def main(): module = AnsibleModule( argument_spec=dict( server_url=dict(type='str', required=True), username=dict(type='str', required=True, no_log=True), password=dict(type='str', required=True, no_log=True), entity=dict(type='str', required=True, choices=['repository', 'manifest', 'repository_set', 'sync_plan', 'content_view', 'lifecycle_environment', 'activation_key', 'product']), action=dict(type='str', choices=['sync', 'publish', 'promote']), verify_ssl=dict(type='bool', default=False), task_timeout=dict(type='int', default=1000), params=dict(type='dict', required=True, no_log=True), ), supports_check_mode=True, ) if not HAS_NAILGUN_PACKAGE: module.fail_json(msg="Missing required nailgun module (check docs or install with: pip install nailgun") server_url = module.params['server_url'] username = module.params['username'] password = module.params['password'] entity = module.params['entity'] action = module.params['action'] params = module.params['params'] verify_ssl = module.params['verify_ssl'] task_timeout = module.params['task_timeout'] server = ServerConfig( url=server_url, auth=(username, password), verify=verify_ssl ) ng = NailGun(server, entities, module, task_timeout) # Lets make an connection to the server with username and password try: org = entities.Organization(server) org.search() except Exception as e: module.fail_json(msg="Failed to connect to Foreman server: %s " % e) result = False if entity == 'product': if action == 'sync': result = ng.sync_product(params) else: result = ng.product(params) elif entity == 'repository': if action == 'sync': result = ng.sync_repository(params) else: result = ng.repository(params) elif entity == 'manifest': result = ng.manifest(params) elif entity == 'repository_set': result = ng.repository_set(params) elif entity == 'sync_plan': result = ng.sync_plan(params) elif entity == 'content_view': if action == 'publish': result = ng.publish(params) elif action == 'promote': result = ng.promote(params) else: result = ng.content_view(params) elif entity == 'lifecycle_environment': result = ng.lifecycle_environment(params) elif entity == 'activation_key': result = ng.activation_key(params) else: module.fail_json(changed=False, result="Unsupported entity supplied") module.exit_json(changed=result, result="%s updated" % entity)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "switch_controller_storm_control": { "required": False, "type": "dict", "default": None, "options": { "broadcast": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "rate": { "required": False, "type": "int" }, "unknown_multicast": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "unknown_unicast": { "required": False, "type": "str", "choices": ["enable", "disable"] } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_switch_controller( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_switch_controller( module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "webfilter_content_header": { "required": False, "type": "dict", "default": None, "options": { "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "comment": { "required": False, "type": "str" }, "entries": { "required": False, "type": "list", "options": { "action": { "required": False, "type": "str", "choices": ["block", "allow", "exempt"] }, "category": { "required": False, "type": "str" }, "pattern": { "required": True, "type": "str" } } }, "id": { "required": True, "type": "int" }, "name": { "required": False, "type": "str" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_webfilter( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_webfilter(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): arg_spec = { 'name': { 'type': 'str', 'required': True }, 'path': { 'type': 'str', 'default': '/etc/sensu/conf.d/checks.json' }, 'state': { 'type': 'str', 'default': 'present', 'choices': ['present', 'absent'] }, 'backup': { 'type': 'bool', 'default': 'no' }, 'command': { 'type': 'str' }, 'handlers': { 'type': 'list' }, 'subscribers': { 'type': 'list' }, 'interval': { 'type': 'int' }, 'timeout': { 'type': 'int' }, 'ttl': { 'type': 'int' }, 'handle': { 'type': 'bool' }, 'subdue_begin': { 'type': 'str' }, 'subdue_end': { 'type': 'str' }, 'dependencies': { 'type': 'list' }, 'metric': { 'type': 'bool', 'default': 'no' }, 'standalone': { 'type': 'bool' }, 'publish': { 'type': 'bool' }, 'occurrences': { 'type': 'int' }, 'refresh': { 'type': 'int' }, 'aggregate': { 'type': 'bool' }, 'low_flap_threshold': { 'type': 'int' }, 'high_flap_threshold': { 'type': 'int' }, 'custom': { 'type': 'dict' }, 'source': { 'type': 'str' }, } required_together = [['subdue_begin', 'subdue_end']] module = AnsibleModule(argument_spec=arg_spec, required_together=required_together, supports_check_mode=True) if module.params['state'] != 'absent' and module.params['command'] is None: module.fail_json(msg="missing required arguments: %s" % ",".join(['command'])) path = module.params['path'] name = module.params['name'] state = module.params['state'] backup = module.params['backup'] changed, reasons = sensu_check(module, path, name, state, backup) module.exit_json(path=path, changed=changed, msg='OK', name=name, reasons=reasons)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "dnsfilter_profile": { "required": False, "type": "dict", "default": None, "options": { "state": { "required": False, "type": "str", "choices": ["present", "absent"] }, "block_action": { "required": False, "type": "str", "choices": ["block", "redirect"] }, "block_botnet": { "required": False, "type": "str", "choices": ["disable", "enable"] }, "comment": { "required": False, "type": "str" }, "domain_filter": { "required": False, "type": "dict", "options": { "domain_filter_table": { "required": False, "type": "int" } } }, "external_ip_blocklist": { "required": False, "type": "list", "options": { "name": { "required": True, "type": "str" } } }, "ftgd_dns": { "required": False, "type": "dict", "options": { "filters": { "required": False, "type": "list", "options": { "action": { "required": False, "type": "str", "choices": ["block", "monitor"] }, "category": { "required": False, "type": "int" }, "id": { "required": True, "type": "int" }, "log": { "required": False, "type": "str", "choices": ["enable", "disable"] } } }, "options": { "required": False, "type": "str", "choices": ["error-allow", "ftgd-disable"] } } }, "log_all_domain": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "name": { "required": True, "type": "str" }, "redirect_portal": { "required": False, "type": "str" }, "safe_search": { "required": False, "type": "str", "choices": ["disable", "enable"] }, "sdns_domain_log": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "sdns_ftgd_err_log": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "youtube_restrict": { "required": False, "type": "str", "choices": ["strict", "moderate"] } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_dnsfilter( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_dnsfilter(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
def main(): argument_spec = dict( comment=dict(type='str'), id=dict(type='int', required=True), src_intf=dict(type='list', default='any'), dst_intf=dict(type='list', default='any'), state=dict(choices=['present', 'absent'], default='present'), src_addr=dict(type='list'), dst_addr=dict(type='list'), src_addr_negate=dict(type='bool', default=False), dst_addr_negate=dict(type='bool', default=False), policy_action=dict(choices=['accept', 'deny'], aliases=['action']), service=dict(aliases=['services'], type='list'), service_negate=dict(type='bool', default=False), schedule=dict(type='str', default='always'), nat=dict(type='bool', default=False), fixedport=dict(type='bool', default=False), poolname=dict(type='str'), av_profile=dict(type='str'), webfilter_profile=dict(type='str'), ips_sensor=dict(type='str'), application_list=dict(type='str'), logtraffic=dict(choices=['disable', 'all', 'utm'], default='utm'), logtraffic_start=dict(type='bool', default=False), ) # merge global required_if & argument_spec from module_utils/fortios.py argument_spec.update(fortios_argument_spec) ipv4_policy_required_if = [ [ 'state', 'present', ['src_addr', 'dst_addr', 'policy_action', 'service'] ], ] module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, required_if=fortios_required_if + ipv4_policy_required_if, ) # init forti object fortigate = AnsibleFortios(module) # Security policies root path config_path = 'firewall policy' # test params # NAT related if not module.params['nat']: if module.params['poolname']: module.fail_json(msg='Poolname param requires NAT to be true.') if module.params['fixedport']: module.fail_json(msg='Fixedport param requires NAT to be true.') # log options if module.params['logtraffic_start']: if not module.params['logtraffic'] == 'all': module.fail_json( msg= 'Logtraffic_start param requires logtraffic to be set to "all".' ) # id must be str(int) for pyFG to work policy_id = str(module.params['id']) # load config fortigate.load_config(config_path) # Absent State if module.params['state'] == 'absent': fortigate.candidate_config[config_path].del_block(policy_id) # Present state elif module.params['state'] == 'present': new_policy = fortigate.get_empty_configuration_block(policy_id, 'edit') # src / dest / service / interfaces new_policy.set_param( 'srcintf', " ".join('"' + item + '"' for item in module.params['src_intf'])) new_policy.set_param( 'dstintf', " ".join('"' + item + '"' for item in module.params['dst_intf'])) new_policy.set_param( 'srcaddr', " ".join('"' + item + '"' for item in module.params['src_addr'])) new_policy.set_param( 'dstaddr', " ".join('"' + item + '"' for item in module.params['dst_addr'])) new_policy.set_param( 'service', " ".join('"' + item + '"' for item in module.params['service'])) # negate src / dest / service if module.params['src_addr_negate']: new_policy.set_param('srcaddr-negate', 'enable') if module.params['dst_addr_negate']: new_policy.set_param('dstaddr-negate', 'enable') if module.params['service_negate']: new_policy.set_param('service-negate', 'enable') # action new_policy.set_param('action', '%s' % (module.params['policy_action'])) # logging new_policy.set_param('logtraffic', '%s' % (module.params['logtraffic'])) if module.params['logtraffic'] == 'all': if module.params['logtraffic_start']: new_policy.set_param('logtraffic-start', 'enable') else: new_policy.set_param('logtraffic-start', 'disable') # Schedule new_policy.set_param('schedule', '%s' % (module.params['schedule'])) # NAT if module.params['nat']: new_policy.set_param('nat', 'enable') if module.params['fixedport']: new_policy.set_param('fixedport', 'enable') if module.params['poolname'] is not None: new_policy.set_param('ippool', 'enable') new_policy.set_param('poolname', '"%s"' % (module.params['poolname'])) # security profiles: if module.params['av_profile'] is not None: new_policy.set_param('av-profile', '"%s"' % (module.params['av_profile'])) if module.params['webfilter_profile'] is not None: new_policy.set_param('webfilter-profile', '"%s"' % (module.params['webfilter_profile'])) if module.params['ips_sensor'] is not None: new_policy.set_param('ips-sensor', '"%s"' % (module.params['ips_sensor'])) if module.params['application_list'] is not None: new_policy.set_param('application-list', '"%s"' % (module.params['application_list'])) # comment if module.params['comment'] is not None: new_policy.set_param('comment', '"%s"' % (module.params['comment'])) # add the new policy to the device fortigate.add_block(policy_id, new_policy) # Apply changes fortigate.apply_changes()
def main(): module_specific_arguments = dict(name=dict(type='str'), ipaddress=dict(type='str'), domain=dict(type='str'), translationip=dict(type='str'), translationmask=dict(type='str'), domainresolveretry=dict(type='int'), ipv6address=dict(type='bool', default=False), comment=dict(type='str'), td=dict(type='float'), graceful=dict(type='bool'), delay=dict(type='float')) hand_inserted_arguments = dict(disabled=dict( type='bool', default=False, ), ) argument_spec = dict() argument_spec.update(netscaler_common_arguments) argument_spec.update(module_specific_arguments) argument_spec.update(hand_inserted_arguments) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) module_result = dict( changed=False, failed=False, loglines=loglines, ) # Fail the module if imports failed if not PYTHON_SDK_IMPORTED: module.fail_json(msg='Could not load nitro python sdk') # Fallthrough to rest of execution client = get_nitro_client(module) try: client.login() except nitro_exception as e: msg = "nitro exception during login. errorcode=%s, message=%s" % (str( e.errorcode), e.message) module.fail_json(msg=msg) except Exception as e: if str(type(e)) == "<class 'requests.exceptions.ConnectionError'>": module.fail_json(msg='Connection error %s' % str(e)) elif str(type(e)) == "<class 'requests.exceptions.SSLError'>": module.fail_json(msg='SSL Error %s' % str(e)) else: module.fail_json(msg='Unexpected error during login %s' % str(e)) # Instantiate Server Config object readwrite_attrs = [ 'name', 'ipaddress', 'domain', 'translationip', 'translationmask', 'domainresolveretry', 'ipv6address', 'graceful', 'delay', 'comment', 'td', ] readonly_attrs = [ 'statechangetimesec', 'tickssincelaststatechange', 'autoscale', 'customserverid', 'monthreshold', 'maxclient', 'maxreq', 'maxbandwidth', 'usip', 'cka', 'tcpb', 'cmp', 'clttimeout', 'svrtimeout', 'cipheader', 'cip', 'cacheable', 'sc', 'sp', 'downstateflush', 'appflowlog', 'boundtd', '__count', ] immutable_attrs = [ 'name', 'domain', 'ipv6address', 'td', ] transforms = { 'graceful': ['bool_yes_no'], 'ipv6address': ['bool_yes_no'], } server_proxy = ConfigProxy( actual=server(), client=client, attribute_values_dict=module.params, readwrite_attrs=readwrite_attrs, readonly_attrs=readonly_attrs, immutable_attrs=immutable_attrs, transforms=transforms, ) try: # Apply appropriate state if module.params['state'] == 'present': log('Applying actions for state present') if not server_exists(client, module): if not module.check_mode: server_proxy.add() if module.params['save_config']: client.save_config() module_result['changed'] = True elif not server_identical(client, module, server_proxy): # Check if we try to change value of immutable attributes immutables_changed = get_immutables_intersection( server_proxy, diff_list(client, module, server_proxy).keys()) if immutables_changed != []: msg = 'Cannot update immutable attributes %s' % ( immutables_changed, ) module.fail_json(msg=msg, diff=diff_list(client, module, server_proxy), **module_result) if not module.check_mode: server_proxy.update() if module.params['save_config']: client.save_config() module_result['changed'] = True else: module_result['changed'] = False if not module.check_mode: res = do_state_change(client, module, server_proxy) if res.errorcode != 0: msg = 'Error when setting disabled state. errorcode: %s message: %s' % ( res.errorcode, res.message) module.fail_json(msg=msg, **module_result) # Sanity check for result log('Sanity checks for state present') if not module.check_mode: if not server_exists(client, module): module.fail_json(msg='Server does not seem to exist', **module_result) if not server_identical(client, module, server_proxy): module.fail_json( msg= 'Server is not configured according to parameters given', diff=diff_list(client, module, server_proxy), **module_result) elif module.params['state'] == 'absent': log('Applying actions for state absent') if server_exists(client, module): if not module.check_mode: server_proxy.delete() if module.params['save_config']: client.save_config() module_result['changed'] = True else: module_result['changed'] = False # Sanity check for result log('Sanity checks for state absent') if not module.check_mode: if server_exists(client, module): module.fail_json(msg='Server seems to be present', **module_result) except nitro_exception as e: msg = "nitro exception errorcode=%s, message=%s" % (str( e.errorcode), e.message) module.fail_json(msg=msg, **module_result) client.logout() module.exit_json(**module_result)
