diff options
Diffstat (limited to 'ansible_collections/cisco/ios/plugins/modules')
32 files changed, 6018 insertions, 1914 deletions
diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_acl_interfaces.py b/ansible_collections/cisco/ios/plugins/modules/ios_acl_interfaces.py index dfdc08528..a67de7274 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_acl_interfaces.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_acl_interfaces.py @@ -325,7 +325,7 @@ EXAMPLES = """ # ip access-group 123 out # Using DELETED without any config passed -#"(NOTE: This will delete all of configured resource module attributes from each configured interface)" +# "(NOTE: This will delete all of configured resource module attributes from each configured interface)" # Before state: # ------------- diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_acls.py b/ansible_collections/cisco/ios/plugins/modules/ios_acls.py index 00c5b563c..f81e0e7ab 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_acls.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_acls.py @@ -463,7 +463,14 @@ options: type: bool type: dict remarks: - description: The remarks/description of the ACL. + description: + - The remarks/description of the ACL. + - The remarks attribute used within an ace with or without a + sequence number will produce remarks that are pushed + before the ace entry. + - Remarks entry used as the only key in as the list option + will produce non ace specific remarks, these remarks would be + pushed at the end of all the aces for an acl. elements: str type: list sequence: @@ -633,8 +640,9 @@ options: and transforms it into JSON format as per the resource module parameters and the value is returned in the I(parsed) key within the result. The value of C(running_config) option should be the same format as the output - of commands I(show access-list) and - I(show running-config | include ip(v6)* access-list|remark) executed on + of commands I(sh running-config | section access-list) for all acls related information + and I(sh access-lists | include access list) to obtain configuration specific of + an empty acls, the following commands are executed on device. Config data from both the commands should be kept together one after another for the parsers to pick the commands correctly. For state I(parsed) active connection to remote host is not required. @@ -653,35 +661,8 @@ EXAMPLES = """ # Before state: # ------------- # -# vios#sh access-lists -# Extended IP access list 100 -# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 - -- name: Merge provided configuration with device configuration - cisco.ios.ios_acls: - config: - - afi: ipv4 - acls: - - name: 100 - aces: - - sequence: 10 - protocol_options: - icmp: - traceroute: true - state: merged - -# After state: -# ------------ -# -# Play Execution fails, with error: -# Cannot update existing sequence 10 of ACLs 100 with state merged. -# Please use state replaced or overridden. - -# Before state: -# ------------- -# -# vios#sh access-lists -# Extended IP access list 110 +# vios#sh running-config | section access-list +# ip access-list extended 110 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 - name: Merge provided configuration with device configuration @@ -705,6 +686,12 @@ EXAMPLES = """ protocol_options: icmp: traceroute: true + source: + address: 192.168.3.0 + wildcard_bits: 255.255.255.0 + destination: + any: true + grant: permit - grant: deny protocol_options: tcp: @@ -715,7 +702,7 @@ EXAMPLES = """ host: 198.51.110.0 port_protocol: eq: telnet - - name: test + - name: extended_acl_1 acl_type: extended aces: - grant: deny @@ -787,64 +774,259 @@ EXAMPLES = """ dscp: af11 state: merged -# Commands fired: -# --------------- +# Task Output +# ----------- # -# - ip access-list standard std_acl -# - deny 192.168.1.200 -# - deny 192.168.2.0 0.0.0.255 -# - ip access-list extended 110 -# - 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 -# - deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# - ip access-list extended test -# - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# - ip access-list extended 123 -# - deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 -# - deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# - remark remarks for extended ACL 1 -# - remark check ACL -# - ipv6 access-list R1_TRAFFIC -# - deny tcp any eq www any eq telnet ack dscp af11 +# before: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# echo: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: '100' +# afi: ipv4 +# commands: +# - ip access-list extended 110 +# - deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# - 30 permit icmp 192.168.3.0 255.255.255.0 any traceroute +# - ip access-list extended extended_acl_1 +# - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 +# - ip access-list standard std_acl +# - deny 192.168.1.20 +# - deny 192.168.2.0 0.0.0.255 +# - ip access-list extended 123 +# - deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 +# - deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 +# - remark remarks for extended ACL 1 +# - remark check ACL +# - ipv6 access-list R1_TRAFFIC +# - deny tcp any eq www any eq telnet ack dscp af11 +# after: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# echo: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# - destination: +# host: 198.51.110.0 +# port_protocol: +# eq: telnet +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# host: 198.51.100.0 +# - destination: +# any: true +# grant: permit +# protocol: icmp +# protocol_options: +# icmp: +# traceroute: true +# sequence: 30 +# source: +# address: 0.0.0.0 +# wildcard_bits: 255.255.255.0 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# - remarks: +# - remarks for extended ACL 1 +# - check ACL +# acl_type: extended +# name: '123' +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: extended_acl_1 +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.20 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# afi: ipv4 +# - acls: +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# name: R1_TRAFFIC +# afi: ipv6 # After state: # ------------ # -# vios#sh access-lists -# Standard IP access list std_acl +# vios#sh running-config | section access-list +# ip access-list standard std_acl # 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 100 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 100 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 -# Extended IP access list 110 +# ip access-list extended 110 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# Extended IP access list 123 +# ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list test +# ip access-list extended test # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# ipv6 access-list R1_TRAFFIC +# sequence 10 deny tcp any eq www any eq telnet ack dscp af11 + +# vios#show running-config | include ip(v6)* access-list|remark +# ip access-list standard std_acl +# ip access-list extended extended_acl_1 +# ip access-list extended 110 +# ip access-list extended 123 +# remark remarks for extended ACL 1 +# remark check ACL +# ipv6 access-list R1_TRAFFIC + +# Using merged (update existing ACE - will fail) + +# Before state: +# ------------- +# +# vios#sh running-config | section access-list +# ip access-list extended 100 +# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 + +- name: Merge provided configuration with device configuration + cisco.ios.ios_acls: + config: + - afi: ipv4 + acls: + - name: 100 + aces: + - sequence: 10 + protocol_options: + icmp: + traceroute: true + state: merged + +# After state: +# ------------ +# +# Play Execution fails, with error: +# Cannot update existing sequence 10 of ACLs 100 with state merged. +# Please use state replaced or overridden. # Using replaced # Before state: # ------------- # -# vios#sh access-lists -# Standard IP access list std_acl -# 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 110 -# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 -# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# Extended IP access list 123 -# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 -# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list test -# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# vios#sh running-config | section access-list +# ip access-list standard std_acl +# 10 deny 192.168.1.200 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 110 +# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 +# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# ip access-list extended 123 +# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 +# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 +# ip access-list extended R1_TRAFFIC +# 10 deny tcp any eq www any eq telnet ack dscp af11 +# ip access-list extended test +# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: Replaces device configuration of listed acls with provided configuration cisco.ios.ios_acls: @@ -890,33 +1072,619 @@ EXAMPLES = """ eq: 10 state: replaced -# Commands fired: -# --------------- +# Task Output +# ----------- # -# - no ip access-list extended 110 -# - ip access-list extended 110 -# - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 -# - ip access-list extended 150 -# - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 +# before: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# traceroute: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# - destination: +# host: 198.51.110.0 +# port_protocol: +# eq: telnet +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# host: 198.51.100.0 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# acl_type: extended +# name: R1_TRAFFIC +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: test +# afi: ipv4 +# commands: +# - ip access-list extended 110 +# - no 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 +# - no 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 +# - ip access-list extended 150 +# - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 +# after: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# syn: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - destination: +# address: 198.51.110.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# syn: true +# sequence: 20 +# source: +# address: 198.51.100.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: '150' +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# acl_type: extended +# name: R1_TRAFFIC +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: test +# afi: ipv4 # After state: # ------------- # # vios#sh access-lists -# Standard IP access list std_acl +# ip access-list standard std_acl # 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 110 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 110 # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 -# Extended IP access list 123 +# ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list 150 +# ip access-list extended 150 # 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 -# Extended IP access list test +# ip access-list extended test # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# ipv6 access-list R1_TRAFFIC +# sequence 10 deny tcp any eq www any eq telnet ack dscp af11 + +# Using replaced - example remarks specific + +# Before state: +# ------------- +# +# vios#show running-config | section access-list +# ip access-list extended TEST +# 10 remark FIRST REMARK BEFORE LINE 10 +# 10 remark ============ +# 10 remark ALLOW HOST FROM TEST 10 +# 10 permit ip host 1.1.1.1 any +# 20 remark FIRST REMARK BEFORE LINE 20 +# 20 remark ============ +# 20 remark ALLOW HOST remarks AFTER LINE 20 +# 20 permit ip host 2.2.2.2 any +# 30 remark FIRST REMARK BEFORE LINE 30 +# 30 remark ============ +# 30 remark ALLOW HOST remarks AFTER LINE 30 +# 30 permit ip host 3.3.3.3 any + +- name: Replace remarks of ace with sequence 10 + # check_mode: true + cisco.ios.ios_acls: + state: replaced + config: + - acls: + - aces: + - destination: + any: true + grant: permit + protocol: ip + remarks: + - The new first remarks before 10 + - ============new + - The new second remarks before 10 + sequence: 10 + source: + host: 1.1.1.1 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 20 + - ============ + - ALLOW HOST remarks AFTER LINE 20 + sequence: 20 + source: + host: 2.2.2.2 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 30 + - ============ + - ALLOW HOST remarks AFTER LINE 30 + sequence: 30 + source: + host: 3.3.3.3 + acl_type: extended + name: TEST + afi: ipv4 + +# Task Output +# ----------- +# +# before: +# - acls: +# - aces: +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 10 +# - ===========1= +# - ALLOW HOST FROM TEST 10 +# sequence: 10 +# source: +# host: 1.1.1.1 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 20 +# - ============ +# - ALLOW HOST remarks AFTER LINE 20 +# sequence: 20 +# source: +# host: 2.2.2.2 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 30 +# - ============ +# - ALLOW HOST remarks AFTER LINE 30 +# sequence: 30 +# source: +# host: 3.3.3.3 +# acl_type: extended +# name: TEST +# afi: ipv4 +# commands: +# - ip access-list extended TEST +# - no 10 remark +# - 10 remark The new first remarks before 10 +# - 10 remark ============new +# - 10 remark The new second remarks before 10 +# after: +# - acls: +# - aces: +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - The new first remarks before 10 +# - ============new +# - The new second remarks before 10 +# sequence: 10 +# source: +# host: 1.1.1.1 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 20 +# - ============ +# - ALLOW HOST remarks AFTER LINE 20 +# sequence: 20 +# source: +# host: 2.2.2.2 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 30 +# - ============ +# - ALLOW HOST remarks AFTER LINE 30 +# sequence: 30 +# source: +# host: 3.3.3.3 +# acl_type: extended +# name: TEST +# afi: ipv4 + +# After state: +# ------------- +# +# foo#show running-config | section access-list +# ip