def rmcsvserver_bulk(self, client): try: csvs = [csvserver() for _ in range(5)] for i in range(0, 5): csvs[i].name = "csvserver" + str(i) csvserver.delete(client, csvs) print("rmcsvserver_bulk::rc= done") except nitro_exception as e: print("Exception::rmcsvserver_bulk::rc=" + str(e.errorcode) + " , Message =" + e.message) except Exception as e: print("Exception::rmcsvserver_bulk::message=" + str(e.args))
def call_nitro_commands(ns_session): try: ns_session.clear_config(force=True, level='full') logging.debug('Clear config executed') needed_features = [ nsfeature.Feature.CS, nsfeature.Feature.LB, nsfeature.Feature.SSL, nsfeature.Feature.RESPONDER, nsfeature.Feature.REWRITE ] ns_session.enable_features(needed_features) logging.debug('Adding CS vserver') csvserver_instance = csvserver() csvserver_instance.name = 'drinks_sample' csvserver_instance.ipv46 = '127.0.0.1' csvserver_instance.servicetype = 'http' csvserver_instance.port = '443' csvserver_instance.add(ns_session, csvserver_instance) logging.debug('Adding LB vserver') lbvserver_instance = lbvserver() lbvserver_instance.name = 'lbvs_hotdrink_http_example' lbvserver_instance.ipv46 = '0.0.0.0' lbvserver_instance.port = 0 lbvserver_instance.servicetype = 'http' lbvserver_instance.add(ns_session, lbvserver_instance) logging.debug('Adding servicegroup') servicegroup_instance = servicegroup() servicegroup_instance.servicegroupname = 'sg_hotdrink_http_example' servicegroup_instance.servicetype = 'http' servicegroup_instance.add(ns_session, servicegroup_instance) logging.debug('Adding servieegroup binding') servicegroup_servicegroupmember_binding_instance = servicegroup_servicegroupmember_binding( ) servicegroup_servicegroupmember_binding_instance.servicegroupname = 'sg_hotdrink_http_example' servicegroup_servicegroupmember_binding_instance.ip = '172.100.100.3' servicegroup_servicegroupmember_binding_instance.port = 80 servicegroup_servicegroupmember_binding_instance.add( ns_session, servicegroup_servicegroupmember_binding_instance) logging.debug('Adding servicegroup lb vserver binding') lbvserver_servicegroup_binding_instance = lbvserver_servicegroup_binding( ) lbvserver_servicegroup_binding_instance.name = 'lbvs_hotdrink_http_example' lbvserver_servicegroup_binding_instance.servicegroupname = 'sg_hotdrink_http_example' lbvserver_servicegroup_binding_instance.add( ns_session, lbvserver_servicegroup_binding_instance) logging.debug('SUCCESS: Configuration completed') except Exception as e: logging.error('FAILURE: Error during configuration: {}'.format( e.message))
def add_csvserver(self, client,csvserverhttp,csvserverssl,cs_ip) : try : obj = csvserver() obj.name = csvserverhttp obj.servicetype = csvserver.Servicetype.HTTP obj.ipv46 = cs_ip obj.port = 80 csvserver.add(client, obj) print("\nadd_csvserver "+obj.name+"- Done\n") obj1 = csvserver() obj1.name = csvserverssl obj1.servicetype = csvserver.Servicetype.SSL obj1.ipv46 = cs_ip obj1.port = 443 csvserver.add(client, obj1) print("add_csvserver "+obj1.name+"- Done\n") except nitro_exception as e : print("Exception::add_csvserver::errorcode="+str(e.errorcode)+",message="+ e.message) except Exception as e: print("Exception::add_csvserver::message="+str(e.args))
def add_csvserver(self, client) : try : obj = csvserver() obj.name = "cs_vip" obj.servicetype = csvserver.Servicetype.HTTP obj.ipv46 = "9.1.1.8" obj.port = 80 csvserver.add(client, obj) print("add_csvserver - Done") except nitro_exception as e : print("Exception::add_csvserver::errorcode="+str(e.errorcode)+",message="+ e.message) except Exception as e: print("Exception::add_csvserver::message="+str(e.args))
def _create_cs_vserver(self, cs_name, vip, port, service_type="HTTP"): try: cs = csvserver.get(self.ns_session, cs_name) if (cs.name == cs_name): logger.info("CS %s is already configured " % cs_name) return except nitro_exception: pass cs = csvserver() cs.name = cs_name cs.servicetype = service_type cs.ipv46 = vip cs.port = port csvserver.add(self.ns_session, cs)