def main(): module = AnsibleModule(argument_spec=dict( name=dict(type='list', required=True), state=dict( type='str', default='present', choices=['absent', 'installed', 'latest', 'present', 'removed']), build=dict(type='bool', default=False), ports_dir=dict(type='path', default='/usr/ports'), quick=dict(type='bool', default=False), clean=dict(type='bool', default=False), ), supports_check_mode=True) name = module.params['name'] state = module.params['state'] build = module.params['build'] ports_dir = module.params['ports_dir'] rc = 0 stdout = '' stderr = '' result = {} result['name'] = name result['state'] = state result['build'] = build # The data structure used to keep track of package information. pkg_spec = {} if build is True: if not os.path.isdir(ports_dir): module.fail_json( msg="the ports source directory %s does not exist" % (ports_dir)) # build sqlports if its not installed yet parse_package_name(['sqlports'], pkg_spec, module) get_package_state(['sqlports'], pkg_spec, module) if not pkg_spec['sqlports']['installed_state']: module.debug("main(): installing 'sqlports' because build=%s" % module.params['build']) package_present(['sqlports'], pkg_spec, module) asterisk_name = False for n in name: if n == '*': if len(name) != 1: module.fail_json( msg="the package name '*' can not be mixed with other names" ) asterisk_name = True if asterisk_name: if state != 'latest': module.fail_json( msg="the package name '*' is only valid when using state=latest" ) else: # Perform an upgrade of all installed packages. upgrade_packages(pkg_spec, module) else: # Parse package names and put results in the pkg_spec dictionary. parse_package_name(name, pkg_spec, module) # Not sure how the branch syntax is supposed to play together # with build mode. Disable it for now. for n in name: if pkg_spec[n]['branch'] and module.params['build'] is True: module.fail_json( msg= "the combination of 'branch' syntax and build=%s is not supported: %s" % (module.params['build'], n)) # Get state for all package names. get_package_state(name, pkg_spec, module) # Perform requested action. if state in ['installed', 'present']: package_present(name, pkg_spec, module) elif state in ['absent', 'removed']: package_absent(name, pkg_spec, module) elif state == 'latest': package_latest(name, pkg_spec, module) # The combined changed status for all requested packages. If anything # is changed this is set to True. combined_changed = False # The combined failed status for all requested packages. If anything # failed this is set to True. combined_failed = False # We combine all error messages in this comma separated string, for example: # "msg": "Can't find nmapp\n, Can't find nmappp\n" combined_error_message = '' # Loop over all requested package names and check if anything failed or # changed. for n in name: if pkg_spec[n]['rc'] != 0: combined_failed = True if pkg_spec[n]['stderr']: if combined_error_message: combined_error_message += ", %s" % pkg_spec[n]['stderr'] else: combined_error_message = pkg_spec[n]['stderr'] else: if combined_error_message: combined_error_message += ", %s" % pkg_spec[n]['stdout'] else: combined_error_message = pkg_spec[n]['stdout'] if pkg_spec[n]['changed'] is True: combined_changed = True # If combined_error_message contains anything at least some part of the # list of requested package names failed. if combined_failed: module.fail_json(msg=combined_error_message, **result) result['changed'] = combined_changed module.exit_json(**result)
def main(): argument_spec = ec2_argument_spec() argument_spec.update( dict( policy_name=dict(required=True), policy_description=dict(default=''), policy=dict(type='json'), make_default=dict(type='bool', default=True), only_version=dict(type='bool', default=False), fail_on_delete=dict(type='bool', removed_in_version='2.14'), state=dict(default='present', choices=['present', 'absent']), )) module = AnsibleModule(argument_spec=argument_spec, required_if=[['state', 'present', ['policy']]]) if not HAS_BOTO3: module.fail_json(msg='boto3 is required for this module') name = module.params.get('policy_name') description = module.params.get('policy_description') state = module.params.get('state') default = module.params.get('make_default') only = module.params.get('only_version') policy = None if module.params.get('policy') is not None: policy = json.dumps(json.loads(module.params.get('policy'))) try: region, ec2_url, aws_connect_kwargs = get_aws_connection_info( module, boto3=True) iam = boto3_conn(module, conn_type='client', resource='iam', region=region, endpoint=ec2_url, **aws_connect_kwargs) except (botocore.exceptions.NoCredentialsError, botocore.exceptions.ProfileNotFound) as e: module.fail_json( msg= "Can't authorize connection. Check your credentials and profile.", exceptions=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) p = get_policy_by_name(module, iam, name) if state == 'present': if p is None: # No Policy so just create one try: rvalue = iam.create_policy(PolicyName=name, Path='/', PolicyDocument=policy, Description=description) except Exception as e: module.fail_json(msg="Couldn't create policy %s: %s" % (name, to_native(e)), exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) module.exit_json(changed=True, policy=camel_dict_to_snake_dict(rvalue['Policy'])) else: policy_version, changed = get_or_create_policy_version( module, iam, p, policy) changed = set_if_default(module, iam, p, policy_version, default) or changed changed = set_if_only(module, iam, p, policy_version, only) or changed # If anything has changed we needto refresh the policy if changed: try: p = iam.get_policy(PolicyArn=p['Arn'])['Policy'] except Exception as e: module.fail_json(msg="Couldn't get policy: %s" % to_native(e), exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) module.exit_json(changed=changed, policy=camel_dict_to_snake_dict(p)) else: # Check for existing policy if p: # Detach policy detach_all_entities(module, iam, p) # Delete Versions try: versions = iam.list_policy_versions( PolicyArn=p['Arn'])['Versions'] except botocore.exceptions.ClientError as e: module.fail_json(msg="Couldn't list policy versions: %s" % to_native(e), exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) for v in versions: if not v['IsDefaultVersion']: try: iam.delete_policy_version(PolicyArn=p['Arn'], VersionId=v['VersionId']) except botocore.exceptions.ClientError as e: module.fail_json( msg="Couldn't delete policy version %s: %s" % (v['VersionId'], to_native(e)), exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) # Delete policy try: iam.delete_policy(PolicyArn=p['Arn']) except Exception as e: module.fail_json(msg="Couldn't delete policy %s: %s" % (p['PolicyName'], to_native(e)), exception=traceback.format_exc(), **camel_dict_to_snake_dict(e.response)) # This is the one case where we will return the old policy module.exit_json(changed=True, policy=camel_dict_to_snake_dict(p)) else: module.exit_json(changed=False, policy=None)
def main(): module = AnsibleModule( argument_spec=dict( api_token=dict(type='str', required=False, no_log=True), account_api_key=dict(type='str', required=False, no_log=True, aliases=['account_api_token']), account_email=dict(type='str', required=False), algorithm=dict(type='int'), cert_usage=dict(type='int', choices=[0, 1, 2, 3]), hash_type=dict(type='int', choices=[1, 2]), key_tag=dict(type='int'), port=dict(type='int'), priority=dict(type='int', default=1), proto=dict(type='str'), proxied=dict(type='bool', default=False), record=dict(type='str', default='@', aliases=['name']), selector=dict(type='int', choices=[0, 1]), service=dict(type='str'), solo=dict(type='bool'), state=dict(type='str', default='present', choices=['absent', 'present']), timeout=dict(type='int', default=30), ttl=dict(type='int', default=1), type=dict(type='str', choices=[ 'A', 'AAAA', 'CNAME', 'DS', 'MX', 'NS', 'SPF', 'SRV', 'SSHFP', 'TLSA', 'TXT' ]), value=dict(type='str', aliases=['content']), weight=dict(type='int', default=1), zone=dict(type='str', required=True, aliases=['domain']), ), supports_check_mode=True, required_if=[ ('state', 'present', ['record', 'type', 'value']), ('state', 'absent', ['record']), ('type', 'SRV', ['proto', 'service']), ('type', 'TLSA', ['proto', 'port']), ], ) if not module.params['api_token'] and not (module.params['account_api_key'] and module.params['account_email']): module.fail_json( msg= "Either api_token or account_api_key and account_email params are required." ) if module.params['type'] == 'SRV': if not ((module.params['weight'] is not None and module.params['port'] is not None and not (module.params['value'] is None or module.params['value'] == '')) or (module.params['weight'] is None and module.params['port'] is None and (module.params['value'] is None or module.params['value'] == ''))): module.fail_json( msg= "For SRV records the params weight, port and value all need to be defined, or not at all." ) if module.params['type'] == 'SSHFP': if not ((module.params['algorithm'] is not None and module.params['hash_type'] is not None and not (module.params['value'] is None or module.params['value'] == '')) or (module.params['algorithm'] is None and module.params['hash_type'] is None and (module.params['value'] is None or module.params['value'] == ''))): module.fail_json( msg= "For SSHFP records the params algorithm, hash_type and value all need to be defined, or not at all." ) if module.params['type'] == 'TLSA': if not ((module.params['cert_usage'] is not None and module.params['selector'] is not None and module.params['hash_type'] is not None and not (module.params['value'] is None or module.params['value'] == '')) or (module.params['cert_usage'] is None and module.params['selector'] is None and module.params['hash_type'] is None and (module.params['value'] is None or module.params['value'] == ''))): module.fail_json( msg= "For TLSA records the params cert_usage, selector, hash_type and value all need to be defined, or not at all." ) if module.params['type'] == 'DS': if not ((module.params['key_tag'] is not None and module.params['algorithm'] is not None and module.params['hash_type'] is not None and not (module.params['value'] is None or module.params['value'] == '')) or (module.params['key_tag'] is None and module.params['algorithm'] is None and module.params['hash_type'] is None and (module.params['value'] is None or module.params['value'] == ''))): module.fail_json( msg= "For DS records the params key_tag, algorithm, hash_type and value all need to be defined, or not at all." ) changed = False cf_api = CloudflareAPI(module) # sanity checks if cf_api.is_solo and cf_api.state == 'absent': module.fail_json(msg="solo=true can only be used with state=present") # perform add, delete or update (only the TTL can be updated) of one or # more records if cf_api.state == 'present': # delete all records matching record name + type if cf_api.is_solo: changed = cf_api.delete_dns_records(solo=cf_api.is_solo) result, changed = cf_api.ensure_dns_record() if isinstance(result, list): module.exit_json(changed=changed, result={'record': result[0]}) module.exit_json(changed=changed, result={'record': result}) else: # force solo to False, just to be sure changed = cf_api.delete_dns_records(solo=False) module.exit_json(changed=changed)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": True, "type": "str", "choices": ["present", "absent"] }, "user_local": { "required": False, "type": "dict", "default": None, "options": { "auth_concurrent_override": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "auth_concurrent_value": { "required": False, "type": "int" }, "authtimeout": { "required": False, "type": "int" }, "email_to": { "required": False, "type": "str" }, "fortitoken": { "required": False, "type": "str" }, "id": { "required": False, "type": "int" }, "ldap_server": { "required": False, "type": "str" }, "name": { "required": True, "type": "str" }, "passwd": { "required": False, "type": "str" }, "passwd_policy": { "required": False, "type": "str" }, "passwd_time": { "required": False, "type": "str" }, "ppk_identity": { "required": False, "type": "str" }, "ppk_secret": { "required": False, "type": "str" }, "radius_server": { "required": False, "type": "str" }, "sms_custom_server": { "required": False, "type": "str" }, "sms_phone": { "required": False, "type": "str" }, "sms_server": { "required": False, "type": "str", "choices": ["fortiguard", "custom"] }, "status": { "required": False, "type": "str", "choices": ["enable", "disable"] }, "two_factor": { "required": False, "type": "str", "choices": ["disable", "fortitoken", "email", "sms"] }, "type": { "required": False, "type": "str", "choices": ["password", "radius", "tacacs+", "ldap"] }, "workstation": { "required": False, "type": "str" } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_user(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_user(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
