summaryrefslogtreecommitdiffstats
path: root/ansible_collections/mellanox/onyx/plugins
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:04:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:04:41 +0000
commit975f66f2eebe9dadba04f275774d4ab83f74cf25 (patch)
tree89bd26a93aaae6a25749145b7e4bca4a1e75b2be /ansible_collections/mellanox/onyx/plugins
parentInitial commit. (diff)
downloadansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.tar.xz
ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.zip
Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/mellanox/onyx/plugins')
-rw-r--r--ansible_collections/mellanox/onyx/plugins/action/__init__.py0
-rw-r--r--ansible_collections/mellanox/onyx/plugins/action/onyx_config.py31
-rw-r--r--ansible_collections/mellanox/onyx/plugins/cliconf/__init__.py0
-rw-r--r--ansible_collections/mellanox/onyx/plugins/cliconf/onyx.py78
-rw-r--r--ansible_collections/mellanox/onyx/plugins/doc_fragments/__init__.py0
-rw-r--r--ansible_collections/mellanox/onyx/plugins/doc_fragments/onyx.py75
-rw-r--r--ansible_collections/mellanox/onyx/plugins/module_utils/__init__.py0
-rw-r--r--ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/__init__.py0
-rw-r--r--ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/onyx.py264
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/__init__.py0
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_aaa.py157
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_bfd.py241
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_bgp.py446
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_buffer_pool.py140
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_command.py210
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_config.py248
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_facts.py241
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp.py220
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_interface.py131
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_vlan.py431
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_interface.py497
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_l2_interface.py294
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_l3_interface.py297
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_linkagg.py349
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp.py112
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp_interface.py224
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_magp.py231
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_ipl.py205
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_vip.py180
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp.py239
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp_servers_peers.py282
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_ospf.py233
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_pfc_interface.py208
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_protocol.py191
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_global.py202
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_interface.py224
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_qos.py231
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp.py423
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_hosts.py421
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_users.py274
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_files.py248
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_remote.py346
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_traffic_class.py321
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_username.py286
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_vlan.py200
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_vxlan.py260
-rw-r--r--ansible_collections/mellanox/onyx/plugins/modules/onyx_wjh.py219
-rw-r--r--ansible_collections/mellanox/onyx/plugins/terminal/__init__.py0
-rw-r--r--ansible_collections/mellanox/onyx/plugins/terminal/onyx.py80
49 files changed, 10190 insertions, 0 deletions
diff --git a/ansible_collections/mellanox/onyx/plugins/action/__init__.py b/ansible_collections/mellanox/onyx/plugins/action/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/action/__init__.py
diff --git a/ansible_collections/mellanox/onyx/plugins/action/onyx_config.py b/ansible_collections/mellanox/onyx/plugins/action/onyx_config.py
new file mode 100644
index 000000000..4de62452d
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/action/onyx_config.py
@@ -0,0 +1,31 @@
+#
+# (c) 2017, Red Hat, Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible.plugins.action.network import ActionModule as ActionNetworkModule
+
+
+class ActionModule(ActionNetworkModule):
+
+ def run(self, tmp=None, task_vars=None):
+ del tmp # tmp no longer has any effect
+
+ self._config_module = True
+ return super(ActionModule, self).run(task_vars=task_vars)
diff --git a/ansible_collections/mellanox/onyx/plugins/cliconf/__init__.py b/ansible_collections/mellanox/onyx/plugins/cliconf/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/cliconf/__init__.py
diff --git a/ansible_collections/mellanox/onyx/plugins/cliconf/onyx.py b/ansible_collections/mellanox/onyx/plugins/cliconf/onyx.py
new file mode 100644
index 000000000..b5a66b14a
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/cliconf/onyx.py
@@ -0,0 +1,78 @@
+#
+# (c) 2017 Red Hat Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = """
+---
+cliconf: onyx
+short_description: Use onyx cliconf to run command on Mellanox ONYX platform
+description:
+ - This onyx plugin provides low level abstraction apis for
+ sending and receiving CLI commands from Mellanox ONYX network devices.
+version_added: "2.5"
+"""
+
+import json
+
+from itertools import chain
+
+from ansible.module_utils._text import to_text
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import to_list
+from ansible.plugins.cliconf import CliconfBase, enable_mode
+
+
+class Cliconf(CliconfBase):
+
+ def get_device_info(self):
+ device_info = {}
+
+ reply = self.get('show version | json-print')
+ data = json.loads(reply)
+ device_info['network_os'] = data['Product name']
+ device_info['network_os_version'] = data['Product release']
+ device_info['network_os_version_summary'] = data['Version summary']
+ device_info['network_os_model'] = data['Product model']
+
+ reply = self.get('show hosts | include Hostname')
+ data = to_text(reply, errors='surrogate_or_strict').strip()
+ hostname = data.split(':')[1]
+ hostname = hostname.strip()
+ device_info['network_os_hostname'] = hostname
+
+ return device_info
+
+ @enable_mode
+ def get_config(self, source='running', format='text', flags=None):
+ if source not in ('running',):
+ return self.invalid_params("fetching configuration from %s is not supported" % source)
+ cmd = 'show running-config'
+ return self.send_command(cmd)
+
+ @enable_mode
+ def edit_config(self, command):
+ for cmd in chain(['configure terminal'], to_list(command), ['exit']):
+ self.send_command(cmd)
+
+ def get(self, command, prompt=None, answer=None, sendonly=False, newline=True, check_all=False):
+ return self.send_command(command=command, prompt=prompt, answer=answer, sendonly=sendonly, newline=newline, check_all=check_all)
+
+ def get_capabilities(self):
+ result = super(Cliconf, self).get_capabilities()
+ return json.dumps(result)
diff --git a/ansible_collections/mellanox/onyx/plugins/doc_fragments/__init__.py b/ansible_collections/mellanox/onyx/plugins/doc_fragments/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/doc_fragments/__init__.py
diff --git a/ansible_collections/mellanox/onyx/plugins/doc_fragments/onyx.py b/ansible_collections/mellanox/onyx/plugins/doc_fragments/onyx.py
new file mode 100644
index 000000000..9cf51f92a
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/doc_fragments/onyx.py
@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+ # Standard files documentation fragment
+ DOCUMENTATION = r'''
+options:
+ provider:
+ description:
+ - A dict object containing connection details.
+ type: dict
+ suboptions:
+ host:
+ description:
+ - Specifies the DNS host name or address for connecting to the remote
+ device over the specified transport. The value of host is used as
+ the destination address for the transport.
+ type: str
+ required: true
+ port:
+ description:
+ - Specifies the port to use when building the connection to the remote device.
+ type: int
+ default: 22
+ username:
+ description:
+ - Configures the username to use to authenticate the connection to
+ the remote device. This value is used to authenticate
+ the SSH session. If the value is not specified in the task, the
+ value of environment variable C(ANSIBLE_NET_USERNAME) will be used instead.
+ type: str
+ password:
+ description:
+ - Specifies the password to use to authenticate the connection to
+ the remote device. This value is used to authenticate
+ the SSH session. If the value is not specified in the task, the
+ value of environment variable C(ANSIBLE_NET_PASSWORD) will be used instead.
+ type: str
+ timeout:
+ description:
+ - Specifies the timeout in seconds for communicating with the network device
+ for either connecting or sending commands. If the timeout is
+ exceeded before the operation is completed, the module will error.
+ type: int
+ default: 10
+ ssh_keyfile:
+ description:
+ - Specifies the SSH key to use to authenticate the connection to
+ the remote device. This value is the path to the
+ key used to authenticate the SSH session. If the value is not specified
+ in the task, the value of environment variable C(ANSIBLE_NET_SSH_KEYFILE)
+ will be used instead.
+ type: path
+ authorize:
+ description:
+ - Instructs the module to enter privileged mode on the remote device
+ before sending any commands. If not specified, the device will
+ attempt to execute all commands in non-privileged mode. If the value
+ is not specified in the task, the value of environment variable
+ C(ANSIBLE_NET_AUTHORIZE) will be used instead.
+ type: bool
+ default: no
+ auth_pass:
+ description:
+ - Specifies the password to use if required to enter privileged mode
+ on the remote device. If I(authorize) is false, then this argument
+ does nothing. If the value is not specified in the task, the value of
+ environment variable C(ANSIBLE_NET_AUTH_PASS) will be used instead.
+ type: str
+'''
diff --git a/ansible_collections/mellanox/onyx/plugins/module_utils/__init__.py b/ansible_collections/mellanox/onyx/plugins/module_utils/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/module_utils/__init__.py
diff --git a/ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/__init__.py b/ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/__init__.py
diff --git a/ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/onyx.py b/ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/onyx.py
new file mode 100644
index 000000000..41dc3366d
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/module_utils/network/onyx/onyx.py
@@ -0,0 +1,264 @@
+# -*- coding: utf-8 -*-
+#
+# (c) 2017, Ansible by Red Hat, inc
+#
+# This file is part of Ansible by Red Hat
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import json
+
+from ansible.module_utils._text import to_text
+from ansible.module_utils.connection import Connection, ConnectionError
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import to_list, EntityCollection
+
+_DEVICE_CONFIGS = {}
+_CONNECTION = None
+
+_COMMAND_SPEC = {
+ 'command': dict(key=True),
+ 'prompt': dict(),
+ 'answer': dict()
+}
+
+
+def get_connection(module):
+ global _CONNECTION
+ if _CONNECTION:
+ return _CONNECTION
+ _CONNECTION = Connection(module._socket_path)
+ return _CONNECTION
+
+
+def to_commands(module, commands):
+ if not isinstance(commands, list):
+ raise AssertionError('argument must be of type <list>')
+
+ transform = EntityCollection(module, _COMMAND_SPEC)
+ commands = transform(commands)
+ return commands
+
+
+def run_commands(module, commands, check_rc=True):
+ connection = get_connection(module)
+
+ commands = to_commands(module, to_list(commands))
+
+ responses = list()
+
+ for cmd in commands:
+ out = connection.get(**cmd)
+ responses.append(to_text(out, errors='surrogate_then_replace'))
+
+ return responses
+
+
+def get_config(module, source='running'):
+ conn = get_connection(module)
+ out = conn.get_config(source)
+ cfg = to_text(out, errors='surrogate_then_replace').strip()
+ return cfg
+
+
+def load_config(module, config):
+ try:
+ conn = get_connection(module)
+ conn.edit_config(config)
+ except ConnectionError as exc:
+ module.fail_json(msg=to_text(exc))
+
+
+def _parse_json_output(out):
+ out_list = out.split('\n')
+ first_index = 0
+ opening_char = None
+ lines_count = len(out_list)
+ while first_index < lines_count:
+ first_line = out_list[first_index].strip()
+ if not first_line or first_line[0] not in ("[", "{"):
+ first_index += 1
+ continue
+ opening_char = first_line[0]
+ break
+ if not opening_char:
+ return "null"
+ closing_char = ']' if opening_char == '[' else '}'
+ last_index = lines_count - 1
+ found = False
+ while last_index > first_index:
+ last_line = out_list[last_index].strip()
+ if not last_line or last_line[0] != closing_char:
+ last_index -= 1
+ continue
+ found = True
+ break
+ if not found:
+ return opening_char + closing_char
+ return "".join(out_list[first_index:last_index + 1])
+
+
+def show_cmd(module, cmd, json_fmt=True, fail_on_error=True):
+ if json_fmt:
+ cmd += " | json-print"
+ conn = get_connection(module)
+ command_obj = to_commands(module, to_list(cmd))[0]
+ try:
+ out = conn.get(**command_obj)
+ except ConnectionError:
+ if fail_on_error:
+ raise
+ return None
+ if json_fmt:
+ out = _parse_json_output(out)
+ try:
+ cfg = json.loads(out)
+ except ValueError:
+ module.fail_json(
+ msg="got invalid json",
+ stderr=to_text(out, errors='surrogate_then_replace'))
+ else:
+ cfg = to_text(out, errors='surrogate_then_replace').strip()
+ return cfg
+
+
+def get_interfaces_config(module, interface_type, flags=None, json_fmt=True):
+ cmd = "show interfaces %s" % interface_type
+ if flags:
+ cmd += " %s" % flags
+ return show_cmd(module, cmd, json_fmt)
+
+
+def get_bgp_summary(module):
+ cmd = "show running-config protocol bgp"
+ return show_cmd(module, cmd, json_fmt=False, fail_on_error=False)
+
+
+def get_capabilities(module):
+ """Returns platform info of the remove device
+ """
+ if hasattr(module, '_capabilities'):
+ return module._capabilities
+
+ connection = get_connection(module)
+ try:
+ capabilities = connection.get_capabilities()
+ except ConnectionError as exc:
+ module.fail_json(msg=to_text(exc, errors='surrogate_then_replace'))
+
+ module._capabilities = json.loads(capabilities)
+ return module._capabilities
+
+
+class BaseOnyxModule(object):
+ ONYX_API_VERSION = "3.6.6000"
+
+ def __init__(self):
+ self._module = None
+ self._commands = list()
+ self._current_config = None
+ self._required_config = None
+ self._os_version = None
+
+ def init_module(self):
+ pass
+
+ def load_current_config(self):
+ pass
+
+ def get_required_config(self):
+ pass
+
+ def _get_os_version(self):
+ capabilities = get_capabilities(self._module)
+ device_info = capabilities['device_info']
+ return device_info['network_os_version']
+
+ # pylint: disable=unused-argument
+ def check_declarative_intent_params(self, result):
+ return None
+
+ def _validate_key(self, param, key):
+ validator = getattr(self, 'validate_%s' % key)
+ if callable(validator):
+ validator(param.get(key))
+
+ def validate_param_values(self, obj, param=None):
+ if param is None:
+ param = self._module.params
+ for key in obj:
+ # validate the param value (if validator func exists)
+ try:
+ self._validate_key(param, key)
+ except AttributeError:
+ pass
+
+ @classmethod
+ def get_config_attr(cls, item, arg):
+ return item.get(arg)
+
+ @classmethod
+ def get_mtu(cls, item):
+ mtu = cls.get_config_attr(item, "MTU")
+ mtu_parts = mtu.split()
+ try:
+ return int(mtu_parts[0])
+ except ValueError:
+ return None
+
+ def _validate_range(self, attr_name, min_val, max_val, value):
+ if value is None:
+ return True
+ if not min_val <= int(value) <= max_val:
+ msg = '%s must be between %s and %s' % (
+ attr_name, min_val, max_val)
+ self._module.fail_json(msg=msg)
+
+ def validate_mtu(self, value):
+ self._validate_range('mtu', 1500, 9612, value)
+
+ def generate_commands(self):
+ pass
+
+ def run(self):
+ self.init_module()
+
+ result = {'changed': False}
+
+ self.get_required_config()
+ self.load_current_config()
+
+ self.generate_commands()
+ result['commands'] = self._commands
+
+ if self._commands:
+ if not self._module.check_mode:
+ load_config(self._module, self._commands)
+ result['changed'] = True
+
+ failed_conditions = self.check_declarative_intent_params(result)
+
+ if failed_conditions:
+ msg = 'One or more conditional statements have not been satisfied'
+ self._module.fail_json(msg=msg,
+ failed_conditions=failed_conditions)
+
+ self._module.exit_json(**result)
+
+ @classmethod
+ def main(cls):
+ app = cls()
+ app.run()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/__init__.py b/ansible_collections/mellanox/onyx/plugins/modules/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/__init__.py
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_aaa.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_aaa.py
new file mode 100644
index 000000000..e1f1b37c3
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_aaa.py
@@ -0,0 +1,157 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_aaa
+version_added: '0.2.0'
+author: "Sara Touqan (@sarato)"
+short_description: Configures AAA parameters
+description:
+ - This module provides declarative management of AAA protocol params
+ on Mellanox ONYX network devices.
+options:
+ tacacs_accounting_enabled:
+ description:
+ - Configures accounting settings.
+ type: bool
+ auth_default_user:
+ description:
+ - Sets local user default mapping.
+ type: str
+ choices: ['admin', 'monitor']
+ auth_order:
+ description:
+ - Sets the order on how to handle remote to local user mappings.
+ type: str
+ choices: ['local-only', 'remote-first', 'remote-only']
+ auth_fallback_enabled:
+ description:
+ - Enables/Disables fallback server-err option.
+ type: bool
+'''
+
+EXAMPLES = """
+- name: Configures aaa
+ onyx_aaa:
+ tacacs_accounting_enabled: yes
+ auth_default_user: monitor
+ auth_order: local-only
+ auth_fallback_enabled: false
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - aaa accounting changes default stop-only tacacs+
+ - no aaa accounting changes default stop-only tacacs+
+ - aaa authorization map default-user <user>
+ - aaa authorization map order <order>
+ - aaa authorization map fallback server-err
+ - no aaa authorization map fallback server-err
+"""
+
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxAAAModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ tacacs_accounting_enabled=dict(type='bool'),
+ auth_default_user=dict(type='str', choices=['admin', 'monitor']),
+ auth_order=dict(type='str', choices=['local-only', 'remote-first', 'remote-only']),
+ auth_fallback_enabled=dict(type='bool')
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _set_aaa_config(self, all_aaa_config):
+ aaa_config = all_aaa_config[0]
+ self._current_config['auth_default_user'] = aaa_config.get("Default User")
+ self._current_config['auth_order'] = aaa_config.get("Map Order")
+ auth_fallback_enabled = aaa_config.get("Fallback on server-err")
+ if auth_fallback_enabled == "yes":
+ self._current_config['auth_fallback_enabled'] = True
+ else:
+ self._current_config['auth_fallback_enabled'] = False
+ aaa_config_2 = all_aaa_config[2]
+ accounting_message = aaa_config_2.get("message")
+ if accounting_message == "No accounting methods configured.":
+ self._current_config['tacacs_accounting_enabled'] = False
+ else:
+ self._current_config['tacacs_accounting_enabled'] = True
+
+ def _show_aaa_config(self):
+ cmd = "show aaa"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ aaa_config = self._show_aaa_config()
+ if aaa_config:
+ self._set_aaa_config(aaa_config)
+
+ def generate_commands(self):
+ tacacs_accounting_enabled = self._required_config.get("tacacs_accounting_enabled")
+ if tacacs_accounting_enabled is not None:
+ current_accounting_enabled = self._current_config.get("tacacs_accounting_enabled")
+ if current_accounting_enabled != tacacs_accounting_enabled:
+ if tacacs_accounting_enabled is True:
+ self._commands.append('aaa accounting changes default stop-only tacacs+')
+ else:
+ self._commands.append('no aaa accounting changes default stop-only tacacs+')
+
+ auth_default_user = self._required_config.get("auth_default_user")
+ if auth_default_user is not None:
+ current_user = self._current_config.get("auth_default_user")
+ if current_user != auth_default_user:
+ self._commands.append('aaa authorization map default-user {0}' .format(auth_default_user))
+
+ auth_order = self._required_config.get("auth_order")
+ if auth_order is not None:
+ current_order = self._current_config.get("auth_order")
+ if current_order != auth_order:
+ self._commands.append('aaa authorization map order {0}' .format(auth_order))
+
+ auth_fallback_enabled = self._required_config.get("auth_fallback_enabled")
+ if auth_fallback_enabled is not None:
+ current_fallback = self._current_config.get("auth_fallback_enabled")
+ if current_fallback != auth_fallback_enabled:
+ if auth_fallback_enabled is True:
+ self._commands.append('aaa authorization map fallback server-err')
+ else:
+ self._commands.append('no aaa authorization map fallback server-err')
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxAAAModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_bfd.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_bfd.py
new file mode 100644
index 000000000..2d5e56a4d
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_bfd.py
@@ -0,0 +1,241 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_bfd
+version_added: '0.2.0'
+author: "Sara Touqan (@sarato)"
+short_description: Configures BFD parameters
+description:
+ - This module provides declarative management of BFD protocol params
+ on Mellanox ONYX network devices.
+options:
+ shutdown:
+ description:
+ - Administratively shut down BFD protection.
+ type: bool
+ vrf:
+ description:
+ - Specifys the vrf name.
+ type: str
+ interval_min_rx:
+ description:
+ - Minimum desired receive rate, should be between 50 and 6000.
+ type: int
+ interval_multiplier:
+ description:
+ - Desired detection multiplier, should be between 3 and 50.
+ type: int
+ interval_transmit_rate:
+ description:
+ - Minimum desired transmit rate, should be between 50 and 60000.
+ type: int
+ iproute_network_prefix:
+ description:
+ - Configures the ip route network prefix, e.g 1.1.1.1.
+ type: str
+ iproute_mask_length:
+ description:
+ - Configures the mask length of the ip route network prefix, e.g 24.
+ type: int
+ iproute_next_hop:
+ description:
+ - Configures the ip route next hop, e.g 2.2.2.2.
+ type: str
+'''
+
+EXAMPLES = """
+- name: Configures bfd
+ onyx_bfd:
+ shutdown: yes
+ vrf: 5
+ interval_min_rx: 55
+ interval_multiplier: 8
+ interval_transmit_rate: 88
+ iproute_network_prefix: 1.1.1.0
+ iproute_mask_length: 24
+ iproute_next_hop: 3.2.2.2
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - ip bfd shutdown
+ - no ip bfd shutdown
+ - ip bfd shutdown vrf <vrf_name>
+ - no ip bfd shutdown vrf <vrf_name>
+ - ip bfd vrf <vrf_name> interval min-rx <min_rx> multiplier <multiplier> transmit-rate <transmit_rate> force
+ - ip bfd interval min-rx <min_rx> multiplier <multiplier> transmit-rate <transmit_rate> force
+ - ip route vrf <vrf_name> <network_prefix>/<mask_length> <next_hop> bfd
+ - ip route <network_prefix>/<mask_length> <next_hop> bfd
+"""
+
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxBFDModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ shutdown=dict(type='bool'),
+ vrf=dict(type='str'),
+ interval_min_rx=dict(type='int'),
+ interval_multiplier=dict(type='int'),
+ interval_transmit_rate=dict(type='int'),
+ iproute_network_prefix=dict(type='str'),
+ iproute_mask_length=dict(type='int'),
+ iproute_next_hop=dict(type='str'),
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ required_together=[
+ ['interval_min_rx', 'interval_multiplier', 'interval_transmit_rate'],
+ ['iproute_network_prefix', 'iproute_mask_length', 'iproute_next_hop']])
+
+ def validate_bfd_interval_values(self):
+ interval_min_rx = self._required_config.get('interval_min_rx')
+ if interval_min_rx:
+ if ((interval_min_rx < 50) or (interval_min_rx > 6000)):
+ self._module.fail_json(msg='Receive interval should be between 50 and 6000.')
+ interval_multiplier = self._required_config.get('interval_multiplier')
+ if interval_multiplier:
+ if ((interval_multiplier < 3) or (interval_multiplier > 50)):
+ self._module.fail_json(msg='Multiplier should be between 3 and 50.')
+ interval_transmit_rate = self._required_config.get('interval_transmit_rate')
+ if interval_transmit_rate:
+ if ((interval_transmit_rate < 50) or (interval_transmit_rate > 60000)):
+ self._module.fail_json(msg='Transmit interval should be between 50 and 60000.')
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+ self.validate_bfd_interval_values()
+
+ def _set_bfd_config(self, bfd_config):
+ curr_config_arr = []
+ bfd_config = bfd_config.get('Lines')
+ if bfd_config is None:
+ return
+ for runn_config in bfd_config:
+ curr_config_arr.append(runn_config.strip())
+ if 'ip bfd shutdown vrf default' in curr_config_arr:
+ self._current_config['bfd_shutdown'] = True
+ else:
+ self._current_config['bfd_shutdown'] = False
+ self._current_config['curr_config_arr'] = curr_config_arr
+
+ def _show_bfd_config(self):
+ cmd = "show running-config | include bfd"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ bfd_config = self._show_bfd_config()
+ if bfd_config:
+ self._set_bfd_config(bfd_config)
+
+ def generate_shutdown_commands(self, curr_config_arr):
+ shutdown_enabled = self._required_config.get('shutdown')
+ vrf_name = self._required_config.get('vrf')
+ current_shutdown = self._current_config.get("bfd_shutdown")
+ if shutdown_enabled is not None:
+ if vrf_name is not None:
+ if curr_config_arr is not None:
+ if ('ip bfd shutdown vrf {0}' .format(vrf_name)) not in curr_config_arr:
+ if shutdown_enabled is True:
+ self._commands.append('ip bfd shutdown vrf {0}' .format(vrf_name))
+ else:
+ if shutdown_enabled is False:
+ self._commands.append('no ip bfd shutdown vrf {0}' .format(vrf_name))
+ else:
+ if ((current_shutdown is not None and (current_shutdown != shutdown_enabled)) or (current_shutdown is None)):
+ if shutdown_enabled is True:
+ self._commands.append('ip bfd shutdown')
+ else:
+ self._commands.append('no ip bfd shutdown')
+
+ def generate_interval_commands(self, curr_config_arr):
+ interval_min_rx = self._required_config.get('interval_min_rx')
+ interval_multiplier = self._required_config.get('interval_multiplier')
+ interval_transmit_rate = self._required_config.get('interval_transmit_rate')
+ vrf_name = self._required_config.get('vrf')
+ if ((interval_min_rx is not None) and (interval_multiplier is not None) and (interval_transmit_rate is not None)):
+ if vrf_name is not None:
+ if curr_config_arr is not None:
+ if ((('ip bfd vrf {0} interval transmit-rate {1} force' .format(vrf_name, interval_transmit_rate)) not in curr_config_arr) or
+ (('ip bfd vrf {0} interval min-rx {1} force' .format(vrf_name, interval_min_rx)) not in curr_config_arr) or
+ (('ip bfd vrf {0} interval multiplier {1} force' .format(vrf_name, interval_multiplier)) not in curr_config_arr)):
+ self._commands.append('ip bfd vrf {0} interval min-rx {1} multiplier {2} transmit-rate {3} force'
+ .format(vrf_name, interval_min_rx, interval_multiplier, interval_transmit_rate))
+ else:
+ self._commands.append('ip bfd vrf {0} interval min-rx {1} multiplier {2} transmit-rate {3} force'
+ .format(vrf_name, interval_min_rx, interval_multiplier, interval_transmit_rate))
+ else:
+ if curr_config_arr is not None:
+ if ((('ip bfd vrf default interval transmit-rate {0} force' .format(interval_transmit_rate)) not in curr_config_arr) or
+ (('ip bfd vrf default interval min-rx {0} force' .format(interval_min_rx)) not in curr_config_arr) or
+ (('ip bfd vrf default interval multiplier {0} force' .format(interval_multiplier)) not in curr_config_arr)):
+ self._commands.append('ip bfd interval min-rx {0} multiplier {1} transmit-rate {2} force'
+ .format(interval_min_rx, interval_multiplier, interval_transmit_rate))
+ else:
+ self._commands.append('ip bfd interval min-rx {0} multiplier {1} transmit-rate {2} force'
+ .format(interval_min_rx, interval_multiplier, interval_transmit_rate))
+
+ def generate_iproute_commands(self, curr_config_arr):
+ iproute_network_prefix = self._required_config.get('iproute_network_prefix')
+ iproute_mask_length = self._required_config.get('iproute_mask_length')
+ iproute_next_hop = self._required_config.get('iproute_next_hop')
+ vrf_name = self._required_config.get('vrf')
+ if ((iproute_network_prefix is not None) and (iproute_mask_length is not None) and
+ (iproute_next_hop is not None)):
+ if vrf_name is not None:
+ if curr_config_arr is not None:
+ if ('ip route vrf {0} {1}/{2} {3} bfd' .format(vrf_name, iproute_network_prefix,
+ iproute_mask_length, iproute_next_hop)) not in curr_config_arr:
+ self._commands.append('ip route vrf {0} {1} /{2} {3} bfd'
+ .format(vrf_name, iproute_network_prefix, iproute_mask_length, iproute_next_hop))
+ else:
+ self._commands.append('ip route vrf {0} {1} /{2} {3} bfd' .format(vrf_name, iproute_network_prefix, iproute_mask_length, iproute_next_hop))
+ else:
+ if curr_config_arr is not None:
+ if ('ip route vrf default {0}/{1} {2} bfd' .format(iproute_network_prefix,
+ iproute_mask_length, iproute_next_hop)) not in curr_config_arr:
+ self._commands.append('ip route {0} /{1} {2} bfd' .format(iproute_network_prefix, iproute_mask_length, iproute_next_hop))
+ else:
+ self._commands.append('ip route {0} /{1} {2} bfd' .format(iproute_network_prefix, iproute_mask_length, iproute_next_hop))
+
+ def generate_commands(self):
+ curr_config_arr = self._current_config.get("curr_config_arr")
+ self.generate_shutdown_commands(curr_config_arr)
+ self.generate_interval_commands(curr_config_arr)
+ self.generate_iproute_commands(curr_config_arr)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxBFDModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_bgp.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_bgp.py
new file mode 100644
index 000000000..0025ed0b8
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_bgp.py
@@ -0,0 +1,446 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_bgp
+author: "Samer Deeb (@samerd), Anas Badaha (@anasb)"
+short_description: Configures BGP on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of BGP router and neighbors
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ as_number:
+ description:
+ - Local AS number.
+ required: true
+ router_id:
+ description:
+ - Router IP address.
+ neighbors:
+ description:
+ - List of neighbors. Required if I(state=present).
+ suboptions:
+ remote_as:
+ description:
+ - Remote AS number.
+ required: true
+ neighbor:
+ description:
+ - Neighbor IP address.
+ required: true
+ multihop:
+ description:
+ - multihop number.
+ networks:
+ description:
+ - List of advertised networks.
+ fast_external_fallover:
+ description:
+ - will configure fast_external_fallover when it is True.
+ type: bool
+ max_paths:
+ description:
+ - Maximum bgp paths.
+ ecmp_bestpath:
+ description:
+ - Enables ECMP across AS paths.
+ type: bool
+ evpn:
+ description:
+ - Configure evpn peer-group.
+ type: bool
+ vrf:
+ description:
+ - vrf name.
+ state:
+ description:
+ - BGP state.
+ default: present
+ choices: ['present', 'absent']
+ purge:
+ description:
+ - will remove all neighbors when it is True.
+ type: bool
+ default: false
+'''
+
+EXAMPLES = """
+- name: Configure bgp
+ onyx_bgp:
+ as_number: 320
+ router_id: 10.3.3.3
+ neighbors:
+ - remote_as: 321
+ neighbor: 10.3.3.4
+ - remote_as: 322
+ neighbor: 10.3.3.5
+ multihop: 250
+ purge: True
+ state: present
+ networks:
+ - 172.16.1.0/24
+ vrf: default
+ evpn: yes
+ fast_external_fallover: yes
+ max_paths: 32
+ ecmp_bestpath: yes
+
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - router bgp 320 vrf default
+ - exit
+ - router bgp 320 router-id 10.3.3.3 force
+ - router bgp 320 vrf default bgp fast-external-fallover
+ - router bgp 320 vrf default maximum-paths 32
+ - router bgp 320 vrf default bestpath as-path multipath-relax force
+ - router bgp 320 vrf default neighbor evpn peer-group
+ - router bgp 320 vrf default neighbor evpn send-community extended
+ - router bgp 320 vrf default address-family l2vpn-evpn neighbor evpn next-hop-unchanged
+ - router bgp 320 vrf default address-family l2vpn-evpn neighbor evpn activate
+ - router bgp 320 vrf default address-family l2vpn-evpn auto-create
+ - router bgp 320 vrf default neighbor 10.3.3.4 remote-as 321
+ - router bgp 320 vrf default neighbor 10.3.3.4 ebgp-multihop 250
+ - router bgp 320 vrf default neighbor 10.3.3.5 remote-as 322
+ - router bgp 320 vrf default network 172.16.1.0 /24
+"""
+import re
+from ansible.module_utils.six import iteritems
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import get_bgp_summary
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxBgpModule(BaseOnyxModule):
+ LOCAL_AS_REGEX = re.compile(r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+).*')
+ ROUTER_ID_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+).*router-id\s+(\S+)\s+.*')
+ NEIGHBOR_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+).*neighbor\s+(\S+)\s+remote\-as\s+(\d+).*')
+ NEIGHBOR_MULTIHOP_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+).*neighbor\s+(\S+)\s+ebgp\-multihop\s+(\d+).*')
+ NETWORK_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+).*network\s+(\S+)\s+(\S+).*')
+ FAST_EXTERNAL_FALLOVER_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+bgp fast\-external\-fallover.*')
+ MAX_PATHS_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+maximum\-paths\s+(\d+).*')
+ ECMP_BESTPATH_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+bestpath as\-path multipath\-relax.*')
+ NEIGHBOR_EVPN_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+neighbor\s+(\S+)\s+peer\-group evpn.*')
+ EVPN_PEER_GROUP_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+neighbor evpn peer\-group.*')
+ EVPN_SEND_COMMUNITY_EXTENDED_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+neighbor evpn send-community extended.*')
+ EVPN_NEXT_HOP_UNCHANGED_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+address\-family l2vpn\-evpn neighbor evpn next\-hop-unchanged.*')
+ EVPN_ACTIVATE_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+address-family l2vpn\-evpn neighbor evpn activate.*')
+ EVPN_AUTO_CREATE_REGEX = re.compile(
+ r'^\s.*router bgp\s+(\d+)\s+vrf\s+(\S+)\s+address-family l2vpn\-evpn auto-create.*')
+
+ _purge = False
+
+ EVPN_PEER_GROUP_ATTR = "evpn_peer_group"
+ EVPN_SEND_COMMUNITY_EXTENDED_ATTR = "evpn_send_community_extended"
+ EVPN_NEXT_HOP_UNCHANGED_ATTR = "evpn_next_hop_unchanged"
+ EVPN_ACTIVATE_ATTR = "evpn_activate"
+ EVPN_AUTO_CREATE_ATTR = "evpn_auto_create"
+
+ EVPN_PEER_GROUP_CMD = "router bgp %s vrf %s neighbor evpn peer-group"
+ EVPN_SEND_COMMUNITY_EXTENDED_CMD = "router bgp %s vrf %s neighbor evpn send-community extended"
+ EVPN_NEXT_HOP_UNCHANGED_CMD = "router bgp %s vrf %s address-family l2vpn-evpn neighbor evpn next-hop-unchanged"
+ EVPN_ACTIVATE_CMD = "router bgp %s vrf %s address-family l2vpn-evpn neighbor evpn activate"
+ EVPN_AUTO_CREATE_CMD = "router bgp %s vrf %s address-family l2vpn-evpn auto-create"
+
+ EVPN_ENABLE_ATTRS = [EVPN_PEER_GROUP_ATTR, EVPN_SEND_COMMUNITY_EXTENDED_ATTR,
+ EVPN_NEXT_HOP_UNCHANGED_ATTR, EVPN_ACTIVATE_ATTR, EVPN_AUTO_CREATE_ATTR]
+
+ EVPN_DISABLE_ATTRS = [EVPN_PEER_GROUP_ATTR, EVPN_AUTO_CREATE_ATTR]
+
+ EVPN_COMMANDS_REGEX_MAPPER = {
+ EVPN_PEER_GROUP_ATTR: (EVPN_PEER_GROUP_REGEX, EVPN_PEER_GROUP_CMD),
+ EVPN_SEND_COMMUNITY_EXTENDED_ATTR: (EVPN_SEND_COMMUNITY_EXTENDED_REGEX,
+ EVPN_SEND_COMMUNITY_EXTENDED_CMD),
+ EVPN_NEXT_HOP_UNCHANGED_ATTR: (EVPN_NEXT_HOP_UNCHANGED_REGEX,
+ EVPN_NEXT_HOP_UNCHANGED_CMD),
+ EVPN_ACTIVATE_ATTR: (EVPN_ACTIVATE_REGEX, EVPN_ACTIVATE_CMD),
+ EVPN_AUTO_CREATE_ATTR: (EVPN_AUTO_CREATE_REGEX, EVPN_AUTO_CREATE_CMD)
+ }
+
+ def init_module(self):
+ """ initialize module
+ """
+ neighbor_spec = dict(
+ remote_as=dict(type='int', required=True),
+ neighbor=dict(required=True),
+ multihop=dict(type='int')
+ )
+ element_spec = dict(
+ as_number=dict(type='int', required=True),
+ router_id=dict(),
+ neighbors=dict(type='list', elements='dict',
+ options=neighbor_spec),
+ networks=dict(type='list', elements='str'),
+ state=dict(choices=['present', 'absent'], default='present'),
+ purge=dict(default=False, type='bool'),
+ vrf=dict(),
+ fast_external_fallover=dict(type='bool'),
+ max_paths=dict(type='int'),
+ ecmp_bestpath=dict(type='bool'),
+ evpn=dict(type='bool')
+ )
+ argument_spec = dict()
+
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self._purge = self._required_config.get('purge', False)
+ self.validate_param_values(self._required_config)
+
+ def _set_bgp_config(self, bgp_config):
+ lines = bgp_config.split('\n')
+ self._current_config['router_id'] = None
+ self._current_config['as_number'] = None
+ self._current_config['fast_external_fallover'] = False
+ self._current_config['ecmp_bestpath'] = False
+ self._current_config[self.EVPN_PEER_GROUP_ATTR] = False
+ self._current_config[self.EVPN_SEND_COMMUNITY_EXTENDED_ATTR] = False
+ self._current_config[self.EVPN_NEXT_HOP_UNCHANGED_ATTR] = False
+ self._current_config[self.EVPN_AUTO_CREATE_ATTR] = False
+ self._current_config[self.EVPN_ACTIVATE_ATTR] = False
+ neighbors = self._current_config['neighbors'] = dict()
+ networks = self._current_config['networks'] = list()
+ for line in lines:
+ if line.startswith('#'):
+ continue
+ if not self._current_config['as_number']:
+ match = self.LOCAL_AS_REGEX.match(line)
+ if match:
+ self._current_config['as_number'] = int(match.group(1))
+ self._current_config['vrf'] = match.group(2)
+ continue
+ if not self._current_config['router_id']:
+ match = self.ROUTER_ID_REGEX.match(line)
+ if match:
+ self._current_config['router_id'] = match.group(2)
+ continue
+ match = self.NEIGHBOR_REGEX.match(line)
+ if match:
+ neighbor = neighbors.setdefault(match.group(2), dict())
+ neighbor['remote_as'] = int(match.group(3))
+ continue
+ match = self.NEIGHBOR_MULTIHOP_REGEX.match(line)
+ if match:
+ neighbor = neighbors.setdefault(match.group(2), dict())
+ neighbor["multihop"] = int(match.group(3))
+ continue
+ match = self.NEIGHBOR_EVPN_REGEX.match(line)
+ if match:
+ neighbor = neighbors.setdefault(match.group(3), dict())
+ neighbor["evpn"] = True
+ continue
+ match = self.NETWORK_REGEX.match(line)
+ if match:
+ network = match.group(2) + match.group(3)
+ networks.append(network)
+ continue
+ match = self.FAST_EXTERNAL_FALLOVER_REGEX.match(line)
+ if match:
+ self._current_config['fast_external_fallover'] = True
+ continue
+ match = self.ECMP_BESTPATH_REGEX.match(line)
+ if match:
+ self._current_config['ecmp_bestpath'] = True
+ continue
+ match = self.MAX_PATHS_REGEX.match(line)
+ if match:
+ self._current_config['max_paths'] = int(match.group(3))
+ continue
+ for key, value in iteritems(self.EVPN_COMMANDS_REGEX_MAPPER):
+ match = value[0].match(line)
+ if match:
+ self._current_config[key] = True
+ break
+
+ def _get_bgp_summary(self):
+ return get_bgp_summary(self._module)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ bgp_config = self._get_bgp_summary()
+ if bgp_config:
+ self._set_bgp_config(bgp_config)
+
+ def generate_commands(self):
+ state = self._required_config['state']
+ if state == 'present':
+ self._generate_bgp_cmds()
+ else:
+ self._generate_no_bgp_cmds()
+
+ def _generate_bgp_cmds(self):
+ vrf = self._required_config.get('vrf')
+ if vrf is None:
+ vrf = "default"
+
+ as_number = self._required_config['as_number']
+ curr_as_num = self._current_config.get('as_number')
+ curr_vrf = self._current_config.get("vrf")
+ bgp_removed = False
+ if curr_as_num != as_number or vrf != curr_vrf:
+ if curr_as_num:
+ self._commands.append('no router bgp %d vrf %s' % (curr_as_num, curr_vrf))
+ bgp_removed = True
+ self._commands.append('router bgp %d vrf %s' % (as_number, vrf))
+ self._commands.append('exit')
+
+ req_router_id = self._required_config.get('router_id')
+ if req_router_id is not None:
+ curr_route_id = self._current_config.get('router_id')
+ if bgp_removed or req_router_id != curr_route_id:
+ self._commands.append('router bgp %d vrf %s router-id %s force' % (as_number, vrf, req_router_id))
+
+ fast_external_fallover = self._required_config.get('fast_external_fallover')
+ if fast_external_fallover is not None:
+ current_fast_external_fallover = self._current_config.get('fast_external_fallover')
+ if fast_external_fallover and (bgp_removed or fast_external_fallover != current_fast_external_fallover):
+ self._commands.append('router bgp %d vrf %s bgp fast-external-fallover' % (as_number, vrf))
+ elif not fast_external_fallover and (bgp_removed or fast_external_fallover != current_fast_external_fallover):
+ self._commands.append('router bgp %d vrf %s no bgp fast-external-fallover' % (as_number, vrf))
+
+ max_paths = self._required_config.get('max_paths')
+ if max_paths is not None:
+ current_max_paths = self._current_config.get('max_paths')
+ if bgp_removed or max_paths != current_max_paths:
+ self._commands.append('router bgp %d vrf %s maximum-paths %s' % (as_number, vrf, max_paths))
+
+ ecmp_bestpath = self._required_config.get('ecmp_bestpath')
+ if ecmp_bestpath is not None:
+ current_ecmp_bestpath = self._current_config.get('ecmp_bestpath')
+ if ecmp_bestpath and (bgp_removed or ecmp_bestpath != current_ecmp_bestpath):
+ self._commands.append('router bgp %d vrf %s bestpath as-path multipath-relax force' % (as_number, vrf))
+ elif not ecmp_bestpath and (bgp_removed or ecmp_bestpath != current_ecmp_bestpath):
+ self._commands.append('router bgp %d vrf %s no bestpath as-path multipath-relax force' % (as_number, vrf))
+
+ evpn = self._required_config.get('evpn')
+ if evpn is not None:
+ self._generate_evpn_cmds(evpn, as_number, vrf)
+
+ self._generate_neighbors_cmds(as_number, vrf, bgp_removed)
+ self._generate_networks_cmds(as_number, vrf, bgp_removed)
+
+ def _generate_neighbors_cmds(self, as_number, vrf, bgp_removed):
+ req_neighbors = self._required_config['neighbors']
+ curr_neighbors = self._current_config.get('neighbors', {})
+ evpn = self._required_config.get('evpn')
+ if self._purge:
+ for neighbor in curr_neighbors:
+ remote_as = curr_neighbors[neighbor].get("remote_as")
+ self._commands.append('router bgp %s vrf %s no neighbor %s remote-as %s' % (
+ as_number, vrf, neighbor, remote_as))
+
+ if req_neighbors is not None:
+ for neighbor_data in req_neighbors:
+ neighbor = neighbor_data.get("neighbor")
+ curr_neighbor = curr_neighbors.get(neighbor)
+ remote_as = neighbor_data.get("remote_as")
+ multihop = neighbor_data.get("multihop")
+ if bgp_removed or curr_neighbor is None:
+ if remote_as is not None:
+ self._commands.append(
+ 'router bgp %s vrf %s neighbor %s remote-as %s' % (as_number, vrf, neighbor, remote_as))
+ if multihop is not None:
+ self._commands.append(
+ 'router bgp %s vrf %s neighbor %s ebgp-multihop %s' % (as_number, vrf, neighbor, multihop))
+ if evpn:
+ self._commands.append(
+ 'router bgp %s vrf %s neighbor %s peer-group evpn' % (as_number, vrf, neighbor))
+ elif curr_neighbor is not None:
+ curr_remote_as = curr_neighbor.get("remote_as")
+ curr_multihop = curr_neighbor.get("multihop")
+ curr_neighbor_evpn = curr_neighbor.get("evpn")
+ if remote_as != curr_remote_as:
+ self._commands.append(
+ 'router bgp %s vrf %s neighbor %s remote-as %s' % (as_number, vrf, neighbor, remote_as))
+ if multihop is not None and multihop != curr_multihop:
+ self._commands.append(
+ 'router bgp %s vrf %s neighbor %s ebgp-multihop %s' % (as_number, vrf, neighbor, multihop))
+ if evpn and curr_neighbor_evpn is not True:
+ self._commands.append(
+ 'router bgp %s vrf %s neighbor %s peer-group evpn' % (as_number, vrf, neighbor))
+
+ def _generate_networks_cmds(self, as_number, vrf, bgp_removed):
+ req_networks = self._required_config['networks'] or []
+ curr_networks = self._current_config.get('networks', [])
+ if not bgp_removed:
+ for network in curr_networks:
+ if network not in req_networks:
+ net_attrs = network.split('/')
+ if len(net_attrs) != 2:
+ self._module.fail_json(
+ msg='Invalid network %s' % network)
+
+ net_address, netmask = net_attrs
+ cmd = 'router bgp %s no network %s /%s' % (
+ as_number, net_address, netmask)
+ self._commands.append(cmd)
+
+ for network in req_networks:
+ if bgp_removed or network not in curr_networks:
+ net_attrs = network.split('/')
+ if len(net_attrs) != 2:
+ self._module.fail_json(
+ msg='Invalid network %s' % network)
+ net_address, netmask = net_attrs
+ cmd = 'router bgp %s vrf %s network %s /%s' % (
+ as_number, vrf, net_address, netmask)
+ self._commands.append(cmd)
+
+ def _generate_no_bgp_cmds(self):
+ as_number = self._required_config['as_number']
+ curr_as_num = self._current_config.get('as_number')
+ if curr_as_num and curr_as_num == as_number:
+ self._commands.append('no router bgp %d' % as_number)
+
+ def _generate_evpn_cmds(self, evpn, as_number, vrf):
+ if evpn:
+ for attr in self.EVPN_ENABLE_ATTRS:
+ curr_attr = self._current_config.get(attr)
+ if curr_attr is not True:
+ self._commands.append(self.EVPN_COMMANDS_REGEX_MAPPER.get(attr)[1] % (as_number, vrf))
+ elif not evpn:
+ for attr in self.EVPN_DISABLE_ATTRS:
+ curr_attr = self._current_config.get(attr)
+ if curr_attr is not False:
+ self._commands.append("no " + self.EVPN_COMMANDS_REGEX_MAPPER.get(attr)[1] % (as_number, vrf))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxBgpModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_buffer_pool.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_buffer_pool.py
new file mode 100644
index 000000000..94e127e33
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_buffer_pool.py
@@ -0,0 +1,140 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_buffer_pool
+author: "Anas Badaha (@anasb)"
+short_description: Configures Buffer Pool
+description:
+ - This module provides declarative management of Onyx Buffer Pool configuration
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.8130
+options:
+ name:
+ description:
+ - pool name.