def main(): module_specific_arguments = dict( name=dict(type='str'), td=dict(type='float'), servicetype=dict(type='str', choices=[ 'HTTP', 'SSL', 'TCP', 'FTP', 'RTSP', 'SSL_TCP', 'UDP', 'DNS', 'SIP_UDP', 'SIP_TCP', 'SIP_SSL', 'ANY', 'RADIUS', 'RDP', 'MYSQL', 'MSSQL', 'DIAMETER', 'SSL_DIAMETER', 'DNS_TCP', 'ORACLE', 'SMPP' ]), ipv46=dict(type='str'), dnsrecordtype=dict(type='str', choices=[ 'A', 'AAAA', 'CNAME', 'NAPTR', ]), ippattern=dict(type='str'), ipmask=dict(type='str'), range=dict(type='float'), port=dict(type='int'), stateupdate=dict(type='str', choices=[ 'enabled', 'disabled', ]), cacheable=dict(type='bool'), redirecturl=dict(type='str'), clttimeout=dict(type='float'), precedence=dict(type='str', choices=[ 'RULE', 'URL', ]), casesensitive=dict(type='bool'), somethod=dict(type='str', choices=[ 'CONNECTION', 'DYNAMICCONNECTION', 'BANDWIDTH', 'HEALTH', 'NONE', ]), sopersistence=dict(type='str', choices=[ 'enabled', 'disabled', ]), sopersistencetimeout=dict(type='float'), sothreshold=dict(type='float'), sobackupaction=dict(type='str', choices=[ 'DROP', 'ACCEPT', 'REDIRECT', ]), redirectportrewrite=dict(type='str', choices=[ 'enabled', 'disabled', ]), downstateflush=dict(type='str', choices=[ 'enabled', 'disabled', ]), disableprimaryondown=dict(type='str', choices=[ 'enabled', 'disabled', ]), insertvserveripport=dict(type='str', choices=[ 'OFF', 'VIPADDR', 'V6TOV4MAPPING', ]), vipheader=dict(type='str'), rtspnat=dict(type='bool'), authenticationhost=dict(type='str'), authentication=dict(type='bool'), listenpolicy=dict(type='str'), authn401=dict(type='bool'), authnvsname=dict(type='str'), push=dict(type='str', choices=[ 'enabled', 'disabled', ]), pushvserver=dict(type='str'), pushlabel=dict(type='str'), pushmulticlients=dict(type='bool'), tcpprofilename=dict(type='str'), httpprofilename=dict(type='str'), dbprofilename=dict(type='str'), oracleserverversion=dict(type='str', choices=[ '10G', '11G', ]), comment=dict(type='str'), mssqlserverversion=dict(type='str', choices=[ '70', '2000', '2000SP1', '2005', '2008', '2008R2', '2012', '2014', ]), l2conn=dict(type='bool'), mysqlprotocolversion=dict(type='float'), mysqlserverversion=dict(type='str'), mysqlcharacterset=dict(type='float'), mysqlservercapabilities=dict(type='float'), appflowlog=dict(type='str', choices=[ 'enabled', 'disabled', ]), netprofile=dict(type='str'), icmpvsrresponse=dict(type='str', choices=[ 'PASSIVE', 'ACTIVE', ]), rhistate=dict(type='str', choices=[ 'PASSIVE', 'ACTIVE', ]), authnprofile=dict(type='str'), dnsprofilename=dict(type='str'), ) hand_inserted_arguments = dict( policybindings=dict(type='list'), ssl_certkey=dict(type='str'), disabled=dict(type='bool', default=False), lbvserver=dict(type='str'), ) argument_spec = dict() argument_spec.update(netscaler_common_arguments) argument_spec.update(module_specific_arguments) argument_spec.update(hand_inserted_arguments) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) module_result = dict( changed=False, failed=False, loglines=loglines, ) # Fail the module if imports failed if not PYTHON_SDK_IMPORTED: module.fail_json(msg='Could not load nitro python sdk') # Fallthrough to rest of execution client = get_nitro_client(module) try: client.login() except nitro_exception as e: msg = "nitro exception during login. errorcode=%s, message=%s" % (str( e.errorcode), e.message) module.fail_json(msg=msg) except Exception as e: if str(type(e)) == "<class 'requests.exceptions.ConnectionError'>": module.fail_json(msg='Connection error %s' % str(e)) elif str(type(e)) == "<class 'requests.exceptions.SSLError'>": module.fail_json(msg='SSL Error %s' % str(e)) else: module.fail_json(msg='Unexpected error during login %s' % str(e)) readwrite_attrs = [ 'name', 'td', 'servicetype', 'ipv46', 'dnsrecordtype', 'ippattern', 'ipmask', 'range', 'port', 'stateupdate', 'cacheable', 'redirecturl', 'clttimeout', 'precedence', 'casesensitive', 'somethod', 'sopersistence', 'sopersistencetimeout', 'sothreshold', 'sobackupaction', 'redirectportrewrite', 'downstateflush', 'disableprimaryondown', 'insertvserveripport', 'vipheader', 'rtspnat', 'authenticationhost', 'authentication', 'listenpolicy', 'authn401', 'authnvsname', 'push', 'pushvserver', 'pushlabel', 'pushmulticlients', 'tcpprofilename', 'httpprofilename', 'dbprofilename', 'oracleserverversion', 'comment', 