class MgmtInterface(object): MAX_RETRIES = 15 def __init__(self): argument_spec = eseries_host_argument_spec() argument_spec.update(dict( state=dict(type="str", choices=["enable", "disable"], aliases=["enable_interface"], required=False), controller=dict(type="str", required=True, choices=["A", "B"]), name=dict(type="str", aliases=["port", "iface"]), channel=dict(type="int"), address=dict(type="str", required=False), subnet_mask=dict(type="str", required=False), gateway=dict(type="str", required=False), config_method=dict(type="str", required=False, choices=["dhcp", "static"]), dns_config_method=dict(type="str", required=False, choices=["dhcp", "static"]), dns_address=dict(type="str", required=False), dns_address_backup=dict(type="str", required=False), ntp_config_method=dict(type="str", required=False, choices=["disable", "dhcp", "static"]), ntp_address=dict(type="str", required=False), ntp_address_backup=dict(type="str", required=False), ssh=dict(type="bool", required=False), log_path=dict(type="str", required=False), )) required_if = [ ["state", "enable", ["config_method"]], ["config_method", "static", ["address", "subnet_mask"]], ["dns_config_method", "static", ["dns_address"]], ["ntp_config_method", "static", ["ntp_address"]], ] mutually_exclusive = [ ["name", "channel"], ] self.module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True, required_if=required_if, mutually_exclusive=mutually_exclusive) args = self.module.params self.controller = args["controller"] self.name = args["name"] self.channel = args["channel"] self.config_method = args["config_method"] self.address = args["address"] self.subnet_mask = args["subnet_mask"] self.gateway = args["gateway"] self.enable_interface = None if args["state"] is None else args["state"] == "enable" self.dns_config_method = args["dns_config_method"] self.dns_address = args["dns_address"] self.dns_address_backup = args["dns_address_backup"] self.ntp_config_method = args["ntp_config_method"] self.ntp_address = args["ntp_address"] self.ntp_address_backup = args["ntp_address_backup"] self.ssh = args["ssh"] self.ssid = args["ssid"] self.url = args["api_url"] self.creds = dict(url_password=args["api_password"], validate_certs=args["validate_certs"], url_username=args["api_username"], ) self.retries = 0 self.check_mode = self.module.check_mode self.post_body = dict() log_path = args["log_path"] # logging setup self._logger = logging.getLogger(self.__class__.__name__) if log_path: logging.basicConfig( level=logging.DEBUG, filename=log_path, filemode='w', format='%(relativeCreated)dms %(levelname)s %(module)s.%(funcName)s:%(lineno)d\n %(message)s') if not self.url.endswith('/'): self.url += '/' @property def controllers(self): """Retrieve a mapping of controller labels to their references { 'A': '070000000000000000000001', 'B': '070000000000000000000002', } :return: the controllers defined on the system """ try: (rc, controllers) = request(self.url + 'storage-systems/%s/controllers' % self.ssid, headers=HEADERS, **self.creds) except Exception as err: controllers = list() self.module.fail_json( msg="Failed to retrieve the controller settings. Array Id [%s]. Error [%s]." % (self.ssid, to_native(err))) controllers.sort(key=lambda c: c['physicalLocation']['slot']) controllers_dict = dict() i = ord('A') for controller in controllers: label = chr(i) settings = dict(controllerSlot=controller['physicalLocation']['slot'], controllerRef=controller['controllerRef'], ssh=controller['networkSettings']['remoteAccessEnabled']) controllers_dict[label] = settings i += 1 return controllers_dict @property def interface(self): net_interfaces = list() try: (rc, net_interfaces) = request(self.url + 'storage-systems/%s/configuration/ethernet-interfaces' % self.ssid, headers=HEADERS, **self.creds) except Exception as err: self.module.fail_json( msg="Failed to retrieve defined management interfaces. Array Id [%s]. Error [%s]." % (self.ssid, to_native(err))) controllers = self.controllers controller = controllers[self.controller] net_interfaces = [iface for iface in net_interfaces if iface["controllerRef"] == controller["controllerRef"]] # Find the correct interface iface = None for net in net_interfaces: if self.name: if net["alias"] == self.name or net["interfaceName"] == self.name: iface = net break elif self.channel: if net["channel"] == self.channel: iface = net break if iface is None: identifier = self.name if self.name is not None else self.channel self.module.fail_json(msg="We could not find an interface matching [%s] on Array=[%s]." % (identifier, self.ssid)) return dict(alias=iface["alias"], channel=iface["channel"], link_status=iface["linkStatus"], enabled=iface["ipv4Enabled"], address=iface["ipv4Address"], gateway=iface["ipv4GatewayAddress"], subnet_mask=iface["ipv4SubnetMask"], dns_config_method=iface["dnsProperties"]["acquisitionProperties"]["dnsAcquisitionType"], dns_servers=iface["dnsProperties"]["acquisitionProperties"]["dnsServers"], ntp_config_method=iface["ntpProperties"]["acquisitionProperties"]["ntpAcquisitionType"], ntp_servers=iface["ntpProperties"]["acquisitionProperties"]["ntpServers"], config_method=iface["ipv4AddressConfigMethod"], controllerRef=iface["controllerRef"], controllerSlot=iface["controllerSlot"], ipv6Enabled=iface["ipv6Enabled"], id=iface["interfaceRef"], ) def get_enable_interface_settings(self, iface, expected_iface, update, body): """Enable or disable the IPv4 network interface.""" if self.enable_interface: if not iface["enabled"]: update = True body["ipv4Enabled"] = True else: if iface["enabled"]: update = True body["ipv4Enabled"] = False expected_iface["enabled"] = body["ipv4Enabled"] return update, expected_iface, body def get_interface_settings(self, iface, expected_iface, update, body): """Update network interface settings.""" if self.config_method == "dhcp": if iface["config_method"] != "configDhcp": update = True body["ipv4AddressConfigMethod"] = "configDhcp" else: if iface["config_method"] != "configStatic": update = True body["ipv4AddressConfigMethod"] = "configStatic" if iface["address"] != self.address: update = True body["ipv4Address"] = self.address if iface["subnet_mask"] != self.subnet_mask: update = True body["ipv4SubnetMask"] = self.subnet_mask if self.gateway and iface["gateway"] != self.gateway: update = True body["ipv4GatewayAddress"] = self.gateway expected_iface["address"] = body["ipv4Address"] expected_iface["subnet_mask"] = body["ipv4SubnetMask"] expected_iface["gateway"] = body["ipv4GatewayAddress"] expected_iface["config_method"] = body["ipv4AddressConfigMethod"] return update, expected_iface, body def get_dns_server_settings(self, iface, expected_iface, update, body): """Add DNS server information to the request body.""" if self.dns_config_method == "dhcp": if iface["dns_config_method"] != "dhcp": update = True body["dnsAcquisitionDescriptor"] = dict(dnsAcquisitionType="dhcp") elif self.dns_config_method == "static": dns_servers = [dict(addressType="ipv4", ipv4Address=self.dns_address)] if self.dns_address_backup: dns_servers.append(dict(addressType="ipv4", ipv4Address=self.dns_address_backup)) body["dnsAcquisitionDescriptor"] = dict(dnsAcquisitionType="stat", dnsServers=dns_servers) if (iface["dns_config_method"] != "stat" or len(iface["dns_servers"]) != len(dns_servers) or (len(iface["dns_servers"]) == 2 and (iface["dns_servers"][0]["ipv4Address"] != self.dns_address or iface["dns_servers"][1]["ipv4Address"] != self.dns_address_backup)) or (len(iface["dns_servers"]) == 1 and iface["dns_servers"][0]["ipv4Address"] != self.dns_address)): update = True expected_iface["dns_servers"] = dns_servers expected_iface["dns_config_method"] = body["dnsAcquisitionDescriptor"]["dnsAcquisitionType"] return update, expected_iface, body def get_ntp_server_settings(self, iface, expected_iface, update, body): """Add NTP server information to the request body.""" if self.ntp_config_method == "disable": if iface["ntp_config_method"] != "disabled": update = True body["ntpAcquisitionDescriptor"] = dict(ntpAcquisitionType="disabled") elif self.ntp_config_method == "dhcp": if iface["ntp_config_method"] != "dhcp": update = True body["ntpAcquisitionDescriptor"] = dict(ntpAcquisitionType="dhcp") elif self.ntp_config_method == "static": ntp_servers = [dict(addrType="ipvx", ipvxAddress=dict(addressType="ipv4", ipv4Address=self.ntp_address))] if self.ntp_address_backup: ntp_servers.append(dict(addrType="ipvx", ipvxAddress=dict(addressType="ipv4", ipv4Address=self.ntp_address_backup))) body["ntpAcquisitionDescriptor"] = dict(ntpAcquisitionType="stat", ntpServers=ntp_servers) if (iface["ntp_config_method"] != "stat" or len(iface["ntp_servers"]) != len(ntp_servers) or ((len(iface["ntp_servers"]) == 2 and (iface["ntp_servers"][0]["ipvxAddress"]["ipv4Address"] != self.ntp_address or iface["ntp_servers"][1]["ipvxAddress"]["ipv4Address"] != self.ntp_address_backup)) or (len(iface["ntp_servers"]) == 1 and iface["ntp_servers"][0]["ipvxAddress"]["ipv4Address"] != self.ntp_address))): update = True expected_iface["ntp_servers"] = ntp_servers expected_iface["ntp_config_method"] = body["ntpAcquisitionDescriptor"]["ntpAcquisitionType"] return update, expected_iface, body def get_remote_ssh_settings(self, settings, update, body): """Configure network interface ports for remote ssh access.""" if self.ssh != settings["ssh"]: update = True body["enableRemoteAccess"] = self.ssh return update, body def update_array(self, settings, iface): """Update controller with new interface, dns service, ntp service and/or remote ssh access information. :returns: whether information passed will modify the controller's current state :rtype: bool """ update = False body = dict(controllerRef=settings['controllerRef'], interfaceRef=iface['id']) expected_iface = iface.copy() # Check if api url is using the effected management interface to change itself update_used_matching_address = False if self.enable_interface and self.config_method: netloc = list(urlparse.urlparse(self.url))[1] address = netloc.split(":")[0] address_info = socket.getaddrinfo(address, 8443) url_address_info = socket.getaddrinfo(iface["address"], 8443) update_used_matching_address = any(info in url_address_info for info in address_info) self._logger.info("update_used_matching_address: %s", update_used_matching_address) # Populate the body of the request and check for changes if self.enable_interface is not None: update, expected_iface, body = self.get_enable_interface_settings(iface, expected_iface, update, body) if self.config_method is not None: update, expected_iface, body = self.get_interface_settings(iface, expected_iface, update, body) if self.dns_config_method is not None: update, expected_iface, body = self.get_dns_server_settings(iface, expected_iface, update, body) if self.ntp_config_method is not None: update, expected_iface, body = self.get_ntp_server_settings(iface, expected_iface, update, body) if self.ssh is not None: update, body = self.get_remote_ssh_settings(settings, update, body) iface["ssh"] = self.ssh expected_iface["ssh"] = self.ssh # debug information self._logger.info(pformat(body)) self._logger.info(pformat(iface)) self._logger.info(pformat(expected_iface)) if self.check_mode: return update if update and not self.check_mode: if not update_used_matching_address: try: (rc, data) = request(self.url + 'storage-systems/%s/configuration/ethernet-interfaces' % self.ssid, method='POST', data=json.dumps(body), headers=HEADERS, timeout=300, ignore_errors=True, **self.creds) if rc == 422: if data['retcode'] == "4" or data['retcode'] == "illegalParam": if not (body['ipv4Enabled'] or iface['ipv6Enabled']): self.module.fail_json(msg="This storage-system already has IPv6 connectivity disabled. " "DHCP configuration for IPv4 is required at a minimum." " Array Id [%s] Message [%s]." % (self.ssid, data['errorMessage'])) else: self.module.fail_json(msg="We failed to configure the management interface. Array Id " "[%s] Message [%s]." % (self.ssid, data)) elif rc >= 300: self.module.fail_json( msg="We failed to configure the management interface. Array Id [%s] Message [%s]." % (self.ssid, data)) # This is going to catch cases like a connection failure except Exception as err: self.module.fail_json( msg="Connection failure: we failed to modify the network settings! Array Id [%s]. Error [%s]." % (self.ssid, to_native(err))) else: self.update_api_address_interface_match(body) return self.validate_changes(expected_iface) if update and iface["link_status"] != "up" else update def update_api_address_interface_match(self, body): """Change network interface address which matches the api_address""" try: try: (rc, data) = request(self.url + 'storage-systems/%s/configuration/ethernet-interfaces' % self.ssid, use_proxy=False, force=True, ignore_errors=True, method='POST', data=json.dumps(body), headers=HEADERS, timeout=10, **self.creds) except Exception: url_parts = list(urlparse.urlparse(self.url)) domain = url_parts[1].split(":") domain[0] = self.address url_parts[1] = ":".join(domain) expected_url = urlparse.urlunparse(url_parts) self._logger.info(pformat(expected_url)) (rc, data) = request(expected_url + 'storage-systems/%s/configuration/ethernet-interfaces' % self.ssid, headers=HEADERS, timeout=300, **self.creds) return except Exception as err: self._logger.info(type(err)) self.module.fail_json( msg="Connection failure: we failed to modify the network settings! Array Id [%s]. Error [%s]." % (self.ssid, to_native(err))) def validate_changes(self, expected_iface, retry=6): """Validate interface changes were applied to the controller interface port. 30 second timeout""" if self.interface != expected_iface: time.sleep(5) if retry: return self.validate_changes(expected_iface, retry - 1) self.module.fail_json(msg="Update failure: we failed to verify the necessary state change.") return True def check_health(self): """It's possible, due to a previous operation, for the API to report a 424 (offline) status for the storage-system. Therefore, we run a manual check with retries to attempt to contact the system before we continue. """ try: (rc, data) = request(self.url + 'storage-systems/%s/controllers' % self.ssid, headers=HEADERS, ignore_errors=True, **self.creds) # We've probably recently changed the interface settings and it's still coming back up: retry. if rc == 424: if self.retries < self.MAX_RETRIES: self.retries += 1 self._logger.info("We hit a 424, retrying in 5s.") time.sleep(5) self.check_health() else: self.module.fail_json( msg="We failed to pull storage-system information. Array Id [%s] Message [%s]." % (self.ssid, data)) elif rc >= 300: self.module.fail_json( msg="We failed to pull storage-system information. Array Id [%s] Message [%s]." % (self.ssid, data)) # This is going to catch cases like a connection failure except Exception as err: if self.retries < self.MAX_RETRIES: self._logger.info("We hit a connection failure, retrying in 5s.") self.retries += 1 time.sleep(5) self.check_health() else: self.module.fail_json( msg="Connection failure: we failed to modify the network settings! Array Id [%s]. Error [%s]." % (self.ssid, to_native(err))) def update(self): """Update storage system with necessary changes.""" # Check if the storage array can be contacted self.check_health() # make the necessary changes to the storage system settings = self.controllers[self.controller] iface = self.interface self._logger.info(pformat(settings)) self._logger.info(pformat(iface)) update = self.update_array(settings, iface) self.module.exit_json(msg="The interface settings have been updated.", changed=update) def __call__(self, *args, **kwargs): self.update()