access-list extended TEST +# 10 remark The new first remarks before 10 +# 10 remark ============new +# 10 remark The new second remarks before 10 +# 10 permit ip host 1.1.1.1 any +# 20 remark FIRST REMARK BEFORE LINE 20 +# 20 remark ============ +# 20 remark ALLOW HOST remarks AFTER LINE 20 +# 20 permit ip host 2.2.2.2 any +# 30 remark FIRST REMARK BEFORE LINE 30 +# 30 remark ============ +# 30 remark ALLOW HOST remarks AFTER LINE 30 +# 30 permit ip host 3.3.3.3 any + +# Using replaced - example remarks specific on targeted sequence + +# Before state: +# ------------- +# +# vios#show running-config | section access-list +# ip access-list extended TEST +# 10 permit ip host 1.1.1.1 any +# 20 remark FIRST REMARK BEFORE LINE 20 +# 20 remark ============ +# 20 remark ALLOW HOST remarks AFTER LINE 20 +# 20 permit ip host 2.2.2.2 any +# 30 remark FIRST REMARK BEFORE LINE 30 +# 30 remark ============ +# 30 remark ALLOW HOST remarks AFTER LINE 30 +# 30 permit ip host 3.3.3.3 any + +- name: Replace remarks of ace with sequence 10 + # check_mode: true + cisco.ios.ios_acls: + state: replaced + config: + - acls: + - aces: + - destination: + any: true + grant: permit + protocol: ip + remarks: + - The new first remarks before 10 + - ============new + - The new second remarks before 10 + sequence: 10 + source: + host: 1.1.1.1 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 20 + - ============ + - ALLOW HOST remarks AFTER LINE 20 + sequence: 20 + source: + host: 2.2.2.2 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 30 + - ============ + - ALLOW HOST remarks AFTER LINE 30 + sequence: 30 + source: + host: 3.3.3.3 + acl_type: extended + name: TEST + afi: ipv4 + +# Task Output +# ----------- +# +# before: +# - acls: +# - aces: +# - destination: +# any: true +# grant: permit +# protocol: ip +# sequence: 10 +# source: +# host: 1.1.1.1 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 20 +# - ============ +# - ALLOW HOST remarks AFTER LINE 20 +# sequence: 20 +# source: +# host: 2.2.2.2 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 30 +# - ============ +# - ALLOW HOST remarks AFTER LINE 30 +# sequence: 30 +# source: +# host: 3.3.3.3 +# acl_type: extended +# name: TEST +# afi: ipv4 +# commands: +# - ip access-list extended TEST +# - 10 remark The new first remarks before 10 +# - 10 remark ============new +# - 10 remark The new second remarks before 10 +# after: +# - acls: +# - aces: +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - The new first remarks before 10 +# - ============new +# - The new second remarks before 10 +# sequence: 10 +# source: +# host: 1.1.1.1 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 20 +# - ============ +# - ALLOW HOST remarks AFTER LINE 20 +# sequence: 20 +# source: +# host: 2.2.2.2 +# - destination: +# any: true +# grant: permit +# protocol: ip +# remarks: +# - FIRST REMARK BEFORE LINE 30 +# - ============ +# - ALLOW HOST remarks AFTER LINE 30 +# sequence: 30 +# source: +# host: 3.3.3.3 +# acl_type: extended +# name: TEST +# afi: ipv4 + +# After state: +# ------------- +# +# foo#show running-config | section access-list +# ip access-list extended TEST +# 10 remark The new first remarks before 10 +# 10 remark ============new +# 10 remark The new second remarks before 10 +# 10 permit ip host 1.1.1.1 any +# 20 remark FIRST REMARK BEFORE LINE 20 +# 20 remark ============ +# 20 remark ALLOW HOST remarks AFTER LINE 20 +# 20 permit ip host 2.2.2.2 any +# 30 remark FIRST REMARK BEFORE LINE 30 +# 30 remark ============ +# 30 remark ALLOW HOST remarks AFTER LINE 30 +# 30 permit ip host 3.3.3.3 any # Using overridden @@ -924,19 +1692,19 @@ EXAMPLES = """ # ------------- # # vios#sh access-lists -# Standard IP access list std_acl -# 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 110 -# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 -# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# Extended IP access list 123 -# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 -# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list test -# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# ip access-list standard std_acl +# 10 deny 192.168.1.200 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 110 +# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 +# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# ip access-list extended 123 +# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 +# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 +# ip access-list extended R1_TRAFFIC +# 10 deny tcp any eq www any eq telnet ack dscp af11 +# ip access-list extended test +# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: Override device configuration of all acls with provided configuration cisco.ios.ios_acls: @@ -985,97 +1753,416 @@ EXAMPLES = """ eq: 10 state: overridden -# Commands fired: -# --------------- +# Task Output +# ----------- # -# - no ip access-list standard std_acl -# - no ip access-list extended 110 -# - no ip access-list extended 123 -# - no ip access-list extended 150 -# - no ip access-list extended test -# - no ipv6 access-list R1_TRAFFIC -# - ip access-list extended 150 -# - 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 -# - ip access-list extended 110 -# - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 +# before: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# traceroute: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# - destination: +# host: 198.51.110.0 +# port_protocol: +# eq: telnet +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# host: 198.51.100.0 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# acl_type: extended +# name: R1_TRAFFIC +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: test +# afi: ipv4 +# commands: +# - ip access-list extended 110 +# - no 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# - no 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 +# - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 +# - ip access-list extended 150 +# - 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 +# - no ip access-list extended 123 +# - no ip access-list extended R1_TRAFFIC +# - no ip access-list standard std_acl +# - no ip access-list extended test +# after: +# - acls: +# - aces: +# - destination: +# address: 198.51.110.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 198.51.100.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.110.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# syn: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: '150' +# afi: ipv4 # After state: # ------------- # -# vios#sh access-lists -# Extended IP access list 110 -# 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 -# Extended IP access list 150 -# 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 +# vios#sh running-config | section access-list +# ip access-list extended 110 +# 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 +# ip access-list extended 150 +# 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + -# Using Deleted +# Using deleted - delete ACL(s) # Before state: # ------------- # # vios#sh access-lists -# Standard IP access list std_acl -# 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 110 -# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 -# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# Extended IP access list 123 -# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 -# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list test -# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# ip access-list standard std_acl +# 10 deny 192.168.1.200 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 110 +# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 +# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# ip access-list extended 123 +# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 +# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 +# ip access-list extended extended_acl_1 +# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: "Delete ACLs (Note: This won't delete the all configured ACLs)" cisco.ios.ios_acls: config: - afi: ipv4 acls: - - name: test + - name: extended_acl_1 acl_type: extended - name: 110 - - afi: ipv6 - acls: - - name: R1_TRAFFIC state: deleted -# Commands fired: -# --------------- +# Task Output +# ----------- # -# - no ip access-list extended test -# - no ip access-list extended 110 -# - no ipv6 access-list R1_TRAFFIC +# before: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# traceroute: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# - destination: +# host: 198.51.110.0 +# port_protocol: +# eq: telnet +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# host: 198.51.100.0 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: extended_acl_1 +# afi: ipv4 +# commands: +# - no ip access-list extended 110 +# - no ip access-list extended extended_acl_1 +# after: +# - acls: +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# afi: ipv4 # After state: # ------------- # -# vios#sh access-lists -# Standard IP access list std_acl +# vios#sh running-config | section access-list +# ip access-list standard std_acl # 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 123 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 +# Using deleted - delete ACLs based on AFI + # Before state: # ------------- # -# vios#sh access-lists -# Standard IP access list std_acl -# 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 110 -# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 -# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# Extended IP access list 123 -# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 -# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list test -# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# vios#sh running-config | section access-list +# ip access-list standard std_acl +# 10 deny 192.168.1.200 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 110 +# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 +# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# ip access-list extended 123 +# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 +# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 +# ip access-list extended test +# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 +# ipv6 access-list R1_TRAFFIC +# sequence 10 deny tcp any eq www any eq telnet ack dscp af11 - name: "Delete ACLs based on AFI (Note: This won't delete the all configured ACLs)" cisco.ios.ios_acls: @@ -1083,245 +2170,478 @@ EXAMPLES = """ - afi: ipv4 state: deleted -# Commands fired: -# --------------- +# Task Output +# ----------- # -# - no ip access-list standard std_acl -# - no ip access-list extended test -# - no ip access-list extended 110 -# - no ip access-list extended 123 +# before: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# traceroute: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# - destination: +# host: 198.51.110.0 +# port_protocol: +# eq: telnet +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# host: 198.51.100.0 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: test +# afi: ipv4 +# - acls: +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# name: R1_TRAFFIC +# afi: ipv6 +# commands: +# - no ip access-list extended 110 +# - no ip access-list extended 123 +# - no ip access-list standard std_acl +# - no ip access-list extended test +# after: +# - acls: +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# name: R1_TRAFFIC +# afi: ipv6 # After state: # ------------- # -# vios#sh access-lists -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# vios#sh running-config | section access-list +# ipv6 access-list R1_TRAFFIC +# sequence 10 deny tcp any eq www any eq telnet ack dscp af11 + -# Using Deleted without any config passed -#"(NOTE: This will delete all of configured ACLs)" +# Using deleted - delete all ACLs # Before state: # ------------- # # vios#sh access-lists -# Standard IP access list std_acl -# 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 110 -# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 -# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# Extended IP access list 123 -# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 -# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list test -# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# ip access-list standard std_acl +# 10 deny 192.168.1.200 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 110 +# 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 +# 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack +# ip access-list extended 123 +# 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 +# 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 +# ip access-list extended test +# 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 +# ipv6 access-list R1_TRAFFIC +# sequence 10 deny tcp any eq www any eq telnet ack dscp af11 -- name: - "Delete ALL of configured ACLs (Note: This WILL delete the all configured - ACLs)" +- name: Delete ALL of configured ACLs cisco.ios.ios_acls: state: deleted -# Commands fired: -# --------------- +# Task Output +# ----------- # -# - no ip access-list extended test -# - no ip access-list extended 110 -# - no ip access-list extended 123 -# - no ip access-list extended test -# - no ipv6 access-list R1_TRAFFIC +# before: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# traceroute: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# - destination: +# host: 198.51.110.0 +# port_protocol: +# eq: telnet +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# host: 198.51.100.0 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: test +# afi: ipv4 +# - acls: +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# name: R1_TRAFFIC +# afi: ipv6 +# commands: +# - no ip access-list extended test +# - no ip access-list extended 110 +# - no ip access-list extended 123 +# - no ip access-list extended test +# - no ipv6 access-list R1_TRAFFIC +# after: [] # After