internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-06 13:22:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Ansible Core Team
2020-03-09 09:11:07 +00:00
commit aebc1b03fd
4861 changed files with 812621 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

285
plugins/modules/network/a10/a10_server.py Normal file
View File

@@ -0,0 +1,285 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2014, Mischa Peters <mpeters@a10networks.com>,
# (c) 2016, Eric Chou <ericc@a10networks.com>
#
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: a10_server
short_description: Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object.
description:
- Manage SLB (Server Load Balancer) server objects on A10 Networks devices via aXAPIv2.
author:
- Eric Chou (@ericchou1)
- Mischa Peters (@mischapeters)
notes:
- Requires A10 Networks aXAPI 2.1.
extends_documentation_fragment:
- community.general.a10
- url
options:
partition:
description:
- set active-partition
server_name:
description:
- The SLB (Server Load Balancer) server name.
required: true
aliases: ['server']
server_ip:
description:
- The SLB server IPv4 address.
aliases: ['ip', 'address']
server_status:
description:
- The SLB virtual server status.
default: enabled
aliases: ['status']
choices: ['enabled', 'disabled']
server_ports:
description:
- A list of ports to create for the server. Each list item should be a
dictionary which specifies the C(port:) and C(protocol:), but can also optionally
specify the C(status:). See the examples below for details. This parameter is
required when C(state) is C(present).
aliases: ['port']
state:
description:
- This is to specify the operation to create, update or remove SLB server.
default: present
choices: ['present', 'absent']
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled devices using self-signed certificates.
type: bool
default: 'yes'
'''
EXAMPLES = '''
# Create a new server
- a10_server:
host: a10.mydomain.com
username: myadmin
password: mypassword
partition: mypartition
server: test
server_ip: 1.1.1.100
server_ports:
- port_num: 8080
protocol: tcp
- port_num: 8443
protocol: TCP
'''
RETURN = '''
content:
description: the full info regarding the slb_server
returned: success
type: str
sample: "mynewserver"
'''
import json
from ansible_collections.community.general.plugins.module_utils.network.a10.a10 import (axapi_call, a10_argument_spec, axapi_authenticate, axapi_failure, axapi_get_port_protocol,
axapi_enabled_disabled, AXAPI_PORT_PROTOCOLS)
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import url_argument_spec
VALID_PORT_FIELDS = ['port_num', 'protocol', 'status']
def validate_ports(module, ports):
for item in ports:
for key in item:
if key not in VALID_PORT_FIELDS:
module.fail_json(msg="invalid port field (%s), must be one of: %s" % (key, ','.join(VALID_PORT_FIELDS)))
# validate the port number is present and an integer
if 'port_num' in item:
try:
item['port_num'] = int(item['port_num'])
except Exception:
module.fail_json(msg="port_num entries in the port definitions must be integers")
else:
module.fail_json(msg="port definitions must define the port_num field")
# validate the port protocol is present, and convert it to
# the internal API integer value (and validate it)
if 'protocol' in item:
protocol = axapi_get_port_protocol(item['protocol'])
if not protocol:
module.fail_json(msg="invalid port protocol, must be one of: %s" % ','.join(AXAPI_PORT_PROTOCOLS))
else:
item['protocol'] = protocol
else:
module.fail_json(msg="port definitions must define the port protocol (%s)" % ','.join(AXAPI_PORT_PROTOCOLS))
# convert the status to the internal API integer value
if 'status' in item:
item['status'] = axapi_enabled_disabled(item['status'])
else:
item['status'] = 1
def main():
argument_spec = a10_argument_spec()
argument_spec.update(url_argument_spec())
argument_spec.update(
dict(
state=dict(type='str', default='present', choices=['present', 'absent']),
server_name=dict(type='str', aliases=['server'], required=True),
server_ip=dict(type='str', aliases=['ip', 'address']),
server_status=dict(type='str', default='enabled', aliases=['status'], choices=['enabled', 'disabled']),
server_ports=dict(type='list', aliases=['port'], default=[]),
partition=dict(type='str', default=[]),
)
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False
)
host = module.params['host']
partition = module.params['partition']
username = module.params['username']
password = module.params['password']
state = module.params['state']
write_config = module.params['write_config']
slb_server = module.params['server_name']
slb_server_ip = module.params['server_ip']
slb_server_status = module.params['server_status']
slb_server_ports = module.params['server_ports']
if slb_server is None:
module.fail_json(msg='server_name is required')
axapi_base_url = 'https://%s/services/rest/V2.1/?format=json' % host
session_url = axapi_authenticate(module, axapi_base_url, username, password)
# validate the ports data structure
validate_ports(module, slb_server_ports)
json_post = {
'server': {
'name': slb_server,
}
}
# add optional module parameters
if slb_server_ip:
json_post['server']['host'] = slb_server_ip
if slb_server_ports:
json_post['server']['port_list'] = slb_server_ports
if slb_server_status:
json_post['server']['status'] = axapi_enabled_disabled(slb_server_status)
axapi_call(module, session_url + '&method=system.partition.active', json.dumps({'name': partition}))
slb_server_data = axapi_call(module, session_url + '&method=slb.server.search', json.dumps({'name': slb_server}))
slb_server_exists = not axapi_failure(slb_server_data)
changed = False
if state == 'present':
if not slb_server_exists:
if not slb_server_ip:
module.fail_json(msg='you must specify an IP address when creating a server')
result = axapi_call(module, session_url + '&method=slb.server.create', json.dumps(json_post))
if axapi_failure(result):
module.fail_json(msg="failed to create the server: %s" % result['response']['err']['msg'])
changed = True
else:
def port_needs_update(src_ports, dst_ports):
'''
Checks to determine if the port definitions of the src_ports
array are in or different from those in dst_ports. If there is
a difference, this function returns true, otherwise false.
'''
for src_port in src_ports:
found = False
different = False
for dst_port in dst_ports:
if src_port['port_num'] == dst_port['port_num']:
found = True
for valid_field in VALID_PORT_FIELDS:
if src_port[valid_field] != dst_port[valid_field]:
different = True
break
if found or different:
break
if not found or different:
return True
# every port from the src exists in the dst, and none of them were different
return False
def status_needs_update(current_status, new_status):
'''
Check to determine if we want to change the status of a server.
If there is a difference between the current status of the server and
the desired status, return true, otherwise false.
'''
if current_status != new_status:
return True
return False
defined_ports = slb_server_data.get('server', {}).get('port_list', [])
current_status = slb_server_data.get('server', {}).get('status')
# we check for a needed update several ways
# - in case ports are missing from the ones specified by the user
# - in case ports are missing from those on the device
# - in case we are change the status of a server
if (port_needs_update(defined_ports, slb_server_ports) or
port_needs_update(slb_server_ports, defined_ports) or
status_needs_update(current_status, axapi_enabled_disabled(slb_server_status))):
result = axapi_call(module, session_url + '&method=slb.server.update', json.dumps(json_post))
if axapi_failure(result):
module.fail_json(msg="failed to update the server: %s" % result['response']['err']['msg'])
changed = True
# if we changed things, get the full info regarding
# the service group for the return data below
if changed:
result = axapi_call(module, session_url + '&method=slb.server.search', json.dumps({'name': slb_server}))
else:
result = slb_server_data
elif state == 'absent':
if slb_server_exists:
result = axapi_call(module, session_url + '&method=slb.server.delete', json.dumps({'name': slb_server}))
changed = True
else:
result = dict(msg="the server was not present")
# if the config has changed, save the config unless otherwise requested
if changed and write_config:
write_result = axapi_call(module, session_url + '&method=system.action.write_memory')
if axapi_failure(write_result):
module.fail_json(msg="failed to save the configuration: %s" % write_result['response']['err']['msg'])
# log out of the session nicely and exit
axapi_call(module, session_url + '&method=session.close')
module.exit_json(changed=changed, content=result)
if __name__ == '__main__':
main()

244
plugins/modules/network/a10/a10_server_axapi3.py Normal file
View File

@@ -0,0 +1,244 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2014, Mischa Peters <mpeters@a10networks.com>
# Copyright: (c) 2016, Eric Chou <ericc@a10networks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: a10_server_axapi3
short_description: Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
description:
- Manage SLB (Server Load Balancer) server objects on A10 Networks devices via aXAPIv3.
author:
- Eric Chou (@ericchou1)
extends_documentation_fragment:
- community.general.a10
- url
options:
server_name:
description:
- The SLB (Server Load Balancer) server name.
required: true
aliases: ['server']
server_ip:
description:
- The SLB (Server Load Balancer) server IPv4 address.
required: true
aliases: ['ip', 'address']
server_status:
description:
- The SLB (Server Load Balancer) virtual server status.
default: enable
aliases: ['action']
choices: ['enable', 'disable']
server_ports:
description:
- A list of ports to create for the server. Each list item should be a dictionary which specifies the C(port:)
and C(protocol:).
aliases: ['port']
operation:
description:
- Create, Update or Remove SLB server. For create and update operation, we use the IP address and server
name specified in the POST message. For delete operation, we use the server name in the request URI.
default: create
choices: ['create', 'update', 'remove']
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled devices using self-signed certificates.
type: bool
default: 'yes'
'''
RETURN = '''
#
'''
EXAMPLES = '''
# Create a new server
- a10_server:
host: a10.mydomain.com
username: myadmin
password: mypassword
server: test
server_ip: 1.1.1.100
validate_certs: false
server_status: enable
write_config: yes
operation: create
server_ports:
- port-number: 8080
protocol: tcp
action: enable
- port-number: 8443
protocol: TCP
'''
import json
from ansible_collections.community.general.plugins.module_utils.network.a10.a10 import axapi_call_v3, a10_argument_spec, axapi_authenticate_v3, axapi_failure
from ansible_collections.community.general.plugins.module_utils.network.a10.a10 import AXAPI_PORT_PROTOCOLS
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import url_argument_spec
VALID_PORT_FIELDS = ['port-number', 'protocol', 'action']
def validate_ports(module, ports):
for item in ports:
for key in item:
if key not in VALID_PORT_FIELDS:
module.fail_json(msg="invalid port field (%s), must be one of: %s" % (key, ','.join(VALID_PORT_FIELDS)))
# validate the port number is present and an integer
if 'port-number' in item:
try:
item['port-number'] = int(item['port-number'])
except Exception:
module.fail_json(msg="port-number entries in the port definitions must be integers")
else:
module.fail_json(msg="port definitions must define the port-number field")
# validate the port protocol is present, no need to convert to the internal API integer value in v3
if 'protocol' in item:
protocol = item['protocol']
if not protocol:
module.fail_json(msg="invalid port protocol, must be one of: %s" % ','.join(AXAPI_PORT_PROTOCOLS))
else:
item['protocol'] = protocol
else:
module.fail_json(msg="port definitions must define the port protocol (%s)" % ','.join(AXAPI_PORT_PROTOCOLS))
# 'status' is 'action' in AXAPIv3
# no need to convert the status, a.k.a action, to the internal API integer value in v3
# action is either enabled or disabled
if 'action' in item:
action = item['action']
if action not in ['enable', 'disable']:
module.fail_json(msg="server action must be enable or disable")
else:
item['action'] = 'enable'
def main():
argument_spec = a10_argument_spec()
argument_spec.update(url_argument_spec())
argument_spec.update(
dict(
operation=dict(type='str', default='create', choices=['create', 'update', 'delete']),
server_name=dict(type='str', aliases=['server'], required=True),
server_ip=dict(type='str', aliases=['ip', 'address'], required=True),
server_status=dict(type='str', default='enable', aliases=['action'], choices=['enable', 'disable']),
server_ports=dict(type='list', aliases=['port'], default=[]),
)
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False
)
host = module.params['host']
username = module.params['username']
password = module.params['password']
operation = module.params['operation']
write_config = module.params['write_config']
slb_server = module.params['server_name']
slb_server_ip = module.params['server_ip']
slb_server_status = module.params['server_status']
slb_server_ports = module.params['server_ports']
axapi_base_url = 'https://{0}/axapi/v3/'.format(host)
axapi_auth_url = axapi_base_url + 'auth/'
signature = axapi_authenticate_v3(module, axapi_auth_url, username, password)
# validate the ports data structure
validate_ports(module, slb_server_ports)
json_post = {
"server-list": [
{
"name": slb_server,
"host": slb_server_ip
}
]
}
# add optional module parameters
if slb_server_ports:
json_post['server-list'][0]['port-list'] = slb_server_ports
if slb_server_status:
json_post['server-list'][0]['action'] = slb_server_status
slb_server_data = axapi_call_v3(module, axapi_base_url + 'slb/server/', method='GET', body='', signature=signature)
# for empty slb server list
if axapi_failure(slb_server_data):
slb_server_exists = False
else:
slb_server_list = [server['name'] for server in slb_server_data['server-list']]
if slb_server in slb_server_list:
slb_server_exists = True
else:
slb_server_exists = False
changed = False
if operation == 'create':
if slb_server_exists is False:
result = axapi_call_v3(module, axapi_base_url + 'slb/server/', method='POST', body=json.dumps(json_post), signature=signature)
if axapi_failure(result):
module.fail_json(msg="failed to create the server: %s" % result['response']['err']['msg'])
changed = True
else:
module.fail_json(msg="server already exists, use state='update' instead")
changed = False
# if we changed things, get the full info regarding result
if changed:
result = axapi_call_v3(module, axapi_base_url + 'slb/server/' + slb_server, method='GET', body='', signature=signature)
else:
result = slb_server_data
elif operation == 'delete':
if slb_server_exists:
result = axapi_call_v3(module, axapi_base_url + 'slb/server/' + slb_server, method='DELETE', body='', signature=signature)
if axapi_failure(result):
module.fail_json(msg="failed to delete server: %s" % result['response']['err']['msg'])
changed = True
else:
result = dict(msg="the server was not present")
elif operation == 'update':
if slb_server_exists:
result = axapi_call_v3(module, axapi_base_url + 'slb/server/', method='PUT', body=json.dumps(json_post), signature=signature)
if axapi_failure(result):
module.fail_json(msg="failed to update server: %s" % result['response']['err']['msg'])
changed = True
else:
result = dict(msg="the server was not present")
# if the config has changed, save the config unless otherwise requested
if changed and write_config:
write_result = axapi_call_v3(module, axapi_base_url + 'write/memory/', method='POST', body='', signature=signature)
if axapi_failure(write_result):
module.fail_json(msg="failed to save the configuration: %s" % write_result['response']['err']['msg'])
# log out gracefully and exit
axapi_call_v3(module, axapi_base_url + 'logoff/', method='POST', body='', signature=signature)
module.exit_json(changed=changed, content=result)
if __name__ == '__main__':
main()

337
plugins/modules/network/a10/a10_service_group.py Normal file
View File

@@ -0,0 +1,337 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2014, Mischa Peters <mpeters@a10networks.com>,
# Eric Chou <ericc@a10networks.com>
#
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: a10_service_group
short_description: Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' service groups.
description:
- Manage SLB (Server Load Balancing) service-group objects on A10 Networks devices via aXAPIv2.
author:
- Eric Chou (@ericchou1)
- Mischa Peters (@mischapeters)
notes:
- Requires A10 Networks aXAPI 2.1.
- When a server doesn't exist and is added to the service-group the server will be created.
extends_documentation_fragment:
- community.general.a10
- url
options:
state:
description:
- If the specified service group should exists.
default: present
choices: ['present', 'absent']
partition:
description:
- set active-partition
service_group:
description:
- The SLB (Server Load Balancing) service-group name
required: true
aliases: ['service', 'pool', 'group']
service_group_protocol:
description:
- The SLB service-group protocol of TCP or UDP.
default: tcp
aliases: ['proto', 'protocol']
choices: ['tcp', 'udp']
service_group_method:
description:
- The SLB service-group load balancing method, such as round-robin or weighted-rr.
default: round-robin
aliases: ['method']
choices:
- 'round-robin'
- 'weighted-rr'
- 'least-connection'
- 'weighted-least-connection'
- 'service-least-connection'
- 'service-weighted-least-connection'
- 'fastest-response'
- 'least-request'
- 'round-robin-strict'
- 'src-ip-only-hash'
- 'src-ip-hash'
servers:
description:
- A list of servers to add to the service group. Each list item should be a
dictionary which specifies the C(server:) and C(port:), but can also optionally
specify the C(status:). See the examples below for details.
aliases: ['server', 'member']
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled devices using self-signed certificates.
type: bool
default: 'yes'
'''
EXAMPLES = '''
# Create a new service-group
- a10_service_group:
host: a10.mydomain.com
username: myadmin
password: mypassword
partition: mypartition
service_group: sg-80-tcp
servers:
- server: foo1.mydomain.com
port: 8080
- server: foo2.mydomain.com
port: 8080
- server: foo3.mydomain.com
port: 8080
- server: foo4.mydomain.com
port: 8080
status: disabled
'''
RETURN = '''
content:
description: the full info regarding the slb_service_group
returned: success
type: str
sample: "mynewservicegroup"
'''
import json
from ansible_collections.community.general.plugins.module_utils.network.a10.a10 import (axapi_call, a10_argument_spec, axapi_authenticate, axapi_failure, axapi_enabled_disabled)
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import url_argument_spec
VALID_SERVICE_GROUP_FIELDS = ['name', 'protocol', 'lb_method']
VALID_SERVER_FIELDS = ['server', 'port', 'status']
def validate_servers(module, servers):
for item in servers:
for key in item:
if key not in VALID_SERVER_FIELDS:
module.fail_json(msg="invalid server field (%s), must be one of: %s" % (key, ','.join(VALID_SERVER_FIELDS)))
# validate the server name is present
if 'server' not in item:
module.fail_json(msg="server definitions must define the server field")
# validate the port number is present and an integer
if 'port' in item:
try:
item['port'] = int(item['port'])
except Exception:
module.fail_json(msg="server port definitions must be integers")
else:
module.fail_json(msg="server definitions must define the port field")
# convert the status to the internal API integer value
if 'status' in item:
item['status'] = axapi_enabled_disabled(item['status'])
else:
item['status'] = 1
def main():
argument_spec = a10_argument_spec()
argument_spec.update(url_argument_spec())
argument_spec.update(
dict(
state=dict(type='str', default='present', choices=['present', 'absent']),
service_group=dict(type='str', aliases=['service', 'pool', 'group'], required=True),
service_group_protocol=dict(type='str', default='tcp', aliases=['proto', 'protocol'], choices=['tcp', 'udp']),
service_group_method=dict(type='str', default='round-robin',
aliases=['method'],
choices=['round-robin',
'weighted-rr',
'least-connection',
'weighted-least-connection',
'service-least-connection',
'service-weighted-least-connection',
'fastest-response',
'least-request',
'round-robin-strict',
'src-ip-only-hash',
'src-ip-hash']),
servers=dict(type='list', aliases=['server', 'member'], default=[]),
partition=dict(type='str', default=[]),
)
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False
)
host = module.params['host']
username = module.params['username']
password = module.params['password']
partition = module.params['partition']
state = module.params['state']
write_config = module.params['write_config']
slb_service_group = module.params['service_group']
slb_service_group_proto = module.params['service_group_protocol']
slb_service_group_method = module.params['service_group_method']
slb_servers = module.params['servers']
if slb_service_group is None:
module.fail_json(msg='service_group is required')
axapi_base_url = 'https://' + host + '/services/rest/V2.1/?format=json'
load_balancing_methods = {'round-robin': 0,
'weighted-rr': 1,
'least-connection': 2,
'weighted-least-connection': 3,
'service-least-connection': 4,
'service-weighted-least-connection': 5,
'fastest-response': 6,
'least-request': 7,
'round-robin-strict': 8,
'src-ip-only-hash': 14,
'src-ip-hash': 15}
if not slb_service_group_proto or slb_service_group_proto.lower() == 'tcp':
protocol = 2
else:
protocol = 3
# validate the server data list structure
validate_servers(module, slb_servers)
json_post = {
'service_group': {
'name': slb_service_group,
'protocol': protocol,
'lb_method': load_balancing_methods[slb_service_group_method],
}
}
# first we authenticate to get a session id
session_url = axapi_authenticate(module, axapi_base_url, username, password)
# then we select the active-partition
axapi_call(module, session_url + '&method=system.partition.active', json.dumps({'name': partition}))
# then we check to see if the specified group exists
slb_result = axapi_call(module, session_url + '&method=slb.service_group.search', json.dumps({'name': slb_service_group}))
slb_service_group_exist = not axapi_failure(slb_result)
changed = False
if state == 'present':
# before creating/updating we need to validate that servers
# defined in the servers list exist to prevent errors
checked_servers = []
for server in slb_servers:
result = axapi_call(module, session_url + '&method=slb.server.search', json.dumps({'name': server['server']}))
if axapi_failure(result):
module.fail_json(msg="the server %s specified in the servers list does not exist" % server['server'])
checked_servers.append(server['server'])
if not slb_service_group_exist:
result = axapi_call(module, session_url + '&method=slb.service_group.create', json.dumps(json_post))
if axapi_failure(result):
module.fail_json(msg=result['response']['err']['msg'])
changed = True
else:
# check to see if the service group definition without the
# server members is different, and update that individually
# if it needs it
do_update = False
for field in VALID_SERVICE_GROUP_FIELDS:
if json_post['service_group'][field] != slb_result['service_group'][field]:
do_update = True
break
if do_update:
result = axapi_call(module, session_url + '&method=slb.service_group.update', json.dumps(json_post))
if axapi_failure(result):
module.fail_json(msg=result['response']['err']['msg'])
changed = True
# next we pull the defined list of servers out of the returned
# results to make it a bit easier to iterate over
defined_servers = slb_result.get('service_group', {}).get('member_list', [])
# next we add/update new member servers from the user-specified
# list if they're different or not on the target device
for server in slb_servers:
found = False
different = False
for def_server in defined_servers:
if server['server'] == def_server['server']:
found = True
for valid_field in VALID_SERVER_FIELDS:
if server[valid_field] != def_server[valid_field]:
different = True
break
if found or different:
break
# add or update as required
server_data = {
"name": slb_service_group,
"member": server,
}
if not found:
result = axapi_call(module, session_url + '&method=slb.service_group.member.create', json.dumps(server_data))
changed = True
elif different:
result = axapi_call(module, session_url + '&method=slb.service_group.member.update', json.dumps(server_data))
changed = True
# finally, remove any servers that are on the target
# device but were not specified in the list given
for server in defined_servers:
found = False
for slb_server in slb_servers:
if server['server'] == slb_server['server']:
found = True
break
# remove if not found
server_data = {
"name": slb_service_group,
"member": server,
}
if not found:
result = axapi_call(module, session_url + '&method=slb.service_group.member.delete', json.dumps(server_data))
changed = True
# if we changed things, get the full info regarding
# the service group for the return data below
if changed:
result = axapi_call(module, session_url + '&method=slb.service_group.search', json.dumps({'name': slb_service_group}))
else:
result = slb_result
elif state == 'absent':
if slb_service_group_exist:
result = axapi_call(module, session_url + '&method=slb.service_group.delete', json.dumps({'name': slb_service_group}))
changed = True
else:
result = dict(msg="the service group was not present")
# if the config has changed, save the config unless otherwise requested
if changed and write_config:
write_result = axapi_call(module, session_url + '&method=system.action.write_memory')
if axapi_failure(write_result):
module.fail_json(msg="failed to save the configuration: %s" % write_result['response']['err']['msg'])
# log out of the session nicely and exit
axapi_call(module, session_url + '&method=session.close')
module.exit_json(changed=changed, content=result)
if __name__ == '__main__':
main()

283
plugins/modules/network/a10/a10_virtual_server.py Normal file
View File

@@ -0,0 +1,283 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2014, Mischa Peters <mpeters@a10networks.com>,
# Eric Chou <ericc@a10networks.com>
#
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: a10_virtual_server
short_description: Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' virtual servers.
description:
- Manage SLB (Server Load Balancing) virtual server objects on A10 Networks devices via aXAPIv2.
author:
- Eric Chou (@ericchou1)
- Mischa Peters (@mischapeters)
notes:
- Requires A10 Networks aXAPI 2.1.
extends_documentation_fragment:
- community.general.a10
- url
options:
state:
description:
- If the specified virtual server should exist.
choices: ['present', 'absent']
default: present
partition:
description:
- set active-partition
virtual_server:
description:
- The SLB (Server Load Balancing) virtual server name.
required: true
aliases: ['vip', 'virtual']
virtual_server_ip:
description:
- The SLB virtual server IPv4 address.
aliases: ['ip', 'address']
virtual_server_status:
description:
- The SLB virtual server status, such as enabled or disabled.
default: enable
aliases: ['status']
choices: ['enabled', 'disabled']
virtual_server_ports:
description:
- A list of ports to create for the virtual server. Each list item should be a
dictionary which specifies the C(port:) and C(type:), but can also optionally
specify the C(service_group:) as well as the C(status:). See the examples
below for details. This parameter is required when C(state) is C(present).
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled devices using self-signed certificates.
type: bool
default: 'yes'
'''
EXAMPLES = '''
# Create a new virtual server
- a10_virtual_server:
host: a10.mydomain.com
username: myadmin
password: mypassword
partition: mypartition
virtual_server: vserver1
virtual_server_ip: 1.1.1.1
virtual_server_ports:
- port: 80
protocol: TCP
service_group: sg-80-tcp
- port: 443
protocol: HTTPS
service_group: sg-443-https
- port: 8080
protocol: http
status: disabled
'''
RETURN = '''
content:
description: the full info regarding the slb_virtual
returned: success
type: str
sample: "mynewvirtualserver"
'''
import json
from ansible_collections.community.general.plugins.module_utils.network.a10.a10 import (axapi_call, a10_argument_spec, axapi_authenticate, axapi_failure,
axapi_enabled_disabled, axapi_get_vport_protocol, AXAPI_VPORT_PROTOCOLS)
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import url_argument_spec
VALID_PORT_FIELDS = ['port', 'protocol', 'service_group', 'status']
def validate_ports(module, ports):
for item in ports:
for key in item:
if key not in VALID_PORT_FIELDS:
module.fail_json(msg="invalid port field (%s), must be one of: %s" % (key, ','.join(VALID_PORT_FIELDS)))
# validate the port number is present and an integer
if 'port' in item:
try:
item['port'] = int(item['port'])
except Exception:
module.fail_json(msg="port definitions must be integers")
else:
module.fail_json(msg="port definitions must define the port field")
# validate the port protocol is present, and convert it to
# the internal API integer value (and validate it)
if 'protocol' in item:
protocol = axapi_get_vport_protocol(item['protocol'])
if not protocol:
module.fail_json(msg="invalid port protocol, must be one of: %s" % ','.join(AXAPI_VPORT_PROTOCOLS))
else:
item['protocol'] = protocol
else:
module.fail_json(msg="port definitions must define the port protocol (%s)" % ','.join(AXAPI_VPORT_PROTOCOLS))
# convert the status to the internal API integer value
if 'status' in item:
item['status'] = axapi_enabled_disabled(item['status'])
else:
item['status'] = 1
# ensure the service_group field is at least present
if 'service_group' not in item:
item['service_group'] = ''
def main():
argument_spec = a10_argument_spec()
argument_spec.update(url_argument_spec())
argument_spec.update(
dict(
state=dict(type='str', default='present', choices=['present', 'absent']),
virtual_server=dict(type='str', aliases=['vip', 'virtual'], required=True),
virtual_server_ip=dict(type='str', aliases=['ip', 'address'], required=True),
virtual_server_status=dict(type='str', default='enabled', aliases=['status'], choices=['enabled', 'disabled']),
virtual_server_ports=dict(type='list', required=True),
partition=dict(type='str', default=[]),
)
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False
)
host = module.params['host']
username = module.params['username']
password = module.params['password']
partition = module.params['partition']
state = module.params['state']
write_config = module.params['write_config']
slb_virtual = module.params['virtual_server']
slb_virtual_ip = module.params['virtual_server_ip']
slb_virtual_status = module.params['virtual_server_status']
slb_virtual_ports = module.params['virtual_server_ports']
if slb_virtual is None:
module.fail_json(msg='virtual_server is required')
validate_ports(module, slb_virtual_ports)
axapi_base_url = 'https://%s/services/rest/V2.1/?format=json' % host
session_url = axapi_authenticate(module, axapi_base_url, username, password)
axapi_call(module, session_url + '&method=system.partition.active', json.dumps({'name': partition}))
slb_virtual_data = axapi_call(module, session_url + '&method=slb.virtual_server.search', json.dumps({'name': slb_virtual}))
slb_virtual_exists = not axapi_failure(slb_virtual_data)
changed = False
if state == 'present':
json_post = {
'virtual_server': {
'name': slb_virtual,
'address': slb_virtual_ip,
'status': axapi_enabled_disabled(slb_virtual_status),
'vport_list': slb_virtual_ports,
}
}
# before creating/updating we need to validate that any
# service groups defined in the ports list exist since
# since the API will still create port definitions for
# them while indicating a failure occurred
checked_service_groups = []
for port in slb_virtual_ports:
if 'service_group' in port and port['service_group'] not in checked_service_groups:
# skip blank service group entries
if port['service_group'] == '':
continue
result = axapi_call(module, session_url + '&method=slb.service_group.search', json.dumps({'name': port['service_group']}))
if axapi_failure(result):
module.fail_json(msg="the service group %s specified in the ports list does not exist" % port['service_group'])
checked_service_groups.append(port['service_group'])
if not slb_virtual_exists:
result = axapi_call(module, session_url + '&method=slb.virtual_server.create', json.dumps(json_post))
if axapi_failure(result):
module.fail_json(msg="failed to create the virtual server: %s" % result['response']['err']['msg'])
changed = True
else:
def needs_update(src_ports, dst_ports):
'''
Checks to determine if the port definitions of the src_ports
array are in or different from those in dst_ports. If there is
a difference, this function returns true, otherwise false.
'''
for src_port in src_ports:
found = False
different = False
for dst_port in dst_ports:
if src_port['port'] == dst_port['port']:
found = True
for valid_field in VALID_PORT_FIELDS:
if src_port[valid_field] != dst_port[valid_field]:
different = True
break
if found or different:
break
if not found or different:
return True
# every port from the src exists in the dst, and none of them were different
return False
defined_ports = slb_virtual_data.get('virtual_server', {}).get('vport_list', [])
# we check for a needed update both ways, in case ports
# are missing from either the ones specified by the user
# or from those on the device
if needs_update(defined_ports, slb_virtual_ports) or needs_update(slb_virtual_ports, defined_ports):
result = axapi_call(module, session_url + '&method=slb.virtual_server.update', json.dumps(json_post))
if axapi_failure(result):
module.fail_json(msg="failed to create the virtual server: %s" % result['response']['err']['msg'])
changed = True
# if we changed things, get the full info regarding
# the service group for the return data below
if changed:
result = axapi_call(module, session_url + '&method=slb.virtual_server.search', json.dumps({'name': slb_virtual}))
else:
result = slb_virtual_data
elif state == 'absent':
if slb_virtual_exists:
result = axapi_call(module, session_url + '&method=slb.virtual_server.delete', json.dumps({'name': slb_virtual}))
changed = True
else:
result = dict(msg="the virtual server was not present")
# if the config has changed, save the config unless otherwise requested
if changed and write_config:
write_result = axapi_call(module, session_url + '&method=system.action.write_memory')
if axapi_failure(write_result):
module.fail_json(msg="failed to save the configuration: %s" % write_result['response']['err']['msg'])
# log out of the session nicely and exit
axapi_call(module, session_url + '&method=session.close')
module.exit_json(changed=changed, content=result)
if __name__ == '__main__':
main()

239
plugins/modules/network/aci/aci_interface_policy_fc.py Normal file
View File

@@ -0,0 +1,239 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'certified'}
DOCUMENTATION = r'''
---
module: aci_interface_policy_fc
short_description: Manage Fibre Channel interface policies (fc:IfPol)
description:
- Manage ACI Fiber Channel interface policies on Cisco ACI fabrics.
options:
fc_policy:
description:
- The name of the Fiber Channel interface policy.
type: str
required: yes
aliases: [ name ]
description:
description:
- The description of the Fiber Channel interface policy.
type: str
aliases: [ descr ]
port_mode:
description:
- The Port Mode to use.
- The APIC defaults to C(f) when unset during creation.
type: str
choices: [ f, np ]
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
name_alias:
description:
- The alias for the current object. This relates to the nameAlias field in ACI.
type: str
extends_documentation_fragment:
- cisco.aci.aci
seealso:
- name: APIC Management Information Model reference
description: More information about the internal APIC class B(fc:IfPol).
link: https://developer.cisco.com/docs/apic-mim-ref/
author:
- Dag Wieers (@dagwieers)
'''
EXAMPLES = r'''
- aci_interface_policy_fc:
host: '{{ hostname }}'
username: '{{ username }}'
password: '{{ password }}'
fc_policy: '{{ fc_policy }}'
port_mode: '{{ port_mode }}'
description: '{{ description }}'
state: present
delegate_to: localhost
'''
RETURN = r'''
current:
description: The existing configuration from the APIC after the module has finished
returned: success
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
error:
description: The error information as returned from the APIC
returned: failure
type: dict
sample:
{
"code": "122",
"text": "unknown managed object class foo"
}
raw:
description: The raw output returned by the APIC REST API (xml or json)
returned: parse error
type: str
sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
sent:
description: The actual/minimal configuration pushed to the APIC
returned: info
type: list
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment"
}
}
}
previous:
description: The original configuration from the APIC before the module has started
returned: info
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
proposed:
description: The assembled configuration from the user-provided parameters
returned: info
type: dict
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"name": "production"
}
}
}
filter_string:
description: The filter string used for the request
returned: failure or debug
type: str
sample: ?rsp-prop-include=config-only
method:
description: The HTTP method used for the request to the APIC
returned: failure or debug
type: str
sample: POST
response:
description: The HTTP response from the APIC
returned: failure or debug
type: str
sample: OK (30 bytes)
status:
description: The HTTP status from the APIC
returned: failure or debug
type: int
sample: 200
url:
description: The HTTP url used for the request to the APIC
returned: failure or debug
type: str
sample: https://10.11.12.13/api/mo/uni/tn-production.json
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.aci.plugins.module_utils.network.aci.aci import ACIModule, aci_argument_spec
def main():
argument_spec = aci_argument_spec()
argument_spec.update(
fc_policy=dict(type='str', aliases=['name']), # Not required for querying all objects
description=dict(type='str', aliases=['descr']),
port_mode=dict(type='str', choices=['f', 'np']), # No default provided on purpose
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
name_alias=dict(type='str'),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['fc_policy']],
['state', 'present', ['fc_policy']],
],
)
fc_policy = module.params.get('fc_policy')
port_mode = module.params.get('port_mode')
description = module.params.get('description')
state = module.params.get('state')
name_alias = module.params.get('name_alias')
aci = ACIModule(module)
aci.construct_url(
root_class=dict(
aci_class='fcIfPol',
aci_rn='infra/fcIfPol-{0}'.format(fc_policy),
module_object=fc_policy,
target_filter={'name': fc_policy},
),
)
aci.get_existing()
if state == 'present':
aci.payload(
aci_class='fcIfPol',
class_config=dict(
name=fc_policy,
descr=description,
portMode=port_mode,
nameAlias=name_alias,
),
)
aci.get_diff(aci_class='fcIfPol')
aci.post_config()
elif state == 'absent':
aci.delete_config()
aci.exit_json()
if __name__ == "__main__":
main()

264
plugins/modules/network/aci/aci_interface_policy_l2.py Normal file
View File

@@ -0,0 +1,264 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'certified'}
DOCUMENTATION = r'''
---
module: aci_interface_policy_l2
short_description: Manage Layer 2 interface policies (l2:IfPol)
description:
- Manage Layer 2 interface policies on Cisco ACI fabrics.
options:
l2_policy:
description:
- The name of the Layer 2 interface policy.
type: str
required: yes
aliases: [ name ]
description:
description:
- The description of the Layer 2 interface policy.
type: str
aliases: [ descr ]
qinq:
description:
- Determines if QinQ is disabled or if the port should be considered a core or edge port.
- The APIC defaults to C(disabled) when unset during creation.
type: str
choices: [ core, disabled, edge ]
vepa:
description:
- Determines if Virtual Ethernet Port Aggregator is disabled or enabled.
- The APIC defaults to C(no) when unset during creation.
type: bool
vlan_scope:
description:
- The scope of the VLAN.
- The APIC defaults to C(global) when unset during creation.
type: str
choices: [ global, portlocal ]
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
name_alias:
description:
- The alias for the current object. This relates to the nameAlias field in ACI.
type: str
extends_documentation_fragment:
- cisco.aci.aci
seealso:
- name: APIC Management Information Model reference
description: More information about the internal APIC class B(l2:IfPol).
link: https://developer.cisco.com/docs/apic-mim-ref/
author:
- Dag Wieers (@dagwieers)
'''
EXAMPLES = r'''
- aci_interface_policy_l2:
host: '{{ hostname }}'
username: '{{ username }}'
password: '{{ password }}'
l2_policy: '{{ l2_policy }}'
vlan_scope: '{{ vlan_policy }}'
description: '{{ description }}'
delegate_to: localhost
'''
RETURN = r'''
current:
description: The existing configuration from the APIC after the module has finished
returned: success
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
error:
description: The error information as returned from the APIC
returned: failure
type: dict
sample:
{
"code": "122",
"text": "unknown managed object class foo"
}
raw:
description: The raw output returned by the APIC REST API (xml or json)
returned: parse error
type: str
sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
sent:
description: The actual/minimal configuration pushed to the APIC
returned: info
type: list
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment"
}
}
}
previous:
description: The original configuration from the APIC before the module has started
returned: info
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
proposed:
description: The assembled configuration from the user-provided parameters
returned: info
type: dict
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"name": "production"
}
}
}
filter_string:
description: The filter string used for the request
returned: failure or debug
type: str
sample: ?rsp-prop-include=config-only
method:
description: The HTTP method used for the request to the APIC
returned: failure or debug
type: str
sample: POST
response:
description: The HTTP response from the APIC
returned: failure or debug
type: str
sample: OK (30 bytes)
status:
description: The HTTP status from the APIC
returned: failure or debug
type: int
sample: 200
url:
description: The HTTP url used for the request to the APIC
returned: failure or debug
type: str
sample: https://10.11.12.13/api/mo/uni/tn-production.json
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.aci.plugins.module_utils.network.aci.aci import ACIModule, aci_argument_spec
# Mapping dicts are used to normalize the proposed data to what the APIC expects, which will keep diffs accurate
QINQ_MAPPING = dict(
core='corePort',
disabled='disabled',
edge='edgePort',
)
def main():
argument_spec = aci_argument_spec()
argument_spec.update(
l2_policy=dict(type='str', aliases=['name']), # Not required for querying all policies
description=dict(type='str', aliases=['descr']),
vlan_scope=dict(type='str', choices=['global', 'portlocal']), # No default provided on purpose
qinq=dict(type='str', choices=['core', 'disabled', 'edge']),
vepa=dict(type='bool'),
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
name_alias=dict(type='str'),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['l2_policy']],
['state', 'present', ['l2_policy']],
],
)
aci = ACIModule(module)
l2_policy = module.params.get('l2_policy')
vlan_scope = module.params.get('vlan_scope')
qinq = module.params.get('qinq')
if qinq is not None:
qinq = QINQ_MAPPING.get(qinq)
vepa = aci.boolean(module.params.get('vepa'), 'enabled', 'disabled')
description = module.params.get('description')
state = module.params.get('state')
name_alias = module.params.get('name_alias')
aci.construct_url(
root_class=dict(
aci_class='l2IfPol',
aci_rn='infra/l2IfP-{0}'.format(l2_policy),
module_object=l2_policy,
target_filter={'name': l2_policy},
),
)
aci.get_existing()
if state == 'present':
aci.payload(
aci_class='l2IfPol',
class_config=dict(
name=l2_policy,
descr=description,
vlanScope=vlan_scope,
qinq=qinq, vepa=vepa,
nameAlias=name_alias,
),
)
aci.get_diff(aci_class='l2IfPol')
aci.post_config()
elif state == 'absent':
aci.delete_config()
aci.exit_json()
if __name__ == "__main__":
main()

248
plugins/modules/network/aci/aci_interface_policy_lldp.py Normal file
View File