+ required: true
+ pool_type:
+ description:
+ - pool type.
+ choices: ['lossless', 'lossy']
+ default: lossy
+ memory_percent:
+ description:
+ - memory percent.
+ switch_priority:
+ description:
+ - switch priority, range 1-7.
+'''
+
+EXAMPLES = """
+- name: Configure buffer pool
+ onyx_buffer_pool:
+ name: roce
+ pool_type: lossless
+ memory_percent: 50.00
+ switch_priority: 3
+
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - traffic pool roce type lossless
+ - traffic pool roce memory percent 50.00
+ - traffic pool roce map switch-priority 3
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxBufferPoolModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ name=dict(type='str', required=True),
+ pool_type=dict(choices=['lossless', 'lossy'], default='lossy'),
+ memory_percent=dict(type='float'),
+ switch_priority=dict(type='int')
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def validate_switch_priority(self, value):
+ if value and not 0 <= int(value) <= 7:
+ self._module.fail_json(msg='switch_priority value must be between 0 and 7')
+
+ def _set_traffic_pool_config(self, traffic_pool_config):
+ if traffic_pool_config is None:
+ return
+ traffic_pool_config = traffic_pool_config.get(self._required_config.get('name'))
+ self._current_config['pool_type'] = traffic_pool_config[0].get("Type")
+ self._current_config['switch_priority'] = int(traffic_pool_config[0].get("Switch Priorities"))
+ self._current_config['memory_percent'] = float(traffic_pool_config[0].get("Memory [%]"))
+
+ def _show_traffic_pool(self):
+ cmd = "show traffic pool {0}".format(self._required_config.get("name"))
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ traffic_pool_config = self._show_traffic_pool()
+ self._set_traffic_pool_config(traffic_pool_config)
+
+ def generate_commands(self):
+ name = self._required_config.get("name")
+ pool_type = self._required_config.get("pool_type")
+
+ if self._current_config is None:
+ self._add_add_traffic_pool_cmds(name, pool_type)
+ else:
+ current_pool_type = self._current_config.get("pool_type")
+ if pool_type != current_pool_type:
+ self._add_add_traffic_pool_cmds(name, pool_type)
+
+ memory_percent = self._required_config.get("memory_percent")
+ if memory_percent is not None:
+ curr_memory_percent = self._current_config.get("memory_percent")
+ if curr_memory_percent is None or memory_percent != curr_memory_percent:
+ self._commands.append('traffic pool {0} memory percent {1}'.format(name, memory_percent))
+
+ switch_priority = self._required_config.get("switch_priority")
+ if switch_priority is not None:
+ curr_switch_priority = self._current_config.get("switch_priority")
+ if curr_switch_priority is None or switch_priority != curr_switch_priority:
+ self._commands.append('traffic pool {0} map switch-priority {1}'.format(name, switch_priority))
+
+ def _add_add_traffic_pool_cmds(self, name, pool_type):
+ self._commands.append('traffic pool {0} type {1}'.format(name, pool_type))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxBufferPoolModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_command.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_command.py
new file mode 100644
index 000000000..719e8f235
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_command.py
@@ -0,0 +1,210 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_command
+
+author: "Samer Deeb (@samerd)"
+short_description: Run commands on remote devices running Mellanox ONYX
+description:
+ - Sends arbitrary commands to an Mellanox ONYX network device and returns
+ the results read from the device. This module includes an
+ argument that will cause the module to wait for a specific condition
+ before returning or timing out if the condition is not met.
+ - This module does not support running commands in configuration mode.
+ Please use M(onyx_config) to configure Mellanox ONYX devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ commands:
+ description:
+ - List of commands to send to the remote Mellanox ONYX network device.
+ The resulting output from the command
+ is returned. If the I(wait_for) argument is provided, the
+ module is not returned until the condition is satisfied or
+ the number of retries has expired.
+ required: true
+ wait_for:
+ description:
+ - List of conditions to evaluate against the output of the
+ command. The task will wait for each condition to be true
+ before moving forward. If the conditional is not true
+ within the configured number of retries, the task fails.
+ See examples.
+ match:
+ description:
+ - The I(match) argument is used in conjunction with the
+ I(wait_for) argument to specify the match policy. Valid
+ values are C(all) or C(any). If the value is set to C(all)
+ then all conditionals in the wait_for must be satisfied. If
+ the value is set to C(any) then only one of the values must be
+ satisfied.
+ default: all
+ choices: ['any', 'all']
+ retries:
+ description:
+ - Specifies the number of retries a command should by tried
+ before it is considered failed. The command is run on the
+ target device every retry and evaluated against the
+ I(wait_for) conditions.
+ default: 10
+ interval:
+ description:
+ - Configures the interval in seconds to wait between retries
+ of the command. If the command does not pass the specified
+ conditions, the interval indicates how long to wait before
+ trying the command again.
+ default: 1
+'''
+
+EXAMPLES = """
+tasks:
+ - name: Run show version on remote devices
+ onyx_command:
+ commands: show version
+
+ - name: Run show version and check to see if output contains MLNXOS
+ onyx_command:
+ commands: show version
+ wait_for: result[0] contains MLNXOS
+
+ - name: Run multiple commands on remote nodes
+ onyx_command:
+ commands:
+ - show version
+ - show interfaces
+
+ - name: Run multiple commands and evaluate the output
+ onyx_command:
+ commands:
+ - show version
+ - show interfaces
+ wait_for:
+ - result[0] contains MLNXOS
+ - result[1] contains mgmt1
+"""
+
+RETURN = """
+stdout:
+ description: The set of responses from the commands
+ returned: always apart from low level errors (such as action plugin)
+ type: list
+ sample: ['...', '...']
+stdout_lines:
+ description: The value of stdout split into a list
+ returned: always apart from low level errors (such as action plugin)
+ type: list
+ sample: [['...', '...'], ['...'], ['...']]
+failed_conditions:
+ description: The list of conditionals that have failed
+ returned: failed
+ type: list
+ sample: ['...', '...']
+"""
+
+import time
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.parsing import Conditional
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ComplexList
+from ansible.module_utils.six import string_types
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import run_commands
+
+
+def to_lines(stdout):
+ for item in stdout:
+ if isinstance(item, string_types):
+ item = str(item).split('\n')
+ yield item
+
+
+def parse_commands(module, warnings):
+ command = ComplexList(dict(
+ command=dict(key=True),
+ prompt=dict(),
+ answer=dict()
+ ), module)
+ commands = command(module.params['commands'])
+ for item in list(commands):
+ if module.check_mode and not item['command'].startswith('show'):
+ warnings.append(
+ 'only show commands are supported when using check mode, not '
+ 'executing `%s`' % item['command']
+ )
+ commands.remove(item)
+ elif item['command'].startswith('conf'):
+ module.fail_json(
+ msg='onyx_command does not support running config mode '
+ 'commands. Please use onyx_config instead'
+ )
+ return commands
+
+
+def main():
+ """main entry point for module execution
+ """
+ argument_spec = dict(
+ commands=dict(type='list', required=True),
+
+ wait_for=dict(type='list'),
+ match=dict(default='all', choices=['all', 'any']),
+
+ retries=dict(default=10, type='int'),
+ interval=dict(default=1, type='int')
+ )
+
+ module = AnsibleModule(argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ result = {'changed': False}
+
+ warnings = list()
+ commands = parse_commands(module, warnings)
+ result['warnings'] = warnings
+
+ wait_for = module.params['wait_for'] or list()
+ conditionals = [Conditional(c) for c in wait_for]
+
+ retries = module.params['retries']
+ interval = module.params['interval']
+ match = module.params['match']
+
+ while retries > 0:
+ responses = run_commands(module, commands)
+
+ for item in list(conditionals):
+ if item(responses):
+ if match == 'any':
+ conditionals = list()
+ break
+ conditionals.remove(item)
+
+ if not conditionals:
+ break
+
+ time.sleep(interval)
+ retries -= 1
+
+ if conditionals:
+ failed_conditions = [item.raw for item in conditionals]
+ msg = 'One or more conditional statements have not been satisfied'
+ module.fail_json(msg=msg, failed_conditions=failed_conditions)
+
+ result.update({
+ 'changed': False,
+ 'stdout': responses,
+ 'stdout_lines': list(to_lines(responses))
+ })
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_config.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_config.py
new file mode 100644
index 000000000..cdd532f06
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_config.py
@@ -0,0 +1,248 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_config
+
+author: "Alex Tabachnik (@atabachnik), Samer Deeb (@samerd)"
+short_description: Manage Mellanox ONYX configuration sections
+description:
+ - Mellanox ONYX configurations uses a simple block indent file syntax
+ for segmenting configuration into sections. This module provides
+ an implementation for working with ONYX configuration sections in
+ a deterministic way.
+options:
+ lines:
+ description:
+ - The ordered set of commands that should be configured in the
+ section. The commands must be the exact same commands as found
+ in the device running-config. Be sure to note the configuration
+ command syntax as some commands are automatically modified by the
+ device config parser.
+ aliases: ['commands']
+ parents:
+ description:
+ - The ordered set of parents that uniquely identify the section
+ the commands should be checked against. If the parents argument
+ is omitted, the commands are checked against the set of top
+ level or global commands.
+ src:
+ description:
+ - Specifies the source path to the file that contains the configuration
+ or configuration template to load. The path to the source file can
+ either be the full path on the Ansible control host or a relative
+ path from the playbook or role root directory. This argument is mutually
+ exclusive with I(lines), I(parents).
+ before:
+ description:
+ - The ordered set of commands to push on to the command stack if
+ a change needs to be made. This allows the playbook designer
+ the opportunity to perform configuration commands prior to pushing
+ any changes without affecting how the set of commands are matched
+ against the system.
+ after:
+ description:
+ - The ordered set of commands to append to the end of the command
+ stack if a change needs to be made. Just like with I(before) this
+ allows the playbook designer to append a set of commands to be
+ executed after the command set.
+ match:
+ description:
+ - Instructs the module on the way to perform the matching of
+ the set of commands against the current device config. If
+ match is set to I(line), commands are matched line by line. If
+ match is set to I(strict), command lines are matched with respect
+ to position. If match is set to I(exact), command lines
+ must be an equal match. Finally, if match is set to I(none), the
+ module will not attempt to compare the source configuration with
+ the running configuration on the remote device.
+ default: line
+ choices: ['line', 'strict', 'exact', 'none']
+ replace:
+ description:
+ - Instructs the module on the way to perform the configuration
+ on the device. If the replace argument is set to I(line) then
+ the modified lines are pushed to the device in configuration
+ mode. If the replace argument is set to I(block) then the entire
+ command block is pushed to the device in configuration mode if any
+ line is not correct
+ default: line
+ choices: ['line', 'block']
+ backup:
+ description:
+ - This argument will cause the module to create a full backup of
+ the current C(running-config) from the remote device before any
+ changes are made. If the C(backup_options) value is not given,
+ the backup file is written to the C(backup) folder in the playbook
+ root directory. If the directory does not exist, it is created.
+ default: no
+ type: bool
+ config:
+ description:
+ - The C(config) argument allows the playbook designer to supply
+ the base configuration to be used to validate configuration
+ changes necessary. If this argument is provided, the module
+ will not download the running-config from the remote node.
+ save:
+ description:
+ - The C(save) argument instructs the module to save the running-
+ config to the startup-config at the conclusion of the module
+ running. If check mode is specified, this argument is ignored.
+ default: no
+ type: bool
+ backup_options:
+ description:
+ - This is a dict object containing configurable options related to backup file path.
+ The value of this option is read only when C(backup) is set to I(yes), if C(backup) is set
+ to I(no) this option will be silently ignored.
+ suboptions:
+ filename:
+ description:
+ - The filename to be used to store the backup configuration. If the filename
+ is not given it will be generated based on the hostname, current time and date
+ in format defined by <hostname>_config.<current-date>@<current-time>
+ dir_path:
+ description:
+ - This option provides the path ending with directory name in which the backup
+ configuration file will be stored. If the directory does not exist it will be first
+ created and the filename is either the value of C(filename) or default filename
+ as described in C(filename) options description. If the path value is not given
+ in that case a I(backup) directory will be created in the current working directory
+ and backup configuration will be copied in C(filename) within I(backup) directory.
+ type: path
+ type: dict
+'''
+
+EXAMPLES = """
+---
+- onyx_config:
+ lines:
+ - snmp-server community
+ - snmp-server host 10.2.2.2 traps version 2c
+"""
+
+RETURN = """
+updates:
+ description: The set of commands that will be pushed to the remote device
+ returned: always
+ type: list
+ sample: ['...', '...']
+backup_path:
+ description: The full path to the backup file
+ returned: when backup is yes
+ type: str
+ sample: /playbooks/ansible/backup/onyx_config.2016-07-16@22:28:34
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.config import NetworkConfig, dumps
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import get_config
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import load_config
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import run_commands
+
+
+def get_candidate(module):
+ candidate = NetworkConfig(indent=1)
+ if module.params['src']:
+ candidate.load(module.params['src'])
+ elif module.params['lines']:
+ parents = module.params['parents'] or list()
+ candidate.add(module.params['lines'], parents=parents)
+ return candidate
+
+
+def run(module, result):
+ match = module.params['match']
+ replace = module.params['replace']
+ path = module.params['parents']
+
+ candidate = get_candidate(module)
+ if match != 'none':
+ contents = module.params['config']
+ if not contents:
+ contents = get_config(module)
+ config = NetworkConfig(indent=1, contents=contents)
+ configobjs = candidate.difference(config, path=path, match=match,
+ replace=replace)
+
+ else:
+ configobjs = candidate.items
+
+ total_commands = []
+ if configobjs:
+ commands = dumps(configobjs, 'commands').split('\n')
+
+ if module.params['lines']:
+ if module.params['before']:
+ commands[:0] = module.params['before']
+
+ if module.params['after']:
+ commands.extend(module.params['after'])
+
+ total_commands.extend(commands)
+ result['updates'] = total_commands
+
+ if module.params['save']:
+ total_commands.append('configuration write')
+ if total_commands:
+ result['changed'] = True
+ if not module.check_mode:
+ load_config(module, total_commands)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ backup_spec = dict(
+ filename=dict(),
+ dir_path=dict(type='path')
+ )
+ argument_spec = dict(
+ src=dict(type='path'),
+
+ lines=dict(aliases=['commands'], type='list'),
+ parents=dict(type='list'),
+
+ before=dict(type='list'),
+ after=dict(type='list'),
+
+ match=dict(default='line', choices=['line', 'strict', 'exact', 'none']),
+ replace=dict(default='line', choices=['line', 'block']),
+
+ config=dict(),
+
+ backup=dict(type='bool', default=False),
+ backup_options=dict(type='dict', options=backup_spec),
+ save=dict(type='bool', default=False),
+ )
+
+ mutually_exclusive = [('lines', 'src'),
+ ('parents', 'src')]
+
+ required_if = [('match', 'strict', ['lines']),
+ ('match', 'exact', ['lines']),
+ ('replace', 'block', ['lines'])]
+
+ module = AnsibleModule(argument_spec=argument_spec,
+ mutually_exclusive=mutually_exclusive,
+ required_if=required_if,
+ supports_check_mode=True)
+
+ result = {'changed': False}
+ if module.params['backup']:
+ result['__backup__'] = get_config(module)
+
+ run(module, result)
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_facts.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_facts.py
new file mode 100644
index 000000000..997d4df17
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_facts.py
@@ -0,0 +1,241 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_facts
+author: "Waleed Mousa (@waleedym), Samer Deeb (@samerd)"
+short_description: Collect facts from Mellanox ONYX network devices
+description:
+ - Collects a base set of device facts from a ONYX Mellanox network devices
+ This module prepends all of the base network fact keys with
+ C(ansible_net_<fact>). The facts module will always collect a base set of
+ facts from the device and can enable or disable collection of additional
+ facts.
+notes:
+ - Tested against ONYX 3.6
+options:
+ gather_subset:
+ description:
+ - When supplied, this argument will restrict the facts collected
+ to a given subset. Possible values for this argument include
+ all, version, module, and interfaces. Can specify a list of
+ values to include a larger subset. Values can also be used
+ with an initial C(M(!)) to specify that a specific subset should
+ not be collected.
+ required: false
+ default: version
+'''
+
+EXAMPLES = """
+---
+- name: Collect all facts from the device
+ onyx_facts:
+ gather_subset: all
+- name: Collect only the interfaces facts
+ onyx_facts:
+ gather_subset:
+ - interfaces
+- name: Do not collect version facts
+ onyx_facts:
+ gather_subset:
+ - "!version"
+"""
+
+RETURN = """
+ansible_net_gather_subset:
+ description: The list of fact subsets collected from the device
+ returned: always
+ type: list
+# version
+ansible_net_version:
+ description: A hash of all currently running system image information
+ returned: when version is configured or when no gather_subset is provided
+ type: dict
+# modules
+ansible_net_modules:
+ description: A hash of all modules on the systeme with status
+ returned: when modules is configured
+ type: dict
+# interfaces
+ansible_net_interfaces:
+ description: A hash of all interfaces running on the system
+ returned: when interfaces is configured
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxFactsModule(BaseOnyxModule):
+
+ def get_runable_subset(self, gather_subset):
+ runable_subsets = set()
+ exclude_subsets = set()
+ for subset in gather_subset:
+ if subset == 'all':
+ runable_subsets.update(VALID_SUBSETS)
+ continue
+
+ if subset.startswith('!'):
+ subset = subset[1:]
+ if subset == 'all':
+ exclude_subsets.update(VALID_SUBSETS)
+ continue
+ exclude = True
+ else:
+ exclude = False
+
+ if subset not in VALID_SUBSETS:
+ self._module.fail_json(msg='Bad subset')
+
+ if exclude:
+ exclude_subsets.add(subset)
+ else:
+ runable_subsets.add(subset)
+
+ if not runable_subsets:
+ runable_subsets.update(VALID_SUBSETS)
+
+ runable_subsets.difference_update(exclude_subsets)
+ if not runable_subsets:
+ runable_subsets.add('version')
+ return runable_subsets
+
+ def init_module(self):
+ """ module initialization
+ """
+ argument_spec = dict(
+ gather_subset=dict(default=['version'], type='list')
+ )
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def run(self):
+ self.init_module()
+ gather_subset = self._module.params['gather_subset']
+ runable_subsets = self.get_runable_subset(gather_subset)
+ facts = dict()
+ facts['gather_subset'] = list(runable_subsets)
+
+ instances = list()
+ for key in runable_subsets:
+ facter_cls = FACT_SUBSETS[key]
+ instances.append(facter_cls(self._module))
+
+ for inst in instances:
+ inst.populate()
+ facts.update(inst.facts)
+
+ ansible_facts = dict()
+ for key, value in iteritems(facts):
+ key = 'ansible_net_%s' % key
+ ansible_facts[key] = value
+ self._module.exit_json(ansible_facts=ansible_facts)
+
+
+class FactsBase(object):
+
+ COMMANDS = ['']
+
+ def __init__(self, module):
+ self.module = module
+ self.facts = dict()
+ self.responses = None
+
+ def _show_cmd(self, cmd):
+ return show_cmd(self.module, cmd, json_fmt=True)
+
+ def populate(self):
+ self.responses = []
+ for cmd in self.COMMANDS:
+ self.responses.append(self._show_cmd(cmd))
+
+
+class Version(FactsBase):
+
+ COMMANDS = ['show version']
+
+ def populate(self):
+ super(Version, self).populate()
+ data = self.responses[0]
+ if data:
+ self.facts['version'] = data
+
+
+class Module(FactsBase):
+
+ COMMANDS = ['show module']
+
+ def populate(self):
+ super(Module, self).populate()
+ data = self.responses[0]
+ if data:
+ self.facts['modules'] = data
+
+
+class Interfaces(FactsBase):
+
+ COMMANDS = ['show version', 'show interfaces ethernet']
+
+ def populate(self):
+ super(Interfaces, self).populate()
+
+ version_data = self.responses[0]
+ os_version = version_data['Product release']
+ data = self.responses[1]
+
+ if data:
+ self.facts['interfaces'] = self.populate_interfaces(data, os_version)
+
+ def extractIfData(self, interface_data):
+ return {"MAC Address": interface_data["Mac address"],
+ "Actual Speed": interface_data["Actual speed"],
+ "MTU": interface_data["MTU"],
+ "Admin State": interface_data["Admin state"],
+ "Operational State": interface_data["Operational state"]}
+
+ def populate_interfaces(self, interfaces, os_version):
+ interfaces_dict = dict()
+ for if_data in interfaces:
+ if_dict = dict()
+ if os_version >= BaseOnyxModule.ONYX_API_VERSION:
+ for if_name, interface_data in iteritems(if_data):
+ interface_data = interface_data[0]
+ if_dict = self.extractIfData(interface_data)
+ if_name = if_dict["Interface Name"] = if_name
+
+ else:
+ if_dict = self.extractIfData(if_data)
+ if_name = if_dict["Interface Name"] = if_data["header"]
+ interfaces_dict[if_name] = if_dict
+ return interfaces_dict
+
+
+FACT_SUBSETS = dict(
+ version=Version,
+ modules=Module,
+ interfaces=Interfaces
+)
+
+VALID_SUBSETS = frozenset(FACT_SUBSETS.keys())
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxFactsModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp.py
new file mode 100644
index 000000000..77a099602
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp.py
@@ -0,0 +1,220 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_igmp
+author: "Samer Deeb (@samerd)"
+short_description: Configures IGMP global parameters
+description:
+ - This module provides declarative management of IGMP protocol params
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.6107
+options:
+ state:
+ description:
+ - IGMP state.
+ required: true
+ choices: ['enabled', 'disabled']
+ last_member_query_interval:
+ description:
+ - Configure the last member query interval, range 1-25
+ mrouter_timeout:
+ description:
+ - Configure the mrouter timeout, range 60-600
+ port_purge_timeout:
+ description:
+ - Configure the host port purge timeout, range 130-1225
+ proxy_reporting:
+ description:
+ - Configure ip igmp snooping proxy and enable reporting mode
+ choices: ['enabled', 'disabled']
+ report_suppression_interval:
+ description:
+ - Configure the report suppression interval, range 1-25
+ unregistered_multicast:
+ description:
+ - Configure the unregistered multicast mode
+ Flood unregistered multicast
+ Forward unregistered multicast to mrouter ports
+ choices: ['flood', 'forward-to-mrouter-ports']
+ default_version:
+ description:
+ - Configure the default operating version of the IGMP snooping
+ choices: ['V2','V3']
+'''
+
+EXAMPLES = """
+- name: Configure igmp
+ onyx_igmp:
+ state: enabled
+ unregistered_multicast: flood
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - ip igmp snooping
+ - ip igmp snooping last-member-query-interval 10
+ - ip igmp snooping mrouter-timeout 150
+ - ip igmp snooping port-purge-timeout 150
+"""
+
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxIgmpModule(BaseOnyxModule):
+ TIME_INTERVAL_REGEX = re.compile(r'^(\d+)\s+seconds')
+
+ _RANGE_INTERVALS = dict(
+ last_member_query_interval=(1, 25, 'Last member query interval'),
+ mrouter_timeout=(60, 600, 'Mrouter timeout'),
+ port_purge_timeout=(130, 1225, 'Port purge timeout'),
+ report_suppression_interval=(1, 25, 'Report suppression interval'),
+ )
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ state=dict(choices=['enabled', 'disabled'], required=True),
+ last_member_query_interval=dict(type='int'),
+ mrouter_timeout=dict(type='int'),
+ port_purge_timeout=dict(type='int'),
+ proxy_reporting=dict(choices=['enabled', 'disabled']),
+ report_suppression_interval=dict(type='int'),
+ unregistered_multicast=dict(
+ choices=['flood', 'forward-to-mrouter-ports']),
+ default_version=dict(choices=['V2', 'V3']),
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def _validate_key(self, param, key):
+ interval_params = self._RANGE_VALIDATORS.get(key)
+ if interval_params:
+ min_val, max_val = interval_params[0], interval_params[1]
+ value = param.get(key)
+ self._validate_range(key, min_val, max_val, value)
+ else:
+ super(OnyxIgmpModule, self)._validate_key(param, key)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _set_igmp_config(self, igmp_config):
+ igmp_config = igmp_config[0]
+ if not igmp_config:
+ return
+ self._current_config['state'] = igmp_config.get(
+ 'IGMP snooping globally', 'disabled')
+ self._current_config['proxy_reporting'] = igmp_config.get(
+ 'Proxy-reporting globally', 'disabled')
+ self._current_config['default_version'] = igmp_config.get(
+ 'IGMP default version for new VLAN', 'V3')
+ self._current_config['unregistered_multicast'] = igmp_config.get(
+ 'IGMP snooping unregistered multicast', 'flood')
+
+ for interval_name, interval_params in iteritems(self._RANGE_INTERVALS):
+ display_str = interval_params[2]
+ value = igmp_config.get(display_str, '')
+ match = self.TIME_INTERVAL_REGEX.match(value)
+ if match:
+ interval_value = int(match.group(1))
+ else:
+ interval_value = None
+ self._current_config[interval_name] = interval_value
+
+ def _show_igmp(self):
+ cmd = "show ip igmp snooping"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ igmp_config = self._show_igmp()
+ if igmp_config:
+ self._set_igmp_config(igmp_config)
+
+ def generate_commands(self):
+ state = self._required_config['state']
+ if state == 'enabled':
+ self._generate_igmp_cmds()
+ else:
+ self._generate_no_igmp_cmds()
+
+ def _generate_igmp_cmds(self):
+ curr_state = self._current_config.get('state', 'disabled')
+ if curr_state == 'disabled':
+ self._commands.append('ip igmp snooping')
+ for interval_name in self._RANGE_INTERVALS:
+ req_val = self._required_config.get(interval_name)
+ if not req_val:
+ continue
+ curr_value = self._current_config.get(interval_name)
+ if curr_value == req_val:
+ continue
+ interval_cmd = interval_name.replace('_', '-')
+ self._commands.append(
+ 'ip igmp snooping %s %s' % (interval_cmd, req_val))
+
+ req_val = self._required_config.get('unregistered_multicast')
+ if req_val:
+ curr_value = self._current_config.get(
+ 'unregistered_multicast', 'flood')
+ if req_val != curr_value:
+ self._commands.append(
+ 'ip igmp snooping unregistered multicast %s' % req_val)
+
+ req_val = self._required_config.get('proxy_reporting')
+ if req_val:
+ curr_value = self._current_config.get(
+ 'proxy_reporting', 'disabled')
+ if req_val != curr_value:
+ cmd = 'ip igmp snooping proxy reporting'
+ if req_val == 'disabled':
+ cmd = 'no %s' % cmd
+ self._commands.append(cmd)
+
+ req_val = self._required_config.get('default_version')
+ if req_val:
+ curr_value = self._current_config.get(
+ 'default_version', 'V3')
+ if req_val != curr_value:
+ version = req_val[1] # remove the 'V' and take the number only
+ self._commands.append(
+ 'ip igmp snooping version %s' % version)
+
+ def _generate_no_igmp_cmds(self):
+ curr_state = self._current_config.get('state', 'disabled')
+ if curr_state != 'disabled':
+ self._commands.append('no ip igmp snooping')
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxIgmpModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_interface.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_interface.py
new file mode 100644
index 000000000..28034732d
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_interface.py
@@ -0,0 +1,131 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_igmp_interface
+author: "Anas Badaha (@anasb)"
+short_description: Configures IGMP interface parameters
+description:
+ - This module provides declarative management of IGMP interface configuration
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.8130
+options:
+ name:
+ description:
+ - interface name that we want to configure IGMP on it
+ required: true
+ state:
+ description:
+ - IGMP Interface state.
+ choices: ['enabled', 'disabled']
+ default: enabled
+'''
+
+EXAMPLES = """
+- name: Configure igmp interface
+ onyx_igmp_interface:
+ state: enabled
+ name: Eth1/1
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface ethernet 1/1 ip igmp snooping fast-leave
+"""
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxIgmpInterfaceModule(BaseOnyxModule):
+ IF_NAME_REGEX = re.compile(r"^(Eth\d+\/\d+|Eth\d+\/\d+\d+)$")
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ state=dict(choices=['enabled', 'disabled'], default='enabled'),
+ name=dict(required=True)
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ match = self.IF_NAME_REGEX.match(self._required_config["name"])
+ if not match:
+ raise AttributeError("Please Insert Valid Interface Name")
+
+ self.validate_param_values(self._required_config)
+
+ def _set_igmp_config(self, igmp_interfaces_config):
+ if not igmp_interfaces_config:
+ return
+ name = self._required_config.get('name')
+ interface_state = igmp_interfaces_config[name][0].get('leave-mode')
+ if interface_state == "Fast":
+ self._current_config['state'] = "enabled"
+ else:
+ self._current_config['state'] = "disabled"
+
+ def _show_igmp_interfaces(self):
+ cmd = "show ip igmp snooping interfaces"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ igmp_interfaces_config = self._show_igmp_interfaces()
+ if igmp_interfaces_config:
+ self._set_igmp_config(igmp_interfaces_config)
+
+ def generate_commands(self):
+ req_state = self._required_config['state']
+ self._req_val = self._required_config.get('name').replace("Eth", "ethernet ")
+
+ if req_state == 'enabled':
+ self._generate_igmp_interface_cmds()
+ else:
+ self._generate_no_igmp_cmds()
+
+ def _generate_igmp_interface_cmds(self):
+ curr_state = self._current_config.get('state', 'enabled')
+ if curr_state == 'enabled':
+ pass
+
+ elif curr_state == 'disabled':
+ self._commands.append('interface %s ip igmp snooping fast-leave' % self._req_val)
+
+ def _generate_no_igmp_cmds(self):
+ curr_state = self._current_config.get('state', 'enabled')
+ if curr_state == 'enabled':
+ self._commands.append('interface %s no ip igmp snooping fast-leave' % self._req_val)
+ else:
+ pass
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxIgmpInterfaceModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_vlan.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_vlan.py
new file mode 100644
index 000000000..4c41b01e4
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_igmp_vlan.py
@@ -0,0 +1,431 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_igmp_vlan
+author: Anas Badaha (@anasbadaha)
+short_description: Configures IGMP Vlan parameters
+description:
+ - This module provides declarative management of IGMP vlan configuration on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.7.0932-01
+options:
+ vlan_id:
+ description:
+ - VLAN ID, vlan should exist.
+ required: true
+ state:
+ description:
+ - IGMP state.
+ choices: ['enabled', 'disabled']
+ default: enabled
+ mrouter:
+ description:
+ - Configure ip igmp snooping mrouter port on vlan
+ suboptions:
+ state:
+ description:
+ - Enable IGMP snooping mrouter on vlan interface.
+ choices: ['enabled', 'disabled']
+ default: enabled
+ name:
+ description:
+ - Configure mrouter interface
+ required: true
+ querier:
+ description:
+ - Configure the IGMP querier parameters
+ suboptions:
+ state:
+ description:
+ - Enable IGMP snooping querier on vlan in the switch.
+ choices: ['enabled', 'disabled']
+ default: enabled
+ interval:
+ description:
+ - Update time interval between querier queries, range 60-600
+ address:
+ description:
+ - Update IP address for the querier
+ static_groups:
+ description:
+ - List of IGMP static groups.
+ suboptions:
+ multicast_ip_address:
+ description:
+ - Configure static IP multicast group, range 224.0.1.0-239.255.255.25.