state: # ------------- # -# vios#sh access-lists +# vios#sh running-config | section access-list -# Using Gathered + +# Using gathered # Before state: # ------------- # # vios#sh access-lists -# Standard IP access list std_acl +# ip access-list standard std_acl # 10 deny 192.168.1.200 -# 20 deny 192.168.2.0, wildcard bits 0.0.0.255 -# Extended IP access list 110 +# 20 deny 192.168.2.0 0.0.0.255 +# ip access-list extended 110 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack -# Extended IP access list 123 +# ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 -# Extended IP access list test +# ip access-list extended test # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 -# IPv6 access list R1_TRAFFIC -# deny tcp any eq www any eq telnet ack dscp af11 sequence 10 +# ipv6 access-list R1_TRAFFIC +# sequence 10 deny tcp any eq www any eq telnet ack dscp af11 -- name: Gather listed acls with provided configurations +- name: Gather ACLs configuration from target device cisco.ios.ios_acls: - config: state: gathered # Module Execution Result: # ------------------------ # -# "gathered": [ -# { -# "acls": [ -# { -# "aces": [ -# { -# "destination": { -# "address": "192.0.3.0", -# "wildcard_bits": "0.0.0.255" -# }, -# "dscp": "ef", -# "grant": "deny", -# "protocol_options": { -# "icmp": { -# "echo": true -# } -# }, -# "sequence": 10, -# "source": { -# "address": "192.0.2.0", -# "wildcard_bits": "0.0.0.255" -# }, -# "ttl": { -# "eq": 10 -# } -# } -# ], -# "acl_type": "extended", -# "name": "110" -# }, -# { -# "aces": [ -# { -# "destination": { -# "address": "198.51.101.0", -# "port_protocol": { -# "eq": "telnet" -# }, -# "wildcard_bits": "0.0.0.255" -# }, -# "grant": "deny", -# "protocol_options": { -# "tcp": { -# "ack": true -# } -# }, -# "sequence": 10, -# "source": { -# "address": "198.51.100.0", -# "wildcard_bits": "0.0.0.255" -# }, -# "tos": { -# "service_value": 12 -# } -# }, -# { -# "destination": { -# "address": "192.0.4.0", -# "port_protocol": { -# "eq": "www" -# }, -# "wildcard_bits": "0.0.0.255" -# }, -# "dscp": "ef", -# "grant": "deny", -# "protocol_options": { -# "tcp": { -# "ack": true -# } -# }, -# "sequence": 20, -# "source": { -# "address": "192.0.3.0", -# "wildcard_bits": "0.0.0.255" -# }, -# "ttl": { -# "lt": 20 -# } -# } -# ], -# "acl_type": "extended", -# "name": "123" -# }, -# { -# "aces": [ -# { -# "destination": { -# "address": "192.0.3.0", -# "port_protocol": { -# "eq": "www" -# }, -# "wildcard_bits": "0.0.0.255" -# }, -# "grant": "deny", -# "option": { -# "traceroute": true -# }, -# "protocol_options": { -# "tcp": { -# "fin": true -# } -# }, -# "sequence": 10, -# "source": { -# "address": "192.0.2.0", -# "wildcard_bits": "0.0.0.255" -# }, -# "ttl": { -# "eq": 10 -# } -# } -# ], -# "acl_type": "extended", -# "name": "test_acl" -# } -# ], -# "afi": "ipv4" -# }, -# { -# "acls": [ -# { -# "aces": [ -# { -# "destination": { -# "any": true, -# "port_protocol": { -# "eq": "telnet" -# } -# }, -# "dscp": "af11", -# "grant": "deny", -# "protocol_options": { -# "tcp": { -# "ack": true -# } -# }, -# "sequence": 10, -# "source": { -# "any": true, -# "port_protocol": { -# "eq": "www" -# } -# } -# } -# ], -# "name": "R1_TRAFFIC" -# } -# ], -# "afi": "ipv6" -# } -# ] - -# Using Rendered - -- name: Rendered the provided configuration with the existing running configuration +# before: +# - acls: +# - aces: +# - destination: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: icmp +# protocol_options: +# icmp: +# traceroute: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# - destination: +# host: 198.51.110.0 +# port_protocol: +# eq: telnet +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# host: 198.51.100.0 +# acl_type: extended +# name: '110' +# - aces: +# - destination: +# address: 198.51.101.0 +# port_protocol: +# eq: telnet +# wildcard_bits: 0.0.0.255 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# address: 198.51.100.0 +# wildcard_bits: 0.0.0.255 +# tos: +# service_value: 12 +# - destination: +# address: 192.0.4.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# dscp: ef +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 20 +# source: +# address: 192.0.3.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# lt: 20 +# acl_type: extended +# name: '123' +# - aces: +# - grant: deny +# sequence: 10 +# source: +# host: 192.168.1.200 +# - grant: deny +# sequence: 20 +# source: +# address: 192.168.2.0 +# wildcard_bits: 0.0.0.255 +# acl_type: standard +# name: std_acl +# - aces: +# - destination: +# address: 192.0.3.0 +# port_protocol: +# eq: www +# wildcard_bits: 0.0.0.255 +# grant: deny +# option: +# traceroute: true +# protocol: tcp +# protocol_options: +# tcp: +# fin: true +# sequence: 10 +# source: +# address: 192.0.2.0 +# wildcard_bits: 0.0.0.255 +# ttl: +# eq: 10 +# acl_type: extended +# name: test +# afi: ipv4 +# - acls: +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# name: R1_TRAFFIC +# afi: ipv6 + +# Using rendered + +- name: Render the provided configuration into platform specific configuration lines cisco.ios.ios_acls: config: - afi: ipv4 @@ -1368,12 +2688,11 @@ EXAMPLES = """ # Module Execution Result: # ------------------------ # -# "rendered": [ -# "ip access-list extended 110", -# "10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10", -# "ip access-list extended 150", -# "deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10" -# ] +# rendered: +# - ip access-list extended 110 +# - 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 +# - ip access-list extended 150 +# - deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 # Using Parsed @@ -1391,39 +2710,26 @@ EXAMPLES = """ # Module Execution Result: # ------------------------ # -# "parsed": [ -# { -# "acls": [ -# { -# "aces": [ -# { -# "destination": { -# "any": true, -# "port_protocol": { -# "eq": "telnet" -# } -# }, -# "dscp": "af11", -# "grant": "deny", -# "protocol_options": { -# "tcp": { -# "ack": true -# } -# }, -# "source": { -# "any": true, -# "port_protocol": { -# "eq": "www" -# } -# } -# } -# ], -# "name": "R1_TRAFFIC" -# } -# ], -# "afi": "ipv6" -# } -# ] +# parsed: +# - acls: +# - aces: +# - destination: +# any: true +# port_protocol: +# eq: telnet +# dscp: af11 +# grant: deny +# protocol: tcp +# protocol_options: +# tcp: +# ack: true +# sequence: 10 +# source: +# any: true +# port_protocol: +# eq: www +# name: R1_TRAFFIC +# afi: ipv6 """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_banner.py b/ansible_collections/cisco/ios/plugins/modules/ios_banner.py index 7c937b122..ca3985c3f 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_banner.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_banner.py @@ -85,7 +85,7 @@ EXAMPLES = """ - name: Configure banner from file cisco.ios.ios_banner: banner: motd - text: "{{ lookup('file', './config_partial/raw_banner.cfg') }}" # Use unix formatted text files (LF not CRLF) to avoid idempotency issues. + text: "{{ lookup('file', './config_partial/raw_banner.cfg') }}" # Use unix formatted text files (LF not CRLF) to avoid idempotency issues. state: present - name: Configure the login banner using delimiter diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_bgp_address_family.py b/ansible_collections/cisco/ios/plugins/modules/ios_bgp_address_family.py index 2021d2aec..14589f20f 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_bgp_address_family.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_bgp_address_family.py @@ -52,6 +52,18 @@ options: vrf: description: Specify parameters for a VPN Routing/Forwarding instance type: str + advertise: + description: Configure path advertise/export to other address-family + type: dict + suboptions: + afi: + description: Address family for VRF advertise/export + type: str + choices: ["l2vpn"] + safi: + description: Advertise/export prefixes to address family + type: str + choices: ["evpn"] aggregate_addresses: description: Configure BGP aggregate entries type: list @@ -591,7 +603,7 @@ options: description: - AS number used as local AS - Please refer vendor documentation for valid values - type: int + type: str dual_as: description: Accept either real AS or local AS from the ebgp peer type: bool @@ -635,12 +647,6 @@ options: warning_only: description: Only give warning message when limit is exceeded type: bool - next_hop_self: - description: - - Disable the next hop calculation for this neighbor - - This option is DEPRECATED and is replaced with nexthop_self which - accepts dict as input this attribute will be removed after 2023-06-01. - type: bool nexthop_self: description: Disable the next hop calculation for this neighbor type: dict @@ -775,7 +781,7 @@ options: description: - Specify a BGP neighbor - AS of remote neighbor - type: int + type: str remove_private_as: description: Remove private AS number from outbound updates type: dict diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_bgp_global.py b/ansible_collections/cisco/ios/plugins/modules/ios_bgp_global.py index 0639b6e8a..9aa33c87c 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_bgp_global.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_bgp_global.py @@ -1834,6 +1834,7 @@ options: choices: - merged - replaced + - overridden - deleted - purged - gathered @@ -1842,6 +1843,7 @@ options: default: merged description: - The state the configuration should be left in + - The module have declaratively similar behavior for replaced and overridden state. - The states I(rendered), I(gathered) and I(parsed) does not perform any change on the device. - The state I(rendered) will transform the configuration in C(config) option to @@ -1855,7 +1857,7 @@ options: transforms it into JSON format as per the resource module parameters and the value is returned in the I(parsed) key within the result. The value of C(running_config) option should be the same format as the output of command I(show running-config - | include ip route|ipv6 route) executed on device. For state I(parsed) active + | section ^router bgp) executed on device. For state I(parsed) active connection to remote host is not required. type: str """ @@ -2082,6 +2084,7 @@ EXAMPLES = """ # networks: # - address: 192.0.2.2 # - address: 192.0.2.3 +# # commands: # - router bgp 65000 # - no bgp bestpath compare-routerid @@ -3049,6 +3052,7 @@ def main(): required_if=[ ["state", "merged", ["config"]], ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], ["state", "rendered", ["config"]], ["state", "parsed", ["running_config"]], ], diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_command.py b/ansible_collections/cisco/ios/plugins/modules/ios_command.py index e73f8212f..38756f4de 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_command.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_command.py @@ -90,7 +90,7 @@ options: EXAMPLES = r""" - name: Run show version on remote devices cisco.ios.ios_command: - commands: show version' + commands: show version # output- @@ -337,7 +337,6 @@ EXAMPLES = r""" # ] # ] # } - """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_config.py b/ansible_collections/cisco/ios/plugins/modules/ios_config.py index d86a7dd9d..af73c230c 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_config.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_config.py @@ -322,7 +322,6 @@ EXAMPLES = """ # permit ip host 192.0.2.2 any log # permit ip host 192.0.2.3 any log # permit ip host 192.0.2.4 any log - """ RETURN = """ @@ -450,9 +449,9 @@ def main(): ) mutually_exclusive = [("lines", "src"), ("parents", "src")] required_if = [ - ("match", "strict", ["lines"]), - ("match", "exact", ["lines"]), - ("replace", "block", ["lines"]), + ("match", "strict", ["lines", "src"], True), + ("match", "exact", ["lines", "src"], True), + ("replace", "block", ["lines", "src"], True), ("diff_against", "intended", ["intended_config"]), ] module = AnsibleModule( diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_evpn_evi.py b/ansible_collections/cisco/ios/plugins/modules/ios_evpn_evi.py new file mode 100644 index 000000000..c2b8b330e --- /dev/null +++ b/ansible_collections/cisco/ios/plugins/modules/ios_evpn_evi.py @@ -0,0 +1,540 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2023 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for ios_evpn_evi +""" + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +DOCUMENTATION = """ +module: ios_evpn_evi +short_description: Resource module to configure L2VPN EVPN EVI. +description: This module provides declarative management of L2VPN EVPN EVI on Cisco IOS network + devices. +version_added: 5.3.0 +author: Padmini Priyadarshini Sivaraj (@PadminiSivaraj) +notes: + - Tested against Cisco IOS device with Version 17.13.01 on Cat9k on CML. + - This module works with connection C(network_cli). + See U(https://docs.ansible.com/ansible/latest/network/user_guide/platform_ios.html) +options: + config: + description: A dictionary of L2VPN Ethernet Virtual Private Network (EVPN) EVI configuration + type: list + elements: dict + suboptions: + evi: + description: EVPN instance value + type: int + required: True + default_gateway: + description: Default Gateway parameters + type: dict + suboptions: + advertise: + description: Advertise Default Gateway MAC/IP routes + type: dict + suboptions: + enable: + description: Enable advertisement of Default Gateway MAC/IP routes + type: bool + disable: + description: Disable advertisement of Default Gateway MAC/IP routes + type: bool + ip: + description: IP parameters + type: dict + suboptions: + local_learning: + description: IP local learning + type: dict + suboptions: + enable: + description: Enable IP local learning + type: bool + disable: + description: Disable IP local learning + type: bool + encapsulation: + description: EVPN encapsulation type + type: str + choices: + - vxlan + default: vxlan + replication_type: + description: Method for replicating BUM traffic + type: str + choices: + - ingress + - static + route_distinguisher: + description: EVPN Route Distinguisher + type: str + running_config: + description: + - This option is used only with state I(parsed). + - The value of this option should be the output received from the IOS + device by executing the command B(sh running-config nve | section ^l2vpn evpn$). + - The state I(parsed) reads the configuration from C(running_config) + option and transforms it into Ansible structured data as per the + resource module's argspec and the value is then returned in the + I(parsed) key within the result. + type: str + state: + description: + - The state the configuration should be left in + type: str + choices: + - merged + - replaced + - overridden + - deleted + - gathered + - rendered + - parsed + default: merged +""" + +EXAMPLES = """ + +# Using state merged + +# Before state: +# ------------- +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# ! +# l2vpn evpn instance 201 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type ingress + +# - name: Merge provided configuration with device configuration +# cisco.ios.ios_evpn_evi: +# config: +# - evi: 101 +# replication_type: ingress +# route_distinguisher: '1:1' +# default_gateway: +# advertise: +# enable: False +# ip: +# local_learning: +# enable: True +# +# - evi: 202 +# replication_type: static +# default_gateway: +# advertise: +# enable: True +# ip: +# local_learning: +# disable: True +# state: merged + +# Commands Fired: +# --------------- +# "commands": [ +# "l2vpn evpn instance 101 vlan-based", +# "ip local-learning enable", +# "replication-type ingress", +# "rd 1:1", +# "l2vpn evpn instance 202 vlan-based", +# "default-gateway advertise enable", +# "ip local-learning disable", +# "replication-type static" +# ], + +# After state: +# ------------ +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# rd 1:1 +# replication-type ingress +# ip local-learning enable +# ! +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# ! +# l2vpn evpn instance 201 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type static +# ip local-learning disable +# default-gateway advertise enable + + +# Using state replaced + +# Before state: +# ------------- +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# rd 1:1 +# replication-type ingress +# ip local-learning enable +# ! +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# ! +# l2vpn evpn instance 201 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type static +# ip local-learning disable +# default-gateway advertise enable + +# - name: Replaces the device configuration with the provided configuration +# cisco.ios.ios_evpn_evi: +# config: +# - evi: 101 +# replication_type: ingress +# default_gateway: +# advertise: +# enable: True +# - evi: 202 +# replication_type: ingress +# state: replaced + +# Commands Fired: +# --------------- +# "commands": [ +# "l2vpn evpn instance 101 vlan-based", +# "default-gateway advertise enable", +# "no ip local-learning enable", +# "no rd 1:1", +# "l2vpn evpn instance 202 vlan-based", +# "no default-gateway advertise enable", +# "no ip local-learning disable", +# "replication-type ingress" +# ], + +# After state: +# ------------ +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# replication-type ingress +# default-gateway advertise enable +# ! +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# ! +# l2vpn evpn instance 201 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type ingress + +# Using state overridden + +# Before state: +# ------------- +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# replication-type ingress +# default-gateway advertise enable +# ! +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# ! +# l2vpn evpn instance 201 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type ingress + +# - name: Override the device configuration with provided configuration +# cisco.ios.ios_evpn_evi: +# config: +# - evi: 101 +# replication_type: ingress +# default_gateway: +# advertise: +# enable: True +# - evi: 202 +# replication_type: static +# default_gateway: +# advertise: +# enable: True +# state: overridden + +# Commands Fired: +# --------------- +# "commands": [ +# "no l2vpn evpn instance 102 vlan-based", +# "no l2vpn evpn instance 201 vlan-based", +# "l2vpn evpn instance 202 vlan-based", +# "default-gateway advertise enable", +# "replication-type static" +# ], + +# After state: +# ------------ +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# replication-type ingress +# default-gateway advertise enable +# ! +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type static +# default-gateway advertise enable + + +# Using state Deleted + +# Before state: +# ------------- +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# replication-type ingress +# default-gateway advertise enable +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type static +# default-gateway advertise enable + +# - name: "Delete the given EVI(s)" +# cisco.ios.ios_evpn_evi: +# config: +# - evi: 101 +# state: deleted + +# Commands Fired: +# --------------- +# "commands": [ +# "no l2vpn evpn instance 101 vlan-based" +# ], + +# After state: +# ------------- +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type static +# default-gateway advertise enable + +# Using state Deleted without any config passed + +# Before state: +# ------------- +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type static +# default-gateway advertise enable + +# - name: "Delete ALL EVIs" +# cisco.ios.ios_evpn_evi: +# state: deleted + +# Commands Fired: +# --------------- +# "commands": [ +# "no l2vpn evpn instance 102 vlan-based", +# "no l2vpn evpn instance 202 vlan-based" +# ], + +# After state: +# ------------- +# ! + +# Using gathered + +# Before state: +# ------------- +# +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# ! +# l2vpn evpn instance 201 vlan-based +# encapsulation vxlan +# replication-type static +# ! +# l2vpn evpn instance 202 vlan-based +# encapsulation vxlan +# replication-type ingress + +# - name: Gather facts for evpn_evi +# cisco.ios.ios_evpn_evi: +# config: +# state: gathered + +# Task Output: +# ------------ +# +# gathered: +# - evi: 101 +# encapsulation: vxlan +# replication_type: static +# - evi: 102 +# encapsulation: vxlan +# replication_type: ingress +# - evi: 201 +# encapsulation: vxlan +# replication_type: static +# - evi: 202 +# encapsulation: vxlan +# replication_type: ingress + +# Using Rendered + +# - name: Rendered the provided configuration with the existing running configuration +# cisco.ios.ios_evpn_evi: +# config: +# - evi: 101 +# replication_type: ingress +# default_gateway: +# advertise: +# enable: True +# - evi: 202 +# replication_type: ingress +# state: rendered + +# Task Output: +# ------------ +# +# rendered: +# - l2vpn evpn instance 101 vlan-based +# - default-gateway advertise enable +# - replication-type ingress +# - l2vpn evpn instance 202 vlan-based +# - replication-type ingress + + +# Using parsed + +# File: parsed.cfg +# ---------------- +# +# l2vpn evpn instance 101 vlan-based +# encapsulation vxlan +# replication-type ingress +# default-gateway advertise enable +# ! +# l2vpn evpn instance 102 vlan-based +# encapsulation vxlan +# replication-type ingress +# ! + +# - name: Parse the commands for provided configuration +# cisco.ios.ios_evpn_evi: +# running_config: "{{ lookup('file', 'parsed.cfg') }}" +# state: parsed + +# Task Output: +# ------------ +# +# parsed: +# - evi: 101 +# encapsulation: vxlan +# replication_type: ingress +# default_gateway: +# advertise: +# enable: true +# - evi: 102 +# encapsulation: vxlan +# replication_type: ingress +""" + +RETURN = """ +before: + description: The configuration prior to the module execution. + returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after module execution. + returned: when changed + type: dict + sample: > + This output will always be in the same format as the + module argspec. +commands: + description: The set of commands pushed to the remote device. + returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) + type: list + sample: + - "l2vpn evpn instance 101 vlan-based" + - "encapsulation vxlan" + - "replication-type ingress" +""" + +from ansible.module_utils.basic import AnsibleModule + +from ansible_collections.cisco.ios.plugins.module_utils.network.ios.argspec.evpn_evi.evpn_evi import ( + Evpn_eviArgs, +) +from ansible_collections.cisco.ios.plugins.module_utils.network.ios.config.evpn_evi.evpn_evi import ( + Evpn_evi, +) + + +def main(): + """ + Main entry point for module execution + + :returns: the result form module invocation + """ + module = AnsibleModule( + argument_spec=Evpn_eviArgs.argument_spec, + mutually_exclusive=[["config", "running_config"]], + required_if=[ + ["state", "merged", ["config"]], + ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], + ["state", "rendered", ["config"]], + ["state", "parsed", ["running_config"]], + ], + supports_check_mode=True, + ) + + result = Evpn_evi(module).execute_module() + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_evpn_global.py b/ansible_collections/cisco/ios/plugins/modules/ios_evpn_global.py new file mode 100644 index 000000000..0ffe52b90 --- /dev/null +++ b/ansible_collections/cisco/ios/plugins/modules/ios_evpn_global.py @@ -0,0 +1,429 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2023 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for ios_evpn_global +""" + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +DOCUMENTATION = """ +module: ios_evpn_global +short_description: Resource module to configure L2VPN EVPN. +description: This module provides declarative management of L2VPN EVPN on Cisco IOS network + devices. +version_added: 5.3.0 +author: Padmini Priyadarshini Sivaraj (@PadminiSivaraj) +notes: + - Tested against Cisco IOS device with Version 17.13.01 on Cat9k on CML. + - This module works with connection C(network_cli). + See U(https://docs.ansible.com/ansible/latest/network/user_guide/platform_ios.html) +options: + config: + description: A dictionary of L2VPN Ethernet Virtual Private Network (EVPN) configuration + type: dict + suboptions: + default_gateway: + description: Default gateway parameters + type: dict + suboptions: + advertise: + description: Advertise Default Gateway MAC/IP routes + type: bool + flooding_suppression: + description: Suppress flooding of broadcast, multicast, and/or unknown unicast packets + type: dict + suboptions: + address_resolution: + description: Suppress flooding of Address Resolution and Neighbor Discovery Protocol packets + type: dict + suboptions: + disable: + description: Disable flooding suppression + type: bool + ip: + description: IP parameters + type: dict + suboptions: + local_learning: + description: IP local learning + type: dict + suboptions: + disable: + description: Disable IP local learning + type: bool + replication_type: + description: Method for replicating BUM traffic + type: str + choices: + - ingress + - static + route_target: + description: Route Target VPN Extended Communities + type: dict + suboptions: + auto: + description: Automatically set a route-target + type: dict + suboptions: + vni: + description: Set vni-based route-target + type: bool + router_id: + description: EVPN router ID + type: str + running_config: + description: + - This option is used only with state I(parsed). + - The value of this option should be the output received from the IOS + device by executing the command B(sh running-config nve | section ^l2vpn evpn$). + - The state I(parsed) reads the configuration from C(running_config) + option and transforms it into Ansible structured data as per the + resource module's argspec and the value is then returned in the + I(parsed) key within the result. + type: str + state: + description: + - The state the configuration should be left in + type: str + choices: + - merged + - replaced + - overridden + - deleted + - gathered + - rendered + - parsed + default: merged +""" + + +EXAMPLES = """ + +# Using merged + +# Before state: +# ------------- +# +# Leaf-01#show running-config nve | section ^l2vpn evpn$ +# l2vpn evpn +# replication-type static +# router-id Loopback1 +# default-gateway advertise + +- name: Merge provided configuration with device configuration + cisco.ios.ios_evpn_global: + config: + replication_type: ingress + route_target: + auto: + vni: true + default_gateway: + advertise: false + ip: + local_learning: + disable: true + flooding_suppression: + address_resolution: + disable: false + state: merged + +# Task Output +# ----------- +# +# before: +# - replication_type: static +# router_id: Loopback1 +# default_gateway: +# advertise: true +# commands: +# - l2vpn evpn +# no default-gateway advertise +# replication-type ingress +# route-target auto vni +# ip local-learning disable +# after: +# - replication_type: ingress +# router_id: Loopback1 +# route_target: +# auto: +# vni: true +# ip: +# local_learning: +# disable: true + +# After state: +# ------------ +# +# Leaf-01#show running-config nve | section ^l2vpn evpn$ +# l2vpn evpn +# replication-type ingress +# router-id Loopback1 +# ip local-learning disable +# route-target auto vni + +# Using replaced + +# Before state: +# ------------- +# +# Leaf-01#show running-config nve | section ^l2vpn evpn$ +# l2vpn evpn +# replication-type ingress +# router-id Loopback1 +# ip local-learning disable +# route-target auto vni + +- name: Replaces device configuration for EVPN global with provided configuration + cisco.ios.ios_evpn_global: + config: + replication_type: static + router_id: Loopback2 + default_gateway: + advertise: true + flooding_suppression: + address_resolution: + disable: true + state: replaced + +# Task Output +# ----------- +# +# before: +# - replication_type: ingress +# router_id: Loopback1 +# route_target: +# auto: +# vni: true +# ip: +# local_learning: +# disable: true +# commands: +# - l2vpn evpn +# - default-gateway advertise +# - flooding-suppression address-resolution