Adds module for managing bigip device connectivity (#32950)

This module is a critical part of the HA process for BIG-IPs.
2026-05-07 05:42:50 +00:00 · 2017-11-15 16:51:51 -08:00
parent 1bc4940ee1
commit 0c1f493b6c
4 changed files with 1089 additions and 0 deletions
--- a/test/units/modules/network/f5/fixtures/load_tm_cm_device.json
+++ b/test/units/modules/network/f5/fixtures/load_tm_cm_device.json
@@ -0,0 +1,76 @@
+{
+  "kind": "tm:cm:device:devicestate",
+  "name": "bigip1",
+  "partition": "Common",
+  "fullPath": "/Common/bigip1",
+  "generation": 65,
+  "selfLink": "https://localhost/mgmt/tm/cm/device/~Common~bigip1?ver=12.1.2",
+  "activeModules": [
+    "APM, Max, VE (2500 CCU, 10000 Access Sessions)|P961057-1761515|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop",
+    "LTM, 10 Gbps, VE|T487107-2453693|IPV6 Gateway|Rate Shaping|Ram Cache|External Interface and Network HSM, VE|SSL, Forward Proxy, VE|DENY-VER-GBB|Application Acceleration Manager, Core|PEM, Quota Management, VE|BIG-IP, iAppsLX (Node.js)|Max Compression, VE|BIG-IP VE, Multicast Routing|Recycle, BIG-IP, VE|APM, Limited|LTM to Best Bundle Upgrade, 10Gbps|BIG-IP, iRulesLX (Node.js)|SSL, VE|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop|SDN Services, VE|Acceleration Manager, VE|AFM, VE|APM, Base, VE GBB (500 CCU)|ASM, VE|DNS-GTM, Base, 10Gbps|DNS Licensed Objects, Unlimited|GTM Licensed Objects, Unlimited|GTM Rate, 250K|DNS Rate Fallback, 250K|DNS Rate Limit, 250K QPS|GTM Rate Fallback, 250K|CGN, BIG-IP VE, AFM ONLY|PSM, VE|Routing Bundle, VE|DNSSEC",
+    "PEM, VE|X895364-1851682"
+  ],
+  "baseMac": "08:00:27:27:74:82",
+  "build": "0.0.249",
+  "cert": "/Common/dtdi.crt",
+  "certReference": {
+    "link": "https://localhost/mgmt/tm/cm/cert/~Common~dtdi.crt?ver=12.1.2"
+  },
+  "chassisId": "2d37dfa6-c0e8-4e4a-ae983c67356d",
+  "chassisType": "individual",
+  "configsyncIp": "10.2.2.2",
+  "edition": "Final",
+  "failoverState": "active",
+  "haCapacity": 0,
+  "hostname": "bigip1",
+  "key": "/Common/dtdi.key",
+  "keyReference": {
+    "link": "https://localhost/mgmt/tm/cm/key/~Common~dtdi.key?ver=12.1.2"
+  },
+  "managementIp": "10.0.2.15",
+  "marketingName": "BIG-IP Virtual Edition",
+  "mirrorIp": "10.2.2.2",
+  "mirrorSecondaryIp": "10.2.3.2",
+  "multicastInterface": "eth0",
+  "multicastIp": "224.0.0.245",
+  "multicastPort": 62960,
+  "optionalModules": [
+    "APM, Base, VE (50 CCU / 200 Access Sessions)",
+    "App Mode (TMSH Only, No Root/Bash)",
+    "Concurrent Users",
+    "Concurrent Users and Access Sessions, VE",
+    "IPI Subscription, 1Yr, VE",
+    "IPI Subscription, 1Yr, VE-10G",
+    "IPI Subscription, 3Yr, VE-10G",
+    "LTM to Better Bundle Upgrade, 10Gbps",
+    "PEM URL Filtering, 1Yr, HIGH PERF",
+    "PEM URL Filtering, 3Yr, HIGH PERF",
+    "Routing Bundle",
+    "SWG Subscription, 1Yr, VE",
+    "URL Filtering Subscription, 1Yr, VE"
+  ],
+  "platformId": "Z100",
+  "product": "BIG-IP",
+  "selfDevice": "true",
+  "timeLimitedModules": [
+    "IPI Subscription, 3Yr, VE|E430735-0717882|20170429|20170511|SUBSCRIPTION",
+    "SWG Subscription, 3Yr, VE|W797718-6984294|20170429|20170511|SUBSCRIPTION",
+    "URL Filtering Subscription, 3Yr, VE|G132953-9613041|20170429|20170511|SUBSCRIPTION"
+  ],
+  "timeZone": "America/Los_Angeles",
+  "version": "12.1.2",
+  "unicastAddress": [
+    {
+      "effectiveIp": "management-ip",
+      "effectivePort": 1026,
+      "ip": "management-ip",
+      "port": 1026
+    },
+    {
+      "effectiveIp": "10.2.2.2",
+      "effectivePort": 1026,
+      "ip": "10.2.2.2",
+      "port": 1026
+    }