def main(): module = AnsibleModule( argument_spec=dict( path=dict(type='path', required=True, aliases=['filename']), dialect=dict(type='str', default='excel'), key=dict(type='str'), fieldnames=dict(type='list'), unique=dict(type='bool', default=True), delimiter=dict(type='str'), skipinitialspace=dict(type='bool'), strict=dict(type='bool'), ), supports_check_mode=True, ) path = module.params['path'] dialect = module.params['dialect'] key = module.params['key'] fieldnames = module.params['fieldnames'] unique = module.params['unique'] if dialect not in csv.list_dialects(): module.fail_json( msg="Dialect '%s' is not supported by your version of python." % dialect) dialect_options = dict( delimiter=module.params['delimiter'], skipinitialspace=module.params['skipinitialspace'], strict=module.params['strict'], ) # Create a dictionary from only set options dialect_params = dict( (k, v) for k, v in dialect_options.items() if v is not None) if dialect_params: try: csv.register_dialect('custom', dialect, **dialect_params) except TypeError as e: module.fail_json(msg="Unable to create custom dialect: %s" % to_text(e)) dialect = 'custom' try: with open(path, 'rb') as f: data = f.read() except (IOError, OSError) as e: module.fail_json(msg="Unable to open file: %s" % to_text(e)) if PY3: # Manually decode on Python3 so that we can use the surrogateescape error handler data = to_text(data, errors='surrogate_or_strict') fake_fh = StringIO(data) else: fake_fh = BytesIO(data) reader = csv.DictReader(fake_fh, fieldnames=fieldnames, dialect=dialect) if key and key not in reader.fieldnames: module.fail_json( msg="Key '%s' was not found in the CSV header fields: %s" % (key, ', '.join(reader.fieldnames))) data_dict = dict() data_list = list() if key is None: try: for row in reader: data_list.append(row) except csv.Error as e: module.fail_json(msg="Unable to process file: %s" % to_text(e)) else: try: for row in reader: if unique and row[key] in data_dict: module.fail_json( msg="Key '%s' is not unique for value '%s'" % (key, row[key])) data_dict[row[key]] = row except csv.Error as e: module.fail_json(msg="Unable to process file: %s" % to_text(e)) module.exit_json(dict=data_dict, list=data_list)
def main(): argument_spec = ucs_argument_spec argument_spec.update( org_dn=dict(type='str', default='org-root'), name=dict(type='str', required=True), descr=dict(type='str', default='', aliases=['descrption', 'description']), order=dict(type='str', default='default', choices=['default', 'sequential']), first_addr=dict(type='str'), last_addr=dict(type='str'), subnet_mask=dict(type='str', default='255.255.255.0'), default_gw=dict(type='str', default='0.0.0.0'), primary_dns=dict(type='str', default='0.0.0.0'), secondary_dns=dict(type='str', default='0.0.0.0'), ipv6_first_addr=dict(type='str'), ipv6_last_addr=dict(type='str'), ipv6_prefix=dict(type='str', default='64'), ipv6_default_gw=dict(type='str', default='::'), ipv6_primary_dns=dict(type='str', default='::'), ipv6_secondary_dns=dict(type='str', default='::'), state=dict(type='str', default='present', choices=['present', 'absent']), ) module = AnsibleModule( argument_spec, supports_check_mode=True, ) # UCSModule verifies ucsmsdk is present and exits on failure. Imports are below ucs object creation. ucs = UCSModule(module) err = False from ucsmsdk.mometa.ippool.IppoolPool import IppoolPool from ucsmsdk.mometa.ippool.IppoolBlock import IppoolBlock from ucsmsdk.mometa.ippool.IppoolIpV6Block import IppoolIpV6Block changed = False try: mo_exists = False props_match = False # dn is <org_dn>/ip-pool-<name> dn = module.params['org_dn'] + '/ip-pool-' + module.params['name'] mo = ucs.login_handle.query_dn(dn) if mo: mo_exists = True if module.params['state'] == 'absent': if mo_exists: if not module.check_mode: ucs.login_handle.remove_mo(mo) ucs.login_handle.commit() changed = True else: if mo_exists: # check top-level mo props kwargs = dict(assignment_order=module.params['order']) kwargs['descr'] = module.params['descr'] if (mo.check_prop_match(**kwargs)): # top-level props match, check next level mo/props if module.params['last_addr'] and module.params[ 'first_addr']: # ipv4 block specified, check properties block_dn = dn + '/block-' + module.params[ 'first_addr'] + '-' + module.params['last_addr'] mo_1 = ucs.login_handle.query_dn(block_dn) if mo_1: kwargs = dict(subnet=module.params['subnet_mask']) kwargs['def_gw'] = module.params['default_gw'] kwargs['prim_dns'] = module.params['primary_dns'] kwargs['sec_dns'] = module.params['secondary_dns'] if (mo_1.check_prop_match(**kwargs)): # ipv4 block exists and properties match props_match = True else: # no ipv4 block specified, but top-level props matched props_match = True # only check ipv6 props if the top-level and ipv4 props matched if props_match and module.params[ 'ipv6_last_addr'] and module.params[ 'ipv6_first_addr']: # ipv6 block specified, check properties block_dn = dn + '/v6block-' + module.params[ 'ipv6_first_addr'].lower( ) + '-' + module.params['ipv6_last_addr'].lower() mo_1 = ucs.login_handle.query_dn(block_dn) if mo_1: kwargs = dict(prefix=module.params['ipv6_prefix']) kwargs['def_gw'] = module.params['ipv6_default_gw'] kwargs['prim_dns'] = module.params[ 'ipv6_primary_dns'] kwargs['sec_dns'] = module.params[ 'ipv6_secondary_dns'] if (mo_1.check_prop_match(**kwargs)): # ipv6 block exists and properties match props_match = True else: # no ipv6 block specified, but previous checks matched props_match = True if not props_match: if not module.check_mode: # create if mo does not already exist mo = IppoolPool( parent_mo_or_dn=module.params['org_dn'], name=module.params['name'], descr=module.params['descr'], assignment_order=module.params['order'], ) if module.params['last_addr'] and module.params[ 'first_addr']: mo_1 = IppoolBlock( parent_mo_or_dn=mo, to=module.params['last_addr'], r_from=module.params['first_addr'], subnet=module.params['subnet_mask'], def_gw=module.params['default_gw'], prim_dns=module.params['primary_dns'], sec_dns=module.params['secondary_dns'], ) if module.params['ipv6_last_addr'] and module.params[ 'ipv6_first_addr']: mo_1 = IppoolIpV6Block( parent_mo_or_dn=mo, to=module.params['ipv6_last_addr'], r_from=module.params['ipv6_first_addr'], prefix=module.params['ipv6_prefix'], def_gw=module.params['ipv6_default_gw'], prim_dns=module.params['ipv6_primary_dns'], sec_dns=module.params['ipv6_secondary_dns'], ) ucs.login_handle.add_mo(mo, True) ucs.login_handle.commit() changed = True except Exception as e: err = True ucs.result['msg'] = "setup error: %s " % str(e) ucs.result['changed'] = changed if err: module.fail_json(**ucs.result) module.exit_json(**ucs.result)
def main(): module = AnsibleModule(argument_spec=dict( protocol=dict(required=True, choices=SUPPORTED_PROTOCOLS), property=dict(required=True, aliases=['name']), value=dict(required=False), temporary=dict(default=False, type='bool'), interface=dict(required=True, default=None, aliases=['nic']), state=dict(default='present', choices=['absent', 'present', 'reset']), ), supports_check_mode=True) ifprop = IfProp(module) rc = None out = '' err = '' result = {} result['protocol'] = ifprop.protocol result['property'] = ifprop.property result['interface'] = ifprop.interface result['state'] = ifprop.state if ifprop.value: result['value'] = ifprop.value if ifprop.state == 'absent' or ifprop.state == 'reset': if ifprop.property_exists(): if not ifprop.property_is_modified(): if module.check_mode: module.exit_json(changed=True) (rc, out, err) = ifprop.reset_property() if rc != 0: module.fail_json(protocol=ifprop.protocol, property=ifprop.property, interface=ifprop.interface, msg=err, rc=rc) elif ifprop.state == 'present': if ifprop.value is None: module.fail_json(msg='Value is mandatory with state "present"') if ifprop.property_exists(): if not ifprop.property_is_set(): if module.check_mode: module.exit_json(changed=True) (rc, out, err) = ifprop.set_property() if rc != 0: module.fail_json(protocol=ifprop.protocol, property=ifprop.property, interface=ifprop.interface, msg=err, rc=rc) if rc is None: result['changed'] = False else: result['changed'] = True if out: result['stdout'] = out if err: result['stderr'] = err module.exit_json(**result)
def main(): module = AnsibleModule( argument_spec=dict( timeout=dict(type='str', default='30m'), puppetmaster=dict(type='str'), modulepath=dict(type='str'), manifest=dict(type='str'), noop=dict(required=False, type='bool'), logdest=dict(type='str', default='stdout', choices=['all', 'stdout', 'syslog']), # internal code to work with --diff, do not use show_diff=dict(type='bool', default=False, aliases=['show-diff']), facts=dict(type='dict'), facter_basename=dict(type='str', default='ansible'), environment=dict(type='str'), certname=dict(type='str'), tags=dict(type='list'), execute=dict(type='str'), summarize=dict(type='bool', default=False), debug=dict(type='bool', default=False), verbose=dict(type='bool', default=False), use_srv_records=dict(type='bool'), ), supports_check_mode=True, mutually_exclusive=[ ('puppetmaster', 'manifest'), ('puppetmaster', 'manifest', 'execute'), ('puppetmaster', 'modulepath'), ], ) p = module.params global PUPPET_CMD PUPPET_CMD = module.get_bin_path("puppet", False, ['/opt/puppetlabs/bin']) if not PUPPET_CMD: module.fail_json( msg="Could not find puppet. Please ensure it is installed.") global TIMEOUT_CMD TIMEOUT_CMD = module.get_bin_path("timeout", False) if p['manifest']: if not os.path.exists(p['manifest']): module.fail_json(msg="Manifest file %(manifest)s not found." % dict(manifest=p['manifest'])) # Check if puppet is disabled here if not p['manifest']: rc, stdout, stderr = module.run_command( PUPPET_CMD + " config print agent_disabled_lockfile") if os.path.exists(stdout.strip()): module.fail_json(msg="Puppet agent is administratively disabled.", disabled=True) elif rc != 0: module.fail_json(msg="Puppet agent state could not be determined.") if module.params['facts'] and not module.check_mode: _write_structured_data(_get_facter_dir(), module.params['facter_basename'], module.params['facts']) if TIMEOUT_CMD: base_cmd = "%(timeout_cmd)s -s 9 %(timeout)s %(puppet_cmd)s" % dict( timeout_cmd=TIMEOUT_CMD, timeout=shlex_quote(p['timeout']), puppet_cmd=PUPPET_CMD) else: base_cmd = PUPPET_CMD if not p['manifest'] and not p['execute']: cmd = ("%(base_cmd)s agent --onetime" " --no-daemonize --no-usecacheonfailure --no-splay" " --detailed-exitcodes --verbose --color 0") % dict( base_cmd=base_cmd) if p['puppetmaster']: cmd += " --server %s" % shlex_quote(p['puppetmaster']) if p['show_diff']: cmd += " --show_diff" if p['environment']: cmd += " --environment '%s'" % p['environment'] if p['tags']: cmd += " --tags '%s'" % ','.join(p['tags']) if p['certname']: cmd += " --certname='%s'" % p['certname'] if module.check_mode: cmd += " --noop" if p['use_srv_records'] is not None: if not p['use_srv_records']: cmd += " --no-use_srv_records" else: cmd += " --use_srv_records" elif 'noop' in p: if p['noop']: cmd += " --noop" else: cmd += " --no-noop" else: cmd = "%s apply --detailed-exitcodes " % base_cmd if p['logdest'] == 'syslog': cmd += "--logdest syslog " if p['logdest'] == 'all': cmd += " --logdest syslog --logdest stdout" if p['modulepath']: cmd += "--modulepath='%s'" % p['modulepath'] if p['environment']: cmd += "--environment '%s' " % p['environment'] if p['certname']: cmd += " --certname='%s'" % p['certname'] if p['tags']: cmd += " --tags '%s'" % ','.join(p['tags']) if module.check_mode: cmd += "--noop " elif 'noop' in p: if p['noop']: cmd += " --noop" else: cmd += " --no-noop" if p['execute']: cmd += " --execute '%s'" % p['execute'] else: cmd += shlex_quote(p['manifest']) if p['summarize']: cmd += " --summarize" if p['debug']: cmd += " --debug" if p['verbose']: cmd += " --verbose" rc, stdout, stderr = module.run_command(cmd) if rc == 0: # success module.exit_json(rc=rc, changed=False, stdout=stdout, stderr=stderr) elif rc == 1: # rc==1 could be because it's disabled # rc==1 could also mean there was a compilation failure disabled = "administratively disabled" in stdout if disabled: msg = "puppet is disabled" else: msg = "puppet did not run" module.exit_json(rc=rc, disabled=disabled, msg=msg, error=True, stdout=stdout, stderr=stderr) elif rc == 2: # success with changes module.exit_json(rc=0, changed=True, stdout=stdout, stderr=stderr) elif rc == 124: # timeout module.exit_json(rc=rc, msg="%s timed out" % cmd, stdout=stdout, stderr=stderr) else: # failure module.fail_json(rc=rc, msg="%s failed with return code: %d" % (cmd, rc), stdout=stdout, stderr=stderr)