+ required: true
+ name:
+ description:
+ - interface name to configure static groups on it.
+ sources:
+ description:
+ - List of IP sources to be configured
+ version:
+ description:
+ - IGMP snooping operation version on this vlan
+ choices: ['V2','V3']
+'''
+
+EXAMPLES = """
+- name: Configure igmp vlan
+ onyx_igmp_vlan:
+ state: enabled
+ vlan_id: 10
+ version:
+ V2
+ querier:
+ state: enabled
+ interval: 70
+ address: 10.11.121.13
+ mrouter:
+ state: disabled
+ name: Eth1/2
+ static_groups:
+ - multicast_ip_address: 224.5.5.8
+ name: Eth1/1
+ sources:
+ - 1.1.1.1
+ - 1.1.1.2
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - vlan 10 ip igmp snooping
+ - vlan 10 ip igmp snooping static-group 224.5.5.5 interface ethernet 1/1
+"""
+import socket
+import struct
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+def _ip_to_int(addr):
+ return struct.unpack("!I", socket.inet_aton(addr))[0]
+
+
+class OnyxIgmpVlanModule(BaseOnyxModule):
+ MIN_MULTICAST_IP = _ip_to_int("224.0.1.0")
+ MAX_MULTICAST_IP = _ip_to_int("239.255.255.255")
+
+ def init_module(self):
+ """ initialize module
+ """
+ mrouter_spec = dict(name=dict(required=True),
+ state=dict(choices=['enabled', 'disabled'], default='enabled'))
+ querier_spec = dict(state=dict(choices=['enabled', 'disabled'], default='enabled'),
+ interval=dict(type='int'), address=dict())
+ static_groups_spec = dict(multicast_ip_address=dict(required=True),
+ name=dict(required=True), sources=dict(type='list'))
+ element_spec = dict(vlan_id=dict(type='int', required=True),
+ state=dict(choices=['enabled', 'disabled'], default='enabled'),
+ querier=dict(type='dict', options=querier_spec),
+ static_groups=dict(type='list', elements='dict', options=static_groups_spec),
+ mrouter=dict(type='dict', options=mrouter_spec),
+ version=dict(choices=['V2', 'V3']))
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _validate_attr_is_not_none(self, attr_name, attr_value):
+ if attr_name == 'vlan_id' or attr_name == 'state':
+ pass
+ elif attr_value is not None:
+ self._module.fail_json(msg='Can not set %s value on switch while state is disabled' % attr_name)
+
+ def validate_param_values(self, obj, param=None):
+ if obj['state'] == 'disabled':
+ for attr_name in obj:
+ self._validate_attr_is_not_none(attr_name, obj[attr_name])
+ super(OnyxIgmpVlanModule, self).validate_param_values(obj, param)
+
+ def validate_querier(self, value):
+ interval = value.get('interval')
+ if interval and not 60 <= int(interval) <= 600:
+ self._module.fail_json(msg='query-interval value must be between 60 and 600')
+
+ def validate_static_groups(self, value):
+ multicast_ip = value.get('multicast_ip_address')
+ multicast_ip = _ip_to_int(multicast_ip)
+
+ if multicast_ip < self.MIN_MULTICAST_IP or multicast_ip > self.MAX_MULTICAST_IP:
+ self._module.fail_json(msg='multicast IP address must be in range 224.0.1.0 - 239.255.255.255')
+
+ @staticmethod
+ def _get_curr_mrouter_config(mrouter_port):
+ if mrouter_port == "none":
+ return {'state': 'disabled'}
+ else:
+ return {'state': 'enabled',
+ 'name': mrouter_port}
+
+ def _get_curr_querier_config(self, querier_config):
+ if "Non-Querier" in querier_config:
+ return {'state': 'disabled'}
+ elif "Querier" in querier_config:
+ igmp_querier_config = self._show_igmp_querier_config()[0]
+ snooping_querier_info = igmp_querier_config["Snooping querier information for VLAN %d" % (
+ self._required_config['vlan_id'])]
+ snooping_querier_info = snooping_querier_info[1]
+ interval = int(snooping_querier_info["Query interval"])
+ address = snooping_querier_info["Configured querier IP address"]
+ return {'state': 'enabled',
+ 'interval': interval,
+ 'address': address}
+
+ @staticmethod
+ def _get_curr_version(version):
+ if "V3" in version:
+ return "V3"
+ elif "V2" in version:
+ return "V2"
+
+ def _get_curr_static_group_config(self, multicast_ip_address):
+ sources = None
+ names = None
+ igmp_snooping_groups_config = self._show_igmp_snooping_groups_config(multicast_ip_address)
+ if igmp_snooping_groups_config is not None:
+ igmp_snooping_groups_config = igmp_snooping_groups_config[0]
+ snooping_group_information = igmp_snooping_groups_config.get('Snooping group '
+ 'information for VLAN %d and group '
+ '%s' % (self._required_config['vlan_id'],
+ multicast_ip_address))
+ if snooping_group_information is not None:
+ if len(snooping_group_information) == 1:
+ names = snooping_group_information[0].get('V1/V2 Receiver Ports')
+ elif len(snooping_group_information) == 2:
+ sources_dict = dict()
+ v3_receiver_ports = snooping_group_information[1].get('V3 Receiver Ports')
+ ports_number = v3_receiver_ports[0].get('Port Number')
+ sources = v3_receiver_ports[0].get('Include sources')
+ if isinstance(ports_number, list):
+ i = 0
+ for port_number in ports_number:
+ sources_dict[port_number] = sources[i]
+ i += 1
+ else:
+ sources_dict[ports_number] = sources
+ names = snooping_group_information[0].get('V1/V2 Receiver Ports')
+ sources = sources_dict
+
+ return {'sources': sources,
+ 'names': names}
+ else:
+ return None
+ else:
+ return None
+
+ def _set_igmp_config(self, igmp_vlan_config):
+ igmp_vlan_config = igmp_vlan_config[0]
+ if not igmp_vlan_config:
+ return
+
+ self._current_config['state'] = igmp_vlan_config.get('message 1')
+ if "enabled" in self._current_config['state']:
+ self._current_config['state'] = "enabled"
+ elif "disabled" in self._current_config['state']:
+ self._current_config['state'] = "disabled"
+
+ mrouter_port = igmp_vlan_config.get('mrouter static port list')
+ self._current_config['mrouter'] = dict(self._get_curr_mrouter_config(mrouter_port))
+
+ querier_config = igmp_vlan_config.get('message 3')
+ self._current_config['querier'] = dict(self._get_curr_querier_config(querier_config))
+
+ version = igmp_vlan_config.get('message 2')
+ self._current_config['version'] = self._get_curr_version(version)
+
+ req_static_groups = self._required_config.get('static_groups')
+ if req_static_groups is not None:
+ static_groups = self._current_config['static_groups'] = dict()
+ for static_group in req_static_groups:
+ static_group_config = self._get_curr_static_group_config(static_group['multicast_ip_address'])
+ static_groups[static_group['multicast_ip_address']] = static_group_config
+
+ def _show_igmp_vlan(self):
+ cmd = ("show ip igmp snooping vlan %d" % self._required_config['vlan_id'])
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def _show_igmp_querier_config(self):
+ cmd = ("show ip igmp snooping querier vlan %d " % self._required_config['vlan_id'])
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def _show_igmp_snooping_groups_config(self, multicast_ip_address):
+ cmd = ("show ip igmp snooping groups vlan %d group %s" % (self._required_config['vlan_id'],
+ multicast_ip_address))
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ igmp_vlan_config = self._show_igmp_vlan()
+ if igmp_vlan_config:
+ self._set_igmp_config(igmp_vlan_config)
+
+ def generate_commands(self):
+ req_state = self._required_config.get('state', 'enabled')
+ self._generate_igmp_vlan_cmds(req_state)
+
+ _mrouter = self._required_config.get('mrouter')
+ if _mrouter is not None:
+ self._generate_igmp_mrouter_cmds(_mrouter)
+
+ _querier = self._required_config.get('querier')
+ if _querier is not None:
+ req_querier_state = _querier.get('state', 'enabled')
+ self._generate_igmp_querier_cmds(req_querier_state)
+
+ req_querier_interval = _querier.get('interval')
+ if req_querier_interval is not None:
+ self._gen_querier_attr_commands("interval", req_querier_interval, "query-interval")
+
+ req_querier_address = _querier.get('address')
+ if req_querier_address is not None:
+ self._gen_querier_attr_commands("address", req_querier_address, "address")
+
+ _version = self._required_config.get('version')
+ if _version is not None:
+ self._generate_igmp_version_cmds(_version)
+
+ _static_groups = self._required_config.get('static_groups')
+ if _static_groups is not None:
+ for static_group in _static_groups:
+ self._generate_igmp_static_groups_cmd(static_group)
+
+ def _add_igmp_vlan_commands(self, req_state):
+ if req_state == 'enabled':
+ igmp_vlan_cmd = 'vlan %d ip igmp snooping' % self._required_config['vlan_id']
+ else:
+ igmp_vlan_cmd = 'vlan %d no ip igmp snooping' % self._required_config['vlan_id']
+
+ self._commands.append(igmp_vlan_cmd)
+
+ def _generate_igmp_vlan_cmds(self, req_state):
+ curr_state = self._current_config.get('state')
+ if curr_state != req_state:
+ self._add_igmp_vlan_commands(req_state)
+
+ def _gen_querier_attr_commands(self, attr_name, req_attr_value, attr_cmd_name):
+ _curr_querier = self._current_config.get('querier')
+ curr_querier_val = _curr_querier.get(attr_name)
+ if req_attr_value != curr_querier_val:
+ self._commands.append('vlan %d ip igmp snooping querier %s %s' % (self._required_config['vlan_id'],
+ attr_cmd_name, req_attr_value))
+
+ def _add_querier_commands(self, req_querier_state):
+ if req_querier_state == 'enabled':
+ self._commands.append('vlan %d ip igmp snooping querier' % self._required_config['vlan_id'])
+ elif req_querier_state == 'disabled':
+ self._commands.append('vlan %d no ip igmp snooping querier' % (
+ self._required_config['vlan_id']))
+
+ def _generate_igmp_querier_cmds(self, req_querier_state):
+ _curr_querier = self._current_config.get('querier')
+ curr_querier_state = _curr_querier.get('state')
+ if req_querier_state != curr_querier_state:
+ self._add_querier_commands(req_querier_state)
+
+ def _generate_igmp_version_cmds(self, version):
+ _curr_version = self._current_config.get('version')
+ if version != _curr_version:
+ self._commands.append('vlan %d ip igmp snooping version %s' % (
+ self._required_config['vlan_id'], version[1]))
+
+ def _add_mrouter_commands(self, req_mrouter, curr_mrouter):
+ curr_state = curr_mrouter.get('state')
+ curr_interface = curr_mrouter.get('name')
+ req_state = req_mrouter.get('state')
+ req_interface = req_mrouter.get('name')
+ mrouter_interface = req_interface.replace("Eth", "ethernet ")
+ if curr_state == 'enabled' and req_state == 'disabled':
+ self._commands.append('vlan %d no ip igmp snooping mrouter interface '
+ '%s' % (self._required_config['vlan_id'], mrouter_interface))
+ elif curr_state == 'disabled' and req_state == 'enabled':
+ self._commands.append('vlan %d ip igmp snooping mrouter interface '
+ '%s' % (self._required_config['vlan_id'], mrouter_interface))
+ elif req_state == 'enabled' and curr_state == 'enabled' and req_interface != curr_interface:
+ self._commands.append('vlan %d ip igmp snooping mrouter interface '
+ '%s' % (self._required_config['vlan_id'], mrouter_interface))
+
+ def _generate_igmp_mrouter_cmds(self, req_mrouter):
+ curr_mrouter = self._current_config.get('mrouter')
+ if curr_mrouter != req_mrouter:
+ self._add_mrouter_commands(req_mrouter, curr_mrouter)
+
+ def _add_igmp_static_groups_cmd(self, req_name, req_multicast_ip_address, curr_names):
+ if curr_names is None:
+ self._commands.append('vlan %d ip igmp snooping static-group %s interface %s' % (
+ self._required_config['vlan_id'], req_multicast_ip_address, req_name.replace('Eth', 'ethernet ')))
+ elif req_name.replace('E', 'e') not in curr_names:
+ self._commands.append('vlan %d ip igmp snooping static-group %s interface %s' % (
+ self._required_config['vlan_id'], req_multicast_ip_address, req_name.replace('Eth', 'ethernet ')))
+
+ def _add_igmp_static_groups_sources_cmd(self, req_sources, req_name, req_multicast_ip_address, curr_sources):
+ if curr_sources is None:
+ for source in req_sources:
+ self._commands.append('vlan %d ip igmp snooping static-group %s interface %s source %s' % (
+ self._required_config['vlan_id'], req_multicast_ip_address, req_name.replace('Eth', 'ethernet '),
+ source))
+ else:
+ curr_sources = curr_sources.get(req_name.replace('E', 'e'))
+ if curr_sources is None:
+ curr_sources = set([])
+ else:
+ curr_sources = set(x.strip() for x in curr_sources.split(','))
+ sources_to_add = set(req_sources) - set(curr_sources)
+ sources_to_remove = set(curr_sources) - set(req_sources)
+ if len(sources_to_add) != 0:
+ for source in sources_to_add:
+ self._commands.append('vlan %d ip igmp snooping static-group %s interface %s source %s' % (
+ self._required_config['vlan_id'], req_multicast_ip_address,
+ req_name.replace('Eth', 'ethernet '), source))
+ if len(sources_to_remove) != 0:
+ for source in sources_to_remove:
+ self._commands.append('vlan %d no ip igmp snooping static-group %s interface %s source %s' % (
+ self._required_config['vlan_id'], req_multicast_ip_address,
+ req_name.replace('Eth', 'ethernet '),
+ source))
+
+ def _generate_igmp_static_groups_cmd(self, static_group):
+ req_multicast_ip_address = static_group.get('multicast_ip_address')
+ req_name = static_group.get('name')
+ req_sources = static_group.get('sources')
+ curr_static_groups = self._current_config.get('static_groups')
+ curr_static_group = curr_static_groups.get(req_multicast_ip_address)
+ curr_names = None
+ curr_sources = None
+ if curr_static_group is not None:
+ curr_names = curr_static_group.get('names')
+ curr_sources = curr_static_group.get('sources')
+
+ self._add_igmp_static_groups_cmd(req_name, req_multicast_ip_address, curr_names)
+ if req_sources is not None:
+ self._add_igmp_static_groups_sources_cmd(req_sources, req_name, req_multicast_ip_address, curr_sources)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxIgmpVlanModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_interface.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_interface.py
new file mode 100644
index 000000000..6926d24c1
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_interface.py
@@ -0,0 +1,497 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_interface
+author: "Samer Deeb (@samerd)"
+short_description: Manage Interfaces on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of Interfaces
+ on Mellanox ONYX network devices.
+notes:
+options:
+ name:
+ description:
+ - Name of the Interface.
+ required: true
+ description:
+ description:
+ - Description of Interface.
+ enabled:
+ description:
+ - Interface link status.
+ type: bool
+ speed:
+ description:
+ - Interface link speed.
+ choices: ['1G', '10G', '25G', '40G', '50G', '56G', '100G']
+ mtu:
+ description:
+ - Maximum size of transmit packet.
+ aggregate:
+ description: List of Interfaces definitions.
+ duplex:
+ description:
+ - Interface link status
+ default: auto
+ choices: ['full', 'half', 'auto']
+ tx_rate:
+ description:
+ - Transmit rate in bits per second (bps).
+ - This is state check parameter only.
+ - Supports conditionals, see L(Conditionals in Networking Modules,../network/user_guide/network_working_with_command_output.html)
+ rx_rate:
+ description:
+ - Receiver rate in bits per second (bps).
+ - This is state check parameter only.
+ - Supports conditionals, see L(Conditionals in Networking Modules,../network/user_guide/network_working_with_command_output.html)
+ delay:
+ description:
+ - Time in seconds to wait before checking for the operational state on
+ remote device. This wait is applicable for operational state argument
+ which are I(state) with values C(up)/C(down).
+ default: 10
+ purge:
+ description:
+ - Purge Interfaces not defined in the aggregate parameter.
+ This applies only for logical interface.
+ default: false
+ type: bool
+ state:
+ description:
+ - State of the Interface configuration, C(up) means present and
+ operationally up and C(down) means present and operationally C(down)
+ default: present
+ choices: ['present', 'absent', 'up', 'down']
+'''
+
+EXAMPLES = """
+- name: Configure interface
+ onyx_interface:
+ name: Eth1/2
+ description: test-interface
+ speed: 100G
+ mtu: 512
+
+- name: Make interface up
+ onyx_interface:
+ name: Eth1/2
+ enabled: True
+
+- name: Make interface down
+ onyx_interface:
+ name: Eth1/2
+ enabled: False
+
+- name: Check intent arguments
+ onyx_interface:
+ name: Eth1/2
+ state: up
+
+- name: Config + intent
+ onyx_interface:
+ name: Eth1/2
+ enabled: False
+ state: down
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface ethernet 1/2
+ - description test-interface
+ - mtu 512
+ - exit
+"""
+
+from copy import deepcopy
+import re
+from time import sleep
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import conditional
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import get_interfaces_config
+
+
+class OnyxInterfaceModule(BaseOnyxModule):
+ IF_ETH_REGEX = re.compile(r"^Eth(\d+\/\d+|\d+\/\d+\/\d+)$")
+ IF_VLAN_REGEX = re.compile(r"^Vlan (\d+)$")
+ IF_LOOPBACK_REGEX = re.compile(r"^Loopback (\d+)$")
+ IF_PO_REGEX = re.compile(r"^Po(\d+)$")
+
+ IF_TYPE_ETH = "ethernet"
+ IF_TYPE_LOOPBACK = "loopback"
+ IF_TYPE_VLAN = "vlan"
+ IF_TYPE_PO = "port-channel"
+
+ IF_TYPE_MAP = {
+ IF_TYPE_ETH: IF_ETH_REGEX,
+ IF_TYPE_VLAN: IF_VLAN_REGEX,
+ IF_TYPE_LOOPBACK: IF_LOOPBACK_REGEX,
+ IF_TYPE_PO: IF_PO_REGEX
+ }
+ UNSUPPORTED_ATTRS = {
+ IF_TYPE_ETH: (),
+ IF_TYPE_VLAN: ('speed', 'rx_rate', 'tx_rate'),
+ IF_TYPE_LOOPBACK: ('speed', 'mtu', 'rx_rate', 'tx_rate'),
+ IF_TYPE_PO: ('speed', 'rx_rate', 'tx_rate'),
+ }
+ UNSUPPORTED_STATES = {
+ IF_TYPE_ETH: ('absent',),
+ IF_TYPE_VLAN: (),
+ IF_TYPE_LOOPBACK: ('up', 'down'),
+ IF_TYPE_PO: ('absent'),
+ }
+
+ IF_MODIFIABLE_ATTRS = ('speed', 'description', 'mtu')
+ _interface_type = None
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ name=dict(type='str'),
+ description=dict(),
+ speed=dict(choices=['1G', '10G', '25G', '40G', '50G', '56G', '100G']),
+ mtu=dict(type='int'),
+ enabled=dict(type='bool'),
+ delay=dict(default=10, type='int'),
+ state=dict(default='present',
+ choices=['present', 'absent', 'up', 'down']),
+ tx_rate=dict(),
+ rx_rate=dict(),
+ )
+
+ @classmethod
+ def _get_aggregate_spec(cls, element_spec):
+ aggregate_spec = deepcopy(element_spec)
+ aggregate_spec['name'] = dict(required=True)
+
+ # remove default in aggregate spec, to handle common arguments
+ remove_default_spec(aggregate_spec)
+ return aggregate_spec
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ aggregate_spec = self._get_aggregate_spec(element_spec)
+ argument_spec = dict(
+ aggregate=dict(type='list', elements='dict',
+ options=aggregate_spec),
+ purge=dict(default=False, type='bool'),
+ )
+ argument_spec.update(element_spec)
+ required_one_of = [['name', 'aggregate']]
+ mutually_exclusive = [['name', 'aggregate']]
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ required_one_of=required_one_of,
+ mutually_exclusive=mutually_exclusive,
+ supports_check_mode=True)
+
+ def validate_purge(self, value):
+ if value:
+ self._module.fail_json(
+ msg='Purge is not supported!')
+
+ def validate_duplex(self, value):
+ if value != 'auto':
+ self._module.fail_json(
+ msg='Duplex is not supported!')
+
+ def _get_interface_type(self, if_name):
+ if_type = None
+ if_id = None
+ for interface_type, interface_regex in iteritems(self.IF_TYPE_MAP):
+ match = interface_regex.match(if_name)
+ if match:
+ if_type = interface_type
+ if_id = match.group(1)
+ break
+ return if_type, if_id
+
+ def _set_if_type(self, params):
+ if_name = params['name']
+ if_type, if_id = self._get_interface_type(if_name)
+ if not if_id:
+ self._module.fail_json(
+ msg='unsupported interface: %s' % if_name)
+ params['if_type'] = if_type
+ params['if_id'] = if_id
+
+ def _check_supported_attrs(self, if_obj):
+ unsupported_attrs = self.UNSUPPORTED_ATTRS[self._interface_type]
+ for attr in unsupported_attrs:
+ val = if_obj[attr]
+ if val is not None:
+ self._module.fail_json(
+ msg='attribute %s is not supported for %s interface' % (
+ attr, self._interface_type))
+ req_state = if_obj['state']
+ unsupported_states = self.UNSUPPORTED_STATES[self._interface_type]
+ if req_state in unsupported_states:
+ self._module.fail_json(
+ msg='%s state is not supported for %s interface' % (
+ req_state, self._interface_type))
+
+ def _validate_interface_type(self):
+ for if_obj in self._required_config:
+ if_type = if_obj['if_type']
+ if not self._interface_type:
+ self._interface_type = if_type
+ elif self._interface_type != if_type:
+ self._module.fail_json(
+ msg='Cannot aggregate interfaces from different types')
+ self._check_supported_attrs(if_obj)
+
+ def get_required_config(self):
+ self._required_config = list()
+ module_params = self._module.params
+ aggregate = module_params.get('aggregate')
+ if aggregate:
+ for item in aggregate:
+ for key in item:
+ if item.get(key) is None:
+ item[key] = module_params[key]
+
+ self.validate_param_values(item, item)
+ req_item = item.copy()
+ self._set_if_type(req_item)
+ self._required_config.append(req_item)
+ else:
+ params = {
+ 'name': module_params['name'],
+ 'description': module_params['description'],
+ 'speed': module_params['speed'],
+ 'mtu': module_params['mtu'],
+ 'state': module_params['state'],
+ 'delay': module_params['delay'],
+ 'enabled': module_params['enabled'],
+ 'tx_rate': module_params['tx_rate'],
+ 'rx_rate': module_params['rx_rate'],
+ }
+
+ self.validate_param_values(params)
+ self._set_if_type(params)
+ self._required_config.append(params)
+ self._validate_interface_type()
+
+ @classmethod
+ def get_if_name(cls, item):
+ return cls.get_config_attr(item, "header")
+
+ @classmethod
+ def get_admin_state(cls, item):
+ admin_state = cls.get_config_attr(item, "Admin state")
+ return str(admin_state).lower() == "enabled"
+
+ @classmethod
+ def get_oper_state(cls, item):
+ oper_state = cls.get_config_attr(item, "Operational state")
+ if not oper_state:
+ oper_state = cls.get_config_attr(item, "State")
+ return str(oper_state).lower()
+
+ @classmethod
+ def get_speed(cls, item):
+ speed = cls.get_config_attr(item, 'Actual speed')
+ if not speed:
+ return
+ try:
+ speed = int(speed.split()[0])
+ return "%dG" % speed
+ except ValueError:
+ return None
+
+ def _create_if_data(self, name, item):
+ regex = self.IF_TYPE_MAP[self._interface_type]
+ if_id = ''
+ match = regex.match(name)
+ if match:
+ if_id = match.group(1)
+ return dict(
+ name=name,
+ description=self.get_config_attr(item, 'Description'),
+ speed=self.get_speed(item),
+ mtu=self.get_mtu(item),
+ enabled=self.get_admin_state(item),
+ state=self.get_oper_state(item),
+ if_id=if_id)
+
+ def _get_interfaces_config(self):
+ return get_interfaces_config(self._module, self._interface_type)
+
+ def load_current_config(self):
+ self._os_version = self._get_os_version()
+ self._current_config = dict()
+ config = self._get_interfaces_config()
+ if not config:
+ return
+ if self._os_version < self.ONYX_API_VERSION:
+ for if_data in config:
+ if_name = self.get_if_name(if_data)
+ self._current_config[if_name] = self._create_if_data(
+ if_name, if_data)
+ else:
+ if_data = dict()
+ for if_config in config:
+ for if_name, if_attr in iteritems(if_config):
+ for config in if_attr:
+ for key, value in iteritems(config):
+ if_data[key] = value
+ self._current_config[if_name] = self._create_if_data(
+ if_name, if_data)
+
+ def _generate_no_if_commands(self, req_if, curr_if):
+ if self._interface_type == self.IF_TYPE_ETH:
+ name = req_if['name']
+ self._module.fail_json(
+ msg='cannot remove ethernet interface %s' % name)
+ if not curr_if:
+ return
+ if_id = req_if['if_id']
+ if not if_id:
+ return
+ self._commands.append(
+ 'no interface %s %s' % (self._interface_type, if_id))
+
+ def _add_commands_to_interface(self, req_if, cmd_list):
+ if not cmd_list:
+ return
+ if_id = req_if['if_id']
+ if not if_id:
+ return
+ self._commands.append(
+ 'interface %s %s' % (self._interface_type, if_id))
+ self._commands.extend(cmd_list)
+ self._commands.append('exit')
+
+ def _generate_if_commands(self, req_if, curr_if):
+ enabled = req_if['enabled']
+ cmd_list = []
+ for attr_name in self.IF_MODIFIABLE_ATTRS:
+ candidate = req_if.get(attr_name)
+ running = curr_if.get(attr_name)
+ if candidate != running:
+ if candidate:
+ cmd = attr_name + ' ' + str(candidate)
+ if self._interface_type == self.IF_TYPE_ETH and \
+ attr_name in ('mtu', 'speed'):
+ cmd = cmd + ' ' + 'force'
+ cmd_list.append(cmd)
+ curr_enabled = curr_if.get('enabled', False)
+ if enabled is not None and enabled != curr_enabled:
+ cmd = 'shutdown'
+ if enabled:
+ cmd = "no %s" % cmd
+ cmd_list.append(cmd)
+ if cmd_list:
+ self._add_commands_to_interface(req_if, cmd_list)
+
+ def generate_commands(self):
+ for req_if in self._required_config:
+ name = req_if['name']
+ curr_if = self._current_config.get(name, {})
+ if not curr_if and self._interface_type == self.IF_TYPE_ETH:
+ self._module.fail_json(
+ msg='could not find ethernet interface %s' % name)
+ continue
+ req_state = req_if['state']
+ if req_state == 'absent':
+ self._generate_no_if_commands(req_if, curr_if)
+ else:
+ self._generate_if_commands(req_if, curr_if)
+
+ def _get_interfaces_rates(self):
+ return get_interfaces_config(self._module, self._interface_type,
+ "rates")
+
+ def _get_interfaces_status(self):
+ return get_interfaces_config(self._module, self._interface_type,
+ "status")
+
+ def _check_state(self, name, want_state, statuses):
+ curr_if = statuses.get(name, {})
+ if curr_if:
+ curr_if = curr_if[0]
+ curr_state = self.get_oper_state(curr_if).strip()
+ if curr_state is None or not conditional(want_state, curr_state):
+ return 'state eq(%s)' % want_state
+
+ def check_declarative_intent_params(self, result):
+ failed_conditions = []
+ delay_called = False
+ rates = None
+ statuses = None
+ for req_if in self._required_config:
+ want_state = req_if.get('state')
+ want_tx_rate = req_if.get('tx_rate')
+ want_rx_rate = req_if.get('rx_rate')
+ name = req_if['name']
+ if want_state not in ('up', 'down') and not want_tx_rate and not \
+ want_rx_rate:
+ continue
+ if not delay_called and result['changed']:
+ delay_called = True
+ delay = req_if['delay']
+ if delay > 0:
+ sleep(delay)
+ if want_state in ('up', 'down'):
+ if statuses is None:
+ statuses = self._get_interfaces_status() or {}
+ cond = self._check_state(name, want_state, statuses)
+ if cond:
+ failed_conditions.append(cond)
+ if_rates = None
+ if want_tx_rate or want_rx_rate:
+ if not rates:
+ rates = self._get_interfaces_rates()
+ if_rates = rates.get(name)
+ if if_rates:
+ if_rates = if_rates[0]
+ if want_tx_rate:
+ have_tx_rate = None
+ if if_rates:
+ have_tx_rate = if_rates.get('egress rate')
+ if have_tx_rate:
+ have_tx_rate = have_tx_rate.split()[0]
+ if have_tx_rate is None or not \
+ conditional(want_tx_rate, have_tx_rate.strip(),
+ cast=int):
+ failed_conditions.append('tx_rate ' + want_tx_rate)
+
+ if want_rx_rate:
+ have_rx_rate = None
+ if if_rates:
+ have_rx_rate = if_rates.get('ingress rate')
+ if have_rx_rate:
+ have_rx_rate = have_rx_rate.split()[0]
+ if have_rx_rate is None or not \
+ conditional(want_rx_rate, have_rx_rate.strip(),
+ cast=int):
+ failed_conditions.append('rx_rate ' + want_rx_rate)
+
+ return failed_conditions
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxInterfaceModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_l2_interface.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_l2_interface.py
new file mode 100644
index 000000000..8dc43ef5d
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_l2_interface.py
@@ -0,0 +1,294 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_l2_interface
+author: "Samer Deeb (@samerd)"
+short_description: Manage Layer-2 interface on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of Layer-2 interface
+ on Mellanox ONYX network devices.
+options:
+ name:
+ description:
+ - Name of the interface.
+ aggregate:
+ description:
+ - List of Layer-2 interface definitions.
+ mode:
+ description:
+ - Mode in which interface needs to be configured.
+ default: access
+ choices: ['access', 'trunk', 'hybrid']
+ access_vlan:
+ description:
+ - Configure given VLAN in access port.
+ trunk_allowed_vlans:
+ description:
+ - List of allowed VLANs in a given trunk port.
+ state:
+ description:
+ - State of the Layer-2 Interface configuration.
+ default: present
+ choices: ['present', 'absent']
+'''
+
+EXAMPLES = """
+- name: Configure Layer-2 interface
+ onyx_l2_interface:
+ name: Eth1/1
+ mode: access
+ access_vlan: 30
+- name: Remove Layer-2 interface configuration
+ onyx_l2_interface:
+ name: Eth1/1
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - interface ethernet 1/1
+ - switchport mode access
+ - switchport access vlan 30
+"""
+from copy import deepcopy
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import get_interfaces_config
+
+
+class OnyxL2InterfaceModule(BaseOnyxModule):
+ IFNAME_REGEX = re.compile(r"^.*(Eth\d+\/\d+|Mpo\d+|Po\d+)")
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ name=dict(),
+ access_vlan=dict(type='int'),
+ trunk_allowed_vlans=dict(type='list', elements='int'),
+ state=dict(default='present',
+ choices=['present', 'absent']),
+ mode=dict(default='access',
+ choices=['access', 'hybrid', 'trunk']),
+ )
+
+ @classmethod
+ def _get_aggregate_spec(cls, element_spec):
+ aggregate_spec = deepcopy(element_spec)
+ aggregate_spec['name'] = dict(required=True)
+
+ # remove default in aggregate spec, to handle common arguments
+ remove_default_spec(aggregate_spec)
+ return aggregate_spec
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ aggregate_spec = self._get_aggregate_spec(element_spec)
+ argument_spec = dict(
+ aggregate=dict(type='list', elements='dict',
+ options=aggregate_spec),
+ )
+ argument_spec.update(element_spec)
+ required_one_of = [['name', 'aggregate']]
+ mutually_exclusive = [['name', 'aggregate']]
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ required_one_of=required_one_of,
+ mutually_exclusive=mutually_exclusive,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ self._required_config = list()
+ module_params = self._module.params
+ aggregate = module_params.get('aggregate')
+ if aggregate:
+ for item in aggregate:
+ for key in item:
+ if item.get(key) is None:
+ item[key] = module_params[key]
+ self.validate_param_values(item, item)
+ req_item = item.copy()
+ self._required_config.append(req_item)
+ else:
+ params = {
+ 'name': module_params['name'],
+ 'access_vlan': module_params['access_vlan'],
+ 'trunk_allowed_vlans': module_params['trunk_allowed_vlans'],
+ 'mode': module_params['mode'],
+ 'state': module_params['state'],
+ }
+ self.validate_param_values(params)
+ self._required_config.append(params)
+
+ def validate_access_vlan(self, value):
+ if value and not 1 <= int(value) <= 4094:
+ self._module.fail_json(msg='vlan id must be between 1 and 4094')
+
+ @classmethod
+ def get_allowed_vlans(cls, if_data):
+ allowed_vlans = cls.get_config_attr(if_data, 'Allowed vlans')
+ interface_allwoed_vlans = []
+ if allowed_vlans:
+ vlans = [x.strip() for x in allowed_vlans.split(',')]
+ for vlan in vlans:
+ if '-' not in vlan:
+ interface_allwoed_vlans.append(int(vlan))
+ else:
+ vlan_range = vlan.split("-")
+ min_number = int(vlan_range[0].strip())
+ max_number = int(vlan_range[1].strip())
+ vlan_list = range(min_number, max_number + 1)
+ interface_allwoed_vlans.extend(vlan_list)
+ return interface_allwoed_vlans
+
+ @classmethod
+ def get_access_vlan(cls, if_data):
+ access_vlan = cls.get_config_attr(if_data, 'Access vlan')
+ if access_vlan:
+ try:
+ return int(access_vlan)
+ except ValueError:
+ return None
+
+ def _create_switchport_data(self, if_name, if_data):
+ if self._os_version >= self.ONYX_API_VERSION:
+ if_data = if_data[0]
+
+ return {
+ 'name': if_name,
+ 'mode': self.get_config_attr(if_data, 'Mode'),
+ 'access_vlan': self.get_access_vlan(if_data),
+ 'trunk_allowed_vlans': self.get_allowed_vlans(if_data)
+ }
+
+ def _get_switchport_config(self):
+ return get_interfaces_config(self._module, 'switchport')
+
+ def load_current_config(self):
+ # called in base class in run function
+ self._os_version = self._get_os_version()
+ self._current_config = dict()
+ switchports_config = self._get_switchport_config()
+ if not switchports_config:
+ return
+ for if_name, if_data in iteritems(switchports_config):
+ self._current_config[if_name] = \
+ self._create_switchport_data(if_name, if_data)
+
+ def _get_switchport_command_name(self, if_name):
+ if if_name.startswith('Eth'):
+ return if_name.replace("Eth", "ethernet ")
+ if if_name.startswith('Po'):
+ return if_name.replace("Po", "port-channel ")
+ if if_name.startswith('Mpo'):
+ return if_name.replace("Mpo", "mlag-port-channel ")
+ self._module.fail_json(
+ msg='invalid interface name: %s' % if_name)
+
+ def _add_interface_commands(self, if_name, commands):
+ if_cmd_name = self._get_switchport_command_name(if_name)
+ self._commands.append("interface %s" % if_cmd_name)
+ self._commands.extend(commands)
+ self._commands.append('exit')
+
+ def _generate_no_switchport_commands(self, if_name):
+ commands = ['no switchport force']
+ self._add_interface_commands(if_name, commands)
+
+ def _generate_switchport_commands(self, if_name, req_conf):
+ commands = []
+ curr_conf = self._current_config.get(if_name, {})
+ curr_mode = curr_conf.get('mode')
+ req_mode = req_conf.get('mode')
+ if req_mode != curr_mode:
+ commands.append('switchport mode %s' % req_mode)
+ curr_access_vlan = curr_conf.get('access_vlan')
+ req_access_vlan = req_conf.get('access_vlan')
+ if curr_access_vlan != req_access_vlan and req_access_vlan:
+ commands.append('switchport access vlan %s' % req_access_vlan)
+ curr_trunk_vlans = curr_conf.get('trunk_allowed_vlans') or set()
+ if curr_trunk_vlans:
+ curr_trunk_vlans = set(curr_trunk_vlans)
+ req_trunk_vlans = req_conf.get('trunk_allowed_vlans') or set()
+ if req_trunk_vlans:
+ req_trunk_vlans = set(req_trunk_vlans)
+ if req_mode != 'access' and curr_trunk_vlans != req_trunk_vlans:
+ added_vlans = req_trunk_vlans - curr_trunk_vlans
+ for vlan_id in added_vlans:
+ commands.append('switchport %s allowed-vlan add %s' %
+ (req_mode, vlan_id))
+ removed_vlans = curr_trunk_vlans - req_trunk_vlans
+ for vlan_id in removed_vlans:
+ commands.append('switchport %s allowed-vlan remove %s' %
+ (req_mode, vlan_id))
+
+ if commands:
+ self._add_interface_commands(if_name, commands)
+
+ def generate_commands(self):
+ for req_conf in self._required_config:
+ state = req_conf['state']
+ if_name = req_conf['name']
+ if state == 'absent':
+ if if_name in self._current_config:
+ self._generate_no_switchport_commands(if_name)
+ else:
+ self._generate_switchport_commands(if_name, req_conf)
+
+ def _generate_vlan_commands(self, vlan_id, req_conf):
+ curr_vlan = self._current_config.get(vlan_id, {})
+ if not curr_vlan:
+ cmd = "vlan " + vlan_id
+ self._commands.append("vlan %s" % vlan_id)
+ self._commands.append("exit")
+ vlan_name = req_conf['vlan_name']
+ if vlan_name:
+ if vlan_name != curr_vlan.get('vlan_name'):
+ self._commands.append("vlan %s name %s" % (vlan_id, vlan_name))
+ curr_members = set(curr_vlan.get('interfaces', []))
+ req_members = req_conf['interfaces']
+ mode = req_conf['mode']
+ for member in req_members:
+ if member in curr_members:
+ continue
+ if_name = self.get_switchport_command_name(member)
+ cmd = "interface %s switchport mode %s" % (if_name, mode)
+ self._commands.append(cmd)
+ cmd = "interface %s switchport %s allowed-vlan add %s" % (
+ if_name, mode, vlan_id)
+ self._commands.append(cmd)
+ req_members = set(req_members)
+ for member in curr_members:
+ if member in req_members:
+ continue
+ if_name = self.get_switchport_command_name(member)
+ cmd = "interface %s switchport %s allowed-vlan remove %s" % (
+ if_name, mode, vlan_id)
+ self._commands.append(cmd)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxL2InterfaceModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_l3_interface.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_l3_interface.py
new file mode 100644
index 000000000..c28c84fcb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_l3_interface.py
@@ -0,0 +1,297 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_l3_interface
+author: "Samer Deeb (@samerd)"
+short_description: Manage L3 interfaces on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of L3 interfaces
+ on Mellanox ONYX network devices.