@@ -0,0 +1,248 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'certified'}
DOCUMENTATION = r'''
---
module: aci_interface_policy_lldp
short_description: Manage LLDP interface policies (lldp:IfPol)
description:
- Manage LLDP interface policies on Cisco ACI fabrics.
options:
lldp_policy:
description:
- The LLDP interface policy name.
type: str
required: yes
aliases: [ name ]
description:
description:
- The description for the LLDP interface policy name.
type: str
aliases: [ descr ]
receive_state:
description:
- Enable or disable Receive state.
- The APIC defaults to C(yes) when unset during creation.
type: bool
transmit_state:
description:
- Enable or Disable Transmit state.
- The APIC defaults to C(yes) when unset during creation.
type: bool
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
name_alias:
description:
- The alias for the current object. This relates to the nameAlias field in ACI.
type: str
extends_documentation_fragment:
- cisco.aci.aci
seealso:
- name: APIC Management Information Model reference
description: More information about the internal APIC class B(lldp:IfPol).
link: https://developer.cisco.com/docs/apic-mim-ref/
author:
- Dag Wieers (@dagwieers)
'''
# FIXME: Add more, better examples
EXAMPLES = r'''
- aci_interface_policy_lldp:
host: '{{ hostname }}'
username: '{{ username }}'
password: '{{ password }}'
lldp_policy: '{{ lldp_policy }}'
description: '{{ description }}'
receive_state: '{{ receive_state }}'
transmit_state: '{{ transmit_state }}'
delegate_to: localhost
'''
RETURN = r'''
current:
description: The existing configuration from the APIC after the module has finished
returned: success
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
error:
description: The error information as returned from the APIC
returned: failure
type: dict
sample:
{
"code": "122",
"text": "unknown managed object class foo"
}
raw:
description: The raw output returned by the APIC REST API (xml or json)
returned: parse error
type: str
sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
sent:
description: The actual/minimal configuration pushed to the APIC
returned: info
type: list
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment"
}
}
}
previous:
description: The original configuration from the APIC before the module has started
returned: info
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
proposed:
description: The assembled configuration from the user-provided parameters
returned: info
type: dict
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"name": "production"
}
}
}
filter_string:
description: The filter string used for the request
returned: failure or debug
type: str
sample: ?rsp-prop-include=config-only
method:
description: The HTTP method used for the request to the APIC
returned: failure or debug
type: str
sample: POST
response:
description: The HTTP response from the APIC
returned: failure or debug
type: str
sample: OK (30 bytes)
status:
description: The HTTP status from the APIC
returned: failure or debug
type: int
sample: 200
url:
description: The HTTP url used for the request to the APIC
returned: failure or debug
type: str
sample: https://10.11.12.13/api/mo/uni/tn-production.json
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.aci.plugins.module_utils.network.aci.aci import ACIModule, aci_argument_spec
def main():
argument_spec = aci_argument_spec()
argument_spec.update(
lldp_policy=dict(type='str', aliases=['name']), # Not required for querying all objects
description=dict(type='str', aliases=['descr']),
receive_state=dict(type='bool'),
transmit_state=dict(type='bool'),
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
name_alias=dict(type='str'),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['lldp_policy']],
['state', 'present', ['lldp_policy']],
],
)
aci = ACIModule(module)
lldp_policy = module.params.get('lldp_policy')
description = module.params.get('description')
receive_state = aci.boolean(module.params.get('receive_state'), 'enabled', 'disabled')
transmit_state = aci.boolean(module.params.get('transmit_state'), 'enabled', 'disabled')
state = module.params.get('state')
name_alias = module.params.get('name_alias')
aci.construct_url(
root_class=dict(
aci_class='lldpIfPol',
aci_rn='infra/lldpIfP-{0}'.format(lldp_policy),
module_object=lldp_policy,
target_filter={'name': lldp_policy},
),
)
aci.get_existing()
if state == 'present':
aci.payload(
aci_class='lldpIfPol',
class_config=dict(
name=lldp_policy,
descr=description,
adminRxSt=receive_state,
adminTxSt=transmit_state,
nameAlias=name_alias,
),
)
aci.get_diff(aci_class='lldpIfPol')
aci.post_config()
elif state == 'absent':
aci.delete_config()
aci.exit_json()
if __name__ == "__main__":
main()

239
plugins/modules/network/aci/aci_interface_policy_mcp.py Normal file
View File

@@ -0,0 +1,239 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'certified'}
DOCUMENTATION = r'''
---
module: aci_interface_policy_mcp
short_description: Manage MCP interface policies (mcp:IfPol)
description:
- Manage MCP interface policies on Cisco ACI fabrics.
options:
mcp:
description:
- The name of the MCP interface.
type: str
required: yes
aliases: [ mcp_interface, name ]
description:
description:
- The description for the MCP interface.
type: str
aliases: [ descr ]
admin_state:
description:
- Enable or disable admin state.
- The APIC defaults to C(yes) when unset during creation.
type: bool
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
name_alias:
description:
- The alias for the current object. This relates to the nameAlias field in ACI.
type: str
extends_documentation_fragment:
- cisco.aci.aci
seealso:
- name: APIC Management Information Model reference
description: More information about the internal APIC class B(mcp:IfPol).
link: https://developer.cisco.com/docs/apic-mim-ref/
author:
- Dag Wieers (@dagwieers)
'''
# FIXME: Add more, better examples
EXAMPLES = r'''
- aci_interface_policy_mcp:
host: '{{ hostname }}'
username: '{{ username }}'
password: '{{ password }}'
mcp: '{{ mcp }}'
description: '{{ descr }}'
admin_state: '{{ admin_state }}'
delegate_to: localhost
'''
RETURN = r'''
current:
description: The existing configuration from the APIC after the module has finished
returned: success
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
error:
description: The error information as returned from the APIC
returned: failure
type: dict
sample:
{
"code": "122",
"text": "unknown managed object class foo"
}
raw:
description: The raw output returned by the APIC REST API (xml or json)
returned: parse error
type: str
sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
sent:
description: The actual/minimal configuration pushed to the APIC
returned: info
type: list
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment"
}
}
}
previous:
description: The original configuration from the APIC before the module has started
returned: info
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
proposed:
description: The assembled configuration from the user-provided parameters
returned: info
type: dict
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"name": "production"
}
}
}
filter_string:
description: The filter string used for the request
returned: failure or debug
type: str
sample: ?rsp-prop-include=config-only
method:
description: The HTTP method used for the request to the APIC
returned: failure or debug
type: str
sample: POST
response:
description: The HTTP response from the APIC
returned: failure or debug
type: str
sample: OK (30 bytes)
status:
description: The HTTP status from the APIC
returned: failure or debug
type: int
sample: 200
url:
description: The HTTP url used for the request to the APIC
returned: failure or debug
type: str
sample: https://10.11.12.13/api/mo/uni/tn-production.json
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.aci.plugins.module_utils.network.aci.aci import ACIModule, aci_argument_spec
def main():
argument_spec = aci_argument_spec()
argument_spec.update(
mcp=dict(type='str', aliases=['mcp_interface', 'name']), # Not required for querying all objects
description=dict(type='str', aliases=['descr']),
admin_state=dict(type='bool'),
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
name_alias=dict(type='str'),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['mcp']],
['state', 'present', ['mcp']],
],
)
aci = ACIModule(module)
mcp = module.params.get('mcp')
description = module.params.get('description')
admin_state = aci.boolean(module.params.get('admin_state'), 'enabled', 'disabled')
state = module.params.get('state')
name_alias = module.params.get('name_alias')
aci.construct_url(
root_class=dict(
aci_class='mcpIfPol',
aci_rn='infra/mcpIfP-{0}'.format(mcp),
module_object=mcp,
target_filter={'name': mcp},
),
)
aci.get_existing()
if state == 'present':
aci.payload(
aci_class='mcpIfPol',
class_config=dict(
name=mcp,
descr=description,
adminSt=admin_state,
nameAlias=name_alias,
),
)
aci.get_diff(aci_class='mcpIfPol')
aci.post_config()
elif state == 'absent':
aci.delete_config()
aci.exit_json()
if __name__ == "__main__":
main()

321
plugins/modules/network/aci/aci_interface_policy_port_channel.py Normal file
View File

@@ -0,0 +1,321 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'certified'}
DOCUMENTATION = r'''
---
module: aci_interface_policy_port_channel
short_description: Manage port channel interface policies (lacp:LagPol)
description:
- Manage port channel interface policies on Cisco ACI fabrics.
options:
port_channel:
description:
- Name of the port channel.
type: str
required: yes
aliases: [ name ]
description:
description:
- The description for the port channel.
type: str
aliases: [ descr ]
max_links:
description:
- Maximum links.
- Accepted values range between 1 and 16.
- The APIC defaults to C(16) when unset during creation.
type: int
min_links:
description:
- Minimum links.
- Accepted values range between 1 and 16.
- The APIC defaults to C(1) when unset during creation.
type: int
mode:
description:
- Port channel interface policy mode.
- Determines the LACP method to use for forming port-channels.
- The APIC defaults to C(off) when unset during creation.
type: str
choices: [ active, mac-pin, mac-pin-nicload, 'off', passive ]
fast_select:
description:
- Determines if Fast Select is enabled for Hot Standby Ports.
- This makes up the LACP Policy Control Policy; if one setting is defined, then all other Control Properties
left undefined or set to false will not exist after the task is ran.
- The APIC defaults to C(yes) when unset during creation.
type: bool
graceful_convergence:
description:
- Determines if Graceful Convergence is enabled.
- This makes up the LACP Policy Control Policy; if one setting is defined, then all other Control Properties
left undefined or set to false will not exist after the task is ran.
- The APIC defaults to C(yes) when unset during creation.
type: bool
load_defer:
description:
- Determines if Load Defer is enabled.
- This makes up the LACP Policy Control Policy; if one setting is defined, then all other Control Properties
left undefined or set to false will not exist after the task is ran.
- The APIC defaults to C(no) when unset during creation.
type: bool
suspend_individual:
description:
- Determines if Suspend Individual is enabled.
- This makes up the LACP Policy Control Policy; if one setting is defined, then all other Control Properties
left undefined or set to false will not exist after the task is ran.
- The APIC defaults to C(yes) when unset during creation.
type: bool
symmetric_hash:
description:
- Determines if Symmetric Hashing is enabled.
- This makes up the LACP Policy Control Policy; if one setting is defined, then all other Control Properties
left undefined or set to false will not exist after the task is ran.
- The APIC defaults to C(no) when unset during creation.
type: bool
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
name_alias:
description:
- The alias for the current object. This relates to the nameAlias field in ACI.
type: str
extends_documentation_fragment:
- cisco.aci.aci
seealso:
- name: APIC Management Information Model reference
description: More information about the internal APIC class B(lacp:LagPol).
link: https://developer.cisco.com/docs/apic-mim-ref/
author:
- Dag Wieers (@dagwieers)
'''
EXAMPLES = r'''
- aci_interface_policy_port_channel:
host: '{{ inventory_hostname }}'
username: '{{ username }}'
password: '{{ password }}'
port_channel: '{{ port_channel }}'
description: '{{ description }}'
min_links: '{{ min_links }}'
max_links: '{{ max_links }}'
mode: '{{ mode }}'
delegate_to: localhost
'''
RETURN = r'''
current:
description: The existing configuration from the APIC after the module has finished
returned: success
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
error:
description: The error information as returned from the APIC
returned: failure
type: dict
sample:
{
"code": "122",
"text": "unknown managed object class foo"
}
raw:
description: The raw output returned by the APIC REST API (xml or json)
returned: parse error
type: str
sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
sent:
description: The actual/minimal configuration pushed to the APIC
returned: info
type: list
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment"
}
}
}
previous:
description: The original configuration from the APIC before the module has started
returned: info
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
proposed:
description: The assembled configuration from the user-provided parameters
returned: info
type: dict
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"name": "production"
}
}
}
filter_string:
description: The filter string used for the request
returned: failure or debug
type: str
sample: ?rsp-prop-include=config-only
method:
description: The HTTP method used for the request to the APIC
returned: failure or debug
type: str
sample: POST
response:
description: The HTTP response from the APIC
returned: failure or debug
type: str
sample: OK (30 bytes)
status:
description: The HTTP status from the APIC
returned: failure or debug
type: int
sample: 200
url:
description: The HTTP url used for the request to the APIC
returned: failure or debug
type: str
sample: https://10.11.12.13/api/mo/uni/tn-production.json
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.aci.plugins.module_utils.network.aci.aci import ACIModule, aci_argument_spec
def main():
argument_spec = aci_argument_spec()
argument_spec.update(
port_channel=dict(type='str', aliases=['name']), # Not required for querying all objects
description=dict(type='str', aliases=['descr']),
min_links=dict(type='int'),
max_links=dict(type='int'),
mode=dict(type='str', choices=['active', 'mac-pin', 'mac-pin-nicload', 'off', 'passive']),
fast_select=dict(type='bool'),
graceful_convergence=dict(type='bool'),
load_defer=dict(type='bool'),
suspend_individual=dict(type='bool'),
symmetric_hash=dict(type='bool'),
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
name_alias=dict(type='str'),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['port_channel']],
['state', 'present', ['port_channel']],
],
)
port_channel = module.params.get('port_channel')
description = module.params.get('description')
min_links = module.params.get('min_links')
if min_links is not None and min_links not in range(1, 17):
module.fail_json(msg='The "min_links" must be a value between 1 and 16')
max_links = module.params.get('max_links')
if max_links is not None and max_links not in range(1, 17):
module.fail_json(msg='The "max_links" must be a value between 1 and 16')
mode = module.params.get('mode')
state = module.params.get('state')
name_alias = module.params.get('name_alias')
# Build ctrl value for request
ctrl = []
if module.params.get('fast_select') is True:
ctrl.append('fast-sel-hot-stdby')
if module.params.get('graceful_convergence') is True:
ctrl.append('graceful-conv')
if module.params.get('load_defer') is True:
ctrl.append('load-defer')
if module.params.get('suspend_individual') is True:
ctrl.append('susp-individual')
if module.params.get('symmetric_hash') is True:
ctrl.append('symmetric-hash')
if not ctrl:
ctrl = None
else:
ctrl = ",".join(ctrl)
aci = ACIModule(module)
aci.construct_url(
root_class=dict(
aci_class='lacpLagPol',
aci_rn='infra/lacplagp-{0}'.format(port_channel),
module_object=port_channel,
target_filter={'name': port_channel},
),
)
aci.get_existing()
if state == 'present':
aci.payload(
aci_class='lacpLagPol',
class_config=dict(
name=port_channel,
ctrl=ctrl,
descr=description,
minLinks=min_links,
maxLinks=max_links,
mode=mode,
nameAlias=name_alias,
),
)
aci.get_diff(aci_class='lacpLagPol')
aci.post_config()
elif state == 'absent':
aci.delete_config()
aci.exit_json()
if __name__ == "__main__":
main()

252
plugins/modules/network/aci/aci_interface_policy_port_security.py Normal file
View File

@@ -0,0 +1,252 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'certified'}
DOCUMENTATION = r'''
---
module: aci_interface_policy_port_security
short_description: Manage port security (l2:PortSecurityPol)
description:
- Manage port security on Cisco ACI fabrics.
options:
port_security:
description:
- The name of the port security.
type: str
required: yes
aliases: [ name ]
description:
description:
- The description for the contract.
type: str
aliases: [ descr ]
max_end_points:
description:
- Maximum number of end points.
- Accepted values range between C(0) and C(12000).
- The APIC defaults to C(0) when unset during creation.
type: int
port_security_timeout:
description:
- The delay time in seconds before MAC learning is re-enabled
- Accepted values range between C(60) and C(3600)
- The APIC defaults to C(60) when unset during creation
type: int
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
name_alias:
description:
- The alias for the current object. This relates to the nameAlias field in ACI.
type: str
extends_documentation_fragment:
- cisco.aci.aci
seealso:
- name: APIC Management Information Model reference
description: More information about the internal APIC class B(l2:PortSecurityPol).
link: https://developer.cisco.com/docs/apic-mim-ref/
author:
- Dag Wieers (@dagwieers)
'''
# FIXME: Add more, better examples
EXAMPLES = r'''
- aci_interface_policy_port_security:
host: '{{ inventory_hostname }}'
username: '{{ username }}'
password: '{{ password }}'
port_security: '{{ port_security }}'
description: '{{ descr }}'
max_end_points: '{{ max_end_points }}'
port_security_timeout: '{{ port_security_timeout }}'
delegate_to: localhost
'''
RETURN = r'''
current:
description: The existing configuration from the APIC after the module has finished
returned: success
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
error:
description: The error information as returned from the APIC
returned: failure
type: dict
sample:
{
"code": "122",
"text": "unknown managed object class foo"
}
raw:
description: The raw output returned by the APIC REST API (xml or json)
returned: parse error
type: str
sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
sent:
description: The actual/minimal configuration pushed to the APIC
returned: info
type: list
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment"
}
}
}
previous:
description: The original configuration from the APIC before the module has started
returned: info
type: list
sample:
[
{
"fvTenant": {
"attributes": {
"descr": "Production",
"dn": "uni/tn-production",
"name": "production",
"nameAlias": "",
"ownerKey": "",
"ownerTag": ""
}
}
}
]
proposed:
description: The assembled configuration from the user-provided parameters
returned: info
type: dict
sample:
{
"fvTenant": {
"attributes": {
"descr": "Production environment",
"name": "production"
}
}
}
filter_string:
description: The filter string used for the request
returned: failure or debug
type: str
sample: ?rsp-prop-include=config-only
method:
description: The HTTP method used for the request to the APIC
returned: failure or debug
type: str
sample: POST
response:
description: The HTTP response from the APIC
returned: failure or debug
type: str
sample: OK (30 bytes)
status:
description: The HTTP status from the APIC
returned: failure or debug
type: int
sample: 200
url:
description: The HTTP url used for the request to the APIC
returned: failure or debug
type: str
sample: https://10.11.12.13/api/mo/uni/tn-production.json
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.aci.plugins.module_utils.network.aci.aci import ACIModule, aci_argument_spec
def main():
argument_spec = aci_argument_spec()
argument_spec.update(
port_security=dict(type='str', aliases=['name']), # Not required for querying all objects
description=dict(type='str', aliases=['descr']),
max_end_points=dict(type='int'),
port_security_timeout=dict(type='int'),
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
name_alias=dict(type='str'),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['port_security']],
['state', 'present', ['port_security']],
],
)
port_security = module.params.get('port_security')
description = module.params.get('description')
max_end_points = module.params.get('max_end_points')
port_security_timeout = module.params.get('port_security_timeout')
name_alias = module.params.get('name_alias')
if max_end_points is not None and max_end_points not in range(12001):
module.fail_json(msg='The "max_end_points" must be between 0 and 12000')
if port_security_timeout is not None and port_security_timeout not in range(60, 3601):
module.fail_json(msg='The "port_security_timeout" must be between 60 and 3600')
state = module.params.get('state')
aci = ACIModule(module)
aci.construct_url(
root_class=dict(
aci_class='l2PortSecurityPol',
aci_rn='infra/portsecurityP-{0}'.format(port_security),
module_object=port_security,
target_filter={'name': port_security},
),
)
aci.get_existing()
if state == 'present':
aci.payload(
aci_class='l2PortSecurityPol',
class_config=dict(
name=port_security,
descr=description,
maximum=max_end_points,
nameAlias=name_alias,
),
)
aci.get_diff(aci_class='l2PortSecurityPol')
aci.post_config()
elif state == 'absent':
aci.delete_config()
aci.exit_json()
if __name__ == "__main__":
main()

1
plugins/modules/network/aci/aci_intf_policy_fc.py Symbolic link
View File

@@ -0,0 +1 @@
aci_interface_policy_fc.py

1
plugins/modules/network/aci/aci_intf_policy_l2.py Symbolic link
View File

@@ -0,0 +1 @@
aci_interface_policy_l2.py

1
plugins/modules/network/aci/aci_intf_policy_lldp.py Symbolic link
View File

@@ -0,0 +1 @@
aci_interface_policy_lldp.py

1
plugins/modules/network/aci/aci_intf_policy_mcp.py Symbolic link
View File

@@ -0,0 +1 @@
aci_interface_policy_mcp.py

1
plugins/modules/network/aci/aci_intf_policy_port_channel.py Symbolic link
View File

@@ -0,0 +1 @@
aci_interface_policy_port_channel.py

1
plugins/modules/network/aci/aci_intf_policy_port_security.py Symbolic link
View File

@@ -0,0 +1 @@
aci_interface_policy_port_security.py

245
plugins/modules/network/aci/mso_schema_template_external_epg_contract.py Normal file
View File

@@ -0,0 +1,245 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
module: mso_schema_template_external_epg_contract
short_description: Manage Extrnal EPG contracts in schema templates
description:
- Manage External EPG contracts in schema templates on Cisco ACI Multi-Site.
author:
- Devarshi Shah (@devarshishah3)
options:
schema:
description:
- The name of the schema.
type: str
required: yes
template:
description:
- The name of the template to change.
type: str
required: yes
external_epg:
description:
- The name of the EPG to manage.
type: str
required: yes
contract:
description:
- A contract associated to this EPG.
type: dict
suboptions:
name:
description:
- The name of the Contract to associate with.
required: true
type: str
schema:
description:
- The schema that defines the referenced BD.
- If this parameter is unspecified, it defaults to the current schema.
type: str
template:
description:
- The template that defines the referenced BD.
type: str
type:
description:
- The type of contract.
type: str
required: true
choices: [ consumer, provider ]
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
seealso:
- module: cisco.mso.mso_schema_template_externalepg
- module: cisco.mso.mso_schema_template_contract_filter
extends_documentation_fragment:
- cisco.mso.mso
'''
EXAMPLES = r'''
- name: Add a contract to an EPG
mso_schema_template_external_epg_contract:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
epg: EPG 1
contract:
name: Contract 1
type: consumer
state: present
delegate_to: localhost
- name: Remove a Contract
mso_schema_template_external_epg_contract:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
epg: EPG 1
contract:
name: Contract 1
state: absent
delegate_to: localhost
- name: Query a specific Contract
mso_schema_template_external_epg_contract:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
epg: EPG 1
contract:
name: Contract 1
state: query
delegate_to: localhost
register: query_result
- name: Query all Contracts
mso_schema_template_external_epg_contract:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
state: query
delegate_to: localhost
register: query_result
'''
RETURN = r'''
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.mso.plugins.module_utils.network.aci.mso import MSOModule, mso_argument_spec, mso_contractref_spec, issubset
def main():
argument_spec = mso_argument_spec()
argument_spec.update(
schema=dict(type='str', required=True),
template=dict(type='str', required=True),
external_epg=dict(type='str', required=True),
contract=dict(type='dict', options=mso_contractref_spec()),
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['contract']],
['state', 'present', ['contract']],
],
)
schema = module.params['schema']
template = module.params['template']
external_epg = module.params['external_epg']
contract = module.params['contract']
state = module.params['state']
mso = MSOModule(module)
if contract:
if contract.get('schema') is None:
contract['schema'] = schema
contract['schema_id'] = mso.lookup_schema(contract['schema'])
if contract.get('template') is None:
contract['template'] = template
# Get schema_id
schema_obj = mso.get_obj('schemas', displayName=schema)
if schema_obj:
schema_id = schema_obj['id']
else:
mso.fail_json(msg="Provided schema '{0}' does not exist".format(schema))
schema_path = 'schemas/{id}'.format(**schema_obj)
# Get template
templates = [t['name'] for t in schema_obj['templates']]
if template not in templates:
mso.fail_json(msg="Provided template '{0}' does not exist. Existing templates: {1}".format(template, ', '.join(templates)))
template_idx = templates.index(template)
# Get EPG
epgs = [e['name'] for e in schema_obj['templates'][template_idx]['externalEpgs']]
if external_epg not in epgs:
mso.fail_json(msg="Provided epg '{epg}' does not exist. Existing epgs: {epgs}".format(epg=external_epg, epgs=', '.join(epgs)))
epg_idx = epgs.index(external_epg)
# Get Contract
if contract:
contracts = [(c['contractRef'],
c['relationshipType']) for c in schema_obj['templates'][template_idx]['externalEpgs'][epg_idx]['contractRelationships']]
contract_ref = mso.contract_ref(**contract)
if (contract_ref, contract['type']) in contracts:
contract_idx = contracts.index((contract_ref, contract['type']))
contract_path = '/templates/{0}/externalEpgs/{1}/contractRelationships/{2}'.format(template, external_epg, contract)
mso.existing = schema_obj['templates'][template_idx]['externalEpgs'][epg_idx]['contractRelationships'][contract_idx]
if state == 'query':
if not contract:
mso.existing = schema_obj['templates'][template_idx]['externalEpgs'][epg_idx]['contractRelationships']
elif not mso.existing:
mso.fail_json(msg="Contract '{0}' not found".format(contract_ref))
mso.exit_json()
contracts_path = '/templates/{0}/externalEpgs/{1}/contractRelationships'.format(template, external_epg)
ops = []
mso.previous = mso.existing
if state == 'absent':
if mso.existing:
mso.sent = mso.existing = {}
ops.append(dict(op='remove', path=contract_path))
elif state == 'present':
payload = dict(
relationshipType=contract['type'],
contractRef=dict(
contractName=contract['name'],
templateName=contract['template'],
schemaId=contract['schema_id'],
),
)
mso.sanitize(payload, collate=True)
if mso.existing:
ops.append(dict(op='replace', path=contract_path, value=mso.sent))
else:
ops.append(dict(op='add', path=contracts_path + '/-', value=mso.sent))
mso.existing = mso.proposed
if not module.check_mode:
mso.request(schema_path, method='PATCH', data=ops)
mso.exit_json()
if __name__ == "__main__":
main()

219
plugins/modules/network/aci/mso_schema_template_external_epg_subnet.py Normal file
View File

@@ -0,0 +1,219 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
module: mso_schema_template_external_epg_subnet
short_description: Manage External EPG subnets in schema templates
description:
- Manage External EPG subnets in schema templates on Cisco ACI Multi-Site.
author:
- Devarshi Shah (@devarshishah3)
options:
schema:
description:
- The name of the schema.
type: str
required: yes
template:
description:
- The name of the template to change.
type: str
required: yes
external_epg:
description:
- The name of the External EPG to manage.
type: str
required: yes
subnet:
description:
- The IP range in CIDR notation.
type: str
required: true
scope:
description:
- The scope of the subnet.
type: list
aggregate:
description:
- The aggregate option for the subnet.
type: list
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
notes:
- Due to restrictions of the MSO REST API concurrent modifications to EPG subnets can be dangerous and corrupt data.
extends_documentation_fragment:
- cisco.mso.mso
'''
EXAMPLES = r'''
- name: Add a new subnet to an External EPG
mso_schema_template_external_epg_subnet:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
external_epg: EPG 1
subnet: 10.0.0.0/24
state: present
delegate_to: localhost
- name: Remove a subnet from an External EPG
mso_schema_template_external_epg_subnet:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
external_epg: EPG 1
subnet: 10.0.0.0/24
state: absent
delegate_to: localhost
- name: Query a specific External EPG subnet
mso_schema_template_external_epg_subnet:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
external_epg: EPG 1
subnet: 10.0.0.0/24
state: query
delegate_to: localhost
register: query_result
- name: Query all External EPGs subnets
mso_schema_template_external_epg_subnet:
host: mso_host
username: admin
password: SomeSecretPassword
schema: Schema 1
template: Template 1
state: query
delegate_to: localhost
register: query_result
'''
RETURN = r'''
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.mso.plugins.module_utils.network.aci.mso import MSOModule, mso_argument_spec, mso_reference_spec, mso_subnet_spec
def main():
argument_spec = mso_argument_spec()
argument_spec.update(
schema=dict(type='str', required=True),
template=dict(type='str', required=True),
external_epg=dict(type='str', required=True),
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
subnet=dict(type='str', required=True),
scope=dict(type='list', default=[]),
aggregate=dict(type='list', default=[]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'absent', ['subnet']],
['state', 'present', ['subnet']],
],
)
schema = module.params['schema']
template = module.params['template']
external_epg = module.params['external_epg']
subnet = module.params['subnet']
scope = module.params['scope']
aggregate = module.params['aggregate']
state = module.params['state']
mso = MSOModule(module)
# Get schema
schema_obj = mso.get_obj('schemas', displayName=schema)
if not schema_obj:
mso.fail_json(msg="Provided schema '{0}' does not exist".format(schema))
schema_path = 'schemas/{id}'.format(**schema_obj)
# Get template
templates = [t['name'] for t in schema_obj['templates']]
if template not in templates:
mso.fail_json(msg="Provided template '{template}' does not exist. Existing templates: {templates}".format(template=template,
templates=', '.join(templates)))
template_idx = templates.index(template)
# Get EPG
external_epgs = [e['name'] for e in schema_obj['templates'][template_idx]['externalEpgs']]
if external_epg not in external_epgs:
mso.fail_json(msg="Provided External EPG '{epg}' does not exist. Existing epgs: {epgs}".format(epg=external_epg, epgs=', '.join(external_epgs)))
epg_idx = external_epgs.index(external_epg)
# Get Subnet
subnets = [s['ip'] for s in schema_obj['templates'][template_idx]['externalEpgs'][epg_idx]['subnets']]
if subnet in subnets:
subnet_idx = subnets.index(subnet)
# FIXME: Changes based on index are DANGEROUS
subnet_path = '/templates/{0}/externalEpgs/{1}/subnets/{2}'.format(template, external_epg, subnet_idx)
mso.existing = schema_obj['templates'][template_idx]['externalEpgs'][epg_idx]['subnets'][subnet_idx]
if state == 'query':
if subnet is None:
mso.existing = schema_obj['templates'][template_idx]['externalEpgs'][epg_idx]['subnets']
elif not mso.existing:
mso.fail_json(msg="Subnet '{subnet}' not found".format(subnet=subnet))
mso.exit_json()
subnets_path = '/templates/{0}/externalEpgs/{1}/subnets'.format(template, external_epg)
ops = []
mso.previous = mso.existing
if state == 'absent':
if mso.existing:
mso.existing = {}
ops.append(dict(op='remove', path=subnet_path))
elif state == 'present':
payload = dict(
ip=subnet,
scope=scope,
aggregate=aggregate,
)
mso.sanitize(payload, collate=True)
if mso.existing:
ops.append(dict(op='replace', path=subnet_path, value=mso.sent))
else:
ops.append(dict(op='add', path=subnets_path + '/-', value=mso.sent))
mso.existing = mso.proposed
if not module.check_mode:
mso.request(schema_path, method='PATCH', data=ops)
mso.exit_json()
if __name__ == "__main__":
main()

218
plugins/modules/network/aireos/aireos_command.py Normal file
View File

@@ -0,0 +1,218 @@
#!/usr/bin/python
#
# Copyright: Ansible Team
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: aireos_command
author: "James Mighion (@jmighion)"
short_description: Run commands on remote devices running Cisco WLC
description:
- Sends arbitrary commands to an aireos node and returns the results
read from the device. This module includes an
argument that will cause the module to wait for a specific condition
before returning or timing out if the condition is not met.
- Commands run in configuration mode with this module are not
idempotent. Please use M(aireos_config) to configure WLC devices.
extends_documentation_fragment:
- community.general.aireos
options:
commands:
description:
- List of commands to send to the remote aireos device over the
configured provider. The resulting output from the command
is returned. If the I(wait_for) argument is provided, the
module is not returned until the condition is satisfied or
the number of retries has expired.
required: true
wait_for:
description:
- List of conditions to evaluate against the output of the
command. The task will wait for each condition to be true
before moving forward. If the conditional is not true
within the configured number of retries, the task fails.
See examples.
aliases: ['waitfor']
match:
description:
- The I(match) argument is used in conjunction with the
I(wait_for) argument to specify the match policy. Valid
values are C(all) or C(any). If the value is set to C(all)
then all conditionals in the wait_for must be satisfied. If
the value is set to C(any) then only one of the values must be
satisfied.
default: all
choices: ['any', 'all']
retries:
description:
- Specifies the number of retries a command should by tried
before it is considered failed. The command is run on the
target device every retry and evaluated against the
I(wait_for) conditions.
default: 10
interval:
description:
- Configures the interval in seconds to wait between retries
of the command. If the command does not pass the specified
conditions, the interval indicates how long to wait before
trying the command again.
default: 1
'''
EXAMPLES = """
tasks:
- name: run show sysinfo on remote devices
aireos_command:
commands: show sysinfo
- name: run show sysinfo and check to see if output contains Cisco Controller
aireos_command:
commands: show sysinfo
wait_for: result[0] contains 'Cisco Controller'
- name: run multiple commands on remote nodes
aireos_command:
commands:
- show sysinfo
- show interface summary
- name: run multiple commands and evaluate the output
aireos_command:
commands:
- show sysinfo
- show interface summary
wait_for:
- result[0] contains Cisco Controller
- result[1] contains Loopback0
"""
RETURN = """
stdout:
description: The set of responses from the commands
returned: always apart from low level errors (such as action plugin)
type: list
sample: ['...', '...']
stdout_lines:
description: The value of stdout split into a list
returned: always apart from low level errors (such as action plugin)
type: list
sample: [['...', '...'], ['...'], ['...']]
failed_conditions:
description: The list of conditionals that have failed
returned: failed
type: list
sample: ['...', '...']
"""
import time
from ansible_collections.community.general.plugins.module_utils.network.aireos.aireos import run_commands
from ansible_collections.community.general.plugins.module_utils.network.aireos.aireos import aireos_argument_spec, check_args
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ComplexList
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.parsing import Conditional
from ansible.module_utils.six import string_types
from ansible.module_utils._text import to_text
def to_lines(stdout):
for item in stdout:
if isinstance(item, string_types):
item = to_text(item, errors='surrogate_then_replace').split('\n')
yield item
def parse_commands(module, warnings):
command = ComplexList(dict(
command=dict(key=True),
prompt=dict(),
answer=dict()
), module)
commands = command(module.params['commands'])
for index, item in enumerate(commands):
if module.check_mode and not item['command'].startswith('show'):
warnings.append(
'only show commands are supported when using check mode, not '
'executing `%s`' % item['command']
)
elif item['command'].startswith('conf'):
warnings.append(
'commands run in config mode with aireos_command are not '
'idempotent. Please use aireos_config instead'
)
return commands
def main():
"""main entry point for module execution
"""
argument_spec = dict(
commands=dict(type='list', required=True),
wait_for=dict(type='list', aliases=['waitfor']),
match=dict(default='all', choices=['all', 'any']),
retries=dict(default=10, type='int'),
interval=dict(default=1, type='int')
)
argument_spec.update(aireos_argument_spec)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
result = {'changed': False}
warnings = list()
check_args(module, warnings)
commands = parse_commands(module, warnings)
result['warnings'] = warnings
wait_for = module.params['wait_for'] or list()
conditionals = [Conditional(c) for c in wait_for]
retries = module.params['retries']
interval = module.params['interval']
match = module.params['match']
while retries > 0:
responses = run_commands(module, commands)
for item in list(conditionals):
if item(responses):
if match == 'any':
conditionals = list()
break
conditionals.remove(item)
if not conditionals:
break
time.sleep(interval)
retries -= 1
if conditionals:
failed_conditions = [item.raw for item in conditionals]
msg = 'One or more conditional statements have not been satisfied'
module.fail_json(msg=msg, failed_conditions=failed_conditions)
result.update({
'changed': False,
'stdout': responses,
'stdout_lines': list(to_lines(responses))
})
module.exit_json(**result)
if __name__ == '__main__':
main()

357
plugins/modules/network/aireos/aireos_config.py Normal file
View File

@@ -0,0 +1,357 @@
#!/usr/bin/python
#
# Copyright: Ansible Team
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: aireos_config
author: "James Mighion (@jmighion)"
short_description: Manage Cisco WLC configurations
description:
- AireOS does not use a block indent file syntax, so there are no sections or parents.
This module provides an implementation for working with AireOS configurations in
a deterministic way.
extends_documentation_fragment:
- community.general.aireos
options:
lines:
description:
- The ordered set of commands that should be configured.
The commands must be the exact same commands as found
in the device run-config. Be sure to note the configuration
command syntax as some commands are automatically modified by the
device config parser.
aliases: ['commands']
src:
description:
- Specifies the source path to the file that contains the configuration
or configuration template to load. The path to the source file can
either be the full path on the Ansible control host or a relative
path from the playbook or role root directory. This argument is mutually
exclusive with I(lines).
before:
description:
- The ordered set of commands to push on to the command stack if
a change needs to be made. This allows the playbook designer
the opportunity to perform configuration commands prior to pushing
any changes without affecting how the set of commands are matched
against the system.
after:
description:
- The ordered set of commands to append to the end of the command
stack if a change needs to be made. Just like with I(before) this
allows the playbook designer to append a set of commands to be
executed after the command set.
match:
description:
- Instructs the module on the way to perform the matching of
the set of commands against the current device config. If
match is set to I(line), commands are matched line by line.
If match is set to I(none), the module will not attempt to
compare the source configuration with the running
configuration on the remote device.
default: line
choices: ['line', 'none']
backup:
description:
- This argument will cause the module to create a full backup of
the current C(running-config) from the remote device before any
changes are made. If the C(backup_options) value is not given,
the backup file is written to the C(backup) folder in the playbook
root directory. If the directory does not exist, it is created.
type: bool
default: 'no'
running_config:
description:
- The module, by default, will connect to the remote device and
retrieve the current running-config to use as a base for comparing
against the contents of source. There are times when it is not
desirable to have the task get the current running-config for
every task in a playbook. The I(running_config) argument allows the
implementer to pass in the configuration to use as the base
config for comparison.
aliases: ['config']
save:
description:
- The C(save) argument instructs the module to save the
running-config to startup-config. This operation is performed
after any changes are made to the current running config. If
no changes are made, the configuration is still saved to the
startup config. This option will always cause the module to
return changed. This argument is mutually exclusive with I(save_when).
- This option is deprecated as of Ansible 2.7, use C(save_when)
type: bool
default: 'no'
save_when:
description:
- When changes are made to the device running-configuration, the
changes are not copied to non-volatile storage by default. Using
this argument will change that. If the argument is set to
I(always), then the running-config will always be copied to the
startup-config and the module will always return as changed.
If the argument is set to I(never), the running-config will never
be copied to the startup-config. If the argument is set to I(changed),
then the running-config will only be copied to the startup-config if
the task has made a change.
default: never
choices: ['always', 'never', 'changed']
diff_against:
description:
- When using the C(ansible-playbook --diff) command line argument
the module can generate diffs against different sources.
- When this option is configured as I(intended), the module will
return the diff of the running-config against the configuration
provided in the C(intended_config) argument.
- When this option is configured as I(running), the module will
return the before and after diff of the running-config with respect
to any changes made to the device configuration.
choices: ['intended', 'running']
diff_ignore_lines:
description:
- Use this argument to specify one or more lines that should be
ignored during the diff. This is used for lines in the configuration
that are automatically updated by the system. This argument takes
a list of regular expressions or exact line matches.
intended_config:
description:
- The C(intended_config) provides the master configuration that
the node should conform to and is used to check the final
running-config against. This argument will not modify any settings
on the remote device and is strictly used to check the compliance
of the current device's configuration against. When specifying this
argument, the task should also modify the C(diff_against) value and
set it to I(intended).
backup_options:
description:
- This is a dict object containing configurable options related to backup file path.
The value of this option is read only when C(backup) is set to I(yes), if C(backup) is set
to I(no) this option will be silently ignored.
suboptions:
filename:
description:
- The filename to be used to store the backup configuration. If the filename
is not given it will be generated based on the hostname, current time and date
in format defined by <hostname>_config.<current-date>@<current-time>
dir_path:
description:
- This option provides the path ending with directory name in which the backup
configuration file will be stored. If the directory does not exist it will be first
created and the filename is either the value of C(filename) or default filename
as described in C(filename) options description. If the path value is not given
in that case a I(backup) directory will be created in the current working directory
and backup configuration will be copied in C(filename) within I(backup) directory.
type: path
type: dict
'''
EXAMPLES = """
- name: configure configuration
aireos_config:
lines: sysname testDevice
- name: diff the running-config against a provided config
aireos_config:
diff_against: intended
intended: "{{ lookup('file', 'master.cfg') }}"
- name: load new acl into device
aireos_config:
lines:
- acl create testACL
- acl rule protocol testACL 1 any
- acl rule direction testACL 3 in
before: acl delete testACL
- name: configurable backup path
aireos_config:
backup: yes
lines: sysname testDevice
backup_options:
filename: backup.cfg
dir_path: /home/user
"""
RETURN = """
commands:
description: The set of commands that will be pushed to the remote device
returned: always
type: list
sample: ['hostname foo', 'vlan 1', 'name default']
updates:
description: The set of commands that will be pushed to the remote device
returned: always
type: list
sample: ['hostname foo', 'vlan 1', 'name default']
backup_path:
description: The full path to the backup file
returned: when backup is yes
type: str
sample: /playbooks/ansible/backup/aireos_config.2016-07-16@22:28:34
"""
from ansible_collections.community.general.plugins.module_utils.network.aireos.aireos import run_commands, get_config, load_config
from ansible_collections.community.general.plugins.module_utils.network.aireos.aireos import aireos_argument_spec
from ansible_collections.community.general.plugins.module_utils.network.aireos.aireos import check_args as aireos_check_args
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.config import NetworkConfig, dumps
def get_running_config(module, config=None):
contents = module.params['running_config']
if not contents:
if config:
contents = config
else:
contents = get_config(module)
return NetworkConfig(indent=1, contents=contents)
def get_candidate(module):
candidate = NetworkConfig(indent=1)
if module.params['src']:
candidate.load(module.params['src'])
elif module.params['lines']:
candidate.add(module.params['lines'])
return candidate
def save_config(module, result):
result['changed'] = True
if not module.check_mode:
command = {"command": "save config", "prompt": "Are you sure you want to save", "answer": "y"}
run_commands(module, command)
else:
module.warn('Skipping command `save config` due to check_mode. Configuration not copied to '
'non-volatile storage')
def main():
""" main entry point for module execution
"""
backup_spec = dict(
filename=dict(),
dir_path=dict(type='path')
)
argument_spec = dict(
src=dict(type='path'),
lines=dict(aliases=['commands'], type='list'),
before=dict(type='list'),
after=dict(type='list'),
match=dict(default='line', choices=['line', 'none']),
running_config=dict(aliases=['config']),
intended_config=dict(),
backup=dict(type='bool', default=False),
backup_options=dict(type='dict', options=backup_spec),
# save is deprecated as of 2.7, use save_when instead
save=dict(type='bool', default=False, removed_in_version='2.11'),
save_when=dict(choices=['always', 'never', 'changed'], default='never'),
diff_against=dict(choices=['running', 'intended']),
diff_ignore_lines=dict(type='list')
)
argument_spec.update(aireos_argument_spec)
mutually_exclusive = [('lines', 'src'),
('save', 'save_when')]
required_if = [('diff_against', 'intended', ['intended_config'])]
module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
required_if=required_if,
supports_check_mode=True)
warnings = list()
aireos_check_args(module, warnings)
result = {'changed': False, 'warnings': warnings}
config = None
if module.params['backup'] or (module._diff and module.params['diff_against'] == 'running'):
contents = get_config(module)
config = NetworkConfig(indent=1, contents=contents)
if module.params['backup']:
result['__backup__'] = contents
if any((module.params['src'], module.params['lines'])):
match = module.params['match']
candidate = get_candidate(module)
if match != 'none':
config = get_running_config(module, config)
configobjs = candidate.difference(config, match=match)
else:
configobjs = candidate.items
if configobjs:
commands = dumps(configobjs, 'commands').split('\n')
if module.params['before']:
commands[:0] = module.params['before']
if module.params['after']:
commands.extend(module.params['after'])
result['commands'] = commands
result['updates'] = commands
if not module.check_mode:
load_config(module, commands)
result['changed'] = True
diff_ignore_lines = module.params['diff_ignore_lines']
if module.params['save_when'] == 'always' or module.params['save']:
save_config(module, result)
elif module.params['save_when'] == 'changed' and result['changed']:
save_config(module, result)
if module._diff:
output = run_commands(module, 'show run-config commands')
contents = output[0]
# recreate the object in order to process diff_ignore_lines
running_config = NetworkConfig(indent=1, contents=contents, ignore_lines=diff_ignore_lines)
if module.params['diff_against'] == 'running':
if module.check_mode:
module.warn("unable to perform diff against running-config due to check mode")
contents = None
else:
contents = config.config_text
elif module.params['diff_against'] == 'intended':
contents = module.params['intended_config']
if contents is not None:
base_config = NetworkConfig(indent=1, contents=contents, ignore_lines=diff_ignore_lines)
if running_config.sha1 != base_config.sha1:
result.update({
'changed': True,
'diff': {'before': str(base_config), 'after': str(running_config)}
})
module.exit_json(**result)
if __name__ == '__main__':
main()