disable +# - no ip local-learning disable +# - replication-type static +# - no route-target auto vni +# - router-id Loopback2 +# after: +# - replication_type: ingress +# router_id: Loopback2 +# default_gateway: +# advertise: true +# flooding_suppression: +# address_resolution: +# disable: true + +# After state: +# ------------ +# +# Leaf-01#show running-config nve | section ^l2vpn evpn$ +# l2vpn evpn +# replication-type static +# flooding-suppression address-resolution disable +# router-id Loopback2 +# default-gateway advertise + +# Using Deleted + +# Before state: +# ------------- +# +# Leaf-01#show running-config nve | section ^l2vpn evpn$ +# l2vpn evpn +# replication-type static +# flooding-suppression address-resolution disable +# router-id Loopback2 +# default-gateway advertise + +- name: Delete EVPN global + cisco.ios.ios_evpn_global: + config: + state: deleted + +# before: +# - replication_type: ingress +# router_id: Loopback2 +# default_gateway: +# advertise: true +# flooding_suppression: +# address_resolution: +# disable: true +# commands: +# - no l2vpn evpn +# after: +# + +# After state: +# ------------- +# +# Leaf-01#show running-config nve | section ^l2vpn evpn$ +# + +# Using gathered + +# Before state: +# ------------- +# +# Leaf-01#show running-config nve | section ^l2vpn evpn$ +# l2vpn evpn +# replication-type ingress +# router-id Loopback1 +# ip local-learning disable +# route-target auto vni + +- name: Gather facts of l2vpn evpn + cisco.ios.ios_evpn_global: + config: + state: gathered + +# Task Output: +# ------------ +# +# gathered: +# - replication_type: ingress +# route_target: +# auto: +# vni: true +# router_id: Loopback1 +# ip: +# local_learning: +# disable: true + +# Using rendered + +- name: Render the commands for provided configuration + cisco.ios.ios_evpn_global: + config: + replication_type: static + route_target: + auto: + vni: true + state: rendered + +# Task Output: +# ------------ +# +# rendered: +# - l2vpn evpn +# - replication-type static +# - route-target auto vni + +# Using parsed + +# File: parsed.cfg +# ---------------- +# +# l2vpn evpn +# replication-type ingress +# router-id Loopback1 +# default-gateway advertise +# route-target auto vni + +- name: Parse the provided configuration + cisco.ios.ios_evpn_global: + running_config: "{{ lookup('file', 'parsed.cfg') }}" + state: parsed + +# Task Output: +# ------------ +# +# parsed: +# - replication_type: ingress +# route_target: +# auto: +# vni: true +# router_id: Loopback1 +# default_gateway: +# advertise: true +""" + +RETURN = """ +before: + description: The configuration prior to the module execution. + returned: when I(state) is C(merged), C(replaced), C(overridden), or C(deleted) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after module execution. + returned: when changed + type: dict + sample: > + This output will always be in the same format as the + module argspec. +commands: + description: The set of commands pushed to the remote device. + returned: when I(state) is C(merged), C(replaced), C(overridden), or C(deleted) + type: list + sample: + - "l2vpn evpn" + - "replication-type ingress" + - "router_id Loopback1" +rendered: + description: The provided configuration in the task rendered in device-native format (offline). + returned: when I(state) is C(rendered) + type: list + sample: + - l2vpn evpn + - replication-type static + - route-target auto vni +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when I(state) is C(gathered) + type: list + sample: > + This output will always be in the same format as the + module argspec. +parsed: + description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. + returned: when I(state) is C(parsed) + type: list + sample: > + This output will always be in the same format as the + module argspec. +""" + +from ansible.module_utils.basic import AnsibleModule + +from ansible_collections.cisco.ios.plugins.module_utils.network.ios.argspec.evpn_global.evpn_global import ( + Evpn_globalArgs, +) +from ansible_collections.cisco.ios.plugins.module_utils.network.ios.config.evpn_global.evpn_global import ( + Evpn_global, +) + + +def main(): + """ + Main entry point for module execution + + :returns: the result form module invocation + """ + module = AnsibleModule( + argument_spec=Evpn_globalArgs.argument_spec, + mutually_exclusive=[["config", "running_config"]], + required_if=[ + ["state", "merged", ["config"]], + ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], + ["state", "rendered", ["config"]], + ["state", "parsed", ["running_config"]], + ], + supports_check_mode=True, + ) + + result = Evpn_global(module).execute_module() + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_facts.py b/ansible_collections/cisco/ios/plugins/modules/ios_facts.py index fd4c786f5..93b7b446a 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_facts.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_facts.py @@ -184,6 +184,10 @@ ansible_net_memtotal_mb: description: The total memory on the remote device in Mb returned: when hardware is configured type: int +ansible_net_cpu_utilization: + description: The current CPU utilization of the device + returned: when hardware is configured + type: dict # config ansible_net_config: diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_hostname.py b/ansible_collections/cisco/ios/plugins/modules/ios_hostname.py index 2949fc584..b8efdd5b8 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_hostname.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_hostname.py @@ -194,7 +194,7 @@ EXAMPLES = """ # Before state: # ------------- -#router-ios#show running-config | section ^hostname +# router-ios#show running-config | section ^hostname # hostname RouterTest # Gathered play: diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_l3_interfaces.py b/ansible_collections/cisco/ios/plugins/modules/ios_l3_interfaces.py index 7ea6d0d7a..0f6924124 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_l3_interfaces.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_l3_interfaces.py @@ -827,7 +827,6 @@ EXAMPLES = """ # ipv6: # - address: 2001:db8:0:3::/64 # name: GigabitEthernet0/2 - """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_lacp.py b/ansible_collections/cisco/ios/plugins/modules/ios_lacp.py index 705b0fced..350dc4e37 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_lacp.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_lacp.py @@ -63,6 +63,7 @@ options: state: description: - The state the configuration should be left in + - The module have declaratively similar behavior for replaced and overridden state. - The states I(rendered), I(gathered) and I(parsed) does not perform any change on the device. - The state I(rendered) will transform the configuration in C(config) option to @@ -82,6 +83,7 @@ options: choices: - merged - replaced + - overridden - deleted - rendered - parsed @@ -255,6 +257,7 @@ def main(): required_if = [ ("state", "merged", ("config",)), ("state", "replaced", ("config",)), + ("state", "overridden", ("config",)), ("state", "rendered", ("config",)), ("state", "parsed", ("running_config",)), ] diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_lacp_interfaces.py b/ansible_collections/cisco/ios/plugins/modules/ios_lacp_interfaces.py index fe8e92bcc..aeec9db42 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_lacp_interfaces.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_lacp_interfaces.py @@ -451,7 +451,6 @@ EXAMPLES = """ # "name": "Port-channel10" # } # ] - """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_lag_interfaces.py b/ansible_collections/cisco/ios/plugins/modules/ios_lag_interfaces.py index 64a43f700..e716cf4d4 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_lag_interfaces.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_lag_interfaces.py @@ -135,7 +135,7 @@ EXAMPLES = """ - name: Port-channel20 members: - member: GigabitEthernet0/3 - mode: on + mode: "on" - name: Port-channel30 members: - member: GigabitEthernet0/4 @@ -358,7 +358,7 @@ EXAMPLES = """ # channel-group 30 mode active # Using Deleted without any config passed -#"(NOTE: This will delete all of configured LLDP module attributes)" +# "(NOTE: This will delete all of configured LLDP module attributes)" # # Before state: diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_linkagg.py b/ansible_collections/cisco/ios/plugins/modules/ios_linkagg.py index cadc5551c..4572afe42 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_linkagg.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_linkagg.py @@ -138,9 +138,8 @@ EXAMPLES = """ - name: Create aggregate of linkagg definitions cisco.ios.ios_linkagg: aggregate: - - { group: 3, mode: on, members: [GigabitEthernet0/1] } + - { group: 3, mode: "on", members: [GigabitEthernet0/1] } - { group: 100, mode: passive, members: [GigabitEthernet0/2] } - """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_lldp_global.py b/ansible_collections/cisco/ios/plugins/modules/ios_lldp_global.py index 3cbeac6d1..bef63639e 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_lldp_global.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_lldp_global.py @@ -124,6 +124,7 @@ options: state: description: - The state the configuration should be left in + - The module have declaratively similar behavior for replaced and overridden state. - The states I(rendered), I(gathered) and I(parsed) does not perform any change on the device. - The state I(rendered) will transform the configuration in C(config) option to @@ -143,6 +144,7 @@ options: choices: - merged - replaced + - overridden - deleted - rendered - gathered @@ -199,7 +201,7 @@ EXAMPLES = """ # lldp reinit 5 # Using Deleted without any config passed -#"(NOTE: This will delete all of configured LLDP module attributes)" +# "(NOTE: This will delete all of configured LLDP module attributes)" # Before state: # ------------- @@ -297,7 +299,6 @@ EXAMPLES = """ # "reinit": 3, # "timer": 10 # } - """ RETURN = """ @@ -337,6 +338,7 @@ def main(): required_if = [ ("state", "merged", ("config",)), ("state", "replaced", ("config",)), + ("state", "overridden", ("config",)), ("state", "rendered", ("config",)), ("state", "parsed", ("running_config",)), ] diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_logging.py b/ansible_collections/cisco/ios/plugins/modules/ios_logging.py deleted file mode 100644 index 492e94d85..000000000 --- a/ansible_collections/cisco/ios/plugins/modules/ios_logging.py +++ /dev/null @@ -1,498 +0,0 @@ -#!/usr/bin/python -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. -# -from __future__ import absolute_import, division, print_function - - -__metaclass__ = type - -DOCUMENTATION = """ -module: ios_logging -author: Trishna Guha (@trishnaguha) -short_description: (deprecated, removed after 2023-06-01) Manage logging on network devices -description: - - This module provides declarative management of logging on Cisco Ios devices. -version_added: 1.0.0 -deprecated: - alternative: ios_logging_global - why: Newer and updated modules released with more functionality. - removed_at_date: "2023-06-01" -notes: - - Tested against IOS 15.6 - - The 'Default System Message Logging Configuration' of the ios device - like facility Local7 or logging on is not subjected to idempotency causes -options: - dest: - description: - - Destination of the logs. - - On dest has to be quoted as 'on' or else pyyaml will convert - to True before it gets to Ansible. - choices: - - "on" - - host - - console - - monitor - - buffered - - trap - type: str - name: - description: - - The hostname or IP address of the destination. - - Required when I(dest=host). - type: str - size: - description: - - Size of buffer. The acceptable value is in range from 4096 to 4294967295 bytes. - type: int - facility: - description: - - Set logging facility. - type: str - level: - description: - - Set logging severity levels. - default: debugging - choices: - - emergencies - - alerts - - critical - - errors - - warnings - - notifications - - informational - - debugging - type: str - aggregate: - description: List of logging definitions. - type: list - elements: dict - suboptions: - dest: - description: - - Destination of the logs. - - On dest has to be quoted as 'on' or else pyyaml will convert - to True before it gets to Ansible. - choices: - - "on" - - host - - console - - monitor - - buffered - - trap - type: str - name: - description: - - The hostname or IP address of the destination. - - Required when I(dest=host). - type: str - size: - description: - - Size of buffer. The acceptable value is in range from 4096 to 4294967295 bytes. - type: int - facility: - description: - - Set logging facility. - type: str - level: - description: - - Set logging severity levels. - type: str - choices: - - emergencies - - alerts - - critical - - errors - - warnings - - notifications - - informational - - debugging - state: - description: - - State of the logging configuration. - choices: - - present - - absent - type: str - state: - description: - - State of the logging configuration. - default: present - choices: - - present - - absent - type: str -extends_documentation_fragment: - - cisco.ios.ios -""" - -EXAMPLES = """ -- name: Configure host logging - cisco.ios.ios_logging: - dest: host - name: 172.16.0.1 - state: present - -- name: Remove host logging configuration - cisco.ios.ios_logging: - dest: host - name: 172.16.0.1 - state: absent - -- name: Configure console logging level and facility - cisco.ios.ios_logging: - dest: console - facility: local7 - level: debugging - state: present - -- name: Enable logging to all - cisco.ios.ios_logging: - dest: on - -- name: Configure buffer size - cisco.ios.ios_logging: - dest: buffered - size: 5000 - -- name: Configure logging using aggregate - cisco.ios.ios_logging: - aggregate: - - { dest: console, level: notifications } - - { dest: buffered, size: 9000 } - -- name: Remove logging using aggregate - cisco.ios.ios_logging: - aggregate: - - { dest: console, level: notifications } - - { dest: buffered, size: 9000 } - state: absent -""" - -RETURN = """ -commands: - description: The list of configuration mode commands to send to the device - returned: always - type: list - sample: - - logging facility local7 - - logging host 172.16.0.1 -""" -import re - -from copy import deepcopy - -from ansible.module_utils._text import to_text -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.common.validation import check_required_if -from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( - remove_default_spec, - validate_ip_address, -) - -from ansible_collections.cisco.ios.plugins.module_utils.network.ios.ios import ( - get_capabilities, - get_config, - load_config, -) - - -def validate_size(value, module): - if value: - if not int(4096) <= int(value) <= int(4294967295): - module.fail_json(msg="size must be between 4096 and 4294967295") - else: - return value - - -def map_obj_to_commands(updates, module, os_version): - dest_group = "console", "monitor", "buffered", "on", "trap" - commands = list() - want, have = updates - for w in want: - dest = w["dest"] - name = w["name"] - size = w["size"] - facility = w["facility"] - level = w["level"] - state = w["state"] - del w["state"] - if facility: - w["dest"] = "facility" - if state == "absent" and w in have: - if dest: - if dest == "host": - if os_version.startswith("12."): - commands.append("no logging {0}".format(name)) - else: - commands.append("no logging host {0}".format(name)) - elif dest in dest_group: - commands.append("no logging {0}".format(dest)) - else: - module.fail_json( - msg="dest must be among console, monitor, buffered, host, on, trap", - ) - if facility: - commands.append("no logging facility {0}".format(facility)) - if state == "present" and w not in have: - if facility: - present = False - for entry in have: - if entry["dest"] == "facility" and entry["facility"] == facility: - present = True - if not present: - commands.append("logging facility {0}".format(facility)) - if dest == "host": - if os_version.startswith("12."): - commands.append("logging {0}".format(name)) - else: - commands.append("logging host {0}".format(name)) - elif dest == "on": - commands.append("logging on") - elif dest == "buffered" and size: - present = False - for entry in have: - if ( - entry["dest"] == "buffered" - and entry["size"] == size - and entry["level"] == level - ): - present = True - if not present: - if level and level != "debugging": - commands.append("logging buffered {0} {1}".format(size, level)) - else: - commands.append("logging buffered {0}".format(size)) - elif dest: - dest_cmd = "logging {0}".format(dest) - if level: - dest_cmd += " {0}".format(level) - commands.append(dest_cmd) - return commands - - -def parse_facility(line, dest): - facility = None - if dest == "facility": - match = re.search("logging facility (\\S+)", line, re.M) - if match: - facility = match.group(1) - return facility - - -def parse_size(line, dest): - size = None - if dest == "buffered": - match = re.search("logging buffered(?: (\\d+))?(?: [a-z]+)?", line, re.M) - if match: - if match.group(1) is not None: - size = match.group(1) - else: - size = "4096" - return size - - -def parse_name(line, dest): - if dest == "host": - match = re.search("logging host (\\S+)", line, re.M) - if match: - name = match.group(1) - else: - name = None - return name - - -def parse_level(line, dest): - level_group = ( - "emergencies", - "alerts", - "critical", - "errors", - "warnings", - "notifications", - "informational", - "debugging", - ) - if dest == "host": - level = "debugging" - else: - if dest == "buffered": - match = re.search("logging buffered(?: \\d+)?(?: ([a-z]+))?", line, re.M) - else: - match = re.search("logging {0} (\\S+)".format(dest), line, re.M) - if match and match.group(1) in level_group: - level = match.group(1) - else: - level = "debugging" - return level - - -def map_config_to_obj(module): - obj = [] - dest_group = ("console", "host", "monitor", "buffered", "on", "facility", "trap") - data = get_config(module, flags=["| include logging"]) - for line in data.split("\n"): - match = re.search("^logging (\\S+)", line, re.M) - if match: - if match.group(1) in dest_group: - dest = match.group(1) - obj.append( - { - "dest": dest, - "name": parse_name(line, dest), - "size": parse_size(line, dest), - "facility": parse_facility(line, dest), - "level": parse_level(line, dest), - }, - ) - elif validate_ip_address(match.group(1)): - dest = "host" - obj.append( - { - "dest": dest, - "name": match.group(1), - "size": parse_size(line, dest), - "facility": parse_facility(line, dest), - "level": parse_level(line, dest), - }, - ) - else: - ip_match = re.search("\\d+\\.\\d+\\.\\d+\\.\\d+", match.group(1), re.M) - if ip_match: - dest = "host" - obj.append( - { - "dest": dest, - "name": match.group(1), - "size": parse_size(line, dest), - "facility": parse_facility(line, dest), - "level": parse_level(line, dest), - }, - ) - return obj - - -def map_params_to_obj(module, required_if=None): - obj = [] - aggregate = module.params.get("aggregate") - if aggregate: - for item in aggregate: - for key in item: - if item.get(key) is None: - item[key] = module.params[key] - try: - check_required_if(required_if, item) - except TypeError as exc: - module.fail_json(to_text(exc)) - d = item.copy() - if d["dest"] != "host": - d["name"] = None - if d["dest"] == "buffered": - if "size" in d: - d["size"] = str(validate_size(d["size"], module)) - elif "size" not in d: - d["size"] = str(4096) - else: - pass - if d["dest"] != "buffered": - d["size"] = None - obj.append(d) - else: - if module.params["dest"] != "host": - module.params["name"] = None - if module.params["dest"] == "buffered": - if not module.params["size"]: - module.params["size"] = str(4096) - else: - module.params["size"] = None - if module.params["size"] is None: - obj.append( - { - "dest": module.params["dest"], - "name": module.params["name"], - "size": module.params["size"], - "facility": module.params["facility"], - "level": module.params["level"], - "state": module.params["state"], - }, - ) - else: - obj.append( - { - "dest": module.params["dest"], - "name": module.params["name"], - "size": str(validate_size(module.params["size"], module)), - "facility": module.params["facility"], - "level": module.params["level"], - "state": module.params["state"], - }, - ) - return obj - - -def main(): - """main entry point for module execution""" - element_spec = dict( - dest=dict(type="str", choices=["on", "host", "console", "monitor", "buffered", "trap"]), - name=dict(type="str"), - size=dict(type="int"), - facility=dict(type="str"), - level=dict( - type="str", - default="debugging", - choices=[ - "emergencies", - "alerts", - "critical", - "errors", - "warnings", - "notifications", - "informational", - "debugging", - ], - ), - state=dict(default="present", choices=["present", "absent"]), - ) - aggregate_spec = deepcopy(element_spec) - # remove default in aggregate spec, to handle common arguments - remove_default_spec(aggregate_spec) - argument_spec = dict(aggregate=dict(type="list", elements="dict", options=aggregate_spec)) - argument_spec.update(element_spec) - required_if = [("dest", "host", ["name"])] - module = AnsibleModule( - argument_spec=argument_spec, - required_if=required_if, - supports_check_mode=True, - ) - device_info = get_capabilities(module) - os_version = device_info["device_info"]["network_os_version"] - warnings = list() - result = {"changed": False} - if warnings: - result["warnings"] = warnings - want = map_params_to_obj(module, required_if=required_if) - have = map_config_to_obj(module) - commands = map_obj_to_commands((want, have), module, os_version) - result["commands"] = commands - if commands: - if not module.check_mode: - load_config(module, commands) - result["changed"] = True - module.exit_json(**result) - - -if __name__ == "__main__": - main() diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_logging_global.py b/ansible_collections/cisco/ios/plugins/modules/ios_logging_global.py index a77ca1115..aab889772 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_logging_global.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_logging_global.py @@ -702,7 +702,7 @@ EXAMPLES = """ # Before state: # ------------- -#router-ios#show running-config | section logging +# router-ios#show running-config | section logging # logging exception 4099 # logging message-counter log # logging userinfo diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_ntp.py b/ansible_collections/cisco/ios/plugins/modules/ios_ntp.py index 2eeb2b088..065054411 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_ntp.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_ntp.py @@ -116,8 +116,8 @@ EXAMPLES = """ auth_key: 15435A030726242723273C21181319000A auth: true state: present - """ + RETURN = """ commands: description: command sent to the device @@ -125,6 +125,7 @@ commands: type: list sample: ["no ntp server 10.0.255.10", "no ntp source Loopback0"] """ + import re from ansible.module_utils.basic import AnsibleModule diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_ntp_global.py b/ansible_collections/cisco/ios/plugins/modules/ios_ntp_global.py index 87c37a25f..6293b4c0d 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_ntp_global.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_ntp_global.py @@ -608,7 +608,7 @@ EXAMPLES = """ # Before state: # ------------- -#router-ios#show running-config | section ^ntp +# router-ios#show running-config | section ^ntp # ntp max-associations 34 # ntp logging # ntp allow mode control 4 diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_ospf_interfaces.py b/ansible_collections/cisco/ios/plugins/modules/ios_ospf_interfaces.py index 386020f3a..fc2144296 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_ospf_interfaces.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_ospf_interfaces.py @@ -408,19 +408,60 @@ EXAMPLES = """ - name: GigabitEthernet0/1 state: deleted -# Commands Fired: -# --------------- -# -# "commands": [ -# "interface GigabitEthernet0/1", -# "no ipv6 ospf 55 area 105", -# "no ipv6 ospf adjacency stagger disable", -# "no ipv6 ospf priority 20", -# "no ipv6 ospf transmit-delay 30" -# ] +# Task Output: +# ------------ +# before: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv6 +# priority: 20 +# process: +# area_id: '105' +# id: 55 +# transmit_delay: 30 +# name: GigabitEthernet0/1 +# - address_family: +# - adjacency: true +# afi: ipv4 +# cost: +# interface_cost: 30 +# priority: 40 +# process: +# area_id: '20' +# id: 10 +# ttl_security: +# hops: 50 +# set: true +# name: GigabitEthernet0/2 +# +# commands: +# - interface GigabitEthernet0/1 +# - no ipv6 ospf 55 area 105 +# - no ipv6 ospf adjacency stagger disable +# - no ipv6 ospf priority 20 +# - no ipv6 ospf transmit-delay 30 +# +# after: +# - name: GigabitEthernet0/0 +# - name: GigabitEthernet0/1 +# - address_family: +# - adjacency: true +# afi: ipv4 +# cost: +# interface_cost: 30 +# priority: 40 +# process: +# area_id: '20' +# id: 10 +# ttl_security: +# hops: 50 +# set: true +# name: GigabitEthernet0/2 +# # After state: -# ------------- +# ------------ # router-ios#sh running-config | section ^interface # interface GigabitEthernet0/0 # interface GigabitEthernet0/1 @@ -454,22 +495,51 @@ EXAMPLES = """ cisco.ios.ios_ospf_interfaces: state: deleted -# Commands Fired: -# --------------- +# Task Output: +# ------------ + +# before: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv6 +# priority: 20 +# process: +# area_id: '105' +# id: 55 +# transmit_delay: 30 +# name: GigabitEthernet0/1 +# - address_family: +# - adjacency: true +# afi: ipv4 +# cost: +# interface_cost: 30 +# priority: 40 +# process: +# area_id: '20' +# id: 10 +# ttl_security: +# hops: 50 +# set: true +# name: GigabitEthernet0/2 +# +# commands: +# - interface GigabitEthernet0/2 +# - no ip ospf 10 area 20 +# - no ip ospf adjacency stagger disable +# - no ip ospf cost 30 +# - no ip ospf priority 40 +# - no ip ospf ttl-security hops 50 +# - interface GigabitEthernet0/1 +# - no ipv6 ospf 55 area 105 +# - no ipv6 ospf adjacency stagger disable +# - no ipv6 ospf priority 20 +# - no ipv6 ospf transmit-delay 30 # -# "commands": [ -# "interface GigabitEthernet0/2", -# "no ip ospf 10 area 20", -# "no ip ospf adjacency stagger disable", -# "no ip ospf cost 30", -# "no ip ospf priority 40", -# "no ip ospf ttl-security hops 50", -# "interface GigabitEthernet0/1", -# "no ipv6 ospf 55 area 105", -# "no ipv6 ospf adjacency stagger disable", -# "no ipv6 ospf priority 20", -# "no ipv6 ospf transmit-delay 30" -# ] +# after: +# - name: GigabitEthernet0/0 +# - name: GigabitEthernet0/1 +# - name: GigabitEthernet0/2 # After state: # ------------- @@ -523,29 +593,67 @@ EXAMPLES = """ transmit_delay: 45 state: merged -# Commands Fired: -# --------------- +# Task Output: +# ------------ +# before: [] +# +# commands: +# - interface GigabitEthernet0/1 +# - ip ospf 10 area 30 +# - ip ospf adjacency stagger disable +# - ip ospf bfd +# - ip ospf cost 5 +# - ip ospf dead-interval 5 +# - ip ospf demand-circuit ignore +# - ip ospf network broadcast +# - ip ospf priority 25 +# - ip ospf resync-timeout 10 +# - ip ospf shutdown +# - ip ospf ttl-security hops 50 +# - ipv6 ospf 35 area 45 +# - ipv6 ospf adjacency stagger disable +# - ipv6 ospf database-filter all out +# - ipv6 ospf manet peering link-metrics 10 +# - ipv6 ospf priority 55 +# - ipv6 ospf transmit-delay 45 # -# "commands": [ -# "interface GigabitEthernet0/1", -# "ip ospf 10 area 30", -# "ip ospf adjacency stagger disable", -# "ip ospf bfd", -# "ip ospf cost 5", -# "ip ospf dead-interval 5", -# "ip ospf demand-circuit ignore", -# "ip ospf network broadcast", -# "ip ospf priority 25", -# "ip ospf resync-timeout 10", -# "ip ospf shutdown", -# "ip ospf ttl-security hops 50", -# "ipv6 ospf 35 area 45", -# "ipv6 ospf adjacency