cannot reauthenticate port unless '
'dot1x is enabled',
'changed': False,
'failed': False
}
result = run_commands(module, url, data, method, check=url)
return result
def config_radius_serverGroup(module):
params = module.params
data = {}
if params['server_ip'] == "" or params['version'] == "":
return {'msg': "IP Address or version cannot be null",
'changed': False, 'failed': False}
else:
data["server_ip"] = [{'version': params['version'],
'octets': params['server_ip']}]
if params['server_group_name'] == "":
return {'msg': "Server group name cannot be null",
'changed': False, 'failed': False}
else:
data["server_group_name"] = params['server_group_name']
method = 'POST'
url = '/radius/server_group'
del_url = '/radius/server_group/' + str(params['server_group_name'])
if params['config'] == "create":
method = 'POST'
else:
url = del_url
method = 'DELETE'
result = run_commands(module, url, data, method, check=del_url)
return result
def authorized_server(module):
"""
-------
Name: authorized_server
Configures DHCP Snooping authorized server
param request: module
Returns
Configure the switch with params sent
-------
"""
params = module.params
url = '/dsnoop/authorized_server'
data = {'is_dsnoop_option82_enabled': params['is_dsnoop_option82_enabled']}
data['authorized_server'] = {
"version": "IAV_IP_V4",
"octets": params['server_ip']
}
method = 'POST'
if params['config'] == 'delete':
method = 'DELETE'
url = url + '/' + params['server_ip']
result = run_commands(module, url, data, method)
return result
def config_backup(module):
params = module.params
url = '/system/config/cfg_backup_files'
data = {
'file_name': params['file_name'],
'config_type': params['config_type']
}
if params['state'] == 'create':
check_config = get_config(module, url)
if check_config:
check_config = module.from_json(to_text(check_config))
if check_config['collection_result']['total_elements_count'] == 5:
present = False
for config in check_config['config_file_element']:
if config['file_name'] == params['file_name']:
present = True
if not present:
return {
'msg': 'Only five config files are allowed.',
'changed': False
}
result = run_commands(module, url, data, 'POST')
return result
def reboot(module):
params = module.params
url = '/system/reboot'
result = get_firmware(module)
if not result:
return {'msg': 'Could not get device status. Not rebooted!',
'changed': False, 'failed': True}
data = {
'boot_image': params['boot_image'],
}
result = run_commands(module, url, data, 'reboot')
total_time = 0
if result['message'] == 'Device is rebooting' and params['is_wait']:
start = time()
result = wait_for_boot(module)
end = time()
total_time = int(end-start)
if result:
result = {'changed': True, 'msg': 'Device reboot successful.',
'total_time': total_time}
else:
result = {'failed': True, 'msg': 'Device reboot failed.',
'total_time': total_time}
return result
def config_poe_slot(module):
params = module.params
data = {}
data['slot_name'] = params['slot_name']
data['power_threshold_percentage'] = params['power_threshold_percentage']
# Check if slot_name is null
if params['slot_name'] == "":
return {
'msg': 'slot_name cannot be null',
'changed': False,
'failed': False
}
url = '/slots/' + str(params['slot_name']) + '/poe'
method = 'PUT'
diffSeen = False
check_presence = get_config(module, url)
newdata = json.loads(check_presence)
for key in data:
if not newdata[key] == data[key]:
diffSeen = True
break
if diffSeen:
result = run_commands(module, url, data, method, check=url)
return result
else:
return {'msg': 'Already Configured', 'changed': False, 'failed': False}
def config_syslog(module):
params = module.params
url = '/syslog/servers'
check_url = url + '/' + params['server_address']
if params['state'] == 'delete':
result = run_commands(module,
check_url,
method='DELETE',
check=check_url)
return result
else:
check_syslog = get_config(module, check_url)
if check_syslog:
method = 'PUT'
url = check_url
else:
method = 'POST'
data = {
'ip_address': {
'octets': params['server_address'],
'version': params['version']
},
'transport_protocol': params['protocol'],
}
protocol = params['protocol']
if params['server_port'] == 0:
if protocol == 'TP_UDP':
port = 514
elif protocol == 'TP_TCP':