def main(): argument_spec = ec2_argument_spec() argument_spec.update( dict(stack_name=dict(required=True), template_parameters=dict(required=False, type='dict', default={}), state=dict(default='present', choices=['present', 'absent']), template=dict(default=None, required=False, type='path'), notification_arns=dict(default=None, required=False), stack_policy=dict(default=None, required=False), disable_rollback=dict(default=False, type='bool'), on_create_failure=dict( default=None, required=False, choices=['DO_NOTHING', 'ROLLBACK', 'DELETE']), create_timeout=dict(default=None, type='int'), template_url=dict(default=None, required=False), template_body=dict(default=None, required=False), template_format=dict(removed_in_version='2.14'), create_changeset=dict(default=False, type='bool'), changeset_name=dict(default=None, required=False), role_arn=dict(default=None, required=False), tags=dict(default=None, type='dict'), termination_protection=dict(default=None, type='bool'), events_limit=dict(default=200, type='int'), backoff_retries=dict(type='int', default=10, required=False), backoff_delay=dict(type='int', default=3, required=False), backoff_max_delay=dict(type='int', default=30, required=False), capabilities=dict( type='list', default=['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM']))) module = AnsibleModule( argument_spec=argument_spec, mutually_exclusive=[['template_url', 'template', 'template_body']], supports_check_mode=True) if not HAS_BOTO3: module.fail_json(msg='boto3 and botocore are required for this module') invalid_capabilities = [] user_capabilities = module.params.get('capabilities') for user_cap in user_capabilities: if user_cap not in [ 'CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM', 'CAPABILITY_AUTO_EXPAND' ]: invalid_capabilities.append(user_cap) if invalid_capabilities: module.fail_json(msg="Specified capabilities are invalid : %r," " please check documentation for valid capabilities" % invalid_capabilities) # collect the parameters that are passed to boto3. Keeps us from having so many scalars floating around. stack_params = { 'Capabilities': user_capabilities, 'ClientRequestToken': to_native(uuid.uuid4()), } state = module.params['state'] stack_params['StackName'] = module.params['stack_name'] if module.params['template'] is not None: with open(module.params['template'], 'r') as template_fh: stack_params['TemplateBody'] = template_fh.read() elif module.params['template_body'] is not None: stack_params['TemplateBody'] = module.params['template_body'] elif module.params['template_url'] is not None: stack_params['TemplateURL'] = module.params['template_url'] if module.params.get('notification_arns'): stack_params['NotificationARNs'] = module.params[ 'notification_arns'].split(',') else: stack_params['NotificationARNs'] = [] # can't check the policy when verifying. if module.params[ 'stack_policy'] is not None and not module.check_mode and not module.params[ 'create_changeset']: with open(module.params['stack_policy'], 'r') as stack_policy_fh: stack_params['StackPolicyBody'] = stack_policy_fh.read() template_parameters = module.params['template_parameters'] stack_params['Parameters'] = [] for k, v in template_parameters.items(): if isinstance(v, dict): # set parameter based on a dict to allow additional CFN Parameter Attributes param = dict(ParameterKey=k) if 'value' in v: param['ParameterValue'] = str(v['value']) if 'use_previous_value' in v and bool(v['use_previous_value']): param['UsePreviousValue'] = True param.pop('ParameterValue', None) stack_params['Parameters'].append(param) else: # allow default k/v configuration to set a template parameter stack_params['Parameters'].append({ 'ParameterKey': k, 'ParameterValue': str(v) }) if isinstance(module.params.get('tags'), dict): stack_params['Tags'] = ansible_dict_to_boto3_tag_list( module.params['tags']) if module.params.get('role_arn'): stack_params['RoleARN'] = module.params['role_arn'] result = {} try: region, ec2_url, aws_connect_kwargs = get_aws_connection_info( module, boto3=True) cfn = boto3_conn(module, conn_type='client', resource='cloudformation', region=region, endpoint=ec2_url, **aws_connect_kwargs) except botocore.exceptions.NoCredentialsError as e: module.fail_json(msg=boto_exception(e)) # Wrap the cloudformation client methods that this module uses with # automatic backoff / retry for throttling error codes backoff_wrapper = AWSRetry.jittered_backoff( retries=module.params.get('backoff_retries'), delay=module.params.get('backoff_delay'), max_delay=module.params.get('backoff_max_delay')) cfn.describe_stack_events = backoff_wrapper(cfn.describe_stack_events) cfn.create_stack = backoff_wrapper(cfn.create_stack) cfn.list_change_sets = backoff_wrapper(cfn.list_change_sets) cfn.create_change_set = backoff_wrapper(cfn.create_change_set) cfn.update_stack = backoff_wrapper(cfn.update_stack) cfn.describe_stacks = backoff_wrapper(cfn.describe_stacks) cfn.list_stack_resources = backoff_wrapper(cfn.list_stack_resources) cfn.delete_stack = backoff_wrapper(cfn.delete_stack) if boto_supports_termination_protection(cfn): cfn.update_termination_protection = backoff_wrapper( cfn.update_termination_protection) stack_info = get_stack_facts(cfn, stack_params['StackName']) if module.check_mode: if state == 'absent' and stack_info: module.exit_json(changed=True, msg='Stack would be deleted', meta=[]) elif state == 'absent' and not stack_info: module.exit_json(changed=False, msg='Stack doesn\'t exist', meta=[]) elif state == 'present' and not stack_info: module.exit_json(changed=True, msg='New stack would be created', meta=[]) else: module.exit_json(**check_mode_changeset(module, stack_params, cfn)) if state == 'present': if not stack_info: result = create_stack(module, stack_params, cfn, module.params.get('events_limit')) elif module.params.get('create_changeset'): result = create_changeset(module, stack_params, cfn, module.params.get('events_limit')) else: if module.params.get('termination_protection') is not None: update_termination_protection( module, cfn, stack_params['StackName'], bool(module.params.get('termination_protection'))) result = update_stack(module, stack_params, cfn, module.params.get('events_limit')) # format the stack output stack = get_stack_facts(cfn, stack_params['StackName']) if stack is not None: if result.get('stack_outputs') is None: # always define stack_outputs, but it may be empty result['stack_outputs'] = {} for output in stack.get('Outputs', []): result['stack_outputs'][ output['OutputKey']] = output['OutputValue'] stack_resources = [] reslist = cfn.list_stack_resources( StackName=stack_params['StackName']) for res in reslist.get('StackResourceSummaries', []): stack_resources.append({ "logical_resource_id": res['LogicalResourceId'], "physical_resource_id": res.get('PhysicalResourceId', ''), "resource_type": res['ResourceType'], "last_updated_time": res['LastUpdatedTimestamp'], "status": res['ResourceStatus'], "status_reason": res.get('ResourceStatusReason') # can be blank, apparently }) result['stack_resources'] = stack_resources elif state == 'absent': # absent state is different because of the way delete_stack works. # problem is it it doesn't give an error if stack isn't found # so must describe the stack first try: stack = get_stack_facts(cfn, stack_params['StackName']) if not stack: result = {'changed': False, 'output': 'Stack not found.'} else: if stack_params.get('RoleARN') is None: cfn.delete_stack(StackName=stack_params['StackName']) else: cfn.delete_stack(StackName=stack_params['StackName'], RoleARN=stack_params['RoleARN']) result = stack_operation( cfn, stack_params['StackName'], 'DELETE', module.params.get('events_limit'), stack_params.get('ClientRequestToken', None)) except Exception as err: module.fail_json(msg=boto_exception(err), exception=traceback.format_exc()) module.exit_json(**result)
class ElementSWClusterConfig(object): """ Element Software Configure Element SW Cluster """ def __init__(self): self.argument_spec = netapp_utils.ontap_sf_host_argument_spec() self.argument_spec.update( dict(modify_cluster_full_threshold=dict( type='dict', options=dict(stage2_aware_threshold=dict(type='int', default=None), stage3_block_threshold_percent=dict(type='int', default=None), max_metadata_over_provision_factor=dict( type='int', default=None))), encryption_at_rest=dict(type='str', choices=['present', 'absent']), set_ntp_info=dict(type='dict', options=dict( broadcastclient=dict(type='bool', default=False), ntp_servers=dict(type='list'))), enable_virtual_volumes=dict(type='bool', default=True))) self.module = AnsibleModule(argument_spec=self.argument_spec, supports_check_mode=True) self.na_helper = NetAppModule() self.parameters = self.na_helper.set_parameters(self.module.params) if HAS_SF_SDK is False: self.module.fail_json( msg="Unable to import the SolidFire Python SDK") else: self.sfe = netapp_utils.create_sf_connection(module=self.module) def get_ntp_details(self): """ get ntp info """ # Get ntp details ntp_details = self.sfe.get_ntp_info() return ntp_details def cmp(self, provided_ntp_servers, existing_ntp_servers): # As python3 doesn't have default cmp function, defining manually to provide same functionality. return (provided_ntp_servers > existing_ntp_servers) - ( provided_ntp_servers < existing_ntp_servers) def get_cluster_details(self): """ get cluster info """ cluster_details = self.sfe.get_cluster_info() return cluster_details def get_vvols_status(self): """ get vvols status """ feature_status = self.sfe.get_feature_status(feature='vvols') if feature_status is not None: return feature_status.features[0].enabled return None def get_cluster_full_threshold_status(self): """ get cluster full threshold """ cluster_full_threshold_status = self.sfe.get_cluster_full_threshold() return cluster_full_threshold_status def setup_ntp_info(self, servers, broadcastclient=None): """ configure ntp """ # Set ntp servers try: self.sfe.set_ntp_info(servers, broadcastclient) except Exception as exception_object: self.module.fail_json(msg='Error configuring ntp %s' % (to_native(exception_object)), exception=traceback.format_exc()) def set_encryption_at_rest(self, state=None): """ enable/disable encryption at rest """ try: if state == 'present': encryption_state = 'enable' self.sfe.enable_encryption_at_rest() elif state == 'absent': encryption_state = 'disable' self.sfe.disable_encryption_at_rest() except Exception as exception_object: self.module.fail_json( msg='Failed to %s rest encryption %s' % (encryption_state, to_native(exception_object)), exception=traceback.format_exc()) def enable_feature(self, feature): """ enable feature """ try: self.sfe.enable_feature(feature=feature) except Exception as exception_object: self.module.fail_json(msg='Error enabling %s %s' % (feature, to_native(exception_object)), exception=traceback.format_exc()) def set_cluster_full_threshold(self, stage2_aware_threshold=None, stage3_block_threshold_percent=None, max_metadata_over_provision_factor=None): """ modify cluster full threshold """ try: self.sfe.modify_cluster_full_threshold( stage2_aware_threshold=stage2_aware_threshold, stage3_block_threshold_percent=stage3_block_threshold_percent, max_metadata_over_provision_factor= max_metadata_over_provision_factor) except Exception as exception_object: self.module.fail_json( msg='Failed to modify cluster full threshold %s' % (to_native(exception_object)), exception=traceback.format_exc()) def apply(self): """ Cluster configuration """ changed = False result_message = None if self.parameters.get('modify_cluster_full_threshold') is not None: # get cluster full threshold cluster_full_threshold_details = self.get_cluster_full_threshold_status( ) # maxMetadataOverProvisionFactor current_mmopf = cluster_full_threshold_details.max_metadata_over_provision_factor # stage3BlockThresholdPercent current_s3btp = cluster_full_threshold_details.stage3_block_threshold_percent # stage2AwareThreshold current_s2at = cluster_full_threshold_details.stage2_aware_threshold # is cluster full threshold state change required? if self.parameters.get("modify_cluster_full_threshold")['max_metadata_over_provision_factor'] is not None and \ current_mmopf != self.parameters['modify_cluster_full_threshold']['max_metadata_over_provision_factor'] or \ self.parameters.get("modify_cluster_full_threshold")['stage3_block_threshold_percent'] is not None and \ current_s3btp != self.parameters['modify_cluster_full_threshold']['stage3_block_threshold_percent'] or \ self.parameters.get("modify_cluster_full_threshold")['stage2_aware_threshold'] is not None and \ current_s2at != self.parameters['modify_cluster_full_threshold']['stage2_aware_threshold']: changed = True self.set_cluster_full_threshold( self.parameters['modify_cluster_full_threshold'] ['stage2_aware_threshold'], self.parameters['modify_cluster_full_threshold'] ['stage3_block_threshold_percent'], self.parameters['modify_cluster_full_threshold'] ['max_metadata_over_provision_factor']) if self.parameters.get('encryption_at_rest') is not None: # get all cluster info cluster_info = self.get_cluster_details() # register rest state current_encryption_at_rest_state = cluster_info.cluster_info.encryption_at_rest_state # is encryption state change required? if current_encryption_at_rest_state == 'disabled' and self.parameters['encryption_at_rest'] == 'present' or \ current_encryption_at_rest_state == 'enabled' and self.parameters['encryption_at_rest'] == 'absent': changed = True self.set_encryption_at_rest( self.parameters['encryption_at_rest']) if self.parameters.get('set_ntp_info') is not None: # get all ntp details ntp_details = self.get_ntp_details() # register list of ntp servers ntp_servers = ntp_details.servers # broadcastclient broadcast_client = ntp_details.broadcastclient # has either the broadcastclient or the ntp server list changed? if self.parameters.get('set_ntp_info')['broadcastclient'] != broadcast_client or \ self.cmp(self.parameters.get('set_ntp_info')['ntp_servers'], ntp_servers) != 0: changed = True self.setup_ntp_info( self.parameters.get('set_ntp_info')['ntp_servers'], self.parameters.get('set_ntp_info')['broadcastclient']) if self.parameters.get('enable_virtual_volumes') is not None: # check vvols status current_vvols_status = self.get_vvols_status() # has the vvols state changed? if current_vvols_status is False and self.parameters.get( 'enable_virtual_volumes') is True: changed = True self.enable_feature('vvols') elif current_vvols_status is True and self.parameters.get( 'enable_virtual_volumes') is not True: # vvols, once enabled, cannot be disabled self.module.fail_json( msg='Error disabling vvols: this feature cannot be undone') if self.module.check_mode is True: result_message = "Check mode, skipping changes" self.module.exit_json(changed=changed, msg=result_message)