'mssqlserverversion', 'l2conn', 'mysqlprotocolversion', 'mysqlserverversion', 'mysqlcharacterset', 'mysqlservercapabilities', 'appflowlog', 'netprofile', 'icmpvsrresponse', 'rhistate', 'authnprofile', 'dnsprofilename', ] readonly_attrs = [ 'ip', 'value', 'ngname', 'type', 'curstate', 'sc', 'status', 'cachetype', 'redirect', 'homepage', 'dnsvservername', 'domain', 'policyname', 'servicename', 'weight', 'cachevserver', 'targetvserver', 'priority', 'url', 'gotopriorityexpression', 'bindpoint', 'invoke', 'labeltype', 'labelname', 'gt2gb', 'statechangetimesec', 'statechangetimemsec', 'tickssincelaststatechange', 'ruletype', 'lbvserver', 'targetlbvserver', ] immutable_attrs = [ 'name', 'td', 'servicetype', 'ipv46', 'targettype', 'range', 'port', 'state', 'vipheader', 'newname', ] transforms = { 'cacheable': ['bool_yes_no'], 'rtspnat': ['bool_on_off'], 'authn401': ['bool_on_off'], 'casesensitive': ['bool_on_off'], 'authentication': ['bool_on_off'], 'l2conn': ['bool_on_off'], 'pushmulticlients': ['bool_yes_no'], 'stateupdate': [lambda v: v.upper()], 'sopersistence': [lambda v: v.upper()], 'redirectportrewrite': [lambda v: v.upper()], 'downstateflush': [lambda v: v.upper()], 'disableprimaryondown': [lambda v: v.upper()], 'push': [lambda v: v.upper()], 'appflowlog': [lambda v: v.upper()], } # Instantiate config proxy csvserver_proxy = ConfigProxy( actual=csvserver(), client=client, attribute_values_dict=module.params, readwrite_attrs=readwrite_attrs, readonly_attrs=readonly_attrs, immutable_attrs=immutable_attrs, transforms=transforms, ) try: ensure_feature_is_enabled(client, 'CS') # Apply appropriate state if module.params['state'] == 'present': log('Applying actions for state present') if not cs_vserver_exists(client, module): if not module.check_mode: csvserver_proxy.add() if module.params['save_config']: client.save_config() module_result['changed'] = True elif not cs_vserver_identical(client, module, csvserver_proxy): # Check if we try to change value of immutable attributes immutables_changed = get_immutables_intersection( csvserver_proxy, diff_list(client, module, csvserver_proxy).keys()) if immutables_changed != []: module.fail_json( msg='Cannot update immutable attributes %s' % (immutables_changed, ), diff=diff_list(client, module, csvserver_proxy), **module_result) if not module.check_mode: csvserver_proxy.update() if module.params['save_config']: client.save_config() module_result['changed'] = True else: module_result['changed'] = False # Check policybindings if not cs_policybindings_identical(client, module): if not module.check_mode: sync_cs_policybindings(client, module) if module.params['save_config']: client.save_config() module_result['changed'] = True if module.params['servicetype'] != 'SSL' and module.params[ 'ssl_certkey'] is not None: module.fail_json( msg='ssl_certkey is applicable only to SSL vservers', **module_result) # Check ssl certkey bindings if module.params['servicetype'] == 'SSL': if not ssl_certkey_bindings_identical(client, module): if not module.check_mode: ssl_certkey_bindings_sync(client, module) module_result['changed'] = True # Check default lb vserver if not default_lb_vserver_identical(client, module): if not module.check_mode: sync_default_lb_vserver(client, module) module_result['changed'] = True if not module.check_mode: res = do_state_change(client, module, csvserver_proxy) if res.errorcode != 0: msg = 'Error when setting disabled state. errorcode: %s message: %s' % ( res.errorcode, res.message) module.fail_json(msg=msg, **module_result) # Sanity check for state if not module.check_mode: log('Sanity checks for state present') if not cs_vserver_exists(client, module): module.fail_json(msg='CS vserver does not exist', **module_result) if not cs_vserver_identical(client, module, csvserver_proxy): module.fail_json(msg='CS vserver differs from configured', diff=diff_list(client, module, csvserver_proxy), **module_result) if not cs_policybindings_identical(client, module): module.fail_json(msg='Policy bindings differ') if module.params['servicetype'] == 'SSL': if not ssl_certkey_bindings_identical(client, module): module.fail_json( msg='sll certkey bindings