200
plugins/modules/network/apconos/apconos_command.py Normal file
View File

@@ -0,0 +1,200 @@
#!/usr/bin/python
#
# Copyright (C) 2019 APCON.
#
# GNU General Public License v3.0+
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
# Module to execute apconos Commands on Apcon Switches.
# Apcon Networking
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: apconos_command
author: "David Lee (@davidlee-ap)"
short_description: Run arbitrary commands on APCON devices
description:
- Sends arbitrary commands to an apcon device and returns the results
read from the device. The module includes an argument that will
cause the module to wait for a specific condition before returning
or timing out if the condition is not met.
notes:
- Tested against apcon iis+ii
options:
commands:
description:
- List of commands to send to the remote device over the
configured provider. The resulting output from the command
is returned. If the I(wait_for) argument is provided, the
module is not returned until the condition is satisfied or
the number of retires as expired.
required: true
type: list
wait_for:
description:
- List of conditions to evaluate against the output of the
command. The task will wait for each condition to be true
before moving forward. If the conditional is not true
within the configured number of retries, the task fails.
See examples.
type: list
match:
description:
- The I(match) argument is used in conjunction with the
I(wait_for) argument to specify the match policy. Valid
values are C(all) or C(any). If the value is set to C(all)
then all conditionals in the wait_for must be satisfied. If
the value is set to C(any) then only one of the values must be
satisfied.
default: all
choices: ['any', 'all']
type: str
retries:
description:
- Specifies the number of retries a command should by tried
before it is considered failed. The command is run on the
target device every retry and evaluated against the
I(wait_for) conditions.
default: 10
type: int
interval:
description:
- Configures the interval in seconds to wait between retries
of the command. If the command does not pass the specified
conditions, the interval indicates how long to wait before
trying the command again.
default: 1
type: int
'''
EXAMPLES = """
- name: Basic Configuration
apconos_command:
commands:
- show version
- enable ssh
register: result
- name: Get output from single command
apconos_command:
commands: ['show version']
register: result
"""
RETURN = """
"""
import time
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import to_lines
from ansible_collections.community.general.plugins.module_utils.network.apconos.apconos import run_commands
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.parsing import Conditional
def parse_commands(module, warnings):
commands = module.params['commands']
if module.check_mode:
for item in list(commands):
if not item.startswith('show'):
warnings.append(
'Only show commands are supported when using check mode, not '
'executing %s' % item
)
commands.remove(item)
return commands
def main():
spec = dict(
commands=dict(type='list', required=True),
wait_for=dict(type='list'),
match=dict(default='all', choices=['all', 'any']),
retries=dict(default=10, type='int'),
interval=dict(default=1, type='int')
)
module = AnsibleModule(argument_spec=spec, supports_check_mode=False)
warnings = list()
result = {'changed': False, 'warnings': warnings}
wait_for = module.params['wait_for'] or list()
conditionals = [Conditional(c) for c in wait_for]
commands = parse_commands(module, warnings)
commands = module.params['commands']
retries = module.params['retries']
interval = module.params['interval']
match = module.params['match']
while retries > 0:
responses = run_commands(module, commands)
for item in list(conditionals):
if item(responses):
if match == 'any':
conditionals = list()
break
conditionals.remove(item)
if not conditionals:
break
time.sleep(interval)
retries -= 1
if conditionals:
failed_conditions = [item.raw for item in conditionals]
msg = 'One or more conditional statements have not been satisfied'
module.fail_json(msg=msg, failed_conditions=failed_conditions)
for item in responses:
if len(item) == 0:
if module.check_mode:
result.update({
'changed': False,
'stdout': responses,
'stdout_lines': list(to_lines(responses))
})
else:
result.update({
'changed': True,
'stdout': responses,
'stdout_lines': list(to_lines(responses))
})
elif 'ERROR' in item:
result.update({
'failed': True,
'stdout': responses,
'stdout_lines': list(to_lines(responses))
})
else:
result.update({
'stdout': item,
'stdout_lines': list(to_lines(responses))
})
module.exit_json(**result)
if __name__ == '__main__':
main()

217
plugins/modules/network/aruba/aruba_command.py Normal file
View File

@@ -0,0 +1,217 @@
#!/usr/bin/python
#
# Copyright: Ansible Team
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: aruba_command
author: "James Mighion (@jmighion)"
short_description: Run commands on remote devices running Aruba Mobility Controller
description:
- Sends arbitrary commands to an aruba node and returns the results
read from the device. This module includes an
argument that will cause the module to wait for a specific condition
before returning or timing out if the condition is not met.
- This module does not support running commands in configuration mode.
Please use M(aruba_config) to configure Aruba devices.
extends_documentation_fragment:
- community.general.aruba
options:
commands:
description:
- List of commands to send to the remote aruba device over the
configured provider. The resulting output from the command
is returned. If the I(wait_for) argument is provided, the
module is not returned until the condition is satisfied or
the number of retries has expired.
required: true
wait_for:
description:
- List of conditions to evaluate against the output of the
command. The task will wait for each condition to be true
before moving forward. If the conditional is not true
within the configured number of retries, the task fails.
See examples.
aliases: ['waitfor']
match:
description:
- The I(match) argument is used in conjunction with the
I(wait_for) argument to specify the match policy. Valid
values are C(all) or C(any). If the value is set to C(all)
then all conditionals in the wait_for must be satisfied. If
the value is set to C(any) then only one of the values must be
satisfied.
default: all
choices: ['any', 'all']
retries:
description:
- Specifies the number of retries a command should by tried
before it is considered failed. The command is run on the
target device every retry and evaluated against the
I(wait_for) conditions.
default: 10
interval:
description:
- Configures the interval in seconds to wait between retries
of the command. If the command does not pass the specified
conditions, the interval indicates how long to wait before
trying the command again.
default: 1
'''
EXAMPLES = """
tasks:
- name: run show version on remote devices
aruba_command:
commands: show version
- name: run show version and check to see if output contains Aruba
aruba_command:
commands: show version
wait_for: result[0] contains Aruba
- name: run multiple commands on remote nodes
aruba_command:
commands:
- show version
- show interfaces
- name: run multiple commands and evaluate the output
aruba_command:
commands:
- show version
- show interfaces
wait_for:
- result[0] contains Aruba
- result[1] contains Loopback0
"""
RETURN = """
stdout:
description: The set of responses from the commands
returned: always
type: list
sample: ['...', '...']
stdout_lines:
description: The value of stdout split into a list
returned: always
type: list
sample: [['...', '...'], ['...'], ['...']]
failed_conditions:
description: The list of conditionals that have failed
returned: failed
type: list
sample: ['...', '...']
"""
import time
from ansible_collections.community.general.plugins.module_utils.network.aruba.aruba import run_commands
from ansible_collections.community.general.plugins.module_utils.network.aruba.aruba import aruba_argument_spec, check_args
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ComplexList
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.parsing import Conditional
from ansible.module_utils.six import string_types
def to_lines(stdout):
for item in stdout:
if isinstance(item, string_types):
item = str(item).split('\n')
yield item
def parse_commands(module, warnings):
command = ComplexList(dict(
command=dict(key=True),
prompt=dict(),
answer=dict()
), module)
commands = command(module.params['commands'])
for index, item in enumerate(commands):
if module.check_mode and not item['command'].startswith('show'):
warnings.append(
'only show commands are supported when using check mode, not '
'executing `%s`' % item['command']
)
elif item['command'].startswith('conf'):
module.fail_json(
msg='aruba_command does not support running config mode '
'commands. Please use aruba_config instead'
)
return commands
def main():
"""main entry point for module execution
"""
argument_spec = dict(
commands=dict(type='list', required=True),
wait_for=dict(type='list', aliases=['waitfor']),
match=dict(default='all', choices=['all', 'any']),
retries=dict(default=10, type='int'),
interval=dict(default=1, type='int')
)
argument_spec.update(aruba_argument_spec)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
result = {'changed': False}
warnings = list()
check_args(module, warnings)
commands = parse_commands(module, warnings)
result['warnings'] = warnings
wait_for = module.params['wait_for'] or list()
conditionals = [Conditional(c) for c in wait_for]
retries = module.params['retries']
interval = module.params['interval']
match = module.params['match']
while retries > 0:
responses = run_commands(module, commands)
for item in list(conditionals):
if item(responses):
if match == 'any':
conditionals = list()
break
conditionals.remove(item)
if not conditionals:
break
time.sleep(interval)
retries -= 1
if conditionals:
failed_conditions = [item.raw for item in conditionals]
msg = 'One or more conditional statements have not been satisfied'
module.fail_json(msg=msg, failed_conditions=failed_conditions)
result.update({
'changed': False,
'stdout': responses,
'stdout_lines': list(to_lines(responses))
})
module.exit_json(**result)
if __name__ == '__main__':
main()

424
plugins/modules/network/aruba/aruba_config.py Normal file
View File

@@ -0,0 +1,424 @@
#!/usr/bin/python
#
# Copyright: Ansible Team
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: aruba_config
author: "James Mighion (@jmighion)"
short_description: Manage Aruba configuration sections
description:
- Aruba configurations use a simple block indent file syntax
for segmenting configuration into sections. This module provides
an implementation for working with Aruba configuration sections in
a deterministic way.
extends_documentation_fragment:
- community.general.aruba
options:
lines:
description:
- The ordered set of commands that should be configured in the
section. The commands must be the exact same commands as found
in the device running-config. Be sure to note the configuration
command syntax as some commands are automatically modified by the
device config parser.
aliases: ['commands']
parents:
description:
- The ordered set of parents that uniquely identify the section or hierarchy
the commands should be checked against. If the parents argument
is omitted, the commands are checked against the set of top
level or global commands.
src:
description:
- Specifies the source path to the file that contains the configuration
or configuration template to load. The path to the source file can
either be the full path on the Ansible control host or a relative
path from the playbook or role root directory. This argument is mutually
exclusive with I(lines), I(parents).
before:
description:
- The ordered set of commands to push on to the command stack if
a change needs to be made. This allows the playbook designer
the opportunity to perform configuration commands prior to pushing
any changes without affecting how the set of commands are matched
against the system.
after:
description:
- The ordered set of commands to append to the end of the command
stack if a change needs to be made. Just like with I(before) this
allows the playbook designer to append a set of commands to be
executed after the command set.
match:
description:
- Instructs the module on the way to perform the matching of
the set of commands against the current device config. If
match is set to I(line), commands are matched line by line. If
match is set to I(strict), command lines are matched with respect
to position. If match is set to I(exact), command lines
must be an equal match. Finally, if match is set to I(none), the
module will not attempt to compare the source configuration with
the running configuration on the remote device.
default: line
choices: ['line', 'strict', 'exact', 'none']
replace:
description:
- Instructs the module on the way to perform the configuration
on the device. If the replace argument is set to I(line) then
the modified lines are pushed to the device in configuration
mode. If the replace argument is set to I(block) then the entire
command block is pushed to the device in configuration mode if any
line is not correct.
default: line
choices: ['line', 'block']
backup:
description:
- This argument will cause the module to create a full backup of
the current C(running-config) from the remote device before any
changes are made. If the C(backup_options) value is not given,
the backup file is written to the C(backup) folder in the playbook
root directory. If the directory does not exist, it is created.
type: bool
default: 'no'
running_config:
description:
- The module, by default, will connect to the remote device and
retrieve the current running-config to use as a base for comparing
against the contents of source. There are times when it is not
desirable to have the task get the current running-config for
every task in a playbook. The I(running_config) argument allows the
implementer to pass in the configuration to use as the base
config for comparison.
aliases: ['config']
save_when:
description:
- When changes are made to the device running-configuration, the
changes are not copied to non-volatile storage by default. Using
this argument will change that before. If the argument is set to
I(always), then the running-config will always be copied to the
startup configuration and the I(modified) flag will always be set to
True. If the argument is set to I(modified), then the running-config
will only be copied to the startup configuration if it has changed since
the last save to startup configuration. If the argument is set to
I(never), the running-config will never be copied to the
startup configuration. If the argument is set to I(changed), then the running-config
will only be copied to the startup configuration if the task has made a change.
default: never
choices: ['always', 'never', 'modified', 'changed']
diff_against:
description:
- When using the C(ansible-playbook --diff) command line argument
the module can generate diffs against different sources.
- When this option is configure as I(startup), the module will return
the diff of the running-config against the startup configuration.
- When this option is configured as I(intended), the module will
return the diff of the running-config against the configuration
provided in the C(intended_config) argument.
- When this option is configured as I(running), the module will
return the before and after diff of the running-config with respect
to any changes made to the device configuration.
choices: ['startup', 'intended', 'running']
diff_ignore_lines:
description:
- Use this argument to specify one or more lines that should be
ignored during the diff. This is used for lines in the configuration
that are automatically updated by the system. This argument takes
a list of regular expressions or exact line matches.
intended_config:
description:
- The C(intended_config) provides the master configuration that
the node should conform to and is used to check the final
running-config against. This argument will not modify any settings
on the remote device and is strictly used to check the compliance
of the current device's configuration against. When specifying this
argument, the task should also modify the C(diff_against) value and
set it to I(intended).
encrypt:
description:
- This allows an Aruba controller's passwords and keys to be displayed in plain
text when set to I(false) or encrypted when set to I(true).
If set to I(false), the setting will re-encrypt at the end of the module run.
Backups are still encrypted even when set to I(false).
type: bool
default: 'yes'
backup_options:
description:
- This is a dict object containing configurable options related to backup file path.
The value of this option is read only when C(backup) is set to I(yes), if C(backup) is set
to I(no) this option will be silently ignored.
suboptions:
filename:
description:
- The filename to be used to store the backup configuration. If the filename
is not given it will be generated based on the hostname, current time and date
in format defined by <hostname>_config.<current-date>@<current-time>
dir_path:
description:
- This option provides the path ending with directory name in which the backup
configuration file will be stored. If the directory does not exist it will be first
created and the filename is either the value of C(filename) or default filename
as described in C(filename) options description. If the path value is not given
in that case a I(backup) directory will be created in the current working directory
and backup configuration will be copied in C(filename) within I(backup) directory.
type: path
type: dict
'''
EXAMPLES = """
- name: configure top level configuration
aruba_config:
lines: hostname {{ inventory_hostname }}
- name: diff the running-config against a provided config
aruba_config:
diff_against: intended
intended_config: "{{ lookup('file', 'master.cfg') }}"
- name: configure interface settings
aruba_config:
lines:
- description test interface
- ip access-group 1 in
parents: interface gigabitethernet 0/0/0
- name: load new acl into device
aruba_config:
lines:
- permit host 10.10.10.10
- ipv6 permit host fda9:97d6:32a3:3e59::3333
parents: ip access-list standard 1
before: no ip access-list standard 1
match: exact
- name: configurable backup path
aruba_config:
backup: yes
lines: hostname {{ inventory_hostname }}
backup_options:
filename: backup.cfg
dir_path: /home/user
"""
RETURN = """
commands:
description: The set of commands that will be pushed to the remote device
returned: always
type: list
sample: ['hostname foo', 'vlan 1', 'name default']
updates:
description: The set of commands that will be pushed to the remote device
returned: always
type: list
sample: ['hostname foo', 'vlan 1', 'name default']
backup_path:
description: The full path to the backup file
returned: when backup is yes
type: str
sample: /playbooks/ansible/backup/aruba_config.2016-07-16@22:28:34
"""
from ansible_collections.community.general.plugins.module_utils.network.aruba.aruba import run_commands, get_config, load_config
from ansible_collections.community.general.plugins.module_utils.network.aruba.aruba import aruba_argument_spec
from ansible_collections.community.general.plugins.module_utils.network.aruba.aruba import check_args as aruba_check_args
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.config import NetworkConfig, dumps
def get_running_config(module, config=None):
contents = module.params['running_config']
if not contents:
if config:
contents = config
else:
contents = get_config(module)
return NetworkConfig(contents=contents)
def get_candidate(module):
candidate = NetworkConfig()
if module.params['src']:
candidate.load(module.params['src'])
elif module.params['lines']:
parents = module.params['parents'] or list()
candidate.add(module.params['lines'], parents=parents)
return candidate
def save_config(module, result):
result['changed'] = True
if not module.check_mode:
run_commands(module, 'write memory')
else:
module.warn('Skipping command `write memory` '
'due to check_mode. Configuration not copied to '
'non-volatile storage')
def main():
""" main entry point for module execution
"""
backup_spec = dict(
filename=dict(),
dir_path=dict(type='path')
)
argument_spec = dict(
src=dict(type='path'),
lines=dict(aliases=['commands'], type='list'),
parents=dict(type='list'),
before=dict(type='list'),
after=dict(type='list'),
match=dict(default='line', choices=['line', 'strict', 'exact', 'none']),
replace=dict(default='line', choices=['line', 'block']),
running_config=dict(aliases=['config']),
intended_config=dict(),
backup=dict(type='bool', default=False),
backup_options=dict(type='dict', options=backup_spec),
save_when=dict(choices=['always', 'never', 'modified', 'changed'], default='never'),
diff_against=dict(choices=['running', 'startup', 'intended']),
diff_ignore_lines=dict(type='list'),
encrypt=dict(type='bool', default=True),
)
argument_spec.update(aruba_argument_spec)
mutually_exclusive = [('lines', 'src'),
('parents', 'src')]
required_if = [('match', 'strict', ['lines']),
('match', 'exact', ['lines']),
('replace', 'block', ['lines']),
('diff_against', 'intended', ['intended_config'])]
module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
required_if=required_if,
supports_check_mode=True)
warnings = list()
aruba_check_args(module, warnings)
result = {'changed': False, 'warnings': warnings}
config = None
if module.params['backup'] or (module._diff and module.params['diff_against'] == 'running'):
contents = get_config(module)
config = NetworkConfig(contents=contents)
if module.params['backup']:
result['__backup__'] = contents
if not module.params['encrypt']:
run_commands(module, 'encrypt disable')
if any((module.params['src'], module.params['lines'])):
match = module.params['match']
replace = module.params['replace']
candidate = get_candidate(module)
if match != 'none':
config = get_running_config(module, config)
path = module.params['parents']
configobjs = candidate.difference(config, match=match, replace=replace, path=path)
else:
configobjs = candidate.items
if configobjs:
commands = dumps(configobjs, 'commands').split('\n')
if module.params['before']:
commands[:0] = module.params['before']
if module.params['after']:
commands.extend(module.params['after'])
result['commands'] = commands
result['updates'] = commands
if not module.check_mode:
load_config(module, commands)
result['changed'] = True
running_config = None
startup_config = None
diff_ignore_lines = module.params['diff_ignore_lines']
if module.params['save_when'] == 'always':
save_config(module, result)
elif module.params['save_when'] == 'modified':
output = run_commands(module, ['show running-config', 'show configuration'])
running_config = NetworkConfig(contents=output[0], ignore_lines=diff_ignore_lines)
startup_config = NetworkConfig(contents=output[1], ignore_lines=diff_ignore_lines)
if running_config.sha1 != startup_config.sha1:
save_config(module, result)
elif module.params['save_when'] == 'changed':
if result['changed']:
save_config(module, result)
if module._diff:
if not running_config:
output = run_commands(module, 'show running-config')
contents = output[0]
else:
contents = running_config.config_text
# recreate the object in order to process diff_ignore_lines
running_config = NetworkConfig(contents=contents, ignore_lines=diff_ignore_lines)
if module.params['diff_against'] == 'running':
if module.check_mode:
module.warn("unable to perform diff against running-config due to check mode")
contents = None
else:
contents = config.config_text
elif module.params['diff_against'] == 'startup':
if not startup_config:
output = run_commands(module, 'show configuration')
contents = output[0]
else:
contents = startup_config.config_text
elif module.params['diff_against'] == 'intended':
contents = module.params['intended_config']
if contents is not None:
base_config = NetworkConfig(contents=contents, ignore_lines=diff_ignore_lines)
if running_config.sha1 != base_config.sha1:
result.update({
'changed': True,
'diff': {'before': str(base_config), 'after': str(running_config)}
})
# make sure 'encrypt enable' is applied if it was ever disabled
if not module.params['encrypt']:
run_commands(module, 'encrypt enable')
module.exit_json(**result)
if __name__ == '__main__':
main()

152
plugins/modules/network/avi/avi_actiongroupconfig.py Normal file
View File

@@ -0,0 +1,152 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_actiongroupconfig
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ActionGroupConfig Avi RESTful Object
description:
- This module is used to configure ActionGroupConfig object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
action_script_config_ref:
description:
- Reference of the action script configuration to be used.
- It is a reference to an object of type alertscriptconfig.
autoscale_trigger_notification:
description:
- Trigger notification to autoscale manager.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
description:
description:
- User defined description for the object.
email_config_ref:
description:
- Select the email notification configuration to use when sending alerts via email.
- It is a reference to an object of type alertemailconfig.
external_only:
description:
- Generate alert only to external destinations.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
required: true
type: bool
level:
description:
- When an alert is generated, mark its priority via the alert level.
- Enum options - ALERT_LOW, ALERT_MEDIUM, ALERT_HIGH.
- Default value when not specified in API or module is interpreted by Avi Controller as ALERT_LOW.
required: true
name:
description:
- Name of the object.
required: true
snmp_trap_profile_ref:
description:
- Select the snmp trap notification to use when sending alerts via snmp trap.
- It is a reference to an object of type snmptrapprofile.
syslog_config_ref:
description:
- Select the syslog notification configuration to use when sending alerts via syslog.
- It is a reference to an object of type alertsyslogconfig.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create ActionGroupConfig object
avi_actiongroupconfig:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_actiongroupconfig
"""
RETURN = '''
obj:
description: ActionGroupConfig (api/actiongroupconfig) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
action_script_config_ref=dict(type='str',),
autoscale_trigger_notification=dict(type='bool',),
description=dict(type='str',),
email_config_ref=dict(type='str',),
external_only=dict(type='bool', required=True),
level=dict(type='str', required=True),
name=dict(type='str', required=True),
snmp_trap_profile_ref=dict(type='str',),
syslog_config_ref=dict(type='str',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'actiongroupconfig',
set([]))
if __name__ == '__main__':
main()

226
plugins/modules/network/avi/avi_alertconfig.py Normal file
View File

@@ -0,0 +1,226 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_alertconfig
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of AlertConfig Avi RESTful Object
description:
- This module is used to configure AlertConfig object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
action_group_ref:
description:
- The alert config will trigger the selected alert action, which can send notifications and execute a controlscript.
- It is a reference to an object of type actiongroupconfig.
alert_rule:
description:
- List of filters matching on events or client logs used for triggering alerts.
required: true
autoscale_alert:
description:
- This alert config applies to auto scale alerts.
type: bool
category:
description:
- Determines whether an alert is raised immediately when event occurs (realtime) or after specified number of events occurs within rolling time
- window.
- Enum options - REALTIME, ROLLINGWINDOW, WATERMARK.
- Default value when not specified in API or module is interpreted by Avi Controller as REALTIME.
required: true
description:
description:
- A custom description field.
enabled:
description:
- Enable or disable this alert config from generating new alerts.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
expiry_time:
description:
- An alert is expired and deleted after the expiry time has elapsed.
- The original event triggering the alert remains in the event's log.
- Allowed values are 1-31536000.
- Default value when not specified in API or module is interpreted by Avi Controller as 86400.
name:
description:
- Name of the alert configuration.
required: true
obj_uuid:
description:
- Uuid of the resource for which alert was raised.
object_type:
description:
- The object type to which the alert config is associated with.
- Valid object types are - virtual service, pool, service engine.
- Enum options - VIRTUALSERVICE, POOL, HEALTHMONITOR, NETWORKPROFILE, APPLICATIONPROFILE, HTTPPOLICYSET, DNSPOLICY, SECURITYPOLICY, IPADDRGROUP,
- STRINGGROUP, SSLPROFILE, SSLKEYANDCERTIFICATE, NETWORKSECURITYPOLICY, APPLICATIONPERSISTENCEPROFILE, ANALYTICSPROFILE, VSDATASCRIPTSET, TENANT,
- PKIPROFILE, AUTHPROFILE, CLOUD, SERVERAUTOSCALEPOLICY, AUTOSCALELAUNCHCONFIG, MICROSERVICEGROUP, IPAMPROFILE, HARDWARESECURITYMODULEGROUP,
- POOLGROUP, PRIORITYLABELS, POOLGROUPDEPLOYMENTPOLICY, GSLBSERVICE, GSLBSERVICERUNTIME, SCHEDULER, GSLBGEODBPROFILE,
- GSLBAPPLICATIONPERSISTENCEPROFILE, TRAFFICCLONEPROFILE, VSVIP, WAFPOLICY, WAFPROFILE, ERRORPAGEPROFILE, ERRORPAGEBODY, L4POLICYSET,
- GSLBSERVICERUNTIMEBATCH, WAFPOLICYPSMGROUP, PINGACCESSAGENT, SERVICEENGINEPOLICY, NATPOLICY, SSOPOLICY, PROTOCOLPARSER, SERVICEENGINE,
- DEBUGSERVICEENGINE, DEBUGCONTROLLER, DEBUGVIRTUALSERVICE, SERVICEENGINEGROUP, SEPROPERTIES, NETWORK, CONTROLLERNODE, CONTROLLERPROPERTIES,
- SYSTEMCONFIGURATION, VRFCONTEXT, USER, ALERTCONFIG, ALERTSYSLOGCONFIG, ALERTEMAILCONFIG, ALERTTYPECONFIG, APPLICATION, ROLE, CLOUDPROPERTIES,
- SNMPTRAPPROFILE, ACTIONGROUPPROFILE, MICROSERVICE, ALERTPARAMS, ACTIONGROUPCONFIG, CLOUDCONNECTORUSER, GSLB, GSLBDNSUPDATE, GSLBSITEOPS,
- GLBMGRWARMSTART, IPAMDNSRECORD, GSLBDNSGSSTATUS, GSLBDNSGEOFILEOPS, GSLBDNSGEOUPDATE, GSLBDNSGEOCLUSTEROPS, GSLBDNSCLEANUP, GSLBSITEOPSRESYNC,
- IPAMDNSPROVIDERPROFILE, TCPSTATRUNTIME, UDPSTATRUNTIME, IPSTATRUNTIME, ARPSTATRUNTIME, MBSTATRUNTIME, IPSTKQSTATSRUNTIME, MALLOCSTATRUNTIME,
- SHMALLOCSTATRUNTIME, CPUUSAGERUNTIME, L7GLOBALSTATSRUNTIME, L7VIRTUALSERVICESTATSRUNTIME, SEAGENTVNICDBRUNTIME, SEAGENTGRAPHDBRUNTIME,
- SEAGENTSTATERUNTIME, INTERFACERUNTIME, ARPTABLERUNTIME, DISPATCHERSTATRUNTIME, DISPATCHERSTATCLEARRUNTIME, DISPATCHERTABLEDUMPRUNTIME,
- DISPATCHERREMOTETIMERLISTDUMPRUNTIME, METRICSAGENTMESSAGE, HEALTHMONITORSTATRUNTIME, METRICSENTITYRUNTIME, PERSISTENCEINTERNAL,
- HTTPPOLICYSETINTERNAL, DNSPOLICYINTERNAL, CONNECTIONDUMPRUNTIME, SHAREDDBSTATS, SHAREDDBSTATSCLEAR, ICMPSTATRUNTIME, ROUTETABLERUNTIME,
- VIRTUALMACHINE, POOLSERVER, SEVSLIST, MEMINFORUNTIME, RTERINGSTATRUNTIME, ALGOSTATRUNTIME, HEALTHMONITORRUNTIME, CPUSTATRUNTIME, SEVM, HOST,
- PORTGROUP, CLUSTER, DATACENTER, VCENTER, HTTPPOLICYSETSTATS, DNSPOLICYSTATS, METRICSSESTATS, RATELIMITERSTATRUNTIME, NETWORKSECURITYPOLICYSTATS,
- TCPCONNRUNTIME, POOLSTATS, CONNPOOLINTERNAL, CONNPOOLSTATS, VSHASHSHOWRUNTIME, SELOGSTATSRUNTIME, NETWORKSECURITYPOLICYDETAIL, LICENSERUNTIME,
- SERVERRUNTIME, METRICSRUNTIMESUMMARY, METRICSRUNTIMEDETAIL, DISPATCHERSEHMPROBETEMPDISABLERUNTIME, POOLDEBUG, VSLOGMGRMAP, SERUMINSERTIONSTATS,
- HTTPCACHE, HTTPCACHESTATS, SEDOSSTATRUNTIME, VSDOSSTATRUNTIME, SERVERUPDATEREQ, VSSCALEOUTLIST, SEMEMDISTRUNTIME, TCPCONNRUNTIMEDETAIL,
- SEUPGRADESTATUS, SEUPGRADEPREVIEW, SEFAULTINJECTEXHAUSTM, SEFAULTINJECTEXHAUSTMCL, SEFAULTINJECTEXHAUSTMCLSMALL, SEFAULTINJECTEXHAUSTCONN,
- SEHEADLESSONLINEREQ, SEUPGRADE, SEUPGRADESTATUSDETAIL, SERESERVEDVS, SERESERVEDVSCLEAR, VSCANDIDATESEHOSTLIST, SEGROUPUPGRADE, REBALANCE,
- SEGROUPREBALANCE, SEAUTHSTATSRUNTIME, AUTOSCALESTATE, VIRTUALSERVICEAUTHSTATS, NETWORKSECURITYPOLICYDOS, KEYVALINTERNAL, KEYVALSUMMARYINTERNAL,
- SERVERSTATEUPDATEINFO, CLTRACKINTERNAL, CLTRACKSUMMARYINTERNAL, MICROSERVICERUNTIME, SEMICROSERVICE, VIRTUALSERVICEANALYSIS, CLIENTINTERNAL,
- CLIENTSUMMARYINTERNAL, MICROSERVICEGROUPRUNTIME, BGPRUNTIME, REQUESTQUEUERUNTIME, MIGRATEALL, MIGRATEALLSTATUSSUMMARY, MIGRATEALLSTATUSDETAIL,
- INTERFACESUMMARYRUNTIME, INTERFACELACPRUNTIME, DNSTABLE, GSLBSERVICEDETAIL, GSLBSERVICEINTERNAL, GSLBSERVICEHMONSTAT, SETROLESREQUEST,
- TRAFFICCLONERUNTIME, GEOLOCATIONINFO, SEVSHBSTATRUNTIME, GEODBINTERNAL, GSLBSITEINTERNAL, WAFSTATS, USERDEFINEDDATASCRIPTCOUNTERS, LLDPRUNTIME,
- VSESSHARINGPOOL, NDTABLERUNTIME, IP6STATRUNTIME, ICMP6STATRUNTIME, SEVSSPLACEMENT, L4POLICYSETSTATS, L4POLICYSETINTERNAL, BGPDEBUGINFO, SHARD,
- CPUSTATRUNTIMEDETAIL, SEASSERTSTATRUNTIME, SEFAULTINJECTINFRA, SEAGENTASSERTSTATRUNTIME, SEDATASTORESTATUS, DIFFQUEUESTATUS, IP6ROUTETABLERUNTIME,
- SECURITYMGRSTATE, VIRTUALSERVICESESCALEOUTSTATUS, SHARDSERVERSTATUS, SEAGENTSHARDCLIENTRESOURCEMAP, SEAGENTCONSISTENTHASH, SEAGENTVNICDBHISTORY,
- SEAGENTSHARDCLIENTAPPMAP, SEAGENTSHARDCLIENTEVENTHISTORY, SENATSTATRUNTIME, SENATFLOWRUNTIME, SERESOURCEPROTO, SECONSUMERPROTO,
- SECREATEPENDINGPROTO, PLACEMENTSTATS, SEVIPPROTO, RMVRFPROTO, VCENTERMAP, VIMGRVCENTERRUNTIME, INTERESTEDVMS, INTERESTEDHOSTS,
- VCENTERSUPPORTEDCOUNTERS, ENTITYCOUNTERS, TRANSACTIONSTATS, SEVMCREATEPROGRESS, PLACEMENTSTATUS, VISUBFOLDERS, VIDATASTORE, VIHOSTRESOURCES,
- CLOUDCONNECTOR, VINETWORKSUBNETVMS, VIDATASTORECONTENTS, VIMGRVCENTERCLOUDRUNTIME, VIVCENTERPORTGROUPS, VIVCENTERDATACENTERS, VIMGRHOSTRUNTIME,
- PLACEMENTGLOBALS, APICCONFIGURATION, CIFTABLE, APICTRANSACTION, VIRTUALSERVICESTATEDBCACHESUMMARY, POOLSTATEDBCACHESUMMARY,
- SERVERSTATEDBCACHESUMMARY, APICAGENTINTERNAL, APICTRANSACTIONFLAP, APICGRAPHINSTANCES, APICEPGS, APICEPGEPS, APICDEVICEPKGVER, APICTENANTS,
- APICVMMDOMAINS, NSXCONFIGURATION, NSXSGTABLE, NSXAGENTINTERNAL, NSXSGINFO, NSXSGIPS, NSXAGENTINTERNALCLI, MAXOBJECTS.
recommendation:
description:
- Recommendation of alertconfig.
rolling_window:
description:
- Only if the number of events is reached or exceeded within the time window will an alert be generated.
- Allowed values are 1-31536000.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
source:
description:
- Signifies system events or the type of client logsused in this alert configuration.
- Enum options - CONN_LOGS, APP_LOGS, EVENT_LOGS, METRICS.
required: true
summary:
description:
- Summary of reason why alert is generated.
tenant_ref:
description:
- It is a reference to an object of type tenant.
threshold:
description:
- An alert is created only when the number of events meets or exceeds this number within the chosen time frame.
- Allowed values are 1-65536.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.
throttle:
description:
- Alerts are suppressed (throttled) for this duration of time since the last alert was raised for this alert config.
- Allowed values are 0-31536000.
- Default value when not specified in API or module is interpreted by Avi Controller as 600.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create AlertConfig object
avi_alertconfig:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_alertconfig
"""
RETURN = '''
obj:
description: AlertConfig (api/alertconfig) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
action_group_ref=dict(type='str',),
alert_rule=dict(type='dict', required=True),
autoscale_alert=dict(type='bool',),
category=dict(type='str', required=True),
description=dict(type='str',),
enabled=dict(type='bool',),
expiry_time=dict(type='int',),
name=dict(type='str', required=True),
obj_uuid=dict(type='str',),
object_type=dict(type='str',),
recommendation=dict(type='str',),
rolling_window=dict(type='int',),
source=dict(type='str', required=True),
summary=dict(type='str',),
tenant_ref=dict(type='str',),
threshold=dict(type='int',),
throttle=dict(type='int',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'alertconfig',
set([]))
if __name__ == '__main__':
main()

121
plugins/modules/network/avi/avi_alertemailconfig.py Normal file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_alertemailconfig
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of AlertEmailConfig Avi RESTful Object
description:
- This module is used to configure AlertEmailConfig object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cc_emails:
description:
- Alerts are copied to the comma separated list of email recipients.
description:
description:
- User defined description for the object.
name:
description:
- A user-friendly name of the email notification service.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
to_emails:
description:
- Alerts are sent to the comma separated list of email recipients.
required: true
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create AlertEmailConfig object
avi_alertemailconfig:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_alertemailconfig
"""
RETURN = '''
obj:
description: AlertEmailConfig (api/alertemailconfig) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cc_emails=dict(type='str',),
description=dict(type='str',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
to_emails=dict(type='str', required=True),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'alertemailconfig',
set([]))
if __name__ == '__main__':
main()

114
plugins/modules/network/avi/avi_alertscriptconfig.py Normal file
View File

@@ -0,0 +1,114 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_alertscriptconfig
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of AlertScriptConfig Avi RESTful Object
description:
- This module is used to configure AlertScriptConfig object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
action_script:
description:
- User defined alert action script.
- Please refer to kb.avinetworks.com for more information.
name:
description:
- A user-friendly name of the script.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create Alert Script to perform AWS server autoscaling
avi_alertscriptconfig:
username: '{{ username }}'
controller: '{{ controller }}'
password: '{{ password }}'
action_script: "echo Hello"
name: AWS-Launch-Script
tenant_ref: Demo
"""
RETURN = '''
obj:
description: AlertScriptConfig (api/alertscriptconfig) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
action_script=dict(type='str',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'alertscriptconfig',
set([]))
if __name__ == '__main__':
main()

120
plugins/modules/network/avi/avi_alertsyslogconfig.py Normal file
View File

@@ -0,0 +1,120 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_alertsyslogconfig
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of AlertSyslogConfig Avi RESTful Object
description:
- This module is used to configure AlertSyslogConfig object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
description:
description:
- User defined description for alert syslog config.
name:
description:
- A user-friendly name of the syslog notification.
required: true
syslog_servers:
description:
- The list of syslog servers.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create Alert Syslog object to forward all events to external syslog server
avi_alertsyslogconfig:
controller: '{{ controller }}'
name: Roberts-syslog
password: '{{ password }}'
syslog_servers:
- syslog_server: 10.10.0.100
syslog_server_port: 514
udp: true
tenant_ref: admin
username: '{{ username }}'
"""
RETURN = '''
obj:
description: AlertSyslogConfig (api/alertsyslogconfig) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
description=dict(type='str',),
name=dict(type='str', required=True),
syslog_servers=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'alertsyslogconfig',
set([]))
if __name__ == '__main__':
main()