stagger disable", -# "ipv6 ospf database-filter all out", -# "ipv6 ospf manet peering link-metrics 10", -# "ipv6 ospf priority 55", -# "ipv6 ospf transmit-delay 45" -# ] +# after: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv4 +# bfd: true +# cost: +# interface_cost: 5 +# dead_interval: +# time: 5 +# demand_circuit: +# enable: true +# ignore: true +# network: +# broadcast: true +# priority: 25 +# process: +# area_id: '30' +# id: 10 +# resync_timeout: 10 +# shutdown: true +# ttl_security: +# hops: 50 +# set: true +# - adjacency: true +# afi: ipv6 +# database_filter: true +# manet: +# link_metrics: +# cost_threshold: 10 +# priority: 55 +# process: +# area_id: '45' +# id: 35 +# transmit_delay: 45 +# name: GigabitEthernet0/1 +# - name: GigabitEthernet0/2 # After state: # ------------- @@ -599,7 +707,7 @@ EXAMPLES = """ # ipv6 ospf manet peering link-metrics 10 # interface GigabitEthernet0/2 -- name: Override provided OSPF Interfaces configuration +- name: Override running config with provided OSPF Interfaces configuration cisco.ios.ios_ospf_interfaces: config: - name: GigabitEthernet0/1 @@ -625,35 +733,97 @@ EXAMPLES = """ hops: 50 state: overridden -# Commands Fired: -# --------------- +# Task Output: +# ------------ +# +# before: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv4 +# bfd: true +# cost: +# interface_cost: 5 +# dead_interval: +# time: 5 +# demand_circuit: +# enable: true +# ignore: true +# network: +# broadcast: true +# priority: 25 +# process: +# area_id: '30' +# id: 10 +# resync_timeout: 10 +# shutdown: true +# ttl_security: +# hops: 50 +# set: true +# - adjacency: true +# afi: ipv6 +# database_filter: true +# manet: +# link_metrics: +# cost_threshold: 10 +# priority: 55 +# process: +# area_id: '45' +# id: 35 +# transmit_delay: 45 +# name: GigabitEthernet0/1 +# - name: GigabitEthernet0/2 +# +# commands: +# - interface GigabitEthernet0/2 +# - ip ospf 10 area 20 +# - ip ospf adjacency stagger disable +# - ip ospf cost 30 +# - ip ospf priority 40 +# - ip ospf ttl-security hops 50 +# - interface GigabitEthernet0/1 +# - ipv6 ospf 55 area 105 +# - no ipv6 ospf database-filter all out +# - no ipv6 ospf manet peering link-metrics 10 +# - ipv6 ospf priority 20 +# - ipv6 ospf transmit-delay 30 +# - no ip ospf 10 area 30 +# - no ip ospf adjacency stagger disable +# - no ip ospf bfd +# - no ip ospf cost 5 +# - no ip ospf dead-interval 5 +# - no ip ospf demand-circuit ignore +# - no ip ospf network broadcast +# - no ip ospf priority 25 +# - no ip ospf resync-timeout 10 +# - no ip ospf shutdown +# - no ip ospf ttl-security hops 50 +# +# parsed: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv6 +# priority: 20 +# process: +# area_id: '105' +# id: 55 +# transmit_delay: 30 +# name: GigabitEthernet0/1 +# - address_family: +# - adjacency: true +# afi: ipv4 +# cost: +# interface_cost: 30 +# priority: 40 +# process: +# area_id: '20' +# id: 10 +# ttl_security: +# hops: 50 +# set: true +# name: GigabitEthernet0/2 # -# "commands": [ -# "interface GigabitEthernet0/2", -# "ip ospf 10 area 20", -# "ip ospf adjacency stagger disable", -# "ip ospf cost 30", -# "ip ospf priority 40", -# "ip ospf ttl-security hops 50", -# "interface GigabitEthernet0/1", -# "ipv6 ospf 55 area 105", -# "no ipv6 ospf database-filter all out", -# "no ipv6 ospf manet peering link-metrics 10", -# "ipv6 ospf priority 20", -# "ipv6 ospf transmit-delay 30", -# "no ip ospf 10 area 30", -# "no ip ospf adjacency stagger disable", -# "no ip ospf bfd", -# "no ip ospf cost 5", -# "no ip ospf dead-interval 5", -# "no ip ospf demand-circuit ignore", -# "no ip ospf network broadcast", -# "no ip ospf priority 25", -# "no ip ospf resync-timeout 10", -# "no ip ospf shutdown", -# "no ip ospf ttl-security hops 50" -# ] - # After state: # ------------- # @@ -712,18 +882,102 @@ EXAMPLES = """ transmit_delay: 30 state: replaced -# Commands Fired: -# --------------- -# "commands": [ -# "interface GigabitEthernet0/2", -# "ipv6 ospf 55 area 105", -# "ipv6 ospf adjacency stagger disable", -# "ipv6 ospf priority 20", -# "ipv6 ospf transmit-delay 30" -# ] +# Task Output: +# ------------ +# +# before: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv4 +# bfd: true +# cost: +# interface_cost: 5 +# dead_interval: +# time: 5 +# demand_circuit: +# enable: true +# ignore: true +# network: +# broadcast: true +# priority: 25 +# process: +# area_id: '30' +# id: 10 +# resync_timeout: 10 +# shutdown: true +# ttl_security: +# hops: 50 +# set: true +# - adjacency: true +# afi: ipv6 +# database_filter: true +# manet: +# link_metrics: +# cost_threshold: 10 +# priority: 55 +# process: +# area_id: '45' +# id: 35 +# transmit_delay: 45 +# name: GigabitEthernet0/1 +# - name: GigabitEthernet0/2 +# +# commands: +# - interface GigabitEthernet0/2 +# - ipv6 ospf 55 area 105 +# - ipv6 ospf adjacency stagger disable +# - ipv6 ospf priority 20 +# - ipv6 ospf transmit-delay 30 +# +# after: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv4 +# bfd: true +# cost: +# interface_cost: 5 +# dead_interval: +# time: 5 +# demand_circuit: +# enable: true +# ignore: true +# network: +# broadcast: true +# priority: 25 +# process: +# area_id: '30' +# id: 10 +# resync_timeout: 10 +# shutdown: true +# ttl_security: +# hops: 50 +# set: true +# - adjacency: true +# afi: ipv6 +# database_filter: true +# manet: +# link_metrics: +# cost_threshold: 10 +# priority: 55 +# process: +# area_id: '45' +# id: 35 +# transmit_delay: 45 +# name: GigabitEthernet0/1 +# - address_family: +# - adjacency: true +# afi: ipv6 +# priority: 20 +# process: +# area_id: '105' +# id: 55 +# transmit_delay: 30 +# name: GigabitEthernet0/2 # After state: -# ------------- +# ------------ # router-ios#sh running-config | section ^interface # interface GigabitEthernet0/0 # interface GigabitEthernet0/1 @@ -782,65 +1036,46 @@ EXAMPLES = """ config: state: gathered -# Module Execution Result: -# ------------------------ +# Task Output: +# ------------ # -# "gathered": [ -# { -# "name": "GigabitEthernet0/2" -# }, -# { -# "address_family": [ -# { -# "adjacency": true, -# "afi": "ipv4", -# "bfd": true, -# "cost": { -# "interface_cost": 5 -# }, -# "dead_interval": { -# "time": 5 -# }, -# "demand_circuit": { -# "ignore": true -# }, -# "network": { -# "broadcast": true -# }, -# "priority": 25, -# "process": { -# "area_id": "30", -# "id": 10 -# }, -# "resync_timeout": 10, -# "shutdown": true, -# "ttl_security": { -# "hops": 50 -# } -# }, -# { -# "adjacency": true, -# "afi": "ipv6", -# "database_filter": true, -# "manet": { -# "link_metrics": { -# "cost_threshold": 10 -# } -# }, -# "priority": 55, -# "process": { -# "area_id": "45", -# "id": 35 -# }, -# "transmit_delay": 45 -# } -# ], -# "name": "GigabitEthernet0/1" -# }, -# { -# "name": "GigabitEthernet0/0" -# } -# ] +# gathered: +# - name: GigabitEthernet0/0 +# - address_family: +# - adjacency: true +# afi: ipv4 +# bfd: true +# cost: +# interface_cost: 5 +# dead_interval: +# time: 5 +# demand_circuit: +# enable: true +# ignore: true +# network: +# broadcast: true +# priority: 25 +# process: +# area_id: '30' +# id: 10 +# resync_timeout: 10 +# shutdown: true +# ttl_security: +# hops: 50 +# set: true +# - adjacency: true +# afi: ipv6 +# database_filter: true +# manet: +# link_metrics: +# cost_threshold: 10 +# priority: 55 +# process: +# area_id: '45' +# id: 35 +# transmit_delay: 45 +# name: GigabitEthernet0/1 +# - name: GigabitEthernet0/2 # After state: # ------------ @@ -906,29 +1141,29 @@ EXAMPLES = """ transmit_delay: 45 state: rendered -# Module Execution Result: -# ------------------------ +# Task Output: +# ------------ +# +# rendered: +# - interface GigabitEthernet0/1 +# - ip ospf 10 area 30 +# - ip ospf adjacency stagger disable +# - ip ospf bfd +# - ip ospf cost 5 +# - ip ospf dead-interval 5 +# - ip ospf demand-circuit ignore +# - ip ospf network broadcast +# - ip ospf priority 25 +# - ip ospf resync-timeout 10 +# - ip ospf shutdown +# - ip ospf ttl-security hops 50 +# - ipv6 ospf 35 area 45 +# - ipv6 ospf adjacency stagger disable +# - ipv6 ospf database-filter all out +# - ipv6 ospf manet peering link-metrics 10 +# - ipv6 ospf priority 55 +# - ipv6 ospf transmit-delay 45 # -# "rendered": [ -# "interface GigabitEthernet0/1", -# "ip ospf 10 area 30", -# "ip ospf adjacency stagger disable", -# "ip ospf bfd", -# "ip ospf cost 5", -# "ip ospf dead-interval 5", -# "ip ospf demand-circuit ignore", -# "ip ospf network broadcast", -# "ip ospf priority 25", -# "ip ospf resync-timeout 10", -# "ip ospf shutdown", -# "ip ospf ttl-security hops 50", -# "ipv6 ospf 35 area 45", -# "ipv6 ospf adjacency stagger disable", -# "ipv6 ospf database-filter all out", -# "ipv6 ospf manet peering link-metrics 10", -# "ipv6 ospf priority 55", -# "ipv6 ospf transmit-delay 45" -# ] # Using Parsed @@ -961,80 +1196,60 @@ EXAMPLES = """ running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed -# Module Execution Result: -# ------------------------ +# Task Output: +# ------------ # -# "parsed": [ -# }, -# { -# "name": "GigabitEthernet0/2" -# }, -# { -# "address_family": [ -# { -# "adjacency": true, -# "afi": "ipv4", -# "bfd": true, -# "cost": { -# "interface_cost": 5 -# }, -# "dead_interval": { -# "time": 5 -# }, -# "demand_circuit": { -# "ignore": true -# }, -# "network": { -# "broadcast": true -# }, -# "priority": 25, -# "process": { -# "area_id": "30", -# "id": 10 -# }, -# "resync_timeout": 10, -# "shutdown": true, -# "ttl_security": { -# "hops": 50 -# } -# }, -# { -# "adjacency": true, -# "afi": "ipv6", -# "database_filter": true, -# "manet": { -# "link_metrics": { -# "cost_threshold": 10 -# } -# }, -# "priority": 55, -# "process": { -# "area_id": "45", -# "id": 35 -# }, -# "transmit_delay": 45 -# } -# ], -# "name": "GigabitEthernet0/1" -# }, -# { -# "name": "GigabitEthernet0/0" -# } -# ] +# parsed: +# - name: GigabitEthernet0/2 +# - address_family: +# - adjacency: true +# afi: ipv4 +# bfd: true +# cost: +# interface_cost: 5 +# dead_interval: +# time: 5 +# demand_circuit: +# enable: true +# ignore: true +# network: +# broadcast: true +# priority: 25 +# process: +# area_id: '30' +# id: 10 +# resync_timeout: 10 +# shutdown: true +# ttl_security: +# hops: 50 +# set: true +# - adjacency: true +# afi: ipv6 +# database_filter: true +# manet: +# link_metrics: +# cost_threshold: 10 +# priority: 55 +# process: +# area_id: '45' +# id: 35 +# transmit_delay: 45 +# name: GigabitEthernet0/1 +# - name: GigabitEthernet0/0 """ RETURN = """ before: description: The configuration prior to the module execution. returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) - type: dict + type: list sample: > This output will always be in the same format as the module argspec. after: description: The resulting configuration after module execution. returned: when changed - type: dict + type: list sample: > This output will always be in the same format as the module argspec. diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_ospfv2.py b/ansible_collections/cisco/ios/plugins/modules/ios_ospfv2.py index a00b8d05d..6268ce46a 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_ospfv2.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_ospfv2.py @@ -40,7 +40,9 @@ description: This module configures and manages the Open Shortest Path First (OSPF) version 2 on IOS platforms. version_added: 1.0.0 -author: Sumit Jaiswal (@justjais) +author: + - Sumit Jaiswal (@justjais) + - Vinay M (@roverflow) notes: - Tested against Cisco IOSXE Version 17.3 on CML. - This module works with connection C(network_cli). @@ -746,11 +748,11 @@ options: type: bool passive_interface: description: - - passive_interface param is deprecated and a newer param passive_interfaces - with added functionality's is introduced, please meke use of the new available - passive_interfaces instead. - Suppress routing updates on an interface (GigabitEthernet A/B) - Interface name with respective interface number + - passive_interface param is DEPRECATED and a newer param passive_interfaces + with added functionality's is introduced, this attribute will be removed after + 2026-07-18. type: str passive_interfaces: description: Suppress routing updates on an interface @@ -964,96 +966,6 @@ options: """ EXAMPLES = """ -# Using deleted - -# Before state: -# ------------- -# -# router-ios#sh running-config | section ^router ospf -# router ospf 200 vrf blue -# domain-id 192.0.3.1 -# max-metric router-lsa on-startup 100 -# auto-cost reference-bandwidth 4 -# area 10 capability default-exclusion -# distribute-list 10 out -# distribute-list 123 in -# router ospf 1 -# max-metric router-lsa on-startup 110 -# area 10 authentication message-digest -# area 10 nssa default-information-originate metric 10 -# area 10 nssa translate type7 suppress-fa -# area 10 default-cost 10 -# area 10 filter-list prefix test_prefix_out out -# network 198.51.100.0 0.0.0.255 area 5 -# default-information originate - -- name: Delete provided OSPF V2 processes - cisco.ios.ios_ospfv2: - config: - processes: - - process_id: 1 - - process_id: 200 - vrf: blue - state: deleted - -# Commands Fired: -# --------------- -# -# "commands": [ -# "no router ospf 1" -# ] - -# After state: -# ------------- -# router-ios#sh running-config | section ^router ospf -# router ospf 200 vrf blue -# domain-id 192.0.3.1 -# max-metric router-lsa on-startup 100 -# auto-cost reference-bandwidth 4 -# area 10 capability default-exclusion -# distribute-list 10 out -# distribute-list 123 in - -# Using deleted without any config passed (NOTE: This will delete all OSPFV2 configuration from device) - -# Before state: -# ------------- -# -# router-ios#sh running-config | section ^router ospf -# router ospf 200 vrf blue -# domain-id 192.0.3.1 -# max-metric router-lsa on-startup 100 -# auto-cost reference-bandwidth 4 -# area 10 capability default-exclusion -# distribute-list 10 out -# distribute-list 123 in -# router ospf 1 -# max-metric router-lsa on-startup 110 -# area 10 authentication message-digest -# area 