not identical', **module_result) elif module.params['state'] == 'absent': log('Applying actions for state absent') if cs_vserver_exists(client, module): if not module.check_mode: csvserver_proxy.delete() if module.params['save_config']: client.save_config() module_result['changed'] = True else: module_result['changed'] = False # Sanity check for state if not module.check_mode: log('Sanity checks for state absent') if cs_vserver_exists(client, module): module.fail_json(msg='CS vserver still exists', **module_result) except nitro_exception as e: msg = "nitro exception errorcode=%s, message=%s" % (str( e.errorcode), e.message) module.fail_json(msg=msg, **module_result) client.logout() module.exit_json(**module_result)
def main(): from ansible.module_utils.netscaler import ConfigProxy, get_nitro_client, netscaler_common_arguments, log, loglines, ensure_feature_is_enabled try: from nssrc.com.citrix.netscaler.nitro.resource.config.cs.csvserver import csvserver from nssrc.com.citrix.netscaler.nitro.resource.config.cs.csvserver_cspolicy_binding import csvserver_cspolicy_binding from nssrc.com.citrix.netscaler.nitro.resource.config.ssl.sslvserver_sslcertkey_binding import sslvserver_sslcertkey_binding from nssrc.com.citrix.netscaler.nitro.exception.nitro_exception import nitro_exception python_sdk_imported = True except ImportError as e: python_sdk_imported = False module_specific_arguments = dict( name=dict(type='str'), td=dict(type='float'), servicetype=dict(type='str', choices=[ u'HTTP', u'SSL', u'TCP', u'FTP', u'RTSP', u'SSL_TCP', u'UDP', u'DNS', u'SIP_UDP', u'SIP_TCP', u'SIP_SSL', u'ANY', u'RADIUS', u'RDP', u'MYSQL', u'MSSQL', u'DIAMETER', u'SSL_DIAMETER', u'DNS_TCP', u'ORACLE', u'SMPP' ]), ipv46=dict(type='str'), dnsrecordtype=dict(type='str', choices=[u'A', u'AAAA', u'CNAME', u'NAPTR']), ippattern=dict(type='str'), ipmask=dict(type='str'), range=dict(type='float'), port=dict(type='int'), stateupdate=dict(type='str', choices=[u'ENABLED', u'DISABLED']), cacheable=dict(type='str', choices=[u'YES', u'NO']), redirecturl=dict(type='str'), clttimeout=dict(type='float'), precedence=dict(type='str', choices=[u'RULE', u'URL']), casesensitive=dict(type='str', choices=[u'ON', u'OFF']), somethod=dict(type='str', choices=[ u'CONNECTION', u'DYNAMICCONNECTION', u'BANDWIDTH', u'HEALTH', u'NONE' ]), sopersistence=dict(type='str', choices=[u'ENABLED', u'DISABLED']), sopersistencetimeout=dict(type='float'), sothreshold=dict(type='float'), sobackupaction=dict(type='str', choices=[u'DROP', u'ACCEPT', u'REDIRECT']), redirectportrewrite=dict(type='str', choices=[u'ENABLED', u'DISABLED']), downstateflush=dict(type='str', choices=[u'ENABLED', u'DISABLED']), disableprimaryondown=dict(type='str', choices=[u'ENABLED', u'DISABLED']), insertvserveripport=dict( type='str', choices=[u'OFF', u'VIPADDR', u'V6TOV4MAPPING']), vipheader=dict(type='str'), rtspnat=dict(type='str', choices=[u'ON', u'OFF']), authenticationhost=dict(type='str'), authentication=dict(type='str', choices=[u'ON', u'OFF']), listenpolicy=dict(type='str'), authn401=dict(type='str', choices=[u'ON', u'OFF']), authnvsname=dict(type='str'), push=dict(type='str', choices=[u'ENABLED', u'DISABLED']), pushvserver=dict(type='str'), pushlabel=dict(type='str'), pushmulticlients=dict(type='str', choices=[u'YES', u'NO']), tcpprofilename=dict(type='str'), httpprofilename=dict(type='str'), dbprofilename=dict(type='str'), oracleserverversion=dict(type='str', choices=[u'10G', u'11G']), comment=dict(type='str'), mssqlserverversion=dict(type='str', choices=[ u'70', u'2000', u'2000SP1', u'2005', u'2008', u'2008R2', u'2012', u'2014' ]), l2conn=dict(type='str', choices=[u'ON', u'OFF']), mysqlprotocolversion=dict(type='float'), mysqlserverversion=dict(type='str'), mysqlcharacterset=dict(type='float'), mysqlservercapabilities=dict(type='float'), appflowlog=dict(type='str', choices=[u'ENABLED', u'DISABLED']), netprofile=dict(type='str'), icmpvsrresponse=dict(type='str', choices=[u'PASSIVE', u'ACTIVE']), rhistate=dict(type='str', choices=[u'PASSIVE', u'ACTIVE']), authnprofile=dict(type='str'), dnsprofilename=dict(type='str'), ) hand_inserted_arguments = dict( policybindings=dict(type='list'), ssl_certkey=dict(type='str'), ) argument_spec = dict() argument_spec.update(netscaler_common_arguments) argument_spec.update(module_specific_arguments) argument_spec.update(hand_inserted_arguments) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) module_result = dict( changed=False, failed=False, loglines=loglines, ) # Fail the module if imports failed if not python_sdk_imported: module.fail_json(msg='Could not load nitro python sdk') # Fallthrough to rest of execution client = get_nitro_client(module) client.login() # Instantiate Service Config object readwrite_attrs = [ 'name', 'td', 'servicetype', 'ipv46', 'dnsrecordtype', 'ippattern', 'ipmask', 'range', 'port', 'stateupdate', 'cacheable', 'redirecturl', 'clttimeout', 'precedence', 'casesensitive', 'somethod', 'sopersistence', 'sopersistencetimeout', 'sothreshold', 'sobackupaction', 'redirectportrewrite', 'downstateflush', 'disableprimaryondown', 'insertvserveripport', 'vipheader', 'rtspnat', 'authenticationhost', 'authentication', 'listenpolicy', 'authn401', 'authnvsname', 'push', 'pushvserver', 'pushlabel', 'pushmulticlients', 'tcpprofilename', 'httpprofilename', 'dbprofilename', 'oracleserverversion', 'comment', 'mssqlserverversion', 'l2conn', 'mysqlprotocolversion', 'mysqlserverversion', 'mysqlcharacterset', 'mysqlservercapabilities', 'appflowlog', 'netprofile', 'icmpvsrresponse', 'rhistate', 'authnprofile', 'dnsprofilename', ] readonly_attrs = [ 'ip', 'value', 'ngname', 'type', 'curstate', 'sc', 'status', 'cachetype', 'redirect', 'homepage', 'dnsvservername', 'domain', 'policyname', 'servicename', 'weight', 'cachevserver', 'targetvserver', 'priority', 'url', 'gotopriorityexpression', 'bindpoint', 'invoke', 'labeltype', 'labelname', 'gt2gb', 'statechangetimesec', 'statechangetimemsec', 'tickssincelaststatechange', 'ruletype', 'lbvserver', 'targetlbvserver', ] csvserver_proxy = ConfigProxy( actual=csvserver(), client=client, attribute_values_dict=module.params, readwrite_attrs=readwrite_attrs, readonly_attrs=readonly_attrs, ) def cs_vserver_exists(): if csvserver.count_filtered(client, 'name:%s' % module.params['name']) > 0: return True else: return False def cs_vserver_identical(): csvserver_list = csvserver.get_filtered( client, 'name:%s' % module.params['name']) diff_dict = csvserver_proxy.diff_object(csvserver_list[0]) if len(diff_dict) == 0: return True else: return False def get_configured_policybindings(): bindings = {} if module.params['policybindings'] is None: return bindings for binding in module.params['policybindings']: binding['name'] = module.params['name'] key = binding['policyname'] binding_proxy = ConfigProxy(actual=csvserver_cspolicy_binding(), client=client, readwrite_attrs=[ 'priority', 'bindpoint', 'policyname', 'labelname', 'name', 'gotopriorityexpression', 'targetlbvserver', 'invoke', 'labeltype', ], readonly_attrs=[], attribute_values_dict=binding) bindings[key] = binding_proxy return bindings def get_actual_policybindings(): bindings = {} if csvserver_cspolicy_binding.count(client, name=module.params['name']) == 0: return bindings for binding in csvserver_cspolicy_binding.get( client, name=module.params['name']): key = binding.policyname bindings[key] = binding return bindings def cs_policybindings_identical(): actual_bindings = get_actual_policybindings() configured_bindings = get_configured_policybindings() actual_keyset = set(actual_bindings.keys()) configured_keyset = set(configured_bindings.keys()) if len(actual_keyset ^ configured_keyset) > 0: return False # Compare item to item for key in actual_bindings.keys(): configured_binding_proxy = configured_bindings[key] actual_binding_object = actual_bindings[key] if not configured_binding_proxy.has_equal_attributes( actual_binding_object): return False # Fallthrough to success return True def sync_cs_policybindings(): # Delete all actual bindings for binding in get_actual_policybindings().values(): csvserver_cspolicy_binding.delete(client, binding) # Add all configured bindings for binding in get_configured_policybindings().values(): binding.add() def ssl_certkey_bindings_identical(): log('Entering ssl_certkey_bindings_identical') vservername = module.params['name'] if sslvserver_sslcertkey_binding.count(client, vservername) == 0: bindings = [] else: bindings = sslvserver_sslcertkey_binding.get(client, vservername) if module.params['ssl_certkey'] is None: if len(bindings) == 0: return True else: return False else: certificate_list = [item.certkeyname for item in bindings] if certificate_list == [module.params['ssl_certkey']]: return True else: return False def ssl_certkey_bindings_sync(): vservername = module.params['name'] if sslvserver_sslcertkey_binding.count(client, vservername) == 0: bindings = [] else: bindings = sslvserver_sslcertkey_binding.get(client, vservername) log('bindings len is %s' % len(bindings)) # Delete existing bindings for binding in bindings: sslvserver_sslcertkey_binding.delete(client, binding) # Add binding if appropriate if module.params['ssl_certkey'] is not None: binding = sslvserver_sslcertkey_binding() binding.vservername = module.params['name'] binding.certkeyname = module.params['ssl_certkey'] sslvserver_sslcertkey_binding.add(client, binding) def diff_list(): csvserver_list = csvserver.get_filtered( client, 'name:%s' % module.params['name']) return csvserver_proxy.diff_object(csvserver_list[0]) try: ensure_feature_is_enabled(client, 'CS') # Apply appropriate operation if module.params['operation'] == 'present': if not cs_vserver_exists(): if not module.check_mode: csvserver_proxy.add() client.save_config() module_result['changed'] = True elif not cs_vserver_identical(): if not module.check_mode: csvserver_proxy.update() client.save_config() module_result['changed'] = True else: module_result['changed'] = False # Check policybindings if not cs_policybindings_identical(): if not module.check_mode: sync_cs_policybindings() client.save_config() module_result['changed'] = True if module.params['servicetype'] != 'SSL' and module.params[ 'ssl_certkey'] is not None: module.fail_json( msg='ssl_certkey is applicable only to SSL vservers', **module_result) # Check ssl certkey bindings if module.params['servicetype'] == 'SSL': if not ssl_certkey_bindings_identical(): if not module.check_mode: ssl_certkey_bindings_sync() module_result['changed'] = True # Sanity check for operation if not module.check_mode: if not cs_vserver_exists(): module.fail_json(msg='Service does not exist', **module_result) if not cs_vserver_identical(): module.fail_json(msg='Service differs from configured', diff=diff_list(), **module_result) if not cs_policybindings_identical(): module.fail_json(msg='Policy bindings differ') if module.params['servicetype'] == 'SSL': if not ssl_certkey_bindings_identical(): module.fail_json( msg='sll certkey bindings not identical', **module_result) elif module.params['operation'] == 'absent': if cs_vserver_exists(): if not module.check_mode: csvserver_proxy.delete() client.save_config() module_result['changed'] = True else: module_result['changed'] = False # Sanity check for operation if cs_vserver_exists(): module.fail_json(msg='Service still exists', **module_result) except nitro_exception as e: msg = "nitro exception errorcode=" + str( e.errorcode) + ",message=" + e.message module.fail_json(msg=msg, **module_result) client.logout() module.exit_json(**module_result)
def main(): module_specific_arguments = dict( name=dict(type='str'), td=dict(type='float'), servicetype=dict( type='str', choices=[ 'HTTP', 'SSL', 'TCP', 'FTP', 'RTSP', 'SSL_TCP', 'UDP', 'DNS', 'SIP_UDP', 'SIP_TCP', 'SIP_SSL', 'ANY', 'RADIUS', 'RDP', 'MYSQL', 'MSSQL', 'DIAMETER', 'SSL_DIAMETER', 'DNS_TCP', 'ORACLE', 'SMPP' ] ), ipv46=dict(type='str'), dnsrecordtype=dict( type='str', choices=[ 'A', 'AAAA', 'CNAME', 'NAPTR', ] ), ippattern=dict(type='str'), ipmask=dict(type='str'), range=dict(type='float'), port=dict(type='int'), stateupdate=dict( type='str', choices=[ 'enabled', 'disabled', ] ), cacheable=dict(type='bool'), redirecturl=dict(type='str'), clttimeout=dict(type='float'), precedence=dict( type='str', choices=[ 'RULE', 'URL', ] ), casesensitive=dict(type='bool'), somethod=dict( type='str', choices=[ 'CONNECTION', 'DYNAMICCONNECTION', 'BANDWIDTH', 'HEALTH', 'NONE', ] ), sopersistence=dict( type='str', choices=[ 