611
plugins/modules/network/avi/avi_analyticsprofile.py Normal file
View File

@@ -0,0 +1,611 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_analyticsprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of AnalyticsProfile Avi RESTful Object
description:
- This module is used to configure AnalyticsProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
apdex_response_threshold:
description:
- If a client receives an http response in less than the satisfactory latency threshold, the request is considered satisfied.
- It is considered tolerated if it is not satisfied and less than tolerated latency factor multiplied by the satisfactory latency threshold.
- Greater than this number and the client's request is considered frustrated.
- Allowed values are 1-30000.
- Default value when not specified in API or module is interpreted by Avi Controller as 500.
apdex_response_tolerated_factor:
description:
- Client tolerated response latency factor.
- Client must receive a response within this factor times the satisfactory threshold (apdex_response_threshold) to be considered tolerated.
- Allowed values are 1-1000.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.0.
apdex_rtt_threshold:
description:
- Satisfactory client to avi round trip time(rtt).
- Allowed values are 1-2000.
- Default value when not specified in API or module is interpreted by Avi Controller as 250.
apdex_rtt_tolerated_factor:
description:
- Tolerated client to avi round trip time(rtt) factor.
- It is a multiple of apdex_rtt_tolerated_factor.
- Allowed values are 1-1000.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.0.
apdex_rum_threshold:
description:
- If a client is able to load a page in less than the satisfactory latency threshold, the pageload is considered satisfied.
- It is considered tolerated if it is greater than satisfied but less than the tolerated latency multiplied by satisfied latency.
- Greater than this number and the client's request is considered frustrated.
- A pageload includes the time for dns lookup, download of all http objects, and page render time.
- Allowed values are 1-30000.
- Default value when not specified in API or module is interpreted by Avi Controller as 5000.
apdex_rum_tolerated_factor:
description:
- Virtual service threshold factor for tolerated page load time (plt) as multiple of apdex_rum_threshold.
- Allowed values are 1-1000.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.0.
apdex_server_response_threshold:
description:
- A server http response is considered satisfied if latency is less than the satisfactory latency threshold.
- The response is considered tolerated when it is greater than satisfied but less than the tolerated latency factor * s_latency.
- Greater than this number and the server response is considered frustrated.
- Allowed values are 1-30000.
- Default value when not specified in API or module is interpreted by Avi Controller as 400.
apdex_server_response_tolerated_factor:
description:
- Server tolerated response latency factor.
- Servermust response within this factor times the satisfactory threshold (apdex_server_response_threshold) to be considered tolerated.
- Allowed values are 1-1000.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.0.
apdex_server_rtt_threshold:
description:
- Satisfactory client to avi round trip time(rtt).
- Allowed values are 1-2000.
- Default value when not specified in API or module is interpreted by Avi Controller as 125.
apdex_server_rtt_tolerated_factor:
description:
- Tolerated client to avi round trip time(rtt) factor.
- It is a multiple of apdex_rtt_tolerated_factor.
- Allowed values are 1-1000.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.0.
client_log_config:
description:
- Configure which logs are sent to the avi controller from ses and how they are processed.
client_log_streaming_config:
description:
- Configure to stream logs to an external server.
- Field introduced in 17.1.1.
conn_lossy_ooo_threshold:
description:
- A connection between client and avi is considered lossy when more than this percentage of out of order packets are received.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 50.
conn_lossy_timeo_rexmt_threshold:
description:
- A connection between client and avi is considered lossy when more than this percentage of packets are retransmitted due to timeout.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 20.
conn_lossy_total_rexmt_threshold:
description:
- A connection between client and avi is considered lossy when more than this percentage of packets are retransmitted.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 50.
conn_lossy_zero_win_size_event_threshold:
description:
- A client connection is considered lossy when percentage of times a packet could not be transmitted due to tcp zero window is above this threshold.
- Allowed values are 0-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 2.
conn_server_lossy_ooo_threshold:
description:
- A connection between avi and server is considered lossy when more than this percentage of out of order packets are received.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 50.
conn_server_lossy_timeo_rexmt_threshold:
description:
- A connection between avi and server is considered lossy when more than this percentage of packets are retransmitted due to timeout.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 20.
conn_server_lossy_total_rexmt_threshold:
description:
- A connection between avi and server is considered lossy when more than this percentage of packets are retransmitted.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 50.
conn_server_lossy_zero_win_size_event_threshold:
description:
- A server connection is considered lossy when percentage of times a packet could not be transmitted due to tcp zero window is above this threshold.
- Allowed values are 0-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 2.
description:
description:
- User defined description for the object.
disable_ondemand_metrics:
description:
- Virtual service (vs) metrics are processed only when there is live data traffic on the vs.
- In case, vs is idle for a period of time as specified by ondemand_metrics_idle_timeout then metrics processing is suspended for that vs.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
disable_se_analytics:
description:
- Disable node (service engine) level analytics forvs metrics.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
disable_server_analytics:
description:
- Disable analytics on backend servers.
- This may be desired in container environment when there are large number of ephemeral servers.
- Additionally, no healthscore of servers is computed when server analytics is disabled.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
disable_vs_analytics:
description:
- Disable virtualservice (frontend) analytics.
- This flag disables metrics and healthscore for virtualservice.
- Field introduced in 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
enable_advanced_analytics:
description:
- Enables advanced analytics features like anomaly detection.
- If set to false, anomaly computation (and associated rules/events) for vs, pool and server metrics will be disabled.
- However, setting it to false reduces cpu and memory requirements for analytics subsystem.
- Field introduced in 17.2.13, 18.1.5, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
exclude_client_close_before_request_as_error:
description:
- Exclude client closed connection before an http request could be completed from being classified as an error.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_dns_policy_drop_as_significant:
description:
- Exclude dns policy drops from the list of errors.
- Field introduced in 17.2.2.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_gs_down_as_error:
description:
- Exclude queries to gslb services that are operationally down from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_http_error_codes:
description:
- List of http status codes to be excluded from being classified as an error.
- Error connections or responses impacts health score, are included as significant logs, and may be classified as part of a dos attack.
exclude_invalid_dns_domain_as_error:
description:
- Exclude dns queries to domains outside the domains configured in the dns application profile from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_invalid_dns_query_as_error:
description:
- Exclude invalid dns queries from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_no_dns_record_as_error:
description:
- Exclude queries to domains that did not have configured services/records from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_no_valid_gs_member_as_error:
description:
- Exclude queries to gslb services that have no available members from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_persistence_change_as_error:
description:
- Exclude persistence server changed while load balancing' from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_server_dns_error_as_error:
description:
- Exclude server dns error response from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_server_tcp_reset_as_error:
description:
- Exclude server tcp reset from errors.
- It is common for applications like ms exchange.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_sip_error_codes:
description:
- List of sip status codes to be excluded from being classified as an error.
- Field introduced in 17.2.13, 18.1.5, 18.2.1.
exclude_syn_retransmit_as_error:
description:
- Exclude 'server unanswered syns' from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_tcp_reset_as_error:
description:
- Exclude tcp resets by client from the list of potential errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
exclude_unsupported_dns_query_as_error:
description:
- Exclude unsupported dns queries from the list of errors.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
healthscore_max_server_limit:
description:
- Skips health score computation of pool servers when number of servers in a pool is more than this setting.
- Allowed values are 0-5000.
- Special values are 0- 'server health score is disabled'.
- Field introduced in 17.2.13, 18.1.4.
- Default value when not specified in API or module is interpreted by Avi Controller as 20.
hs_event_throttle_window:
description:
- Time window (in secs) within which only unique health change events should occur.
- Default value when not specified in API or module is interpreted by Avi Controller as 1209600.
hs_max_anomaly_penalty:
description:
- Maximum penalty that may be deducted from health score for anomalies.
- Allowed values are 0-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 10.
hs_max_resources_penalty:
description:
- Maximum penalty that may be deducted from health score for high resource utilization.
- Allowed values are 0-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 25.
hs_max_security_penalty:
description:
- Maximum penalty that may be deducted from health score based on security assessment.
- Allowed values are 0-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 100.
hs_min_dos_rate:
description:
- Dos connection rate below which the dos security assessment will not kick in.
- Default value when not specified in API or module is interpreted by Avi Controller as 1000.
hs_performance_boost:
description:
- Adds free performance score credits to health score.
- It can be used for compensating health score for known slow applications.
- Allowed values are 0-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
hs_pscore_traffic_threshold_l4_client:
description:
- Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed.
- Default value when not specified in API or module is interpreted by Avi Controller as 10.0.
hs_pscore_traffic_threshold_l4_server:
description:
- Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed.
- Default value when not specified in API or module is interpreted by Avi Controller as 10.0.
hs_security_certscore_expired:
description:
- Score assigned when the certificate has expired.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.0.
hs_security_certscore_gt30d:
description:
- Score assigned when the certificate expires in more than 30 days.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 5.0.
hs_security_certscore_le07d:
description:
- Score assigned when the certificate expires in less than or equal to 7 days.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 2.0.
hs_security_certscore_le30d:
description:
- Score assigned when the certificate expires in less than or equal to 30 days.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.0.
hs_security_chain_invalidity_penalty:
description:
- Penalty for allowing certificates with invalid chain.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.0.
hs_security_cipherscore_eq000b:
description:
- Score assigned when the minimum cipher strength is 0 bits.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.0.
hs_security_cipherscore_ge128b:
description:
- Score assigned when the minimum cipher strength is greater than equal to 128 bits.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 5.0.
hs_security_cipherscore_lt128b:
description:
- Score assigned when the minimum cipher strength is less than 128 bits.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 3.5.
hs_security_encalgo_score_none:
description:
- Score assigned when no algorithm is used for encryption.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.0.
hs_security_encalgo_score_rc4:
description:
- Score assigned when rc4 algorithm is used for encryption.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 2.5.
hs_security_hsts_penalty:
description:
- Penalty for not enabling hsts.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.0.
hs_security_nonpfs_penalty:
description:
- Penalty for allowing non-pfs handshakes.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.0.
hs_security_selfsignedcert_penalty:
description:
- Deprecated.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.0.
hs_security_ssl30_score:
description:
- Score assigned when supporting ssl3.0 encryption protocol.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 3.5.
hs_security_tls10_score:
description:
- Score assigned when supporting tls1.0 encryption protocol.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 5.0.
hs_security_tls11_score:
description:
- Score assigned when supporting tls1.1 encryption protocol.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 5.0.
hs_security_tls12_score:
description:
- Score assigned when supporting tls1.2 encryption protocol.
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 5.0.
hs_security_weak_signature_algo_penalty:
description:
- Penalty for allowing weak signature algorithm(s).
- Allowed values are 0-5.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.0.
name:
description:
- The name of the analytics profile.
required: true
ondemand_metrics_idle_timeout:
description:
- This flag sets the time duration of no live data traffic after which virtual service metrics processing is suspended.
- It is applicable only when disable_ondemand_metrics is set to false.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 1800.
ranges:
description:
- List of http status code ranges to be excluded from being classified as an error.
resp_code_block:
description:
- Block of http response codes to be excluded from being classified as an error.
- Enum options - AP_HTTP_RSP_4XX, AP_HTTP_RSP_5XX.
sensitive_log_profile:
description:
- Rules applied to the http application log for filtering sensitive information.
- Field introduced in 17.2.10, 18.1.2.
sip_log_depth:
description:
- Maximum number of sip messages added in logs for a sip transaction.
- By default, this value is 20.
- Allowed values are 1-1000.
- Field introduced in 17.2.13, 18.1.5, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 20.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the analytics profile.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a custom Analytics profile object
avi_analyticsprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
apdex_response_threshold: 500
apdex_response_tolerated_factor: 4.0
apdex_rtt_threshold: 250
apdex_rtt_tolerated_factor: 4.0
apdex_rum_threshold: 5000
apdex_rum_tolerated_factor: 4.0
apdex_server_response_threshold: 400
apdex_server_response_tolerated_factor: 4.0
apdex_server_rtt_threshold: 125
apdex_server_rtt_tolerated_factor: 4.0
conn_lossy_ooo_threshold: 50
conn_lossy_timeo_rexmt_threshold: 20
conn_lossy_total_rexmt_threshold: 50
conn_lossy_zero_win_size_event_threshold: 2
conn_server_lossy_ooo_threshold: 50
conn_server_lossy_timeo_rexmt_threshold: 20
conn_server_lossy_total_rexmt_threshold: 50
conn_server_lossy_zero_win_size_event_threshold: 2
disable_se_analytics: false
disable_server_analytics: false
exclude_client_close_before_request_as_error: false
exclude_persistence_change_as_error: false
exclude_server_tcp_reset_as_error: false
exclude_syn_retransmit_as_error: false
exclude_tcp_reset_as_error: false
hs_event_throttle_window: 1209600
hs_max_anomaly_penalty: 10
hs_max_resources_penalty: 25
hs_max_security_penalty: 100
hs_min_dos_rate: 1000
hs_performance_boost: 20
hs_pscore_traffic_threshold_l4_client: 10.0
hs_pscore_traffic_threshold_l4_server: 10.0
hs_security_certscore_expired: 0.0
hs_security_certscore_gt30d: 5.0
hs_security_certscore_le07d: 2.0
hs_security_certscore_le30d: 4.0
hs_security_chain_invalidity_penalty: 1.0
hs_security_cipherscore_eq000b: 0.0
hs_security_cipherscore_ge128b: 5.0
hs_security_cipherscore_lt128b: 3.5
hs_security_encalgo_score_none: 0.0
hs_security_encalgo_score_rc4: 2.5
hs_security_hsts_penalty: 0.0
hs_security_nonpfs_penalty: 1.0
hs_security_selfsignedcert_penalty: 1.0
hs_security_ssl30_score: 3.5
hs_security_tls10_score: 5.0
hs_security_tls11_score: 5.0
hs_security_tls12_score: 5.0
hs_security_weak_signature_algo_penalty: 1.0
name: jason-analytics-profile
tenant_ref: Demo
"""
RETURN = '''
obj:
description: AnalyticsProfile (api/analyticsprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
apdex_response_threshold=dict(type='int',),
apdex_response_tolerated_factor=dict(type='float',),
apdex_rtt_threshold=dict(type='int',),
apdex_rtt_tolerated_factor=dict(type='float',),
apdex_rum_threshold=dict(type='int',),
apdex_rum_tolerated_factor=dict(type='float',),
apdex_server_response_threshold=dict(type='int',),
apdex_server_response_tolerated_factor=dict(type='float',),
apdex_server_rtt_threshold=dict(type='int',),
apdex_server_rtt_tolerated_factor=dict(type='float',),
client_log_config=dict(type='dict',),
client_log_streaming_config=dict(type='dict',),
conn_lossy_ooo_threshold=dict(type='int',),
conn_lossy_timeo_rexmt_threshold=dict(type='int',),
conn_lossy_total_rexmt_threshold=dict(type='int',),
conn_lossy_zero_win_size_event_threshold=dict(type='int',),
conn_server_lossy_ooo_threshold=dict(type='int',),
conn_server_lossy_timeo_rexmt_threshold=dict(type='int',),
conn_server_lossy_total_rexmt_threshold=dict(type='int',),
conn_server_lossy_zero_win_size_event_threshold=dict(type='int',),
description=dict(type='str',),
disable_ondemand_metrics=dict(type='bool',),
disable_se_analytics=dict(type='bool',),
disable_server_analytics=dict(type='bool',),
disable_vs_analytics=dict(type='bool',),
enable_advanced_analytics=dict(type='bool',),
exclude_client_close_before_request_as_error=dict(type='bool',),
exclude_dns_policy_drop_as_significant=dict(type='bool',),
exclude_gs_down_as_error=dict(type='bool',),
exclude_http_error_codes=dict(type='list',),
exclude_invalid_dns_domain_as_error=dict(type='bool',),
exclude_invalid_dns_query_as_error=dict(type='bool',),
exclude_no_dns_record_as_error=dict(type='bool',),
exclude_no_valid_gs_member_as_error=dict(type='bool',),
exclude_persistence_change_as_error=dict(type='bool',),
exclude_server_dns_error_as_error=dict(type='bool',),
exclude_server_tcp_reset_as_error=dict(type='bool',),
exclude_sip_error_codes=dict(type='list',),
exclude_syn_retransmit_as_error=dict(type='bool',),
exclude_tcp_reset_as_error=dict(type='bool',),
exclude_unsupported_dns_query_as_error=dict(type='bool',),
healthscore_max_server_limit=dict(type='int',),
hs_event_throttle_window=dict(type='int',),
hs_max_anomaly_penalty=dict(type='int',),
hs_max_resources_penalty=dict(type='int',),
hs_max_security_penalty=dict(type='int',),
hs_min_dos_rate=dict(type='int',),
hs_performance_boost=dict(type='int',),
hs_pscore_traffic_threshold_l4_client=dict(type='float',),
hs_pscore_traffic_threshold_l4_server=dict(type='float',),
hs_security_certscore_expired=dict(type='float',),
hs_security_certscore_gt30d=dict(type='float',),
hs_security_certscore_le07d=dict(type='float',),
hs_security_certscore_le30d=dict(type='float',),
hs_security_chain_invalidity_penalty=dict(type='float',),
hs_security_cipherscore_eq000b=dict(type='float',),
hs_security_cipherscore_ge128b=dict(type='float',),
hs_security_cipherscore_lt128b=dict(type='float',),
hs_security_encalgo_score_none=dict(type='float',),
hs_security_encalgo_score_rc4=dict(type='float',),
hs_security_hsts_penalty=dict(type='float',),
hs_security_nonpfs_penalty=dict(type='float',),
hs_security_selfsignedcert_penalty=dict(type='float',),
hs_security_ssl30_score=dict(type='float',),
hs_security_tls10_score=dict(type='float',),
hs_security_tls11_score=dict(type='float',),
hs_security_tls12_score=dict(type='float',),
hs_security_weak_signature_algo_penalty=dict(type='float',),
name=dict(type='str', required=True),
ondemand_metrics_idle_timeout=dict(type='int',),
ranges=dict(type='list',),
resp_code_block=dict(type='list',),
sensitive_log_profile=dict(type='dict',),
sip_log_depth=dict(type='int',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'analyticsprofile',
set([]))
if __name__ == '__main__':
main()

258
plugins/modules/network/avi/avi_api_session.py Normal file
View File

@@ -0,0 +1,258 @@
#!/usr/bin/python
"""
# Created on Aug 12, 2016
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com) GitHub ID: grastogi23
#
# module_check: not supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
"""
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_api_session
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Avi API Module
description:
- This module can be used for calling any resources defined in Avi REST API. U(https://avinetworks.com/)
- This module is useful for invoking HTTP Patch methods and accessing resources that do not have an REST object associated with them.
requirements: [ avisdk ]
options:
http_method:
description:
- Allowed HTTP methods for RESTful services and are supported by Avi Controller.
choices: ["get", "put", "post", "patch", "delete"]
required: true
data:
description:
- HTTP body in YAML or JSON format.
params:
description:
- Query parameters passed to the HTTP API.
path:
description:
- 'Path for Avi API resource. For example, C(path: virtualservice) will translate to C(api/virtualserivce).'
timeout:
description:
- Timeout (in seconds) for Avi API calls.
default: 60
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = '''
- name: Get Pool Information using avi_api_session
avi_api_session:
controller: "{{ controller }}"
username: "{{ username }}"
password: "{{ password }}"
http_method: get
path: pool
params:
name: "{{ pool_name }}"
api_version: 16.4
register: pool_results
- name: Patch Pool with list of servers
avi_api_session:
controller: "{{ controller }}"
username: "{{ username }}"
password: "{{ password }}"
http_method: patch
path: "{{ pool_path }}"
api_version: 16.4
data:
add:
servers:
- ip:
addr: 10.10.10.10
type: V4
- ip:
addr: 20.20.20.20
type: V4
register: updated_pool
- name: Fetch Pool metrics bandwidth and connections rate
avi_api_session:
controller: "{{ controller }}"
username: "{{ username }}"
password: "{{ password }}"
http_method: get
path: analytics/metrics/pool
api_version: 16.4
params:
name: "{{ pool_name }}"
metric_id: l4_server.avg_bandwidth,l4_server.avg_complete_conns
step: 300
limit: 10
register: pool_metrics
'''
RETURN = '''
obj:
description: Avi REST resource
returned: success, changed
type: dict
'''
import json
import time
from ansible.module_utils.basic import AnsibleModule
from copy import deepcopy
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, ansible_return, avi_obj_cmp,
cleanup_absent_fields, HAS_AVI)
from ansible_collections.community.general.plugins.module_utils.network.avi.avi_api import (
ApiSession, AviCredentials)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
http_method=dict(required=True,
choices=['get', 'put', 'post', 'patch',
'delete']),
path=dict(type='str', required=True),
params=dict(type='dict'),
data=dict(type='jsonarg'),
timeout=dict(type='int', default=60)
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(
api_creds.controller, api_creds.username, password=api_creds.password,
timeout=api_creds.timeout, tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid, token=api_creds.token,
port=api_creds.port)
tenant_uuid = api_creds.tenant_uuid
tenant = api_creds.tenant
timeout = int(module.params.get('timeout'))
# path is a required argument
path = module.params.get('path', '')
params = module.params.get('params', None)
data = module.params.get('data', None)
# Get the api_version from module.
api_version = api_creds.api_version
if data is not None:
data = json.loads(data)
method = module.params['http_method']
existing_obj = None
changed = method != 'get'
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
# API methods not allowed
api_get_not_allowed = ["cluster", "gslbsiteops"]
api_post_not_allowed = ["alert", "fileservice"]
api_put_not_allowed = ["backup"]
if method == 'post' and not any(path.startswith(uri) for uri in api_post_not_allowed):
# TODO: Above condition should be updated after AV-38981 is fixed
# need to check if object already exists. In that case
# change the method to be put
try:
using_collection = False
if not any(path.startswith(uri) for uri in api_get_not_allowed):
if 'name' in data:
gparams['name'] = data['name']
using_collection = True
if not any(path.startswith(uri) for uri in api_get_not_allowed):
rsp = api.get(path, tenant=tenant, tenant_uuid=tenant_uuid,
params=gparams, api_version=api_version)
existing_obj = rsp.json()
if using_collection:
existing_obj = existing_obj['results'][0]
except (IndexError, KeyError):
# object is not found
pass
else:
if not any(path.startswith(uri) for uri in api_get_not_allowed):
# object is present
method = 'put'
path += '/' + existing_obj['uuid']
if method == 'put' and not any(path.startswith(uri) for uri in api_put_not_allowed):
# put can happen with when full path is specified or it is put + post
if existing_obj is None:
using_collection = False
if ((len(path.split('/')) == 1) and ('name' in data) and
(not any(path.startswith(uri) for uri in api_get_not_allowed))):
gparams['name'] = data['name']
using_collection = True
rsp = api.get(path, tenant=tenant, tenant_uuid=tenant_uuid,
params=gparams, api_version=api_version)
rsp_data = rsp.json()
if using_collection:
if rsp_data['results']:
existing_obj = rsp_data['results'][0]
path += '/' + existing_obj['uuid']
else:
method = 'post'
else:
if rsp.status_code == 404:
method = 'post'
else:
existing_obj = rsp_data
if existing_obj:
changed = not avi_obj_cmp(data, existing_obj)
cleanup_absent_fields(data)
if method == 'patch':
rsp = api.get(path, tenant=tenant, tenant_uuid=tenant_uuid,
params=gparams, api_version=api_version)
existing_obj = rsp.json()
if (method == 'put' and changed) or (method != 'put'):
fn = getattr(api, method)
rsp = fn(path, tenant=tenant, tenant_uuid=tenant, timeout=timeout,
params=params, data=data, api_version=api_version)
else:
rsp = None
if method == 'delete' and rsp.status_code == 404:
changed = False
rsp.status_code = 200
if method == 'patch' and existing_obj and rsp.status_code < 299:
# Ideally the comparison should happen with the return values
# from the patch API call. However, currently Avi API are
# returning different hostname when GET is used vs Patch.
# tracked as AV-12561
if path.startswith('pool'):
time.sleep(1)
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
rsp = api.get(path, tenant=tenant, tenant_uuid=tenant_uuid,
params=gparams, api_version=api_version)
new_obj = rsp.json()
changed = not avi_obj_cmp(new_obj, existing_obj)
if rsp is None:
return module.exit_json(changed=changed, obj=existing_obj)
return ansible_return(module, rsp, changed, req=data)
if __name__ == '__main__':
main()

94
plugins/modules/network/avi/avi_api_version.py Normal file
View File

@@ -0,0 +1,94 @@
#!/usr/bin/python
"""
# Created on July 24, 2017
#
# @author: Vilian Atmadzhov (vilian.atmadzhov@paddypowerbetfair.com) GitHub ID: vivobg
#
# module_check: not supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# Vilian Atmadzhov, <vilian.atmadzhov@paddypowerbetfair.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
"""
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_api_version
author: Vilian Atmadzhov (@vivobg) <vilian.atmadzhov@paddypowerbetfair.com>
short_description: Avi API Version Module
description:
- This module can be used to obtain the version of the Avi REST API. U(https://avinetworks.com/)
requirements: [ avisdk ]
options: {}
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = '''
- name: Get AVI API version
avi_api_version:
controller: ""
username: ""
password: ""
tenant: ""
register: avi_controller_version
'''
RETURN = '''
obj:
description: Avi REST resource
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, ansible_return, HAS_AVI)
from ansible_collections.community.general.plugins.module_utils.network.avi.avi_api import (
ApiSession, AviCredentials)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict()
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
try:
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(
api_creds.controller, api_creds.username,
password=api_creds.password,
timeout=api_creds.timeout, tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid, token=api_creds.token,
port=api_creds.port)
remote_api_version = api.remote_api_version
remote = {}
for key in remote_api_version.keys():
remote[key.lower()] = remote_api_version[key]
api.close()
module.exit_json(changed=False, obj=remote)
except Exception as e:
module.fail_json(msg=("Unable to get an AVI session. %s" % e))
if __name__ == '__main__':
main()

165
plugins/modules/network/avi/avi_applicationpersistenceprofile.py Normal file
View File

@@ -0,0 +1,165 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_applicationpersistenceprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ApplicationPersistenceProfile Avi RESTful Object
description:
- This module is used to configure ApplicationPersistenceProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
app_cookie_persistence_profile:
description:
- Specifies the application cookie persistence profile parameters.
description:
description:
- User defined description for the object.
hdr_persistence_profile:
description:
- Specifies the custom http header persistence profile parameters.
http_cookie_persistence_profile:
description:
- Specifies the http cookie persistence profile parameters.
ip_persistence_profile:
description:
- Specifies the client ip persistence profile parameters.
is_federated:
description:
- This field describes the object's replication scope.
- If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines.
- If the field is set to true, then the object is replicated across the federation.
- Field introduced in 17.1.3.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
name:
description:
- A user-friendly name for the persistence profile.
required: true
persistence_type:
description:
- Method used to persist clients to the same server for a duration of time or a session.
- Enum options - PERSISTENCE_TYPE_CLIENT_IP_ADDRESS, PERSISTENCE_TYPE_HTTP_COOKIE, PERSISTENCE_TYPE_TLS, PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS,
- PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER, PERSISTENCE_TYPE_APP_COOKIE, PERSISTENCE_TYPE_GSLB_SITE.
- Default value when not specified in API or module is interpreted by Avi Controller as PERSISTENCE_TYPE_CLIENT_IP_ADDRESS.
required: true
server_hm_down_recovery:
description:
- Specifies behavior when a persistent server has been marked down by a health monitor.
- Enum options - HM_DOWN_PICK_NEW_SERVER, HM_DOWN_ABORT_CONNECTION, HM_DOWN_CONTINUE_PERSISTENT_SERVER.
- Default value when not specified in API or module is interpreted by Avi Controller as HM_DOWN_PICK_NEW_SERVER.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the persistence profile.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create an Application Persistence setting using http cookie.
avi_applicationpersistenceprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
http_cookie_persistence_profile:
always_send_cookie: false
cookie_name: My-HTTP
key:
- aes_key: ShYGZdMks8j6Bpvm2sCvaXWzvXms2Z9ob+TTjRy46lQ=
name: c1276819-550c-4adf-912d-59efa5fd7269
- aes_key: OGsyVk84VCtyMENFOW0rMnRXVnNrb0RzdG5mT29oamJRb0dlbHZVSjR1az0=
name: a080de57-77c3-4580-a3ea-e7a6493c14fd
- aes_key: UVN0cU9HWmFUM2xOUzBVcmVXaHFXbnBLVUUxMU1VSktSVU5HWjJOWmVFMTBUMUV4UmxsNk4xQmFZejA9
name: 60478846-33c6-484d-868d-bbc324fce4a5
timeout: 15
name: My-HTTP-Cookie
persistence_type: PERSISTENCE_TYPE_HTTP_COOKIE
server_hm_down_recovery: HM_DOWN_PICK_NEW_SERVER
tenant_ref: Demo
"""
RETURN = '''
obj:
description: ApplicationPersistenceProfile (api/applicationpersistenceprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
app_cookie_persistence_profile=dict(type='dict',),
description=dict(type='str',),
hdr_persistence_profile=dict(type='dict',),
http_cookie_persistence_profile=dict(type='dict',),
ip_persistence_profile=dict(type='dict',),
is_federated=dict(type='bool',),
name=dict(type='str', required=True),
persistence_type=dict(type='str', required=True),
server_hm_down_recovery=dict(type='str',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'applicationpersistenceprofile',
set([]))
if __name__ == '__main__':
main()

218
plugins/modules/network/avi/avi_applicationprofile.py Normal file
View File

@@ -0,0 +1,218 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_applicationprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ApplicationProfile Avi RESTful Object
description:
- This module is used to configure ApplicationProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cloud_config_cksum:
description:
- Checksum of application profiles.
- Internally set by cloud connector.
- Field introduced in 17.2.14, 18.1.5, 18.2.1.
created_by:
description:
- Name of the application profile creator.
- Field introduced in 17.2.14, 18.1.5, 18.2.1.
description:
description:
- User defined description for the object.
dns_service_profile:
description:
- Specifies various dns service related controls for virtual service.
dos_rl_profile:
description:
- Specifies various security related controls for virtual service.
http_profile:
description:
- Specifies the http application proxy profile parameters.
name:
description:
- The name of the application profile.
required: true
preserve_client_ip:
description:
- Specifies if client ip needs to be preserved for backend connection.
- Not compatible with connection multiplexing.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
preserve_client_port:
description:
- Specifies if we need to preserve client port while preserving client ip for backend connections.
- Field introduced in 17.2.7.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
sip_service_profile:
description:
- Specifies various sip service related controls for virtual service.
- Field introduced in 17.2.8, 18.1.3, 18.2.1.
tcp_app_profile:
description:
- Specifies the tcp application proxy profile parameters.
tenant_ref:
description:
- It is a reference to an object of type tenant.
type:
description:
- Specifies which application layer proxy is enabled for the virtual service.
- Enum options - APPLICATION_PROFILE_TYPE_L4, APPLICATION_PROFILE_TYPE_HTTP, APPLICATION_PROFILE_TYPE_SYSLOG, APPLICATION_PROFILE_TYPE_DNS,
- APPLICATION_PROFILE_TYPE_SSL, APPLICATION_PROFILE_TYPE_SIP.
required: true
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the application profile.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create an Application Profile for HTTP application enabled for SSL traffic
avi_applicationprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
http_profile:
cache_config:
age_header: true
aggressive: false
date_header: true
default_expire: 600
enabled: false
heuristic_expire: false
max_cache_size: 0
max_object_size: 4194304
mime_types_group_refs:
- admin:System-Cacheable-Resource-Types
min_object_size: 100
query_cacheable: false
xcache_header: true
client_body_timeout: 0
client_header_timeout: 10000
client_max_body_size: 0
client_max_header_size: 12
client_max_request_size: 48
compression_profile:
compressible_content_ref: admin:System-Compressible-Content-Types
compression: false
remove_accept_encoding_header: true
type: AUTO_COMPRESSION
connection_multiplexing_enabled: true
hsts_enabled: false
hsts_max_age: 365
http_to_https: false
httponly_enabled: false
keepalive_header: false
keepalive_timeout: 30000
max_bad_rps_cip: 0
max_bad_rps_cip_uri: 0
max_bad_rps_uri: 0
max_rps_cip: 0
max_rps_cip_uri: 0
max_rps_unknown_cip: 0
max_rps_unknown_uri: 0
max_rps_uri: 0
post_accept_timeout: 30000
secure_cookie_enabled: false
server_side_redirect_to_https: false
spdy_enabled: false
spdy_fwd_proxy_mode: false
ssl_client_certificate_mode: SSL_CLIENT_CERTIFICATE_NONE
ssl_everywhere_enabled: false
websockets_enabled: true
x_forwarded_proto_enabled: false
xff_alternate_name: X-Forwarded-For
xff_enabled: true
name: System-HTTP
tenant_ref: admin
type: APPLICATION_PROFILE_TYPE_HTTP
"""
RETURN = '''
obj:
description: ApplicationProfile (api/applicationprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cloud_config_cksum=dict(type='str',),
created_by=dict(type='str',),
description=dict(type='str',),
dns_service_profile=dict(type='dict',),
dos_rl_profile=dict(type='dict',),
http_profile=dict(type='dict',),
name=dict(type='str', required=True),
preserve_client_ip=dict(type='bool',),
preserve_client_port=dict(type='bool',),
sip_service_profile=dict(type='dict',),
tcp_app_profile=dict(type='dict',),
tenant_ref=dict(type='str',),
type=dict(type='str', required=True),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'applicationprofile',
set([]))
if __name__ == '__main__':
main()

165
plugins/modules/network/avi/avi_authprofile.py Normal file
View File

@@ -0,0 +1,165 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_authprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of AuthProfile Avi RESTful Object
description:
- This module is used to configure AuthProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
description:
description:
- User defined description for the object.
http:
description:
- Http user authentication params.
ldap:
description:
- Ldap server and directory settings.
name:
description:
- Name of the auth profile.
required: true
pa_agent_ref:
description:
- Pingaccessagent uuid.
- It is a reference to an object of type pingaccessagent.
- Field introduced in 18.2.3.
saml:
description:
- Saml settings.
- Field introduced in 17.2.3.
tacacs_plus:
description:
- Tacacs+ settings.
tenant_ref:
description:
- It is a reference to an object of type tenant.
type:
description:
- Type of the auth profile.
- Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS.
required: true
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the auth profile.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create user authorization profile based on the LDAP
avi_authprofile:
controller: '{{ controller }}'
password: '{{ password }}'
username: '{{ username }}'
http:
cache_expiration_time: 5
group_member_is_full_dn: false
ldap:
base_dn: dc=avi,dc=local
bind_as_administrator: true
port: 389
security_mode: AUTH_LDAP_SECURE_NONE
server:
- 10.10.0.100
settings:
admin_bind_dn: user@avi.local
group_filter: (objectClass=*)
group_member_attribute: member
group_member_is_full_dn: true
group_search_dn: dc=avi,dc=local
group_search_scope: AUTH_LDAP_SCOPE_SUBTREE
ignore_referrals: true
password: password
user_id_attribute: samAccountname
user_search_dn: dc=avi,dc=local
user_search_scope: AUTH_LDAP_SCOPE_ONE
name: ProdAuth
tenant_ref: admin
type: AUTH_PROFILE_LDAP
"""
RETURN = '''
obj:
description: AuthProfile (api/authprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
description=dict(type='str',),
http=dict(type='dict',),
ldap=dict(type='dict',),
name=dict(type='str', required=True),
pa_agent_ref=dict(type='str',),
saml=dict(type='dict',),
tacacs_plus=dict(type='dict',),
tenant_ref=dict(type='str',),
type=dict(type='str', required=True),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'authprofile',
set([]))
if __name__ == '__main__':
main()

133
plugins/modules/network/avi/avi_autoscalelaunchconfig.py Normal file
View File

@@ -0,0 +1,133 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_autoscalelaunchconfig
author: Chaitanya Deshpande (@chaitanyaavi) <chaitanya.deshpande@avinetworks.com>
short_description: Module for setup of AutoScaleLaunchConfig Avi RESTful Object
description:
- This module is used to configure AutoScaleLaunchConfig object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
description:
description:
- User defined description for the object.
image_id:
description:
- Unique id of the amazon machine image (ami) or openstack vm id.
mesos:
description:
- Autoscalemesossettings settings for autoscalelaunchconfig.
name:
description:
- Name of the object.
required: true
openstack:
description:
- Autoscaleopenstacksettings settings for autoscalelaunchconfig.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
use_external_asg:
description:
- If set to true, serverautoscalepolicy will use the autoscaling group (external_autoscaling_groups) from pool to perform scale up and scale down.
- Pool should have single autoscaling group configured.
- Field introduced in 17.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create an Autoscale Launch configuration.
avi_autoscalelaunchconfig:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
image_id: default
name: default-autoscalelaunchconfig
tenant_ref: admin
"""
RETURN = '''
obj:
description: AutoScaleLaunchConfig (api/autoscalelaunchconfig) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
description=dict(type='str',),
image_id=dict(type='str',),
mesos=dict(type='dict',),
name=dict(type='str', required=True),
openstack=dict(type='dict',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
use_external_asg=dict(type='bool',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'autoscalelaunchconfig',
set([]))
if __name__ == '__main__':
main()

131
plugins/modules/network/avi/avi_backup.py Normal file
View File

@@ -0,0 +1,131 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_backup
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Backup Avi RESTful Object
description:
- This module is used to configure Backup object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
backup_config_ref:
description:
- Backupconfiguration information.
- It is a reference to an object of type backupconfiguration.
file_name:
description:
- The file name of backup.
required: true
local_file_url:
description:
- Url to download the backup file.
remote_file_url:
description:
- Url to download the backup file.
scheduler_ref:
description:
- Scheduler information.
- It is a reference to an object of type scheduler.
tenant_ref:
description:
- It is a reference to an object of type tenant.
timestamp:
description:
- Unix timestamp of when the backup file is created.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create Backup object
avi_backup:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_backup
"""
RETURN = '''
obj:
description: Backup (api/backup) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
backup_config_ref=dict(type='str',),
file_name=dict(type='str', required=True),
local_file_url=dict(type='str',),
remote_file_url=dict(type='str',),
scheduler_ref=dict(type='str',),
tenant_ref=dict(type='str',),
timestamp=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'backup',
set([]))
if __name__ == '__main__':
main()

167
plugins/modules/network/avi/avi_backupconfiguration.py Normal file
View File

@@ -0,0 +1,167 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_backupconfiguration
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of BackupConfiguration Avi RESTful Object
description:
- This module is used to configure BackupConfiguration object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
aws_access_key:
description:
- Aws access key id.
- Field introduced in 18.2.3.
aws_bucket_id:
description:
- Aws bucket.
- Field introduced in 18.2.3.
aws_secret_access:
description:
- Aws secret access key.
- Field introduced in 18.2.3.
backup_file_prefix:
description:
- Prefix of the exported configuration file.
- Field introduced in 17.1.1.
backup_passphrase:
description:
- Passphrase of backup configuration.
maximum_backups_stored:
description:
- Rotate the backup files based on this count.
- Allowed values are 1-20.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.
name:
description:
- Name of backup configuration.
required: true
remote_directory:
description:
- Directory at remote destination with write permission for ssh user.
remote_hostname:
description:
- Remote destination.
save_local:
description:
- Local backup.
type: bool
ssh_user_ref:
description:
- Access credentials for remote destination.
- It is a reference to an object of type cloudconnectoruser.
tenant_ref:
description:
- It is a reference to an object of type tenant.
upload_to_remote_host:
description:
- Remote backup.
type: bool
upload_to_s3:
description:
- Cloud backup.
- Field introduced in 18.2.3.
type: bool
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create BackupConfiguration object
avi_backupconfiguration:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_backupconfiguration
"""
RETURN = '''
obj:
description: BackupConfiguration (api/backupconfiguration) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
aws_access_key=dict(type='str', no_log=True,),
aws_bucket_id=dict(type='str',),
aws_secret_access=dict(type='str', no_log=True,),
backup_file_prefix=dict(type='str',),
backup_passphrase=dict(type='str', no_log=True,),
maximum_backups_stored=dict(type='int',),
name=dict(type='str', required=True),
remote_directory=dict(type='str',),
remote_hostname=dict(type='str',),
save_local=dict(type='bool',),
ssh_user_ref=dict(type='str',),
tenant_ref=dict(type='str',),
upload_to_remote_host=dict(type='bool',),
upload_to_s3=dict(type='bool',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'backupconfiguration',
set(['backup_passphrase', 'aws_access_key', 'aws_secret_access']))
if __name__ == '__main__':
main()

118
plugins/modules/network/avi/avi_certificatemanagementprofile.py Normal file
View File

@@ -0,0 +1,118 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_certificatemanagementprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of CertificateManagementProfile Avi RESTful Object
description:
- This module is used to configure CertificateManagementProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
name:
description:
- Name of the pki profile.
required: true
script_params:
description:
- List of customparams.
script_path:
description:
- Script_path of certificatemanagementprofile.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create CertificateManagementProfile object
avi_certificatemanagementprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_certificatemanagementprofile
"""
RETURN = '''
obj:
description: CertificateManagementProfile (api/certificatemanagementprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
name=dict(type='str', required=True),
script_params=dict(type='list',),
script_path=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'certificatemanagementprofile',
set([]))
if __name__ == '__main__':
main()

288
plugins/modules/network/avi/avi_cloud.py Normal file
View File

@@ -0,0 +1,288 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_cloud
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Cloud Avi RESTful Object
description:
- This module is used to configure Cloud object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
apic_configuration:
description:
- Apicconfiguration settings for cloud.
apic_mode:
description:
- Boolean flag to set apic_mode.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
autoscale_polling_interval:
description:
- Cloudconnector polling interval for external autoscale groups.
- Field introduced in 18.2.2.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
aws_configuration:
description:
- Awsconfiguration settings for cloud.
azure_configuration:
description:
- Field introduced in 17.2.1.
cloudstack_configuration:
description:
- Cloudstackconfiguration settings for cloud.
custom_tags:
description:
- Custom tags for all avi created resources in the cloud infrastructure.
- Field introduced in 17.1.5.
dhcp_enabled:
description:
- Select the ip address management scheme.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
dns_provider_ref:
description:
- Dns profile for the cloud.
- It is a reference to an object of type ipamdnsproviderprofile.
docker_configuration:
description:
- Dockerconfiguration settings for cloud.
east_west_dns_provider_ref:
description:
- Dns profile for east-west services.
- It is a reference to an object of type ipamdnsproviderprofile.
east_west_ipam_provider_ref:
description:
- Ipam profile for east-west services.
- Warning - please use virtual subnets in this ipam profile that do not conflict with the underlay networks or any overlay networks in the cluster.
- For example in aws and gcp, 169.254.0.0/16 is used for storing instance metadata.
- Hence, it should not be used in this profile.
- It is a reference to an object of type ipamdnsproviderprofile.
enable_vip_static_routes:
description:
- Use static routes for vip side network resolution during virtualservice placement.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
gcp_configuration:
description:
- Google cloud platform configuration.
- Field introduced in 18.2.1.
ip6_autocfg_enabled:
description:
- Enable ipv6 auto configuration.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
ipam_provider_ref:
description:
- Ipam profile for the cloud.
- It is a reference to an object of type ipamdnsproviderprofile.
license_tier:
description:
- Specifies the default license tier which would be used by new se groups.
- This field by default inherits the value from system configuration.
- Enum options - ENTERPRISE_16, ENTERPRISE_18.
- Field introduced in 17.2.5.
license_type:
description:
- If no license type is specified then default license enforcement for the cloud type is chosen.
- The default mappings are container cloud is max ses, openstack and vmware is cores and linux it is sockets.
- Enum options - LIC_BACKEND_SERVERS, LIC_SOCKETS, LIC_CORES, LIC_HOSTS, LIC_SE_BANDWIDTH, LIC_METERED_SE_BANDWIDTH.
linuxserver_configuration:
description:
- Linuxserverconfiguration settings for cloud.
mesos_configuration:
description:
- Field deprecated in 18.2.2.
mtu:
description:
- Mtu setting for the cloud.
- Default value when not specified in API or module is interpreted by Avi Controller as 1500.
name:
description:
- Name of the object.
required: true
nsx_configuration:
description:
- Configuration parameters for nsx manager.
- Field introduced in 17.1.1.
obj_name_prefix:
description:
- Default prefix for all automatically created objects in this cloud.
- This prefix can be overridden by the se-group template.
openstack_configuration:
description:
- Openstackconfiguration settings for cloud.
oshiftk8s_configuration:
description:
- Oshiftk8sconfiguration settings for cloud.
prefer_static_routes:
description:
- Prefer static routes over interface routes during virtualservice placement.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
proxy_configuration:
description:
- Proxyconfiguration settings for cloud.
rancher_configuration:
description:
- Rancherconfiguration settings for cloud.
state_based_dns_registration:
description:
- Dns records for vips are added/deleted based on the operational state of the vips.
- Field introduced in 17.1.12.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
vca_configuration:
description:
- Vcloudairconfiguration settings for cloud.
vcenter_configuration:
description:
- Vcenterconfiguration settings for cloud.
vtype:
description:
- Cloud type.
- Enum options - CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP,
- CLOUD_RANCHER, CLOUD_OSHIFT_K8S, CLOUD_AZURE, CLOUD_GCP.
- Default value when not specified in API or module is interpreted by Avi Controller as CLOUD_NONE.
required: true
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a VMware cloud with write access mode
avi_cloud:
username: '{{ username }}'
controller: '{{ controller }}'
password: '{{ password }}'
apic_mode: false
dhcp_enabled: true
enable_vip_static_routes: false
license_type: LIC_CORES
mtu: 1500
name: vCenter Cloud
prefer_static_routes: false
tenant_ref: admin
vcenter_configuration:
datacenter_ref: /api/vimgrdcruntime/datacenter-2-10.10.20.100
management_network: /api/vimgrnwruntime/dvportgroup-103-10.10.20.100
password: password
privilege: WRITE_ACCESS
username: user
vcenter_url: 10.10.20.100
vtype: CLOUD_VCENTER
"""
RETURN = '''
obj:
description: Cloud (api/cloud) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
apic_configuration=dict(type='dict',),
apic_mode=dict(type='bool',),
autoscale_polling_interval=dict(type='int',),
aws_configuration=dict(type='dict',),
azure_configuration=dict(type='dict',),
cloudstack_configuration=dict(type='dict',),
custom_tags=dict(type='list',),
dhcp_enabled=dict(type='bool',),
dns_provider_ref=dict(type='str',),
docker_configuration=dict(type='dict',),
east_west_dns_provider_ref=dict(type='str',),
east_west_ipam_provider_ref=dict(type='str',),
enable_vip_static_routes=dict(type='bool',),
gcp_configuration=dict(type='dict',),
ip6_autocfg_enabled=dict(type='bool',),
ipam_provider_ref=dict(type='str',),
license_tier=dict(type='str',),
license_type=dict(type='str',),
linuxserver_configuration=dict(type='dict',),
mesos_configuration=dict(type='dict',),
mtu=dict(type='int',),
name=dict(type='str', required=True),
nsx_configuration=dict(type='dict',),
obj_name_prefix=dict(type='str',),
openstack_configuration=dict(type='dict',),
oshiftk8s_configuration=dict(type='dict',),
prefer_static_routes=dict(type='bool',),
proxy_configuration=dict(type='dict',),
rancher_configuration=dict(type='dict',),
state_based_dns_registration=dict(type='bool',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
vca_configuration=dict(type='dict',),
vcenter_configuration=dict(type='dict',),
vtype=dict(type='str', required=True),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'cloud',
set([]))
if __name__ == '__main__':
main()