def main(): # Setup the Ansible module module = AnsibleModule(argument_spec=dict( channel=dict(required=True, type='str'), property=dict(required=True, type='str'), value_type=dict(required=False, choices=['int', 'bool', 'float', 'string'], type='str'), value=dict(required=False, default=None, type='str'), state=dict(default='present', choices=['present', 'get', 'absent'], type='str')), supports_check_mode=True) state_values = {"present": "set", "absent": "unset", "get": "get"} # Assign module values to dictionary values channel = module.params['channel'] property = module.params['property'] value_type = module.params['value_type'] if module.params['value'].lower() == "true": value = "true" elif module.params['value'] == "false": value = "false" else: value = module.params['value'] state = state_values[module.params['state']] # Initialize some variables for later change = False new_value = '' if state != "get": if value is None or value == "": module.fail_json(msg='State %s requires "value" to be set' % str(state)) elif value_type is None or value_type == "": module.fail_json(msg='State %s requires "value_type" to be set' % str(state)) # Create a Xfconf preference xfconf = XfconfPreference(module, channel, property, value_type, value) # Now we get the current value, if not found don't fail dummy, current_value = xfconf.call("get", fail_onerr=False) # Check if the current value equals the value we want to set. If not, make # a change if current_value != value: # If check mode, we know a change would have occurred. if module.check_mode: # So we will set the change to True change = True # And set the new_value to the value that would have been set new_value = value # If not check mode make the change. else: change, new_value = xfconf.call(state) # If the value we want to set is the same as the current_value, we will # set the new_value to the current_value for reporting else: new_value = current_value facts = dict( xfconf={ 'changed': change, 'channel': channel, 'property': property, 'value_type': value_type, 'new_value': new_value, 'previous_value': current_value, 'playbook_value': module.params['value'] }) module.exit_json(changed=change, ansible_facts=facts)
def main(): argument_spec = ovirt_full_argument_spec( state=dict( choices=['present', 'absent'], default='present', ), name=dict(aliases=['host'], required=True), bond=dict(default=None, type='dict'), interface=dict(default=None), networks=dict(default=None, type='list'), labels=dict(default=None, type='list'), check=dict(default=None, type='bool'), save=dict(default=True, type='bool'), sync_networks=dict(default=False, type='bool'), ) module = AnsibleModule(argument_spec=argument_spec) check_sdk(module) try: auth = module.params.pop('auth') connection = create_connection(auth) hosts_service = connection.system_service().hosts_service() host_networks_module = HostNetworksModule( connection=connection, module=module, service=hosts_service, ) host = host_networks_module.search_entity() if host is None: raise Exception("Host '%s' was not found." % module.params['name']) bond = module.params['bond'] interface = module.params['interface'] networks = module.params['networks'] labels = module.params['labels'] nic_name = bond.get('name') if bond else module.params['interface'] host_service = hosts_service.host_service(host.id) nics_service = host_service.nics_service() nic = search_by_name(nics_service, nic_name) if module.params["sync_networks"]: if needs_sync(nics_service): if not module.check_mode: host_service.sync_all_networks() host_networks_module.changed = True network_names = [network['name'] for network in networks or []] state = module.params['state'] if (state == 'present' and (nic is None or host_networks_module.has_update( nics_service.service(nic.id)))): # Remove networks which are attached to different interface then user want: attachments_service = host_service.network_attachments_service() # Append attachment ID to network if needs update: for a in attachments_service.list(): current_network_name = get_link_name(connection, a.network) if current_network_name in network_names: for n in networks: if n['name'] == current_network_name: n['id'] = a.id # Check if we have to break some bonds: removed_bonds = [] if nic is not None: for host_nic in nics_service.list(): if host_nic.bonding and nic.id in [ slave.id for slave in host_nic.bonding.slaves ]: removed_bonds.append(otypes.HostNic(id=host_nic.id)) # Assign the networks: setup_params = dict( entity=host, action='setup_networks', check_connectivity=module.params['check'], removed_bonds=removed_bonds if removed_bonds else None, modified_bonds=[ otypes.HostNic( name=bond.get('name'), bonding=otypes.Bonding( options=get_bond_options(bond.get('mode'), bond.get('options')), slaves=[ otypes.HostNic(name=i) for i in bond.get('interfaces', []) ], ), ), ] if bond else None, modified_labels=[ otypes.NetworkLabel( id=str(name), host_nic=otypes.HostNic( name=bond.get('name') if bond else interface), ) for name in labels ] if labels else None, modified_network_attachments=[ otypes.NetworkAttachment( id=network.get('id'), network=otypes.Network( name=network['name']) if network['name'] else None, host_nic=otypes.HostNic( name=bond.get('name') if bond else interface), ip_address_assignments=[ otypes.IpAddressAssignment( assignment_method=otypes.BootProtocol( network.get('boot_protocol', 'none')), ip=otypes.Ip( address=network.get('address'), gateway=network.get('gateway'), netmask=network.get('netmask'), version=otypes.IpVersion( network.get('version')) if network.get('version') else None, ), ), ], ) for network in networks ] if networks else None, ) if engine_supported(connection, '4.3'): setup_params['commit_on_success'] = module.params['save'] elif module.params['save']: setup_params[ 'post_action'] = host_networks_module._action_save_configuration host_networks_module.action(**setup_params) elif state == 'absent' and nic: attachments = [] nic_service = nics_service.nic_service(nic.id) attached_labels = set([ str(lbl.id) for lbl in nic_service.network_labels_service().list() ]) if networks: attachments_service = nic_service.network_attachments_service() attachments = attachments_service.list() attachments = [ attachment for attachment in attachments if get_link_name( connection, attachment.network) in network_names ] # Remove unmanaged networks: unmanaged_networks_service = host_service.unmanaged_networks_service( ) unmanaged_networks = [(u.id, u.name) for u in unmanaged_networks_service.list()] for net_id, net_name in unmanaged_networks: if net_name in network_names: if not module.check_mode: unmanaged_networks_service.unmanaged_network_service( net_id).remove() host_networks_module.changed = True # Need to check if there are any labels to be removed, as backend fail # if we try to send remove non existing label, for bond and attachments it's OK: if (labels and set(labels).intersection(attached_labels) ) or bond or attachments: setup_params = dict( entity=host, action='setup_networks', check_connectivity=module.params['check'], removed_bonds=[ otypes.HostNic(name=bond.get('name'), ), ] if bond else None, removed_labels=[ otypes.NetworkLabel(id=str(name)) for name in labels ] if labels else None, removed_network_attachments=attachments if attachments else None, ) if engine_supported(connection, '4.3'): setup_params['commit_on_success'] = module.params['save'] elif module.params['save']: setup_params[ 'post_action'] = host_networks_module._action_save_configuration host_networks_module.action(**setup_params) nic = search_by_name(nics_service, nic_name) module.exit_json( **{ 'changed': host_networks_module.changed, 'id': nic.id if nic else None, 'host_nic': get_dict_of_struct(nic), }) except Exception as e: module.fail_json(msg=str(e), exception=traceback.format_exc()) finally: connection.close(logout=auth.get('token') is None)
def main(): argument_spec = rax_argument_spec() argument_spec.update( dict( auto_increment=dict(default=True, type='bool'), boot_from_volume=dict(default=False, type='bool'), boot_volume=dict(type='str'), boot_volume_size=dict(type='int', default=100), boot_volume_terminate=dict(type='bool', default=False), config_drive=dict(default=False, type='bool'), count=dict(default=1, type='int'), count_offset=dict(default=1, type='int'), disk_config=dict(choices=['auto', 'manual']), exact_count=dict(default=False, type='bool'), extra_client_args=dict(type='dict', default={}), extra_create_args=dict(type='dict', default={}), files=dict(type='dict', default={}), flavor=dict(), group=dict(), image=dict(), instance_ids=dict(type='list'), key_name=dict(aliases=['keypair']), meta=dict(type='dict', default={}), name=dict(), networks=dict(type='list', default=['public', 'private']), service=dict(), state=dict(default='present', choices=['present', 'absent']), user_data=dict(no_log=True), wait=dict(default=False, type='bool'), wait_timeout=dict(default=300, type='int'), )) module = AnsibleModule( argument_spec=argument_spec, required_together=rax_required_together(), ) if not HAS_PYRAX: module.fail_json(msg='pyrax is required for this module') service = module.params.get('service') if service is not None: module.fail_json(msg='The "service" attribute has been deprecated, ' 'please remove "service: cloudservers" from your ' 'playbook pertaining to the "rax" module') auto_increment = module.params.get('auto_increment') boot_from_volume = module.params.get('boot_from_volume') boot_volume = module.params.get('boot_volume') boot_volume_size = module.params.get('boot_volume_size') boot_volume_terminate = module.params.get('boot_volume_terminate') config_drive = module.params.get('config_drive') count = module.params.get('count') count_offset = module.params.get('count_offset') disk_config = module.params.get('disk_config') if disk_config: disk_config = disk_config.upper() exact_count = module.params.get('exact_count', False) extra_client_args = module.params.get('extra_client_args') extra_create_args = module.params.get('extra_create_args') files = module.params.get('files') flavor = module.params.get('flavor') group = module.params.get('group') image = module.params.get('image') instance_ids = module.params.get('instance_ids') key_name = module.params.get('key_name') meta = module.params.get('meta') name = module.params.get('name') networks = module.params.get('networks') state = module.params.get('state') user_data = module.params.get('user_data') wait = module.params.get('wait') wait_timeout = int(module.params.get('wait_timeout')) setup_rax_module(module, pyrax) if extra_client_args: pyrax.cloudservers = pyrax.connect_to_cloudservers( region=pyrax.cloudservers.client.region_name, **extra_client_args) client = pyrax.cloudservers.client if 'bypass_url' in extra_client_args: client.management_url = extra_client_args['bypass_url'] if pyrax.cloudservers is None: module.fail_json(msg='Failed to instantiate client. This ' 'typically indicates an invalid region or an ' 'incorrectly capitalized region name.') cloudservers(module, state=state, name=name, flavor=flavor, image=image, meta=meta, key_name=key_name, files=files, wait=wait, wait_timeout=wait_timeout, disk_config=disk_config, count=count, group=group, instance_ids=instance_ids, exact_count=exact_count, networks=networks, count_offset=count_offset, auto_increment=auto_increment, extra_create_args=extra_create_args, user_data=user_data, config_drive=config_drive, boot_from_volume=boot_from_volume, boot_volume=boot_volume, boot_volume_size=boot_volume_size, boot_volume_terminate=boot_volume_terminate)
def main(): # Setup the Ansible module module = AnsibleModule(argument_spec=dict( key=dict(type='str', required=True), value_type=dict(type='str', choices=['bool', 'float', 'int', 'string']), value=dict(type='str'), state=dict(type='str', required=True, choices=['absent', 'get', 'present']), direct=dict(type='bool', default=False), config_source=dict(type='str'), ), supports_check_mode=True) state_values = {"present": "set", "absent": "unset", "get": "get"} # Assign module values to dictionary values key = module.params['key'] value_type = module.params['value_type'] if module.params['value'].lower() == "true": value = "true" elif module.params['value'] == "false": value = "false" else: value = module.params['value'] state = state_values[module.params['state']] direct = module.params['direct'] config_source = module.params['config_source'] # Initialize some variables for later change = False new_value = '' if state != "get": if value is None or value == "": module.fail_json(msg='State %s requires "value" to be set' % str(state)) elif value_type is None or value_type == "": module.fail_json(msg='State %s requires "value_type" to be set' % str(state)) if direct and config_source is None: module.fail_json(msg='If "direct" is "yes" then the ' + '"config_source" must be specified') elif not direct and config_source is not None: module.fail_json(msg='If the "config_source" is specified ' + 'then "direct" must be "yes"') # Create a gconf2 preference gconf_pref = GConf2Preference(module, key, value_type, value, direct, config_source) # Now we get the current value, if not found don't fail _, current_value = gconf_pref.call("get", fail_onerr=False) # Check if the current value equals the value we want to set. If not, make # a change if current_value != value: # If check mode, we know a change would have occurred. if module.check_mode: # So we will set the change to True change = True # And set the new_value to the value that would have been set new_value = value # If not check mode make the change. else: change, new_value = gconf_pref.call(state) # If the value we want to set is the same as the current_value, we will # set the new_value to the current_value for reporting else: new_value = current_value facts = dict( gconftool2={ 'changed': change, 'key': key, 'value_type': value_type, 'new_value': new_value, 'previous_value': current_value, 'playbook_value': module.params['value'] }) module.exit_json(changed=change, ansible_facts=facts)