+  ]
+}
--- a/test/units/modules/network/f5/fixtures/load_tm_cm_device_default.json
+++ b/test/units/modules/network/f5/fixtures/load_tm_cm_device_default.json
@@ -0,0 +1,61 @@
+{
+  "kind": "tm:cm:device:devicestate",
+  "name": "bigip1",
+  "partition": "Common",
+  "fullPath": "/Common/bigip1",
+  "generation": 1,
+  "selfLink": "https://localhost/mgmt/tm/cm/device/~Common~bigip1?ver=12.1.2",
+  "activeModules": [
+    "APM, Max, VE (2500 CCU, 10000 Access Sessions)|P961057-1761515|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop",
+    "LTM, 10 Gbps, VE|T487107-2453693|IPV6 Gateway|Rate Shaping|Ram Cache|External Interface and Network HSM, VE|SSL, Forward Proxy, VE|DENY-VER-GBB|Application Acceleration Manager, Core|PEM, Quota Management, VE|BIG-IP, iAppsLX (Node.js)|Max Compression, VE|BIG-IP VE, Multicast Routing|Recycle, BIG-IP, VE|APM, Limited|LTM to Best Bundle Upgrade, 10Gbps|BIG-IP, iRulesLX (Node.js)|SSL, VE|Anti-Virus Checks|Base Endpoint Security Checks|Firewall Checks|Machine Certificate Checks|Network Access|Protected Workspace|Secure Virtual Keyboard|APM, Web Application|App Tunnel|Remote Desktop|SDN Services, VE|Acceleration Manager, VE|AFM, VE|APM, Base, VE GBB (500 CCU)|ASM, VE|DNS-GTM, Base, 10Gbps|DNS Licensed Objects, Unlimited|GTM Licensed Objects, Unlimited|GTM Rate, 250K|DNS Rate Fallback, 250K|DNS Rate Limit, 250K QPS|GTM Rate Fallback, 250K|CGN, BIG-IP VE, AFM ONLY|PSM, VE|Routing Bundle, VE|DNSSEC",
+    "PEM, VE|X895364-1851682"
+  ],
+  "baseMac": "08:00:27:27:74:82",
+  "build": "0.0.249",
+  "cert": "/Common/dtdi.crt",
+  "certReference": {
+    "link": "https://localhost/mgmt/tm/cm/cert/~Common~dtdi.crt?ver=12.1.2"
+  },
+  "chassisId": "42d93eba-35bb-4f01-4663fb03951a",
+  "chassisType": "individual",
+  "configsyncIp": "none",
+  "edition": "Final",
+  "failoverState": "active",
+  "haCapacity": 0,
+  "hostname": "bigip1",
+  "key": "/Common/dtdi.key",
+  "keyReference": {
+    "link": "https://localhost/mgmt/tm/cm/key/~Common~dtdi.key?ver=12.1.2"
+  },
+  "managementIp": "10.0.2.15",
+  "marketingName": "BIG-IP Virtual Edition",
+  "mirrorIp": "any6",
+  "mirrorSecondaryIp": "any6",
+  "multicastIp": "any6",
+  "multicastPort": 0,
+  "optionalModules": [
+    "APM, Base, VE (50 CCU / 200 Access Sessions)",
+    "App Mode (TMSH Only, No Root/Bash)",
+    "Concurrent Users",
+    "Concurrent Users and Access Sessions, VE",
+    "IPI Subscription, 1Yr, VE",
+    "IPI Subscription, 1Yr, VE-10G",
+    "IPI Subscription, 3Yr, VE-10G",
+    "LTM to Better Bundle Upgrade, 10Gbps",
+    "PEM URL Filtering, 1Yr, HIGH PERF",
+    "PEM URL Filtering, 3Yr, HIGH PERF",
+    "Routing Bundle",
+    "SWG Subscription, 1Yr, VE",
+    "URL Filtering Subscription, 1Yr, VE"
+  ],
+  "platformId": "Z100",
+  "product": "BIG-IP",
+  "selfDevice": "true",
+  "timeLimitedModules": [
+    "IPI Subscription, 3Yr, VE|E430735-0717882|20170502|20170511|SUBSCRIPTION",
+    "SWG Subscription, 3Yr, VE|W797718-6984294|20170502|20170511|SUBSCRIPTION",
+    "URL Filtering Subscription, 3Yr, VE|G132953-9613041|20170502|20170511|SUBSCRIPTION"
+  ],
+  "timeZone": "America/Los_Angeles",
+  "version": "12.1.2"
+}
--- a/test/units/modules/network/f5/test_bigip_device_connectivity.py
+++ b/test/units/modules/network/f5/test_bigip_device_connectivity.py
@@ -0,0 +1,361 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2017 F5 Networks Inc.
+# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+import sys
+
+from nose.plugins.skip import SkipTest
+if sys.version_info < (2, 7):
+    raise SkipTest("F5 Ansible modules require Python >= 2.7")
+