+options:
+ name:
+ description:
+ - Name of the L3 interface.
+ ipv4:
+ description:
+ - IPv4 of the L3 interface.
+ ipv6:
+ description:
+ - IPv6 of the L3 interface (not supported for now).
+ aggregate:
+ description: List of L3 interfaces definitions
+ purge:
+ description:
+ - Purge L3 interfaces not defined in the I(aggregate) parameter.
+ default: false
+ type: bool
+ state:
+ description:
+ - State of the L3 interface configuration.
+ default: present
+ choices: ['present', 'absent']
+'''
+
+EXAMPLES = """
+- name: Set Eth1/1 IPv4 address
+ onyx_l3_interface:
+ name: Eth1/1
+ ipv4: 192.168.0.1/24
+
+- name: Remove Eth1/1 IPv4 address
+ onyx_l3_interface:
+ name: Eth1/1
+ state: absent
+
+- name: Set IP addresses on aggregate
+ onyx_l3_interface:
+ aggregate:
+ - { name: Eth1/1, ipv4: 192.168.2.10/24 }
+ - { name: Eth1/2, ipv4: 192.168.3.10/24 }
+
+- name: Remove IP addresses on aggregate
+ onyx_l3_interface:
+ aggregate:
+ - { name: Eth1/1, ipv4: 192.168.2.10/24 }
+ - { name: Eth1/2, ipv4: 192.168.3.10/24 }
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - interfaces ethernet 1/1 ip address 192.168.0.1 /24
+"""
+import re
+from copy import deepcopy
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import get_interfaces_config
+
+
+class OnyxL3InterfaceModule(BaseOnyxModule):
+ IF_ETH_REGEX = re.compile(r"^Eth(\d+\/\d+|Eth\d+\/\d+\d+)$")
+ IF_VLAN_REGEX = re.compile(r"^Vlan (\d+)$")
+ IF_LOOPBACK_REGEX = re.compile(r"^Loopback (\d+)$")
+
+ IF_TYPE_ETH = "ethernet"
+ IF_TYPE_LOOPBACK = "loopback"
+ IF_TYPE_VLAN = "vlan"
+
+ IF_TYPE_MAP = {
+ IF_TYPE_ETH: IF_ETH_REGEX,
+ IF_TYPE_VLAN: IF_VLAN_REGEX,
+ IF_TYPE_LOOPBACK: IF_LOOPBACK_REGEX,
+ }
+
+ IP_ADDR_ATTR_MAP = {
+ IF_TYPE_ETH: 'IP Address',
+ IF_TYPE_VLAN: 'Internet Address',
+ IF_TYPE_LOOPBACK: 'Internet Address',
+ }
+
+ _purge = False
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ name=dict(type='str'),
+ ipv4=dict(type='str'),
+ ipv6=dict(type='str'),
+ state=dict(default='present',
+ choices=['present', 'absent', 'enabled', 'disabled']),
+ )
+
+ @classmethod
+ def _get_aggregate_spec(cls, element_spec):
+ aggregate_spec = deepcopy(element_spec)
+ aggregate_spec['name'] = dict(required=True)
+
+ # remove default in aggregate spec, to handle common arguments
+ remove_default_spec(aggregate_spec)
+ return aggregate_spec
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ aggregate_spec = self._get_aggregate_spec(element_spec)
+ argument_spec = dict(
+ aggregate=dict(type='list', elements='dict',
+ options=aggregate_spec),
+ purge=dict(default=False, type='bool'),
+ )
+ argument_spec.update(element_spec)
+ required_one_of = [['name', 'aggregate']]
+ mutually_exclusive = [['name', 'aggregate']]
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ required_one_of=required_one_of,
+ mutually_exclusive=mutually_exclusive,
+ supports_check_mode=True)
+
+ def _get_interface_type(self, if_name):
+ if_type = None
+ if_id = None
+ for interface_type, interface_regex in iteritems(self.IF_TYPE_MAP):
+ match = interface_regex.match(if_name)
+ if match:
+ if_type = interface_type
+ if_id = match.group(1)
+ break
+ return if_type, if_id
+
+ def _set_if_type(self, params):
+ if_name = params['name']
+ if_type, if_id = self._get_interface_type(if_name)
+ if not if_id:
+ self._module.fail_json(
+ msg='unsupported interface: %s' % if_name)
+ params['if_type'] = if_type
+ params['if_id'] = if_id
+
+ def get_required_config(self):
+ self._required_config = list()
+ module_params = self._module.params
+ aggregate = module_params.get('aggregate')
+ self._purge = module_params.get('purge', False)
+ if aggregate:
+ for item in aggregate:
+ for key in item:
+ if item.get(key) is None:
+ item[key] = module_params[key]
+ self.validate_param_values(item, item)
+ req_item = item.copy()
+ self._set_if_type(req_item)
+ self._required_config.append(req_item)
+ else:
+ params = {
+ 'name': module_params['name'],
+ 'ipv4': module_params['ipv4'],
+ 'ipv6': module_params['ipv6'],
+ 'state': module_params['state'],
+ }
+ self.validate_param_values(params)
+ self._set_if_type(params)
+ self._required_config.append(params)
+
+ def _get_interfaces_config(self, interface_type):
+ return get_interfaces_config(self._module, interface_type)
+
+ def _parse_interfaces_config(self, if_type, if_config):
+ if self._os_version < self.ONYX_API_VERSION:
+ for if_data in if_config:
+ if_name = self.get_config_attr(if_data, 'header')
+ self._get_if_attributes(if_type, if_name, if_data)
+ else:
+ for if_config_item in if_config:
+ for if_name, if_data in iteritems(if_config_item):
+ if_data = if_data[0]
+ self._get_if_attributes(if_type, if_name, if_data)
+
+ def _get_if_attributes(self, if_type, if_name, if_data):
+ ipaddr_attr = self.IP_ADDR_ATTR_MAP[if_type]
+ regex = self.IF_TYPE_MAP[if_type]
+ match = regex.match(if_name)
+ if not match:
+ return
+ ipv4 = self.get_config_attr(if_data, ipaddr_attr)
+ if ipv4:
+ ipv4 = ipv4.replace(' ', '')
+ ipv6 = self.get_config_attr(if_data, 'IPv6 address(es)')
+ if ipv6:
+ ipv6 = ipv6.replace('[primary]', '')
+ ipv6 = ipv6.strip()
+ if_id = match.group(1)
+ switchport = self.get_config_attr(if_data, 'Switchport mode')
+ if_obj = {
+ 'name': if_name,
+ 'if_id': if_id,
+ 'if_type': if_type,
+ 'ipv4': ipv4,
+ 'ipv6': ipv6,
+ 'switchport': switchport,
+ }
+ self._current_config[if_name] = if_obj
+
+ def load_current_config(self):
+ # called in base class in run function
+ self._os_version = self._get_os_version()
+ self._current_config = dict()
+ if_types = set([if_obj['if_type'] for if_obj in self._required_config])
+ for if_type in if_types:
+ if_config = self._get_interfaces_config(if_type)
+ if not if_config:
+ continue
+ self._parse_interfaces_config(if_type, if_config)
+
+ def _generate_no_ip_commands(self, req_conf, curr_conf):
+ curr_ip = curr_conf.get('ipv4')
+ if_type = req_conf['if_type']
+ if_id = req_conf['if_id']
+ if curr_ip:
+ cmd = "interface %s %s no ip address" % (if_type, if_id)
+ self._commands.append(cmd)
+ curr_ipv6 = curr_conf.get('ipv6')
+ if curr_ipv6:
+ cmd = "interface %s %s no ipv6 address %s" % (
+ if_type, if_id, curr_ipv6)
+ self._commands.append(cmd)
+
+ def _generate_ip_commands(self, req_conf, curr_conf):
+ curr_ipv4 = curr_conf.get('ipv4')
+ req_ipv4 = req_conf.get('ipv4')
+ curr_ipv6 = curr_conf.get('ipv6')
+ req_ipv6 = req_conf.get('ipv6')
+ if_type = req_conf['if_type']
+ if_id = req_conf['if_id']
+ switchport = curr_conf.get('switchport')
+ if switchport:
+ cmd = "interface %s %s no switchport force" % (if_type, if_id)
+ self._commands.append(cmd)
+ if curr_ipv4 != req_ipv4:
+ cmd = "interface %s %s ip address %s" % (if_type, if_id, req_ipv4)
+ self._commands.append(cmd)
+ if curr_ipv6 != req_ipv6:
+ cmd = "interface %s %s ipv6 address %s" % (
+ if_type, if_id, req_ipv6)
+ self._commands.append(cmd)
+
+ def generate_commands(self):
+ req_interfaces = set()
+ for req_conf in self._required_config:
+ state = req_conf['state']
+ if_name = req_conf['name']
+ curr_conf = self._current_config.get(if_name, {})
+ if state == 'absent':
+ self._generate_no_ip_commands(req_conf, curr_conf)
+ else:
+ req_interfaces.add(if_name)
+ self._generate_ip_commands(req_conf, curr_conf)
+ if self._purge:
+ for if_name, curr_conf in iteritems(self._current_config):
+ if if_name not in req_interfaces:
+ self._generate_no_ip_commands(req_conf, curr_conf)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxL3InterfaceModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_linkagg.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_linkagg.py
new file mode 100644
index 000000000..7ed02a7ec
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_linkagg.py
@@ -0,0 +1,349 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_linkagg
+author: "Samer Deeb (@samerd)"
+short_description: Manage link aggregation groups on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of link aggregation groups
+ on Mellanox ONYX network devices.
+options:
+ name:
+ description:
+ - Name of the link aggregation group.
+ required: true
+ mode:
+ description:
+ - Mode of the link aggregation group. A value of C(on) will enable LACP.
+ C(active) configures the link to actively information about the state of the link,
+ or it can be configured in C(passive) mode ie. send link state information only when
+ received them from another link.
+ default: on
+ choices: ['on', 'active', 'passive']
+ members:
+ description:
+ - List of members interfaces of the link aggregation group. The value can be
+ single interface or list of interfaces.
+ required: true
+ aggregate:
+ description: List of link aggregation definitions.
+ purge:
+ description:
+ - Purge link aggregation groups not defined in the I(aggregate) parameter.
+ default: false
+ type: bool
+ state:
+ description:
+ - State of the link aggregation group.
+ default: present
+ choices: ['present', 'absent', 'up', 'down']
+'''
+
+EXAMPLES = """
+- name: Configure link aggregation group
+ onyx_linkagg:
+ name: Po1
+ members:
+ - Eth1/1
+ - Eth1/2
+
+- name: Remove configuration
+ onyx_linkagg:
+ name: Po1
+ state: absent
+
+- name: Create aggregate of linkagg definitions
+ onyx_linkagg:
+ aggregate:
+ - { name: Po1, members: [Eth1/1] }
+ - { name: Po2, members: [Eth1/2] }
+
+- name: Remove aggregate of linkagg definitions
+ onyx_linkagg:
+ aggregate:
+ - name: Po1
+ - name: Po2
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - interface port-channel 1
+ - exit
+ - interface ethernet 1/1 channel-group 1 mode on
+ - interface ethernet 1/2 channel-group 1 mode on
+"""
+
+import re
+from copy import deepcopy
+
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import get_interfaces_config
+
+
+class OnyxLinkAggModule(BaseOnyxModule):
+ LAG_ID_REGEX = re.compile(r"^\d+ (Po\d+|Mpo\d+)\(([A-Z])\)$")
+ LAG_NAME_REGEX = re.compile(r"^(Po|Mpo)(\d+)$")
+ IF_NAME_REGEX = re.compile(r"^(Eth\d+\/\d+|Eth\d+\/\d+\/\d+)(.*)$")
+ PORT_CHANNEL = 'port-channel'
+ CHANNEL_GROUP = 'channel-group'
+ MLAG_PORT_CHANNEL = 'mlag-port-channel'
+ MLAG_CHANNEL_GROUP = 'mlag-channel-group'
+ MLAG_SUMMARY = 'MLAG Port-Channel Summary'
+
+ LAG_TYPE = 'lag'
+ MLAG_TYPE = 'mlag'
+
+ IF_TYPE_MAP = dict(
+ lag=PORT_CHANNEL,
+ mlag=MLAG_PORT_CHANNEL
+ )
+
+ _purge = False
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ name=dict(type='str'),
+ members=dict(type='list'),
+ mode=dict(default='on', choices=['active', 'on', 'passive']),
+ state=dict(default='present', choices=['present', 'absent']),
+ )
+
+ @classmethod
+ def _get_aggregate_spec(cls, element_spec):
+ aggregate_spec = deepcopy(element_spec)
+ aggregate_spec['name'] = dict(required=True)
+
+ # remove default in aggregate spec, to handle common arguments
+ remove_default_spec(aggregate_spec)
+ return aggregate_spec
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ aggregate_spec = self._get_aggregate_spec(element_spec)
+ argument_spec = dict(
+ aggregate=dict(type='list', elements='dict',
+ options=aggregate_spec),
+ purge=dict(default=False, type='bool'),
+ )
+ argument_spec.update(element_spec)
+ required_one_of = [['name', 'aggregate']]
+ mutually_exclusive = [['name', 'aggregate']]
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ required_one_of=required_one_of,
+ mutually_exclusive=mutually_exclusive,
+ supports_check_mode=True)
+
+ def _get_lag_type(self, lag_name):
+ match = self.LAG_NAME_REGEX.match(lag_name)
+ if match:
+ prefix = match.group(1)
+ if prefix == "Po":
+ return self.LAG_TYPE
+ return self.MLAG_TYPE
+ self._module.fail_json(
+ msg='invalid lag name: %s, lag name should start with Po or '
+ 'Mpo' % lag_name)
+
+ def get_required_config(self):
+ self._required_config = list()
+ module_params = self._module.params
+ aggregate = module_params.get('aggregate')
+ self._purge = module_params.get('purge', False)
+ if aggregate:
+ for item in aggregate:
+ for key in item:
+ if item.get(key) is None:
+ item[key] = module_params[key]
+ self.validate_param_values(item, item)
+ req_item = item.copy()
+ req_item['type'] = self._get_lag_type(req_item['name'])
+ self._required_config.append(req_item)
+ else:
+ params = {
+ 'name': module_params['name'],
+ 'state': module_params['state'],
+ 'members': module_params['members'],
+ 'mode': module_params['mode'],
+ 'type': self._get_lag_type(module_params['name']),
+ }
+ self.validate_param_values(params)
+ self._required_config.append(params)
+
+ @classmethod
+ def _extract_lag_name(cls, header):
+ match = cls.LAG_ID_REGEX.match(header)
+ state = None
+ lag_name = None
+ if match:
+ state = 'up' if match.group(2) == 'U' else 'down'
+ lag_name = match.group(1)
+ return lag_name, state
+
+ @classmethod
+ def _extract_if_name(cls, member):
+ match = cls.IF_NAME_REGEX.match(member)
+ if match:
+ return match.group(1)
+
+ @classmethod
+ def _extract_lag_members(cls, lag_type, lag_item):
+ members = ""
+ if lag_type == cls.LAG_TYPE:
+ members = cls.get_config_attr(lag_item, "Member Ports")
+ else:
+ for attr_name, attr_val in iteritems(lag_item):
+ if attr_name.startswith('Local Ports'):
+ members = attr_val
+ return [cls._extract_if_name(member) for member in members.split()]
+
+ def _get_port_channels(self, if_type):
+ return get_interfaces_config(self._module, if_type, flags="summary")
+
+ def _parse_port_channels_summary(self, lag_type, lag_summary):
+ if lag_type == self.MLAG_TYPE:
+ if self._os_version >= self.ONYX_API_VERSION:
+ found_summary = False
+ for summary_item in lag_summary:
+ if self.MLAG_SUMMARY in summary_item:
+ lag_summary = summary_item[self.MLAG_SUMMARY]
+ if lag_summary:
+ lag_summary = lag_summary[0]
+ else:
+ lag_summary = dict()
+ found_summary = True
+ break
+ if not found_summary:
+ lag_summary = dict()
+ else:
+ lag_summary = lag_summary.get(self.MLAG_SUMMARY, dict())
+ for lag_key, lag_data in iteritems(lag_summary):
+ lag_name, state = self._extract_lag_name(lag_key)
+ if not lag_name:
+ continue
+ lag_members = self._extract_lag_members(lag_type, lag_data[0])
+ lag_obj = dict(
+ name=lag_name,
+ state=state,
+ members=lag_members
+ )
+ self._current_config[lag_name] = lag_obj
+
+ def load_current_config(self):
+ self._current_config = dict()
+ self._os_version = self._get_os_version()
+ lag_types = set([lag_obj['type'] for lag_obj in self._required_config])
+ for lag_type in lag_types:
+ if_type = self.IF_TYPE_MAP[lag_type]
+ lag_summary = self._get_port_channels(if_type)
+ if lag_summary:
+ self._parse_port_channels_summary(lag_type, lag_summary)
+
+ def _get_interface_command_suffix(self, if_name):
+ if if_name.startswith('Eth'):
+ return if_name.replace("Eth", "ethernet ")
+ if if_name.startswith('Po'):
+ return if_name.replace("Po", "port-channel ")
+ if if_name.startswith('Mpo'):
+ return if_name.replace("Mpo", "mlag-port-channel ")
+ self._module.fail_json(
+ msg='invalid interface name: %s' % if_name)
+
+ def _get_channel_group(self, if_name):
+ if if_name.startswith('Po'):
+ return if_name.replace("Po", "channel-group ")
+ if if_name.startswith('Mpo'):
+ return if_name.replace("Mpo", "mlag-channel-group ")
+ self._module.fail_json(
+ msg='invalid interface name: %s' % if_name)
+
+ def _generate_no_linkagg_commands(self, lag_name):
+ suffix = self._get_interface_command_suffix(lag_name)
+ command = 'no interface %s' % suffix
+ self._commands.append(command)
+
+ def _generate_linkagg_commands(self, lag_name, req_lag):
+ curr_lag = self._current_config.get(lag_name, {})
+ if not curr_lag:
+ suffix = self._get_interface_command_suffix(lag_name)
+ self._commands.append("interface %s" % suffix)
+ self._commands.append("exit")
+ curr_members = set(curr_lag.get('members', []))
+ req_members = set(req_lag.get('members') or [])
+
+ lag_mode = req_lag['mode']
+ if req_members != curr_members:
+ channel_group = self._get_channel_group(lag_name)
+ channel_group_type = channel_group.split()[0]
+ for member in req_members:
+ if member in curr_members:
+ continue
+ suffix = self._get_interface_command_suffix(member)
+ self._commands.append(
+ "interface %s %s mode %s" %
+ (suffix, channel_group, lag_mode))
+ for member in curr_members:
+ if member in req_members:
+ continue
+ suffix = self._get_interface_command_suffix(member)
+ self._commands.append(
+ "interface %s no %s" % (suffix, channel_group_type))
+ req_state = req_lag.get('state')
+ if req_state in ('up', 'down'):
+ curr_state = curr_lag.get('state')
+ if curr_state != req_state:
+ suffix = self._get_interface_command_suffix(lag_name)
+ cmd = "interface %s " % suffix
+ if req_state == 'up':
+ cmd += 'no shutdown'
+ else:
+ cmd += 'shutdown'
+ self._commands.append(cmd)
+
+ def generate_commands(self):
+ req_lags = set()
+ for req_conf in self._required_config:
+ state = req_conf['state']
+ lag_name = req_conf['name']
+ if state == 'absent':
+ if lag_name in self._current_config:
+ self._generate_no_linkagg_commands(lag_name)
+ else:
+ req_lags.add(lag_name)
+ self._generate_linkagg_commands(lag_name, req_conf)
+ if self._purge:
+ for lag_name in self._current_config:
+ if lag_name not in req_lags:
+ self._generate_no_linkagg_commands(lag_name)
+
+ def check_declarative_intent_params(self, result):
+ pass
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxLinkAggModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp.py
new file mode 100644
index 000000000..c7f6fe882
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp.py
@@ -0,0 +1,112 @@
+#!/usr/bin/python
+
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_lldp
+author: "Samer Deeb (@samerd)"
+short_description: Manage LLDP configuration on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of LLDP service configuration
+ on Mellanox ONYX network devices.
+options:
+ state:
+ description:
+ - State of the LLDP protocol configuration.
+ default: present
+ choices: ['present', 'absent']
+'''
+
+EXAMPLES = """
+- name: Enable LLDP protocol
+ onyx_lldp:
+ state: present
+
+- name: Disable LLDP protocol
+ onyx_lldp:
+ state: lldp
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - lldp
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxLldpModule(BaseOnyxModule):
+ LLDP_ENTRY = 'LLDP'
+ SHOW_LLDP_CMD = 'show lldp local'
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ state=dict(default='present', choices=['present', 'absent']),
+ )
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ self._required_config = dict()
+ module_params = self._module.params
+ params = {
+ 'state': module_params['state'],
+ }
+
+ self.validate_param_values(params)
+ self._required_config.update(params)
+
+ def _get_lldp_config(self):
+ return show_cmd(self._module, self.SHOW_LLDP_CMD)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ state = 'absent'
+ config = self._get_lldp_config() or dict()
+ for item in config:
+ lldp_state = item.get(self.LLDP_ENTRY)
+ if lldp_state is not None:
+ if lldp_state == 'enabled':
+ state = 'present'
+ break
+ self._current_config['state'] = state
+
+ def generate_commands(self):
+ req_state = self._required_config['state']
+ curr_state = self._current_config['state']
+ if curr_state != req_state:
+ cmd = 'lldp'
+ if req_state == 'absent':
+ cmd = 'no %s' % cmd
+ self._commands.append(cmd)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxLldpModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp_interface.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp_interface.py
new file mode 100644
index 000000000..795a5286b
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_lldp_interface.py
@@ -0,0 +1,224 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_lldp_interface
+author: "Samer Deeb (@samerd)"
+short_description: Manage LLDP interfaces configuration on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of LLDP interfaces
+ configuration on Mellanox ONYX network devices.
+options:
+ name:
+ description:
+ - Name of the interface LLDP should be configured on.
+ aggregate:
+ description: List of interfaces LLDP should be configured on.
+ purge:
+ description:
+ - Purge interfaces not defined in the aggregate parameter.
+ type: bool
+ default: false
+ state:
+ description:
+ - State of the LLDP configuration.
+ default: present
+ choices: ['present', 'absent', 'enabled', 'disabled']
+'''
+
+EXAMPLES = """
+- name: Configure LLDP on specific interfaces
+ onyx_lldp_interface:
+ name: Eth1/1
+ state: present
+
+- name: Disable LLDP on specific interfaces
+ onyx_lldp_interface:
+ name: Eth1/1
+ state: disabled
+
+- name: Enable LLDP on specific interfaces
+ onyx_lldp_interface:
+ name: Eth1/1
+ state: enabled
+
+- name: Delete LLDP on specific interfaces
+ onyx_lldp_interface:
+ name: Eth1/1
+ state: absent
+
+- name: Create aggregate of LLDP interface configurations
+ onyx_lldp_interface:
+ aggregate:
+ - { name: Eth1/1 }
+ - { name: Eth1/2 }
+ state: present
+
+- name: Delete aggregate of LLDP interface configurations
+ onyx_lldp_interface:
+ aggregate:
+ - { name: Eth1/1 }
+ - { name: Eth1/2 }
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - interface ethernet 1/1 lldp transmit
+ - interface ethernet 1/1 lldp receive
+"""
+import re
+from copy import deepcopy
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxLldpInterfaceModule(BaseOnyxModule):
+ IF_NAME_REGEX = re.compile(r"^(Eth\d+\/\d+|Eth\d+\/\d+\d+)$")
+ _purge = False
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ name=dict(type='str'),
+ state=dict(default='present',
+ choices=['present', 'absent', 'enabled', 'disabled']),
+ )
+
+ @classmethod
+ def _get_aggregate_spec(cls, element_spec):
+ aggregate_spec = deepcopy(element_spec)
+ aggregate_spec['name'] = dict(required=True)
+
+ # remove default in aggregate spec, to handle common arguments
+ remove_default_spec(aggregate_spec)
+ return aggregate_spec
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ aggregate_spec = self._get_aggregate_spec(element_spec)
+ argument_spec = dict(
+ aggregate=dict(type='list', elements='dict',
+ options=aggregate_spec),
+ purge=dict(default=False, type='bool'),
+ )
+ argument_spec.update(element_spec)
+ required_one_of = [['name', 'aggregate']]
+ mutually_exclusive = [['name', 'aggregate']]
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ required_one_of=required_one_of,
+ mutually_exclusive=mutually_exclusive,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ self._required_config = list()
+ module_params = self._module.params
+ aggregate = module_params.get('aggregate')
+ self._purge = module_params.get('purge', False)
+ if aggregate:
+ for item in aggregate:
+ for key in item:
+ if item.get(key) is None:
+ item[key] = module_params[key]
+ self.validate_param_values(item, item)
+ req_item = item.copy()
+ self._required_config.append(req_item)
+ else:
+ params = {
+ 'name': module_params['name'],
+ 'state': module_params['state'],
+ }
+ self.validate_param_values(params)
+ self._required_config.append(params)
+
+ def _create_if_lldp_data(self, if_name, if_lldp_data):
+ return {
+ 'name': if_name,
+ 'receive': self.get_config_attr(if_lldp_data, 'Receive'),
+ 'transmit': self.get_config_attr(if_lldp_data, 'Transmit'),
+ }
+
+ def _get_lldp_config(self):
+ return show_cmd(self._module, "show lldp interfaces")
+
+ def load_current_config(self):
+ # called in base class in run function
+ self._current_config = dict()
+ lldp_config = self._get_lldp_config()
+ if not lldp_config:
+ return
+ for if_name, if_lldp_data in iteritems(lldp_config):
+ match = self.IF_NAME_REGEX.match(if_name)
+ if not match:
+ continue
+ if if_lldp_data:
+ if_lldp_data = if_lldp_data[0]
+ self._current_config[if_name] = \
+ self._create_if_lldp_data(if_name, if_lldp_data)
+
+ def _get_interface_cmd_name(self, if_name):
+ return if_name.replace("Eth", "ethernet ")
+
+ def _add_if_lldp_commands(self, if_name, flag, enable):
+ cmd_prefix = "interface %s " % self._get_interface_cmd_name(if_name)
+ lldp_cmd = "lldp %s" % flag
+ if not enable:
+ lldp_cmd = 'no %s' % lldp_cmd
+ self._commands.append(cmd_prefix + lldp_cmd)
+
+ def _gen_lldp_commands(self, if_name, req_state, curr_conf):
+ curr_receive = curr_conf.get('receive')
+ curr_transmit = curr_conf.get('transmit')
+ enable = (req_state == 'Enabled')
+ if curr_receive != req_state:
+ flag = 'receive'
+ self._add_if_lldp_commands(if_name, flag, enable)
+ if curr_transmit != req_state:
+ flag = 'transmit'
+ self._add_if_lldp_commands(if_name, flag, enable)
+
+ def generate_commands(self):
+ req_interfaces = set()
+ for req_conf in self._required_config:
+ state = req_conf['state']
+ if_name = req_conf['name']
+ if state in ('absent', 'disabled'):
+ req_state = 'Disabled'
+ else:
+ req_interfaces.add(if_name)
+ req_state = 'Enabled'
+ curr_conf = self._current_config.get(if_name, {})
+ self._gen_lldp_commands(if_name, req_state, curr_conf)
+ if self._purge:
+ for if_name, curr_conf in iteritems(self._current_config):
+ if if_name not in req_interfaces:
+ req_state = 'Disabled'
+ self._gen_lldp_commands(if_name, req_state, curr_conf)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxLldpInterfaceModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_magp.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_magp.py
new file mode 100644
index 000000000..94189cd3e
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_magp.py
@@ -0,0 +1,231 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_magp
+author: "Samer Deeb (@samerd)"
+short_description: Manage MAGP protocol on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of MAGP protocol on vlan
+ interface of Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ magp_id:
+ description:
+ - "MAGP instance number 1-255"
+ required: true
+ interface:
+ description:
+ - VLAN Interface name.
+ required: true
+ state:
+ description:
+ - MAGP state.
+ default: present
+ choices: ['present', 'absent', 'enabled', 'disabled']
+ router_ip:
+ description:
+ - MAGP router IP address.
+ router_mac:
+ description:
+ - MAGP router MAC address.
+'''
+
+EXAMPLES = """
+- name: Run add vlan interface with magp
+ onyx_magp:
+ magp_id: 103
+ router_ip: 192.168.8.2
+ router_mac: AA:1B:2C:3D:4E:5F
+ interface: Vlan 1002
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface vlan 234 magp 103
+ - exit
+ - interface vlan 234 magp 103 ip virtual-router address 1.2.3.4
+"""
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxMagpModule(BaseOnyxModule):
+ IF_VLAN_REGEX = re.compile(r"^Vlan (\d+)$")
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ magp_id=dict(type='int', required=True),
+ state=dict(default='present',
+ choices=['present', 'absent', 'enabled', 'disabled']),
+ interface=dict(required=True),
+ router_ip=dict(),
+ router_mac=dict(),
+ )
+
+ def init_module(self):
+ """ Ansible module initialization
+ """
+ element_spec = self._get_element_spec()
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def validate_magp_id(self, value):
+ if value and not 1 <= int(value) <= 255:
+ self._module.fail_json(msg='magp id must be between 1 and 255')
+
+ def get_required_config(self):
+ module_params = self._module.params
+ interface = module_params['interface']
+ match = self.IF_VLAN_REGEX.match(interface)
+ vlan_id = 0
+ if match:
+ vlan_id = int(match.group(1))
+ else:
+ self._module.fail_json(
+ msg='Invalid interface name: should be "Vlan <vlan_id>"')
+
+ self._required_config = dict(
+ magp_id=module_params['magp_id'],
+ state=module_params['state'],
+ vlan_id=vlan_id,
+ router_ip=module_params['router_ip'],
+ router_mac=module_params['router_mac'])
+ self.validate_param_values(self._required_config)
+
+ @classmethod
+ def get_magp_id(cls, item):
+ header = cls.get_config_attr(item, "header")
+ return int(header.split()[1])
+
+ def _create_magp_instance_data(self, magp_id, item):
+ vlan_id = int(self.get_config_attr(item, "Interface vlan"))
+ state = self.get_config_attr(item, "Admin state").lower()
+ return dict(
+ magp_id=magp_id,
+ state=state,
+ vlan_id=vlan_id,
+ router_ip=self.get_config_attr(item, "Virtual IP"),
+ router_mac=self.get_config_attr(item, "Virtual MAC"))
+
+ def _update_magp_data(self, magp_data):
+ if self._os_version >= self.ONYX_API_VERSION:
+ for magp_config in magp_data:
+ for magp_name, data in iteritems(magp_config):
+ magp_id = int(magp_name.replace('MAGP ', ''))
+ self._current_config[magp_id] = \
+ self._create_magp_instance_data(magp_id, data[0])
+ else:
+ for magp_item in magp_data:
+ magp_id = self.get_magp_id(magp_item)
+ inst_data = self._create_magp_instance_data(magp_id, magp_item)
+ self._current_config[magp_id] = inst_data
+
+ def _get_magp_config(self):
+ cmd = "show magp"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ # called in base class in run function
+ self._os_version = self._get_os_version()
+ self._current_config = dict()
+ magp_data = self._get_magp_config()
+ if magp_data:
+ self._update_magp_data(magp_data)
+
+ def _generate_no_magp_commands(self):
+ req_vlan_id = self._required_config['vlan_id']
+ req_magp_id = self._required_config['magp_id']
+ curr_magp_data = self._current_config.get(req_magp_id)
+ if not curr_magp_data:
+ return
+ curr_vlan_id = curr_magp_data.get(req_vlan_id)
+ if curr_vlan_id == req_vlan_id:
+ cmd = 'interface vlan %s no magp %s' % (req_vlan_id, req_magp_id)
+ self._commands.append(cmd)
+
+ def _generate_magp_commands(self, req_state):
+ req_vlan_id = self._required_config['vlan_id']
+ req_magp_id = self._required_config['magp_id']
+ curr_magp_data = self._current_config.get(req_magp_id, dict())
+ curr_vlan_id = curr_magp_data.get('vlan_id')
+ magp_prefix = 'interface vlan %s magp %s' % (req_vlan_id, req_magp_id)
+ create_new_magp = False
+ if curr_vlan_id != req_vlan_id:
+ if curr_vlan_id:
+ cmd = 'interface vlan %s no magp %s' % (
+ curr_vlan_id, req_magp_id)
+ self._commands.append(cmd)
+ create_new_magp = True
+ self._commands.append(magp_prefix)
+ self._commands.append('exit')
+ req_router_ip = self._required_config['router_ip']
+ curr_router_ip = curr_magp_data.get('router_ip')
+ if req_router_ip:
+ if curr_router_ip != req_router_ip or create_new_magp:
+ cmd = '%s ip virtual-router address %s' % (
+ magp_prefix, req_router_ip)
+ self._commands.append(cmd)
+ else:
+ if curr_router_ip and curr_router_ip != '0.0.0.0':
+ cmd = '%s no ip virtual-router address' % magp_prefix
+ self._commands.append(cmd)
+ req_router_mac = self._required_config['router_mac']
+ curr_router_mac = curr_magp_data.get('router_mac')
+ if curr_router_mac:
+ curr_router_mac = curr_router_mac.lower()
+ if req_router_mac:
+ req_router_mac = req_router_mac.lower()
+ if curr_router_mac != req_router_mac or create_new_magp:
+ cmd = '%s ip virtual-router mac-address %s' % (
+ magp_prefix, req_router_mac)
+ self._commands.append(cmd)
+ else:
+ if curr_router_mac and curr_router_mac != '00:00:00:00:00:00':
+ cmd = '%s no ip virtual-router mac-address' % magp_prefix
+ self._commands.append(cmd)
+ if req_state in ('enabled', 'disabled'):
+ curr_state = curr_magp_data.get('state', 'enabled')
+ if curr_state != req_state:
+ if req_state == 'enabled':
+ suffix = 'no shutdown'
+ else:
+ suffix = 'shutdown'
+ cmd = '%s %s' % (magp_prefix, suffix)
+ self._commands.append(cmd)
+
+ def generate_commands(self):
+ req_state = self._required_config['state']
+ if req_state == 'absent':
+ return self._generate_no_magp_commands()
+ return self._generate_magp_commands(req_state)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxMagpModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_ipl.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_ipl.py
new file mode 100644
index 000000000..6257a5c86
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_ipl.py
@@ -0,0 +1,205 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_mlag_ipl
+author: "Samer Deeb (@samerd)"
+short_description: Manage IPL (inter-peer link) on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of IPL (inter-peer link)
+ management on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ name:
+ description:
+ - Name of the interface (port-channel) IPL should be configured on.
+ required: true
+ vlan_interface:
+ description:
+ - Name of the IPL vlan interface.
+ state:
+ description:
+ - IPL state.
+ default: present
+ choices: ['present', 'absent']
+ peer_address:
+ description:
+ - IPL peer IP address.
+'''
+
+EXAMPLES = """
+- name: Run configure ipl
+ onyx_mlag_ipl:
+ name: Po1
+ vlan_interface: Vlan 322
+ state: present
+ peer_address: 192.168.7.1
+
+- name: Run remove ipl
+ onyx_mlag_ipl:
+ name: Po1
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface port-channel 1 ipl 1
+ - interface vlan 1024 ipl 1 peer-address 10.10.10.10
+"""
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxMlagIplModule(BaseOnyxModule):
+ VLAN_IF_REGEX = re.compile(r'^Vlan \d+')
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ name=dict(required=True),
+ state=dict(default='present',
+ choices=['present', 'absent']),
+ peer_address=dict(),
+ vlan_interface=dict(),
+ )
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(
+ name=module_params['name'],
+ state=module_params['state'],
+ peer_address=module_params['peer_address'],
+ vlan_interface=module_params['vlan_interface'])
+ self.validate_param_values(self._required_config)
+
+ def _update_mlag_data(self, mlag_data):
+ if not mlag_data:
+ return
+ mlag_summary = mlag_data.get("MLAG IPLs Summary", {})
+ ipl_id = "1"
+ ipl_list = mlag_summary.get(ipl_id)
+ if ipl_list:
+ ipl_data = ipl_list[0]
+ vlan_id = ipl_data.get("Vlan Interface")
+ vlan_interface = ""
+ if vlan_id != "N/A":
+ vlan_interface = "Vlan %s" % vlan_id
+ peer_address = ipl_data.get("Peer IP address")
+ name = ipl_data.get("Group Port-Channel")
+ self._current_config = dict(
+ name=name,
+ peer_address=peer_address,
+ vlan_interface=vlan_interface)
+
+ def _show_mlag_data(self):
+ cmd = "show mlag"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ # called in base class in run function
+ self._current_config = dict()
+ mlag_data = self._show_mlag_data()
+ self._update_mlag_data(mlag_data)
+
+ def _get_interface_cmd_name(self, if_name):
+ if if_name.startswith('Po'):
+ return if_name.replace("Po", "port-channel ")
+ self._module.fail_json(
+ msg='invalid interface name: %s' % if_name)
+
+ def _generate_port_channel_command(self, if_name, enable):
+ if_cmd_name = self._get_interface_cmd_name(if_name)
+ if enable:
+ ipl_cmd = 'ipl 1'
+ else:
+ ipl_cmd = "no ipl 1"
+ cmd = "interface %s %s" % (if_cmd_name, ipl_cmd)
+ return cmd
+
+ def _generate_vlan_if_command(self, if_name, enable, peer_address):
+ if_cmd_name = if_name.lower()
+ if enable:
+ ipl_cmd = 'ipl 1 peer-address %s' % peer_address
+ else:
+ ipl_cmd = "no ipl 1"
+ cmd = "interface %s %s" % (if_cmd_name, ipl_cmd)
+ return cmd
+
+ def _generate_no_ipl_commands(self):
+ curr_interface = self._current_config.get('name')
+ req_interface = self._required_config.get('name')
+ if curr_interface == req_interface:
+ cmd = self._generate_port_channel_command(
+ req_interface, enable=False)
+ self._commands.append(cmd)
+
+ def _generate_ipl_commands(self):
+ curr_interface = self._current_config.get('name')
+ req_interface = self._required_config.get('name')
+ if curr_interface != req_interface:
+ if curr_interface and curr_interface != 'N/A':
+ cmd = self._generate_port_channel_command(
+ curr_interface, enable=False)
+ self._commands.append(cmd)
+ cmd = self._generate_port_channel_command(
+ req_interface, enable=True)
+ self._commands.append(cmd)
+ curr_vlan = self._current_config.get('vlan_interface')
+ req_vlan = self._required_config.get('vlan_interface')
+ add_peer = False
+ if curr_vlan != req_vlan:
+ add_peer = True
+ if curr_vlan:
+ cmd = self._generate_vlan_if_command(curr_vlan, enable=False,
+ peer_address=None)
+ self._commands.append(cmd)
+ curr_peer = self._current_config.get('peer_address')
+ req_peer = self._required_config.get('peer_address')
+ if req_peer != curr_peer:
+ add_peer = True
+ if add_peer and req_peer:
+ cmd = self._generate_vlan_if_command(req_vlan, enable=True,
+ peer_address=req_peer)
+ self._commands.append(cmd)
+
+ def generate_commands(self):
+ state = self._required_config['state']
+ if state == 'absent':
+ self._generate_no_ipl_commands()
+ else:
+ self._generate_ipl_commands()
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxMlagIplModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_vip.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_vip.py
new file mode 100644
index 000000000..b7df229ec
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_mlag_vip.py
@@ -0,0 +1,180 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_mlag_vip
+author: "Samer Deeb (@samerd)"
+short_description: Configures MLAG VIP on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of MLAG virtual IPs
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ ipaddress:
+ description:
+ - Virtual IP address of the MLAG. Required if I(state=present).