port = 1470
elif protocol == 'TP_TLS':
port = 6514
data.update({'port': port})
else:
data.update({'port': params['server_port']})
if params['description']:
data.update({'control_description': params['description']})
result = run_commands(module, url, data, method, check=check_url)
return result
def config_vlan_port(module):
params = module.params
# Parameters
if params['vlan_id'] == "":
return {
'msg': "vlan_id cannot be null",
'changed': False,
'failed': True
}
else:
data = {'vlan_id': params['vlan_id']}
if params['port_id'] == "":
return {
'msg': "port_id cannot be null",
'changed': False,
'failed': True
}
else:
data['port_id'] = params['port_id']
data['port_mode'] = params['port_mode']
del_url = "/vlans-ports/" + str(params['vlan_id']) + \
"-" + str(params['port_id'])
# Check if the passed vlan is configured
check_presence = get_config(module, "/vlans/" + str(params['vlan_id']))
if not check_presence:
return {
'msg': 'Cannot configure ports without Vlan configured',
'changed': False,
'failed': True
}
else:
if params['config'] == "create":
check_presence = get_config(module, del_url)
if not check_presence:
url = '/vlans-ports'
method = 'POST'
else:
url = "/vlans-ports/" + str(params['vlan_id']) + \
"-" + str(params['port_id'])
method = 'PUT'
elif params['config'] == "delete":
url = "/vlans-ports/" + str(params['vlan_id']) + \
"-" + str(params['port_id'])
method = 'DELETE'
else:
return {
'msg': 'Valid config options are : create and delete',
'changed': False,
'failed': True
}
result = run_commands(module, url, data, method, check=del_url)
return result
def config_vlan(module):
params = module.params
# Parameters
if params['vlan_id'] == "":
return {
'msg': "vlan_id cannot be null",
'changed': False,
'failed': True
}
else:
data = {'vlan_id': params['vlan_id']}
if params['name'] == "":
data['name'] = "VLAN{}".format(params['vlan_id'])
else:
data['name'] = params['name']
data['status'] = params['status']
data['type'] = params['vlantype']
data['is_jumbo_enabled'] = params['is_jumbo_enabled']
data['is_voice_enabled'] = params['is_voice_enabled']
data['is_dsnoop_enabled'] = params['is_dsnoop_enabled']
firmware = get_firmware(module)
if (firmware[:2] == "YA") or (firmware[:2] == "YB"):
if params['is_dhcp_server_enabled']:
return {
'msg': "option : is_dhcp_server_enabled is not "
"supported on this platform",
'changed': False,
'failed': True
}
else:
data['is_dhcp_server_enabled'] = params['is_dhcp_server_enabled']
config_url = "/vlans/" + str(params['vlan_id'])
if params['config'] == "create":
check_presence = get_config(module, config_url)
if not check_presence:
data['is_management_vlan'] = params['is_management_vlan']
url = "/vlans"
method = 'POST'
else:
url = "/vlans/" + str(params['vlan_id'])
method = 'PUT'
management_vlan = module.from_json(to_text(check_presence))
if params['is_management_vlan'] != \
management_vlan['is_management_vlan']:
data['is_management_vlan'] = params['is_management_vlan']
else:
url = config_url
method = 'DELETE'
result = run_commands(module, url, data, method, check=config_url)
return result
def config(module):
params = module.params
data = {'authorization_method': params['authorization_method']}
url = '/authorization'
method = 'PUT'
result = run_commands(module, url, data, method, check=url)
return result
def qos(module):
params = module.params
url = '/qos/policies'
policy_id = params['policy_name'] + '~' + params['policy_type']
check_url = url + '/' + policy_id
if params['state'] == 'create':
data = {
'policy_name': params['policy_name'],
'policy_type': params['policy_type'],
}
method = 'POST'
else:
# Check if qos is applied to any port
qos_url = '/qos/ports-policies'
qos_config = get_config(module, qos_url)
if qos_config:
qos_config = module.from_json(to_text(qos_config))
for config in qos_config['qos_port_policy_element']:
if policy_id == config['policy_id']:
return {
'msg':
'Cannot delete policy {}, active on port {}'.format(
policy_id, config['port_id']),
'change':
False
}
# Check if qos is applied to any port
qos_url = '/qos/vlans-policies'
qos_config = get_config(module, qos_url)
if qos_config:
qos_config = module.from_json(to_text(qos_config))
for config in qos_config['qos_vlan_policy_element']:
if policy_id == config['policy_id']:
return {
'msg':
'Cannot delete policy {}, active on vlan {}'.format(
policy_id, config['vlan_id']),
'change':
False
}
data = {}
method = 'DELETE'
url = check_url
result = run_commands(module, url, data, method, check=check_url)
return result
def config_qos(module):
params = module.params
url = '/qos/vlans-policies'
# if no vlan exists
config_vlan(module)
# check qos policy is present
qos_check = '/qos/policies/' + params['qos_policy'] + '~' + 'QPT_QOS'
if not get_config(module, qos_check):
return {
'msg':
'Configure QoS policy first. {} does not exist'.format(
params['qos_policy']),
'changed':
False
}
if params['config'] == 'create':
policy_id = params['qos_policy'] + '~' + 'QPT_QOS'
vlan_config = get_config(module, url)
if vlan_config:
check_config = module.from_json(to_text(vlan_config))
for vlans in check_config['qos_vlan_policy_element']:
if vlans['vlan_id'] == params['vlan_id'] and \
vlans['policy_id'] == policy_id:
ret = {'changed': False}
ret.update(vlans)
return ret
data = {'vlan_id': params['vlan_id'], 'policy_id': policy_id}
result = run_commands(module, url, data, 'POST')
else:
url = url + '/' + str(params['vlan_id']) + '-' + \
params['qos_policy'] + '~' + 'QPT_QOS'
check_url = url + '/stats'
result = run_commands(module, url, {}, 'DELETE', check=check_url)
return result
def snmp_trap(module):
params = module.params
url = '/snmp-server/traps'
data = {
'arp_protect':
params['arp_protect'],
'auth_server_fail':
params['auth_server_fail'],
'dhcp_server':
params['dhcp_server'],
'dhcp_snooping':
params['dhcp_snooping'],
'dhcpv6_snooping_out_of_resource':
params['dhcpv6_snooping_out_of_resource'], # NOQA
'dhcpv6_snooping_errant_replies':
params['dhcpv6_snooping_errant_replies'], # NOQA
'dyn_ip_lockdown':
params['dyn_ip_lockdown'],
'dyn_ipv6_ld_out_of_resources':
params['dyn_ipv6_ld_out_of_resources'], # NOQA
'dyn_ipv6_ld_violations':
params['dyn_ipv6_ld_violations'],
'login_failure_mgr':
params['login_failure_mgr'],
'mac_count_notify':
params['mac_count_notify'],
'nd_snooping_out_of_resources':
params['nd_snooping_out_of_resources'], # NOQA
'password_change_mgr':
params['password_change_mgr'],
'port_security':
params['port_security'],
'startup_config_change':
params['startup_config_change'],
'macsec_failure':
params['macsec_failure'],
'mac_notify': {
'mac_move_notify_mode': params['mac_move_notify_mode'],
'mac_notify_mode': params['mac_notify_mode'],
'trap_interval': params['mac_notify_trap_interval']
},
'running_config_changes': {
'running_conf_change_trap': params['running_conf_change_trap'],
'trap_interval': params['running_config_trap_interval']
},
'snmp_authentication':
params['snmp_authentication']
}
result = run_commands(module, url, data, 'PUT', check=url)
return result
def cli_command(module):
params = module.params
data = {}
if not params['command'] == "":
data['cmd'] = params['command']
url = '/cli'
method = 'POST'
result = run_commands(module, url, data, method, check=url)
return result
def clear_rate_limit_trap(module):
params = module.params
data = {}
data['port_id'] = params['port_id']
data['icmp_traffic_type'] = params['icmp_traffic_type']
url = '/ports/icmp_rate_limit_trap_clear/' + str(params['port_id'])
method = 'POST'
result = run_commands(module, url, data, method)
return result
def authentication_method_config(module):
params = module.params
data = {'server_group': params['server_group']}
data['primary_authentication_method'] = \
params['primary_authentication_method']
data['secondary_authentication_method'] = \
params['secondary_authentication_method']
url = '/dot1x/authentication_method'
method = 'PUT'
result = run_commands(module, url, data, method, check=url)
return result
def routing(module):
params = module.params
url = "/ip-route/settings"
if params['state'] == 'create':
true = True
else:
true = False
data = {'is_ip_routing_enable': true}
result = run_commands(module, url, data, 'PUT', check=url)
return result
def config_vlan_dhcpHelperAddress(module):
params = module.params
# Parameters
if params['vlan_id'] == "":
return {
'msg': "vlan_id cannot be null",
'changed': False,
'failed': True
}
else:
data = {'vlan_id': params['vlan_id']}