+from ansible.compat.tests import unittest
+from ansible.compat.tests.mock import patch, Mock
+from ansible.module_utils import basic
+from ansible.module_utils._text import to_bytes
+from ansible.module_utils.f5_utils import AnsibleF5Client
+from ansible.module_utils.f5_utils import F5ModuleError
+
+try:
+    from library.bigip_device_connectivity import Parameters
+    from library.bigip_device_connectivity import ModuleManager
+    from library.bigip_device_connectivity import ArgumentSpec
+    from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
+except ImportError:
+    try:
+        from ansible.modules.network.f5.bigip_device_connectivity import Parameters
+        from ansible.modules.network.f5.bigip_device_connectivity import ModuleManager
+        from ansible.modules.network.f5.bigip_device_connectivity import ArgumentSpec
+        from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
+    except ImportError:
+        raise SkipTest("F5 Ansible modules require the f5-sdk Python library")
+
+fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
+fixture_data = {}
+
+
+def set_module_args(args):
+    args = json.dumps({'ANSIBLE_MODULE_ARGS': args})
+    basic._ANSIBLE_ARGS = to_bytes(args)
+
+
+def load_fixture(name):
+    path = os.path.join(fixture_path, name)
+    with open(path) as f:
+        data = f.read()
+    try:
+        data = json.loads(data)
+    except Exception:
+        pass
+    return data
+
+
+class TestParameters(unittest.TestCase):
+    def test_module_parameters(self):
+        args = dict(
+            multicast_port='1010',
+            multicast_address='10.10.10.10',
+            multicast_interface='eth0',
+            failover_multicast=True,
+            unicast_failover=[
+                dict(
+                    address='20.20.20.20',
+                    port='1234'
+                )
+            ],
+            mirror_primary_address='1.2.3.4',
+            mirror_secondary_address='5.6.7.8',
+            config_sync_ip='4.3.2.1',
+            state='present',
+            server='localhost',
+            user='admin',
+            password='password'
+        )
+        p = Parameters(args)
+        assert p.multicast_port == 1010
+        assert p.multicast_address == '10.10.10.10'
+        assert p.multicast_interface == 'eth0'
+        assert p.failover_multicast is True
+        assert p.mirror_primary_address == '1.2.3.4'
+        assert p.mirror_secondary_address == '5.6.7.8'
+        assert p.config_sync_ip == '4.3.2.1'
+        assert len(p.unicast_failover) == 1
+        assert 'effectiveIp' in p.unicast_failover[0]
+        assert 'effectivePort' in p.unicast_failover[0]
+        assert 'port' in p.unicast_failover[0]
+        assert 'ip' in p.unicast_failover[0]
+        assert p.unicast_failover[0]['effectiveIp'] == '20.20.20.20'
+        assert p.unicast_failover[0]['ip'] == '20.20.20.20'
+        assert p.unicast_failover[0]['port'] == 1234
+        assert p.unicast_failover[0]['effectivePort'] == 1234
+
+    def test_api_parameters(self):
+        params = load_fixture('load_tm_cm_device.json')
+        p = Parameters(params)
+        assert p.multicast_port == 62960
+        assert p.multicast_address == '224.0.0.245'
+        assert p.multicast_interface == 'eth0'
+        assert p.mirror_primary_address == '10.2.2.2'
+        assert p.mirror_secondary_address == '10.2.3.2'
+        assert p.config_sync_ip == '10.2.2.2'
+        assert len(p.unicast_failover) == 2
+        assert 'effectiveIp' in p.unicast_failover[0]
+        assert 'effectivePort' in p.unicast_failover[0]