+ group_name:
+ description:
+ - MLAG group name. Required if I(state=present).
+ mac_address:
+ description:
+ - MLAG system MAC address. Required if I(state=present).
+ state:
+ description:
+ - MLAG VIP state.
+ choices: ['present', 'absent']
+ delay:
+ description:
+ - Delay interval, in seconds, waiting for the changes on mlag VIP to take
+ effect.
+ default: 12
+'''
+
+EXAMPLES = """
+- name: Configure mlag-vip
+ onyx_mlag_vip:
+ ipaddress: 50.3.3.1/24
+ group_name: ansible-test-group
+ mac_address: 00:11:12:23:34:45
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - mlag-vip ansible_test_group ip 50.3.3.1 /24 force
+ - no mlag shutdown
+"""
+
+import time
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxMLagVipModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ ipaddress=dict(),
+ group_name=dict(),
+ mac_address=dict(),
+ delay=dict(type='int', default=12),
+ state=dict(choices=['present', 'absent'], default='present'),
+ )
+ argument_spec = dict()
+
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ lag_params = {
+ 'ipaddress': module_params['ipaddress'],
+ 'group_name': module_params['group_name'],
+ 'mac_address': module_params['mac_address'],
+ 'delay': module_params['delay'],
+ 'state': module_params['state'],
+ }
+
+ self.validate_param_values(lag_params)
+ self._required_config = lag_params
+
+ def _show_mlag_cmd(self, cmd):
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def _show_mlag(self):
+ cmd = "show mlag"
+ return self._show_mlag_cmd(cmd)
+
+ def _show_mlag_vip(self):
+ cmd = "show mlag-vip"
+ return self._show_mlag_cmd(cmd)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ mlag_config = self._show_mlag()
+ mlag_vip_config = self._show_mlag_vip()
+ if mlag_vip_config:
+ mlag_vip = mlag_vip_config.get("MLAG-VIP", {})
+ self._current_config['group_name'] = \
+ mlag_vip.get("MLAG group name")
+ self._current_config['ipaddress'] = \
+ mlag_vip.get("MLAG VIP address")
+ if mlag_config:
+ self._current_config['mac_address'] = \
+ mlag_config.get("System-mac")
+
+ def generate_commands(self):
+ state = self._required_config['state']
+ if state == 'present':
+ self._generate_mlag_vip_cmds()
+ else:
+ self._generate_no_mlag_vip_cmds()
+
+ def _generate_mlag_vip_cmds(self):
+ current_group = self._current_config.get('group_name')
+ current_ip = self._current_config.get('ipaddress')
+ current_mac = self._current_config.get('mac_address')
+ if current_mac:
+ current_mac = current_mac.lower()
+
+ req_group = self._required_config.get('group_name')
+ req_ip = self._required_config.get('ipaddress')
+ req_mac = self._required_config.get('mac_address')
+ if req_mac:
+ req_mac = req_mac.lower()
+
+ if req_ip is not None:
+ if req_group is None:
+ self._module.fail_json(msg='In order to configure Mlag-Vip you must send '
+ 'group name param beside IPaddress')
+ ipaddr, mask = req_ip.split('/')
+ if req_group != current_group or req_ip != current_ip:
+ self._commands.append('mlag-vip %s ip %s /%s force' % (req_group, ipaddr, mask))
+ elif req_group and req_group != current_group:
+ self._commands.append('mlag-vip %s' % req_group)
+
+ if req_mac and req_mac != current_mac:
+ self._commands.append(
+ 'mlag system-mac %s' % (req_mac))
+ if self._commands:
+ self._commands.append('no mlag shutdown')
+
+ def _generate_no_mlag_vip_cmds(self):
+ if self._current_config.get('group_name'):
+ self._commands.append('no mlag-vip')
+
+ def check_declarative_intent_params(self, result):
+ if not result['changed']:
+ return
+ delay_interval = self._required_config.get('delay')
+ if delay_interval > 0:
+ time.sleep(delay_interval)
+ for cmd in ("show mlag-vip", ""):
+ show_cmd(self._module, cmd, json_fmt=False, fail_on_error=False)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxMLagVipModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp.py
new file mode 100644
index 000000000..0f17263ce
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp.py
@@ -0,0 +1,239 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_ntp
+version_added: '0.2.0'
+author: "Sara-Touqan (@sarato)"
+short_description: Manage NTP general configurations and ntp keys configurations on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of NTP & NTP Keys
+ on Mellanox ONYX network devices.
+options:
+ state:
+ description:
+ - State of the NTP configuration.
+ choices: ['enabled', 'disabled']
+ type: str
+ authenticate_state:
+ description:
+ - State of the NTP authentication configuration.
+ choices: ['enabled', 'disabled']
+ type: str
+ ntp_authentication_keys:
+ type: list
+ description:
+ - List of ntp authentication keys
+ suboptions:
+ auth_key_id:
+ description:
+ - Configures ntp key-id, range 1-65534
+ required: true
+ type: int
+ auth_key_encrypt_type:
+ description:
+ - encryption type used to configure ntp authentication key.
+ required: true
+ choices: ['md5', 'sha1']
+ type: str
+ auth_key_password:
+ description:
+ - password used for ntp authentication key.
+ required: true
+ type: str
+ auth_key_state:
+ description:
+ - Used to decide if you want to delete given ntp key or not
+ choices: ['present', 'absent']
+ type: str
+ trusted_keys:
+ type: list
+ description:
+ - List of ntp trusted keys
+'''
+
+EXAMPLES = """
+- name: Configure NTP
+ onyx_ntp:
+ state: enabled
+ authenticate_state: enabled
+ ntp_authentication_keys:
+ - auth_key_id: 1
+ auth_key_encrypt_type: md5
+ auth_key_password: 12345
+ auth_key_state: absent
+ trusted_keys: 1,2,3
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - ntp enable
+ - ntp disable
+ - ntp authenticate
+ - no ntp authenticate
+ - ntp authentication-key 1 md5 12345
+ - no ntp authentication-key 1
+ - ntp trusted-key 1,2,3
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxNTPModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ module initialization
+ """
+ ntp_authentication_key_spec = dict(auth_key_id=dict(type='int', required=True),
+ auth_key_encrypt_type=dict(required=True, choices=['md5', 'sha1']),
+ auth_key_password=dict(required=True),
+ auth_key_state=dict(choices=['present', 'absent']))
+ element_spec = dict(
+ state=dict(choices=['enabled', 'disabled']),
+ authenticate_state=dict(choices=['enabled', 'disabled']),
+ ntp_authentication_keys=dict(type='list', elements='dict', options=ntp_authentication_key_spec),
+ trusted_keys=dict(type='list', elements='int')
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def _validate_key_id(self):
+ keys_id_list = self._required_config.get("ntp_authentication_keys")
+ if keys_id_list:
+ for key_item in keys_id_list:
+ key_id = key_item.get("auth_key_id")
+ if (key_id < 1) or (key_id > 65534):
+ self._module.fail_json(
+ msg='Invalid Key value, value should be in the range 1-65534')
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+ self._validate_key_id()
+
+ def _show_ntp_config(self):
+ show_cmds = []
+ cmd = "show ntp"
+ show_cmds.append(show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False))
+ cmd = "show ntp keys"
+ show_cmds.append(show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False))
+ return show_cmds
+
+ def _set_ntp_keys_config(self, ntp_config):
+ if not ntp_config:
+ return
+ for req_ntp_auth_key in ntp_config:
+ ecryption_type = req_ntp_auth_key.get("Encryption Type")
+ self._current_config[req_ntp_auth_key.get("header")] = ecryption_type
+
+ def _set_ntp_config(self, ntp_config):
+ ntp_config = ntp_config[0]
+ if not ntp_config:
+ return
+ self._current_config['state'] = ntp_config.get("NTP is administratively")
+ self._current_config['authenticate_state'] = ntp_config.get("NTP Authentication administratively")
+
+ def load_current_config(self):
+ self._current_config = dict()
+ ntp_config = self._show_ntp_config()
+ if ntp_config:
+ if ntp_config[0]:
+ self._set_ntp_config(ntp_config[0])
+ if ntp_config[1]:
+ self._set_ntp_keys_config(ntp_config[1])
+
+ def generate_commands(self):
+ current_state = self._current_config.get("state")
+ state = self._required_config.get("state")
+ if state is None:
+ state = current_state
+ if state is not None:
+ if current_state != state:
+ if state == 'enabled':
+ self._commands.append('ntp enable')
+ else:
+ self._commands.append('no ntp enable')
+ authenticate_state = self._required_config.get("authenticate_state")
+ if authenticate_state:
+ current_authenticate_state = self._current_config.get("authenticate_state")
+ if authenticate_state is not None:
+ if current_authenticate_state != authenticate_state:
+ if authenticate_state == 'enabled':
+ self._commands.append('ntp authenticate')
+ else:
+ self._commands.append('no ntp authenticate')
+ req_ntp_auth_keys = self._required_config.get('ntp_authentication_keys')
+ if req_ntp_auth_keys:
+ if req_ntp_auth_keys is not None:
+ for req_ntp_auth_key in req_ntp_auth_keys:
+ req_key_id = req_ntp_auth_key.get('auth_key_id')
+ req_key = 'NTP Key ' + str(req_key_id)
+ current_req_key = self._current_config.get(req_key)
+ auth_key_state = req_ntp_auth_key.get('auth_key_state')
+ req_encrypt_type = req_ntp_auth_key.get('auth_key_encrypt_type')
+ req_password = req_ntp_auth_key.get('auth_key_password')
+ if current_req_key:
+ if req_encrypt_type == current_req_key:
+ if auth_key_state:
+ if auth_key_state == 'absent':
+ self._commands.append('no ntp authentication-key {0}' .format(req_key_id))
+ else:
+ continue
+ else:
+ if auth_key_state:
+ if auth_key_state == 'present':
+ self._commands.append('ntp authentication-key {0} {1} {2}'
+ .format(req_key_id,
+ req_encrypt_type,
+ req_password))
+ else:
+ self._commands.append('ntp authentication-key {0} {1} {2}'
+ .format(req_key_id,
+ req_encrypt_type,
+ req_password))
+
+ else:
+ if auth_key_state:
+ if auth_key_state == 'present':
+ self._commands.append('ntp authentication-key {0} {1} {2}'
+ .format(req_key_id,
+ req_encrypt_type,
+ req_password))
+ else:
+ self._commands.append('ntp authentication-key {0} {1} {2}'
+ .format(req_key_id,
+ req_encrypt_type,
+ req_password))
+
+ req_trusted_keys = self._required_config.get('trusted_keys')
+ if req_trusted_keys:
+ for key in req_trusted_keys:
+ self._commands.append('ntp trusted-key {0}' .format(key))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxNTPModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp_servers_peers.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp_servers_peers.py
new file mode 100644
index 000000000..f49daa24b
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ntp_servers_peers.py
@@ -0,0 +1,282 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_ntp_servers_peers
+version_added: '0.2.0'
+author: "Sara-Touqan (@sarato)"
+short_description: Configures NTP peers and servers parameters
+description:
+ - This module provides declarative management of NTP peers and servers configuration on Mellanox ONYX network devices.
+options:
+ peer:
+ type: list
+ description:
+ - List of ntp peers.
+ suboptions:
+ ip_or_name:
+ description:
+ - Configures ntp peer name or ip.
+ required: true
+ type: str
+ enabled:
+ description:
+ - Disables/Enables ntp peer state
+ type: bool
+ version:
+ description:
+ - version number for the ntp peer
+ choices: [3, 4]
+ type: int
+ key_id:
+ description:
+ - Used to configure the key-id for the ntp peer
+ type: int
+ state:
+ description:
+ - Indicates if the ntp peer exists or should be deleted
+ choices: ['present', 'absent']
+ type: str
+ server:
+ type: list
+ description:
+ - List of ntp servers.
+ suboptions:
+ ip_or_name:
+ description:
+ - Configures ntp server name or ip.
+ required: true
+ type: str
+ enabled:
+ description:
+ - Disables/Enables ntp server
+ type: bool
+ trusted_enable:
+ description:
+ - Disables/Enables the trusted state for the ntp server.
+ type: bool
+ version:
+ description:
+ - version number for the ntp server
+ choices: [3, 4]
+ type: int
+ key_id:
+ description:
+ - Used to configure the key-id for the ntp server
+ type: int
+ state:
+ description:
+ - Indicates if the ntp peer exists or should be deleted.
+ choices: ['present', 'absent']
+ type: str
+ ntpdate:
+ description:
+ - Sets system clock once from a remote server using NTP.
+ type: str
+'''
+
+EXAMPLES = """
+- name: Configure NTP peers and servers
+ onyx_ntp_peers_servers:
+ peer:
+ - ip_or_name: 1.1.1.1
+ enabled: yes
+ version: 4
+ key_id: 6
+ state: present
+ server:
+ - ip_or_name: 2.2.2.2
+ enabled: true
+ version: 3
+ key_id: 8
+ trusted_enable: no
+ state: present
+ ntpdate: 192.168.10.10
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - ntp peer 1.1.1.1 disable
+ no ntp peer 1.1.1.1 disable
+ ntp peer 1.1.1.1 keyId 6
+ ntp peer 1.1.1.1 version 4
+ no ntp peer 1.1.1.1
+ ntp server 2.2.2.2 disable
+ no ntp server 2.2.2.2 disable
+ ntp server 2.2.2.2 keyID 8
+ ntp server 2.2.2.2 version 3
+ ntp server 2.2.2.2 trusted-enable
+ no ntp server 2.2.2.2
+ ntp server 192.168.10.10
+ ntpdate 192.168.10.10
+"""
+
+from copy import deepcopy
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxNTPServersPeersModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ module initialization
+ """
+ peer_spec = dict(ip_or_name=dict(required=True),
+ enabled=dict(type='bool'),
+ version=dict(type='int', choices=[3, 4]),
+ key_id=dict(type='int'),
+ state=dict(choices=['present', 'absent']))
+ server_spec = dict(ip_or_name=dict(required=True),
+ enabled=dict(type='bool'),
+ version=dict(type='int', choices=[3, 4]),
+ trusted_enable=dict(type='bool'),
+ key_id=dict(type='int'),
+ state=dict(choices=['present', 'absent']))
+ element_spec = dict(peer=dict(type='list', elements='dict', options=peer_spec),
+ server=dict(type='list', elements='dict', options=server_spec),
+ ntpdate=dict())
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _show_peers_servers_config(self):
+ cmd = "show ntp configured"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def _set_servers_config(self, peers_servers_config):
+ servers = dict()
+ peers = dict()
+ if not peers_servers_config:
+ return
+ index = 0
+ for peer_server in peers_servers_config:
+ if (index == 0):
+ index += 1
+ continue
+ else:
+ header_list = peer_server.get("header").split(" ")
+ header_type = header_list[1]
+ if peer_server.get("Enabled") == "yes":
+ enabled_state = True
+ else:
+ enabled_state = False
+ if (header_type == 'server'):
+ trusted_state = peer_server.get("Trusted")
+ if trusted_state == 'yes':
+ trusted_state = True
+ else:
+ trusted_state = False
+ server_entry = {"version": peer_server.get("NTP version"),
+ "enabled": enabled_state,
+ "trusted_enable": trusted_state,
+ "key_id": peer_server.get("Key ID")}
+ servers[header_list[2]] = server_entry
+ else:
+ peer_entry = {"version": peer_server.get("NTP version"),
+ "enabled": enabled_state,
+ "key_id": peer_server.get("Key ID")}
+ peers[header_list[2]] = peer_entry
+ index += 1
+ self._current_config = dict(server=servers,
+ peer=peers)
+
+ def load_current_config(self):
+ servers = dict()
+ peers = dict()
+ self._current_config = dict(server=servers,
+ peer=peers)
+ peers_servers_config = self._show_peers_servers_config()
+ if peers_servers_config:
+ self._set_servers_config(peers_servers_config)
+
+ def generate_commands(self):
+ for option in self._current_config:
+ req_ntp = self._required_config.get(option)
+ if req_ntp is not None:
+ for ntp_peer in req_ntp:
+ peer_name = ntp_peer.get('ip_or_name')
+ peer_key = ntp_peer.get('key_id')
+ peer_state = ntp_peer.get("state")
+ peer_enabled = ntp_peer.get("enabled")
+ peer_version = ntp_peer.get("version")
+ peer_key = ntp_peer.get("key_id")
+ curr_name = self._current_config.get(option).get(peer_name)
+ peer_version = ntp_peer.get('version')
+ if self._current_config.get(option) and curr_name:
+ if peer_state:
+ if(peer_state == "absent"):
+ self._commands.append('no ntp {0} {1}' .format(option, peer_name))
+ continue
+ if peer_enabled is not None:
+ if curr_name.get("enabled") != peer_enabled:
+ if(peer_enabled is True):
+ self._commands.append('no ntp {0} {1} disable' .format(option, peer_name))
+ else:
+ self._commands.append('ntp {0} {1} disable' .format(option, peer_name))
+ if peer_version:
+ if (int(curr_name.get("version")) != peer_version):
+ self._commands.append('ntp {0} {1} version {2}' .format(option, peer_name, peer_version))
+ if peer_key:
+ if curr_name.get("key_id") != "none":
+ if (int(curr_name.get("key_id")) != peer_key):
+ self._commands.append('ntp {0} {1} keyID {2}' .format(option, peer_name, peer_key))
+ else:
+ self._commands.append('ntp {0} {1} keyID {2}' .format(option, peer_name, peer_key))
+ if option == "server":
+ server_trusted = ntp_peer.get("trusted_enable")
+ if server_trusted is not None:
+ if (curr_name.get("trusted_enable") != server_trusted):
+ if server_trusted is True:
+ self._commands.append('ntp {0} {1} trusted-enable' .format(option, peer_name))
+ else:
+ self._commands.append('no ntp {0} {1} trusted-enable' .format(option, peer_name))
+ else:
+ if peer_state:
+ if(peer_state == "absent"):
+ continue
+ if peer_enabled is not None:
+ if(peer_enabled is True):
+ self._commands.append('no ntp {0} {1} disable' .format(option, peer_name))
+ else:
+ self._commands.append('ntp {0} {1} disable' .format(option, peer_name))
+ else:
+ self._commands.append('ntp {0} {1} disable' .format(option, peer_name))
+ if peer_version:
+ self._commands.append('ntp {0} {1} version {2}' .format(option, peer_name, peer_version))
+ if peer_key:
+ self._commands.append('ntp {0} {1} keyID {2}' .format(option, peer_name, peer_key))
+
+ ntpdate = self._required_config.get("ntpdate")
+ if ntpdate is not None:
+ self._commands.append('ntpdate {0}' .format(ntpdate))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxNTPServersPeersModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_ospf.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ospf.py
new file mode 100644
index 000000000..1de0e413f
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ospf.py
@@ -0,0 +1,233 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_ospf
+author: "Samer Deeb (@samerd)"
+short_description: Manage OSPF protocol on Mellanox ONYX network devices
+description:
+ - This module provides declarative management and configuration of OSPF
+ protocol on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ ospf:
+ description:
+ - "OSPF instance number 1-65535"
+ required: true
+ router_id:
+ description:
+ - OSPF router ID. Required if I(state=present).
+ interfaces:
+ description:
+ - List of interfaces and areas. Required if I(state=present).
+ suboptions:
+ name:
+ description:
+ - Interface name.
+ required: true
+ area:
+ description:
+ - OSPF area.
+ required: true
+ state:
+ description:
+ - OSPF state.
+ default: present
+ choices: ['present', 'absent']
+'''
+
+EXAMPLES = """
+- name: Add ospf router to interface
+ onyx_ospf:
+ ospf: 2
+ router_id: 192.168.8.2
+ interfaces:
+ - name: Eth1/1
+ - area: 0.0.0.0
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - router ospf 2
+ - router-id 192.168.8.2
+ - exit
+ - interface ethernet 1/1 ip ospf area 0.0.0.0
+"""
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxOspfModule(BaseOnyxModule):
+ OSPF_IF_REGEX = re.compile(
+ r'^(Loopback\d+|Eth\d+\/\d+|Vlan\d+|Po\d+)\s+(\S+).*')
+ OSPF_ROUTER_REGEX = re.compile(r'^Routing Process (\d+).*ID\s+(\S+).*')
+
+ @classmethod
+ def _get_element_spec(cls):
+ interface_spec = dict(
+ name=dict(required=True),
+ area=dict(required=True),
+ )
+ element_spec = dict(
+ ospf=dict(type='int', required=True),
+ router_id=dict(),
+ interfaces=dict(type='list', elements='dict',
+ options=interface_spec),
+ state=dict(choices=['present', 'absent'], default='present'),
+ )
+ return element_spec
+
+ def init_module(self):
+ """ Ansible module initialization
+ """
+ element_spec = self._get_element_spec()
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def validate_ospf(self, value):
+ if value and not 1 <= int(value) <= 65535:
+ self._module.fail_json(msg='ospf id must be between 1 and 65535')
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(
+ ospf=module_params['ospf'],
+ router_id=module_params['router_id'],
+ state=module_params['state'],
+ )
+ interfaces = module_params['interfaces'] or list()
+ req_interfaces = self._required_config['interfaces'] = dict()
+ for interface_data in interfaces:
+ req_interfaces[interface_data['name']] = interface_data['area']
+ self.validate_param_values(self._required_config)
+
+ def _update_ospf_data(self, ospf_data):
+ match = self.OSPF_ROUTER_REGEX.match(ospf_data)
+ if match:
+ ospf_id = int(match.group(1))
+ router_id = match.group(2)
+ self._current_config['ospf'] = ospf_id
+ self._current_config['router_id'] = router_id
+
+ def _update_ospf_interfaces(self, ospf_interfaces):
+ interfaces = self._current_config['interfaces'] = dict()
+ lines = ospf_interfaces.split('\n')
+ for line in lines:
+ line = line.strip()
+ match = self.OSPF_IF_REGEX.match(line)
+ if match:
+ name = match.group(1)
+ area = match.group(2)
+ for prefix in ("Vlan", "Loopback"):
+ if name.startswith(prefix):
+ name = name.replace(prefix, prefix + ' ')
+ interfaces[name] = area
+
+ def _get_ospf_config(self, ospf_id):
+ cmd = 'show ip ospf %s | include Process' % ospf_id
+ return show_cmd(self._module, cmd, json_fmt=False, fail_on_error=False)
+
+ def _get_ospf_interfaces_config(self, ospf_id):
+ cmd = 'show ip ospf interface %s brief' % ospf_id
+ return show_cmd(self._module, cmd, json_fmt=False, fail_on_error=False)
+
+ def load_current_config(self):
+ # called in base class in run function
+ ospf_id = self._required_config['ospf']
+ self._current_config = dict()
+ ospf_data = self._get_ospf_config(ospf_id)
+ if ospf_data:
+ self._update_ospf_data(ospf_data)
+ ospf_interfaces = self._get_ospf_interfaces_config(ospf_id)
+ if ospf_interfaces:
+ self._update_ospf_interfaces(ospf_interfaces)
+
+ def _generate_no_ospf_commands(self):
+ req_ospf_id = self._required_config['ospf']
+ curr_ospf_id = self._current_config.get('ospf')
+ if curr_ospf_id == req_ospf_id:
+ cmd = 'no router ospf %s' % req_ospf_id
+ self._commands.append(cmd)
+
+ def _get_interface_command_name(self, if_name):
+ if if_name.startswith('Eth'):
+ return if_name.replace("Eth", "ethernet ")
+ if if_name.startswith('Po'):
+ return if_name.replace("Po", "port-channel ")
+ if if_name.startswith('Vlan'):
+ return if_name.replace("Vlan", "vlan")
+ if if_name.startswith('Loopback'):
+ return if_name.replace("Loopback", "loopback")
+ self._module.fail_json(
+ msg='invalid interface name: %s' % if_name)
+
+ def _get_interface_area_cmd(self, if_name, area):
+ interface_prefix = self._get_interface_command_name(if_name)
+ if area:
+ area_cmd = 'ip ospf area %s' % area
+ else:
+ area_cmd = 'no ip ospf area'
+ cmd = 'interface %s %s' % (interface_prefix, area_cmd)
+ return cmd
+
+ def _generate_ospf_commands(self):
+ req_router_id = self._required_config['router_id']
+ req_ospf_id = self._required_config['ospf']
+ curr_router_id = self._current_config.get('router_id')
+ curr_ospf_id = self._current_config.get('ospf')
+ if curr_ospf_id != req_ospf_id or req_router_id != curr_router_id:
+ cmd = 'router ospf %s' % req_ospf_id
+ self._commands.append(cmd)
+ if req_router_id != curr_router_id:
+ if req_router_id:
+ cmd = 'router-id %s' % req_router_id
+ else:
+ cmd = 'no router-id'
+ self._commands.append(cmd)
+ self._commands.append('exit')
+ req_interfaces = self._required_config['interfaces']
+ curr_interfaces = self._current_config.get('interfaces', dict())
+ for if_name, area in iteritems(req_interfaces):
+ curr_area = curr_interfaces.get(if_name)
+ if curr_area != area:
+ cmd = self._get_interface_area_cmd(if_name, area)
+ self._commands.append(cmd)
+ for if_name in curr_interfaces:
+ if if_name not in req_interfaces:
+ cmd = self._get_interface_area_cmd(if_name, None)
+ self._commands.append(cmd)
+
+ def generate_commands(self):
+ req_state = self._required_config['state']
+ if req_state == 'absent':
+ return self._generate_no_ospf_commands()
+ return self._generate_ospf_commands()
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxOspfModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_pfc_interface.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_pfc_interface.py
new file mode 100644
index 000000000..21ab4fbb6
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_pfc_interface.py
@@ -0,0 +1,208 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_pfc_interface
+author: "Samer Deeb (@samerd)"
+short_description: Manage priority flow control on ONYX network devices
+description:
+ - This module provides declarative management of priority flow control (PFC)
+ on interfaces of Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ name:
+ description:
+ - Name of the interface PFC should be configured on.
+ aggregate:
+ description: List of interfaces PFC should be configured on.
+ purge:
+ description:
+ - Purge interfaces not defined in the aggregate parameter.
+ type: bool
+ default: false
+ state:
+ description:
+ - State of the PFC configuration.
+ default: enabled
+ choices: ['enabled', 'disabled']
+'''
+
+EXAMPLES = """
+- name: Configure PFC
+ onyx_pfc_interface:
+ name: Eth1/1
+ state: enabled
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface ethernet 1/17 dcb priority-flow-control mode on
+"""
+from copy import deepcopy
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxPfcInterfaceModule(BaseOnyxModule):
+ PFC_IF_REGEX = re.compile(
+ r"^(Eth\d+\/\d+)|(Eth\d+\/\d+\/\d+)|(Po\d+)|(Mpo\d+)$")
+
+ _purge = False
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ name=dict(type='str'),
+ state=dict(default='enabled',
+ choices=['enabled', 'disabled']),
+ )
+
+ @classmethod
+ def _get_aggregate_spec(cls, element_spec):
+ aggregate_spec = deepcopy(element_spec)
+ aggregate_spec['name'] = dict(required=True)
+
+ # remove default in aggregate spec, to handle common arguments
+ remove_default_spec(aggregate_spec)
+ return aggregate_spec
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ aggregate_spec = self._get_aggregate_spec(element_spec)
+ argument_spec = dict(
+ aggregate=dict(type='list', elements='dict',
+ options=aggregate_spec),
+ purge=dict(default=False, type='bool'),
+ )
+ argument_spec.update(element_spec)
+ required_one_of = [['name', 'aggregate']]
+ mutually_exclusive = [['name', 'aggregate']]
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ required_one_of=required_one_of,
+ mutually_exclusive=mutually_exclusive,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ self._required_config = list()
+ module_params = self._module.params
+ aggregate = module_params.get('aggregate')
+ self._purge = module_params.get('purge', False)
+ if aggregate:
+ for item in aggregate:
+ for key in item:
+ if item.get(key) is None:
+ item[key] = module_params[key]
+ self.validate_param_values(item, item)
+ req_item = item.copy()
+ self._required_config.append(req_item)
+ else:
+ params = {
+ 'name': module_params['name'],
+ 'state': module_params['state'],
+ }
+ self.validate_param_values(params)
+ self._required_config.append(params)
+
+ def _create_if_pfc_data(self, if_name, if_pfc_data):
+ state = self.get_config_attr(if_pfc_data, "PFC oper")
+ state = state.lower()
+ return dict(
+ name=if_name,
+ state=state)
+
+ def _get_pfc_config(self):
+ return show_cmd(self._module, "show dcb priority-flow-control")
+
+ def load_current_config(self):
+ # called in base class in run function
+ self._os_version = self._get_os_version()
+ self._current_config = dict()
+ pfc_config = self._get_pfc_config()
+ if not pfc_config:
+ return
+ if self._os_version >= self.ONYX_API_VERSION:
+ if len(pfc_config) >= 3:
+ pfc_config = pfc_config[2]
+ else:
+ pfc_config = dict()
+ else:
+ if 'Table 2' in pfc_config:
+ pfc_config = pfc_config['Table 2']
+
+ for if_name, if_pfc_data in iteritems(pfc_config):
+ match = self.PFC_IF_REGEX.match(if_name)
+ if not match:
+ continue
+ if if_pfc_data:
+ if_pfc_data = if_pfc_data[0]
+ self._current_config[if_name] = \
+ self._create_if_pfc_data(if_name, if_pfc_data)
+
+ def _get_interface_cmd_name(self, if_name):
+ if if_name.startswith('Eth'):
+ return if_name.replace("Eth", "ethernet ")
+ if if_name.startswith('Po'):
+ return if_name.replace("Po", "port-channel ")
+ if if_name.startswith('Mpo'):
+ return if_name.replace("Mpo", "mlag-port-channel ")
+ self._module.fail_json(
+ msg='invalid interface name: %s' % if_name)
+
+ def _add_if_pfc_commands(self, if_name, req_state):
+ cmd_prefix = "interface %s " % self._get_interface_cmd_name(if_name)
+
+ if req_state == 'disabled':
+ pfc_cmd = 'no dcb priority-flow-control mode force'
+ else:
+ pfc_cmd = 'dcb priority-flow-control mode on force'
+ self._commands.append(cmd_prefix + pfc_cmd)
+
+ def _gen_pfc_commands(self, if_name, curr_conf, req_state):
+ curr_state = curr_conf.get('state', 'disabled')
+ if curr_state != req_state:
+ self._add_if_pfc_commands(if_name, req_state)
+
+ def generate_commands(self):
+ req_interfaces = set()
+ for req_conf in self._required_config:
+ req_state = req_conf['state']
+ if_name = req_conf['name']
+ if req_state == 'enabled':
+ req_interfaces.add(if_name)
+ curr_conf = self._current_config.get(if_name, {})
+ self._gen_pfc_commands(if_name, curr_conf, req_state)
+ if self._purge:
+ for if_name, curr_conf in iteritems(self._current_config):
+ if if_name not in req_interfaces:
+ req_state = 'disabled'
+ self._gen_pfc_commands(if_name, curr_conf, req_state)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxPfcInterfaceModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_protocol.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_protocol.py
new file mode 100644
index 000000000..133ccbca3
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_protocol.py
@@ -0,0 +1,191 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_protocol
+author: "Samer Deeb (@samerd)"
+short_description: Enables/Disables protocols on Mellanox ONYX network devices
+description:
+ - This module provides a mechanism for enabling and disabling protocols
+ Mellanox on ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.4000
+options:
+ mlag:
+ description: MLAG protocol
+ choices: ['enabled', 'disabled']
+ magp:
+ description: MAGP protocol
+ choices: ['enabled', 'disabled']
+ spanning_tree:
+ description: Spanning Tree support
+ choices: ['enabled', 'disabled']
+ dcb_pfc:
+ description: DCB priority flow control
+ choices: ['enabled', 'disabled']
+ igmp_snooping:
+ description: IP IGMP snooping
+ choices: ['enabled', 'disabled']
+ lacp:
+ description: LACP protocol
+ choices: ['enabled', 'disabled']
+ ip_l3:
+ description: IP L3 support
+ choices: ['enabled', 'disabled']
+ ip_routing:
+ description: IP routing support
+ choices: ['enabled', 'disabled']
+ lldp:
+ description: LLDP protocol
+ choices: ['enabled', 'disabled']
+ bgp:
+ description: BGP protocol
+ choices: ['enabled', 'disabled']
+ ospf:
+ description: OSPF protocol
+ choices: ['enabled', 'disabled']
+ nve:
+ description: nve protocol
+ choices: ['enabled', 'disabled']
+ bfd:
+ description: bfd protocol
+ choices: ['enabled', 'disabled']
+ version_added: '0.2.0'
+'''
+
+EXAMPLES = """
+- name: Enable protocols for MLAG
+ onyx_protocol:
+ lacp: enabled
+ spanning_tree: disabled
+ ip_routing: enabled
+ mlag: enabled
+ dcb_pfc: enabled
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - no spanning-tree
+ - protocol mlag
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxProtocolModule(BaseOnyxModule):
+
+ PROTOCOL_MAPPING = dict(
+ mlag=dict(name="mlag", enable="protocol mlag",
+ disable="no protocol mlag"),
+ magp=dict(name="magp", enable="protocol magp",
+ disable="no protocol magp"),
+ spanning_tree=dict(name="spanning-tree", enable="spanning-tree",
+ disable="no spanning-tree"),
+ dcb_pfc=dict(name="priority-flow-control",
+ enable="dcb priority-flow-control enable force",
+ disable="no dcb priority-flow-control enable force"),
+ igmp_snooping=dict(name="igmp-snooping", enable="ip igmp snooping",
+ disable="no ip igmp snooping"),
+ lacp=dict(name="lacp", enable="lacp", disable="no lacp"),
+ ip_l3=dict(name="IP L3", enable="ip l3",
+ disable="no ip l3"),
+ ip_routing=dict(name="IP routing", enable="ip routing",
+ disable="no ip routing"),
+ lldp=dict(name="lldp", enable="lldp", disable="no lldp"),
+ bgp=dict(name="bgp", enable="protocol bgp", disable="no protocol bgp"),
+ ospf=dict(name="ospf", enable="protocol ospf",
+ disable="no protocol ospf"),
+ nve=dict(name="nve", enable="protocol nve",
+ disable="no protocol nve"),
+ bfd=dict(name="bfd", enable="protocol bfd",
+ disable="no protocol bfd"),
+ )
+
+ @classmethod
+ def _get_element_spec(cls):
+ element_spec = dict()
+ for protocol in cls.PROTOCOL_MAPPING:
+ element_spec[protocol] = dict(choices=['enabled', 'disabled'])
+ return element_spec
+
+ def init_module(self):
+ """ Ansible module initialization
+ """
+ element_spec = self._get_element_spec()
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True
+ )
+
+ def get_required_config(self):
+ self._required_config = dict()
+ module_params = self._module.params
+ for key, val in iteritems(module_params):
+ if key in self.PROTOCOL_MAPPING and val is not None:
+ self._required_config[key] = val
+
+ def _get_protocols(self):
+ return show_cmd(self._module, "show protocols")
+
+ def _get_ip_routing(self):
+ return show_cmd(self._module, 'show ip routing | include "IP routing"',
+ json_fmt=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ protocols_config = self._get_protocols()
+ if not protocols_config:
+ protocols_config = dict()
+ ip_config = self._get_ip_routing()
+ if ip_config:
+ lines = ip_config.split('\n')
+ for line in lines:
+ line = line.strip()
+ line_attr = line.split(':')
+ if len(line_attr) == 2:
+ attr = line_attr[0].strip()
+ val = line_attr[1].strip()
+ protocols_config[attr] = val
+ for protocol, protocol_metadata in iteritems(self.PROTOCOL_MAPPING):
+ protocol_json_attr = protocol_metadata['name']
+ val = protocols_config.get(protocol_json_attr, 'disabled')
+ if val not in ('enabled', 'disabled'):
+ val = 'enabled'
+ self._current_config[protocol] = val
+
+ def generate_commands(self):
+ for protocol, req_val in iteritems(self._required_config):
+ protocol_metadata = self.PROTOCOL_MAPPING[protocol]
+ curr_val = self._current_config.get(protocol, 'disabled')
+ if curr_val != req_val:
+ if req_val == 'disabled':
+ command = protocol_metadata['disable']
+ else:
+ command = protocol_metadata['enable']
+ self._commands.append(command)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxProtocolModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_global.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_global.py
new file mode 100644
index 000000000..1a7314e2a
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_global.py
@@ -0,0 +1,202 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_ptp_global
+author: "Anas Badaha (@anasb)"
+short_description: Configures PTP Global parameters
+description:
+ - This module provides declarative management of PTP Global configuration
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.8130
+ ptp and ntp protocols cannot be enabled at the same time
+options:
+ ptp_state:
+ description:
+ - PTP state.
+ choices: ['enabled', 'disabled']
+ default: enabled
+ ntp_state:
+ description:
+ - NTP state.