144
plugins/modules/network/avi/avi_cloudconnectoruser.py Normal file
View File

@@ -0,0 +1,144 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_cloudconnectoruser
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of CloudConnectorUser Avi RESTful Object
description:
- This module is used to configure CloudConnectorUser object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
azure_serviceprincipal:
description:
- Field introduced in 17.2.1.
azure_userpass:
description:
- Field introduced in 17.2.1.
gcp_credentials:
description:
- Credentials for google cloud platform.
- Field introduced in 18.2.1.
name:
description:
- Name of the object.
required: true
oci_credentials:
description:
- Credentials for oracle cloud infrastructure.
- Field introduced in 18.2.1,18.1.3.
private_key:
description:
- Private_key of cloudconnectoruser.
public_key:
description:
- Public_key of cloudconnectoruser.
tenant_ref:
description:
- It is a reference to an object of type tenant.
tencent_credentials:
description:
- Credentials for tencent cloud.
- Field introduced in 18.2.3.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a Cloud connector user that is used for integration into cloud platforms
avi_cloudconnectoruser:
controller: '{{ controller }}'
name: root
password: '{{ password }}'
private_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----'
public_key: 'ssh-rsa ...'
tenant_ref: admin
username: '{{ username }}'
"""
RETURN = '''
obj:
description: CloudConnectorUser (api/cloudconnectoruser) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
azure_serviceprincipal=dict(type='dict',),
azure_userpass=dict(type='dict',),
gcp_credentials=dict(type='dict',),
name=dict(type='str', required=True),
oci_credentials=dict(type='dict',),
private_key=dict(type='str', no_log=True,),
public_key=dict(type='str',),
tenant_ref=dict(type='str',),
tencent_credentials=dict(type='dict',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'cloudconnectoruser',
set(['private_key']))
if __name__ == '__main__':
main()

118
plugins/modules/network/avi/avi_cloudproperties.py Normal file
View File

@@ -0,0 +1,118 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_cloudproperties
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of CloudProperties Avi RESTful Object
description:
- This module is used to configure CloudProperties object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cc_props:
description:
- Cloudconnector properties.
cc_vtypes:
description:
- Cloud types supported by cloudconnector.
- Enum options - CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP,
- CLOUD_RANCHER, CLOUD_OSHIFT_K8S, CLOUD_AZURE, CLOUD_GCP.
hyp_props:
description:
- Hypervisor properties.
info:
description:
- Properties specific to a cloud type.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create CloudProperties object
avi_cloudproperties:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_cloudproperties
"""
RETURN = '''
obj:
description: CloudProperties (api/cloudproperties) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cc_props=dict(type='dict',),
cc_vtypes=dict(type='list',),
hyp_props=dict(type='list',),
info=dict(type='list',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'cloudproperties',
set([]))
if __name__ == '__main__':
main()

123
plugins/modules/network/avi/avi_cluster.py Normal file
View File

@@ -0,0 +1,123 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_cluster
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Cluster Avi RESTful Object
description:
- This module is used to configure Cluster object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
name:
description:
- Name of the object.
required: true
nodes:
description:
- List of clusternode.
rejoin_nodes_automatically:
description:
- Re-join cluster nodes automatically in the event one of the node is reset to factory.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
virtual_ip:
description:
- A virtual ip address.
- This ip address will be dynamically reconfigured so that it always is the ip of the cluster leader.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create Cluster object
avi_cluster:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_cluster
"""
RETURN = '''
obj:
description: Cluster (api/cluster) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
name=dict(type='str', required=True),
nodes=dict(type='list',),
rejoin_nodes_automatically=dict(type='bool',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
virtual_ip=dict(type='dict',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'cluster',
set([]))
if __name__ == '__main__':
main()

114
plugins/modules/network/avi/avi_clusterclouddetails.py Normal file
View File

@@ -0,0 +1,114 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_clusterclouddetails
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ClusterCloudDetails Avi RESTful Object
description:
- This module is used to configure ClusterCloudDetails object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
azure_info:
description:
- Azure info to configure cluster_vip on the controller.
- Field introduced in 17.2.5.
name:
description:
- Field introduced in 17.2.5.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.2.5.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Field introduced in 17.2.5.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create ClusterCloudDetails object
avi_clusterclouddetails:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_clusterclouddetails
"""
RETURN = '''
obj:
description: ClusterCloudDetails (api/clusterclouddetails) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
azure_info=dict(type='dict',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'clusterclouddetails',
set([]))
if __name__ == '__main__':
main()

421
plugins/modules/network/avi/avi_controllerproperties.py Normal file
View File

@@ -0,0 +1,421 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.2
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_controllerproperties
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ControllerProperties Avi RESTful Object
description:
- This module is used to configure ControllerProperties object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
allow_ip_forwarding:
description:
- Field introduced in 17.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
allow_unauthenticated_apis:
description:
- Allow unauthenticated access for special apis.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
allow_unauthenticated_nodes:
description:
- Boolean flag to set allow_unauthenticated_nodes.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
api_idle_timeout:
description:
- Allowed values are 0-1440.
- Default value when not specified in API or module is interpreted by Avi Controller as 15.
api_perf_logging_threshold:
description:
- Threshold to log request timing in portal_performance.log and server-timing response header.
- Any stage taking longer than 1% of the threshold will be included in the server-timing header.
- Field introduced in 18.1.4, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 10000.
appviewx_compat_mode:
description:
- Export configuration in appviewx compatibility mode.
- Field introduced in 17.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
attach_ip_retry_interval:
description:
- Number of attach_ip_retry_interval.
- Default value when not specified in API or module is interpreted by Avi Controller as 360.
attach_ip_retry_limit:
description:
- Number of attach_ip_retry_limit.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.
bm_use_ansible:
description:
- Use ansible for se creation in baremetal.
- Field introduced in 17.2.2.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
cleanup_expired_authtoken_timeout_period:
description:
- Period for auth token cleanup job.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
cleanup_sessions_timeout_period:
description:
- Period for sessions cleanup job.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
cloud_reconcile:
description:
- Enable/disable periodic reconcile for all the clouds.
- Field introduced in 17.2.14,18.1.5,18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
cluster_ip_gratuitous_arp_period:
description:
- Period for cluster ip gratuitous arp job.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
consistency_check_timeout_period:
description:
- Period for consistency check job.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
crashed_se_reboot:
description:
- Number of crashed_se_reboot.
- Default value when not specified in API or module is interpreted by Avi Controller as 900.
dead_se_detection_timer:
description:
- Number of dead_se_detection_timer.
- Default value when not specified in API or module is interpreted by Avi Controller as 360.
dns_refresh_period:
description:
- Period for refresh pool and gslb dns job.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
dummy:
description:
- Number of dummy.
enable_api_sharding:
description:
- This setting enables the controller leader to shard api requests to the followers (if any).
- Field introduced in 18.1.5, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
enable_memory_balancer:
description:
- Enable/disable memory balancer.
- Field introduced in 17.2.8.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
fatal_error_lease_time:
description:
- Number of fatal_error_lease_time.
- Default value when not specified in API or module is interpreted by Avi Controller as 120.
max_dead_se_in_grp:
description:
- Number of max_dead_se_in_grp.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.
max_pcap_per_tenant:
description:
- Maximum number of pcap files stored per tenant.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.
max_seq_attach_ip_failures:
description:
- Maximum number of consecutive attach ip failures that halts vs placement.
- Field introduced in 17.2.2.
- Default value when not specified in API or module is interpreted by Avi Controller as 3.
max_seq_vnic_failures:
description:
- Number of max_seq_vnic_failures.
- Default value when not specified in API or module is interpreted by Avi Controller as 3.
persistence_key_rotate_period:
description:
- Period for rotate app persistence keys job.
- Allowed values are 1-1051200.
- Special values are 0 - 'disabled'.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
portal_token:
description:
- Token used for uploading tech-support to portal.
- Field introduced in 16.4.6,17.1.2.
process_locked_useraccounts_timeout_period:
description:
- Period for process locked user accounts job.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.
process_pki_profile_timeout_period:
description:
- Period for process pki profile job.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 1440.
query_host_fail:
description:
- Number of query_host_fail.
- Default value when not specified in API or module is interpreted by Avi Controller as 180.
safenet_hsm_version:
description:
- Version of the safenet package installed on the controller.
- Field introduced in 16.5.2,17.2.3.
se_create_timeout:
description:
- Number of se_create_timeout.
- Default value when not specified in API or module is interpreted by Avi Controller as 900.
se_failover_attempt_interval:
description:
- Interval between attempting failovers to an se.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
se_from_marketplace:
description:
- This setting decides whether se is to be deployed from the cloud marketplace or to be created by the controller.
- The setting is applicable only when byol license is selected.
- Enum options - MARKETPLACE, IMAGE.
- Field introduced in 18.1.4, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as IMAGE.
se_offline_del:
description:
- Number of se_offline_del.
- Default value when not specified in API or module is interpreted by Avi Controller as 172000.
se_vnic_cooldown:
description:
- Number of se_vnic_cooldown.
- Default value when not specified in API or module is interpreted by Avi Controller as 120.
secure_channel_cleanup_timeout:
description:
- Period for secure channel cleanup job.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
secure_channel_controller_token_timeout:
description:
- Number of secure_channel_controller_token_timeout.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
secure_channel_se_token_timeout:
description:
- Number of secure_channel_se_token_timeout.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
seupgrade_fabric_pool_size:
description:
- Pool size used for all fabric commands during se upgrade.
- Default value when not specified in API or module is interpreted by Avi Controller as 20.
seupgrade_segroup_min_dead_timeout:
description:
- Time to wait before marking segroup upgrade as stuck.
- Default value when not specified in API or module is interpreted by Avi Controller as 360.
ssl_certificate_expiry_warning_days:
description:
- Number of days for ssl certificate expiry warning.
unresponsive_se_reboot:
description:
- Number of unresponsive_se_reboot.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
upgrade_dns_ttl:
description:
- Time to account for dns ttl during upgrade.
- This is in addition to vs_scalein_timeout_for_upgrade in se_group.
- Field introduced in 17.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 5.
upgrade_lease_time:
description:
- Number of upgrade_lease_time.
- Default value when not specified in API or module is interpreted by Avi Controller as 360.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
vnic_op_fail_time:
description:
- Number of vnic_op_fail_time.
- Default value when not specified in API or module is interpreted by Avi Controller as 180.
vs_apic_scaleout_timeout:
description:
- Time to wait for the scaled out se to become ready before marking the scaleout done, applies to apic configuration only.
- Default value when not specified in API or module is interpreted by Avi Controller as 360.
vs_awaiting_se_timeout:
description:
- Number of vs_awaiting_se_timeout.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
vs_key_rotate_period:
description:
- Period for rotate vs keys job.
- Allowed values are 1-1051200.
- Special values are 0 - 'disabled'.
- Default value when not specified in API or module is interpreted by Avi Controller as 360.
vs_scaleout_ready_check_interval:
description:
- Interval for checking scaleout_ready status while controller is waiting for scaleoutready rpc from the service engine.
- Field introduced in 18.2.2.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
vs_se_attach_ip_fail:
description:
- Time to wait before marking attach ip operation on an se as failed.
- Field introduced in 17.2.2.
- Default value when not specified in API or module is interpreted by Avi Controller as 600.
vs_se_bootup_fail:
description:
- Number of vs_se_bootup_fail.
- Default value when not specified in API or module is interpreted by Avi Controller as 480.
vs_se_create_fail:
description:
- Number of vs_se_create_fail.
- Default value when not specified in API or module is interpreted by Avi Controller as 1500.
vs_se_ping_fail:
description:
- Number of vs_se_ping_fail.
- Default value when not specified in API or module is interpreted by Avi Controller as 60.
vs_se_vnic_fail:
description:
- Number of vs_se_vnic_fail.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
vs_se_vnic_ip_fail:
description:
- Number of vs_se_vnic_ip_fail.
- Default value when not specified in API or module is interpreted by Avi Controller as 120.
warmstart_se_reconnect_wait_time:
description:
- Number of warmstart_se_reconnect_wait_time.
- Default value when not specified in API or module is interpreted by Avi Controller as 480.
warmstart_vs_resync_wait_time:
description:
- Timeout for warmstart vs resync.
- Field introduced in 18.1.4, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create ControllerProperties object
avi_controllerproperties:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_controllerproperties
"""
RETURN = '''
obj:
description: ControllerProperties (api/controllerproperties) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
allow_ip_forwarding=dict(type='bool',),
allow_unauthenticated_apis=dict(type='bool',),
allow_unauthenticated_nodes=dict(type='bool',),
api_idle_timeout=dict(type='int',),
api_perf_logging_threshold=dict(type='int',),
appviewx_compat_mode=dict(type='bool',),
attach_ip_retry_interval=dict(type='int',),
attach_ip_retry_limit=dict(type='int',),
bm_use_ansible=dict(type='bool',),
cleanup_expired_authtoken_timeout_period=dict(type='int',),
cleanup_sessions_timeout_period=dict(type='int',),
cloud_reconcile=dict(type='bool',),
cluster_ip_gratuitous_arp_period=dict(type='int',),
consistency_check_timeout_period=dict(type='int',),
crashed_se_reboot=dict(type='int',),
dead_se_detection_timer=dict(type='int',),
dns_refresh_period=dict(type='int',),
dummy=dict(type='int',),
enable_api_sharding=dict(type='bool',),
enable_memory_balancer=dict(type='bool',),
fatal_error_lease_time=dict(type='int',),
max_dead_se_in_grp=dict(type='int',),
max_pcap_per_tenant=dict(type='int',),
max_seq_attach_ip_failures=dict(type='int',),
max_seq_vnic_failures=dict(type='int',),
persistence_key_rotate_period=dict(type='int',),
portal_token=dict(type='str', no_log=True,),
process_locked_useraccounts_timeout_period=dict(type='int',),
process_pki_profile_timeout_period=dict(type='int',),
query_host_fail=dict(type='int',),
safenet_hsm_version=dict(type='str',),
se_create_timeout=dict(type='int',),
se_failover_attempt_interval=dict(type='int',),
se_from_marketplace=dict(type='str',),
se_offline_del=dict(type='int',),
se_vnic_cooldown=dict(type='int',),
secure_channel_cleanup_timeout=dict(type='int',),
secure_channel_controller_token_timeout=dict(type='int',),
secure_channel_se_token_timeout=dict(type='int',),
seupgrade_fabric_pool_size=dict(type='int',),
seupgrade_segroup_min_dead_timeout=dict(type='int',),
ssl_certificate_expiry_warning_days=dict(type='list',),
unresponsive_se_reboot=dict(type='int',),
upgrade_dns_ttl=dict(type='int',),
upgrade_lease_time=dict(type='int',),
url=dict(type='str',),
uuid=dict(type='str',),
vnic_op_fail_time=dict(type='int',),
vs_apic_scaleout_timeout=dict(type='int',),
vs_awaiting_se_timeout=dict(type='int',),
vs_key_rotate_period=dict(type='int',),
vs_scaleout_ready_check_interval=dict(type='int',),
vs_se_attach_ip_fail=dict(type='int',),
vs_se_bootup_fail=dict(type='int',),
vs_se_create_fail=dict(type='int',),
vs_se_ping_fail=dict(type='int',),
vs_se_vnic_fail=dict(type='int',),
vs_se_vnic_ip_fail=dict(type='int',),
warmstart_se_reconnect_wait_time=dict(type='int',),
warmstart_vs_resync_wait_time=dict(type='int',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'controllerproperties',
set(['portal_token']))
if __name__ == '__main__':
main()

121
plugins/modules/network/avi/avi_customipamdnsprofile.py Normal file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_customipamdnsprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of CustomIpamDnsProfile Avi RESTful Object
description:
- This module is used to configure CustomIpamDnsProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
name:
description:
- Name of the custom ipam dns profile.
- Field introduced in 17.1.1.
required: true
script_params:
description:
- Parameters that are always passed to the ipam/dns script.
- Field introduced in 17.1.1.
script_uri:
description:
- Script uri of form controller //ipamdnsscripts/<file-name>.
- Field introduced in 17.1.1.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.1.1.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Field introduced in 17.1.1.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create CustomIpamDnsProfile object
avi_customipamdnsprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_customipamdnsprofile
"""
RETURN = '''
obj:
description: CustomIpamDnsProfile (api/customipamdnsprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
name=dict(type='str', required=True),
script_params=dict(type='list',),
script_uri=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'customipamdnsprofile',
set([]))
if __name__ == '__main__':
main()

126
plugins/modules/network/avi/avi_dnspolicy.py Normal file
View File

@@ -0,0 +1,126 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_dnspolicy
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of DnsPolicy Avi RESTful Object
description:
- This module is used to configure DnsPolicy object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
created_by:
description:
- Creator name.
- Field introduced in 17.1.1.
description:
description:
- Field introduced in 17.1.1.
name:
description:
- Name of the dns policy.
- Field introduced in 17.1.1.
required: true
rule:
description:
- Dns rules.
- Field introduced in 17.1.1.
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.1.1.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the dns policy.
- Field introduced in 17.1.1.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create DnsPolicy object
avi_dnspolicy:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_dnspolicy
"""
RETURN = '''
obj:
description: DnsPolicy (api/dnspolicy) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
created_by=dict(type='str',),
description=dict(type='str',),
name=dict(type='str', required=True),
rule=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'dnspolicy',
set([]))
if __name__ == '__main__':
main()

121
plugins/modules/network/avi/avi_errorpagebody.py Normal file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_errorpagebody
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ErrorPageBody Avi RESTful Object
description:
- This module is used to configure ErrorPageBody object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
error_page_body:
description:
- Error page body sent to client when match.
- Field introduced in 17.2.4.
format:
description:
- Format of an error page body html or json.
- Enum options - ERROR_PAGE_FORMAT_HTML, ERROR_PAGE_FORMAT_JSON.
- Field introduced in 18.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as ERROR_PAGE_FORMAT_HTML.
name:
description:
- Field introduced in 17.2.4.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.2.4.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Field introduced in 17.2.4.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create ErrorPageBody object
avi_errorpagebody:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_errorpagebody
"""
RETURN = '''
obj:
description: ErrorPageBody (api/errorpagebody) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
error_page_body=dict(type='str',),
format=dict(type='str',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'errorpagebody',
set([]))
if __name__ == '__main__':
main()

135
plugins/modules/network/avi/avi_errorpageprofile.py Normal file
View File

@@ -0,0 +1,135 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_errorpageprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ErrorPageProfile Avi RESTful Object
description:
- This module is used to configure ErrorPageProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
app_name:
description:
- Name of the virtual service which generated the error page.
- Field deprecated in 18.1.1.
- Field introduced in 17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller as VS Name.
company_name:
description:
- Name of the company to show in error page.
- Field deprecated in 18.1.1.
- Field introduced in 17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller as Avi Networks.
error_pages:
description:
- Defined error pages for http status codes.
- Field introduced in 17.2.4.
host_name:
description:
- Fully qualified domain name for which the error page is generated.
- Field deprecated in 18.1.1.
- Field introduced in 17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller as Host Header.
name:
description:
- Field introduced in 17.2.4.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.2.4.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Field introduced in 17.2.4.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create ErrorPageProfile object
avi_errorpageprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_errorpageprofile
"""
RETURN = '''
obj:
description: ErrorPageProfile (api/errorpageprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
app_name=dict(type='str',),
company_name=dict(type='str',),
error_pages=dict(type='list',),
host_name=dict(type='str',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'errorpageprofile',
set([]))
if __name__ == '__main__':
main()

354
plugins/modules/network/avi/avi_gslb.py Normal file
View File

@@ -0,0 +1,354 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_gslb
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Gslb Avi RESTful Object
description:
- This module is used to configure Gslb object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
async_interval:
description:
- Frequency with which messages are propagated to vs mgr.
- Value of 0 disables async behavior and rpc are sent inline.
- Allowed values are 0-5.
- Field introduced in 18.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
clear_on_max_retries:
description:
- Max retries after which the remote site is treated as a fresh start.
- In fresh start all the configs are downloaded.
- Allowed values are 1-1024.
- Default value when not specified in API or module is interpreted by Avi Controller as 20.
client_ip_addr_group:
description:
- Group to specify if the client ip addresses are public or private.
- Field introduced in 17.1.2.
description:
description:
- User defined description for the object.
dns_configs:
description:
- Sub domain configuration for the gslb.
- Gslb service's fqdn must be a match one of these subdomains.
is_federated:
description:
- This field indicates that this object is replicated across gslb federation.
- Field introduced in 17.1.3.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
leader_cluster_uuid:
description:
- Mark this site as leader of gslb configuration.
- This site is the one among the avi sites.
required: true
maintenance_mode:
description:
- This field disables the configuration operations on the leader for all federated objects.
- Cud operations on gslb, gslbservice, gslbgeodbprofile and other federated objects will be rejected.
- The rest-api disabling helps in upgrade scenarios where we don't want configuration sync operations to the gslb member when the member is being
- upgraded.
- This configuration programmatically blocks the leader from accepting new gslb configuration when member sites are undergoing upgrade.
- Field introduced in 17.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
name:
description:
- Name for the gslb object.
required: true
send_interval:
description:
- Frequency with which group members communicate.
- Allowed values are 1-3600.
- Default value when not specified in API or module is interpreted by Avi Controller as 15.
send_interval_prior_to_maintenance_mode:
description:
- The user can specify a send-interval while entering maintenance mode.
- The validity of this 'maintenance send-interval' is only during maintenance mode.
- When the user leaves maintenance mode, the original send-interval is reinstated.
- This internal variable is used to store the original send-interval.
- Field introduced in 18.2.3.
sites:
description:
- Select avi site member belonging to this gslb.
tenant_ref:
description:
- It is a reference to an object of type tenant.
third_party_sites:
description:
- Third party site member belonging to this gslb.
- Field introduced in 17.1.1.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the gslb object.
view_id:
description:
- The view-id is used in change-leader mode to differentiate partitioned groups while they have the same gslb namespace.
- Each partitioned group will be able to operate independently by using the view-id.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create Gslb object
avi_gslb:
name: "test-gslb"
avi_credentials:
username: '{{ username }}'
password: '{{ password }}'
controller: '{{ controller }}'
sites:
- name: "test-site1"
username: "gslb_username"
password: "gslb_password"
ip_addresses:
- type: "V4"
addr: "10.10.28.83"
enabled: True
member_type: "GSLB_ACTIVE_MEMBER"
port: 443
cluster_uuid: "cluster-d4ee5fcc-3e0a-4d4f-9ae6-4182bc605829"
- name: "test-site2"
username: "gslb_username"
password: "gslb_password"
ip_addresses:
- type: "V4"
addr: "10.10.28.86"
enabled: True
member_type: "GSLB_ACTIVE_MEMBER"
port: 443
cluster_uuid: "cluster-0c37ae8d-ab62-410c-ad3e-06fa831950b1"
dns_configs:
- domain_name: "test1.com"
- domain_name: "test2.com"
leader_cluster_uuid: "cluster-d4ee5fcc-3e0a-4d4f-9ae6-4182bc605829"
- name: Update Gslb site's configurations (Patch Add Operation)
avi_gslb:
avi_credentials:
username: '{{ username }}'
password: '{{ password }}'
controller: '{{ controller }}'
avi_api_update_method: patch
avi_api_patch_op: add
leader_cluster_uuid: "cluster-d4ee5fcc-3e0a-4d4f-9ae6-4182bc605829"
name: "test-gslb"
dns_configs:
- domain_name: "temp1.com"
- domain_name: "temp2.com"
gslb_sites_config:
- ip_addr: "10.10.28.83"
dns_vses:
- dns_vs_uuid: "virtualservice-f2a711cd-5e78-473f-8f47-d12de660fd62"
domain_names:
- "test1.com"
- "test2.com"
- ip_addr: "10.10.28.86"
dns_vses:
- dns_vs_uuid: "virtualservice-c1a63a16-f2a1-4f41-aab4-1e90f92a5e49"
domain_names:
- "temp1.com"
- "temp2.com"
- name: Update Gslb site's configurations (Patch Replace Operation)
avi_gslb:
avi_credentials:
username: "{{ username }}"
password: "{{ password }}"
controller: "{{ controller }}"
# On basis of cluster leader uuid dns_configs is set for that particular leader cluster
leader_cluster_uuid: "cluster-84aa795f-8f09-42bb-97a4-5103f4a53da9"
name: "test-gslb"
avi_api_update_method: patch
avi_api_patch_op: replace
dns_configs:
- domain_name: "test3.com"
- domain_name: "temp3.com"
gslb_sites_config:
# Ip address is mapping key for dns_vses field update. For the given IP address,
# dns_vses is updated.
- ip_addr: "10.10.28.83"
dns_vses:
- dns_vs_uuid: "virtualservice-7c947ed4-77f3-4a52-909c-4f12afaf5bb0"
domain_names:
- "test3.com"
- ip_addr: "10.10.28.86"
dns_vses:
- dns_vs_uuid: "virtualservice-799b2c6d-7f2d-4c3f-94c6-6e813b20b674"
domain_names:
- "temp3.com"
- name: Update Gslb site's configurations (Patch Delete Operation)
avi_gslb:
avi_credentials:
username: "{{ username }}"
password: "{{ password }}"
controller: "{{ controller }}"
# On basis of cluster leader uuid dns_configs is set for that particular leader cluster
leader_cluster_uuid: "cluster-84aa795f-8f09-42bb-97a4-5103f4a53da9"
name: "test-gslb"
avi_api_update_method: patch
avi_api_patch_op: delete
dns_configs:
gslb_sites_config:
- ip_addr: "10.10.28.83"
- ip_addr: "10.10.28.86"
"""
RETURN = '''
obj:
description: Gslb (api/gslb) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
from ansible_collections.community.general.plugins.module_utils.network.avi.avi_api import ApiSession, AviCredentials
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
async_interval=dict(type='int',),
clear_on_max_retries=dict(type='int',),
client_ip_addr_group=dict(type='dict',),
description=dict(type='str',),
dns_configs=dict(type='list',),
is_federated=dict(type='bool',),
leader_cluster_uuid=dict(type='str', required=True),
maintenance_mode=dict(type='bool',),
name=dict(type='str', required=True),
send_interval=dict(type='int',),
send_interval_prior_to_maintenance_mode=dict(type='int',),
sites=dict(type='list',),
tenant_ref=dict(type='str',),
third_party_sites=dict(type='list',),
url=dict(type='str',),
uuid=dict(type='str',),
view_id=dict(type='int',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_method = module.params['avi_api_update_method']
if str(api_method).lower() == 'patch':
patch_op = module.params['avi_api_patch_op']
# Create controller session
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(
api_creds.controller, api_creds.username, password=api_creds.password,
timeout=api_creds.timeout, tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid, token=api_creds.token,
port=api_creds.port)
# Get existing gslb objects
rsp = api.get('gslb', api_version=api_creds.api_version)
existing_gslb = rsp.json()
gslb = existing_gslb['results']
sites = module.params['gslb_sites_config']
for gslb_obj in gslb:
# Update/Delete domain names in dns_configs fields in gslb object.
if 'dns_configs' in module.params:
if gslb_obj['leader_cluster_uuid'] == module.params['leader_cluster_uuid']:
if str(patch_op).lower() == 'delete':
gslb_obj['dns_configs'] = []
elif str(patch_op).lower() == 'add':
if module.params['dns_configs'] not in gslb_obj['dns_configs']:
gslb_obj['dns_configs'].extend(module.params['dns_configs'])
else:
gslb_obj['dns_configs'] = module.params['dns_configs']
# Update/Delete sites configuration
if sites:
for site_obj in gslb_obj['sites']:
dns_vses = site_obj.get('dns_vses', [])
for obj in sites:
config_for = obj.get('ip_addr', None)
if not config_for:
return module.fail_json(msg=(
"ip_addr of site in a configuration is mandatory. "
"Please provide ip_addr i.e. gslb site's ip."))
if config_for == site_obj['ip_addresses'][0]['addr']:
if str(patch_op).lower() == 'delete':
site_obj['dns_vses'] = []
else:
# Modify existing gslb sites object
for key, val in obj.items():
if key == 'dns_vses' and str(patch_op).lower() == 'add':
found = False
# Check dns_vses field already exists on the controller
for v in dns_vses:
if val[0]['dns_vs_uuid'] != v['dns_vs_uuid']:
found = True
break
if not found:
dns_vses.extend(val)
else:
site_obj[key] = val
if str(patch_op).lower() == 'add':
site_obj['dns_vses'] = dns_vses
uni_dns_configs = [dict(tupleized) for tupleized in set(tuple(item.items())
for item in gslb_obj['dns_configs'])]
gslb_obj['dns_configs'] = uni_dns_configs
module.params.update(gslb_obj)
module.params.update(
{
'avi_api_update_method': 'put',
'state': 'present'
}
)
return avi_ansible_api(module, 'gslb',
set([]))
if __name__ == '__main__':
main()

129
plugins/modules/network/avi/avi_gslbgeodbprofile.py Normal file
View File

@@ -0,0 +1,129 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.2
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_gslbgeodbprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of GslbGeoDbProfile Avi RESTful Object
description:
- This module is used to configure GslbGeoDbProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
description:
description:
- Field introduced in 17.1.1.
entries:
description:
- List of geodb entries.
- An entry can either be a geodb file or an ip address group with geo properties.
- Field introduced in 17.1.1.
is_federated:
description:
- This field indicates that this object is replicated across gslb federation.
- Field introduced in 17.1.3.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
name:
description:
- A user-friendly name for the geodb profile.
- Field introduced in 17.1.1.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.1.1.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the geodb profile.
- Field introduced in 17.1.1.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create GslbGeoDbProfile object
avi_gslbgeodbprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_gslbgeodbprofile
"""
RETURN = '''
obj:
description: GslbGeoDbProfile (api/gslbgeodbprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
description=dict(type='str',),
entries=dict(type='list',),
is_federated=dict(type='bool',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'gslbgeodbprofile',
set([]))
if __name__ == '__main__':
main()

230
plugins/modules/network/avi/avi_gslbservice.py Normal file
View File

@@ -0,0 +1,230 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_gslbservice
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of GslbService Avi RESTful Object
description:
- This module is used to configure GslbService object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
application_persistence_profile_ref:
description:
- The federated application persistence associated with gslbservice site persistence functionality.
- It is a reference to an object of type applicationpersistenceprofile.
- Field introduced in 17.2.1.
controller_health_status_enabled:
description:
- Gs member's overall health status is derived based on a combination of controller and datapath health-status inputs.
- Note that the datapath status is determined by the association of health monitor profiles.
- Only the controller provided status is determined through this configuration.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
created_by:
description:
- Creator name.
- Field introduced in 17.1.2.
description:
description:
- User defined description for the object.
domain_names:
description:
- Fully qualified domain name of the gslb service.
down_response:
description:
- Response to the client query when the gslb service is down.
enabled:
description:
- Enable or disable the gslb service.
- If the gslb service is enabled, then the vips are sent in the dns responses based on reachability and configured algorithm.
- If the gslb service is disabled, then the vips are no longer available in the dns response.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
groups:
description:
- Select list of pools belonging to this gslb service.
health_monitor_refs:
description:
- Verify vs health by applying one or more health monitors.
- Active monitors generate synthetic traffic from dns service engine and to mark a vs up or down based on the response.
- It is a reference to an object of type healthmonitor.
health_monitor_scope:
description:
- Health monitor probe can be executed for all the members or it can be executed only for third-party members.
- This operational mode is useful to reduce the number of health monitor probes in case of a hybrid scenario.
- In such a case, avi members can have controller derived status while non-avi members can be probed by via health monitor probes in dataplane.
- Enum options - GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS, GSLB_SERVICE_HEALTH_MONITOR_ONLY_NON_AVI_MEMBERS.
- Default value when not specified in API or module is interpreted by Avi Controller as GSLB_SERVICE_HEALTH_MONITOR_ALL_MEMBERS.
hm_off:
description:
- This field is an internal field and is used in se.
- Field introduced in 18.2.2.
type: bool
is_federated:
description:
- This field indicates that this object is replicated across gslb federation.
- Field introduced in 17.1.3.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
min_members:
description:
- The minimum number of members to distribute traffic to.
- Allowed values are 1-65535.
- Special values are 0 - 'disable'.
- Field introduced in 17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
name:
description:
- Name for the gslb service.
required: true
num_dns_ip:
description:
- Number of ip addresses of this gslb service to be returned by the dns service.
- Enter 0 to return all ip addresses.
- Allowed values are 1-20.
- Special values are 0- 'return all ip addresses'.
pool_algorithm:
description:
- The load balancing algorithm will pick a gslb pool within the gslb service list of available pools.
- Enum options - GSLB_SERVICE_ALGORITHM_PRIORITY, GSLB_SERVICE_ALGORITHM_GEO.
- Field introduced in 17.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as GSLB_SERVICE_ALGORITHM_PRIORITY.
site_persistence_enabled:
description:
- Enable site-persistence for the gslbservice.
- Field introduced in 17.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
tenant_ref:
description:
- It is a reference to an object of type tenant.
ttl:
description:
- Ttl value (in seconds) for records served for this gslb service by the dns service.
- Allowed values are 0-86400.
url:
description:
- Avi controller URL of the object.
use_edns_client_subnet:
description:
- Use the client ip subnet from the edns option as source ipaddress for client geo-location and consistent hash algorithm.
- Default is true.
- Field introduced in 17.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
uuid:
description:
- Uuid of the gslb service.
wildcard_match:
description:
- Enable wild-card match of fqdn if an exact match is not found in the dns table, the longest match is chosen by wild-carding the fqdn in the dns
- request.
- Default is false.
- Field introduced in 17.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create GslbService object
avi_gslbservice:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_gslbservice
"""
RETURN = '''
obj:
description: GslbService (api/gslbservice) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
application_persistence_profile_ref=dict(type='str',),
controller_health_status_enabled=dict(type='bool',),
created_by=dict(type='str',),
description=dict(type='str',),
domain_names=dict(type='list',),
down_response=dict(type='dict',),
enabled=dict(type='bool',),
groups=dict(type='list',),
health_monitor_refs=dict(type='list',),
health_monitor_scope=dict(type='str',),
hm_off=dict(type='bool',),
is_federated=dict(type='bool',),
min_members=dict(type='int',),
name=dict(type='str', required=True),
num_dns_ip=dict(type='int',),
pool_algorithm=dict(type='str',),
site_persistence_enabled=dict(type='bool',),
tenant_ref=dict(type='str',),
ttl=dict(type='int',),
url=dict(type='str',),
use_edns_client_subnet=dict(type='bool',),
uuid=dict(type='str',),
wildcard_match=dict(type='bool',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'gslbservice',
set([]))
if __name__ == '__main__':
main()

294
plugins/modules/network/avi/avi_gslbservice_patch_member.py Normal file
View File

@@ -0,0 +1,294 @@
#!/usr/bin/python
"""
# Created on Aug 12, 2016
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com) GitHub ID: grastogi23
#
# module_check: supported
#
# Copyright: (c) 2016 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
"""
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_gslbservice_patch_member
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Avi API Module
description:
- This module can be used for calling any resources defined in Avi REST API. U(https://avinetworks.com/)
- This module is useful for invoking HTTP Patch methods and accessing resources that do not have an REST object associated with them.
requirements: [ avisdk ]
options:
data:
description:
- HTTP body of GSLB Service Member in YAML or JSON format.
params:
description:
- Query parameters passed to the HTTP API.
name:
description:
- Name of the GSLB Service
required: true
state:
description:
- The state that should be applied to the member. Member is
- identified using field member.ip.addr.
default: present
choices: ["absent","present"]
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = '''
- name: Patch GSLB Service to add a new member and group
avi_gslbservice_patch_member:
controller: "{{ controller }}"
username: "{{ username }}"
password: "{{ password }}"
name: gs-3
api_version: 17.2.1
data:
group:
name: newfoo
priority: 60
members:
- enabled: true
ip:
addr: 10.30.10.66
type: V4
ratio: 3
- name: Patch GSLB Service to delete an existing member
avi_gslbservice_patch_member:
controller: "{{ controller }}"
username: "{{ username }}"
password: "{{ password }}"
name: gs-3
state: absent
api_version: 17.2.1
data:
group:
name: newfoo
members:
- enabled: true
ip:
addr: 10.30.10.68
type: V4
ratio: 3
- name: Update priority of GSLB Service Pool
avi_gslbservice_patch_member:
controller: ""
username: ""
password: ""
name: gs-3
state: present
api_version: 17.2.1
data:
group:
name: newfoo
priority: 42
'''
RETURN = '''
obj:
description: Avi REST resource
returned: success, changed
type: dict
'''
import json
import time
from ansible.module_utils.basic import AnsibleModule
from copy import deepcopy
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_obj_cmp, cleanup_absent_fields,
ansible_return, AviCheckModeResponse, HAS_AVI)
from ansible_collections.community.general.plugins.module_utils.network.avi.avi_api import (
ApiSession, AviCredentials)
except ImportError:
HAS_AVI = False
def delete_member(module, check_mode, api, tenant, tenant_uuid,
existing_obj, data, api_version):
members = data.get('group', {}).get('members', [])
patched_member_ids = set([m['ip']['addr'] for m in members if 'fqdn' not in m])
patched_member_fqdns = set([m['fqdn'] for m in members if 'fqdn' in m])
changed = False
rsp = None
if existing_obj and (patched_member_ids or patched_member_fqdns):
groups = [group for group in existing_obj.get('groups', [])
if group['name'] == data['group']['name']]
if groups:
changed = any(
[(lambda g: g['ip']['addr'] in patched_member_ids)(m)
for m in groups[0].get('members', []) if 'fqdn' not in m])
changed = changed or any(
[(lambda g: g['fqdn'] in patched_member_fqdns)(m)
for m in groups[0].get('members', []) if 'fqdn' in m])
if check_mode or not changed:
return changed, rsp
# should not come here if not found
group = groups[0]
new_members = []
for m in group.get('members', []):
if 'fqdn' in m:
if m['fqdn'] not in patched_member_fqdns:
new_members.append(m)
elif 'ip' in m:
if m['ip']['addr'] not in patched_member_ids:
new_members.append(m)
group['members'] = new_members
if not group['members']:
# Delete this group from the existing objects if it is empty.
# Controller also does not allow empty group.
existing_obj['groups'] = [
grp for grp in existing_obj.get('groups', []) if
grp['name'] != data['group']['name']]
# remove the members that are part of the list
# update the object
# added api version for AVI api call.
rsp = api.put('gslbservice/%s' % existing_obj['uuid'], data=existing_obj,
tenant=tenant, tenant_uuid=tenant_uuid, api_version=api_version)
return changed, rsp
def add_member(module, check_mode, api, tenant, tenant_uuid,
existing_obj, data, name, api_version):
rsp = None
if not existing_obj:
# create the object
changed = True
if check_mode:
rsp = AviCheckModeResponse(obj=None)
else:
# creates group with single member
req = {'name': name,
'groups': [data['group']]
}
# added api version for AVI api call.
rsp = api.post('gslbservice', data=req, tenant=tenant,
tenant_uuid=tenant_uuid, api_version=api_version)
else:
# found GSLB object
req = deepcopy(existing_obj)
if 'groups' not in req:
req['groups'] = []
groups = [group for group in req['groups']
if group['name'] == data['group']['name']]
if not groups:
# did not find the group
req['groups'].append(data['group'])
else:
# just update the existing group with members
group = groups[0]
group_info_wo_members = deepcopy(data['group'])
group_info_wo_members.pop('members', None)
group.update(group_info_wo_members)
if 'members' not in group:
group['members'] = []
new_members = []
for patch_member in data['group'].get('members', []):
found = False
for m in group['members']:
if 'fqdn' in patch_member and m.get('fqdn', '') == patch_member['fqdn']:
found = True
break
elif m['ip']['addr'] == patch_member['ip']['addr']:
found = True
break
if not found:
new_members.append(patch_member)
else:
m.update(patch_member)
# add any new members
group['members'].extend(new_members)
cleanup_absent_fields(req)
changed = not avi_obj_cmp(req, existing_obj)
if changed and not check_mode:
obj_path = '%s/%s' % ('gslbservice', existing_obj['uuid'])
# added api version for AVI api call.
rsp = api.put(obj_path, data=req, tenant=tenant,
tenant_uuid=tenant_uuid, api_version=api_version)
return changed, rsp
def main():
argument_specs = dict(
params=dict(type='dict'),
data=dict(type='dict'),
name=dict(type='str', required=True),
state=dict(default='present',
choices=['absent', 'present'])
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or ansible>=2.8 is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
api = ApiSession.get_session(
api_creds.controller, api_creds.username, password=api_creds.password,
timeout=api_creds.timeout, tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid, token=api_creds.token,
port=api_creds.port)
tenant = api_creds.tenant
tenant_uuid = api_creds.tenant_uuid
params = module.params.get('params', None)
data = module.params.get('data', None)
gparams = deepcopy(params) if params else {}
gparams.update({'include_refs': '', 'include_name': ''})
name = module.params.get('name', '')
state = module.params['state']
# Get the api version from module.
api_version = api_creds.api_version
"""
state: present
1. Check if the GSLB service is present
2. If not then create the GSLB service with the member
3. Check if the group exists
4. if not then create the group with the member
5. Check if the member is present
if not then add the member
state: absent
1. check if GSLB service is present if not then exit
2. check if group is present. if not then exit
3. check if member is present. if present then remove it.
"""
obj_type = 'gslbservice'
# Added api version to call
existing_obj = api.get_object_by_name(
obj_type, name, tenant=tenant, tenant_uuid=tenant_uuid,
params={'include_refs': '', 'include_name': ''}, api_version=api_version)
check_mode = module.check_mode
if state == 'absent':
# Added api version to call
changed, rsp = delete_member(module, check_mode, api, tenant,
tenant_uuid, existing_obj, data, api_version)
else:
# Added api version to call
changed, rsp = add_member(module, check_mode, api, tenant, tenant_uuid,
existing_obj, data, name, api_version)
if check_mode or not changed:
return module.exit_json(changed=changed, obj=existing_obj)
return ansible_return(module, rsp, changed, req=data)
if __name__ == '__main__':
main()