+        assert 'port' in p.unicast_failover[0]
+        assert 'ip' in p.unicast_failover[0]
+        assert p.unicast_failover[0]['effectiveIp'] == 'management-ip'
+        assert p.unicast_failover[0]['ip'] == 'management-ip'
+        assert p.unicast_failover[0]['port'] == 1026
+        assert p.unicast_failover[0]['effectivePort'] == 1026
+
+
+@patch('ansible.module_utils.f5_utils.AnsibleF5Client._get_mgmt_root',
+       return_value=True)
+class TestManager(unittest.TestCase):
+
+    def setUp(self):
+        self.spec = ArgumentSpec()
+
+    def test_update_settings(self, *args):
+        set_module_args(dict(
+            config_sync_ip="10.1.30.1",
+            mirror_primary_address="10.1.30.1",
+            unicast_failover=[
+                dict(
+                    address="10.1.30.1"
+                )
+            ],
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device_default.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True
+        assert results['config_sync_ip'] == '10.1.30.1'
+        assert results['mirror_primary_address'] == '10.1.30.1'
+        assert len(results.keys()) == 3
+
+    def test_set_primary_mirror_address_none(self, *args):
+        set_module_args(dict(
+            mirror_primary_address="none",
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True
+        assert results['mirror_primary_address'] == 'none'
+        assert len(results.keys()) == 2
+
+    def test_set_secondary_mirror_address_none(self, *args):
+        set_module_args(dict(
+            mirror_secondary_address="none",
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True
+        assert results['mirror_secondary_address'] == 'none'
+        assert len(results.keys()) == 2
+
+    def test_set_multicast_address_none(self, *args):
+        set_module_args(dict(
+            multicast_address="none",
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True
+        assert results['multicast_address'] == 'none'
+        assert len(results.keys()) == 2
+
+    def test_set_multicast_port_negative(self, *args):
+        set_module_args(dict(
+            multicast_port=-1,
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        with pytest.raises(F5ModuleError) as ex:
+            mm.exec_module()
+
+        assert 'must be between' in str(ex)
+
+    def test_set_multicast_address(self, *args):
+        set_module_args(dict(
+            multicast_address="10.1.1.1",
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True
+        assert results['multicast_address'] == '10.1.1.1'
+        assert len(results.keys()) == 2
+
+    def test_unset_unicast_failover(self, *args):
+        set_module_args(dict(
+            unicast_failover="none",
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True
+        assert results['unicast_failover'] == 'none'
+        assert len(results.keys()) == 2
+
+    def test_unset_config_sync_ip(self, *args):
+        set_module_args(dict(
+            config_sync_ip="none",
+            server='localhost',
+            user='admin',
+            password='password'
+        ))
+
+        # Configure the parameters that would be returned by querying the
+        # remote device
+        current = Parameters(load_fixture('load_tm_cm_device.json'))
+
+        client = AnsibleF5Client(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode,
+            f5_product_name=self.spec.f5_product_name
+        )
+        mm = ModuleManager(client)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True
+        assert results['config_sync_ip'] == 'none'
+        assert len(results.keys()) == 2