+ choices: ['enabled', 'disabled']
+ domain:
+ description:
+ - "set PTP domain number Range 0-127"
+ primary_priority:
+ description:
+ - "set PTP primary priority Range 0-225"
+ secondary_priority:
+ description:
+ - "set PTP secondary priority Range 0-225"
+'''
+
+EXAMPLES = """
+- name: Configure PTP
+ onyx_ptp_global:
+ ntp_state: enabled
+ ptp_state: disabled
+ domain: 127
+ primary_priority: 128
+ secondary_priority: 128
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - no ntp enable
+ - protocol ptp
+ - ptp domain 127
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxPtpGlobalModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ ntp_state=dict(choices=['enabled', 'disabled']),
+ ptp_state=dict(choices=['enabled', 'disabled'], default='enabled'),
+ domain=dict(type=int),
+ primary_priority=dict(type=int),
+ secondary_priority=dict(type=int)
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self._validate_param_values(self._required_config)
+
+ def _validate_param_values(self, obj, param=None):
+ super(OnyxPtpGlobalModule, self).validate_param_values(obj, param)
+ if obj['ntp_state'] == 'enabled' and obj['ptp_state'] == 'enabled':
+ self._module.fail_json(msg='PTP State and NTP State Can not be enabled at the same time')
+
+ def validate_domain(self, value):
+ if value and not 0 <= int(value) <= 127:
+ self._module.fail_json(msg='domain must be between 0 and 127')
+
+ def validate_primary_priority(self, value):
+ if value and not 0 <= int(value) <= 255:
+ self._module.fail_json(msg='Primary Priority must be between 0 and 255')
+
+ def validate_secondary_priority(self, value):
+ if value and not 0 <= int(value) <= 255:
+ self._module.fail_json(msg='Secondary Priority must be between 0 and 255')
+
+ def _set_ntp_config(self, ntp_config):
+ ntp_config = ntp_config[0]
+ if not ntp_config:
+ return
+ ntp_state = ntp_config.get('NTP enabled')
+ if ntp_state == "yes":
+ self._current_config['ntp_state'] = "enabled"
+ else:
+ self._current_config['ntp_state'] = "disabled"
+
+ def _set_ptp_config(self, ptp_config):
+ if ptp_config is None:
+ self._current_config['ptp_state'] = 'disabled'
+ else:
+ self._current_config['ptp_state'] = 'enabled'
+ self._current_config['domain'] = int(ptp_config['Domain'])
+ self._current_config['primary_priority'] = int(ptp_config['Priority1'])
+ self._current_config['secondary_priority'] = int(ptp_config['Priority2'])
+
+ def _show_ntp_config(self):
+ cmd = "show ntp configured"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def _show_ptp_config(self):
+ cmd = "show ptp clock"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+
+ ntp_config = self._show_ntp_config()
+ self._set_ntp_config(ntp_config)
+
+ ptp_config = self._show_ptp_config()
+ self._set_ptp_config(ptp_config)
+
+ def generate_commands(self):
+ ntp_state = self._required_config.get("ntp_state")
+ if ntp_state == "enabled":
+ self._enable_ntp()
+ elif ntp_state == "disabled":
+ self._disable_ntp()
+
+ ptp_state = self._required_config.get("ptp_state", "enabled")
+ if ptp_state == "enabled":
+ self._enable_ptp()
+ else:
+ self._disable_ptp()
+
+ domain = self._required_config.get("domain")
+ if domain is not None:
+ curr_domain = self._current_config.get("domain")
+ if domain != curr_domain:
+ self._commands.append('ptp domain %d' % domain)
+
+ primary_priority = self._required_config.get("primary_priority")
+ if primary_priority is not None:
+ curr_primary_priority = self._current_config.get("primary_priority")
+ if primary_priority != curr_primary_priority:
+ self._commands.append('ptp priority1 %d' % primary_priority)
+
+ secondary_priority = self._required_config.get("secondary_priority")
+ if secondary_priority is not None:
+ curr_secondary_priority = self._current_config.get("secondary_priority")
+ if secondary_priority != curr_secondary_priority:
+ self._commands.append('ptp priority2 %d' % secondary_priority)
+
+ def _enable_ptp(self):
+ curr_ptp_state = self._current_config['ptp_state']
+ if curr_ptp_state == 'disabled':
+ self._commands.append('protocol ptp')
+
+ def _disable_ptp(self):
+ curr_ptp_state = self._current_config['ptp_state']
+ if curr_ptp_state == 'enabled':
+ self._commands.append('no protocol ptp')
+
+ def _enable_ntp(self):
+ curr_ntp_state = self._current_config.get('ntp_state')
+ if curr_ntp_state == 'disabled':
+ self._commands.append('ntp enable')
+
+ def _disable_ntp(self):
+ curr_ntp_state = self._current_config['ntp_state']
+ if curr_ntp_state == 'enabled':
+ self._commands.append('no ntp enable')
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxPtpGlobalModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_interface.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_interface.py
new file mode 100644
index 000000000..f3eb1f110
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_ptp_interface.py
@@ -0,0 +1,224 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_ptp_interface
+author: 'Anas Badaha (@anasb)'
+short_description: 'Configures PTP on interface'
+description:
+ - "This module provides declarative management of PTP interfaces configuration
+on Mellanox ONYX network devices."
+notes:
+ - 'Tested on ONYX 3.6.8130'
+ - 'PTP Protocol must be enabled on switch.'
+ - 'Interface must not be a switch port interface.'
+options:
+ name:
+ description:
+ - 'ethernet or vlan interface name that we want to configure PTP on it'
+ required: true
+ state:
+ description:
+ - 'Enable/Disable PTP on Interface'
+ default: enabled
+ choices:
+ - enabled
+ - disabled
+ delay_request:
+ description:
+ - 'configure PTP delay request interval, Range 0-5'
+ announce_interval:
+ description:
+ - 'configure PTP announce setting for interval, Range -3-1'
+ announce_timeout:
+ description:
+ - 'configure PTP announce setting for timeout, Range 2-10'
+ sync_interval:
+ description:
+ - 'configure PTP sync interval, Range -7--1'
+'''
+
+EXAMPLES = """
+- name: Configure PTP interface
+ onyx_ptp_interface:
+ state: enabled
+ name: Eth1/1
+ delay_request: 0
+ announce_interval: -2
+ announce_timeout: 3
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface ethernet 1/16 ptp enable
+ - interface ethernet 1/16 ptp delay-req interval 0
+ - interface ethernet 1/16 ptp announce interval -1
+"""
+
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxPtpInterfaceModule(BaseOnyxModule):
+ IF_ETH_REGEX = re.compile(r"^Eth(\d+\/\d+|Eth\d+\/\d+\d+)$")
+ IF_VLAN_REGEX = re.compile(r"^Vlan (\d+)$")
+
+ IF_TYPE_ETH = "ethernet"
+ IF_TYPE_VLAN = "vlan"
+
+ IF_TYPE_MAP = {
+ IF_TYPE_ETH: IF_ETH_REGEX,
+ IF_TYPE_VLAN: IF_VLAN_REGEX
+ }
+
+ RANGE_ATTR = {
+ "delay_request": (0, 5),
+ "announce_interval": (-3, -1),
+ "announce_timeout": (2, 10),
+ "sync_interval": (-7, -1)
+ }
+
+ _interface_type = None
+ _interface_id = None
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ name=dict(required=True),
+ state=dict(choices=['enabled', 'disabled'], default='enabled'),
+ delay_request=dict(type=int),
+ announce_interval=dict(type=int),
+ announce_timeout=dict(type=int),
+ sync_interval=dict(type=int)
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ @classmethod
+ def _get_interface_type(cls, if_name):
+ if_type = None
+ if_id = None
+ for interface_type, interface_regex in iteritems(cls.IF_TYPE_MAP):
+ match = interface_regex.match(if_name)
+ if match:
+ if_type = interface_type
+ if_id = match.group(1)
+ break
+ return if_type, if_id
+
+ def _set_if_type(self, module_params):
+ if_name = module_params['name']
+ self._interface_type, self._interface_id = self._get_interface_type(if_name)
+ if not self._interface_id:
+ self._module.fail_json(
+ msg='unsupported interface name/type: %s' % if_name)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self._set_if_type(self._required_config)
+ self.validate_param_values(self._required_config)
+
+ def _validate_attr_is_not_none(self, attr_name, attr_value):
+ if attr_value is not None:
+ self._module.fail_json(msg='Can not set %s value on switch while state is disabled' % attr_name)
+
+ def validate_param_values(self, obj, param=None):
+ if obj['state'] == 'disabled':
+ for attr_name in self.RANGE_ATTR:
+ self._validate_attr_is_not_none(attr_name, obj[attr_name])
+ super(OnyxPtpInterfaceModule, self).validate_param_values(obj, param)
+
+ def _validate_range(self, value, attr_name):
+ min_value, max_value = self.RANGE_ATTR[attr_name]
+ if value and not min_value <= int(value) <= max_value:
+ self._module.fail_json(msg='%s value must be between %d and %d' % (attr_name, min_value, max_value))
+
+ def validate_delay_request(self, value):
+ self._validate_range(value, "delay_request")
+
+ def validate_announce_interval(self, value):
+ self._validate_range(value, "announce_interval")
+
+ def validate_announce_timeout(self, value):
+ self._validate_range(value, "announce_timeout")
+
+ def validate_sync_interval(self, value):
+ self._validate_range(value, "sync_interval")
+
+ def _set_ptp_interface_config(self, ptp_interface_config):
+ if ptp_interface_config is None:
+ self._current_config['state'] = 'disabled'
+ return
+ ptp_interface_config = ptp_interface_config[0]
+ self._current_config['state'] = 'enabled'
+ self._current_config['delay_request'] = int(ptp_interface_config['Delay request interval(log mean)'])
+ self._current_config['announce_interval'] = int(ptp_interface_config['Announce interval(log mean)'])
+ self._current_config['announce_timeout'] = int(ptp_interface_config['Announce receipt time out'])
+ self._current_config['sync_interval'] = int(ptp_interface_config['Sync interval(log mean)'])
+
+ def _show_ptp_interface_config(self):
+ cmd = "show ptp interface %s %s" % (self._interface_type, self._interface_id)
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ ptp_interface_config = self._show_ptp_interface_config()
+ self._set_ptp_interface_config(ptp_interface_config)
+
+ def _generate_attr_command(self, attr_name, attr_cmd_name):
+ attr_val = self._required_config.get(attr_name)
+ if attr_val is not None:
+ curr_val = self._current_config.get(attr_name)
+ if attr_val != curr_val:
+ self._commands.append(
+ 'interface %s %s ptp %s %d' % (self._interface_type, self._interface_id, attr_cmd_name, attr_val))
+
+ def generate_commands(self):
+ state = self._required_config.get("state", "enabled")
+ self._gen_ptp_commands(state)
+
+ self._generate_attr_command("delay_request", "delay-req interval")
+ self._generate_attr_command("announce_interval", "announce interval")
+ self._generate_attr_command("announce_timeout", "announce timeout")
+ self._generate_attr_command("sync_interval", "sync interval")
+
+ def _add_if_ptp_cmd(self, req_state):
+ if req_state == 'enabled':
+ if_ptp_cmd = 'interface %s %s ptp enable' % (self._interface_type, self._interface_id)
+ else:
+ if_ptp_cmd = 'no interface %s %s ptp enable' % (self._interface_type, self._interface_id)
+ self._commands.append(if_ptp_cmd)
+
+ def _gen_ptp_commands(self, req_state):
+ curr_state = self._current_config.get('state')
+ if curr_state != req_state:
+ self._add_if_ptp_cmd(req_state)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxPtpInterfaceModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_qos.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_qos.py
new file mode 100644
index 000000000..79074e66d
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_qos.py
@@ -0,0 +1,231 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_qos
+author: "Anas Badaha (@anasb)"
+short_description: Configures QoS
+description:
+ - This module provides declarative management of Onyx QoS configuration
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX 3.6.8130
+options:
+ interfaces:
+ description:
+ - list of interfaces name.
+ required: true
+ trust:
+ description:
+ - trust type.
+ choices: ['L2', 'L3', 'both']
+ default: L2
+ rewrite_pcp:
+ description:
+ - rewrite with type pcp.
+ choices: ['enabled', 'disabled']
+ default: disabled
+ rewrite_dscp:
+ description:
+ - rewrite with type dscp.
+ choices: ['enabled', 'disabled']
+ default: disabled
+'''
+
+EXAMPLES = """
+- name: Configure QoS
+ onyx_QoS:
+ interfaces:
+ - Mpo7
+ - Mpo7
+ trust: L3
+ rewrite_pcp: disabled
+ rewrite_dscp: enabled
+
+- name: Configure QoS
+ onyx_QoS:
+ interfaces:
+ - Eth1/1
+ - Eth1/2
+ trust: both
+ rewrite_pcp: disabled
+ rewrite_dscp: enabled
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface ethernet 1/16 qos trust L3
+ - interface mlag-port-channel 7 qos trust L3
+ - interface port-channel 1 qos trust L3
+ - interface mlag-port-channel 7 qos trust L2
+ - interface mlag-port-channel 7 qos rewrite dscp
+ - interface ethernet 1/16 qos rewrite pcp
+ - interface ethernet 1/1 no qos rewrite pcp
+"""
+
+import re
+from ansible.module_utils.six import iteritems
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxQosModule(BaseOnyxModule):
+ TRUST_CMD = "interface {0} {1} qos trust {2}"
+ NO_REWRITE_PCP_CMD = "interface {0} {1} no qos rewrite pcp"
+ NO_REWRITE_DSCP_CMD = "interface {0} {1} no qos rewrite dscp"
+ REWRITE_PCP_CMD = "interface {0} {1} qos rewrite pcp"
+ REWRITE_DSCP_CMD = "interface {0} {1} qos rewrite dscp"
+
+ REWRITE_PCP = "pcp"
+ REWRITE_DSCP = "dscp"
+
+ IF_ETH_REGEX = re.compile(r"^Eth(\d+\/\d+|Eth\d+\/\d+\d+)$")
+ IF_PO_REGEX = re.compile(r"^Po(\d+)$")
+ MLAG_NAME_REGEX = re.compile(r"^Mpo(\d+)$")
+
+ IF_TYPE_ETH = "ethernet"
+ PORT_CHANNEL = "port-channel"
+ MLAG_PORT_CHANNEL = "mlag-port-channel"
+
+ IF_TYPE_MAP = {
+ IF_TYPE_ETH: IF_ETH_REGEX,
+ PORT_CHANNEL: IF_PO_REGEX,
+ MLAG_PORT_CHANNEL: MLAG_NAME_REGEX
+ }
+
+ def init_module(self):
+ """ initialize module
+ """
+ element_spec = dict(
+ interfaces=dict(type='list', required=True),
+ trust=dict(choices=['L2', 'L3', 'both'], default='L2'),
+ rewrite_pcp=dict(choices=['enabled', 'disabled'], default='disabled'),
+ rewrite_dscp=dict(choices=['enabled', 'disabled'], default='disabled')
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _get_interface_type(self, if_name):
+ if_type = None
+ if_id = None
+ for interface_type, interface_regex in iteritems(self.IF_TYPE_MAP):
+ match = interface_regex.match(if_name)
+ if match:
+ if_type = interface_type
+ if_id = match.group(1)
+ break
+ return if_type, if_id
+
+ def _set_interface_qos_config(self, interface_qos_config, interface, if_type, if_id):
+ interface_qos_config = interface_qos_config[0].get(interface)
+ trust = interface_qos_config[0].get("Trust mode")
+ rewrite_dscp = interface_qos_config[0].get("DSCP rewrite")
+ rewrite_pcp = interface_qos_config[0].get("PCP,DEI rewrite")
+
+ self._current_config[interface] = dict(trust=trust, rewrite_dscp=rewrite_dscp,
+ rewrite_pcp=rewrite_pcp, if_type=if_type, if_id=if_id)
+
+ def _show_interface_qos(self, if_type, interface):
+ cmd = "show qos interface {0} {1}".format(if_type, interface)
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ for interface in self._required_config.get("interfaces"):
+ if_type, if_id = self._get_interface_type(interface)
+ if not if_id:
+ self._module.fail_json(
+ msg='unsupported interface: {0}'.format(interface))
+ interface_qos_config = self._show_interface_qos(if_type, if_id)
+ if interface_qos_config is not None:
+ self._set_interface_qos_config(interface_qos_config, interface, if_type, if_id)
+ else:
+ self._module.fail_json(
+ msg='Interface {0} does not exist on switch'.format(interface))
+
+ def generate_commands(self):
+ trust = self._required_config.get("trust")
+ rewrite_pcp = self._required_config.get("rewrite_pcp")
+ rewrite_dscp = self._required_config.get("rewrite_dscp")
+ for interface in self._required_config.get("interfaces"):
+ ignored1, ignored2, current_trust, if_type, if_id = self._get_current_rewrite_config(interface)
+ self._add_interface_trust_cmds(if_type, if_id, interface, trust, current_trust)
+ self._add_interface_rewrite_cmds(if_type, if_id, interface,
+ rewrite_pcp, rewrite_dscp)
+
+ def _get_current_rewrite_config(self, interface):
+ current_interface_qos_config = self._current_config.get(interface)
+ current_rewrite_pcp = current_interface_qos_config.get('rewrite_pcp')
+ current_rewrite_dscp = current_interface_qos_config.get('rewrite_dscp')
+ if_type = current_interface_qos_config.get("if_type")
+ if_id = current_interface_qos_config.get("if_id")
+ current_trust = current_interface_qos_config.get('trust')
+
+ return current_rewrite_pcp, current_rewrite_dscp, current_trust, if_type, if_id
+
+ def _add_interface_trust_cmds(self, if_type, if_id, interface, trust, current_trust):
+
+ current_rewrite_pcp, current_rewrite_dscp, ignored1, ignored2, ignored3 = self._get_current_rewrite_config(
+ interface)
+
+ if trust == "L3" and trust != current_trust:
+ self._add_no_rewrite_cmd(if_type, if_id, interface, self.REWRITE_DSCP, current_rewrite_dscp)
+ self._commands.append(self.TRUST_CMD.format(if_type, if_id, trust))
+ elif trust == "L2" and trust != current_trust:
+ self._add_no_rewrite_cmd(if_type, if_id, interface, self.REWRITE_PCP, current_rewrite_pcp)
+ self._commands.append(self.TRUST_CMD.format(if_type, if_id, trust))
+ elif trust == "both" and trust != current_trust:
+ self._add_no_rewrite_cmd(if_type, if_id, interface, self.REWRITE_DSCP, current_rewrite_dscp)
+ self._add_no_rewrite_cmd(if_type, if_id, interface, self.REWRITE_PCP, current_rewrite_pcp)
+ self._commands.append(self.TRUST_CMD.format(if_type, if_id, trust))
+
+ def _add_interface_rewrite_cmds(self, if_type, if_id, interface, rewrite_pcp, rewrite_dscp):
+ current_rewrite_pcp, current_rewrite_dscp, ignored1, ignored2, ignored3 = self._get_current_rewrite_config(
+ interface)
+
+ if rewrite_pcp == "enabled" and rewrite_pcp != current_rewrite_pcp:
+ self._commands.append(self.REWRITE_PCP_CMD.format(if_type, if_id))
+ elif rewrite_pcp == "disabled" and rewrite_pcp != current_rewrite_pcp:
+ self._commands.append(self.NO_REWRITE_PCP_CMD.format(if_type, if_id))
+
+ if rewrite_dscp == "enabled" and rewrite_dscp != current_rewrite_dscp:
+ self._commands.append(self.REWRITE_DSCP_CMD.format(if_type, if_id))
+ elif rewrite_dscp == "disabled" and rewrite_dscp != current_rewrite_dscp:
+ self._commands.append(self.NO_REWRITE_DSCP_CMD.format(if_type, if_id))
+
+ def _add_no_rewrite_cmd(self, if_type, if_id, interface, rewrite_type, current_rewrite):
+ if rewrite_type == self.REWRITE_PCP and current_rewrite == "enabled":
+ self._commands.append(self.NO_REWRITE_PCP_CMD.format(if_type, if_id))
+ self._current_config[interface]["rewrite_pcp"] = "disabled"
+ elif rewrite_type == self.REWRITE_DSCP and current_rewrite == "enabled":
+ self._commands.append(self.NO_REWRITE_DSCP_CMD.format(if_type, if_id))
+ self._current_config[interface]["rewrite_dscp"] = "disabled"
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxQosModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp.py
new file mode 100644
index 000000000..895d003aa
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp.py
@@ -0,0 +1,423 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_snmp
+version_added: '0.2.0'
+author: "Sara-Touqan (@sarato)"
+short_description: Manages SNMP general configurations on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of SNMP
+ on Mellanox ONYX network devices.
+options:
+ state_enabled:
+ description:
+ - Enables/Disables the state of the SNMP configuration.
+ type: bool
+ contact_name:
+ description:
+ - Sets the SNMP contact name.
+ type: str
+ location:
+ description:
+ - Sets the SNMP location.
+ type: str
+ communities_enabled:
+ description:
+ - Enables/Disables community-based authentication on the system.
+ type: bool
+ multi_communities_enabled:
+ description:
+ - Enables/Disables multiple communities to be configured.
+ type: bool
+ snmp_communities:
+ type: list
+ description:
+ - List of snmp communities
+ suboptions:
+ community_name:
+ description:
+ - Configures snmp community name.
+ required: true
+ type: str
+ community_type:
+ description:
+ - Add this community as either a read-only or read-write community.
+ choices: ['read-only', 'read-write']
+ type: str
+ state:
+ description:
+ - Used to decide if you want to delete the given snmp community or not
+ choices: ['present', 'absent']
+ type: str
+ notify_enabled:
+ description:
+ - Enables/Disables sending of SNMP notifications (traps and informs) from thee system.
+ type: bool
+ notify_port:
+ description:
+ - Sets the default port to which notifications are sent.
+ type: str
+ notify_community:
+ description:
+ - Sets the default community for SNMP v1 and v2c notifications sent to hosts which do not have a community override set.
+ type: str
+ notify_send_test:
+ description:
+ - Sends a test notification.
+ type: str
+ choices: ['yes','no']
+ notify_event:
+ description:
+ - Specifys which events will be sent as SNMP notifications.
+ type: str
+ choices: ['asic-chip-down', 'dcbx-pfc-port-oper-state-trap', 'insufficient-power', 'mstp-new-bridge-root',
+ 'ospf-lsdb-approaching-overflow', 'sm-stop', 'user-logout', 'cli-line-executed', 'dcbx-pfc-port-peer-state-trap',
+ 'interface-down', 'mstp-new-root-port', 'ospf-lsdb-overflow', 'snmp-authtrap', 'xstp-new-root-bridge',
+ 'cpu-util-high', 'disk-io-high', 'interface-up', 'mstp-topology-change', 'ospf-nbr-state-change',
+ 'temperature-too-high', 'xstp-root-port-change', 'dcbx-ets-module-state-change', 'disk-space-low',
+ 'internal-bus-error', 'netusage-high', 'paging-high', 'topology_change', 'xstp-topology-change',
+ 'dcbx-ets-port-admin-state-trap', 'entity-state-change', 'internal-link-speed-mismatch', 'new_root',
+ 'power-redundancy-mismatch', 'unexpected-cluster-join', 'dcbx-ets-port-oper-state-trap', 'expected-shutdown',
+ 'liveness-failure', 'ospf-auth-fail', 'process-crash', 'unexpected-cluster-leave', 'dcbx-ets-port-peer-state-trap',
+ 'health-module-status', 'low-power', 'ospf-config-error', 'process-exit', 'unexpected-cluster-size',
+ 'dcbx-pfc-module-state-change', 'insufficient-fans', 'low-power-recover', 'ospf-if-rx-bad-packet',
+ 'sm-restart', 'unexpected-shutdown', 'dcbx-pfc-port-admin-state-trap', 'insufficient-fans-recover', 'memusage-high',
+ 'ospf-if-state-change', 'sm-start', 'user-login']
+ engine_id_reset:
+ description:
+ - Sets SNMPv3 engineID to node unique value.
+ type: bool
+ snmp_permissions:
+ type: list
+ description:
+ - Allow SNMPSET requests for items in a MIB.
+ suboptions:
+ state_enabled:
+ description:
+ - Enables/Disables the request.
+ required: true
+ type: bool
+ permission_type:
+ description:
+ - Configures the request type.
+ choices: ['MELLANOX-CONFIG-DB-MIB', 'MELLANOX-EFM-MIB','MELLANOX-POWER-CYCLE','MELLANOX-SW-UPDATE','RFC1213-MIB']
+ type: str
+'''
+
+EXAMPLES = """
+- name: Configure SNMP
+ onyx_snmp:
+ state_enabled: yes
+ contact_name: sara
+ location: Nablus
+ communities_enabled: no
+ multi_communities_enabled: no
+ notify_enabled: yes
+ notify_port: 1
+ notify_community: community_1
+ notify_send_test: yes
+ notify_event: temperature-too-high
+ snmp_communities:
+ - community_name: public
+ community_type: read-only
+ state: absent
+ snmp_permissions:
+ - state_enabled: yes
+ permission_type: MELLANOX-CONFIG-DB-MIB
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - snmp-server enable
+ - no snmp-server enable
+ - snmp-server location <location_name>
+ - snmp-server contact <contact_name>
+ - snmp-server enable communities
+ - no snmp-server enable communities
+ - snmp-server enable mult-communities
+ - no snmp-server enable mult-communities
+ - snmp-server enable notify
+ - snmp-server notify port <port_number>
+ - snmp-server notify community <community_name>
+ - snmp-server notify send-test
+ - snmp-server notify event <event_name>
+ - snmp-server enable set-permission <permission_type>
+ - no snmp-server enable set-permission <permission_type>
+ - snmp-server community <community_name> <community_type>
+ - no snmp-server community <community_name>.
+ - snmp-server engineID reset.
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxSNMPModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ module initialization
+ """
+
+ community_spec = dict(community_name=dict(required=True),
+ community_type=dict(choices=['read-only', 'read-write']),
+ state=dict(choices=['present', 'absent']))
+
+ snmp_permission_spec = dict(state_enabled=dict(type='bool', required=True),
+ permission_type=dict(choices=['MELLANOX-CONFIG-DB-MIB', 'MELLANOX-EFM-MIB', 'MELLANOX-POWER-CYCLE',
+ 'MELLANOX-SW-UPDATE', 'RFC1213-MIB']))
+
+ event_choices = ['asic-chip-down', 'dcbx-pfc-port-oper-state-trap', 'insufficient-power', 'mstp-new-bridge-root',
+ 'ospf-lsdb-approaching-overflow', 'sm-stop', 'user-logout', 'cli-line-executed', 'dcbx-pfc-port-peer-state-trap',
+ 'interface-down', 'mstp-new-root-port', 'ospf-lsdb-overflow', 'snmp-authtrap', 'xstp-new-root-bridge',
+ 'cpu-util-high', 'disk-io-high', 'interface-up', 'mstp-topology-change', 'ospf-nbr-state-change',
+ 'temperature-too-high', 'xstp-root-port-change', 'dcbx-ets-module-state-change', 'disk-space-low',
+ 'internal-bus-error', 'netusage-high', 'paging-high', 'topology_change', 'xstp-topology-change',
+ 'dcbx-ets-port-admin-state-trap', 'entity-state-change', 'internal-link-speed-mismatch', 'new_root',
+ 'power-redundancy-mismatch', 'unexpected-cluster-join', 'dcbx-ets-port-oper-state-trap', 'expected-shutdown',
+ 'liveness-failure', 'ospf-auth-fail', 'process-crash', 'unexpected-cluster-leave', 'dcbx-ets-port-peer-state-trap',
+ 'health-module-status', 'low-power', 'ospf-config-error', 'process-exit', 'unexpected-cluster-size',
+ 'dcbx-pfc-module-state-change', 'insufficient-fans', 'low-power-recover', 'ospf-if-rx-bad-packet',
+ 'sm-restart', 'unexpected-shutdown', 'dcbx-pfc-port-admin-state-trap', 'insufficient-fans-recover', 'memusage-high',
+ 'ospf-if-state-change', 'sm-start', 'user-login']
+ element_spec = dict(
+ state_enabled=dict(type='bool'),
+ contact_name=dict(type='str'),
+ location=dict(type='str'),
+ communities_enabled=dict(type='bool'),
+ multi_communities_enabled=dict(type='bool'),
+ snmp_communities=dict(type='list', elements='dict', options=community_spec),
+ notify_enabled=dict(type='bool'),
+ notify_port=dict(type='str'),
+ notify_community=dict(type='str'),
+ notify_send_test=dict(type='str', choices=['yes', 'no']),
+ notify_event=dict(type='str', choices=event_choices),
+ engine_id_reset=dict(type='bool'),
+ snmp_permissions=dict(type='list', elements='dict', options=snmp_permission_spec)
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _show_snmp_config(self):
+ show_cmds = []
+ cmd = "show snmp"
+ show_cmds.append(show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False))
+ cmd = "show running-config | include snmp"
+ show_cmds.append(show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False))
+ return show_cmds
+
+ def _set_snmp_config(self, all_snmp_config):
+ ro_communities_list = []
+ rw_communities_list = []
+ snmp_config = all_snmp_config[0]
+ if not snmp_config:
+ return
+ if snmp_config.get("SNMP enabled") == 'yes':
+ self._current_config['state_enabled'] = True
+ else:
+ self._current_config['state_enabled'] = False
+ self._current_config['contact_name'] = snmp_config.get("System contact")
+ self._current_config['location'] = snmp_config.get("System location")
+ curr_ro_comm = snmp_config.get("Read-only community")
+ if curr_ro_comm:
+ ro_arr = curr_ro_comm.split(' ')
+ rw_arr = snmp_config.get("Read-write community").split(' ')
+ ro_communities_list = ro_arr[0]
+ rw_communities_list = rw_arr[0]
+ if (len(ro_arr) == 2):
+ self._current_config['communities_enabled'] = False
+ else:
+ self._current_config['communities_enabled'] = True
+ else:
+ read_only_communities = all_snmp_config[1]
+ read_write_communities = all_snmp_config[2]
+ if not read_only_communities:
+ return
+ read_only_comm = read_only_communities.get("Read-only communities")
+ if read_only_comm:
+ self._current_config['communities_enabled'] = True
+ ro_communities_list = read_only_comm[0].get("Lines")
+ else:
+ self._current_config['communities_enabled'] = False
+ ro_comm_disabled = read_only_communities.get("Read-only communities (DISABLED)")
+ if ro_comm_disabled:
+ ro_communities_list = ro_comm_disabled[0].get("Lines")
+ if not read_write_communities:
+ return
+ read_write_comm = read_write_communities.get("Read-write communities")
+ if read_write_comm:
+ self._current_config['communities_enabled'] = True
+ rw_communities_list = read_write_comm[0].get("Lines")
+ else:
+ self._current_config['communities_enabled'] = False
+ rw_comm_disabled = read_write_communities.get("Read-write communities (DISABLED)")
+ if rw_comm_disabled:
+ rw_communities_list = rw_comm_disabled[0].get("Lines")
+ self._current_config['ro_communities_list'] = ro_communities_list
+ self._current_config['rw_communities_list'] = rw_communities_list
+
+ def _set_snmp_running_config(self, snmp_running_config):
+ self._current_config['multi_comm_enabled'] = True
+ self._current_config['notify_enabled'] = True
+ curr_config_arr = []
+ snmp_lines = snmp_running_config.get('Lines')
+ for runn_config in snmp_lines:
+ curr_config_arr.append(runn_config.strip())
+ if 'no snmp-server enable mult-communities' in snmp_lines:
+ self._current_config['multi_comm_enabled'] = False
+ if 'no snmp-server enable notify' in snmp_lines:
+ self._current_config['notify_enabled'] = False
+ self._current_config['snmp_running_config'] = curr_config_arr
+
+ def load_current_config(self):
+ self._current_config = dict()
+ snmp_config = self._show_snmp_config()
+ if snmp_config[0]:
+ self._set_snmp_config(snmp_config[0])
+ if snmp_config[1]:
+ self._set_snmp_running_config(snmp_config[1])
+
+ def generate_commands(self):
+ current_state = self._current_config.get("state_enabled")
+ state = current_state
+ req_state = self._required_config.get("state_enabled")
+ if req_state is not None:
+ state = req_state
+ if state is not None:
+ if current_state != state:
+ if state is True:
+ self._commands.append('snmp-server enable')
+ else:
+ self._commands.append('no snmp-server enable')
+
+ contact_name = self._required_config.get("contact_name")
+ if contact_name:
+ current_contact_name = self._current_config.get("contact_name")
+ if contact_name is not None:
+ if current_contact_name != contact_name:
+ self._commands.append('snmp-server contact {0}' .format(contact_name))
+
+ location = self._required_config.get("location")
+ if location:
+ current_location = self._current_config.get("location")
+ if location is not None:
+ if current_location != location:
+ self._commands.append('snmp-server location {0}' .format(location))
+
+ communities_enabled = self._required_config.get("communities_enabled")
+ if communities_enabled is not None:
+ current_communities_enabled = self._current_config.get("communities_enabled")
+ if communities_enabled is not None:
+ if current_communities_enabled != communities_enabled:
+ if communities_enabled is True:
+ self._commands.append('snmp-server enable communities')
+ else:
+ self._commands.append('no snmp-server enable communities')
+
+ ro_communities = self._current_config.get("ro_communities_list")
+ rw_communities = self._current_config.get("rw_communities_list")
+ snmp_communities = self._required_config.get("snmp_communities")
+ if snmp_communities:
+ if snmp_communities is not None:
+ for community in snmp_communities:
+ community_name = community.get("community_name")
+ state = community.get("state")
+ if state:
+ if state == 'absent':
+ self._commands.append('no snmp-server community {0}' .format(community_name))
+ continue
+ community_type = community.get("community_type")
+ if community_type:
+ if community_type == 'read-only':
+ if community_name not in ro_communities:
+ self._commands.append('snmp-server community {0} ro' .format(community_name))
+ else:
+ if community_name not in rw_communities:
+ self._commands.append('snmp-server community {0} rw' .format(community_name))
+ else:
+ if community_name not in ro_communities:
+ self._commands.append('snmp-server community {0}' .format(community_name))
+
+ engine_id_reset = self._required_config.get("engine_id_reset")
+ if engine_id_reset is not None:
+ if engine_id_reset:
+ self._commands.append('snmp-server engineID reset')
+
+ current_multi_comm_state = self._current_config.get("multi_comm_enabled")
+ multi_communities_enabled = self._required_config.get("multi_communities_enabled")
+ if multi_communities_enabled is not None:
+ if current_multi_comm_state != multi_communities_enabled:
+ if multi_communities_enabled is True:
+ self._commands.append('snmp-server enable mult-communities')
+ else:
+ self._commands.append('no snmp-server enable mult-communities')
+
+ notify_enabled = self._required_config.get("notify_enabled")
+ if notify_enabled is not None:
+ current_notify_state = self._current_config.get("notify_enabled")
+ if current_notify_state != notify_enabled:
+ if notify_enabled is True:
+ self._commands.append('snmp-server enable notify')
+ else:
+ self._commands.append('no snmp-server enable notify')
+
+ snmp_permissions = self._required_config.get("snmp_permissions")
+ if snmp_permissions is not None:
+ for permission in snmp_permissions:
+ permission_type = permission.get('permission_type')
+ if permission.get('state_enabled') is True:
+ self._commands.append('snmp-server enable set-permission {0}' .format(permission_type))
+ else:
+ self._commands.append('no snmp-server enable set-permission {0}' .format(permission_type))
+
+ snmp_running_config = self._current_config.get("snmp_running_config")
+ notify_port = self._required_config.get("notify_port")
+ if notify_port is not None:
+ notified_cmd = 'snmp-server notify port {0}' .format(notify_port)
+ if notified_cmd not in snmp_running_config:
+ self._commands.append('snmp-server notify port {0}' .format(notify_port))
+
+ notify_community = self._required_config.get("notify_community")
+ if notify_community is not None:
+ notified_cmd = 'snmp-server notify community {0}' .format(notify_community)
+ if notified_cmd not in snmp_running_config:
+ self._commands.append('snmp-server notify community {0}' .format(notify_community))
+
+ notify_send_test = self._required_config.get("notify_send_test")
+ if notify_send_test is not None:
+ if notify_send_test == 'yes':
+ self._commands.append('snmp-server notify send-test')
+
+ notify_event = self._required_config.get("notify_event")
+ if notify_event is not None:
+ self._commands.append('snmp-server notify event {0}' .format(notify_event))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxSNMPModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_hosts.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_hosts.py
new file mode 100644
index 000000000..93facf7dd
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_hosts.py
@@ -0,0 +1,421 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_snmp_hosts
+version_added: '0.2.0'
+author: "Sara Touqan (@sarato)"
+short_description: Configures SNMP host parameters
+description:
+ - This module provides declarative management of SNMP hosts protocol params
+ on Mellanox ONYX network devices.
+options:
+ hosts:
+ type: list
+ description:
+ - List of snmp hosts
+ suboptions:
+ name:
+ description:
+ - Specifies the name of the host.
+ required: true
+ type: str
+ enabled:
+ description:
+ - Temporarily Enables/Disables sending of all notifications to this host.
+ type: bool
+ notification_type:
+ description:
+ - Configures the type of sending notification to the specified host.
+ choices: ['trap', 'inform']
+ type: str
+ port:
+ description:
+ - Overrides default target port for this host.
+ type: str
+ version:
+ description:
+ - Specifys SNMP version of informs to send.
+ choices: ['1', '2c', '3']
+ type: str
+ user_name:
+ description:
+ - Specifys username for this inform sink.
+ type: str
+ auth_type:
+ description:
+ - Configures SNMP v3 security parameters, specifying passwords in a nother parameter (auth_password) (passwords are always stored encrypted).
+ choices: ['md5', 'sha', 'sha224', 'sha256', 'sha384', 'sha512']
+ type: str
+ auth_password:
+ description:
+ - The password needed to configure the auth type.
+ type: str
+ privacy_type:
+ description:
+ - Specifys SNMP v3 privacy settings for this user.
+ choices: ['3des', 'aes-128', 'aes-192', 'aes-192-cfb', 'aes-256', 'aes-256-cfb', 'des']
+ type: str
+ privacy_password:
+ description:
+ - The password needed to configure the privacy type.
+ type: str
+ state:
+ description:
+ - Used to decide if you want to delete the specified host or not.
+ choices: ['present' , 'absent']
+ type: str
+'''
+
+EXAMPLES = """
+- name: Enables snmp host
+ onyx_snmp_hosts:
+ hosts:
+ - name: 1.1.1.1
+ enabled: true
+
+- name: Configures snmp host with version 2c
+ onyx_snmp_hosts:
+ hosts:
+ - name: 2.3.2.4
+ enabled: true
+ notification_type: trap
+ port: 66
+ version: 2c
+
+- name: Configures snmp host with version 3 and configures it with user as sara
+ onyx_snmp_hosts:
+ hosts:
+ - name: 2.3.2.4
+ enabled: true
+ notification_type: trap
+ port: 66
+ version: 3
+ user_name: sara
+ auth_type: sha
+ auth_password: jnbdfijbdsf
+ privacy_type: 3des
+ privacy_password: nojfd8uherwiugfh
+
+- name: Deletes the snmp host
+ onyx_snmp_hosts:
+ hosts:
+ - name: 2.3.2.4
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - snmp-server host <host_name> disable
+ - no snmp-server host <host_name> disable
+ - snmp-server host <host_name> informs port <port_number> version <version_number>
+ - snmp-server host <host_name> traps port <port_number> version <version_number>
+ - snmp-server host <host_name> informs port <port_number> version <version_number> user <user_name> auth <auth_type>
+ <auth_password> priv <privacy_type> <privacy_password>
+ - snmp-server host <host_name> traps port <port_number> version <version_number> user <user_name> auth <auth_type>
+ <auth_password> priv <privacy_type> <privacy_password>
+ - no snmp-server host <host_name>.
+"""
+
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxSNMPHostsModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ initialize module
+ """
+ host_spec = dict(name=dict(required=True),
+ enabled=dict(type='bool'),
+ notification_type=dict(type='str', choices=['trap', 'inform']),
+ port=dict(type='str'),
+ version=dict(type='str', choices=['1', '2c', '3']),
+ user_name=dict(type='str'),
+ auth_type=dict(type='str', choices=['md5', 'sha', 'sha224', 'sha256', 'sha384', 'sha512']),
+ privacy_type=dict(type='str', choices=['3des', 'aes-128', 'aes-192', 'aes-192-cfb', 'aes-256', 'aes-256-cfb', 'des']),
+ privacy_password=dict(type='str', no_log=True),
+ auth_password=dict(type='str', no_log=True),
+ state=dict(type='str', choices=['present', 'absent'])
+ )
+ element_spec = dict(
+ hosts=dict(type='list', elements='dict', options=host_spec),
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def validate_snmp_required_params(self):
+ req_hosts = self._required_config.get("hosts")
+ if req_hosts:
+ for host in req_hosts:
+ version = host.get('version')
+ if version:
+ if version == '3':
+ if host.get('user_name') is None or host.get('auth_type') is None or host.get('auth_password') is None:
+ self._module.fail_json(msg='user_name, auth_type and auth_password are required when version number is 3.')