if params['helper_addresses'] == "":
return {
'msg': "DHCP Helper IP Addr cannot be null",
'changed': False,
'failed': True
}
else:
data['dhcp_helper_address'] = {
'version': params['version'],
'octets': params['helper_addresses']
}
url = "/vlans/dhcp-relay"
del_url = url + '/' + str(params['vlan_id']) + \
'-' + params['helper_addresses']
# Check if the passed vlan is configured
check_presence = get_config(module, "/vlans/" + str(params['vlan_id']))
if not check_presence:
return {
'msg': 'Cannot configure Helper Address without '
'Vlan configured',
'changed': False,
'failed': True
}
else:
if params['config'] == "create":
method = 'POST'
else:
url = del_url
method = 'DELETE'
result = run_commands(module, url, data, method, check=del_url)
return result
def update(module):
params = module.params
url = "/loop_protect"
data = {
'port_disable_timer_in_senconds': params['port_disable_timer'],
'trasmit_interval_in_seconds': params['transmit_interval'],
'mode': params['mode'],
'is_trap_on_loop_detected_enabled': params['trap']
}
result = run_commands(module, url, data, 'PUT', check=url)
return result
def enable_includeCredentials(module):
params = module.params
data = {}
# Parameters
data['include_credentials_in_response'] = \
params['include_credentials_in_response']
# URI
url = "/system/include-credentials"
method = "PUT"
# Config
result = run_commands(module, url, data, method, check=url)
return result
def dot1x_config(module):
params = module.params
data = {}
data['is_dot1x_enabled'] = params['is_dot1x_enabled']
data['cached_reauth_delay'] = params['cached_reauth_delay']
data['allow_gvrp_vlans'] = params['allow_gvrp_vlans']
data['use_lldp_data'] = params['use_lldp_data']
url = '/dot1x'
method = 'PUT'
result = run_commands(module, url, data, method, check=url)
return result
def config_port(module):
params = module.params
url = '/ports/' + module.params['interface']
data = {'id': params['interface']}
if params.get('description') is not None:
data['name'] = params['description']
if params.get('admin_stat') is not None:
data['is_port_enabled'] = params['admin_stat']
result = run_commands(module, url, data, 'PUT', check=url)
return result
def config(module):
params = module.params
dnsList = []
dnsServerList = []
idval = 1
data = {'dns_config_mode': params['dns_config_mode']}
# Configure the domain names
for dns in [
params['dns_domain_names'], params['dns_domain_names_2'],
params['dns_domain_names_3'], params['dns_domain_names_4'],
params['dns_domain_names_5']
]:
if not dns == "" and dns not in dnsList:
dnsList.append(dns)
data['dns_domain_names'] = dnsList
# Configure the dns servers
for dnsServer in [
params['server_1'], params['server_2'], params['server_3'],
params['server_4']
]:
if not dnsServer == "" and dnsServer not in dnsServerList:
dnsServerList.append(dnsServer)
server = 'server_' + str(idval)
version = 'version_' + str(idval)
# Only IPv4 address supported
if not params[version] == "IAV_IP_V4":
return {
'msg': 'Only IPv4 address mode is supported',
'changed': False,
'failed': False
}
data[server] = {
'version': params[version],
'octets': params[server]
}
idval = idval + 1
url = '/dns'
method = 'PUT'
result = run_commands(module, url, data, method, check=url)
return result
def authorization_group(module):
params = module.params
data = {}
# URI
url = "/authorization_group"
get_url = url + "/" + params['group_name'] + "-" + str(params['seq_num'])
if params['config'] == "create":
method = "POST"
else:
method = "DELETE"
url = get_url
data['group_name'] = params['group_name']
data['seq_num'] = params['seq_num']
if method == "POST":
if params['match_cmd'] != "":
data['match_cmd'] = '\"' + params['match_cmd'] + '\"'
else:
data['match_cmd'] = ""
data['cmd_permission'] = params['cmd_permission']
data['is_log_enabled'] = params['is_log_enabled']
check_presence = get_config(module, get_url)
if check_presence:
# Sequence exists
if method == "POST":
return {
'msg': 'The sequence exists.',
'changed': False,
'failed': False
}
else:
# Sequence does not exist
if method == "DELETE":
return {
'msg': 'The sequence does not exist.',
'changed': False,
'failed': False
}
# Config
result = run_commands(module, url, data, method)
return result