113
plugins/modules/network/avi/avi_hardwaresecuritymodulegroup.py Normal file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_hardwaresecuritymodulegroup
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of HardwareSecurityModuleGroup Avi RESTful Object
description:
- This module is used to configure HardwareSecurityModuleGroup object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
hsm:
description:
- Hardware security module configuration.
required: true
name:
description:
- Name of the hsm group configuration object.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the hsm group configuration object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create HardwareSecurityModuleGroup object
avi_hardwaresecuritymodulegroup:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_hardwaresecuritymodulegroup
"""
RETURN = '''
obj:
description: HardwareSecurityModuleGroup (api/hardwaresecuritymodulegroup) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
hsm=dict(type='dict', required=True),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'hardwaresecuritymodulegroup',
set([]))
if __name__ == '__main__':
main()

205
plugins/modules/network/avi/avi_healthmonitor.py Normal file
View File

@@ -0,0 +1,205 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_healthmonitor
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of HealthMonitor Avi RESTful Object
description:
- This module is used to configure HealthMonitor object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
description:
description:
- User defined description for the object.
dns_monitor:
description:
- Healthmonitordns settings for healthmonitor.
external_monitor:
description:
- Healthmonitorexternal settings for healthmonitor.
failed_checks:
description:
- Number of continuous failed health checks before the server is marked down.
- Allowed values are 1-50.
- Default value when not specified in API or module is interpreted by Avi Controller as 2.
http_monitor:
description:
- Healthmonitorhttp settings for healthmonitor.
https_monitor:
description:
- Healthmonitorhttp settings for healthmonitor.
is_federated:
description:
- This field describes the object's replication scope.
- If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines.
- If the field is set to true, then the object is replicated across the federation.
- Field introduced in 17.1.3.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
monitor_port:
description:
- Use this port instead of the port defined for the server in the pool.
- If the monitor succeeds to this port, the load balanced traffic will still be sent to the port of the server defined within the pool.
- Allowed values are 1-65535.
- Special values are 0 - 'use server port'.
name:
description:
- A user friendly name for this health monitor.
required: true
radius_monitor:
description:
- Health monitor for radius.
- Field introduced in 18.2.3.
receive_timeout:
description:
- A valid response from the server is expected within the receive timeout window.
- This timeout must be less than the send interval.
- If server status is regularly flapping up and down, consider increasing this value.
- Allowed values are 1-2400.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.
send_interval:
description:
- Frequency, in seconds, that monitors are sent to a server.
- Allowed values are 1-3600.
- Default value when not specified in API or module is interpreted by Avi Controller as 10.
sip_monitor:
description:
- Health monitor for sip.
- Field introduced in 17.2.8, 18.1.3, 18.2.1.
successful_checks:
description:
- Number of continuous successful health checks before server is marked up.
- Allowed values are 1-50.
- Default value when not specified in API or module is interpreted by Avi Controller as 2.
tcp_monitor:
description:
- Healthmonitortcp settings for healthmonitor.
tenant_ref:
description:
- It is a reference to an object of type tenant.
type:
description:
- Type of the health monitor.
- Enum options - HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP, HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS, HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP,
- HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB, HEALTH_MONITOR_SIP, HEALTH_MONITOR_RADIUS.
required: true
udp_monitor:
description:
- Healthmonitorudp settings for healthmonitor.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the health monitor.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a HTTPS health monitor
avi_healthmonitor:
controller: 10.10.27.90
username: admin
password: AviNetworks123!
https_monitor:
http_request: HEAD / HTTP/1.0
http_response_code:
- HTTP_2XX
- HTTP_3XX
receive_timeout: 4
failed_checks: 3
send_interval: 10
successful_checks: 3
type: HEALTH_MONITOR_HTTPS
name: MyWebsite-HTTPS
"""
RETURN = '''
obj:
description: HealthMonitor (api/healthmonitor) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
description=dict(type='str',),
dns_monitor=dict(type='dict',),
external_monitor=dict(type='dict',),
failed_checks=dict(type='int',),
http_monitor=dict(type='dict',),
https_monitor=dict(type='dict',),
is_federated=dict(type='bool',),
monitor_port=dict(type='int',),
name=dict(type='str', required=True),
radius_monitor=dict(type='dict',),
receive_timeout=dict(type='int',),
send_interval=dict(type='int',),
sip_monitor=dict(type='dict',),
successful_checks=dict(type='int',),
tcp_monitor=dict(type='dict',),
tenant_ref=dict(type='str',),
type=dict(type='str', required=True),
udp_monitor=dict(type='dict',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'healthmonitor',
set([]))
if __name__ == '__main__':
main()

169
plugins/modules/network/avi/avi_httppolicyset.py Normal file
View File

@@ -0,0 +1,169 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_httppolicyset
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of HTTPPolicySet Avi RESTful Object
description:
- This module is used to configure HTTPPolicySet object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cloud_config_cksum:
description:
- Checksum of cloud configuration for pool.
- Internally set by cloud connector.
created_by:
description:
- Creator name.
description:
description:
- User defined description for the object.
http_request_policy:
description:
- Http request policy for the virtual service.
http_response_policy:
description:
- Http response policy for the virtual service.
http_security_policy:
description:
- Http security policy for the virtual service.
is_internal_policy:
description:
- Boolean flag to set is_internal_policy.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
name:
description:
- Name of the http policy set.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the http policy set.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a HTTP Policy set two switch between testpool1 and testpool2
avi_httppolicyset:
controller: 10.10.27.90
username: admin
password: AviNetworks123!
name: test-HTTP-Policy-Set
tenant_ref: admin
http_request_policy:
rules:
- index: 1
enable: true
name: test-test1
match:
path:
match_case: INSENSITIVE
match_str:
- /test1
match_criteria: EQUALS
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
pool_ref: "/api/pool?name=testpool1"
- index: 2
enable: true
name: test-test2
match:
path:
match_case: INSENSITIVE
match_str:
- /test2
match_criteria: CONTAINS
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
pool_ref: "/api/pool?name=testpool2"
is_internal_policy: false
"""
RETURN = '''
obj:
description: HTTPPolicySet (api/httppolicyset) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cloud_config_cksum=dict(type='str',),
created_by=dict(type='str',),
description=dict(type='str',),
http_request_policy=dict(type='dict',),
http_response_policy=dict(type='dict',),
http_security_policy=dict(type='dict',),
is_internal_policy=dict(type='bool',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'httppolicyset',
set([]))
if __name__ == '__main__':
main()

159
plugins/modules/network/avi/avi_ipaddrgroup.py Normal file
View File

@@ -0,0 +1,159 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_ipaddrgroup
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of IpAddrGroup Avi RESTful Object
description:
- This module is used to configure IpAddrGroup object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
addrs:
description:
- Configure ip address(es).
apic_epg_name:
description:
- Populate ip addresses from members of this cisco apic epg.
country_codes:
description:
- Populate the ip address ranges from the geo database for this country.
description:
description:
- User defined description for the object.
ip_ports:
description:
- Configure (ip address, port) tuple(s).
marathon_app_name:
description:
- Populate ip addresses from tasks of this marathon app.
marathon_service_port:
description:
- Task port associated with marathon service port.
- If marathon app has multiple service ports, this is required.
- Else, the first task port is used.
name:
description:
- Name of the ip address group.
required: true
prefixes:
description:
- Configure ip address prefix(es).
ranges:
description:
- Configure ip address range(s).
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the ip address group.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create an IP Address Group configuration
avi_ipaddrgroup:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
name: Client-Source-Block
prefixes:
- ip_addr:
addr: 10.0.0.0
type: V4
mask: 8
- ip_addr:
addr: 172.16.0.0
type: V4
mask: 12
- ip_addr:
addr: 192.168.0.0
type: V4
mask: 16
"""
RETURN = '''
obj:
description: IpAddrGroup (api/ipaddrgroup) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
addrs=dict(type='list',),
apic_epg_name=dict(type='str',),
country_codes=dict(type='list',),
description=dict(type='str',),
ip_ports=dict(type='list',),
marathon_app_name=dict(type='str',),
marathon_service_port=dict(type='int',),
name=dict(type='str', required=True),
prefixes=dict(type='list',),
ranges=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'ipaddrgroup',
set([]))
if __name__ == '__main__':
main()

180
plugins/modules/network/avi/avi_ipamdnsproviderprofile.py Normal file
View File

@@ -0,0 +1,180 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_ipamdnsproviderprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of IpamDnsProviderProfile Avi RESTful Object
description:
- This module is used to configure IpamDnsProviderProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
allocate_ip_in_vrf:
description:
- If this flag is set, only allocate ip from networks in the virtual service vrf.
- Applicable for avi vantage ipam only.
- Field introduced in 17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
aws_profile:
description:
- Provider details if type is aws.
azure_profile:
description:
- Provider details if type is microsoft azure.
- Field introduced in 17.2.1.
custom_profile:
description:
- Provider details if type is custom.
- Field introduced in 17.1.1.
gcp_profile:
description:
- Provider details if type is google cloud.
infoblox_profile:
description:
- Provider details if type is infoblox.
internal_profile:
description:
- Provider details if type is avi.
name:
description:
- Name for the ipam/dns provider profile.
required: true
oci_profile:
description:
- Provider details for oracle cloud.
- Field introduced in 18.2.1,18.1.3.
openstack_profile:
description:
- Provider details if type is openstack.
proxy_configuration:
description:
- Field introduced in 17.1.1.
tenant_ref:
description:
- It is a reference to an object of type tenant.
tencent_profile:
description:
- Provider details for tencent cloud.
- Field introduced in 18.2.3.
type:
description:
- Provider type for the ipam/dns provider profile.
- Enum options - IPAMDNS_TYPE_INFOBLOX, IPAMDNS_TYPE_AWS, IPAMDNS_TYPE_OPENSTACK, IPAMDNS_TYPE_GCP, IPAMDNS_TYPE_INFOBLOX_DNS, IPAMDNS_TYPE_CUSTOM,
- IPAMDNS_TYPE_CUSTOM_DNS, IPAMDNS_TYPE_AZURE, IPAMDNS_TYPE_OCI, IPAMDNS_TYPE_TENCENT, IPAMDNS_TYPE_INTERNAL, IPAMDNS_TYPE_INTERNAL_DNS,
- IPAMDNS_TYPE_AWS_DNS, IPAMDNS_TYPE_AZURE_DNS.
required: true
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the ipam/dns provider profile.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create IPAM DNS provider setting
avi_ipamdnsproviderprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
internal_profile:
dns_service_domain:
- domain_name: ashish.local
num_dns_ip: 1
pass_through: true
record_ttl: 100
- domain_name: guru.local
num_dns_ip: 1
pass_through: true
record_ttl: 200
ttl: 300
name: Ashish-DNS
tenant_ref: Demo
type: IPAMDNS_TYPE_INTERNAL
"""
RETURN = '''
obj:
description: IpamDnsProviderProfile (api/ipamdnsproviderprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
allocate_ip_in_vrf=dict(type='bool',),
aws_profile=dict(type='dict',),
azure_profile=dict(type='dict',),
custom_profile=dict(type='dict',),
gcp_profile=dict(type='dict',),
infoblox_profile=dict(type='dict',),
internal_profile=dict(type='dict',),
name=dict(type='str', required=True),
oci_profile=dict(type='dict',),
openstack_profile=dict(type='dict',),
proxy_configuration=dict(type='dict',),
tenant_ref=dict(type='str',),
tencent_profile=dict(type='dict',),
type=dict(type='str', required=True),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'ipamdnsproviderprofile',
set([]))
if __name__ == '__main__':
main()

131
plugins/modules/network/avi/avi_l4policyset.py Normal file
View File

@@ -0,0 +1,131 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_l4policyset
author: Chaitanya Deshpande (@chaitanyaavi) <chaitanya.deshpande@avinetworks.com>
short_description: Module for setup of L4PolicySet Avi RESTful Object
description:
- This module is used to configure L4PolicySet object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
created_by:
description:
- Creator name.
- Field introduced in 17.2.7.
description:
description:
- Field introduced in 17.2.7.
is_internal_policy:
description:
- Field introduced in 17.2.7.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
l4_connection_policy:
description:
- Policy to apply when a new transport connection is setup.
- Field introduced in 17.2.7.
name:
description:
- Name of the l4 policy set.
- Field introduced in 17.2.7.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.2.7.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Id of the l4 policy set.
- Field introduced in 17.2.7.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create L4PolicySet object
avi_l4policyset:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_l4policyset
"""
RETURN = '''
obj:
description: L4PolicySet (api/l4policyset) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
created_by=dict(type='str',),
description=dict(type='str',),
is_internal_policy=dict(type='bool',),
l4_connection_policy=dict(type='dict',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'l4policyset',
set([]))
if __name__ == '__main__':
main()

122
plugins/modules/network/avi/avi_microservicegroup.py Normal file
View File

@@ -0,0 +1,122 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_microservicegroup
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of MicroServiceGroup Avi RESTful Object
description:
- This module is used to configure MicroServiceGroup object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
created_by:
description:
- Creator name.
description:
description:
- User defined description for the object.
name:
description:
- Name of the microservice group.
required: true
service_refs:
description:
- Configure microservice(es).
- It is a reference to an object of type microservice.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the microservice group.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a Microservice Group that can be used for setting up Network security policy
avi_microservicegroup:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
description: Group created by my Secure My App UI.
name: vs-msg-marketing
tenant_ref: admin
"""
RETURN = '''
obj:
description: MicroServiceGroup (api/microservicegroup) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
created_by=dict(type='str',),
description=dict(type='str',),
name=dict(type='str', required=True),
service_refs=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'microservicegroup',
set([]))
if __name__ == '__main__':
main()

156
plugins/modules/network/avi/avi_network.py Normal file
View File

@@ -0,0 +1,156 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_network
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Network Avi RESTful Object
description:
- This module is used to configure Network object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cloud_ref:
description:
- It is a reference to an object of type cloud.
configured_subnets:
description:
- List of subnet.
dhcp_enabled:
description:
- Select the ip address management scheme for this network.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
exclude_discovered_subnets:
description:
- When selected, excludes all discovered subnets in this network from consideration for virtual service placement.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
ip6_autocfg_enabled:
description:
- Enable ipv6 auto configuration.
- Field introduced in 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
name:
description:
- Name of the object.
required: true
synced_from_se:
description:
- Boolean flag to set synced_from_se.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
vcenter_dvs:
description:
- Boolean flag to set vcenter_dvs.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
vimgrnw_ref:
description:
- It is a reference to an object of type vimgrnwruntime.
vrf_context_ref:
description:
- It is a reference to an object of type vrfcontext.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create Network object
avi_network:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_network
"""
RETURN = '''
obj:
description: Network (api/network) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cloud_ref=dict(type='str',),
configured_subnets=dict(type='list',),
dhcp_enabled=dict(type='bool',),
exclude_discovered_subnets=dict(type='bool',),
ip6_autocfg_enabled=dict(type='bool',),
name=dict(type='str', required=True),
synced_from_se=dict(type='bool',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
vcenter_dvs=dict(type='bool',),
vimgrnw_ref=dict(type='str',),
vrf_context_ref=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'network',
set([]))
if __name__ == '__main__':
main()

132
plugins/modules/network/avi/avi_networkprofile.py Normal file
View File

@@ -0,0 +1,132 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_networkprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of NetworkProfile Avi RESTful Object
description:
- This module is used to configure NetworkProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
connection_mirror:
description:
- When enabled, avi mirrors all tcp fastpath connections to standby.
- Applicable only in legacy ha mode.
- Field introduced in 18.1.3,18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
description:
description:
- User defined description for the object.
name:
description:
- The name of the network profile.
required: true
profile:
description:
- Networkprofileunion settings for networkprofile.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the network profile.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a network profile for an UDP application
avi_networkprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
name: System-UDP-Fast-Path
profile:
type: PROTOCOL_TYPE_UDP_FAST_PATH
udp_fast_path_profile:
per_pkt_loadbalance: false
session_idle_timeout: 10
snat: true
tenant_ref: admin
"""
RETURN = '''
obj:
description: NetworkProfile (api/networkprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
connection_mirror=dict(type='bool',),
description=dict(type='str',),
name=dict(type='str', required=True),
profile=dict(type='dict', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'networkprofile',
set([]))
if __name__ == '__main__':
main()

137
plugins/modules/network/avi/avi_networksecuritypolicy.py Normal file
View File

@@ -0,0 +1,137 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_networksecuritypolicy
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of NetworkSecurityPolicy Avi RESTful Object
description:
- This module is used to configure NetworkSecurityPolicy object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cloud_config_cksum:
description:
- Checksum of cloud configuration for network sec policy.
- Internally set by cloud connector.
created_by:
description:
- Creator name.
description:
description:
- User defined description for the object.
name:
description:
- Name of the object.
rules:
description:
- List of networksecurityrule.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a network security policy to block clients represented by ip group known_attackers
avi_networksecuritypolicy:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
name: vs-gurutest-ns
rules:
- action: NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY
age: 0
enable: true
index: 1
log: false
match:
client_ip:
group_refs:
- Demo:known_attackers
match_criteria: IS_IN
name: Rule 1
tenant_ref: Demo
"""
RETURN = '''
obj:
description: NetworkSecurityPolicy (api/networksecuritypolicy) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cloud_config_cksum=dict(type='str',),
created_by=dict(type='str',),
description=dict(type='str',),
name=dict(type='str',),
rules=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'networksecuritypolicy',
set([]))
if __name__ == '__main__':
main()

150
plugins/modules/network/avi/avi_pkiprofile.py Normal file
View File

@@ -0,0 +1,150 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_pkiprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of PKIProfile Avi RESTful Object
description:
- This module is used to configure PKIProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
ca_certs:
description:
- List of certificate authorities (root and intermediate) trusted that is used for certificate validation.
created_by:
description:
- Creator name.
crl_check:
description:
- When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
crls:
description:
- Certificate revocation lists.
ignore_peer_chain:
description:
- When enabled, avi will not trust intermediate and root certs presented by a client.
- Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
is_federated:
description:
- This field describes the object's replication scope.
- If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines.
- If the field is set to true, then the object is replicated across the federation.
- Field introduced in 17.1.3.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
name:
description:
- Name of the pki profile.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
validate_only_leaf_crl:
description:
- When enabled, avi will only validate the revocation status of the leaf certificate using crl.
- To enable validation for the entire chain, disable this option and provide all the relevant crls.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create PKIProfile object
avi_pkiprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_pkiprofile
"""
RETURN = '''
obj:
description: PKIProfile (api/pkiprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
ca_certs=dict(type='list',),
created_by=dict(type='str',),
crl_check=dict(type='bool',),
crls=dict(type='list',),
ignore_peer_chain=dict(type='bool',),
is_federated=dict(type='bool',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
validate_only_leaf_crl=dict(type='bool',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'pkiprofile',
set([]))
if __name__ == '__main__':
main()

498
plugins/modules/network/avi/avi_pool.py Normal file
View File

@@ -0,0 +1,498 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_pool
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Pool Avi RESTful Object
description:
- This module is used to configure Pool object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
a_pool:
description:
- Name of container cloud application that constitutes a pool in a a-b pool configuration, if different from vs app.
- Field deprecated in 18.1.2.
ab_pool:
description:
- A/b pool configuration.
- Field deprecated in 18.1.2.
ab_priority:
description:
- Priority of this pool in a a-b pool pair.
- Internally used.
- Field deprecated in 18.1.2.
analytics_policy:
description:
- Determines analytics settings for the pool.
- Field introduced in 18.1.5, 18.2.1.
analytics_profile_ref:
description:
- Specifies settings related to analytics.
- It is a reference to an object of type analyticsprofile.
- Field introduced in 18.1.4,18.2.1.
apic_epg_name:
description:
- Synchronize cisco apic epg members with pool servers.
application_persistence_profile_ref:
description:
- Persistence will ensure the same user sticks to the same server for a desired duration of time.
- It is a reference to an object of type applicationpersistenceprofile.
autoscale_launch_config_ref:
description:
- If configured then avi will trigger orchestration of pool server creation and deletion.
- It is only supported for container clouds like mesos, openshift, kubernetes, docker, etc.
- It is a reference to an object of type autoscalelaunchconfig.
autoscale_networks:
description:
- Network ids for the launch configuration.
autoscale_policy_ref:
description:
- Reference to server autoscale policy.
- It is a reference to an object of type serverautoscalepolicy.
capacity_estimation:
description:
- Inline estimation of capacity of servers.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
capacity_estimation_ttfb_thresh:
description:
- The maximum time-to-first-byte of a server.
- Allowed values are 1-5000.
- Special values are 0 - 'automatic'.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
cloud_config_cksum:
description:
- Checksum of cloud configuration for pool.
- Internally set by cloud connector.
cloud_ref:
description:
- It is a reference to an object of type cloud.
conn_pool_properties:
description:
- Connection pool properties.
- Field introduced in 18.2.1.
connection_ramp_duration:
description:
- Duration for which new connections will be gradually ramped up to a server recently brought online.
- Useful for lb algorithms that are least connection based.
- Allowed values are 1-300.
- Special values are 0 - 'immediate'.
- Default value when not specified in API or module is interpreted by Avi Controller as 10.
created_by:
description:
- Creator name.
default_server_port:
description:
- Traffic sent to servers will use this destination server port unless overridden by the server's specific port attribute.
- The ssl checkbox enables avi to server encryption.
- Allowed values are 1-65535.
- Default value when not specified in API or module is interpreted by Avi Controller as 80.
delete_server_on_dns_refresh:
description:
- Indicates whether existing ips are disabled(false) or deleted(true) on dns hostname refreshdetail -- on a dns refresh, some ips set on pool may
- no longer be returned by the resolver.
- These ips are deleted from the pool when this knob is set to true.
- They are disabled, if the knob is set to false.
- Field introduced in 18.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
description:
description:
- A description of the pool.
domain_name:
description:
- Comma separated list of domain names which will be used to verify the common names or subject alternative names presented by server certificates.
- It is performed only when common name check host_check_enabled is enabled.
east_west:
description:
- Inherited config from virtualservice.
type: bool
enabled:
description:
- Enable or disable the pool.
- Disabling will terminate all open connections and pause health monitors.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
external_autoscale_groups:
description:
- Names of external auto-scale groups for pool servers.
- Currently available only for aws and azure.
- Field introduced in 17.1.2.
fail_action:
description:
- Enable an action - close connection, http redirect or local http response - when a pool failure happens.
- By default, a connection will be closed, in case the pool experiences a failure.
fewest_tasks_feedback_delay:
description:
- Periodicity of feedback for fewest tasks server selection algorithm.
- Allowed values are 1-300.
- Default value when not specified in API or module is interpreted by Avi Controller as 10.
graceful_disable_timeout:
description:
- Used to gracefully disable a server.
- Virtual service waits for the specified time before terminating the existing connections to the servers that are disabled.
- Allowed values are 1-7200.
- Special values are 0 - 'immediate', -1 - 'infinite'.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.
gslb_sp_enabled:
description:
- Indicates if the pool is a site-persistence pool.
- Field introduced in 17.2.1.
type: bool
health_monitor_refs:
description:
- Verify server health by applying one or more health monitors.
- Active monitors generate synthetic traffic from each service engine and mark a server up or down based on the response.
- The passive monitor listens only to client to server communication.
- It raises or lowers the ratio of traffic destined to a server based on successful responses.
- It is a reference to an object of type healthmonitor.
host_check_enabled:
description:
- Enable common name check for server certificate.
- If enabled and no explicit domain name is specified, avi will use the incoming host header to do the match.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
inline_health_monitor:
description:
- The passive monitor will monitor client to server connections and requests and adjust traffic load to servers based on successful responses.
- This may alter the expected behavior of the lb method, such as round robin.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
ipaddrgroup_ref:
description:
- Use list of servers from ip address group.
- It is a reference to an object of type ipaddrgroup.
lb_algorithm:
description:
- The load balancing algorithm will pick a server within the pool's list of available servers.
- Enum options - LB_ALGORITHM_LEAST_CONNECTIONS, LB_ALGORITHM_ROUND_ROBIN, LB_ALGORITHM_FASTEST_RESPONSE, LB_ALGORITHM_CONSISTENT_HASH,
- LB_ALGORITHM_LEAST_LOAD, LB_ALGORITHM_FEWEST_SERVERS, LB_ALGORITHM_RANDOM, LB_ALGORITHM_FEWEST_TASKS, LB_ALGORITHM_NEAREST_SERVER,
- LB_ALGORITHM_CORE_AFFINITY, LB_ALGORITHM_TOPOLOGY.
- Default value when not specified in API or module is interpreted by Avi Controller as LB_ALGORITHM_LEAST_CONNECTIONS.
lb_algorithm_consistent_hash_hdr:
description:
- Http header name to be used for the hash key.
lb_algorithm_core_nonaffinity:
description:
- Degree of non-affinity for core affinity based server selection.
- Allowed values are 1-65535.
- Field introduced in 17.1.3.
- Default value when not specified in API or module is interpreted by Avi Controller as 2.
lb_algorithm_hash:
description:
- Criteria used as a key for determining the hash between the client and server.
- Enum options - LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS, LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT,
- LB_ALGORITHM_CONSISTENT_HASH_URI, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_STRING,
- LB_ALGORITHM_CONSISTENT_HASH_CALLID.
- Default value when not specified in API or module is interpreted by Avi Controller as LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS.
lookup_server_by_name:
description:
- Allow server lookup by name.
- Field introduced in 17.1.11,17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
max_concurrent_connections_per_server:
description:
- The maximum number of concurrent connections allowed to each server within the pool.
- Note applied value will be no less than the number of service engines that the pool is placed on.
- If set to 0, no limit is applied.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
max_conn_rate_per_server:
description:
- Rate limit connections to each server.
min_health_monitors_up:
description:
- Minimum number of health monitors in up state to mark server up.
- Field introduced in 18.2.1, 17.2.12.
min_servers_up:
description:
- Minimum number of servers in up state for marking the pool up.
- Field introduced in 18.2.1, 17.2.12.
name:
description:
- The name of the pool.
required: true
networks:
description:
- (internal-use) networks designated as containing servers for this pool.
- The servers may be further narrowed down by a filter.
- This field is used internally by avi, not editable by the user.
nsx_securitygroup:
description:
- A list of nsx service groups where the servers for the pool are created.
- Field introduced in 17.1.1.
pki_profile_ref:
description:
- Avi will validate the ssl certificate present by a server against the selected pki profile.
- It is a reference to an object of type pkiprofile.
placement_networks:
description:
- Manually select the networks and subnets used to provide reachability to the pool's servers.
- Specify the subnet using the following syntax 10-1-1-0/24.
- Use static routes in vrf configuration when pool servers are not directly connected butroutable from the service engine.
prst_hdr_name:
description:
- Header name for custom header persistence.
- Field deprecated in 18.1.2.
request_queue_depth:
description:
- Minimum number of requests to be queued when pool is full.
- Default value when not specified in API or module is interpreted by Avi Controller as 128.
request_queue_enabled:
description:
- Enable request queue when pool is full.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
rewrite_host_header_to_server_name:
description:
- Rewrite incoming host header to server name of the server to which the request is proxied.
- Enabling this feature rewrites host header for requests to all servers in the pool.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
rewrite_host_header_to_sni:
description:
- If sni server name is specified, rewrite incoming host header to the sni server name.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
server_auto_scale:
description:
- Server autoscale.
- Not used anymore.
- Field deprecated in 18.1.2.
type: bool
server_count:
description:
- Field deprecated in 18.2.1.
server_name:
description:
- Fully qualified dns hostname which will be used in the tls sni extension in server connections if sni is enabled.
- If no value is specified, avi will use the incoming host header instead.
server_reselect:
description:
- Server reselect configuration for http requests.
server_timeout:
description:
- Server timeout value specifies the time within which a server connection needs to be established and a request-response exchange completes
- between avi and the server.
- Value of 0 results in using default timeout of 60 minutes.
- Allowed values are 0-3600000.
- Field introduced in 18.1.5,18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
servers:
description:
- The pool directs load balanced traffic to this list of destination servers.
- The servers can be configured by ip address, name, network or via ip address group.
service_metadata:
description:
- Metadata pertaining to the service provided by this pool.
- In openshift/kubernetes environments, app metadata info is stored.
- Any user input to this field will be overwritten by avi vantage.
- Field introduced in 17.2.14,18.1.5,18.2.1.
sni_enabled:
description:
- Enable tls sni for server connections.
- If disabled, avi will not send the sni extension as part of the handshake.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
ssl_key_and_certificate_ref:
description:
- Service engines will present a client ssl certificate to the server.
- It is a reference to an object of type sslkeyandcertificate.
ssl_profile_ref:
description:
- When enabled, avi re-encrypts traffic to the backend servers.
- The specific ssl profile defines which ciphers and ssl versions will be supported.
- It is a reference to an object of type sslprofile.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
use_service_port:
description:
- Do not translate the client's destination port when sending the connection to the server.
- The pool or servers specified service port will still be used for health monitoring.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
uuid:
description:
- Uuid of the pool.
vrf_ref:
description:
- Virtual routing context that the pool is bound to.
- This is used to provide the isolation of the set of networks the pool is attached to.
- The pool inherits the virtual routing context of the virtual service, and this field is used only internally, and is set by pb-transform.
- It is a reference to an object of type vrfcontext.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a Pool with two servers and HTTP monitor
avi_pool:
controller: 10.10.1.20
username: avi_user
password: avi_password
name: testpool1
description: testpool1
state: present
health_monitor_refs:
- '/api/healthmonitor?name=System-HTTP'
servers:
- ip:
addr: 10.10.2.20
type: V4
- ip:
addr: 10.10.2.21
type: V4
- name: Patch pool with a single server using patch op and avi_credentials
avi_pool:
avi_api_update_method: patch
avi_api_patch_op: delete
avi_credentials: "{{avi_credentials}}"
name: test-pool
servers:
- ip:
addr: 10.90.64.13
type: 'V4'
register: pool
when:
- state | default("present") == "present"
"""
RETURN = '''
obj:
description: Pool (api/pool) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
a_pool=dict(type='str',),
ab_pool=dict(type='dict',),
ab_priority=dict(type='int',),
analytics_policy=dict(type='dict',),
analytics_profile_ref=dict(type='str',),
apic_epg_name=dict(type='str',),
application_persistence_profile_ref=dict(type='str',),
autoscale_launch_config_ref=dict(type='str',),
autoscale_networks=dict(type='list',),
autoscale_policy_ref=dict(type='str',),
capacity_estimation=dict(type='bool',),
capacity_estimation_ttfb_thresh=dict(type='int',),
cloud_config_cksum=dict(type='str',),
cloud_ref=dict(type='str',),
conn_pool_properties=dict(type='dict',),
connection_ramp_duration=dict(type='int',),
created_by=dict(type='str',),
default_server_port=dict(type='int',),
delete_server_on_dns_refresh=dict(type='bool',),
description=dict(type='str',),
domain_name=dict(type='list',),
east_west=dict(type='bool',),
enabled=dict(type='bool',),
external_autoscale_groups=dict(type='list',),
fail_action=dict(type='dict',),
fewest_tasks_feedback_delay=dict(type='int',),
graceful_disable_timeout=dict(type='int',),
gslb_sp_enabled=dict(type='bool',),
health_monitor_refs=dict(type='list',),
host_check_enabled=dict(type='bool',),
inline_health_monitor=dict(type='bool',),
ipaddrgroup_ref=dict(type='str',),
lb_algorithm=dict(type='str',),
lb_algorithm_consistent_hash_hdr=dict(type='str',),
lb_algorithm_core_nonaffinity=dict(type='int',),
lb_algorithm_hash=dict(type='str',),
lookup_server_by_name=dict(type='bool',),
max_concurrent_connections_per_server=dict(type='int',),
max_conn_rate_per_server=dict(type='dict',),
min_health_monitors_up=dict(type='int',),
min_servers_up=dict(type='int',),
name=dict(type='str', required=True),
networks=dict(type='list',),
nsx_securitygroup=dict(type='list',),
pki_profile_ref=dict(type='str',),
placement_networks=dict(type='list',),
prst_hdr_name=dict(type='str',),
request_queue_depth=dict(type='int',),
request_queue_enabled=dict(type='bool',),
rewrite_host_header_to_server_name=dict(type='bool',),
rewrite_host_header_to_sni=dict(type='bool',),
server_auto_scale=dict(type='bool',),
server_count=dict(type='int',),
server_name=dict(type='str',),
server_reselect=dict(type='dict',),
server_timeout=dict(type='int',),
servers=dict(type='list',),
service_metadata=dict(type='str',),
sni_enabled=dict(type='bool',),
ssl_key_and_certificate_ref=dict(type='str',),
ssl_profile_ref=dict(type='str',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
use_service_port=dict(type='bool',),
uuid=dict(type='str',),
vrf_ref=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'pool',
set([]))
if __name__ == '__main__':
main()

167
plugins/modules/network/avi/avi_poolgroup.py Normal file
View File

@@ -0,0 +1,167 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_poolgroup
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of PoolGroup Avi RESTful Object
description:
- This module is used to configure PoolGroup object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cloud_config_cksum:
description:
- Checksum of cloud configuration for poolgroup.
- Internally set by cloud connector.
cloud_ref:
description:
- It is a reference to an object of type cloud.
created_by:
description:
- Name of the user who created the object.
deployment_policy_ref:
description:
- When setup autoscale manager will automatically promote new pools into production when deployment goals are met.
- It is a reference to an object of type poolgroupdeploymentpolicy.
description:
description:
- Description of pool group.
fail_action:
description:
- Enable an action - close connection, http redirect, or local http response - when a pool group failure happens.
- By default, a connection will be closed, in case the pool group experiences a failure.
implicit_priority_labels:
description:
- Whether an implicit set of priority labels is generated.
- Field introduced in 17.1.9,17.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
members:
description:
- List of pool group members object of type poolgroupmember.
min_servers:
description:
- The minimum number of servers to distribute traffic to.
- Allowed values are 1-65535.
- Special values are 0 - 'disable'.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
name:
description:
- The name of the pool group.
required: true
priority_labels_ref:
description:
- Uuid of the priority labels.
- If not provided, pool group member priority label will be interpreted as a number with a larger number considered higher priority.
- It is a reference to an object of type prioritylabels.
service_metadata:
description:
- Metadata pertaining to the service provided by this poolgroup.
- In openshift/kubernetes environments, app metadata info is stored.
- Any user input to this field will be overwritten by avi vantage.
- Field introduced in 17.2.14,18.1.5,18.2.1.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the pool group.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create PoolGroup object
avi_poolgroup:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_poolgroup
"""
RETURN = '''
obj:
description: PoolGroup (api/poolgroup) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cloud_config_cksum=dict(type='str',),
cloud_ref=dict(type='str',),
created_by=dict(type='str',),
deployment_policy_ref=dict(type='str',),
description=dict(type='str',),
fail_action=dict(type='dict',),
implicit_priority_labels=dict(type='bool',),
members=dict(type='list',),
min_servers=dict(type='int',),
name=dict(type='str', required=True),
priority_labels_ref=dict(type='str',),
service_metadata=dict(type='str',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'poolgroup',
set([]))
if __name__ == '__main__':
main()

154
plugins/modules/network/avi/avi_poolgroupdeploymentpolicy.py Normal file
View File

@@ -0,0 +1,154 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_poolgroupdeploymentpolicy
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of PoolGroupDeploymentPolicy Avi RESTful Object
description:
- This module is used to configure PoolGroupDeploymentPolicy object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
auto_disable_old_prod_pools:
description:
- It will automatically disable old production pools once there is a new production candidate.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
description:
description:
- User defined description for the object.
evaluation_duration:
description:
- Duration of evaluation period for automatic deployment.
- Allowed values are 60-86400.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
name:
description:
- The name of the pool group deployment policy.
required: true
rules:
description:
- List of pgdeploymentrule.
scheme:
description:
- Deployment scheme.
- Enum options - BLUE_GREEN, CANARY.
- Default value when not specified in API or module is interpreted by Avi Controller as BLUE_GREEN.
target_test_traffic_ratio:
description:
- Target traffic ratio before pool is made production.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 100.
tenant_ref:
description:
- It is a reference to an object of type tenant.
test_traffic_ratio_rampup:
description:
- Ratio of the traffic that is sent to the pool under test.
- Test ratio of 100 means blue green.
- Allowed values are 1-100.
- Default value when not specified in API or module is interpreted by Avi Controller as 100.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the pool group deployment policy.
webhook_ref:
description:
- Webhook configured with url that avi controller will pass back information about pool group, old and new pool information and current deployment
- rule results.
- It is a reference to an object of type webhook.
- Field introduced in 17.1.1.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create PoolGroupDeploymentPolicy object
avi_poolgroupdeploymentpolicy:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_poolgroupdeploymentpolicy
"""
RETURN = '''
obj:
description: PoolGroupDeploymentPolicy (api/poolgroupdeploymentpolicy) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
auto_disable_old_prod_pools=dict(type='bool',),
description=dict(type='str',),
evaluation_duration=dict(type='int',),
name=dict(type='str', required=True),
rules=dict(type='list',),
scheme=dict(type='str',),
target_test_traffic_ratio=dict(type='int',),
tenant_ref=dict(type='str',),
test_traffic_ratio_rampup=dict(type='int',),
url=dict(type='str',),
uuid=dict(type='str',),
webhook_ref=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'poolgroupdeploymentpolicy',
set([]))
if __name__ == '__main__':
main()

120
plugins/modules/network/avi/avi_prioritylabels.py Normal file
View File

@@ -0,0 +1,120 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_prioritylabels
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of PriorityLabels Avi RESTful Object
description:
- This module is used to configure PriorityLabels object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cloud_ref:
description:
- It is a reference to an object of type cloud.
description:
description:
- A description of the priority labels.
equivalent_labels:
description:
- Equivalent priority labels in descending order.
name:
description:
- The name of the priority labels.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the priority labels.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create PriorityLabels object
avi_prioritylabels:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_prioritylabels
"""
RETURN = '''
obj:
description: PriorityLabels (api/prioritylabels) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cloud_ref=dict(type='str',),
description=dict(type='str',),
equivalent_labels=dict(type='list',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'prioritylabels',
set([]))
if __name__ == '__main__':
main()

113
plugins/modules/network/avi/avi_role.py Normal file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_role
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Role Avi RESTful Object
description:
- This module is used to configure Role object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
name:
description:
- Name of the object.
required: true
privileges:
description:
- List of permission.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create Role object
avi_role:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_role
"""
RETURN = '''
obj:
description: Role (api/role) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
name=dict(type='str', required=True),
privileges=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'role',
set([]))
if __name__ == '__main__':
main()

154
plugins/modules/network/avi/avi_scheduler.py Normal file
View File

@@ -0,0 +1,154 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_scheduler
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Scheduler Avi RESTful Object
description:
- This module is used to configure Scheduler object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
backup_config_ref:
description:
- Backup configuration to be executed by this scheduler.
- It is a reference to an object of type backupconfiguration.
enabled:
description:
- Boolean flag to set enabled.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
end_date_time:
description:
- Scheduler end date and time.
frequency:
description:
- Frequency at which custom scheduler will run.
- Allowed values are 0-60.
frequency_unit:
description:
- Unit at which custom scheduler will run.
- Enum options - SCHEDULER_FREQUENCY_UNIT_MIN, SCHEDULER_FREQUENCY_UNIT_HOUR, SCHEDULER_FREQUENCY_UNIT_DAY, SCHEDULER_FREQUENCY_UNIT_WEEK,
- SCHEDULER_FREQUENCY_UNIT_MONTH.
name:
description:
- Name of scheduler.
required: true
run_mode:
description:
- Scheduler run mode.
- Enum options - RUN_MODE_PERIODIC, RUN_MODE_AT, RUN_MODE_NOW.
run_script_ref:
description:
- Control script to be executed by this scheduler.
- It is a reference to an object of type alertscriptconfig.
scheduler_action:
description:
- Define scheduler action.
- Enum options - SCHEDULER_ACTION_RUN_A_SCRIPT, SCHEDULER_ACTION_BACKUP.
- Default value when not specified in API or module is interpreted by Avi Controller as SCHEDULER_ACTION_BACKUP.
start_date_time:
description:
- Scheduler start date and time.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create Scheduler object
avi_scheduler:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_scheduler
"""
RETURN = '''
obj:
description: Scheduler (api/scheduler) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
backup_config_ref=dict(type='str',),
enabled=dict(type='bool',),
end_date_time=dict(type='str',),
frequency=dict(type='int',),
frequency_unit=dict(type='str',),
name=dict(type='str', required=True),
run_mode=dict(type='str',),
run_script_ref=dict(type='str',),
scheduler_action=dict(type='str',),
start_date_time=dict(type='str',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'scheduler',
set([]))
if __name__ == '__main__':
main()