+
+ if host.get('notification_type') is not None:
+ if host.get('version') is None or host.get('port') is None:
+ self._module.fail_json(msg='port and version are required when notification_type is provided.')
+
+ if host.get('auth_type') is not None:
+ if host.get('auth_password') is None:
+ self._module.fail_json(msg='auth_password is required when auth_type is provided.')
+
+ if host.get('privacy_type') is not None:
+ if host.get('privacy_password') is None:
+ self._module.fail_json(msg='privacy_password is required when privacy_type is provided.')
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+ self.validate_snmp_required_params()
+
+ def _set_host_config(self, hosts_config):
+ hosts = hosts_config.get('Notification sinks')
+ if hosts[0].get('Lines'):
+ self._current_config['current_hosts'] = dict()
+ self._current_config['host_names'] = []
+ return
+
+ current_hosts = dict()
+ host_names = []
+ for host in hosts:
+ host_info = dict()
+ for host_name in host:
+ host_names.append(host_name)
+ enabled = True
+ first_entry = host.get(host_name)[0]
+ if first_entry:
+ if first_entry.get('Enabled') == 'no':
+ enabled = False
+ notification_type = first_entry.get('Notification type')
+ notification_type = notification_type.split()
+ host_info['notification_type'] = notification_type[2]
+ version = notification_type[1][1:]
+ host_info['port'] = first_entry.get('Port')
+ host_info['name'] = host_name
+ host_info['enabled'] = enabled
+ host_info['version'] = version
+ if first_entry.get('Community') is None:
+ if len(first_entry) == 8:
+ host_info['user_name'] = first_entry.get('Username')
+ host_info['auth_type'] = first_entry.get('Authentication type')
+ host_info['privacy_type'] = first_entry.get('Privacy type')
+ elif len(host.get(host_name)) == 2:
+ second_entry = host.get(host_name)[1]
+ host_info['user_name'] = second_entry.get('Username')
+ host_info['auth_type'] = second_entry.get('Authentication type')
+ host_info['privacy_type'] = second_entry.get('Privacy type')
+ else:
+ host_info['user_name'] = ''
+ host_info['auth_type'] = ''
+ host_info['privacy_type'] = ''
+ else:
+ host_info['user_name'] = ''
+ host_info['auth_type'] = ''
+ host_info['privacy_type'] = ''
+ current_hosts[host_name] = host_info
+ self._current_config['current_hosts'] = current_hosts
+ self._current_config['host_names'] = host_names
+
+ def _show_hosts_config(self):
+ cmd = "show snmp host"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ hosts_config = self._show_hosts_config()
+ if hosts_config[1]:
+ self._set_host_config(hosts_config[1])
+
+ def generate_snmp_commands_with_current_config(self, host):
+ host_id = host.get('name')
+ host_notification_type = host.get('notification_type')
+ host_enabled = host.get("enabled")
+ host_port = host.get('port')
+ host_version = host.get('version')
+ host_username = host.get('user_name')
+ host_auth_type = host.get('auth_type')
+ host_auth_pass = host.get('auth_password')
+ host_priv_type = host.get('privacy_type')
+ host_priv_pass = host.get('privacy_password')
+ present_state = host.get('state')
+ current_hosts = self._current_config.get("current_hosts")
+ current_entry = current_hosts.get(host_id)
+ if present_state is not None:
+ if present_state == 'absent':
+ self._commands.append('no snmp-server host {0}' .format(host_id))
+ return
+ if host_enabled is not None:
+ if current_entry.get('enabled') != host_enabled:
+ if host_enabled is True:
+ self._commands.append('no snmp-server host {0} disable' .format(host_id))
+ else:
+ self._commands.append('snmp-server host {0} disable' .format(host_id))
+ if host_notification_type is not None:
+ current_port = current_entry.get('port')
+ current_version = current_entry.get('version')
+ current_priv_type = current_entry.get('privacy_type')
+ current_username = current_entry.get('user_name')
+ current_auth_type = current_entry.get('auth_type')
+ current_noti_type = current_entry.get('notification_type')
+ if host_port is not None:
+ if host_version is not None:
+ if host_version == '3':
+ if (host_priv_type is not None and host_priv_pass is not None):
+ if((current_noti_type != host_notification_type) or
+ ((current_port != host_port)) or
+ (current_version != host_version) or
+ (current_priv_type != host_priv_type) or
+ (current_username != host_username) or
+ (current_auth_type != host_auth_type)):
+ self._commands.append('snmp-server host {0} {1}s port {2} version {3} user {4} auth {5} {6} priv {7} {8}'
+ .format(host_id, host_notification_type, host_port,
+ host_version, host_username, host_auth_type, host_auth_pass,
+ host_priv_type, host_priv_pass))
+ else:
+ if((current_noti_type != host_notification_type) or
+ ((current_port != host_port)) or
+ (current_version != host_version) or
+ (current_username != host_username) or
+ (current_auth_type != host_auth_type)):
+ self._commands.append('snmp-server host {0} {1}s port {2} version {3} user {4} auth {5} {6}'
+ .format(host_id, host_notification_type,
+ host_port, host_version, host_username,
+ host_auth_type, host_auth_pass))
+ else:
+ if((current_noti_type != host_notification_type) or
+ ((current_port != host_port)) or
+ (current_version != host_version)):
+ self._commands.append('snmp-server host {0} {1}s port {2} version {3}'
+ .format(host_id, host_notification_type,
+ host_port, host_version))
+ else:
+ if ((current_noti_type != host_notification_type) or
+ ((current_port != host_port))):
+ self._commands.append('snmp-server host {0} {1}s port {2}'
+ .format(host_id, host_notification_type, host_port))
+ else:
+ if host_version is not None:
+ if host_version == '3':
+ if (host_priv_type is not None and host_priv_pass is not None):
+ if ((current_noti_type != host_notification_type) or
+ ((current_version != host_version)) or
+ (current_username != host_username) or
+ ((current_auth_type != host_auth_type)) or
+ (current_priv_type != host_priv_type)):
+ self._commands.append('snmp-server host {0} {1}s version {2} user {3} auth {4} {5} priv {6} {7}'
+ .format(host_id, host_notification_type, host_version, host_username,
+ host_auth_type, host_auth_pass, host_priv_type, host_priv_pass))
+
+ else:
+ if ((current_noti_type != host_notification_type) or
+ ((current_version != host_version)) or
+ (current_username != host_username) or
+ ((current_auth_type != host_auth_type))):
+ self._commands.append('snmp-server host {0} {1}s version {2} user {3} auth {4} {5}'
+ .format(host_id, host_notification_type,
+ host_version, host_username, host_auth_type, host_auth_pass))
+
+ else:
+ if ((current_noti_type != host_notification_type) or
+ ((current_version != host_version))):
+ self._commands.append('snmp-server host {0} {1}s version {2}' .format(host_id,
+ host_notification_type, host_version))
+
+ def generate_snmp_commands_without_current_config(self, host):
+ host_id = host.get('name')
+ host_notification_type = host.get('notification_type')
+ host_enabled = host.get("enabled")
+ host_port = host.get('port')
+ host_version = host.get('version')
+ host_username = host.get('user_name')
+ host_auth_type = host.get('auth_type')
+ host_auth_pass = host.get('auth_password')
+ host_priv_type = host.get('privacy_type')
+ host_priv_pass = host.get('privacy_password')
+ present_state = host.get('state')
+ present_state = host.get('state')
+ if present_state is not None:
+ if present_state == 'absent':
+ return
+ if host_enabled is not None:
+ if host_enabled is True:
+ self._commands.append('no snmp-server host {0} disable' .format(host_id))
+ else:
+ self._commands.append('snmp-server host {0} disable' .format(host_id))
+
+ if host_notification_type is not None:
+ if host_port is not None:
+ if host_version is not None:
+ if host_version == '3':
+ if (host_priv_type is not None and host_priv_pass is not None):
+ self._commands.append('snmp-server host {0} {1}s port {2} version {3} user {4} auth {5} {6} priv {7} {8}'
+ .format(host_id, host_notification_type, host_port, host_version, host_username,
+ host_auth_type, host_auth_pass, host_priv_type, host_priv_pass))
+ else:
+ self._commands.append('snmp-server host {0} {1}s port {2} version {3} user {4} auth {5} {6}'
+ .format(host_id, host_notification_type, host_port, host_version, host_username,
+ host_auth_type, host_auth_pass))
+ else:
+ self._commands.append('snmp-server host {0} {1}s port {2} version {3}' .format(host_id,
+ host_notification_type, host_port, host_version))
+ else:
+ self._commands.append('snmp-server host {0} {1}s port {2}' .format(host_id,
+ host_notification_type, host_port))
+ else:
+ if host_version is not None:
+ if host_version == '3':
+ if (host_priv_type is not None and host_priv_pass is not None):
+ self._commands.append('snmp-server host {0} {1}s version {2} user {3} auth {4} {5} priv {6} {7}'
+ .format(host_id, host_notification_type, host_version, host_username,
+ host_auth_type, host_auth_pass, host_priv_type, host_priv_pass))
+ else:
+ self._commands.append('snmp-server host {0} {1}s version {2} user {3} auth {4} {5}' .format(host_id,
+ host_notification_type, host_version, host_username,
+ host_auth_type, host_auth_pass))
+ else:
+ self._commands.append('snmp-server host {0} {1}s version {2}' .format(host_id,
+ host_notification_type, host_version))
+
+ def generate_commands(self):
+ req_hosts = self._required_config.get("hosts")
+ host_names = self._current_config.get("host_names")
+
+ if req_hosts:
+ for host in req_hosts:
+ host_id = host.get('name')
+ if host_id:
+ if host_names and (host_id in host_names):
+ self.generate_snmp_commands_with_current_config(host)
+ else:
+ self.generate_snmp_commands_without_current_config(host)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxSNMPHostsModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_users.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_users.py
new file mode 100644
index 000000000..947442291
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_snmp_users.py
@@ -0,0 +1,274 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_snmp_users
+version_added: '0.2.0'
+author: "Sara Touqan (@sarato)"
+short_description: Configures SNMP User parameters
+description:
+ - This module provides declarative management of SNMP Users protocol params
+ on Mellanox ONYX network devices.
+options:
+ users:
+ type: list
+ description:
+ - List of snmp users
+ suboptions:
+ name:
+ description:
+ - Specifies the name of the user.
+ required: true
+ type: str
+ enabled:
+ description:
+ - Enables/Disables SNMP v3 access for the user.
+ type: bool
+ set_access_enabled:
+ description:
+ - Enables/Disables SNMP SET requests for the user.
+ type: bool
+ require_privacy:
+ description:
+ - Enables/Disables the Require privacy (encryption) for requests from this user
+ type: bool
+ auth_type:
+ description:
+ - Configures the hash type used to configure SNMP v3 security parameters.
+ choices: ['md5', 'sha', 'sha224', 'sha256', 'sha384', 'sha512']
+ type: str
+ auth_password:
+ description:
+ - The password needed to configure the hash type.
+ type: str
+ capability_level:
+ description:
+ - Sets capability level for SET requests.
+ choices: ['admin','monitor','unpriv','v_admin']
+ type: str
+'''
+
+EXAMPLES = """
+- name: Enables snmp user
+ onyx_snmp_users:
+ users:
+ - name: sara
+ enabled: true
+
+- name: Enables snmp set requests
+ onyx_snmp_users:
+ users:
+ - name: sara
+ set_access_enabled: yes
+
+- name: Enables user require privacy
+ onyx_snmp_users:
+ users:
+ - name: sara
+ require_privacy: true
+
+- name: Configures user hash type
+ onyx_snmp_users:
+ users:
+ - auth_type: md5
+ auth_password: 1297sara1234sara
+
+- name: Configures user capability_level
+ onyx_snmp_users:
+ users:
+ - name: sara
+ capability_level: admin
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - snmp-server user <user_name> v3 enable
+ - no snmp-server user <user_name> v3 enable
+ - snmp-server user <user_name> v3 enable sets
+ - no snmp-server user <user_name> v3 enable sets
+ - snmp-server user <user_name> v3 require-privacy
+ - no snmp-server user <user_name> v3 require-privacy
+ - snmp-server user <user_name> v3 capability <capability_level>
+ - snmp-server user <user_name> v3 auth <hash_type> <password>
+"""
+
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxSNMPUsersModule(BaseOnyxModule):
+
+ def init_module(self):
+ """ initialize module
+ """
+ user_spec = dict(name=dict(required=True),
+ enabled=dict(type='bool'),
+ set_access_enabled=dict(type='bool'),
+ require_privacy=dict(type='bool'),
+ auth_type=dict(type='str', choices=['md5', 'sha', 'sha224', 'sha256', 'sha384', 'sha512']),
+ auth_password=dict(type='str'),
+ capability_level=dict(type='str', choices=['admin', 'monitor', 'unpriv', 'v_admin']),
+ )
+ element_spec = dict(
+ users=dict(type='list', elements='dict', options=user_spec),
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _set_snmp_config(self, users_config):
+ if users_config[0]:
+ if users_config[0].get('Lines'):
+ return
+ current_users = []
+ count = 0
+ enabled = True
+ set_access_enabled = True
+ require_privacy = True
+ auth_type = ''
+ capability_level = ''
+ name = ''
+ all_users_names = []
+ for user in users_config:
+ user_dict = {}
+ entry_dict = {}
+ for entry in user:
+ name = entry.split()[2]
+ if user.get(entry):
+ if user.get(entry)[0]:
+ enabled = user.get(entry)[0].get('Enabled overall')
+ if enabled == 'no':
+ enabled = False
+ else:
+ enabled = True
+ set_access_enabled = user.get(entry)[1].get('SET access')[0].get('Enabled')
+ if set_access_enabled == 'no':
+ set_access_enabled = False
+ else:
+ set_access_enabled = True
+ require_privacy = user.get(entry)[0].get('Require privacy')
+ if require_privacy == 'yes':
+ require_privacy = True
+ else:
+ require_privacy = False
+ capability_level = user.get(entry)[1].get('SET access')[0].get('Capability level')
+ auth_type = user.get(entry)[0].get('Authentication type')
+ user_dict['enabled'] = enabled
+ user_dict['set_access_enabled'] = set_access_enabled
+ user_dict['auth_type'] = auth_type
+ user_dict['capability_level'] = capability_level
+ user_dict['require_privacy'] = require_privacy
+ entry_dict[name] = user_dict
+ all_users_names.append(name)
+ current_users.append(entry_dict)
+ self._current_config['users'] = current_users
+ self._current_config['current_names'] = all_users_names
+
+ def _show_users(self):
+ cmd = "show snmp user"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ users_config = self._show_users()
+ if users_config:
+ self._set_snmp_config(users_config)
+
+ def generate_commands(self):
+ req_uers = self._required_config.get("users")
+ current_users = self._current_config.get("users")
+ current_names = self._current_config.get("current_names")
+ if req_uers:
+ for user in req_uers:
+ user_id = user.get('name')
+ if user_id:
+ if current_names and (user_id in current_names):
+ for user_entry in current_users:
+ for user_name in user_entry:
+ if user_name == user_id:
+ user_state = user.get("enabled")
+ user_entry_name = user_entry.get(user_name)
+ if user_state is not None:
+ if user_state != user_entry_name.get("enabled"):
+ if user_state is True:
+ self._commands.append('snmp-server user {0} v3 enable' .format(user_id))
+ else:
+ self._commands.append('no snmp-server user {0} v3 enable' .format(user_id))
+ set_state = user.get("set_access_enabled")
+ if set_state is not None:
+ if set_state != user_entry_name.get("set_access_enabled"):
+ if set_state is True:
+ self._commands.append('snmp-server user {0} v3 enable sets' .format(user_id))
+ else:
+ self._commands.append('no snmp-server user {0} v3 enable sets' .format(user_id))
+ auth_type = user.get("auth_type")
+ if auth_type is not None:
+ if user.get("auth_password") is not None:
+ if auth_type != user_entry_name.get("auth_type"):
+ self._commands.append('snmp-server user {0} v3 auth {1} {2}'
+ .format(user_id, user.get('auth_type'), user.get('auth_password')))
+ cap_level = user.get("capability_level")
+ if cap_level is not None:
+ if cap_level != user_entry_name.get("capability_level"):
+ self._commands.append('snmp-server user {0} v3 capability {1}'
+ .format(user_id, user.get('capability_level')))
+ req_priv = user.get("require_privacy")
+ if req_priv is not None:
+ if req_priv != user_entry_name.get("require_privacy"):
+ if req_priv is True:
+ self._commands.append('snmp-server user {0} v3 require-privacy' .format(user_id))
+ else:
+ self._commands.append('no snmp-server user {0} v3 require-privacy' .format(user_id))
+
+ else:
+ user_state = user.get("enabled")
+ if user_state is not None:
+ if user_state is True:
+ self._commands.append('snmp-server user {0} v3 enable' .format(user_id))
+ else:
+ self._commands.append('no snmp-server user {0} v3 enable' .format(user_id))
+ set_state = user.get("set_access_enabled")
+ if set_state is not None:
+ if set_state is True:
+ self._commands.append('snmp-server user {0} v3 enable sets' .format(user_id))
+ else:
+ self._commands.append('no snmp-server user {0} v3 enable sets' .format(user_id))
+ if user.get("capability_level") is not None:
+ self._commands.append('snmp-server user {0} v3 capability {1}' .format(user_id, user.get('capability_level')))
+ req_priv = user.get("require_privacy")
+ if req_priv is not None:
+ if req_priv is True:
+ self._commands.append('snmp-server user {0} v3 require-privacy' .format(user_id))
+ else:
+ self._commands.append('no snmp-server user {0} v3 require-privacy' .format(user_id))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxSNMPUsersModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_files.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_files.py
new file mode 100644
index 000000000..43410b184
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_files.py
@@ -0,0 +1,248 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+module: onyx_syslog_files
+version_added: '0.2.0'
+author: "Anas Shami (@anass)"
+short_description: Configure file management syslog module
+description:
+ - This module provides declarative management of syslog
+ on Mellanox ONYX network devices.
+notes:
+options:
+ debug:
+ description:
+ - Configure settings for debug log files
+ type: bool
+ default: False
+ delete_group:
+ description:
+ - Delete certain log files
+ choices: ['current', 'oldest']
+ type: str
+ rotation:
+ description:
+ - rotation related attributes
+ type: dict
+ suboptions:
+ frequency:
+ description:
+ - Rotate log files on a fixed time-based schedule
+ choices: ['daily', 'weekly', 'monthly']
+ type: str
+ force:
+ description:
+ - force an immediate rotation of log files
+ type: bool
+ max_num:
+ description:
+ - Sepcify max_num of old log files to keep
+ type: int
+ size:
+ description:
+ - Rotate files when they pass max size
+ type: float
+ size_pct:
+ description:
+ - Rotatoe files when they pass percent of HD
+ type: float
+ upload_url:
+ description:
+ - upload local log files to remote host (ftp, scp, sftp, tftp) with format protocol://username[:password]@server/path
+ type: str
+ upload_file:
+ description:
+ - Upload compressed log file (current or filename)
+ type: str
+'''
+
+EXAMPLES = """
+- name: Syslog delete old files
+- onyx_syslog_files:
+ delete_group: oldest
+- name: Syslog upload file
+- onyx_syslog_files:
+ upload_url: scp://username:password@hostnamepath/filename
+ upload_file: current
+- name: Syslog rotation force, frequency and max number
+- onyx_syslog_files:
+ rotation:
+ force: true
+ max_num: 30
+ frequency: daily
+ size: 128
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - logging files delete current
+ - logging files rotate criteria
+ - logging files upload current url
+"""
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxSyslogFilesModule(BaseOnyxModule):
+ MAX_FILES = 999999
+ URL_REGEX = re.compile(
+ r'^(ftp|scp|ftps):\/\/[a-z0-9\.]*:(.*)@(.*):([a-zA-Z\/\/])*$')
+ FREQUANCIES = ['daily', 'weekly', 'monthly']
+ ROTATION_KEYS = ['frequency', 'max_num', 'size', 'size_pct', 'force']
+ ROTATION_CMDS = {'size': 'logging {0} rotation criteria size {1}',
+ 'frequency': 'logging {0} rotation criteria frequency {1}',
+ 'max_num': 'logging {0} rotation max-num {1}',
+ 'size_pct': 'logging {0} rotation criteria size-pct {1}',
+ 'force': 'logging {0} rotation force'}
+
+ def init_module(self):
+ """" Ansible module initialization
+ """
+ rotation_spec = dict(frequency=dict(choices=self.FREQUANCIES),
+ max_num=dict(type="int"),
+ force=dict(type="bool"),
+ size=dict(type="float"),
+ size_pct=dict(type="float"))
+
+ element_spec = dict(delete_group=dict(choices=['oldest', 'current']),
+ rotation=dict(type="dict", options=rotation_spec),
+ upload_file=dict(type="str"),
+ upload_url=dict(type="str"),
+ debug=dict(type="bool", default=False))
+
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ required_together=[['upload_file', 'upload_url']])
+
+ def validate_rotation(self, rotation):
+ size_pct = rotation.get('size_pct', None)
+ max_num = rotation.get('max_num', None)
+ if size_pct is not None and (float(size_pct) < 0 or float(size_pct) > 100):
+ self._module.fail_json(
+ msg='logging size_pct must be in range 0-100')
+ elif max_num is not None and (int(max_num) < 0 or int(max_num) > self.MAX_FILES):
+ self._module.fail_json(
+ msg='logging max_num must be positive number less than {0}'.format(self.MAX_FILES))
+
+ def validate_upload_url(self, upload_url):
+ check = self.URL_REGEX.match(upload_url)
+ if upload_url and not check:
+ self._module.fail_json(
+ msg='Invalid url, make sure that you use "[ftp, scp, tftp, sftp]://username:password@hostname:/location" format')
+
+ def show_logging(self):
+ show_logging = show_cmd(self._module, "show logging", json_fmt=True, fail_on_error=False)
+ running_config = show_cmd(self._module, "show running-config | include .*logging.*debug-files.*", json_fmt=True, fail_on_error=False)
+
+ if len(show_logging) > 0:
+ show_logging[0]['debug'] = running_config['Lines'] if 'Lines' in running_config else []
+ else:
+ show_logging = [{
+ 'debug': running_config['Lines'] if 'Lines' in running_config else []
+ }]
+ return show_logging
+
+ def load_current_config(self):
+ self._current_config = dict()
+ current_config = self.show_logging()[0]
+ freq = current_config.get('Log rotation frequency') # daily (Once per day at midnight)
+ size = current_config.get('Log rotation size threshold') # 19.07 megabytes or 10.000% of partition (987.84 megabytes)
+ max_num = current_config.get('Number of archived log files to keep')
+ if freq is not None:
+ freq_str = freq.split()[0]
+ self._current_config['frequency'] = freq_str
+
+ if size is not None:
+ size_arr = size.split(' ')
+ if '%' in size:
+ size_pct_value = size_arr[0].replace('%', '')
+ self._current_config['size_pct'] = float(size_pct_value)
+ size_value = re.sub(r'(\(|\)|megabytes)', '', size_arr[-2]).strip()
+ self._current_config['size'] = float(size_value)
+ else:
+ size_value = size_arr[0]
+ self._current_config['size'] = float(size_value)
+
+ if max_num is not None:
+ self._current_config['max_num'] = int(max_num)
+
+ '''debug params'''
+ for line in current_config['debug']:
+ if 'size' in line:
+ self._current_config['debug_size'] = float(line.split(' ')[-1])
+ elif 'frequency' in line:
+ self._current_config['debug_frequency'] = line.split(' ')[-1]
+ elif 'size-pct' in line:
+ self._current_config['debug_size_pct'] = float(line.split(' ')[-1])
+ elif 'max-num' in line:
+ self._current_config['debug_max_num'] = int(line.split(' ')[-1])
+
+ def get_required_config(self):
+ self._required_config = dict()
+ required_config = dict()
+ module_params = self._module.params
+
+ delete_group = module_params.get('delete_group')
+ upload_file = module_params.get('upload_file')
+ rotation = module_params.get('rotation')
+ if delete_group:
+ required_config['delete_group'] = delete_group
+ if upload_file:
+ required_config.update({'upload_file': upload_file,
+ 'upload_url': module_params.get('upload_url')})
+ if rotation:
+ required_config['rotation'] = rotation
+ required_config['debug'] = module_params['debug']
+
+ self.validate_param_values(required_config)
+ self._required_config = required_config
+
+ def generate_commands(self):
+ required_config = self._required_config
+ current_config = self._current_config
+
+ logging_files_type = 'debug-files' if required_config['debug'] else 'files'
+ debug_prefix = 'debug_' if required_config['debug'] else ''
+
+ rotation = required_config.get('rotation')
+ if rotation:
+ for key in rotation:
+ if rotation.get(key) and current_config.get(debug_prefix + key) != rotation.get(key):
+ cmd = self.ROTATION_CMDS[key].format(logging_files_type, rotation[key]) if key != 'force' else\
+ self.ROTATION_CMDS[key].format(logging_files_type)
+ self._commands.append(cmd)
+
+ delete_group = required_config.get('delete_group')
+ if delete_group:
+ self._commands.append('logging {0} delete {1}'.format(logging_files_type,
+ delete_group))
+
+ upload_file = required_config.get('upload_file')
+ if upload_file:
+ self._commands.append('logging {0} upload {1} {2}'.format(logging_files_type,
+ upload_file, required_config.get('upload_url')))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxSyslogFilesModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_remote.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_remote.py
new file mode 100644
index 000000000..ca3e45f24
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_syslog_remote.py
@@ -0,0 +1,346 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+module: onyx_syslog_remote
+version_added: '0.2.0'
+author: "Anas Shami (@anass)"
+short_description: Configure remote syslog module
+description:
+ - This module provides declarative management of syslog
+ on Mellanox ONYX network devices.
+notes:
+options:
+ enabled:
+ description:
+ - Disable/Enable logging to given remote host
+ default: true
+ type: bool
+ host:
+ description:
+ - <IP4/IP6 Hostname> Send event logs to this server using the syslog protocol
+ required: true
+ type: str
+ port:
+ description:
+ - Set remote server destination port for log messages
+ type: int
+ trap:
+ description:
+ - Minimum severity level for messages to this syslog server
+ choices: ['none', 'debug', 'info', 'notice', 'alert', 'warning', 'err', 'emerg', 'crit']
+ type: str
+ trap_override:
+ description:
+ - Override log levels for this sink on a per-class basis
+ type: list
+ suboptions:
+ override_class:
+ description:
+ - Specify a class whose log level to override
+ choices: ['mgmt-front', 'mgmt-back', 'mgmt-core', 'events', 'debug-module', 'sx-sdk', 'mlx-daemons', 'protocol-stack']
+ required: True
+ type: str
+ override_priority:
+ description:
+ -Specify a priority whose log level to override
+ choices: ['none', 'debug', 'info', 'notice', 'alert', 'warning', 'err', 'emerg', 'crit']
+ type: str
+ override_enabled:
+ description:
+ - disable override priorities for specific class.
+ default: True
+ type: bool
+
+ filter:
+ description:
+ - Specify a filter type
+ choices: ['include', 'exclude']
+ type: str
+ filter_str:
+ description:
+ - Specify a regex filter string
+ type: str
+'''
+
+EXAMPLES = """
+- name: Remote logging port 8080
+- onyx_syslog_remote:
+ host: 10.10.10.10
+ port: 8080
+
+- name: Remote logging trap override
+- onyx_syslog_remote:
+ host: 10.10.10.10
+ trap_override:
+ - override_class: events
+ override_priority: emerg
+
+- name: Remote logging trap emerg
+- onyx_syslog_remote:
+ host: 10.10.10.10
+ trap: emerg
+
+- name: Remote logging filter include 'ERR'
+- onyx_syslog_remote:
+ host: 10.10.10.10
+ filter: include
+ filter_str: /ERR/
+
+- name: Disable remote logging with class events
+- onyx_syslog_remote:
+ enabled: False
+ host: 10.10.10.10
+ class: events
+- name : disable remote logging
+- onyx_syslog_remote:
+ enabled: False
+ host: 10.10.10.10
+
+- name : enable/disable override class
+- onyx_syslog_remote:
+ host: 10.7.144.71
+ trap_override:
+ - override_class: events
+ override_priority: emerg
+ override_enabled: False
+ - override_class: mgmt-front
+ override_priority: alert
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - logging x port 8080
+ - logging 10.10.10.10 trap override class events priority emerg
+ - no logging 10.10.10.10 trap override class events
+ - logging 10.10.10.10 trap emerg
+ - logging 10.10.10.10 filter [include | exclude] ERR
+"""
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxSyslogRemoteModule(BaseOnyxModule):
+ MAX_PORT = 65535
+ LEVELS = ['none', 'debug', 'info', 'notice', 'alert', 'warning', 'err', 'emerg', 'crit']
+ CLASSES = ['mgmt-front', 'mgmt-back', 'mgmt-core', 'events', 'debug-module', 'sx-sdk', 'mlx-daemons', 'protocol-stack']
+ FILTER = ['include', 'exclude']
+
+ LOGGING_HOST = re.compile(r'^logging ([a-z0-9\.]+)$')
+ LOGGING_PORT = re.compile(r'^logging ([a-z0-9\.]+) port ([0-9]+)$')
+ LOGGING_TRAP = re.compile(r'^logging ([a-z0-9\.]+) trap ([a-z]+)$')
+ LOGGING_TRAP_OVERRIDE = re.compile(r'^logging ([a-z0-9\.]+) trap override class ([a-z\-]+) priority ([a-z]+)$')
+ LOGGING_FILTER = re.compile(r'^logging ([a-z0-9\.]+) filter (include|exclude) "([\D\d]+)"$')
+
+ def init_module(self):
+ """" Ansible module initialization
+ """
+ override_spec = dict(override_priority=dict(choices=self.LEVELS),
+ override_class=dict(choices=self.CLASSES, required=True),
+ override_enabled=dict(default=True, type="bool"))
+
+ element_spec = dict(enabled=dict(type="bool", default=True),
+ host=dict(type="str", required=True),
+ port=dict(type="int"),
+ trap=dict(choices=self.LEVELS),
+ trap_override=dict(type="list", elements='dict', options=override_spec),
+ filter=dict(choices=self.FILTER),
+ filter_str=dict(type="str"))
+
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ required_together=[
+ ['filter', 'filter_str']
+ ])
+
+ def validate_port(self, port):
+ if port and (port < 1 or port > self.MAX_PORT):
+ self._module.fail_json(msg='logging port must be between 1 and {0}'.format(self.MAX_PORT))
+
+ def show_logging(self):
+ # we can't use show logging it has lack of information
+ return show_cmd(self._module, "show running-config | include .*logging.*", json_fmt=False, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ current_config = self.show_logging().split('\n')
+ for line in current_config:
+ line = line.strip()
+ match = self.LOGGING_HOST.match(line)
+ if match:
+ host = match.group(1)
+ self._current_config[host] = dict()
+ continue
+
+ match = self.LOGGING_PORT.match(line)
+ if match:
+ host = match.group(1)
+ port = int(match.group(2))
+ if host in self._current_config:
+ self._current_config[host]['port'] = port
+ else:
+ self._current_config[host] = dict(port=port)
+ continue
+
+ match = self.LOGGING_TRAP.match(line)
+ if match:
+ host = match.group(1)
+ trap = match.group(2)
+ host_config = self._current_config.get(host)
+ if host_config:
+ self._current_config[host]['trap'] = trap
+ else:
+ self._current_config[host] = dict(trap=trap)
+ continue
+
+ match = self.LOGGING_TRAP_OVERRIDE.match(line)
+ if match:
+ host = match.group(1)
+ override_class = match.group(2)
+ override_priority = match.group(3)
+ host_config = self._current_config.get(host)
+
+ if host_config:
+ if 'trap_override' in host_config:
+ self._current_config[host]['trap_override'].append(dict(override_class=override_class, override_priority=override_priority))
+ else:
+ self._current_config[host]['trap_override'] = [dict(override_class=override_class, override_priority=override_priority)]
+ else:
+ self._current_config[host] = {'trap_override': [dict(override_class=override_class, override_priority=override_priority)]}
+ continue
+
+ match = self.LOGGING_FILTER.match(line)
+ if match:
+ host = match.group(1)
+ filter_type = match.group(2)
+ filter_str = match.group(3)
+ if host in self._current_config:
+ self._current_config[host].update({'filter': filter_type, 'filter_str': filter_str})
+ else:
+ self._current_config[host] = dict(filter=filter_type, filter_str=filter_str)
+
+ def get_required_config(self):
+ self._required_config = dict()
+ required_config = dict()
+ module_params = self._module.params
+ port = module_params.get('port')
+ trap = module_params.get('trap')
+ trap_override = module_params.get('trap_override')
+ filtered = module_params.get('filter')
+
+ required_config['host'] = module_params.get('host')
+ required_config['enabled'] = module_params.get('enabled')
+
+ if port:
+ required_config['port'] = port
+ if trap:
+ required_config['trap'] = trap
+ if trap_override:
+ required_config['trap_override'] = trap_override
+ if filtered:
+ required_config['filter'] = filtered
+ required_config['filter_str'] = module_params.get('filter_str', '')
+
+ self.validate_param_values(required_config)
+ self._required_config = required_config
+
+ def generate_commands(self):
+ required_config = self._required_config
+ current_config = self._current_config
+ host = required_config.get('host')
+ enabled = required_config['enabled']
+ '''
+ cases:
+ if host in current config and current config != required config and its enable
+ if host in current config and its disable
+ if host in current and it has override_class with disable flag
+ '''
+ host_config = current_config.get(host, dict())
+
+ if host in current_config and not enabled:
+ self._commands.append('no logging {0}'.format(host))
+ else:
+ if host not in current_config:
+ self._commands.append('logging {0}'.format(host))
+ if 'port' in required_config:
+ if required_config['port'] != host_config.get('port', None) or not host_config:
+ '''Edit/Create new one'''
+ self._commands.append('logging {0} port {1}'.format(host, required_config['port']))
+
+ if 'trap' in required_config or 'trap_override' in required_config:
+ trap_commands = self._get_trap_commands(host)
+ self._commands += trap_commands
+
+ if 'filter' in required_config:
+ is_change = host_config.get('filter', None) != required_config['filter'] or \
+ host_config.get('filter_str', None) != required_config['filter_str']
+ if is_change or not host_config:
+ self._commands.append('logging {0} filter {1} {2}'.format(host, required_config['filter'], required_config['filter_str']))
+
+ ''' ********** private methods ********** '''
+ def _get_trap_commands(self, host):
+ current_config = self._current_config
+ required_config = self._required_config
+ trap_commands = []
+ host_config = current_config.get(host, dict())
+
+ override_list = required_config.get('trap_override')
+ if override_list:
+ current_override_list = host_config.get('trap_override', [])
+
+ for override_trap in override_list:
+ override_class = override_trap.get('override_class')
+ override_priority = override_trap.get('override_priority')
+ override_enabled = override_trap.get('override_enabled')
+ found, found_class = False, False
+ for current_override in current_override_list:
+ if current_override.get('override_class') == override_class:
+ found_class = True
+ if not override_enabled:
+ break
+ if override_priority and current_override.get('override_priority') == override_priority:
+ found = True
+ break
+
+ if override_enabled:
+ if not found and override_priority:
+ trap_commands.append('logging {0} trap override class {1} priority {2}'.format(
+ host, override_class, override_priority))
+ elif found_class: # disabled option will use only class
+ trap_commands.append('no logging {0} trap override class {1}'.format(
+ host, override_class))
+
+ else:
+ if required_config['enabled']: # no disabled option for this, just override trap level can be disabled
+ trap = required_config.get('trap')
+ if trap and (trap != host_config.get('trap', None) or not host_config):
+ trap_commands.append('logging {0} trap {1}'.format(
+ host, trap))
+ '''no disable for trap'''
+
+ return trap_commands
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxSyslogRemoteModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_traffic_class.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_traffic_class.py
new file mode 100644
index 000000000..5b388c5f2
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_traffic_class.py
@@ -0,0 +1,321 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_traffic_class
+author: "Anas Badaha (@anasb)"
+short_description: Configures Traffic Class
+description:
+ - This module provides declarative management of Traffic Class configuration
+ on Mellanox ONYX network devices.
+options:
+ state:
+ description:
+ - enable congestion control on interface.
+ choices: ['enabled', 'disabled']
+ default: enabled
+ interfaces:
+ description:
+ - list of interfaces name.
+ required: true
+ tc:
+ description:
+ - traffic class, range 0-7.
+ required: true
+ congestion_control:
+ description:
+ - configure congestion control on interface.
+ suboptions:
+ control:
+ description:
+ - congestion control type.
+ choices: ['red', 'ecn', 'both']
+ required: true
+ threshold_mode:
+ description:
+ - congestion control threshold mode.
+ choices: ['absolute', 'relative']
+ required: true
+ min_threshold:
+ description:
+ - Set minimum-threshold value (in KBs) for marking traffic-class queue.
+ required: true
+ max_threshold:
+ description:
+ - Set maximum-threshold value (in KBs) for marking traffic-class queue.
+ required: true
+ dcb:
+ description:
+ - configure dcb control on interface.
+ suboptions:
+ mode:
+ description:
+ - dcb control mode.
+ choices: ['strict', 'wrr']
+ required: true
+ weight:
+ description:
+ - Relevant only for wrr mode.