def main(): """ This section is for arguments parsing """ state_map = dict(present='ipv6security-raguard-create', absent='ipv6security-raguard-delete', update='ipv6security-raguard-modify') argument_spec = dict( pn_cliswitch=dict(required=False, type='str'), state=dict(required=False, type='str', choices=state_map.keys(), default='present'), pn_device=dict(required=False, type='str', choices=['host', 'router']), pn_access_list=dict(required=False, type='str'), pn_prefix_list=dict(required=False, type='str'), pn_router_priority=dict(required=False, type='str', choices=['low', 'medium', 'high']), pn_name=dict(required=True, type='str'), ) module = AnsibleModule( argument_spec=argument_spec, required_if=(["state", "present", ['pn_device']], ), ) # Accessing the arguments cliswitch = module.params['pn_cliswitch'] state = module.params['state'] device = module.params['pn_device'] access_list = module.params['pn_access_list'] prefix_list = module.params['pn_prefix_list'] router_priority = module.params['pn_router_priority'] name = module.params['pn_name'] command = state_map[state] # Building the CLI command string cli = pn_cli(module, cliswitch) NAME_EXISTS = check_cli(module) if command == 'ipv6security-raguard-modify': if not device and not access_list and not prefix_list and not router_priority: module.fail_json( failed=True, msg= 'required one of device, access_list, prefix_list or router_priority' ) if command == 'ipv6security-raguard-create': if NAME_EXISTS is True: module.exit_json( skipped=True, msg='ipv6 security raguard with name %s already exists' % name) if command != 'ipv6security-raguard-create': if NAME_EXISTS is False: module.exit_json( skipped=True, msg='ipv6 security raguard with name %s does not exist' % name) cli += ' %s name %s ' % (command, name) if command != 'ipv6security-raguard-delete': if device == 'router': cli += ' device ' + device if access_list: check_list(module, access_list, 'access-list-show') cli += ' access-list ' + access_list if prefix_list: check_list(module, prefix_list, 'prefix-list-show') cli += ' prefix-list ' + prefix_list if router_priority: cli += ' router-priority ' + router_priority if device == 'host': cli += ' device ' + device run_cli(module, cli, state_map)
class NetAppOntapUnixGroup(object): """ Common operations to manage UNIX groups """ def __init__(self): self.argument_spec = netapp_utils.na_ontap_host_argument_spec() self.argument_spec.update( dict(state=dict(required=False, choices=['present', 'absent'], default='present'), name=dict(required=True, type='str'), id=dict(required=False, type='int'), skip_name_validation=dict(required=False, type='bool'), vserver=dict(required=True, type='str'), users=dict(required=False, type='list'))) self.module = AnsibleModule(argument_spec=self.argument_spec, supports_check_mode=True) self.na_helper = NetAppModule() self.parameters = self.na_helper.set_parameters(self.module.params) self.set_playbook_zapi_key_map() if HAS_NETAPP_LIB is False: self.module.fail_json( msg="the python NetApp-Lib module is required") else: self.server = netapp_utils.setup_na_ontap_zapi( module=self.module, vserver=self.parameters['vserver']) def set_playbook_zapi_key_map(self): self.na_helper.zapi_string_keys = {'name': 'group-name'} self.na_helper.zapi_int_keys = {'id': 'group-id'} self.na_helper.zapi_bool_keys = { 'skip_name_validation': 'skip-name-validation' } def get_unix_group(self): """ Checks if the UNIX group exists. :return: dict() if group found None if group is not found """ get_unix_group = netapp_utils.zapi.NaElement( 'name-mapping-unix-group-get-iter') attributes = { 'query': { 'unix-group-info': { 'group-name': self.parameters['name'], 'vserver': self.parameters['vserver'], } } } get_unix_group.translate_struct(attributes) try: result = self.server.invoke_successfully(get_unix_group, enable_tunneling=True) if result.get_child_by_name('num-records') and int( result.get_child_content('num-records')) >= 1: group_info = result['attributes-list']['unix-group-info'] group_details = dict() else: return None except netapp_utils.zapi.NaApiError as error: self.module.fail_json(msg='Error getting UNIX group %s: %s' % (self.parameters['name'], to_native(error)), exception=traceback.format_exc()) for item_key, zapi_key in self.na_helper.zapi_string_keys.items(): group_details[item_key] = group_info[zapi_key] for item_key, zapi_key in self.na_helper.zapi_int_keys.items(): group_details[item_key] = self.na_helper.get_value_for_int( from_zapi=True, value=group_info[zapi_key]) if group_info.get_child_by_name('users') is not None: group_details['users'] = [ user.get_child_content('user-name') for user in group_info.get_child_by_name('users').get_children() ] else: group_details['users'] = None return group_details def create_unix_group(self): """ Creates an UNIX group in the specified Vserver :return: None """ if self.parameters.get('id') is None: self.module.fail_json( msg='Error: Missing a required parameter for create: (id)') group_create = netapp_utils.zapi.NaElement( 'name-mapping-unix-group-create') group_details = {} for item in self.parameters: if item in self.na_helper.zapi_string_keys: zapi_key = self.na_helper.zapi_string_keys.get(item) group_details[zapi_key] = self.parameters[item] elif item in self.na_helper.zapi_bool_keys: zapi_key = self.na_helper.zapi_bool_keys.get(item) group_details[zapi_key] = self.na_helper.get_value_for_bool( from_zapi=False, value=self.parameters[item]) elif item in self.na_helper.zapi_int_keys: zapi_key = self.na_helper.zapi_int_keys.get(item) group_details[zapi_key] = self.na_helper.get_value_for_int( from_zapi=True, value=self.parameters[item]) group_create.translate_struct(group_details) try: self.server.invoke_successfully(group_create, enable_tunneling=True) except netapp_utils.zapi.NaApiError as error: self.module.fail_json(msg='Error creating UNIX group %s: %s' % (self.parameters['name'], to_native(error)), exception=traceback.format_exc()) if self.parameters.get('users') is not None: self.modify_users_in_group() def delete_unix_group(self): """ Deletes an UNIX group from a vserver :return: None """ group_delete = netapp_utils.zapi.NaElement.create_node_with_children( 'name-mapping-unix-group-destroy', **{'group-name': self.parameters['name']}) try: self.server.invoke_successfully(group_delete, enable_tunneling=True) except netapp_utils.zapi.NaApiError as error: self.module.fail_json(msg='Error removing UNIX group %s: %s' % (self.parameters['name'], to_native(error)), exception=traceback.format_exc()) def modify_unix_group(self, params): """ Modify an UNIX group from a vserver :param params: modify parameters :return: None """ # modify users requires separate zapi. if 'users' in params: self.modify_users_in_group() if len(params) == 1: return group_modify = netapp_utils.zapi.NaElement( 'name-mapping-unix-group-modify') group_details = {'group-name': self.parameters['name']} for key in params: if key in self.na_helper.zapi_int_keys: zapi_key = self.na_helper.zapi_int_keys.get(key) group_details[zapi_key] = self.na_helper.get_value_for_int( from_zapi=True, value=params[key]) group_modify.translate_struct(group_details) try: self.server.invoke_successfully(group_modify, enable_tunneling=True) except netapp_utils.zapi.NaApiError as error: self.module.fail_json(msg='Error modifying UNIX group %s: %s' % (self.parameters['name'], to_native(error)), exception=traceback.format_exc()) def modify_users_in_group(self): """ Add/delete one or many users in a UNIX group :return: None """ current_users = self.get_unix_group().get('users') expect_users = self.parameters.get('users') if current_users is None: current_users = [] if expect_users[0] == '' and len(expect_users) == 1: expect_users = [] users_to_remove = list(set(current_users) - set(expect_users)) users_to_add = list(set(expect_users) - set(current_users)) if len(users_to_add) > 0: for user in users_to_add: add_user = netapp_utils.zapi.NaElement( 'name-mapping-unix-group-add-user') group_details = { 'group-name': self.parameters['name'], 'user-name': user } add_user.translate_struct(group_details) try: self.server.invoke_successfully(add_user, enable_tunneling=True) except netapp_utils.zapi.NaApiError as error: self.module.fail_json( msg='Error adding user %s to UNIX group %s: %s' % (user, self.parameters['name'], to_native(error)), exception=traceback.format_exc()) if len(users_to_remove) > 0: for user in users_to_remove: delete_user = netapp_utils.zapi.NaElement( 'name-mapping-unix-group-delete-user') group_details = { 'group-name': self.parameters['name'], 'user-name': user } delete_user.translate_struct(group_details) try: self.server.invoke_successfully(delete_user, enable_tunneling=True) except netapp_utils.zapi.NaApiError as error: self.module.fail_json( msg='Error deleting user %s from UNIX group %s: %s' % (user, self.parameters['name'], to_native(error)), exception=traceback.format_exc()) def autosupport_log(self): """ Autosupport log for unix_group :return: None """ netapp_utils.ems_log_event("na_ontap_unix_group", self.server) def apply(self): """ Invoke appropriate action based on playbook parameters :return: None """ self.autosupport_log() current = self.get_unix_group() cd_action = self.na_helper.get_cd_action(current, self.parameters) if self.parameters['state'] == 'present' and cd_action is None: modify = self.na_helper.get_modified_attributes( current, self.parameters) if self.na_helper.changed: if self.module.check_mode: pass else: if cd_action == 'create': self.create_unix_group() elif cd_action == 'delete': self.delete_unix_group() else: self.modify_unix_group(modify) self.module.exit_json(changed=self.na_helper.changed)
def main(): fields = { "host": { "required": False, "type": "str" }, "username": { "required": False, "type": "str" }, "password": { "required": False, "type": "str", "default": "", "no_log": True }, "vdom": { "required": False, "type": "str", "default": "root" }, "https": { "required": False, "type": "bool", "default": True }, "ssl_verify": { "required": False, "type": "bool", "default": True }, "state": { "required": True, "type": "str", "choices": ["present", "absent"] }, "wireless_controller_hotspot20_h2qp_osu_provider": { "required": False, "type": "dict", "default": None, "options": { "friendly_name": { "required": False, "type": "list", "options": { "friendly_name": { "required": False, "type": "str" }, "index": { "required": True, "type": "int" }, "lang": { "required": False, "type": "str" } } }, "icon": { "required": False, "type": "str" }, "name": { "required": True, "type": "str" }, "osu_method": { "required": False, "type": "str", "choices": ["oma-dm", "soap-xml-spp", "reserved"] }, "osu_nai": { "required": False, "type": "str" }, "server_uri": { "required": False, "type": "str" }, "service_description": { "required": False, "type": "list", "options": { "lang": { "required": False, "type": "str" }, "service_description": { "required": False, "type": "str" }, "service_id": { "required": False, "type": "int" } } } } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_wireless_controller_hotspot20( module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_wireless_controller_hotspot20( module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
class NetAppONTAPasup(object): """Class with autosupport methods""" def __init__(self): self.argument_spec = netapp_utils.na_ontap_host_argument_spec() self.argument_spec.update( dict( state=dict(required=False, choices=['present', 'absent'], default='present'), node_name=dict(required=True, type='str'), transport=dict(required=False, type='str', choices=['smtp', 'http', 'https']), noteto=dict(required=False, type='list'), post_url=dict(required=False, type='str'), support=dict(required=False, type='bool'), mail_hosts=dict(required=False, type='list'), from_address=dict(required=False, type='str'), partner_addresses=dict(required=False, type='list'), to_addresses=dict(required=False, type='list'), proxy_url=dict(required=False, type='str'), hostname_in_subject=dict(required=False, type='bool'), )) self.module = AnsibleModule(argument_spec=self.argument_spec, supports_check_mode=False) self.na_helper = NetAppModule() self.parameters = self.na_helper.set_parameters(self.module.params) # present or absent requires modifying state to enabled or disabled self.parameters['service_state'] = 'started' if self.parameters[ 'state'] == 'present' else 'stopped' self.set_playbook_zapi_key_map() if HAS_NETAPP_LIB is False: self.module.fail_json( msg="the python NetApp-Lib module is required") else: self.server = netapp_utils.setup_na_ontap_zapi(module=self.module) def set_playbook_zapi_key_map(self): self.na_helper.zapi_string_keys = { 'node_name': 'node-name', 'transport': 'transport', 'post_url': 'post-url', 'from_address': 'from', 'proxy_url': 'proxy-url' } self.na_helper.zapi_list_keys = { 'noteto': ('noteto', 'mail-address'), 'mail_hosts': ('mail-hosts', 'string'), 'partner_addresses': ('partner-address', 'mail-address'), 'to_addresses': ('to', 'mail-address'), } self.na_helper.zapi_bool_keys = { 'support': 'is-support-enabled', 'hostname_in_subject': 'is-node-in-subject' } def get_autosupport_config(self): """ Invoke zapi - get current autosupport details :return: dict() """ asup_details = netapp_utils.zapi.NaElement('autosupport-config-get') asup_details.add_new_child('node-name', self.parameters['node_name']) asup_info = dict() try: result = self.server.invoke_successfully(asup_details, enable_tunneling=True) except