'enabled', 'disabled', ] ), sopersistencetimeout=dict(type='float'), sothreshold=dict(type='float'), sobackupaction=dict( type='str', choices=[ 'DROP', 'ACCEPT', 'REDIRECT', ] ), redirectportrewrite=dict( type='str', choices=[ 'enabled', 'disabled', ] ), downstateflush=dict( type='str', choices=[ 'enabled', 'disabled', ] ), disableprimaryondown=dict( type='str', choices=[ 'enabled', 'disabled', ] ), insertvserveripport=dict( type='str', choices=[ 'OFF', 'VIPADDR', 'V6TOV4MAPPING', ] ), vipheader=dict(type='str'), rtspnat=dict(type='bool'), authenticationhost=dict(type='str'), authentication=dict(type='bool'), listenpolicy=dict(type='str'), authn401=dict(type='bool'), authnvsname=dict(type='str'), push=dict( type='str', choices=[ 'enabled', 'disabled', ] ), pushvserver=dict(type='str'), pushlabel=dict(type='str'), pushmulticlients=dict(type='bool'), tcpprofilename=dict(type='str'), httpprofilename=dict(type='str'), dbprofilename=dict(type='str'), oracleserverversion=dict( type='str', choices=[ '10G', '11G', ] ), comment=dict(type='str'), mssqlserverversion=dict( type='str', choices=[ '70', '2000', '2000SP1', '2005', '2008', '2008R2', '2012', '2014', ] ), l2conn=dict(type='bool'), mysqlprotocolversion=dict(type='float'), mysqlserverversion=dict(type='str'), mysqlcharacterset=dict(type='float'), mysqlservercapabilities=dict(type='float'), appflowlog=dict( type='str', choices=[ 'enabled', 'disabled', ] ), netprofile=dict(type='str'), icmpvsrresponse=dict( type='str', choices=[ 'PASSIVE', 'ACTIVE', ] ), rhistate=dict( type='str', choices=[ 'PASSIVE', 'ACTIVE', ] ), authnprofile=dict(type='str'), dnsprofilename=dict(type='str'), ) hand_inserted_arguments = dict( policybindings=dict(type='list'), ssl_certkey=dict(type='str'), disabled=dict( type='bool', default=False ), lbvserver=dict(type='str'), ) argument_spec = dict() argument_spec.update(netscaler_common_arguments) argument_spec.update(module_specific_arguments) argument_spec.update(hand_inserted_arguments) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) module_result = dict( changed=False, failed=False, loglines=loglines, ) # Fail the module if imports failed if not PYTHON_SDK_IMPORTED: module.fail_json(msg='Could not load nitro python sdk') # Fallthrough to rest of execution client = get_nitro_client(module) try: client.login() except nitro_exception as e: msg = "nitro exception during login. errorcode=%s, message=%s" % (str(e.errorcode), e.message) module.fail_json(msg=msg) except Exception as e: if str(type(e)) == "<class 'requests.exceptions.ConnectionError'>": module.fail_json(msg='Connection error %s' % str(e)) elif str(type(e)) == "<class 'requests.exceptions.SSLError'>": module.fail_json(msg='SSL Error %s' % str(e)) else: module.fail_json(msg='Unexpected error during login %s' % str(e)) readwrite_attrs = [ 'name', 'td', 'servicetype', 'ipv46', 'dnsrecordtype', 'ippattern', 'ipmask', 'range', 'port', 'stateupdate', 'cacheable', 'redirecturl', 'clttimeout', 'precedence', 'casesensitive', 'somethod', 'sopersistence', 'sopersistencetimeout', 'sothreshold', 'sobackupaction', 'redirectportrewrite', 'downstateflush', 'disableprimaryondown', 'insertvserveripport', 'vipheader', 'rtspnat', 'authenticationhost', 'authentication', 'listenpolicy', 'authn401', 'authnvsname', 'push', 'pushvserver', 'pushlabel', 'pushmulticlients', 'tcpprofilename', 'httpprofilename', 'dbprofilename', 'oracleserverversion', 'comment', 'mssqlserverversion', 'l2conn', 'mysqlprotocolversion', 'mysqlserverversion', 'mysqlcharacterset', 'mysqlservercapabilities', 'appflowlog', 'netprofile', 'icmpvsrresponse', 'rhistate', 'authnprofile', 'dnsprofilename', ] readonly_attrs = [ 'ip', 'value', 'ngname', 'type', 'curstate', 'sc', 'status', 'cachetype', 'redirect', 'homepage', 'dnsvservername', 'domain', 'policyname', 'servicename', 'weight', 'cachevserver', 'targetvserver', 'priority', 'url', 'gotopriorityexpression', 'bindpoint', 'invoke', 'labeltype', 'labelname', 'gt2gb', 'statechangetimesec', 'statechangetimemsec', 'tickssincelaststatechange', 'ruletype', 'lbvserver', 'targetlbvserver', ] immutable_attrs = [ 'name', 'td', 'servicetype', 'ipv46', 