+'''
+
+EXAMPLES = """
+- name: Configure traffic class
+ onyx_traffic_class:
+ interfaces:
+ - Eth1/1
+ - Eth1/2
+ tc: 3
+ congestion_control:
+ control: ecn
+ threshold_mode: absolute
+ min_threshold: 500
+ max_threshold: 1500
+ dcb:
+ mode: strict
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface ethernet 1/15 traffic-class 3 congestion-control ecn minimum-absolute 150 maximum-absolute 1500
+ - interface ethernet 1/16 traffic-class 3 congestion-control ecn minimum-absolute 150 maximum-absolute 1500
+ - interface mlag-port-channel 7 traffic-class 3 congestion-control ecn minimum-absolute 150 maximum-absolute 1500
+ - interface port-channel 1 traffic-class 3 congestion-control ecn minimum-absolute 150 maximum-absolute 1500
+ - interface ethernet 1/15 traffic-class 3 dcb ets strict
+ - interface ethernet 1/16 traffic-class 3 dcb ets strict
+ - interface mlag-port-channel 7 traffic-class 3 dcb ets strict
+ - interface port-channel 1 traffic-class 3 dcb ets strict
+"""
+
+import re
+from ansible.module_utils.six import iteritems
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxTrafficClassModule(BaseOnyxModule):
+
+ IF_ETH_REGEX = re.compile(r"^Eth(\d+\/\d+|Eth\d+\/\d+\d+)$")
+ IF_PO_REGEX = re.compile(r"^Po(\d+)$")
+ MLAG_NAME_REGEX = re.compile(r"^Mpo(\d+)$")
+
+ IF_TYPE_ETH = "ethernet"
+ PORT_CHANNEL = "port-channel"
+ MLAG_PORT_CHANNEL = "mlag-port-channel"
+
+ IF_TYPE_MAP = {
+ IF_TYPE_ETH: IF_ETH_REGEX,
+ PORT_CHANNEL: IF_PO_REGEX,
+ MLAG_PORT_CHANNEL: MLAG_NAME_REGEX
+ }
+
+ def init_module(self):
+ """ initialize module
+ """
+ congestion_control_spec = dict(control=dict(choices=['red', 'ecn', 'both'], required=True),
+ threshold_mode=dict(choices=['absolute', 'relative'], required=True),
+ min_threshold=dict(type=int, required=True),
+ max_threshold=dict(type=int, required=True))
+
+ dcb_spec = dict(mode=dict(choices=['strict', 'wrr'], required=True),
+ weight=dict(type=int))
+
+ element_spec = dict(
+ interfaces=dict(type='list', required=True),
+ tc=dict(type=int, required=True),
+ congestion_control=dict(type='dict', options=congestion_control_spec),
+ dcb=dict(type='dict', options=dcb_spec),
+ state=dict(choices=['enabled', 'disabled'], default='enabled'))
+
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def validate_tc(self, value):
+ if value and not 0 <= int(value) <= 7:
+ self._module.fail_json(msg='tc value must be between 0 and 7')
+
+ def validate_param_values(self, obj, param=None):
+ dcb = obj.get("dcb")
+ if dcb is not None:
+ dcb_mode = dcb.get("mode")
+ weight = dcb.get("weight")
+ if dcb_mode == "wrr" and weight is None:
+ self._module.fail_json(msg='User should send weight attribute when dcb mode is wrr')
+ super(OnyxTrafficClassModule, self).validate_param_values(obj, param)
+
+ def _get_interface_type(self, if_name):
+ if_type = None
+ if_id = None
+ for interface_type, interface_regex in iteritems(self.IF_TYPE_MAP):
+ match = interface_regex.match(if_name)
+ if match:
+ if_type = interface_type
+ if_id = match.group(1)
+ break
+ return if_type, if_id
+
+ def _set_interface_congestion_control_config(self, interface_congestion_control_config,
+ interface, if_type, if_id):
+ tc = self._required_config.get("tc")
+ interface_dcb_ets = self._show_interface_dcb_ets(if_type, if_id)[0].get(interface)
+ if interface_dcb_ets is None:
+ dcb = dict()
+ else:
+ ets_per_tc = interface_dcb_ets[2].get("ETS per TC")
+ tc_config = ets_per_tc[0].get(str(tc))
+ dcb_mode = tc_config[0].get("S.Mode")
+ dcb_weight = int(tc_config[0].get("W"))
+ dcb = dict(mode=dcb_mode.lower(), weight=dcb_weight)
+
+ interface_congestion_control_config = interface_congestion_control_config[tc + 1]
+ mode = interface_congestion_control_config.get("Mode")
+ if mode == "none":
+ self._current_config[interface] = dict(state="disabled", dcb=dcb, if_type=if_type, if_id=if_id)
+ return
+
+ threshold_mode = interface_congestion_control_config.get("Threshold mode")
+ max_threshold = interface_congestion_control_config.get("Maximum threshold")
+ min_threshold = interface_congestion_control_config.get("Minimum threshold")
+
+ if threshold_mode == "absolute":
+ delimiter = ' '
+ else:
+ delimiter = '%'
+ min_value = int(min_threshold.split(delimiter)[0])
+ max_malue = int(max_threshold.split(delimiter)[0])
+ congestion_control = dict(control=mode.lower(), threshold_mode=threshold_mode,
+ min_threshold=min_value, max_threshold=max_malue)
+
+ self._current_config[interface] = dict(state="enabled", congestion_control=congestion_control,
+ dcb=dcb, if_type=if_type, if_id=if_id)
+
+ def _show_interface_congestion_control(self, if_type, interface):
+ cmd = "show interfaces {0} {1} congestion-control".format(if_type, interface)
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def _show_interface_dcb_ets(self, if_type, interface):
+ cmd = "show dcb ets interface {0} {1}".format(if_type, interface)
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ for interface in self._required_config.get("interfaces"):
+ if_type, if_id = self._get_interface_type(interface)
+ if not if_id:
+ self._module.fail_json(
+ msg='unsupported interface: {0}'.format(interface))
+ interface_congestion_control_config = self._show_interface_congestion_control(if_type, if_id)
+ if interface_congestion_control_config is not None:
+ self._set_interface_congestion_control_config(interface_congestion_control_config,
+ interface, if_type, if_id)
+ else:
+ self._module.fail_json(
+ msg='Interface {0} does not exist on switch'.format(interface))
+
+ def generate_commands(self):
+ state = self._required_config.get("state")
+ tc = self._required_config.get("tc")
+ interfaces = self._required_config.get("interfaces")
+ for interface in interfaces:
+ current_interface = self._current_config.get(interface)
+ current_state = current_interface.get("state")
+ if_type = current_interface.get("if_type")
+ if_id = current_interface.get("if_id")
+ if state == "disabled":
+ if current_state == "enabled":
+ self._commands.append('interface {0} {1} no traffic-class {2} congestion-control'.format(if_type, if_id, tc))
+ continue
+
+ congestion_control = self._required_config.get("congestion_control")
+
+ if congestion_control is not None:
+ control = congestion_control.get("control")
+ current_congestion_control = current_interface.get("congestion_control")
+ threshold_mode = congestion_control.get("threshold_mode")
+ min_threshold = congestion_control.get("min_threshold")
+ max_threshold = congestion_control.get("max_threshold")
+ if current_congestion_control is None:
+ self._threshold_mode_generate_cmds_mappers(threshold_mode, if_type, if_id, tc,
+ control, min_threshold, max_threshold)
+ else:
+ current_control = current_congestion_control.get("control")
+ curr_threshold_mode = current_congestion_control.get("threshold_mode")
+ curr_min_threshold = current_congestion_control.get("min_threshold")
+ curr_max_threshold = current_congestion_control.get("max_threshold")
+
+ if control != current_control:
+ self._threshold_mode_generate_cmds_mappers(threshold_mode, if_type, if_id, tc,
+ control, min_threshold, max_threshold)
+ else:
+ if threshold_mode != curr_threshold_mode:
+ self._threshold_mode_generate_cmds_mappers(threshold_mode, if_type, if_id, tc,
+ control, min_threshold, max_threshold)
+ elif min_threshold != curr_min_threshold or max_threshold != curr_max_threshold:
+ self._threshold_mode_generate_cmds_mappers(threshold_mode, if_type, if_id, tc,
+ control, min_threshold, max_threshold)
+
+ dcb = self._required_config.get("dcb")
+ if dcb is not None:
+ dcb_mode = dcb.get("mode")
+ current_dcb = current_interface.get("dcb")
+ current_dcb_mode = current_dcb.get("mode")
+ if dcb_mode == "strict" and dcb_mode != current_dcb_mode:
+ self._commands.append('interface {0} {1} traffic-class {2} '
+ 'dcb ets {3}'.format(if_type, if_id, tc, dcb_mode))
+ elif dcb_mode == "wrr":
+ weight = dcb.get("weight")
+ current_weight = current_dcb.get("weight")
+ if dcb_mode != current_dcb_mode or weight != current_weight:
+ self._commands.append('interface {0} {1} traffic-class {2} '
+ 'dcb ets {3} {4}'.format(if_type, if_id, tc, dcb_mode, weight))
+
+ def _threshold_mode_generate_cmds_mappers(self, threshold_mode, if_type, if_id, tc,
+ control, min_threshold, max_threshold):
+ if threshold_mode == 'absolute':
+ self._generate_congestion_control_absolute_cmds(if_type, if_id, tc, control,
+ min_threshold, max_threshold)
+ else:
+ self._generate_congestion_control_relative_cmds(if_type, if_id, tc, control,
+ min_threshold, max_threshold)
+
+ def _generate_congestion_control_absolute_cmds(self, if_type, if_id, tc, control,
+ min_absolute, max_absolute):
+ self._commands.append('interface {0} {1} traffic-class {2} '
+ 'congestion-control {3} minimum-absolute {4} '
+ 'maximum-absolute {5}'.format(if_type, if_id, tc, control,
+ min_absolute, max_absolute))
+
+ def _generate_congestion_control_relative_cmds(self, if_type, if_id, tc, control,
+ min_relative, max_relative):
+ self._commands.append('interface {0} {1} traffic-class {2} '
+ 'congestion-control {3} minimum-relative {4} '
+ 'maximum-relative {5}'.format(if_type, if_id, tc, control,
+ min_relative, max_relative))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxTrafficClassModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_username.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_username.py
new file mode 100644
index 000000000..f6f6f318d
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_username.py
@@ -0,0 +1,286 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_username
+version_added: '0.2.0'
+author: "Anas Shami (@anass)"
+short_description: Configure username module
+description:
+ - This module provides declarative management of users/roles
+ on Mellanox ONYX network devices.
+notes:
+options:
+ username:
+ description:
+ - Create/Edit user using username
+ type: str
+ required: True
+ full_name:
+ description:
+ - Set the full name of this user
+ type: str
+ nopassword:
+ description:
+ - Clear password for such user
+ type: bool
+ default: False
+ password:
+ description:
+ - Set password fot such user
+ type: str
+ encrypted_password:
+ description:
+ - Decide the type of setted password (plain text or encrypted)
+ type: bool
+ default: False
+ capability:
+ description:
+ - Grant capability to this user account
+ type: str
+ choices: ['monitor', 'unpriv', 'v_admin', 'admin']
+ reset_capability:
+ description:
+ - Reset capability to this user account
+ type: bool
+ default: False
+ disconnected:
+ description:
+ - Disconnect all sessions of this user
+ type: bool
+ default: False
+ disabled:
+ description:
+ - Disable means of logging into this account
+ type: str
+ choices: ['none', 'login', 'password', 'all']
+ state:
+ description:
+ - Set state of the given account
+ default: present
+ type: str
+ choices: ['present', 'absent']
+'''
+
+EXAMPLES = """
+- name: Create new user
+ onyx_username:
+ username: anass
+
+- name: Set the user full-name
+ onyx_username:
+ username: anass
+ full_name: anasshami
+
+- name: Set the user encrypted password
+ onyx_username:
+ username: anass
+ password: 12345
+ encrypted_password: True
+
+- name: Set the user capability
+ onyx_username:
+ username: anass
+ capability: monitor
+
+- name: Reset the user capability
+ onyx_username:
+ username: anass
+ reset_capability: True
+
+- name: Remove the user configuration
+ onyx_username:
+ username: anass
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - username *
+ - username * password *
+ - username * nopassword
+ - username * disable login
+ - username * capability admin
+ - no username *
+ - no username * disable
+
+"""
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule, show_cmd
+
+
+class OnyxUsernameModule(BaseOnyxModule):
+ ACCOUNT_STATE = {
+ 'Account locked out': dict(disabled='all'),
+ 'No password required for login': dict(nopassword=True),
+ 'Local password login disabled': dict(disabled='password'),
+ 'Account disabled': dict(disabled='all')
+ }
+ ENCRYPTED_ID = 7
+
+ def init_module(self):
+ """
+ module initialization
+ """
+ element_spec = dict()
+
+ argument_spec = dict(state=dict(choices=['absent', 'present'], default='present'),
+ username=dict(type='str', required=True),
+ disabled=dict(choices=['none', 'login', 'password', 'all']),
+ capability=dict(choices=['monitor', 'unpriv', 'v_admin', 'admin']),
+ nopassword=dict(type='bool', default=False),
+ password=dict(type='str', no_log=True),
+ encrypted_password=dict(type='bool', default=False),
+ reset_capability=dict(type="bool", default=False),
+ disconnected=dict(type='bool', default=False),
+ full_name=dict(type='str'))
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ mutually_exclusive=[['password', 'nopassword']])
+
+ def get_required_config(self):
+ self._required_config = dict()
+ module_params = self._module.params
+ params = {}
+ ''' Requred/Default fields '''
+ params['username'] = module_params.get('username')
+ params['state'] = module_params.get('state')
+ params['encrypted_password'] = module_params.get('encrypted_password')
+ params['reset_capability'] = module_params.get('reset_capability')
+ ''' Other fields '''
+ for key, value in module_params.items():
+ if value is not None:
+ params[key] = value
+ self.validate_param_values(params)
+ self._required_config = params
+
+ def _get_username_config(self):
+ return show_cmd(self._module, "show usernames", json_fmt=True, fail_on_error=False)
+
+ def _set_current_config(self, users_config):
+ '''
+ users_config ex:
+ {
+ admin": [
+ {
+ "CAPABILITY": "admin",
+ "ACCOUNT STATUS": "No password required for login",
+ "FULL NAME": "System Administrator"
+ }
+ ],
+ }
+ '''
+ if not users_config:
+ return
+ current_config = self._current_config
+ for username, config in users_config.items():
+ config_json = config[0]
+ current_config[username] = current_config.get(username, {})
+ account_status = config_json.get('ACCOUNT STATUS')
+ status_value = self.ACCOUNT_STATE.get(account_status)
+
+ if status_value is not None:
+ # None for enabled account with password account "Password set (SHA512 | MD5)" so we won't change any attribute here.
+ current_config[username].update(status_value)
+ current_config[username].update({
+ 'capability': config_json.get('CAPABILITY'),
+ 'full_name': config_json.get('FULL NAME')
+ })
+
+ def load_current_config(self):
+ self._current_config = dict()
+ users_config = self._get_username_config()
+ self._set_current_config(users_config)
+
+ def generate_commands(self):
+ current_config, required_config = self._current_config, self._required_config
+ username = required_config.get('username')
+ current_user = current_config.get(username)
+ if current_user is not None:
+ '''created account we just need to edit his attributes'''
+ full_name = required_config.get('full_name')
+ if full_name is not None and current_user.get('full_name') != full_name:
+ self._commands.append("username {0} full-name {1}".format(username, full_name))
+
+ disabled = required_config.get('disabled')
+ if disabled is not None and current_user.get('disabled') != disabled:
+ if disabled == 'none':
+ self._commands.append("no username {0} disable".format(username))
+ elif disabled == 'all':
+ self._commands.append("username {0} disable".format(username))
+ else:
+ self._commands.append("username {0} disable {1}".format(username, disabled))
+
+ state = required_config.get('state')
+ if state == 'absent': # this will remove the user
+ self._commands.append("no username {0}".format(username))
+
+ capability = required_config.get('capability')
+ if capability is not None and current_user.get('capability') != capability:
+ self._commands.append("username {0} capability {1}".format(username, capability))
+
+ reset_capability = required_config.get('reset_capability')
+ if reset_capability:
+ self._commands.append("no username {0} capability".format(username))
+
+ password = required_config.get('password')
+ if password is not None:
+ encrypted = required_config.get('encrypted_password')
+ if encrypted:
+ self._commands.append("username {0} password {1} {2}".format(username, self.ENCRYPTED_ID, password))
+ else:
+ self._commands.append("username {0} password {1}".format(username, password))
+
+ nopassword = required_config.get('nopassword')
+ if nopassword and nopassword != current_user.get('nopassword', False):
+ self._commands.append("username {0} nopassword".format(username))
+
+ disconnected = required_config.get('disconnected')
+ if disconnected:
+ self._commands.append("username {0} disconnect".format(username))
+ else:
+ '''create new account if we have valid inforamtion, just check for username, capability, full_name, password'''
+
+ capability = required_config.get('capability')
+ password = required_config.get('password')
+ full_name = required_config.get('full_name')
+ if capability is not None or password is not None or full_name is not None:
+ if capability is not None:
+ self._commands.append("username {0} capability {1}".format(username, capability))
+
+ if password is not None:
+ encrypted = required_config.get('encrypted_password')
+ if encrypted:
+ self._commands.append("username {0} password {1} {2} ".format(username, self.ENCRYPTED_ID, password))
+ else:
+ self._commands.append("username {0} password {1}".format(username, password))
+
+ if full_name is not None:
+ self._commands.append("username {0} full-name {1}".format(username, full_name))
+
+ else:
+ self._commands.append("username {0}".format(username))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxUsernameModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_vlan.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_vlan.py
new file mode 100644
index 000000000..d4e10cca0
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_vlan.py
@@ -0,0 +1,200 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_vlan
+author: "Samer Deeb (@samerd) Alex Tabachnik (@atabachnik)"
+short_description: Manage VLANs on Mellanox ONYX network devices
+description:
+ - This module provides declarative management of VLANs
+ on Mellanox ONYX network devices.
+options:
+ name:
+ description:
+ - Name of the VLAN.
+ vlan_id:
+ description:
+ - ID of the VLAN.
+ aggregate:
+ description: List of VLANs definitions.
+ purge:
+ description:
+ - Purge VLANs not defined in the I(aggregate) parameter.
+ default: no
+ type: bool
+ state:
+ description:
+ - State of the VLAN configuration.
+ default: present
+ choices: ['present', 'absent']
+'''
+
+EXAMPLES = """
+- name: Configure VLAN ID and name
+ onyx_vlan:
+ vlan_id: 20
+ name: test-vlan
+
+- name: Remove configuration
+ onyx_vlan:
+ state: absent
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device
+ returned: always.
+ type: list
+ sample:
+ - vlan 20
+ - name test-vlan
+ - exit
+"""
+
+from copy import deepcopy
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import iteritems
+from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import remove_default_spec
+
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+
+
+class OnyxVlanModule(BaseOnyxModule):
+ _purge = False
+
+ @classmethod
+ def _get_element_spec(cls):
+ return dict(
+ vlan_id=dict(type='int'),
+ name=dict(type='str'),
+ state=dict(default='present', choices=['present', 'absent']),
+ )
+
+ @classmethod
+ def _get_aggregate_spec(cls, element_spec):
+ aggregate_spec = deepcopy(element_spec)
+ aggregate_spec['vlan_id'] = dict(required=True)
+
+ # remove default in aggregate spec, to handle common arguments
+ remove_default_spec(aggregate_spec)
+ return aggregate_spec
+
+ def init_module(self):
+ """ module initialization
+ """
+ element_spec = self._get_element_spec()
+ aggregate_spec = self._get_aggregate_spec(element_spec)
+ argument_spec = dict(
+ aggregate=dict(type='list', elements='dict',
+ options=aggregate_spec),
+ purge=dict(default=False, type='bool'),
+ )
+ argument_spec.update(element_spec)
+ required_one_of = [['vlan_id', 'aggregate']]
+ mutually_exclusive = [['vlan_id', 'aggregate']]
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ required_one_of=required_one_of,
+ mutually_exclusive=mutually_exclusive,
+ supports_check_mode=True)
+
+ def validate_vlan_id(self, value):
+ if value and not 1 <= int(value) <= 4094:
+ self._module.fail_json(msg='vlan id must be between 1 and 4094')
+
+ def get_required_config(self):
+ self._required_config = list()
+ module_params = self._module.params
+ aggregate = module_params.get('aggregate')
+ self._purge = module_params.get('purge', False)
+ if aggregate:
+ for item in aggregate:
+ for key in item:
+ if item.get(key) is None:
+ item[key] = module_params[key]
+ self.validate_param_values(item, item)
+ req_item = item.copy()
+ req_item['vlan_id'] = int(req_item['vlan_id'])
+ self._required_config.append(req_item)
+ else:
+ params = {
+ 'vlan_id': module_params['vlan_id'],
+ 'name': module_params['name'],
+ 'state': module_params['state'],
+ }
+ self.validate_param_values(params)
+ self._required_config.append(params)
+
+ def _create_vlan_data(self, vlan_id, vlan_data):
+ if self._os_version >= self.ONYX_API_VERSION:
+ vlan_data = vlan_data[0]
+ return {
+ 'vlan_id': vlan_id,
+ 'name': self.get_config_attr(vlan_data, 'Name')
+ }
+
+ def _get_vlan_config(self):
+ return show_cmd(self._module, "show vlan")
+
+ def load_current_config(self):
+ # called in base class in run function
+ self._os_version = self._get_os_version()
+ self._current_config = dict()
+ vlan_config = self._get_vlan_config()
+ if not vlan_config:
+ return
+ for vlan_id, vlan_data in iteritems(vlan_config):
+ try:
+ vlan_id = int(vlan_id)
+ except ValueError:
+ continue
+ self._current_config[vlan_id] = \
+ self._create_vlan_data(vlan_id, vlan_data)
+
+ def generate_commands(self):
+ req_vlans = set()
+ for req_conf in self._required_config:
+ state = req_conf['state']
+ vlan_id = req_conf['vlan_id']
+ if state == 'absent':
+ if vlan_id in self._current_config:
+ self._commands.append('no vlan %s' % vlan_id)
+ else:
+ req_vlans.add(vlan_id)
+ self._generate_vlan_commands(vlan_id, req_conf)
+ if self._purge:
+ for vlan_id in self._current_config:
+ if vlan_id not in req_vlans:
+ self._commands.append('no vlan %s' % vlan_id)
+
+ def _generate_vlan_commands(self, vlan_id, req_conf):
+ curr_vlan = self._current_config.get(vlan_id, {})
+ if not curr_vlan:
+ self._commands.append("vlan %s" % vlan_id)
+ self._commands.append("exit")
+ req_name = req_conf['name']
+ curr_name = curr_vlan.get('name')
+ if req_name:
+ if req_name != curr_name:
+ self._commands.append("vlan %s name %s" % (vlan_id, req_name))
+ elif req_name is not None:
+ if curr_name:
+ self._commands.append("vlan %s no name" % vlan_id)
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxVlanModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_vxlan.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_vxlan.py
new file mode 100644
index 000000000..747e62eef
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_vxlan.py
@@ -0,0 +1,260 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_vxlan
+author: "Anas Badaha (@anasb)"
+short_description: Configures Vxlan
+description:
+ - This module provides declarative management of Vxlan configuration
+ on Mellanox ONYX network devices.
+notes:
+ - Tested on ONYX evpn_dev.031.
+ - nve protocol must be enabled.
+options:
+ nve_id:
+ description:
+ - nve interface ID.
+ required: true
+ loopback_id:
+ description:
+ - loopback interface ID.
+ bgp:
+ description:
+ - configure bgp on nve interface.
+ type: bool
+ default: true
+ mlag_tunnel_ip:
+ description:
+ - vxlan Mlag tunnel IP
+ vni_vlan_list:
+ description:
+ - Each item in the list has two attributes vlan_id, vni_id.
+ arp_suppression:
+ description:
+ - A flag telling if to configure arp suppression.
+ type: bool
+ default: false
+'''
+
+EXAMPLES = """
+- name: Configure Vxlan
+ onyx_vxlan:
+ nve_id: 1
+ loopback_id: 1
+ bgp: yes
+ mlag-tunnel-ip: 100.0.0.1
+ vni_vlan_list:
+ - vlan_id: 10
+ vni_id: 10010
+ - vlan_id: 6
+ vni_id: 10060
+ arp_suppression: yes
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - interface nve 1
+ - interface nve 1 vxlan source interface loopback 1
+ - interface nve 1 nve controller bgp
+ - interface nve 1 vxlan mlag-tunnel-ip 100.0.0.1
+ - interface nve 1 nve vni 10010 vlan 10
+ - interface nve 1 nve vni 10060 vlan 6
+ - interface nve 1 nve neigh-suppression
+ - interface vlan 6
+ - interface vlan 10
+"""
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import show_cmd
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule
+
+
+class OnyxVxlanModule(BaseOnyxModule):
+
+ LOOPBACK_REGEX = re.compile(r'^loopback (\d+).*')
+ NVE_ID_REGEX = re.compile(r'^Interface NVE (\d+).*')
+
+ def init_module(self):
+ """ initialize module
+ """
+ vni_vlan_spec = dict(vlan_id=dict(type=int),
+ vni_id=dict(type=int))
+ element_spec = dict(
+ nve_id=dict(type=int),
+ loopback_id=dict(type=int),
+ bgp=dict(default=True, type='bool'),
+ mlag_tunnel_ip=dict(type='str'),
+ vni_vlan_list=dict(type='list',
+ elements='dict',
+ options=vni_vlan_spec),
+ arp_suppression=dict(default=False, type='bool')
+ )
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True)
+
+ def get_required_config(self):
+ module_params = self._module.params
+ self._required_config = dict(module_params)
+ self.validate_param_values(self._required_config)
+
+ def _set_vxlan_config(self, vxlan_config):
+ vxlan_config = vxlan_config[0]
+ if not vxlan_config:
+ return
+ nve_header = vxlan_config.get("header")
+ match = self.NVE_ID_REGEX.match(nve_header)
+ if match:
+ current_nve_id = int(match.group(1))
+ self._current_config['nve_id'] = current_nve_id
+ if int(current_nve_id) != self._required_config.get("nve_id"):
+ return
+
+ self._current_config['mlag_tunnel_ip'] = vxlan_config.get("Mlag tunnel IP")
+ controller_mode = vxlan_config.get("Controller mode")
+ if controller_mode == "BGP":
+ self._current_config['bgp'] = True
+ else:
+ self._current_config['bgp'] = False
+
+ loopback_str = vxlan_config.get("Source interface")
+ match = self.LOOPBACK_REGEX.match(loopback_str)
+ if match:
+ loopback_id = match.group(1)
+ self._current_config['loopback_id'] = int(loopback_id)
+
+ self._current_config['global_neigh_suppression'] = vxlan_config.get("Global Neigh-Suppression")
+
+ vni_vlan_mapping = self._current_config['vni_vlan_mapping'] = dict()
+ nve_detail = self._show_nve_detail()
+
+ if nve_detail is not None:
+ nve_detail = nve_detail[0]
+
+ if nve_detail:
+ for vlan_id in nve_detail:
+ vni_vlan_mapping[int(vlan_id)] = dict(
+ vni_id=int(nve_detail[vlan_id][0].get("VNI")),
+ arp_suppression=nve_detail[vlan_id][0].get("Neigh Suppression"))
+
+ def _show_vxlan_config(self):
+ cmd = "show interfaces nve"
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def _show_nve_detail(self):
+ cmd = "show interface nve {0} detail".format(self._required_config.get("nve_id"))
+ return show_cmd(self._module, cmd, json_fmt=True, fail_on_error=False)
+
+ def load_current_config(self):
+ self._current_config = dict()
+ vxlan_config = self._show_vxlan_config()
+ if vxlan_config:
+ self._set_vxlan_config(vxlan_config)
+
+ def generate_commands(self):
+ nve_id = self._required_config.get("nve_id")
+ current_nve_id = self._current_config.get("nve_id")
+
+ if current_nve_id is None:
+ self._add_nve_commands(nve_id)
+ elif current_nve_id != nve_id:
+ self._add_no_nve_commands(current_nve_id)
+ self._add_nve_commands(nve_id)
+
+ bgp = self._required_config.get("bgp")
+ if bgp is not None:
+ curr_bgp = self._current_config.get("bgp")
+ if bgp and bgp != curr_bgp:
+ self._commands.append('interface nve {0} nve controller bgp'.format(nve_id))
+
+ loopback_id = self._required_config.get("loopback_id")
+ if loopback_id is not None:
+ curr_loopback_id = self._current_config.get("loopback_id")
+ if loopback_id != curr_loopback_id:
+ self._commands.append('interface nve {0} vxlan source interface '
+ 'loopback {1} '.format(nve_id, loopback_id))
+
+ mlag_tunnel_ip = self._required_config.get("mlag_tunnel_ip")
+ if mlag_tunnel_ip is not None:
+ curr_mlag_tunnel_ip = self._current_config.get("mlag_tunnel_ip")
+ if mlag_tunnel_ip != curr_mlag_tunnel_ip:
+ self._commands.append('interface nve {0} vxlan '
+ 'mlag-tunnel-ip {1}'.format(nve_id, mlag_tunnel_ip))
+
+ vni_vlan_list = self._required_config.get("vni_vlan_list")
+ arp_suppression = self._required_config.get("arp_suppression")
+ if vni_vlan_list is not None:
+ self._generate_vni_vlan_cmds(vni_vlan_list, nve_id, arp_suppression)
+
+ def _generate_vni_vlan_cmds(self, vni_vlan_list, nve_id, arp_suppression):
+
+ current_global_arp_suppression = self._current_config.get('global_neigh_suppression')
+ if arp_suppression is True and current_global_arp_suppression != "Enable":
+ self._commands.append('interface nve {0} nve neigh-suppression'.format(nve_id))
+
+ current_vni_vlan_mapping = self._current_config.get('vni_vlan_mapping')
+ if current_vni_vlan_mapping is None:
+ for vni_vlan in vni_vlan_list:
+ vlan_id = vni_vlan.get("vlan_id")
+ vni_id = vni_vlan.get("vni_id")
+ self._add_vni_vlan_cmds(nve_id, vni_id, vlan_id)
+ self._add_arp_suppression_cmds(arp_suppression, vlan_id)
+ else:
+ for vni_vlan in vni_vlan_list:
+ vlan_id = vni_vlan.get("vlan_id")
+ vni_id = vni_vlan.get("vni_id")
+
+ currt_vlan_id = current_vni_vlan_mapping.get(vlan_id)
+
+ if currt_vlan_id is None:
+ self._add_vni_vlan_cmds(nve_id, vni_id, vlan_id)
+ self._add_arp_suppression_cmds(arp_suppression, vlan_id)
+ else:
+ current_vni_id = currt_vlan_id.get("vni_id")
+ current_arp_suppression = currt_vlan_id.get("arp_suppression")
+
+ if int(current_vni_id) != vni_id:
+ self._add_vni_vlan_cmds(nve_id, vni_id, vlan_id)
+
+ if current_arp_suppression == "Disable":
+ self._add_arp_suppression_cmds(arp_suppression, vlan_id)
+
+ def _add_no_nve_commands(self, current_nve_id):
+ self._commands.append('no interface nve {0}'.format(current_nve_id))
+
+ def _add_nve_commands(self, nve_id):
+ self._commands.append('interface nve {0}'.format(nve_id))
+ self._commands.append('exit')
+
+ def _add_vni_vlan_cmds(self, nve_id, vni_id, vlan_id):
+ self._commands.append('interface nve {0} nve vni {1} '
+ 'vlan {2}'.format(nve_id, vni_id, vlan_id))
+
+ def _add_arp_suppression_cmds(self, arp_suppression, vlan_id):
+ if arp_suppression is True:
+ self._commands.append('interface vlan {0}'.format(vlan_id))
+ self._commands.append('exit')
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxVxlanModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/modules/onyx_wjh.py b/ansible_collections/mellanox/onyx/plugins/modules/onyx_wjh.py
new file mode 100644
index 000000000..bf97884cc
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/modules/onyx_wjh.py
@@ -0,0 +1,219 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: onyx_wjh
+author: "Anas Shami (@anass)"
+short_description: Configure what-just-happend module
+description:
+ - This module provides declarative management of wjh
+ on Mellanox ONYX network devices.
+notes:
+options:
+ group:
+ description:
+ - Name of wjh group.
+ choices: ['all', 'forwarding', 'acl']
+ type: str
+ enabled:
+ description:
+ - wjh group status
+ type: bool
+ auto_export:
+ description:
+ - wjh group auto export pcap file status
+ type: bool
+ export_group:
+ description:
+ - wjh group auto export group
+ choices: ['all', 'forwarding', 'acl']
+ type: str
+ clear_group:
+ description:
+ - clear pcap file by group
+ choices: ['all', 'user', 'auto-export']
+ type: str
+'''
+
+EXAMPLES = """
+- name: Enable wjh
+ onyx_wjh:
+ group: forwarding
+ enabled: True
+
+- name: Disable wjh
+ onyx_wjh:
+ group: forwarding
+ enabled: False
+
+- name: Enable auto-export
+ onyx_wjh:
+ auto_export: True
+ export_group: forwarding
+- name: Disable auto-export
+ onyx_wjh:
+ auto_export: False
+ export_group: forwarding
+- name: Clear pcap file
+ onyx_wjh:
+ clear_group: auto-export
+"""
+
+RETURN = """
+commands:
+ description: The list of configuration mode commands to send to the device.
+ returned: always
+ type: list
+ sample:
+ - what-just-happend forwarding enable
+ - what-just-happend auto-export forwarding enable
+ - clear what-just-happend pcap-file user
+"""
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.mellanox.onyx.plugins.module_utils.network.onyx.onyx import BaseOnyxModule, show_cmd
+
+
+class OnyxWJHModule(BaseOnyxModule):
+ WJH_DISABLED_REGX = re.compile(r'^no what-just-happened ([a-z]+) enable.*')
+ WJH_DISABLED_AUTO_EXPORT_REGX = re.compile(r'^no what-just-happened auto-export ([a-z]+) enable.*')
+
+ WJH_CMD_FMT = '{0}what-just-happened {1} enable'
+ WJH_EXPORT_CMD_FMT = '{0}what-just-happened auto-export {1} enable'
+ WJH_CLEAR_CMD_FMT = 'clear what-just-happened pcap-files {0}'
+
+ WJH_GROUPS = ['all', 'forwarding', 'acl']
+ CLEAR_GROUPS = ['all', 'user', 'auto-export']
+
+ def init_module(self):
+ """
+ module initialization
+ """
+ element_spec = dict(group=dict(choices=self.WJH_GROUPS),
+ enabled=dict(type='bool'),
+ auto_export=dict(type='bool'),
+ export_group=dict(choices=self.WJH_GROUPS),
+ clear_group=dict(choices=self.CLEAR_GROUPS))
+
+ argument_spec = dict()
+ argument_spec.update(element_spec)
+ self._module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ required_together=[
+ ['group', 'enabled'],
+ ['auto_export', 'export_group']
+ ])
+
+ def get_required_config(self):
+ self._required_config = dict()
+ module_params = self._module.params
+ group = module_params.get('group')
+ export_group = module_params.get('export_group')
+ clear_group = module_params.get('clear_group')
+
+ params = dict()
+ if group:
+ enabled = module_params.get('enabled')
+ params.update({
+ 'group': group,
+ 'enabled': enabled
+ })
+
+ if export_group:
+ auto_export = module_params.get('auto_export')
+ params.update({
+ 'export_group': export_group,
+ 'auto_export': auto_export
+ })
+
+ if clear_group:
+ params.update({
+ 'clear_group': clear_group
+ })
+
+ self.validate_param_values(params)
+ self._required_config = params
+
+ def _get_wjh_config(self):
+ return show_cmd(self._module, "show running-config | include .*what-just-happened.*", json_fmt=False, fail_on_error=False)
+
+ def _set_current_config(self, config):
+ if not config:
+ return
+ current_config = self._current_config
+ lines = config.split('\n')
+ for line in lines:
+ if line.startswith('#'):
+ continue
+ match = self.WJH_DISABLED_REGX.match(line)
+ if match:
+ # wjh is disabled
+ group = match.group(1)
+ current_config[group] = False
+
+ match = self.WJH_DISABLED_AUTO_EXPORT_REGX.match(line)
+ if match:
+ # wjh auto export is disabled
+ export_group = match.group(1) + '_export'
+ current_config[export_group] = False
+
+ '''
+ show running config will contains [no wjh * group enable] if disabled - default config is enabled
+ '''
+ def load_current_config(self):
+ self._current_config = dict()
+ config_lines = self._get_wjh_config()
+ if config_lines:
+ self._set_current_config(config_lines)
+
+ def wjh_group_status(self, current_config, group_value, suffix=''):
+ current_enabled = False
+ if group_value == 'all':
+ # no disabled group so all would be false
+ current_enabled = not all([
+ (group + suffix) in current_config for group in self.WJH_GROUPS])
+ else:
+ # if no current-value its enabled
+ current_enabled = current_config[group_value + suffix] if((group_value + suffix) in current_config) else True
+ return current_enabled
+
+ '''
+ wjh is enabled "by default"
+ when wjh disable we will find no wjh commands in running config
+ '''
+ def generate_commands(self):
+ current_config, required_config = self._current_config, self._required_config
+ group = required_config.get('group')
+ export_group = required_config.get('export_group')
+ clear_group = required_config.get('clear_group')
+ if group:
+ current_enabled = self.wjh_group_status(current_config, group)
+ if(required_config['enabled'] != current_enabled):
+ self._commands.append(self.WJH_CMD_FMT
+ .format(('' if required_config['enabled'] else 'no '), group))
+ if export_group:
+ current_enabled = self.wjh_group_status(current_config, required_config['export_group'], '_export')
+ if(required_config['auto_export'] != current_enabled):
+ self._commands.append(self.WJH_EXPORT_CMD_FMT
+ .format(('' if required_config['auto_export'] else 'no '), export_group))
+ if clear_group:
+ # clear pcap files
+ self._commands.append(self.WJH_CLEAR_CMD_FMT.format(clear_group))
+
+
+def main():
+ """ main entry point for module execution
+ """
+ OnyxWJHModule.main()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/mellanox/onyx/plugins/terminal/__init__.py b/ansible_collections/mellanox/onyx/plugins/terminal/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/terminal/__init__.py
diff --git a/ansible_collections/mellanox/onyx/plugins/terminal/onyx.py b/ansible_collections/mellanox/onyx/plugins/terminal/onyx.py
new file mode 100644
index 000000000..52d630b9f
--- /dev/null
+++ b/ansible_collections/mellanox/onyx/plugins/terminal/onyx.py
@@ -0,0 +1,80 @@
+#
+# (c) 2016 Red Hat Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import json
+import re
+
+from ansible.errors import AnsibleConnectionFailure
+from ansible.module_utils._text import to_text, to_bytes
+from ansible.plugins.terminal import TerminalBase
+
+
+class TerminalModule(TerminalBase):
+
+ terminal_stdout_re = [
+ re.compile(br"(?P<prompt>(.*)( > | # )\Z)"),
+ ]
+
+ terminal_stderr_re = [
+ re.compile(br"\A%|\r\n%|\n%"),
+ ]
+
+ init_commands = [b'no cli session paging enable', ]
+
+ def on_open_shell(self):
+ try:
+ for cmd in self.init_commands:
+ self._exec_cli_command(cmd)
+ except AnsibleConnectionFailure:
+ raise AnsibleConnectionFailure('unable to set terminal parameters')
+
+ def on_become(self, passwd=None):
+ if self._get_prompt().endswith(b'#'):
+ return
+
+ cmd = {u'command': u'enable'}
+ if passwd:
+ # Note: python-3.5 cannot combine u"" and r"" together. Thus make
+ # an r string and use to_text to ensure it's text on both py2 and
+ # py3.
+ cmd[u'prompt'] = to_text(r"[\r\n]?password: $",
+ errors='surrogate_or_strict')
+ cmd[u'answer'] = passwd
+
+ try:
+ self._exec_cli_command(to_bytes(json.dumps(cmd),
+ errors='surrogate_or_strict'))
+ except AnsibleConnectionFailure:
+ raise AnsibleConnectionFailure(
+ 'unable to elevate privilege to enable mode')
+
+ def on_unbecome(self):
+ prompt = self._get_prompt()
+ if prompt is None:
+ # if prompt is None most likely the terminal is hung up at a prompt
+ return
+
+ if b'(config' in prompt:
+ self._exec_cli_command(b'exit')
+ self._exec_cli_command(b'disable')
+
+ elif prompt.endswith(b'#'):
+ self._exec_cli_command(b'disable')