netapp_utils.zapi.NaApiError as error: self.module.fail_json(msg='%s' % to_native(error), exception=traceback.format_exc()) # zapi invoke successful asup_attr_info = result.get_child_by_name( 'attributes').get_child_by_name('autosupport-config-info') asup_info['service_state'] = 'started' if asup_attr_info[ 'is-enabled'] == 'true' else 'stopped' for item_key, zapi_key in self.na_helper.zapi_string_keys.items(): asup_info[item_key] = asup_attr_info[zapi_key] for item_key, zapi_key in self.na_helper.zapi_bool_keys.items(): asup_info[item_key] = self.na_helper.get_value_for_bool( from_zapi=True, value=asup_attr_info[zapi_key]) for item_key, zapi_key in self.na_helper.zapi_list_keys.items(): parent, dummy = zapi_key asup_info[item_key] = self.na_helper.get_value_for_list( from_zapi=True, zapi_parent=asup_attr_info.get_child_by_name(parent)) return asup_info def modify_autosupport_config(self, modify): """ Invoke zapi - modify autosupport config @return: NaElement object / FAILURE with an error_message """ asup_details = {'node-name': self.parameters['node_name']} if modify.get('service_state'): asup_details['is-enabled'] = 'true' if modify.get( 'service_state') == 'started' else 'false' asup_config = netapp_utils.zapi.NaElement('autosupport-config-modify') for item_key in modify: if item_key in self.na_helper.zapi_string_keys: zapi_key = self.na_helper.zapi_string_keys.get(item_key) asup_details[zapi_key] = modify[item_key] elif item_key in self.na_helper.zapi_bool_keys: zapi_key = self.na_helper.zapi_bool_keys.get(item_key) asup_details[zapi_key] = self.na_helper.get_value_for_bool( from_zapi=False, value=modify[item_key]) elif item_key in self.na_helper.zapi_list_keys: parent_key, child_key = self.na_helper.zapi_list_keys.get( item_key) asup_config.add_child_elem( self.na_helper.get_value_for_list( from_zapi=False, zapi_parent=parent_key, zapi_child=child_key, data=modify.get(item_key))) asup_config.translate_struct(asup_details) try: return self.server.invoke_successfully(asup_config, enable_tunneling=True) except netapp_utils.zapi.NaApiError as error: self.module.fail_json(msg='%s' % to_native(error), exception=traceback.format_exc()) def autosupport_log(self): results = netapp_utils.get_cserver(self.server) cserver = netapp_utils.setup_na_ontap_zapi(module=self.module, vserver=results) netapp_utils.ems_log_event("na_ontap_autosupport", cserver) def apply(self): """ Apply action to autosupport """ current = self.get_autosupport_config() modify = self.na_helper.get_modified_attributes( current, self.parameters) if self.na_helper.changed: if self.module.check_mode: pass else: self.modify_autosupport_config(modify) self.module.exit_json(changed=self.na_helper.changed)
def main(): module = AnsibleModule(argument_spec=hpe3par.cpg_argument_spec(), required_together=[['raid_type', 'set_size']]) if not HAS_3PARCLIENT: module.fail_json( msg= 'the python hpe3par_sdk library is required (https://pypi.org/project/hpe3par_sdk)' ) if len(module.params["cpg_name"]) < 1 or len( module.params["cpg_name"]) > 31: module.fail_json( msg= "CPG name must be at least 1 character and not more than 31 characters" ) storage_system_ip = module.params["storage_system_ip"] storage_system_username = module.params["storage_system_username"] storage_system_password = module.params["storage_system_password"] cpg_name = module.params["cpg_name"] domain = module.params["domain"] growth_increment = module.params["growth_increment"] growth_limit = module.params["growth_limit"] growth_warning = module.params["growth_warning"] raid_type = module.params["raid_type"] set_size = module.params["set_size"] high_availability = module.params["high_availability"] disk_type = module.params["disk_type"] secure = module.params["secure"] wsapi_url = 'https://%s:8080/api/v1' % storage_system_ip try: client_obj = client.HPE3ParClient(wsapi_url, secure) except exceptions.SSLCertFailed: module.fail_json(msg="SSL Certificate Failed") except exceptions.ConnectionError: module.fail_json(msg="Connection Error") except exceptions.UnsupportedVersion: module.fail_json(msg="Unsupported WSAPI version") except Exception as e: module.fail_json(msg="Initializing client failed. %s" % e) if storage_system_username is None or storage_system_password is None: module.fail_json(msg="Storage system username or password is None") if cpg_name is None: module.fail_json(msg="CPG Name is None") # States if module.params["state"] == "present": try: client_obj.login(storage_system_username, storage_system_password) return_status, changed, msg = create_cpg( client_obj, cpg_name, domain, growth_increment, growth_limit, growth_warning, raid_type, set_size, high_availability, disk_type) except Exception as e: module.fail_json(msg="CPG create failed | %s" % e) finally: client_obj.logout() elif module.params["state"] == "absent": try: client_obj.login(storage_system_username, storage_system_password) return_status, changed, msg = delete_cpg(client_obj, cpg_name) except Exception as e: module.fail_json(msg="CPG create failed | %s" % e) finally: client_obj.logout() if return_status: module.exit_json(changed=changed, msg=msg) else: module.fail_json(msg=msg)
def main(): fields = { "host": {"required": False, "type": "str"}, "username": {"required": False, "type": "str"}, "password": {"required": False, "type": "str", "default": "", "no_log": True}, "vdom": {"required": False, "type": "str", "default": "root"}, "https": {"required": False, "type": "bool", "default": True}, "ssl_verify": {"required": False, "type": "bool", "default": True}, "state": {"required": True, "type": "str", "choices": ["present", "absent"]}, "system_ddns": { "required": False, "type": "dict", "default": None, "options": { "bound_ip": {"required": False, "type": "str"}, "clear_text": {"required": False, "type": "str", "choices": ["disable", "enable"]}, "ddns_auth": {"required": False, "type": "str", "choices": ["disable", "tsig"]}, "ddns_domain": {"required": False, "type": "str"}, "ddns_key": {"required": False, "type": "str"}, "ddns_keyname": {"required": False, "type": "str"}, "ddns_password": {"required": False, "type": "str"}, "ddns_server": {"required": False, "type": "str", "choices": ["dyndns.org", "dyns.net", "tzo.com", "vavic.com", "dipdns.net", "now.net.cn", "dhs.org", "easydns.com", "genericDDNS", "FortiGuardDDNS", "noip.com"]}, "ddns_server_ip": {"required": False, "type": "str"}, "ddns_sn": {"required": False, "type": "str"}, "ddns_ttl": {"required": False, "type": "int"}, "ddns_username": {"required": False, "type": "str"}, "ddns_zone": {"required": False, "type": "str"}, "ddnsid": {"required": True, "type": "int"}, "monitor_interface": {"required": False, "type": "list", "options": { "interface_name": {"required": False, "type": "str"} }}, "ssl_certificate": {"required": False, "type": "str"}, "update_interval": {"required": False, "type": "int"}, "use_public_ip": {"required": False, "type": "str", "choices": ["disable", "enable"]} } } } module = AnsibleModule(argument_spec=fields, supports_check_mode=False) # legacy_mode refers to using fortiosapi instead of HTTPAPI legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 'username' in module.params and module.params['username'] is not None and \ 'password' in module.params and module.params['password'] is not None if not legacy_mode: if module._socket_path: connection = Connection(module._socket_path) fos = FortiOSHandler(connection) is_error, has_changed, result = fortios_system(module.params, fos) else: module.fail_json(**FAIL_SOCKET_MSG) else: try: from fortiosapi import FortiOSAPI except ImportError: module.fail_json(msg="fortiosapi module is required") fos = FortiOSAPI() login(module.params, fos) is_error, has_changed, result = fortios_system(module.params, fos) fos.logout() if not is_error: module.exit_json(changed=has_changed, meta=result) else: module.fail_json(msg="Error in repo", meta=result)
class ElementSWCluster(object): """ Element Software Initialize node with ownership for cluster formation """ def __init__(self): self.argument_spec = netapp_utils.ontap_sf_host_argument_spec() self.argument_spec.update(dict( management_virtual_ip=dict(required=True, type='str'), storage_virtual_ip=dict(required=True, type='str'), replica_count=dict(required=False, type='str', default='2'), cluster_admin_username=dict(required=False, type='str'), cluster_admin_password=dict(required=False, type='str', no_log=True), accept_eula=dict(required=False, type='bool'), nodes=dict(required=True, type=list), attributes=dict(required=False, type='dict', default=None) )) self.module = AnsibleModule( argument_spec=self.argument_spec, supports_check_mode=True ) input_params = self.module.params self.management_virtual_ip = input_params['management_virtual_ip'] self.storage_virtual_ip = input_params['storage_virtual_ip'] self.replica_count = input_params['replica_count'] self.accept_eula = input_params.get('accept_eula') self.attributes = input_params.get('attributes') self.nodes = input_params['nodes'] self.cluster_admin_username = input_params.get('cluster_admin_username') self.cluster_admin_password = input_params.get('cluster_admin_password') if HAS_SF_SDK is False: self.module.fail_json(msg="Unable to import the SolidFire Python SDK") else: self.sfe = netapp_utils.create_sf_connection(module=self.module) self.elementsw_helper = NaElementSWModule(self.sfe) # add telemetry attributes if self.attributes is not None: self.attributes.update(self.elementsw_helper.set_element_attributes(source='na_elementsw_cluster')) else: self.attributes = self.elementsw_helper.set_element_attributes(source='na_elementsw_cluster') def create_cluster(self): """ Create Cluster """ options = { 'mvip': self.management_virtual_ip, 'svip': self.storage_virtual_ip, 'rep_count': self.replica_count, 'accept_eula': self.accept_eula, 'nodes': self.nodes, 'attributes': self.attributes } if self.cluster_admin_username is not None: options['username'] = self.cluster_admin_username if self.cluster_admin_password is not None: options['password'] = self.cluster_admin_password try: self.sfe.create_cluster(**options) except Exception as exception_object: self.module.fail_json(msg='Error create cluster %s' % (to_native(exception_object)), exception=traceback.format_exc()) def check_connection(self): """ Check connections to mvip, svip address. :description: To test connection to given IP addressed for mvip and svip :rtype: bool """ try: mvip_test = self.sfe.test_connect_mvip(mvip=self.management_virtual_ip) svip_test = self.sfe.test_connect_svip(svip=self.storage_virtual_ip) if mvip_test.details.connected and svip_test.details.connected: return True else: return False except Exception as e: return False def apply(self): """ Check connection and initialize node with cluster ownership """ changed = False result_message = None if self.module.supports_check_mode and self.accept_eula: if self.check_connection(): self.create_cluster() changed = True else: self.module.fail_json(msg='Error connecting mvip and svip address') else: result_message = "Skipping changes, No change requested" self.module.exit_json(changed=changed, msg=result_message)
def main(): module = AnsibleModule(argument_spec=dict( login_user=dict(default=None, type='str'), login_password=dict(default=None, no_log=True, type='str'), login_host=dict(default="127.0.0.1"), login_unix_socket=dict(default=None), login_port=dict(default=6032, type='int'), config_file=dict(default="", type='path'), rule_id=dict(type='int'), active=dict(type='bool'), username=dict(type='str'), schemaname=dict(type='str'), flagIN=dict(type='int'), client_addr=dict(type='str'), proxy_addr=dict(type='str'), proxy_port=dict(type='int'), digest=dict(type='str'), match_digest=dict(type='str'), match_pattern=dict(type='str'), negate_match_pattern=dict(type='bool'), flagOUT=dict(type='int'), replace_pattern=dict(type='str'), destination_hostgroup=dict(type='int'), cache_ttl=dict(type='int'), timeout=dict(type='int'), retries=dict(type='int'), delay=dict(type='int'), mirror_flagOUT=dict(type='int'), mirror_hostgroup=dict(type='int'), error_msg=dict(type='str'), log=dict(type='bool'), apply=dict(type='bool'), comment=dict(type='str'), state=dict(default='present', choices=['present', 'absent']), force_delete=dict(default=False, type='bool'), save_to_disk=dict(default=True, type='bool'), load_to_runtime=dict(default=True, type='bool')), supports_check_mode=True) perform_checks(module) login_user = module.params["login_user"] login_password = module.params["login_password"] config_file = module.params["config_file"] cursor = None try: cursor, db_conn = mysql_connect( module, login_user, login_password, config_file, cursor_class=mysql_driver.cursors.DictCursor) except mysql_driver.Error as e: module.fail_json( msg="unable to connect to ProxySQL Admin Module.. %s" % to_native(e)) proxysql_query_rule = ProxyQueryRule(module) result = {} result['state'] = proxysql_query_rule.state if proxysql_query_rule.state == "present": try: if not proxysql_query_rule.check_rule_cfg_exists(cursor): if proxysql_query_rule.config_data["rule_id"] and \ proxysql_query_rule.check_rule_pk_exists(cursor): proxysql_query_rule.update_rule(module.check_mode, result, cursor) else: proxysql_query_rule.create_rule(module.check_mode, result, cursor) else: result['changed'] = False result['msg'] = ("The rule already exists in" + " mysql_query_rules and doesn't need to be" + " updated.") result['rules'] = \ proxysql_query_rule.get_rule_config(cursor) except mysql_driver.Error as e: module.fail_json(msg="unable to modify rule.. %s" % to_native(e)) elif proxysql_query_rule.state == "absent": try: existing_rules = proxysql_query_rule.check_rule_cfg_exists(cursor) if existing_rules > 0: if existing_rules == 1 or \ proxysql_query_rule.force_delete: proxysql_query_rule.delete_rule(module.check_mode, result, cursor) else: module.fail_json( msg=("Operation would delete multiple rules" + " use force_delete to override this")) else: result['changed'] = False result['msg'] = ("The rule is already absent from the" + " mysql_query_rules memory configuration") except mysql_driver.Error as e: module.fail_json(msg="unable to remove rule.. %s" % to_native(e)) module.exit_json(**result)