'targettype', 'range', 'port', 'state', 'vipheader', 'newname', ] transforms = { 'cacheable': ['bool_yes_no'], 'rtspnat': ['bool_on_off'], 'authn401': ['bool_on_off'], 'casesensitive': ['bool_on_off'], 'authentication': ['bool_on_off'], 'l2conn': ['bool_on_off'], 'pushmulticlients': ['bool_yes_no'], 'stateupdate': [lambda v: v.upper()], 'sopersistence': [lambda v: v.upper()], 'redirectportrewrite': [lambda v: v.upper()], 'downstateflush': [lambda v: v.upper()], 'disableprimaryondown': [lambda v: v.upper()], 'push': [lambda v: v.upper()], 'appflowlog': [lambda v: v.upper()], } # Instantiate config proxy csvserver_proxy = ConfigProxy( actual=csvserver(), client=client, attribute_values_dict=module.params, readwrite_attrs=readwrite_attrs, readonly_attrs=readonly_attrs, immutable_attrs=immutable_attrs, transforms=transforms, ) try: ensure_feature_is_enabled(client, 'CS') # Apply appropriate state if module.params['state'] == 'present': log('Applying actions for state present') if not cs_vserver_exists(client, module): if not module.check_mode: csvserver_proxy.add() if module.params['save_config']: client.save_config() module_result['changed'] = True elif not cs_vserver_identical(client, module, csvserver_proxy): # Check if we try to change value of immutable attributes immutables_changed = get_immutables_intersection(csvserver_proxy, diff_list(client, module, csvserver_proxy).keys()) if immutables_changed != []: module.fail_json( msg='Cannot update immutable attributes %s' % (immutables_changed,), diff=diff_list(client, module, csvserver_proxy), **module_result ) if not module.check_mode: csvserver_proxy.update() if module.params['save_config']: client.save_config() module_result['changed'] = True else: module_result['changed'] = False # Check policybindings if not cs_policybindings_identical(client, module): if not module.check_mode: sync_cs_policybindings(client, module) if module.params['save_config']: client.save_config() module_result['changed'] = True if module.params['servicetype'] != 'SSL' and module.params['ssl_certkey'] is not None: module.fail_json(msg='ssl_certkey is applicable only to SSL vservers', **module_result) # Check ssl certkey bindings if module.params['servicetype'] == 'SSL': if not ssl_certkey_bindings_identical(client, module): if not module.check_mode: ssl_certkey_bindings_sync(client, module) module_result['changed'] = True # Check default lb vserver if not default_lb_vserver_identical(client, module): if not module.check_mode: sync_default_lb_vserver(client, module) module_result['changed'] = True if not module.check_mode: res = do_state_change(client, module, csvserver_proxy) if res.errorcode != 0: msg = 'Error when setting disabled state. errorcode: %s message: %s' % (res.errorcode, res.message) module.fail_json(msg=msg, **module_result) # Sanity check for state if not module.check_mode: log('Sanity checks for state present') if not cs_vserver_exists(client, module): module.fail_json(msg='CS vserver does not exist', **module_result) if not cs_vserver_identical(client, module, csvserver_proxy): module.fail_json(msg='CS vserver differs from configured', diff=diff_list(client, module, csvserver_proxy), **module_result) if not cs_policybindings_identical(client, module): module.fail_json(msg='Policy bindings differ') if module.params['servicetype'] == 'SSL': if not ssl_certkey_bindings_identical(client, module): module.fail_json(msg='sll certkey bindings not identical', **module_result) elif module.params['state'] == 'absent': log('Applying actions for state absent') if cs_vserver_exists(client, module): if not module.check_mode: csvserver_proxy.delete() if module.params['save_config']: client.save_config() module_result['changed'] = True else: module_result['changed'] = False # Sanity check for state if not module.check_mode: log('Sanity checks for state absent') if cs_vserver_exists(client, module): module.fail_json(msg='CS vserver still exists', **module_result) except nitro_exception as e: msg = "nitro exception errorcode=%s, message=%s" % (str(e.errorcode), e.message) module.fail_json(msg=msg, **module_result) client.logout() module.exit_json(**module_result)