113
plugins/modules/network/avi/avi_seproperties.py Normal file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_seproperties
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of SeProperties Avi RESTful Object
description:
- This module is used to configure SeProperties object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
se_agent_properties:
description:
- Seagentproperties settings for seproperties.
se_bootup_properties:
description:
- Sebootupproperties settings for seproperties.
se_runtime_properties:
description:
- Seruntimeproperties settings for seproperties.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
- Default value when not specified in API or module is interpreted by Avi Controller as default.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create SeProperties object
avi_seproperties:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_seproperties
"""
RETURN = '''
obj:
description: SeProperties (api/seproperties) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
se_agent_properties=dict(type='dict',),
se_bootup_properties=dict(type='dict',),
se_runtime_properties=dict(type='dict',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'seproperties',
set([]))
if __name__ == '__main__':
main()

180
plugins/modules/network/avi/avi_serverautoscalepolicy.py Normal file
View File

@@ -0,0 +1,180 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_serverautoscalepolicy
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ServerAutoScalePolicy Avi RESTful Object
description:
- This module is used to configure ServerAutoScalePolicy object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
description:
description:
- User defined description for the object.
intelligent_autoscale:
description:
- Use avi intelligent autoscale algorithm where autoscale is performed by comparing load on the pool against estimated capacity of all the servers.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
intelligent_scalein_margin:
description:
- Maximum extra capacity as percentage of load used by the intelligent scheme.
- Scalein is triggered when available capacity is more than this margin.
- Allowed values are 1-99.
- Default value when not specified in API or module is interpreted by Avi Controller as 40.
intelligent_scaleout_margin:
description:
- Minimum extra capacity as percentage of load used by the intelligent scheme.
- Scaleout is triggered when available capacity is less than this margin.
- Allowed values are 1-99.
- Default value when not specified in API or module is interpreted by Avi Controller as 20.
max_scalein_adjustment_step:
description:
- Maximum number of servers to scalein simultaneously.
- The actual number of servers to scalein is chosen such that target number of servers is always more than or equal to the min_size.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.
max_scaleout_adjustment_step:
description:
- Maximum number of servers to scaleout simultaneously.
- The actual number of servers to scaleout is chosen such that target number of servers is always less than or equal to the max_size.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.
max_size:
description:
- Maximum number of servers after scaleout.
- Allowed values are 0-400.
min_size:
description:
- No scale-in happens once number of operationally up servers reach min_servers.
- Allowed values are 0-400.
name:
description:
- Name of the object.
required: true
scalein_alertconfig_refs:
description:
- Trigger scalein when alerts due to any of these alert configurations are raised.
- It is a reference to an object of type alertconfig.
scalein_cooldown:
description:
- Cooldown period during which no new scalein is triggered to allow previous scalein to successfully complete.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
scaleout_alertconfig_refs:
description:
- Trigger scaleout when alerts due to any of these alert configurations are raised.
- It is a reference to an object of type alertconfig.
scaleout_cooldown:
description:
- Cooldown period during which no new scaleout is triggered to allow previous scaleout to successfully complete.
- Default value when not specified in API or module is interpreted by Avi Controller as 300.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
use_predicted_load:
description:
- Use predicted load rather than current load.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create ServerAutoScalePolicy object
avi_serverautoscalepolicy:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_serverautoscalepolicy
"""
RETURN = '''
obj:
description: ServerAutoScalePolicy (api/serverautoscalepolicy) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
description=dict(type='str',),
intelligent_autoscale=dict(type='bool',),
intelligent_scalein_margin=dict(type='int',),
intelligent_scaleout_margin=dict(type='int',),
max_scalein_adjustment_step=dict(type='int',),
max_scaleout_adjustment_step=dict(type='int',),
max_size=dict(type='int',),
min_size=dict(type='int',),
name=dict(type='str', required=True),
scalein_alertconfig_refs=dict(type='list',),
scalein_cooldown=dict(type='int',),
scaleout_alertconfig_refs=dict(type='list',),
scaleout_cooldown=dict(type='int',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
use_predicted_load=dict(type='bool',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'serverautoscalepolicy',
set([]))
if __name__ == '__main__':
main()

171
plugins/modules/network/avi/avi_serviceengine.py Normal file
View File

@@ -0,0 +1,171 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_serviceengine
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of ServiceEngine Avi RESTful Object
description:
- This module is used to configure ServiceEngine object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
availability_zone:
description:
- Availability_zone of serviceengine.
cloud_ref:
description:
- It is a reference to an object of type cloud.
container_mode:
description:
- Boolean flag to set container_mode.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
container_type:
description:
- Enum options - container_type_bridge, container_type_host, container_type_host_dpdk.
- Default value when not specified in API or module is interpreted by Avi Controller as CONTAINER_TYPE_HOST.
controller_created:
description:
- Boolean flag to set controller_created.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
controller_ip:
description:
- Controller_ip of serviceengine.
data_vnics:
description:
- List of vnic.
enable_state:
description:
- Inorder to disable se set this field appropriately.
- Enum options - SE_STATE_ENABLED, SE_STATE_DISABLED_FOR_PLACEMENT, SE_STATE_DISABLED, SE_STATE_DISABLED_FORCE.
- Default value when not specified in API or module is interpreted by Avi Controller as SE_STATE_ENABLED.
flavor:
description:
- Flavor of serviceengine.
host_ref:
description:
- It is a reference to an object of type vimgrhostruntime.
hypervisor:
description:
- Enum options - default, vmware_esx, kvm, vmware_vsan, xen.
mgmt_vnic:
description:
- Vnic settings for serviceengine.
name:
description:
- Name of the object.
- Default value when not specified in API or module is interpreted by Avi Controller as VM name unknown.
resources:
description:
- Seresources settings for serviceengine.
se_group_ref:
description:
- It is a reference to an object of type serviceenginegroup.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create ServiceEngine object
avi_serviceengine:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_serviceengine
"""
RETURN = '''
obj:
description: ServiceEngine (api/serviceengine) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
availability_zone=dict(type='str',),
cloud_ref=dict(type='str',),
container_mode=dict(type='bool',),
container_type=dict(type='str',),
controller_created=dict(type='bool',),
controller_ip=dict(type='str',),
data_vnics=dict(type='list',),
enable_state=dict(type='str',),
flavor=dict(type='str',),
host_ref=dict(type='str',),
hypervisor=dict(type='str',),
mgmt_vnic=dict(type='dict',),
name=dict(type='str',),
resources=dict(type='dict',),
se_group_ref=dict(type='str',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'serviceengine',
set([]))
if __name__ == '__main__':
main()

1076
plugins/modules/network/avi/avi_serviceenginegroup.py Normal file
View File

File diff suppressed because it is too large Load Diff

112
plugins/modules/network/avi/avi_snmptrapprofile.py Normal file
View File

@@ -0,0 +1,112 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_snmptrapprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of SnmpTrapProfile Avi RESTful Object
description:
- This module is used to configure SnmpTrapProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
name:
description:
- A user-friendly name of the snmp trap configuration.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
trap_servers:
description:
- The ip address or hostname of the snmp trap destination server.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the snmp trap profile object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create SnmpTrapProfile object
avi_snmptrapprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_snmptrapprofile
"""
RETURN = '''
obj:
description: SnmpTrapProfile (api/snmptrapprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
trap_servers=dict(type='list',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'snmptrapprofile',
set([]))
if __name__ == '__main__':
main()

197
plugins/modules/network/avi/avi_sslkeyandcertificate.py Normal file
View File

@@ -0,0 +1,197 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_sslkeyandcertificate
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of SSLKeyAndCertificate Avi RESTful Object
description:
- This module is used to configure SSLKeyAndCertificate object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
ca_certs:
description:
- Ca certificates in certificate chain.
certificate:
description:
- Sslcertificate settings for sslkeyandcertificate.
required: true
certificate_base64:
description:
- States if the certificate is base64 encoded.
- Field introduced in 18.1.2, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
certificate_management_profile_ref:
description:
- It is a reference to an object of type certificatemanagementprofile.
created_by:
description:
- Creator name.
dynamic_params:
description:
- Dynamic parameters needed for certificate management profile.
enckey_base64:
description:
- Encrypted private key corresponding to the private key (e.g.
- Those generated by an hsm such as thales nshield).
enckey_name:
description:
- Name of the encrypted private key (e.g.
- Those generated by an hsm such as thales nshield).
format:
description:
- Format of the key/certificate file.
- Enum options - SSL_PEM, SSL_PKCS12.
- Field introduced in 18.1.2, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as SSL_PEM.
hardwaresecuritymodulegroup_ref:
description:
- It is a reference to an object of type hardwaresecuritymodulegroup.
key:
description:
- Private key.
key_base64:
description:
- States if the private key is base64 encoded.
- Field introduced in 18.1.2, 18.2.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
key_params:
description:
- Sslkeyparams settings for sslkeyandcertificate.
key_passphrase:
description:
- Passphrase used to encrypt the private key.
- Field introduced in 18.1.2, 18.2.1.
name:
description:
- Name of the object.
required: true
status:
description:
- Enum options - ssl_certificate_finished, ssl_certificate_pending.
- Default value when not specified in API or module is interpreted by Avi Controller as SSL_CERTIFICATE_FINISHED.
tenant_ref:
description:
- It is a reference to an object of type tenant.
type:
description:
- Enum options - ssl_certificate_type_virtualservice, ssl_certificate_type_system, ssl_certificate_type_ca.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a SSL Key and Certificate
avi_sslkeyandcertificate:
controller: 10.10.27.90
username: admin
password: AviNetworks123!
key: |
-----BEGIN PRIVATE KEY-----
....
-----END PRIVATE KEY-----
certificate:
self_signed: true
certificate: |
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
type: SSL_CERTIFICATE_TYPE_VIRTUALSERVICE
name: MyTestCert
"""
RETURN = '''
obj:
description: SSLKeyAndCertificate (api/sslkeyandcertificate) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
ca_certs=dict(type='list',),
certificate=dict(type='dict', required=True),
certificate_base64=dict(type='bool',),
certificate_management_profile_ref=dict(type='str',),
created_by=dict(type='str',),
dynamic_params=dict(type='list',),
enckey_base64=dict(type='str',),
enckey_name=dict(type='str',),
format=dict(type='str',),
hardwaresecuritymodulegroup_ref=dict(type='str',),
key=dict(type='str', no_log=True,),
key_base64=dict(type='bool',),
key_params=dict(type='dict',),
key_passphrase=dict(type='str', no_log=True,),
name=dict(type='str', required=True),
status=dict(type='str',),
tenant_ref=dict(type='str',),
type=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'sslkeyandcertificate',
set(['key_passphrase', 'key']))
if __name__ == '__main__':
main()

209
plugins/modules/network/avi/avi_sslprofile.py Normal file
View File

@@ -0,0 +1,209 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_sslprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of SSLProfile Avi RESTful Object
description:
- This module is used to configure SSLProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
accepted_ciphers:
description:
- Ciphers suites represented as defined by U(http://www.openssl.org/docs/apps/ciphers.html).
- Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4.
accepted_versions:
description:
- Set of versions accepted by the server.
cipher_enums:
description:
- Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256,
- tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384,
- tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384,
- tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha,
- tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha,
- tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
description:
description:
- User defined description for the object.
dhparam:
description:
- Dh parameters used in ssl.
- At this time, it is not configurable and is set to 2048 bits.
enable_ssl_session_reuse:
description:
- Enable ssl session re-use.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
name:
description:
- Name of the object.
required: true
prefer_client_cipher_ordering:
description:
- Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
send_close_notify:
description:
- Send 'close notify' alert message for a clean shutdown of the ssl connection.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
ssl_rating:
description:
- Sslrating settings for sslprofile.
ssl_session_timeout:
description:
- The amount of time in seconds before an ssl session expires.
- Default value when not specified in API or module is interpreted by Avi Controller as 86400.
tags:
description:
- List of tag.
tenant_ref:
description:
- It is a reference to an object of type tenant.
type:
description:
- Ssl profile type.
- Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM.
- Field introduced in 17.2.8.
- Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create SSL profile with list of allowed ciphers
avi_sslprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
accepted_ciphers: >
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
accepted_versions:
- type: SSL_VERSION_TLS1
- type: SSL_VERSION_TLS1_1
- type: SSL_VERSION_TLS1_2
cipher_enums:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
name: PFS-BOTH-RSA-EC
send_close_notify: true
ssl_rating:
compatibility_rating: SSL_SCORE_EXCELLENT
performance_rating: SSL_SCORE_EXCELLENT
security_score: '100.0'
tenant_ref: Demo
"""
RETURN = '''
obj:
description: SSLProfile (api/sslprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
accepted_ciphers=dict(type='str',),
accepted_versions=dict(type='list',),
cipher_enums=dict(type='list',),
description=dict(type='str',),
dhparam=dict(type='str',),
enable_ssl_session_reuse=dict(type='bool',),
name=dict(type='str', required=True),
prefer_client_cipher_ordering=dict(type='bool',),
send_close_notify=dict(type='bool',),
ssl_rating=dict(type='dict',),
ssl_session_timeout=dict(type='int',),
tags=dict(type='list',),
tenant_ref=dict(type='str',),
type=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'sslprofile',
set([]))
if __name__ == '__main__':
main()

135
plugins/modules/network/avi/avi_stringgroup.py Normal file
View File

@@ -0,0 +1,135 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_stringgroup
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of StringGroup Avi RESTful Object
description:
- This module is used to configure StringGroup object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
description:
description:
- User defined description for the object.
kv:
description:
- Configure key value in the string group.
name:
description:
- Name of the string group.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
type:
description:
- Type of stringgroup.
- Enum options - SG_TYPE_STRING, SG_TYPE_KEYVAL.
- Default value when not specified in API or module is interpreted by Avi Controller as SG_TYPE_STRING.
required: true
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the string group.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create a string group configuration
avi_stringgroup:
controller: '{{ controller }}'
password: '{{ password }}'
username: '{{ username }}'
kv:
- key: text/html
- key: text/xml
- key: text/plain
- key: text/css
- key: text/javascript
- key: application/javascript
- key: application/x-javascript
- key: application/xml
- key: application/pdf
name: System-Compressible-Content-Types
tenant_ref: admin
type: SG_TYPE_STRING
"""
RETURN = '''
obj:
description: StringGroup (api/stringgroup) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
description=dict(type='str',),
kv=dict(type='list',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
type=dict(type='str', required=True),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'stringgroup',
set([]))
if __name__ == '__main__':
main()

182
plugins/modules/network/avi/avi_systemconfiguration.py Normal file
View File

@@ -0,0 +1,182 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_systemconfiguration
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of SystemConfiguration Avi RESTful Object
description:
- This module is used to configure SystemConfiguration object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
admin_auth_configuration:
description:
- Adminauthconfiguration settings for systemconfiguration.
default_license_tier:
description:
- Specifies the default license tier which would be used by new clouds.
- Enum options - ENTERPRISE_16, ENTERPRISE_18.
- Field introduced in 17.2.5.
- Default value when not specified in API or module is interpreted by Avi Controller as ENTERPRISE_18.
dns_configuration:
description:
- Dnsconfiguration settings for systemconfiguration.
dns_virtualservice_refs:
description:
- Dns virtualservices hosting fqdn records for applications across avi vantage.
- If no virtualservices are provided, avi vantage will provide dns services for configured applications.
- Switching back to avi vantage from dns virtualservices is not allowed.
- It is a reference to an object of type virtualservice.
docker_mode:
description:
- Boolean flag to set docker_mode.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
email_configuration:
description:
- Emailconfiguration settings for systemconfiguration.
global_tenant_config:
description:
- Tenantconfiguration settings for systemconfiguration.
linux_configuration:
description:
- Linuxconfiguration settings for systemconfiguration.
mgmt_ip_access_control:
description:
- Configure ip access control for controller to restrict open access.
ntp_configuration:
description:
- Ntpconfiguration settings for systemconfiguration.
portal_configuration:
description:
- Portalconfiguration settings for systemconfiguration.
proxy_configuration:
description:
- Proxyconfiguration settings for systemconfiguration.
secure_channel_configuration:
description:
- Configure secure channel properties.
- Field introduced in 18.1.4, 18.2.1.
snmp_configuration:
description:
- Snmpconfiguration settings for systemconfiguration.
ssh_ciphers:
description:
- Allowed ciphers list for ssh to the management interface on the controller and service engines.
- If this is not specified, all the default ciphers are allowed.
ssh_hmacs:
description:
- Allowed hmac list for ssh to the management interface on the controller and service engines.
- If this is not specified, all the default hmacs are allowed.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
welcome_workflow_complete:
description:
- This flag is set once the initial controller setup workflow is complete.
- Field introduced in 18.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create SystemConfiguration object
avi_systemconfiguration:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_systemconfiguration
"""
RETURN = '''
obj:
description: SystemConfiguration (api/systemconfiguration) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
admin_auth_configuration=dict(type='dict',),
default_license_tier=dict(type='str',),
dns_configuration=dict(type='dict',),
dns_virtualservice_refs=dict(type='list',),
docker_mode=dict(type='bool',),
email_configuration=dict(type='dict',),
global_tenant_config=dict(type='dict',),
linux_configuration=dict(type='dict',),
mgmt_ip_access_control=dict(type='dict',),
ntp_configuration=dict(type='dict',),
portal_configuration=dict(type='dict',),
proxy_configuration=dict(type='dict',),
secure_channel_configuration=dict(type='dict',),
snmp_configuration=dict(type='dict',),
ssh_ciphers=dict(type='list',),
ssh_hmacs=dict(type='list',),
url=dict(type='str',),
uuid=dict(type='str',),
welcome_workflow_complete=dict(type='bool',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'systemconfiguration',
set([]))
if __name__ == '__main__':
main()

128
plugins/modules/network/avi/avi_tenant.py Normal file
View File

@@ -0,0 +1,128 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_tenant
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Tenant Avi RESTful Object
description:
- This module is used to configure Tenant object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
config_settings:
description:
- Tenantconfiguration settings for tenant.
created_by:
description:
- Creator of this tenant.
description:
description:
- User defined description for the object.
local:
description:
- Boolean flag to set local.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
name:
description:
- Name of the object.
required: true
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create Tenant using Service Engines in provider mode
avi_tenant:
controller: '{{ controller }}'
password: '{{ password }}'
username: '{{ username }}'
config_settings:
se_in_provider_context: false
tenant_access_to_provider_se: true
tenant_vrf: false
description: VCenter, Open Stack, AWS Virtual services
local: true
name: Demo
"""
RETURN = '''
obj:
description: Tenant (api/tenant) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
config_settings=dict(type='dict',),
created_by=dict(type='str',),
description=dict(type='str',),
local=dict(type='bool',),
name=dict(type='str', required=True),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'tenant',
set([]))
if __name__ == '__main__':
main()

127
plugins/modules/network/avi/avi_trafficcloneprofile.py Normal file
View File

@@ -0,0 +1,127 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_trafficcloneprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of TrafficCloneProfile Avi RESTful Object
description:
- This module is used to configure TrafficCloneProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
clone_servers:
description:
- Field introduced in 17.1.1.
cloud_ref:
description:
- It is a reference to an object of type cloud.
- Field introduced in 17.1.1.
name:
description:
- Name for the traffic clone profile.
- Field introduced in 17.1.1.
required: true
preserve_client_ip:
description:
- Specifies if client ip needs to be preserved to clone destination.
- Field introduced in 17.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.1.1.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the traffic clone profile.
- Field introduced in 17.1.1.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create TrafficCloneProfile object
avi_trafficcloneprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_trafficcloneprofile
"""
RETURN = '''
obj:
description: TrafficCloneProfile (api/trafficcloneprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
clone_servers=dict(type='list',),
cloud_ref=dict(type='str',),
name=dict(type='str', required=True),
preserve_client_ip=dict(type='bool',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'trafficcloneprofile',
set([]))
if __name__ == '__main__':
main()

193
plugins/modules/network/avi/avi_user.py Normal file
View File

@@ -0,0 +1,193 @@
#!/usr/bin/python
"""
# Created on Aug 2, 2018
#
# @author: Shrikant Chaudhari (shrikant.chaudhari@avinetworks.com) GitHub ID: gitshrikant
#
# module_check: supported
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
"""
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_user
author: Shrikant Chaudhari (@gitshrikant) <shrikant.chaudhari@avinetworks.com>
short_description: Avi User Module
description:
- This module can be used for creation, updation and deletion of a user.
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
type: str
name:
description:
- Full name of the user.
required: true
type: str
obj_username:
description:
- Name that the user will supply when signing into Avi Vantage, such as jdoe or jdoe@avinetworks.com.
required: true
type: str
obj_password:
description:
- You may either enter a case-sensitive password in this field for the new or existing user.
required: true
type: str
email:
description:
- Email address of the user. This field is used when a user loses their password and requests to have it reset. See Password Recovery.
type: str
access:
description:
- Access settings (write, read, or no access) for each type of resource within Vantage.
type: list
is_superuser:
description:
- If the user will need to have the same privileges as the admin account, set it to true.
type: bool
is_active:
description:
- Activates the current user account.
type: bool
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["post", "put", "patch"]
type: str
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
type: str
user_profile_ref:
description:
- Refer user profile.
- This can also be full URI same as it comes in response payload
type: str
default_tenant_ref:
description:
- Default tenant reference.
- This can also be full URI same as it comes in response payload
default: /api/tenant?name=admin
type: str
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = '''
- name: user creation
avi_user:
controller: ""
username: ""
password: ""
api_version: ""
name: "testuser"
obj_username: "testuser"
obj_password: "test123"
email: "test@abc.test"
access:
- role_ref: "/api/role?name=Tenant-Admin"
tenant_ref: "/api/tenant/admin#admin"
user_profile_ref: "/api/useraccountprofile?name=Default-User-Account-Profile"
is_active: true
is_superuser: true
default_tenant_ref: "/api/tenant?name=admin"
- name: user creation
avi_user:
controller: ""
username: ""
password: ""
api_version: ""
name: "testuser"
obj_username: "testuser2"
obj_password: "password"
email: "testuser2@abc.test"
access:
- role_ref: "https://192.0.2.10/api/role?name=Tenant-Admin"
tenant_ref: "https://192.0.2.10/api/tenant/admin#admin"
user_profile_ref: "https://192.0.2.10/api/useraccountprofile?name=Default-User-Account-Profile"
is_active: true
is_superuser: true
default_tenant_ref: "https://192.0.2.10/api/tenant?name=admin"
'''
RETURN = '''
obj:
description: Avi REST resource
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, ansible_return, HAS_AVI)
from ansible_collections.community.general.plugins.module_utils.network.avi.ansible_utils import (
avi_ansible_api)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
name=dict(type='str', required=True),
obj_username=dict(type='str', required=True),
obj_password=dict(type='str', required=True, no_log=True),
access=dict(type='list',),
email=dict(type='str',),
is_superuser=dict(type='bool',),
is_active=dict(type='bool',),
avi_api_update_method=dict(default='put',
choices=['post', 'put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
user_profile_ref=dict(type='str',),
default_tenant_ref=dict(type='str', default='/api/tenant?name=admin'),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'user',
set([]))
if __name__ == '__main__':
main()

152
plugins/modules/network/avi/avi_useraccount.py Normal file
View File

@@ -0,0 +1,152 @@
#!/usr/bin/python
"""
# Created on Aug 12, 2016
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com) GitHub ID: grastogi23
#
# module_check: not supported
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
"""
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_useraccount
author: Chaitanya Deshpande (@chaitanyaavi) <chaitanya.deshpande@avinetworks.com>
short_description: Avi UserAccount Module
description:
- This module can be used for updating the password of a user.
- This module is useful for setting up admin password for Controller bootstrap.
requirements: [ avisdk ]
options:
old_password:
description:
- Old password for update password or default password for bootstrap.
force_change:
description:
- If specifically set to true then old password is tried first for controller and then the new password is
tried. If not specified this flag then the new password is tried first.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = '''
- name: Update user password
avi_useraccount:
controller: ""
username: ""
password: new_password
old_password: ""
api_version: ""
force_change: false
- name: Update user password using avi_credentials
avi_useraccount:
avi_credentials: ""
old_password: ""
force_change: false
'''
RETURN = '''
obj:
description: Avi REST resource
returned: success, changed
type: dict
'''
import json
import time
from ansible.module_utils.basic import AnsibleModule
from copy import deepcopy
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, ansible_return, avi_obj_cmp,
cleanup_absent_fields, HAS_AVI)
from ansible_collections.community.general.plugins.module_utils.network.avi.avi_api import (
ApiSession, AviCredentials)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
old_password=dict(type='str', required=True, no_log=True),
# Flag to specify priority of old/new password while establishing session with controller.
# To handle both Saas and conventional (Entire state in playbook) scenario.
force_change=dict(type='bool', default=False)
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(argument_spec=argument_specs)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
api_creds = AviCredentials()
api_creds.update_from_ansible_module(module)
old_password = module.params.get('old_password')
force_change = module.params.get('force_change', False)
data = {
'old_password': old_password,
'password': api_creds.password
}
# First try old password if 'force_change' is set to true
if force_change:
first_pwd = old_password
second_pwd = api_creds.password
# First try new password if 'force_change' is set to false or not specified in playbook.
else:
first_pwd = api_creds.password
second_pwd = old_password
password_changed = False
try:
api = ApiSession.get_session(
api_creds.controller, api_creds.username,
password=first_pwd, timeout=api_creds.timeout,
tenant=api_creds.tenant, tenant_uuid=api_creds.tenant_uuid,
token=api_creds.token, port=api_creds.port)
if force_change:
rsp = api.put('useraccount', data=data)
if rsp:
password_changed = True
except Exception:
pass
if not password_changed:
api = ApiSession.get_session(
api_creds.controller, api_creds.username, password=second_pwd,
timeout=api_creds.timeout, tenant=api_creds.tenant,
tenant_uuid=api_creds.tenant_uuid, token=api_creds.token,
port=api_creds.port)
if not force_change:
rsp = api.put('useraccount', data=data)
if rsp:
password_changed = True
if password_changed:
return ansible_return(module, rsp, True, req=data)
else:
return ansible_return(module, rsp, False, req=data)
if __name__ == '__main__':
main()

135
plugins/modules/network/avi/avi_useraccountprofile.py Normal file
View File

@@ -0,0 +1,135 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_useraccountprofile
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of UserAccountProfile Avi RESTful Object
description:
- This module is used to configure UserAccountProfile object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
account_lock_timeout:
description:
- Lock timeout period (in minutes).
- Default is 30 minutes.
- Default value when not specified in API or module is interpreted by Avi Controller as 30.
credentials_timeout_threshold:
description:
- The time period after which credentials expire.
- Default is 180 days.
- Default value when not specified in API or module is interpreted by Avi Controller as 180.
max_concurrent_sessions:
description:
- Maximum number of concurrent sessions allowed.
- There are unlimited sessions by default.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
max_login_failure_count:
description:
- Number of login attempts before lockout.
- Default is 3 attempts.
- Default value when not specified in API or module is interpreted by Avi Controller as 3.
max_password_history_count:
description:
- Maximum number of passwords to be maintained in the password history.
- Default is 4 passwords.
- Default value when not specified in API or module is interpreted by Avi Controller as 4.
name:
description:
- Name of the object.
required: true
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create UserAccountProfile object
avi_useraccountprofile:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_useraccountprofile
"""
RETURN = '''
obj:
description: UserAccountProfile (api/useraccountprofile) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
account_lock_timeout=dict(type='int',),
credentials_timeout_threshold=dict(type='int',),
max_concurrent_sessions=dict(type='int',),
max_login_failure_count=dict(type='int',),
max_password_history_count=dict(type='int',),
name=dict(type='str', required=True),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'useraccountprofile',
set([]))
if __name__ == '__main__':
main()

653
plugins/modules/network/avi/avi_virtualservice.py Normal file
View File

@@ -0,0 +1,653 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_virtualservice
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of VirtualService Avi RESTful Object
description:
- This module is used to configure VirtualService object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
active_standby_se_tag:
description:
- This configuration only applies if the virtualservice is in legacy active standby ha mode and load distribution among active standby is enabled.
- This field is used to tag the virtualservice so that virtualservices with the same tag will share the same active serviceengine.
- Virtualservices with different tags will have different active serviceengines.
- If one of the serviceengine's in the serviceenginegroup fails, all virtualservices will end up using the same active serviceengine.
- Redistribution of the virtualservices can be either manual or automated when the failed serviceengine recovers.
- Redistribution is based on the auto redistribute property of the serviceenginegroup.
- Enum options - ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2.
- Default value when not specified in API or module is interpreted by Avi Controller as ACTIVE_STANDBY_SE_1.
allow_invalid_client_cert:
description:
- Process request even if invalid client certificate is presented.
- Datascript apis need to be used for processing of such requests.
- Field introduced in 18.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
analytics_policy:
description:
- Determines analytics settings for the application.
analytics_profile_ref:
description:
- Specifies settings related to analytics.
- It is a reference to an object of type analyticsprofile.
apic_contract_graph:
description:
- The name of the contract/graph associated with the virtual service.
- Should be in the <contract name> <graph name> format.
- This is applicable only for service integration mode with cisco apic controller.
- Field introduced in 17.2.12,18.1.2.
application_profile_ref:
description:
- Enable application layer specific features for the virtual service.
- It is a reference to an object of type applicationprofile.
auto_allocate_floating_ip:
description:
- Auto-allocate floating/elastic ip from the cloud infrastructure.
- Field deprecated in 17.1.1.
type: bool
auto_allocate_ip:
description:
- Auto-allocate vip from the provided subnet.
- Field deprecated in 17.1.1.
type: bool
availability_zone:
description:
- Availability-zone to place the virtual service.
- Field deprecated in 17.1.1.
avi_allocated_fip:
description:
- (internal-use) fip allocated by avi in the cloud infrastructure.
- Field deprecated in 17.1.1.
type: bool
avi_allocated_vip:
description:
- (internal-use) vip allocated by avi in the cloud infrastructure.
- Field deprecated in 17.1.1.
type: bool
azure_availability_set:
description:
- (internal-use)applicable for azure only.
- Azure availability set to which this vs is associated.
- Internally set by the cloud connector.
- Field introduced in 17.2.12, 18.1.2.
bulk_sync_kvcache:
description:
- (this is a beta feature).
- Sync key-value cache to the new ses when vs is scaled out.
- For ex ssl sessions are stored using vs's key-value cache.
- When the vs is scaled out, the ssl session information is synced to the new se, allowing existing ssl sessions to be reused on the new se.
- Field introduced in 17.2.7, 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
client_auth:
description:
- Http authentication configuration for protected resources.
close_client_conn_on_config_update:
description:
- Close client connection on vs config update.
- Field introduced in 17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
cloud_config_cksum:
description:
- Checksum of cloud configuration for vs.
- Internally set by cloud connector.
cloud_ref:
description:
- It is a reference to an object of type cloud.
cloud_type:
description:
- Enum options - cloud_none, cloud_vcenter, cloud_openstack, cloud_aws, cloud_vca, cloud_apic, cloud_mesos, cloud_linuxserver, cloud_docker_ucp,
- cloud_rancher, cloud_oshift_k8s, cloud_azure, cloud_gcp.
- Default value when not specified in API or module is interpreted by Avi Controller as CLOUD_NONE.
connections_rate_limit:
description:
- Rate limit the incoming connections to this virtual service.
content_rewrite:
description:
- Profile used to match and rewrite strings in request and/or response body.
created_by:
description:
- Creator name.
delay_fairness:
description:
- Select the algorithm for qos fairness.
- This determines how multiple virtual services sharing the same service engines will prioritize traffic over a congested network.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
description:
description:
- User defined description for the object.
discovered_network_ref:
description:
- (internal-use) discovered networks providing reachability for client facing virtual service ip.
- This field is deprecated.
- It is a reference to an object of type network.
- Field deprecated in 17.1.1.
discovered_networks:
description:
- (internal-use) discovered networks providing reachability for client facing virtual service ip.
- This field is used internally by avi, not editable by the user.
- Field deprecated in 17.1.1.
discovered_subnet:
description:
- (internal-use) discovered subnets providing reachability for client facing virtual service ip.
- This field is deprecated.
- Field deprecated in 17.1.1.
dns_info:
description:
- Service discovery specific data including fully qualified domain name, type and time-to-live of the dns record.
- Note that only one of fqdn and dns_info setting is allowed.
dns_policies:
description:
- Dns policies applied on the dns traffic of the virtual service.
- Field introduced in 17.1.1.
east_west_placement:
description:
- Force placement on all se's in service group (mesos mode only).
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
enable_autogw:
description:
- Response traffic to clients will be sent back to the source mac address of the connection, rather than statically sent to a default gateway.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
enable_rhi:
description:
- Enable route health injection using the bgp config in the vrf context.
type: bool
enable_rhi_snat:
description:
- Enable route health injection for source nat'ted floating ip address using the bgp config in the vrf context.
type: bool
enabled:
description:
- Enable or disable the virtual service.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
error_page_profile_ref:
description:
- Error page profile to be used for this virtualservice.this profile is used to send the custom error page to the client generated by the proxy.
- It is a reference to an object of type errorpageprofile.
- Field introduced in 17.2.4.
floating_ip:
description:
- Floating ip to associate with this virtual service.
- Field deprecated in 17.1.1.
floating_subnet_uuid:
description:
- If auto_allocate_floating_ip is true and more than one floating-ip subnets exist, then the subnet for the floating ip address allocation.
- This field is applicable only if the virtualservice belongs to an openstack or aws cloud.
- In openstack or aws cloud it is required when auto_allocate_floating_ip is selected.
- Field deprecated in 17.1.1.
flow_dist:
description:
- Criteria for flow distribution among ses.
- Enum options - LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT.
- Default value when not specified in API or module is interpreted by Avi Controller as LOAD_AWARE.
flow_label_type:
description:
- Criteria for flow labelling.
- Enum options - NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL.
- Default value when not specified in API or module is interpreted by Avi Controller as NO_LABEL.
fqdn:
description:
- Dns resolvable, fully qualified domain name of the virtualservice.
- Only one of 'fqdn' and 'dns_info' configuration is allowed.
host_name_xlate:
description:
- Translate the host name sent to the servers to this value.
- Translate the host name sent from servers back to the value used by the client.
http_policies:
description:
- Http policies applied on the data traffic of the virtual service.
ign_pool_net_reach:
description:
- Ignore pool servers network reachability constraints for virtual service placement.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
ip_address:
description:
- Ip address of the virtual service.
- Field deprecated in 17.1.1.
ipam_network_subnet:
description:
- Subnet and/or network for allocating virtualservice ip by ipam provider module.
- Field deprecated in 17.1.1.
l4_policies:
description:
- L4 policies applied to the data traffic of the virtual service.
- Field introduced in 17.2.7.
limit_doser:
description:
- Limit potential dos attackers who exceed max_cps_per_client significantly to a fraction of max_cps_per_client for a while.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
max_cps_per_client:
description:
- Maximum connections per second per client ip.
- Allowed values are 10-1000.
- Special values are 0- 'unlimited'.
- Default value when not specified in API or module is interpreted by Avi Controller as 0.
microservice_ref:
description:
- Microservice representing the virtual service.
- It is a reference to an object of type microservice.
min_pools_up:
description:
- Minimum number of up pools to mark vs up.
- Field introduced in 18.2.1, 17.2.12.
name:
description:
- Name for the virtual service.
required: true
network_profile_ref:
description:
- Determines network settings such as protocol, tcp or udp, and related options for the protocol.
- It is a reference to an object of type networkprofile.
network_ref:
description:
- Manually override the network on which the virtual service is placed.
- It is a reference to an object of type network.
- Field deprecated in 17.1.1.
network_security_policy_ref:
description:
- Network security policies for the virtual service.
- It is a reference to an object of type networksecuritypolicy.
nsx_securitygroup:
description:
- A list of nsx service groups representing the clients which can access the virtual ip of the virtual service.
- Field introduced in 17.1.1.
performance_limits:
description:
- Optional settings that determine performance limits like max connections or bandwidth etc.
pool_group_ref:
description:
- The pool group is an object that contains pools.
- It is a reference to an object of type poolgroup.
pool_ref:
description:
- The pool is an object that contains destination servers and related attributes such as load-balancing and persistence.
- It is a reference to an object of type pool.
port_uuid:
description:
- (internal-use) network port assigned to the virtual service ip address.
- Field deprecated in 17.1.1.
remove_listening_port_on_vs_down:
description:
- Remove listening port if virtualservice is down.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
requests_rate_limit:
description:
- Rate limit the incoming requests to this virtual service.
saml_sp_config:
description:
- Application-specific saml config.
- Field introduced in 18.2.3.
scaleout_ecmp:
description:
- Disable re-distribution of flows across service engines for a virtual service.
- Enable if the network itself performs flow hashing with ecmp in environments such as gcp.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
se_group_ref:
description:
- The service engine group to use for this virtual service.
- Moving to a new se group is disruptive to existing connections for this vs.
- It is a reference to an object of type serviceenginegroup.
security_policy_ref:
description:
- Security policy applied on the traffic of the virtual service.
- This policy is used to perform security actions such as distributed denial of service (ddos) attack mitigation, etc.
- It is a reference to an object of type securitypolicy.
- Field introduced in 18.2.1.
server_network_profile_ref:
description:
- Determines the network settings profile for the server side of tcp proxied connections.
- Leave blank to use the same settings as the client to vs side of the connection.
- It is a reference to an object of type networkprofile.
service_metadata:
description:
- Metadata pertaining to the service provided by this virtual service.
- In openshift/kubernetes environments, egress pod info is stored.
- Any user input to this field will be overwritten by avi vantage.
service_pool_select:
description:
- Select pool based on destination port.
services:
description:
- List of services defined for this virtual service.
sideband_profile:
description:
- Sideband configuration to be used for this virtualservice.it can be used for sending traffic to sideband vips for external inspection etc.
snat_ip:
description:
- Nat'ted floating source ip address(es) for upstream connection to servers.
sp_pool_refs:
description:
- Gslb pools used to manage site-persistence functionality.
- Each site-persistence pool contains the virtualservices in all the other sites, that is auto-generated by the gslb manager.
- This is a read-only field for the user.
- It is a reference to an object of type pool.
- Field introduced in 17.2.2.
ssl_key_and_certificate_refs:
description:
- Select or create one or two certificates, ec and/or rsa, that will be presented to ssl/tls terminated connections.
- It is a reference to an object of type sslkeyandcertificate.
ssl_profile_ref:
description:
- Determines the set of ssl versions and ciphers to accept for ssl/tls terminated connections.
- It is a reference to an object of type sslprofile.
ssl_profile_selectors:
description:
- Select ssl profile based on client ip address match.
- Field introduced in 18.2.3.
ssl_sess_cache_avg_size:
description:
- Expected number of ssl session cache entries (may be exceeded).
- Allowed values are 1024-16383.
- Default value when not specified in API or module is interpreted by Avi Controller as 1024.
sso_policy:
description:
- Client authentication and authorization policy for the virtualservice.
- Field deprecated in 18.2.3.
- Field introduced in 18.2.1.
sso_policy_ref:
description:
- The sso policy attached to the virtualservice.
- It is a reference to an object of type ssopolicy.
- Field introduced in 18.2.3.
static_dns_records:
description:
- List of static dns records applied to this virtual service.
- These are static entries and no health monitoring is performed against the ip addresses.
subnet:
description:
- Subnet providing reachability for client facing virtual service ip.
- Field deprecated in 17.1.1.
subnet_uuid:
description:
- It represents subnet for the virtual service ip address allocation when auto_allocate_ip is true.it is only applicable in openstack or aws cloud.
- This field is required if auto_allocate_ip is true.
- Field deprecated in 17.1.1.
tenant_ref:
description:
- It is a reference to an object of type tenant.
topology_policies:
description:
- Topology policies applied on the dns traffic of the virtual service based ongslb topology algorithm.
- Field introduced in 18.2.3.
traffic_clone_profile_ref:
description:
- Server network or list of servers for cloning traffic.
- It is a reference to an object of type trafficcloneprofile.
- Field introduced in 17.1.1.
traffic_enabled:
description:
- Knob to enable the virtual service traffic on its assigned service engines.
- This setting is effective only when the enabled flag is set to true.
- Field introduced in 17.2.8.
- Default value when not specified in API or module is interpreted by Avi Controller as True.
type: bool
type:
description:
- Specify if this is a normal virtual service, or if it is the parent or child of an sni-enabled virtual hosted virtual service.
- Enum options - VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD.
- Default value when not specified in API or module is interpreted by Avi Controller as VS_TYPE_NORMAL.
url:
description:
- Avi controller URL of the object.
use_bridge_ip_as_vip:
description:
- Use bridge ip as vip on each host in mesos deployments.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
use_vip_as_snat:
description:
- Use the virtual ip as the snat ip for health monitoring and sending traffic to the backend servers instead of the service engine interface ip.
- The caveat of enabling this option is that the virtualservice cannot be configued in an active-active ha mode.
- Dns based multi vip solution has to be used for ha & non-disruptive upgrade purposes.
- Field introduced in 17.1.9,17.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
uuid:
description:
- Uuid of the virtualservice.
vh_domain_name:
description:
- The exact name requested from the client's sni-enabled tls hello domain name field.
- If this is a match, the parent vs will forward the connection to this child vs.
vh_parent_vs_uuid:
description:
- Specifies the virtual service acting as virtual hosting (sni) parent.
vip:
description:
- List of virtual service ips.
- While creating a 'shared vs',please use vsvip_ref to point to the shared entities.
- Field introduced in 17.1.1.
vrf_context_ref:
description:
- Virtual routing context that the virtual service is bound to.
- This is used to provide the isolation of the set of networks the application is attached to.
- It is a reference to an object of type vrfcontext.
vs_datascripts:
description:
- Datascripts applied on the data traffic of the virtual service.
vsvip_cloud_config_cksum:
description:
- Checksum of cloud configuration for vsvip.
- Internally set by cloud connector.
- Field introduced in 17.2.9, 18.1.2.
vsvip_ref:
description:
- Mostly used during the creation of shared vs, this field refers to entities that can be shared across virtual services.
- It is a reference to an object of type vsvip.
- Field introduced in 17.1.1.
waf_policy_ref:
description:
- Waf policy for the virtual service.
- It is a reference to an object of type wafpolicy.
- Field introduced in 17.2.1.
weight:
description:
- The quality of service weight to assign to traffic transmitted from this virtual service.
- A higher weight will prioritize traffic versus other virtual services sharing the same service engines.
- Allowed values are 1-128.
- Default value when not specified in API or module is interpreted by Avi Controller as 1.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Create SSL Virtual Service using Pool testpool2
avi_virtualservice:
controller: 10.10.27.90
username: admin
password: AviNetworks123!
name: newtestvs
state: present
performance_limits:
max_concurrent_connections: 1000
services:
- port: 443
enable_ssl: true
- port: 80
ssl_profile_ref: '/api/sslprofile?name=System-Standard'
application_profile_ref: '/api/applicationprofile?name=System-Secure-HTTP'
ssl_key_and_certificate_refs:
- '/api/sslkeyandcertificate?name=System-Default-Cert'
ip_address:
addr: 10.90.131.103
type: V4
pool_ref: '/api/pool?name=testpool2'
"""
RETURN = '''
obj:
description: VirtualService (api/virtualservice) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
active_standby_se_tag=dict(type='str',),
allow_invalid_client_cert=dict(type='bool',),
analytics_policy=dict(type='dict',),
analytics_profile_ref=dict(type='str',),
apic_contract_graph=dict(type='str',),
application_profile_ref=dict(type='str',),
auto_allocate_floating_ip=dict(type='bool',),
auto_allocate_ip=dict(type='bool',),
availability_zone=dict(type='str',),
avi_allocated_fip=dict(type='bool',),
avi_allocated_vip=dict(type='bool',),
azure_availability_set=dict(type='str',),
bulk_sync_kvcache=dict(type='bool',),
client_auth=dict(type='dict',),
close_client_conn_on_config_update=dict(type='bool',),
cloud_config_cksum=dict(type='str',),
cloud_ref=dict(type='str',),
cloud_type=dict(type='str',),
connections_rate_limit=dict(type='dict',),
content_rewrite=dict(type='dict',),
created_by=dict(type='str',),
delay_fairness=dict(type='bool',),
description=dict(type='str',),
discovered_network_ref=dict(type='list',),
discovered_networks=dict(type='list',),
discovered_subnet=dict(type='list',),
dns_info=dict(type='list',),
dns_policies=dict(type='list',),
east_west_placement=dict(type='bool',),
enable_autogw=dict(type='bool',),
enable_rhi=dict(type='bool',),
enable_rhi_snat=dict(type='bool',),
enabled=dict(type='bool',),
error_page_profile_ref=dict(type='str',),
floating_ip=dict(type='dict',),
floating_subnet_uuid=dict(type='str',),
flow_dist=dict(type='str',),
flow_label_type=dict(type='str',),
fqdn=dict(type='str',),
host_name_xlate=dict(type='str',),
http_policies=dict(type='list',),
ign_pool_net_reach=dict(type='bool',),
ip_address=dict(type='dict',),
ipam_network_subnet=dict(type='dict',),
l4_policies=dict(type='list',),
limit_doser=dict(type='bool',),
max_cps_per_client=dict(type='int',),
microservice_ref=dict(type='str',),
min_pools_up=dict(type='int',),
name=dict(type='str', required=True),
network_profile_ref=dict(type='str',),
network_ref=dict(type='str',),
network_security_policy_ref=dict(type='str',),
nsx_securitygroup=dict(type='list',),
performance_limits=dict(type='dict',),
pool_group_ref=dict(type='str',),
pool_ref=dict(type='str',),
port_uuid=dict(type='str',),
remove_listening_port_on_vs_down=dict(type='bool',),
requests_rate_limit=dict(type='dict',),
saml_sp_config=dict(type='dict',),
scaleout_ecmp=dict(type='bool',),
se_group_ref=dict(type='str',),
security_policy_ref=dict(type='str',),
server_network_profile_ref=dict(type='str',),
service_metadata=dict(type='str',),
service_pool_select=dict(type='list',),
services=dict(type='list',),
sideband_profile=dict(type='dict',),
snat_ip=dict(type='list',),
sp_pool_refs=dict(type='list',),
ssl_key_and_certificate_refs=dict(type='list',),
ssl_profile_ref=dict(type='str',),
ssl_profile_selectors=dict(type='list',),
ssl_sess_cache_avg_size=dict(type='int',),
sso_policy=dict(type='dict',),
sso_policy_ref=dict(type='str',),
static_dns_records=dict(type='list',),
subnet=dict(type='dict',),
subnet_uuid=dict(type='str',),
tenant_ref=dict(type='str',),
topology_policies=dict(type='list',),
traffic_clone_profile_ref=dict(type='str',),
traffic_enabled=dict(type='bool',),
type=dict(type='str',),
url=dict(type='str',),
use_bridge_ip_as_vip=dict(type='bool',),
use_vip_as_snat=dict(type='bool',),
uuid=dict(type='str',),
vh_domain_name=dict(type='list',),
vh_parent_vs_uuid=dict(type='str',),
vip=dict(type='list',),
vrf_context_ref=dict(type='str',),
vs_datascripts=dict(type='list',),
vsvip_cloud_config_cksum=dict(type='str',),
vsvip_ref=dict(type='str',),
waf_policy_ref=dict(type='str',),
weight=dict(type='int',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'virtualservice',
set([]))
if __name__ == '__main__':
main()

145
plugins/modules/network/avi/avi_vrfcontext.py Normal file
View File

@@ -0,0 +1,145 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.2
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_vrfcontext
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of VrfContext Avi RESTful Object
description:
- This module is used to configure VrfContext object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
bgp_profile:
description:
- Bgp local and peer info.
cloud_ref:
description:
- It is a reference to an object of type cloud.
debugvrfcontext:
description:
- Configure debug flags for vrf.
- Field introduced in 17.1.1.
description:
description:
- User defined description for the object.
gateway_mon:
description:
- Configure ping based heartbeat check for gateway in service engines of vrf.
internal_gateway_monitor:
description:
- Configure ping based heartbeat check for all default gateways in service engines of vrf.
- Field introduced in 17.1.1.
name:
description:
- Name of the object.
required: true
static_routes:
description:
- List of staticroute.
system_default:
description:
- Boolean flag to set system_default.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Unique object identifier of the object.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create VrfContext object
avi_vrfcontext:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_vrfcontext
"""
RETURN = '''
obj:
description: VrfContext (api/vrfcontext) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
bgp_profile=dict(type='dict',),
cloud_ref=dict(type='str',),
debugvrfcontext=dict(type='dict',),
description=dict(type='str',),
gateway_mon=dict(type='list',),
internal_gateway_monitor=dict(type='dict',),
name=dict(type='str', required=True),
static_routes=dict(type='list',),
system_default=dict(type='bool',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'vrfcontext',
set([]))
if __name__ == '__main__':
main()

148
plugins/modules/network/avi/avi_vsdatascriptset.py Normal file
View File

@@ -0,0 +1,148 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.1
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_vsdatascriptset
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of VSDataScriptSet Avi RESTful Object
description:
- This module is used to configure VSDataScriptSet object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
created_by:
description:
- Creator name.
- Field introduced in 17.1.11,17.2.4.
datascript:
description:
- Datascripts to execute.
description:
description:
- User defined description for the object.
ipgroup_refs:
description:
- Uuid of ip groups that could be referred by vsdatascriptset objects.
- It is a reference to an object of type ipaddrgroup.
name:
description:
- Name for the virtual service datascript collection.
required: true
pool_group_refs:
description:
- Uuid of pool groups that could be referred by vsdatascriptset objects.
- It is a reference to an object of type poolgroup.
pool_refs:
description:
- Uuid of pools that could be referred by vsdatascriptset objects.
- It is a reference to an object of type pool.
protocol_parser_refs:
description:
- List of protocol parsers that could be referred by vsdatascriptset objects.
- It is a reference to an object of type protocolparser.
- Field introduced in 18.2.3.
string_group_refs:
description:
- Uuid of string groups that could be referred by vsdatascriptset objects.
- It is a reference to an object of type stringgroup.
tenant_ref:
description:
- It is a reference to an object of type tenant.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the virtual service datascript collection.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create VSDataScriptSet object
avi_vsdatascriptset:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_vsdatascriptset
"""
RETURN = '''
obj:
description: VSDataScriptSet (api/vsdatascriptset) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
created_by=dict(type='str',),
datascript=dict(type='list',),
description=dict(type='str',),
ipgroup_refs=dict(type='list',),
name=dict(type='str', required=True),
pool_group_refs=dict(type='list',),
pool_refs=dict(type='list',),
protocol_parser_refs=dict(type='list',),
string_group_refs=dict(type='list',),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'vsdatascriptset',
set([]))
if __name__ == '__main__':
main()

155
plugins/modules/network/avi/avi_vsvip.py Normal file
View File

@@ -0,0 +1,155 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
# Avi Version: 17.1.2
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_vsvip
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of VsVip Avi RESTful Object
description:
- This module is used to configure VsVip object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
cloud_ref:
description:
- It is a reference to an object of type cloud.
- Field introduced in 17.1.1.
dns_info:
description:
- Service discovery specific data including fully qualified domain name, type and time-to-live of the dns record.
- Field introduced in 17.1.1.
east_west_placement:
description:
- Force placement on all service engines in the service engine group (container clouds only).
- Field introduced in 17.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller as False.
type: bool
name:
description:
- Name for the vsvip object.
- Field introduced in 17.1.1.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.1.1.
url:
description:
- Avi controller URL of the object.
use_standard_alb:
description:
- This overrides the cloud level default and needs to match the se group value in which it will be used if the se group use_standard_alb value is
- set.
- This is only used when fip is used for vs on azure cloud.
- Field introduced in 18.2.3.
type: bool
uuid:
description:
- Uuid of the vsvip object.
- Field introduced in 17.1.1.
vip:
description:
- List of virtual service ips and other shareable entities.
- Field introduced in 17.1.1.
vrf_context_ref:
description:
- Virtual routing context that the virtual service is bound to.
- This is used to provide the isolation of the set of networks the application is attached to.
- It is a reference to an object of type vrfcontext.
- Field introduced in 17.1.1.
vsvip_cloud_config_cksum:
description:
- Checksum of cloud configuration for vsvip.
- Internally set by cloud connector.
- Field introduced in 17.2.9, 18.1.2.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create VsVip object
avi_vsvip:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_vsvip
"""
RETURN = '''
obj:
description: VsVip (api/vsvip) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
cloud_ref=dict(type='str',),
dns_info=dict(type='list',),
east_west_placement=dict(type='bool',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
use_standard_alb=dict(type='bool',),
uuid=dict(type='str',),
vip=dict(type='list',),
vrf_context_ref=dict(type='str',),
vsvip_cloud_config_cksum=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'vsvip',
set([]))
if __name__ == '__main__':
main()

125
plugins/modules/network/avi/avi_webhook.py Normal file
View File

@@ -0,0 +1,125 @@
#!/usr/bin/python
#
# @author: Gaurav Rastogi (grastogi@avinetworks.com)
# Eric Anderson (eanderson@avinetworks.com)
# module_check: supported
#
# Copyright: (c) 2017 Gaurav Rastogi, <grastogi@avinetworks.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: avi_webhook
author: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
short_description: Module for setup of Webhook Avi RESTful Object
description:
- This module is used to configure Webhook object
- more examples at U(https://github.com/avinetworks/devops)
requirements: [ avisdk ]
options:
state:
description:
- The state that should be applied on the entity.
default: present
choices: ["absent", "present"]
avi_api_update_method:
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
default: put
choices: ["put", "patch"]
avi_api_patch_op:
description:
- Patch operation to use when using avi_api_update_method as patch.
choices: ["add", "replace", "delete"]
callback_url:
description:
- Callback url for the webhook.
- Field introduced in 17.1.1.
description:
description:
- Field introduced in 17.1.1.
name:
description:
- The name of the webhook profile.
- Field introduced in 17.1.1.
required: true
tenant_ref:
description:
- It is a reference to an object of type tenant.
- Field introduced in 17.1.1.
url:
description:
- Avi controller URL of the object.
uuid:
description:
- Uuid of the webhook profile.
- Field introduced in 17.1.1.
verification_token:
description:
- Verification token sent back with the callback asquery parameters.
- Field introduced in 17.1.1.
extends_documentation_fragment:
- community.general.avi
'''
EXAMPLES = """
- name: Example to create Webhook object
avi_webhook:
controller: 10.10.25.42
username: admin
password: something
state: present
name: sample_webhook
"""
RETURN = '''
obj:
description: Webhook (api/webhook) object
returned: success, changed
type: dict
'''
from ansible.module_utils.basic import AnsibleModule
try:
from ansible_collections.community.general.plugins.module_utils.network.avi.avi import (
avi_common_argument_spec, avi_ansible_api, HAS_AVI)
except ImportError:
HAS_AVI = False
def main():
argument_specs = dict(
state=dict(default='present',
choices=['absent', 'present']),
avi_api_update_method=dict(default='put',
choices=['put', 'patch']),
avi_api_patch_op=dict(choices=['add', 'replace', 'delete']),
callback_url=dict(type='str',),
description=dict(type='str',),
name=dict(type='str', required=True),
tenant_ref=dict(type='str',),
url=dict(type='str',),
uuid=dict(type='str',),
verification_token=dict(type='str',),
)
argument_specs.update(avi_common_argument_spec())
module = AnsibleModule(
argument_spec=argument_specs, supports_check_mode=True)
if not HAS_AVI:
return module.fail_json(msg=(
'Avi python API SDK (avisdk>=17.1) or requests is not installed. '
'For more details visit https://github.com/avinetworks/sdk.'))
return avi_ansible_api(module, 'webhook',
set([]))
if __name__ == '__main__':
main()

161
plugins/modules/network/bigswitch/bcf_switch.py Normal file
View File

@@ -0,0 +1,161 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2017, Ted Elhourani <ted@bigswitch.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: bcf_switch
author: "Ted (@tedelhourani)"
short_description: Create and remove a bcf switch.
description:
- Create and remove a Big Cloud Fabric switch.
options:
name:
description:
- The name of the switch.
required: true
fabric_role:
description:
- Fabric role of the switch.
choices: ['spine', 'leaf']
required: true
leaf_group:
description:
- The leaf group of the switch if the switch is a leaf.
required: false
mac:
description:
- The MAC address of the switch.
required: true
state:
description:
- Whether the switch should be present or absent.
default: present
choices: ['present', 'absent']
controller:
description:
- The controller IP address.
required: true
validate_certs:
description:
- If C(false), SSL certificates will not be validated. This should only be used
on personally controlled devices using self-signed certificates.
required: false
default: true
type: bool
access_token:
description:
- Big Cloud Fabric access token. If this isn't set then the environment variable C(BIGSWITCH_ACCESS_TOKEN) is used.
'''
EXAMPLES = '''
- name: bcf leaf switch
bcf_switch:
name: Rack1Leaf1
fabric_role: leaf
leaf_group: R1
mac: 00:00:00:02:00:02
controller: '{{ inventory_hostname }}'
state: present
validate_certs: false
'''
RETURN = ''' # '''
import os
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.network.bigswitch.bigswitch import Rest
from ansible.module_utils._text import to_native
def switch(module, check_mode):
try:
access_token = module.params['access_token'] or os.environ['BIGSWITCH_ACCESS_TOKEN']
except KeyError as e:
module.fail_json(msg='Unable to load %s' % e.message, exception=traceback.format_exc())
name = module.params['name']
fabric_role = module.params['fabric_role']
leaf_group = module.params['leaf_group']
dpid = '00:00:' + module.params['mac']
state = module.params['state']
controller = module.params['controller']
rest = Rest(module,
{'content-type': 'application/json', 'Cookie': 'session_cookie=' + access_token},
'https://' + controller + ':8443/api/v1/data/controller/core')
response = rest.get('switch-config', data={})
if response.status_code != 200:
module.fail_json(msg="failed to obtain existing switch config: {0}".format(response.json['description']))
config_present = False
for switch in response.json:
if all((switch['name'] == name,
switch['fabric-role'] == fabric_role,
switch['dpid'] == dpid)):
config_present = switch.get('leaf-group', None) == leaf_group
if config_present:
break
if state in ('present') and config_present:
module.exit_json(changed=False)
if state in ('absent') and not config_present:
module.exit_json(changed=False)
if check_mode:
module.exit_json(changed=True)
if state in ('present'):
data = {'name': name, 'fabric-role': fabric_role, 'leaf-group': leaf_group, 'dpid': dpid}
response = rest.put('switch-config[name="%s"]' % name, data)
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error configuring switch '{0}': {1}".format(name, response.json['description']))
if state in ('absent'):
response = rest.delete('switch-config[name="%s"]' % name, data={})
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error deleting switch '{0}': {1}".format(name, response.json['description']))
def main():
module = AnsibleModule(
argument_spec=dict(
name=dict(type='str', required=True),
fabric_role=dict(choices=['spine', 'leaf'], required=True),
leaf_group=dict(type='str', required=False),
mac=dict(type='str', required=True),
controller=dict(type='str', required=True),
state=dict(choices=['present', 'absent'], default='present'),
validate_certs=dict(type='bool', default='True'),
access_token=dict(type='str', no_log=True)
),
supports_check_mode=True,
)
try:
switch(module, check_mode=module.check_mode)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
if __name__ == '__main__':
main()

137
plugins/modules/network/bigswitch/bigmon_chain.py Normal file
View File

@@ -0,0 +1,137 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2016, Ted Elhourani <ted@bigswitch.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Ansible module to manage Big Monitoring Fabric service chains
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: bigmon_chain
author: "Ted (@tedelhourani)"
short_description: Create and remove a bigmon inline service chain.
description:
- Create and remove a bigmon inline service chain.
options:
name:
description:
- The name of the chain.
required: true
state:
description:
- Whether the service chain should be present or absent.
default: present
choices: ['present', 'absent']
controller:
description:
- The controller IP address.
required: true
validate_certs:
description:
- If C(false), SSL certificates will not be validated. This should only be used
on personally controlled devices using self-signed certificates.
required: false
default: true
type: bool
access_token:
description:
- Bigmon access token. If this isn't set, the environment variable C(BIGSWITCH_ACCESS_TOKEN) is used.
'''
EXAMPLES = '''
- name: bigmon inline service chain
bigmon_chain:
name: MyChain
controller: '{{ inventory_hostname }}'
state: present
validate_certs: false
'''
RETURN = ''' # '''
import os
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.network.bigswitch.bigswitch import Rest
from ansible.module_utils._text import to_native
def chain(module):
try:
access_token = module.params['access_token'] or os.environ['BIGSWITCH_ACCESS_TOKEN']
except KeyError as e:
module.fail_json(msg='Unable to load %s' % e.message, exception=traceback.format_exc())
name = module.params['name']
state = module.params['state']
controller = module.params['controller']
rest = Rest(module,
{'content-type': 'application/json', 'Cookie': 'session_cookie=' + access_token},
'https://' + controller + ':8443/api/v1/data/controller/applications/bigchain')
if None in (name, state, controller):
module.fail_json(msg='parameter `name` is missing')
response = rest.get('chain?config=true', data={})
if response.status_code != 200:
module.fail_json(msg="failed to obtain existing chain config: {0}".format(response.json['description']))
config_present = False
matching = [chain for chain in response.json if chain['name'] == name]
if matching:
config_present = True
if state in ('present') and config_present:
module.exit_json(changed=False)
if state in ('absent') and not config_present:
module.exit_json(changed=False)
if state in ('present'):
response = rest.put('chain[name="%s"]' % name, data={'name': name})
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error creating chain '{0}': {1}".format(name, response.json['description']))
if state in ('absent'):
response = rest.delete('chain[name="%s"]' % name, data={})
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error deleting chain '{0}': {1}".format(name, response.json['description']))
def main():
module = AnsibleModule(
argument_spec=dict(
name=dict(type='str', required=True),
controller=dict(type='str', required=True),
state=dict(choices=['present', 'absent'], default='present'),
validate_certs=dict(type='bool', default='True'),
access_token=dict(type='str', no_log=True)
)
)
try:
chain(module)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
if __name__ == '__main__':
main()

188
plugins/modules/network/bigswitch/bigmon_policy.py Normal file
View File

@@ -0,0 +1,188 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2016, Ted Elhourani <ted@bigswitch.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Ansible module to manage Big Monitoring Fabric service chains
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: bigmon_policy
author: "Ted (@tedelhourani)"
short_description: Create and remove a bigmon out-of-band policy.
description:
- Create and remove a bigmon out-of-band policy.
options:
name:
description:
- The name of the policy.
required: true
policy_description:
description:
- Description of policy.
action:
description:
- Forward matching packets to delivery interfaces, Drop is for measure rate of matching packets,
but do not forward to delivery interfaces, capture packets and write to a PCAP file, or enable NetFlow generation.
default: forward
choices: ['forward', 'drop', 'flow-gen']
priority:
description:
- A priority associated with this policy. The higher priority policy takes precedence over a lower priority.
default: 100
duration:
description:
- Run policy for duration duration or until delivery_packet_count packets are delivered, whichever comes first.
default: 0
start_time:
description:
- Date the policy becomes active
default: ansible_date_time.iso8601
delivery_packet_count:
description:
- Run policy until delivery_packet_count packets are delivered.
default: 0
state:
description:
- Whether the policy should be present or absent.
default: present
choices: ['present', 'absent']
controller:
description:
- The controller address.
required: true
validate_certs:
description:
- If C(false), SSL certificates will not be validated. This should only be used
on personally controlled devices using self-signed certificates.
required: false
default: true
type: bool
access_token:
description:
- Bigmon access token. If this isn't set, the environment variable C(BIGSWITCH_ACCESS_TOKEN) is used.
'''
EXAMPLES = '''
- name: policy to aggregate filter and deliver data center (DC) 1 traffic
bigmon_policy:
name: policy1
policy_description: DC 1 traffic policy
action: drop
controller: '{{ inventory_hostname }}'
state: present
validate_certs: false
'''
RETURN = ''' # '''
import datetime
import os
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.network.bigswitch.bigswitch import Rest
from ansible.module_utils._text import to_native
def policy(module):
try:
access_token = module.params['access_token'] or os.environ['BIGSWITCH_ACCESS_TOKEN']
except KeyError as e:
module.fail_json(msg='Unable to load %s' % e.message, exception=traceback.format_exc())
name = module.params['name']
policy_description = module.params['policy_description']
action = module.params['action']
priority = module.params['priority']
duration = module.params['duration']
start_time = module.params['start_time']
delivery_packet_count = module.params['delivery_packet_count']
state = module.params['state']
controller = module.params['controller']
rest = Rest(module,
{'content-type': 'application/json', 'Cookie': 'session_cookie=' + access_token},
'https://' + controller + ':8443/api/v1/data/controller/applications/bigtap')
if name is None:
module.fail_json(msg='parameter `name` is missing')
response = rest.get('policy?config=true', data={})
if response.status_code != 200:
module.fail_json(msg="failed to obtain existing policy config: {0}".format(response.json['description']))
config_present = False
matching = [policy for policy in response.json
if policy['name'] == name and
policy['duration'] == duration and
policy['delivery-packet-count'] == delivery_packet_count and
policy['policy-description'] == policy_description and
policy['action'] == action and
policy['priority'] == priority]
if matching:
config_present = True
if state in ('present') and config_present:
module.exit_json(changed=False)
if state in ('absent') and not config_present:
module.exit_json(changed=False)
if state in ('present'):
data = {'name': name, 'action': action, 'policy-description': policy_description,
'priority': priority, 'duration': duration, 'start-time': start_time,
'delivery-packet-count': delivery_packet_count}
response = rest.put('policy[name="%s"]' % name, data=data)
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error creating policy '{0}': {1}".format(name, response.json['description']))
if state in ('absent'):
response = rest.delete('policy[name="%s"]' % name, data={})
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error deleting policy '{0}': {1}".format(name, response.json['description']))
def main():
module = AnsibleModule(
argument_spec=dict(
name=dict(type='str', required=True),
policy_description=dict(type='str', default=''),
action=dict(choices=['forward', 'drop', 'capture', 'flow-gen'], default='forward'),
priority=dict(type='int', default=100),
duration=dict(type='int', default=0),
start_time=dict(type='str', default=datetime.datetime.now().isoformat() + '+00:00'),
delivery_packet_count=dict(type='int', default=0),
controller=dict(type='str', required=True),
state=dict(choices=['present', 'absent'], default='present'),
validate_certs=dict(type='bool', default='True'),
access_token=dict(type='str', no_log=True)
)
)
try:
policy(module)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
if __name__ == '__main__':
main()

101
plugins/modules/network/check_point/checkpoint_access_layer_facts.py Normal file
View File

@@ -0,0 +1,101 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_access_layer_facts
short_description: Get access layer facts on Check Point over Web Services API
description:
- Get access layer facts on Check Point devices.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
uid:
description:
- UID of access layer object.
type: str
name:
description:
- Name of the access layer object.
type: str
'''
EXAMPLES = """
- name: Get object facts
checkpoint_access_layer_facts:
"""
RETURN = """
ansible_facts:
description: The checkpoint access layer facts.
returned: always.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
def get_access_layer(module, connection):
uid = module.params['uid']
name = module.params['name']
payload = {}
if uid:
payload = {'uid': uid}
code, result = connection.send_request('/web_api/show-access-layer', payload)
elif name:
payload = {'name': name}
code, result = connection.send_request('/web_api/show-access-layer', payload)
else:
code, result = connection.send_request('/web_api/show-access-layers', payload)
return code, result
def main():
argument_spec = dict(
uid=dict(type='str', default=None),
name=dict(type='str', default=None)
)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_access_layer(module, connection)
if code == 200:
module.exit_json(ansible_facts=dict(checkpoint_access_layers=response))
else:
module.fail_json(msg='Check Point device returned error {0} with message {1}'.format(code, response))
if __name__ == '__main__':
main()

274
plugins/modules/network/check_point/checkpoint_access_rule.py Normal file
View File

@@ -0,0 +1,274 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_access_rule
short_description: Manages access rules on Check Point over Web Services API
description:
- Manages access rules on Check Point devices including creating, updating, removing access rules objects,
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
name:
description:
- Name of the access rule.
type: str
layer:
description:
- Layer to attach the access rule to.
required: True
type: str
position:
description:
- Position of the access rule.
type: str
source:
description:
- Source object of the access rule.
type: str
destination:
description:
- Destination object of the access rule.
type: str
action:
description:
- Action of the access rule (accept, drop, inform, etc).
type: str
default: drop
enabled:
description:
- Enabled or disabled flag.
type: bool
default: True
state:
description:
- State of the access rule (present or absent). Defaults to present.
type: str
default: present
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
default: 'yes'
auto_install_policy:
description:
- Install the package policy if changes have been performed
after the task completes.
type: bool
default: 'yes'
policy_package:
description:
- Package policy name to be installed.
type: str
default: 'standard'
targets:
description:
- Targets to install the package policy on.
type: list
'''
EXAMPLES = """
- name: Create access rule
checkpoint_access_rule:
layer: Network
name: "Drop attacker"
position: top
source: attacker
destination: Any
action: Drop
- name: Delete access rule
checkpoint_access_rule:
layer: Network
name: "Drop attacker"
"""
RETURN = """
checkpoint_access_rules:
description: The checkpoint access rule object created or updated.
returned: always, except when deleting the access rule.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible_collections.check_point.mgmt.plugins.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, publish, install_policy
def get_access_rule(module, connection):
name = module.params['name']
layer = module.params['layer']
payload = {'name': name, 'layer': layer}
code, response = connection.send_request('/web_api/show-access-rule', payload)
return code, response
def create_access_rule(module, connection):
name = module.params['name']
layer = module.params['layer']
position = module.params['position']
source = module.params['source']
destination = module.params['destination']
action = module.params['action']
payload = {'name': name,
'layer': layer,
'position': position,
'source': source,
'destination': destination,
'action': action}
code, response = connection.send_request('/web_api/add-access-rule', payload)
return code, response
def update_access_rule(module, connection):
name = module.params['name']
layer = module.params['layer']
position = module.params['position']
source = module.params['source']
destination = module.params['destination']
action = module.params['action']
enabled = module.params['enabled']
payload = {'name': name,
'layer': layer,
'position': position,
'source': source,
'destination': destination,
'action': action,
'enabled': enabled}
code, response = connection.send_request('/web_api/set-access-rule', payload)
return code, response
def delete_access_rule(module, connection):
name = module.params['name']
layer = module.params['layer']
payload = {'name': name,
'layer': layer,
}
code, response = connection.send_request('/web_api/delete-access-rule', payload)
return code, response
def needs_update(module, access_rule):
res = False
if module.params['source'] and module.params['source'] != access_rule['source'][0]['name']:
res = True
if module.params['destination'] and module.params['destination'] != access_rule['destination'][0]['name']:
res = True
if module.params['action'] != access_rule['action']['name']:
res = True
if module.params['enabled'] != access_rule['enabled']:
res = True
return res
def main():
argument_spec = dict(
name=dict(type='str', required=True),
layer=dict(type='str'),
position=dict(type='str'),
source=dict(type='str'),
destination=dict(type='str'),
action=dict(type='str', default='drop'),
enabled=dict(type='bool', default=True),
state=dict(type='str', default='present')
)
argument_spec.update(checkpoint_argument_spec)
required_if = [('state', 'present', ('layer', 'position'))]
module = AnsibleModule(argument_spec=argument_spec, required_if=required_if)
connection = Connection(module._socket_path)
code, response = get_access_rule(module, connection)
result = {'changed': False}
if module.params['state'] == 'present':
if code == 200:
if needs_update(module, response):
code, response = update_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
else:
pass
elif code == 404:
code, response = create_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
else:
if code == 200:
code, response = delete_access_rule(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_access_rules'] = response
elif code == 404:
pass
result['checkpoint_session_uid'] = connection.get_session_uid()
module.exit_json(**result)
if __name__ == '__main__':
main()

104
plugins/modules/network/check_point/checkpoint_access_rule_facts.py Normal file
View File

@@ -0,0 +1,104 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_access_rule_facts
short_description: Get access rules objects facts on Check Point over Web Services API
description:
- Get access rules objects facts on Check Point devices.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
name:
description:
- Name of the access rule. If not provided, UID is required.
type: str
uid:
description:
- UID of the access rule. If not provided, name is required.
type: str
layer:
description:
- Layer the access rule is attached to.
required: True
type: str
'''
EXAMPLES = """
- name: Get access rule facts
checkpoint_access_rule_facts:
layer: Network
name: "Drop attacker"
"""
RETURN = """
ansible_facts:
description: The checkpoint access rule object facts.
returned: always.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
def get_access_rule(module, connection):
name = module.params['name']
uid = module.params['uid']
layer = module.params['layer']
if uid:
payload = {'uid': uid, 'layer': layer}
elif name:
payload = {'name': name, 'layer': layer}
code, response = connection.send_request('/web_api/show-access-rule', payload)
return code, response
def main():
argument_spec = dict(
name=dict(type='str'),
uid=dict(type='str'),
layer=dict(type='str', required=True),
)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_access_rule(module, connection)
if code == 200:
module.exit_json(ansible_facts=dict(checkpoint_access_rules=response))
else:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
if __name__ == '__main__':
main()

215
plugins/modules/network/check_point/checkpoint_host.py Normal file
View File

@@ -0,0 +1,215 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_host
short_description: Manages host objects on Check Point over Web Services API
description:
- Manages host objects on Check Point devices including creating, updating, removing access rules objects.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
name:
description:
- Name of the access rule.
type: str
required: True
ip_address:
description:
- IP address of the host object.
type: str
state:
description:
- State of the access rule (present or absent). Defaults to present.
type: str
default: present
auto_publish_session:
description:
- Publish the current session if changes have been performed
after task completes.
type: bool
default: 'yes'
auto_install_policy:
description:
- Install the package policy if changes have been performed
after the task completes.
type: bool
default: 'yes'
policy_package:
description:
- Package policy name to be installed.
type: str
default: 'standard'
targets:
description:
- Targets to install the package policy on.
type: list
'''
EXAMPLES = """
- name: Create host object
checkpoint_host:
name: attacker
ip_address: 192.168.0.15
- name: Delete host object
checkpoint_host:
name: attacker
state: absent
"""
RETURN = """
checkpoint_hosts:
description: The checkpoint host object created or updated.
returned: always, except when deleting the host.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
from ansible_collections.check_point.mgmt.plugins.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, publish, install_policy
def get_host(module, connection):
name = module.params['name']
payload = {'name': name}
code, response = connection.send_request('/web_api/show-host', payload)
return code, response
def create_host(module, connection):
name = module.params['name']
ip_address = module.params['ip_address']
payload = {'name': name,
'ip-address': ip_address}
code, response = connection.send_request('/web_api/add-host', payload)
return code, response
def update_host(module, connection):
name = module.params['name']
ip_address = module.params['ip_address']
payload = {'name': name,
'ip-address': ip_address}
code, response = connection.send_request('/web_api/set-host', payload)
return code, response
def delete_host(module, connection):
name = module.params['name']
payload = {'name': name}
code, response = connection.send_request('/web_api/delete-host', payload)
return code, response
def needs_update(module, host):
res = False
if module.params['ip_address'] != host['ipv4-address']:
res = True
return res
def main():
argument_spec = dict(
name=dict(type='str', required=True),
ip_address=dict(type='str'),
state=dict(type='str', default='present')
)
argument_spec.update(checkpoint_argument_spec)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_host(module, connection)
result = {'changed': False}
if module.params['state'] == 'present':
if code == 200:
if needs_update(module, response):
code, response = update_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_hosts'] = response
else:
pass
elif code == 404:
code, response = create_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_hosts'] = response
else:
if code == 200:
# Handle deletion
code, response = delete_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)
if module.params['auto_install_policy']:
install_policy(connection, module.params['policy_package'], module.params['targets'])
result['changed'] = True
result['checkpoint_hosts'] = response
elif code == 404:
pass
result['checkpoint_session_uid'] = connection.get_session_uid()
module.exit_json(**result)
if __name__ == '__main__':
main()

99
plugins/modules/network/check_point/checkpoint_host_facts.py Normal file
View File

@@ -0,0 +1,99 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_host_facts
short_description: Get host objects facts on Check Point over Web Services API
description:
- Get host objects facts on Check Point devices.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
name:
description:
- Name of the host object. If name is not provided, UID is required.
type: str
uid:
description:
- UID of the host object. If UID is not provided, name is required.
type: str
'''
EXAMPLES = """
- name: Get host object facts
checkpoint_host_facts:
name: attacker
"""
RETURN = """
ansible_hosts:
description: The checkpoint host object facts.
returned: always.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
def get_host(module, connection):
name = module.params['name']
uid = module.params['uid']
if uid:
payload = {'uid': uid}
elif name:
payload = {'name': name}
code, result = connection.send_request('/web_api/show-host', payload)
return code, result
def main():
argument_spec = dict(
name=dict(type='str'),
uid=dict(type='str'),
)
required_one_of = [('name', 'uid')]
module = AnsibleModule(argument_spec=argument_spec, required_one_of=required_one_of)
connection = Connection(module._socket_path)
code, response = get_host(module, connection)
if code == 200:
module.exit_json(ansible_facts=dict(checkpoint_hosts=response))
else:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
if __name__ == '__main__':
main()

113
plugins/modules/network/check_point/checkpoint_object_facts.py Normal file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_object_facts
short_description: Get object facts on Check Point over Web Services API
description:
- Get object facts on Check Point devices.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
uid:
description:
- UID of the object. If UID is not provided, it will do a full search
which can be filtered with the filter argument.
object_filter:
description:
- Filter expression for search. It accepts AND/OR logical operators and performs a textual
and IP address search. To search only by IP address, set ip_only argument to True.
which can be filtered with the filter argument.
ip_only:
description:
- Filter only by IP address.
type: bool
default: false
object_type:
description:
- Type of the object to search. Must be a valid API resource name
type: str
'''
EXAMPLES = """
- name: Get object facts
checkpoint_object_facts:
object_filter: 192.168.30.30
ip_only: yes
"""
RETURN = """
ansible_hosts:
description: The checkpoint object facts.
returned: always.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
def get_object(module, connection):
uid = module.params['uid']
object_filter = module.params['object_filter']
ip_only = module.params['ip_only']
object_type = module.params['object_type']
if uid:
payload = {'uid': uid}
code, result = connection.send_request('/web_api/show-object', payload)
else:
payload = {'filter': object_filter, 'ip-only': ip_only, 'type': object_type}
code, result = connection.send_request('/web_api/show-objects', payload)
return code, result
def main():
argument_spec = dict(
uid=dict(type='str', default=None),
object_filter=dict(type='str', default=None),
ip_only=dict(type='bool', default=False),
object_type=dict(type='str', default=None)
)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_object(module, connection)
if code == 200:
module.exit_json(ansible_facts=dict(checkpoint_objects=response))
else:
module.fail_json(msg='Check Point device returned error {0} with message {1}'.format(code, response))
if __name__ == '__main__':
main()

110
plugins/modules/network/check_point/checkpoint_run_script.py Normal file
View File

@@ -0,0 +1,110 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_run_script
short_description: Run scripts on Check Point devices over Web Services API
description:
- Run scripts on Check Point devices.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
script_name:
description:
- Name of the script.
type: str
required: True
script:
description:
- Script body contents.
type: str
required: True
targets:
description:
- Targets the script should be run against. Can reference either name or UID.
type: list
required: True
'''
EXAMPLES = """
- name: Run script
checkpoint_run_script:
script_name: "List root"
script: ls -l /
targets:
- mycheckpointgw
"""
RETURN = """
checkpoint_run_script:
description: The checkpoint run script output.
returned: always.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
def run_script(module, connection):
script_name = module.params['script_name']
script = module.params['script']
targets = module.params['targets']
payload = {'script-name': script_name,
'script': script,
'targets': targets}
code, response = connection.send_request('/web_api/run-script', payload)
return code, response
def main():
argument_spec = dict(
script_name=dict(type='str', required=True),
script=dict(type='str', required=True),
targets=dict(type='list', required=True)
)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = run_script(module, connection)
result = {'changed': True}
if code == 200:
result['checkpoint_run_script'] = response
else:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
module.exit_json(**result)
if __name__ == '__main__':
main()

114
plugins/modules/network/check_point/checkpoint_session.py Normal file
View File

@@ -0,0 +1,114 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_session
short_description: Manages session objects on Check Point over Web Services API
description:
- Manages session objects on Check Point devices performing actions like publish and discard.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
uid:
description:
- UID of the session.
type: str
required: True
state:
description:
- Action to perform on the session object. Valid choices are published and discarded.
type: str
choices: ['published', 'discarded']
default: published
'''
EXAMPLES = """
- name: Publish session
checkpoint_session:
uid: 7a13a360-9b24-40d7-acd3-5b50247be33e
state: published
- name: Discard session
checkpoint_session:
uid: 7a13a360-9b24-40d7-acd3-5b50247be33e
state: discarded
"""
RETURN = """
checkpoint_session:
description: The checkpoint session output per return from API. It will differ depending on action.
returned: always.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
def get_session(module, connection):
payload = {'uid': module.params['uid']}
code, result = connection.send_request('/web_api/show-session', payload)
return code, result
def main():
argument_spec = dict(
uid=dict(type='str', default=None),
state=dict(type='str', default='published', choices=['published', 'discarded'])
)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_session(module, connection)
result = {'changed': False}
if code == 200:
result['changed'] = True
payload = None
if module.params['uid']:
payload = {'uid': module.params['uid']}
if module.params['state'] == 'published':
code, response = connection.send_request('/web_api/publish', payload)
else:
code, response = connection.send_request('/web_api/discard', payload)
if code != 200:
module.fail_json(msg=response)
result['checkpoint_session'] = response
else:
module.fail_json(msg='Check Point device returned error {0} with message {1}'.format(code, response))
module.exit_json(**result)
if __name__ == '__main__':
main()

91
plugins/modules/network/check_point/checkpoint_task_facts.py Normal file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'network'}
DOCUMENTATION = '''
---
module: checkpoint_task_facts
short_description: Get task objects facts on Check Point over Web Services API
description:
- Get task objects facts on Check Point devices.
All operations are performed over Web Services API.
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
task_id:
description:
- ID of the task object.
type: str
required: True
'''
EXAMPLES = """
- name: Get task facts
checkpoint_task_facts:
task_id: 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb
"""
RETURN = """
ansible_facts:
description: The checkpoint task facts.
returned: always.
type: list
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.connection import Connection
def get_task(module, connection):
task_id = module.params['task_id']
if task_id:
payload = {'task-id': task_id,
'details-level': 'full'}
code, response = connection.send_request('/web_api/show-task', payload)
else:
code, response = connection.send_request('/web_api/show-tasks', None)
return code, response
def main():
argument_spec = dict(
task_id=dict(type='str'),
)
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_task(module, connection)
if code == 200:
module.exit_json(ansible_facts=dict(checkpoint_tasks=response))
else:
module.fail_json(msg='Checkpoint device returned error {0} with message {1}'.format(code, response))
if __name__ == '__main__':
main()

Some files were not shown because too many files have changed in this diff Show More