10 nssa default-information-originate metric 10 -# area 10 nssa translate type7 suppress-fa -# area 10 default-cost 10 -# area 10 filter-list prefix test_prefix_out out -# network 198.51.100.0 0.0.0.255 area 5 -# default-information originate - -- name: Delete all OSPF processes - cisco.ios.ios_ospfv2: - state: deleted - -# Commands Fired: -# --------------- -# -# "commands": [ -# "no router ospf 200 vrf blue", -# "no router ospf 1" -# ] - -# After state: -# ------------- -# router-ios#sh running-config | section ^router ospf -# router-ios# - # Using merged # Before state: @@ -1098,7 +1010,7 @@ EXAMPLES = """ passive_interfaces: default: true interface: - set_interface: False + set_interface: false name: - GigabitEthernet0/1 - GigabitEthernet0/2 @@ -1124,35 +1036,93 @@ EXAMPLES = """ direction: in state: merged -# Commands Fired: -# --------------- -# -# "commands": [ -# "router ospf 200 vrf blue", -# "auto-cost reference-bandwidth 4", -# "distribute-list 10 out", -# "distribute-list 123 in", -# "domain-id 192.0.3.1", -# "max-metric router-lsa on-startup 100", -# "area 10 capability default-exclusion", -# "router ospf 1", -# "default-information originate", -# "max-metric router-lsa on-startup 110", -# "network 198.51.100.0 0.0.0.255 area 5", -# "area 10 authentication message-digest", -# "area 10 default-cost 10", -# "area 10 nssa translate type7 suppress-fa", -# "area 10 nssa default-information-originate metric 10", -# "area 10 filter-list prefix test_prefix_out out", -# "area 10 filter-list prefix test_prefix_in in", -# "area 5 authentication", -# "area 5 capability default-exclusion" -# "passive-interface default" -# "no passive-interface GigabitEthernet0/1" -# ] +# Task Output: +# ------------ + +# before: {} +# commands: +# - router ospf 200 vrf blue +# - auto-cost reference-bandwidth 4 +# - domain-id 192.0.3.1 +# - max-metric router-lsa on-startup 100 +# - area 10 capability default-exclusion +# - distribute-list 10 out +# - distribute-list 123 in +# - router ospf 1 +# - default-information originate +# - max-metric router-lsa on-startup 110 +# - area 5 capability default-exclusion +# - area 10 authentication message-digest +# - area 10 default-cost 10 +# - area 10 nssa default-information-originate metric 10 +# - area 10 nssa translate type7 suppress-fa +# - area 10 filter-list prefix test_prefix_in in +# - area 10 filter-list prefix test_prefix_out out +# - network 198.51.100.0 0.0.0.255 area 5 +# - passive-interface default +# - no passive-interface GigabitEthernet0/1 +# - no passive-interface GigabitEthernet0/2 + +# after: +# processes: +# - areas: +# - area_id: '10' +# capability: true +# auto_cost: +# reference_bandwidth: 4 +# set: true +# distribute_list: +# acls: +# - direction: out +# name: '10' +# - direction: in +# name: '123' +# domain_id: +# ip_address: +# address: 192.0.3.1 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# vrf: blue +# - areas: +# - area_id: '5' +# capability: true +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# filter_list: +# - direction: in +# name: test_prefix_in +# - direction: out +# name: test_prefix_out +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# default_information: +# originate: true +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# network: +# - address: 198.51.100.0 +# area: '5' +# wildcard_bits: 0.0.0.255 +# passive_interfaces: +# default: true +# interface: +# name: +# - GigabitEthernet2 +# - GigabitEthernet1 +# set_interface: false +# process_id: 1 # After state: -# ------------- +# ------------ # # router-ios#sh running-config | section ^router ospf # router ospf 200 vrf blue @@ -1164,18 +1134,20 @@ EXAMPLES = """ # distribute-list 123 in # router ospf 1 # max-metric router-lsa on-startup 110 +# area 5 capability default-exclusion # area 10 authentication message-digest # area 10 nssa default-information-originate metric 10 # area 10 nssa translate type7 suppress-fa # area 10 default-cost 10 +# area 10 filter-list prefix test_prefix_in in # area 10 filter-list prefix test_prefix_out out +# passive-interface default +# no passive-interface GigabitEthernet1 +# no passive-interface GigabitEthernet2 # network 198.51.100.0 0.0.0.255 area 5 # default-information originate -# passive-interface default -# no passive-interface GigabitEthernet0/1 -# no passive-interface GigabitEthernet0/2 -# Using overridden +# Using replaced # Before state: # ------------- @@ -1190,15 +1162,20 @@ EXAMPLES = """ # distribute-list 123 in # router ospf 1 # max-metric router-lsa on-startup 110 +# area 5 capability default-exclusion # area 10 authentication message-digest # area 10 nssa default-information-originate metric 10 # area 10 nssa translate type7 suppress-fa # area 10 default-cost 10 +# area 10 filter-list prefix test_prefix_in in # area 10 filter-list prefix test_prefix_out out +# passive-interface default +# no passive-interface GigabitEthernet1 +# no passive-interface GigabitEthernet2 # network 198.51.100.0 0.0.0.255 area 5 # default-information originate -- name: Override provided OSPF V2 configuration +- name: Replace running config with provided OSPF V2 configuration cisco.ios.ios_ospfv2: config: processes: @@ -1234,35 +1211,156 @@ EXAMPLES = """ default_information_originate: metric: 10 translate: suppress-fa - state: overridden + state: replaced -# Commands Fired: -# --------------- +# Task Output: +# ------------ # -# "commands": [ -# "no router ospf 1", -# "router ospf 100 vrf ospf_vrf", -# "auto-cost reference-bandwidth 5", -# "domain-id 192.0.5.1", -# "area 5 authentication message-digest", -# "area 5 nssa translate type7 suppress-fa", -# "area 5 nssa default-information-originate metric 10", -# "router ospf 200 vrf blue", -# "no auto-cost reference-bandwidth 4", -# "no distribute-list 10 out", -# "no distribute-list 123 in", -# "domain-id 192.0.4.1", -# "max-metric router-lsa on-startup 200", -# "maximum-paths 15", -# "ttl-security all-interfaces hops 7", -# "area 10 authentication message-digest", -# "no area 10 capability default-exclusion", -# "area 10 default-cost 10" +# before: +# processes: +# - areas: +# - area_id: '10' +# capability: true +# auto_cost: +# reference_bandwidth: 4 +# set: true +# distribute_list: +# acls: +# - direction: out +# name: '10' +# - direction: in +# name: '123' +# domain_id: +# ip_address: +# address: 192.0.3.1 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# vrf: blue +# - areas: +# - area_id: '5' +# capability: true +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# filter_list: +# - direction: in +# name: test_prefix_in +# - direction: out +# name: test_prefix_out +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# default_information: +# originate: true +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# network: +# - address: 198.51.100.0 +# area: '5' +# wildcard_bits: 0.0.0.255 +# passive_interfaces: +# default: true +# interface: +# name: +# - GigabitEthernet2 +# - GigabitEthernet1 +# set_interface: false +# process_id: 1 +# +# commands: +# - router ospf 100 vrf ospf_vrf +# - auto-cost reference-bandwidth 5 +# - domain-id 192.0.5.1 +# - area 5 authentication message-digest +# - area 5 nssa translate type7 suppress-fa +# - area 5 nssa default-information-originate metric 10 +# - router ospf 200 vrf blue +# - no auto-cost reference-bandwidth 4 +# - no distribute-list 10 out +# - no distribute-list 123 in +# - domain-id 192.0.4.1 +# - max-metric router-lsa on-startup 200 +# - maximum-paths 15 +# - ttl-security all-interfaces hops 7 +# - area 10 authentication message-digest +# - no area 10 capability default-exclusion +# - area 10 default-cost 10 # ] +# +# after: +# processes: +# - areas: +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# domain_id: +# ip_address: +# address: 192.0.4.1 +# max_metric: +# on_startup: +# time: 200 +# router_lsa: true +# maximum_paths: 15 +# process_id: 200 +# ttl_security: +# hops: 7 +# vrf: blue +# - areas: +# - area_id: '5' +# authentication: +# message_digest: true +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# auto_cost: +# reference_bandwidth: 5 +# set: true +# domain_id: +# ip_address: +# address: 192.0.5.1 +# process_id: 100 +# vrf: ospf_vrf +# - areas: +# - area_id: '5' +# authentication: +# enable: true +# capability: true +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# filter_list: +# - direction: in +# name: test_prefix_in +# - direction: out +# name: test_prefix_out +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# default_information: +# originate: true +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# network: +# - address: 198.51.100.0 +# area: '5' +# wildcard_bits: 0.0.0.255 +# process_id: 1 # After state: # ------------- -# # router-ios#sh running-config | section ^router ospf # router ospf 200 vrf blue # domain-id 192.0.4.1 @@ -1277,8 +1375,20 @@ EXAMPLES = """ # area 5 authentication message-digest # area 5 nssa default-information-originate metric 10 # area 5 nssa translate type7 suppress-fa +# router ospf 1 +# max-metric router-lsa on-startup 110 +# area 5 capability default-exclusion +# area 5 authentication +# area 10 authentication message-digest +# area 10 nssa default-information-originate metric 10 +# area 10 nssa translate type7 suppress-fa +# area 10 default-cost 10 +# area 10 filter-list prefix test_prefix_in in +# area 10 filter-list prefix test_prefix_out out +# network 198.51.100.0 0.0.0.255 area 5 +# default-information originate -# Using replaced +# Using overridden # Before state: # ------------- @@ -1301,7 +1411,7 @@ EXAMPLES = """ # network 198.51.100.0 0.0.0.255 area 5 # default-information originate -- name: Replaced provided OSPF V2 configuration +- name: Override provided OSPF V2 configuration cisco.ios.ios_ospfv2: config: processes: @@ -1337,32 +1447,117 @@ EXAMPLES = """ default_information_originate: metric: 10 translate: suppress-fa - state: replaced + state: overridden -# Commands Fired: -# --------------- -# "commands": [ -# "router ospf 100 vrf ospf_vrf", -# "auto-cost reference-bandwidth 5", -# "domain-id 192.0.5.1", -# "area 5 authentication message-digest", -# "area 5 nssa translate type7 suppress-fa", -# "area 5 nssa default-information-originate metric 10", -# "router ospf 200 vrf blue", -# "no auto-cost reference-bandwidth 4", -# "no distribute-list 10 out", -# "no distribute-list 123 in", -# "domain-id 192.0.4.1", -# "max-metric router-lsa on-startup 200", -# "maximum-paths 15", -# "ttl-security all-interfaces hops 7", -# "area 10 authentication message-digest", -# "no area 10 capability default-exclusion", -# "area 10 default-cost 10" -# ] +# Task Output: +# ------------ +# before: +# processes: +# - areas: +# - area_id: '10' +# capability: true +# auto_cost: +# reference_bandwidth: 4 +# set: true +# distribute_list: +# acls: +# - direction: out +# name: '10' +# - direction: in +# name: '123' +# domain_id: +# ip_address: +# address: 192.0.3.1 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# vrf: blue +# - areas: +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# filter_list: +# - direction: out +# name: test_prefix_out +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# default_information: +# originate: true +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# network: +# - address: 198.51.100.0 +# area: '5' +# wildcard_bits: 0.0.0.255 +# process_id: 1 +# +# commands: +# - no router ospf 1 +# - router ospf 100 vrf ospf_vrf +# - auto-cost reference-bandwidth 5 +# - domain-id 192.0.5.1 +# - area 5 authentication message-digest +# - area 5 nssa translate type7 suppress-fa +# - area 5 nssa default-information-originate metric 10 +# - router ospf 200 vrf blue +# - no auto-cost reference-bandwidth 4 +# - no distribute-list 10 out +# - no distribute-list 123 in +# - domain-id 192.0.4.1 +# - max-metric router-lsa on-startup 200 +# - maximum-paths 15 +# - ttl-security all-interfaces hops 7 +# - area 10 authentication message-digest +# - no area 10 capability default-exclusion +# - area 10 default-cost 10 +# +# after: +# processes: +# - areas: +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# domain_id: +# ip_address: +# address: 192.0.4.1 +# max_metric: +# on_startup: +# time: 200 +# router_lsa: true +# maximum_paths: 15 +# process_id: 200 +# ttl_security: +# hops: 7 +# vrf: blue +# - areas: +# - area_id: '5' +# authentication: +# message_digest: true +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# auto_cost: +# reference_bandwidth: 5 +# set: true +# domain_id: +# ip_address: +# address: 192.0.5.1 +# process_id: 100 +# vrf: ospf_vrf +# # After state: -# ------------- +# ------------ +# # router-ios#sh running-config | section ^router ospf # router ospf 200 vrf blue # domain-id 192.0.4.1 @@ -1377,19 +1572,214 @@ EXAMPLES = """ # area 5 authentication message-digest # area 5 nssa default-information-originate metric 10 # area 5 nssa translate type7 suppress-fa + +# Using deleted + +# Before state: +# ------------- +# +# router-ios#sh running-config | section ^router ospf +# router ospf 200 vrf blue +# domain-id 192.0.3.1 +# max-metric router-lsa on-startup 100 +# auto-cost reference-bandwidth 4 +# area 10 capability default-exclusion +# distribute-list 10 out +# distribute-list 123 in # router ospf 1 # max-metric router-lsa on-startup 110 -# area 5 capability default-exclusion -# area 5 authentication # area 10 authentication message-digest # area 10 nssa default-information-originate metric 10 # area 10 nssa translate type7 suppress-fa # area 10 default-cost 10 -# area 10 filter-list prefix test_prefix_in in # area 10 filter-list prefix test_prefix_out out # network 198.51.100.0 0.0.0.255 area 5 # default-information originate +- name: Delete provided OSPF V2 processes + cisco.ios.ios_ospfv2: + config: + processes: + - process_id: 1 + - process_id: 200 + vrf: blue + state: deleted + +# Task Output: +# ------------ + +# before: +# processes: +# - areas: +# - area_id: '10' +# capability: true +# auto_cost: +# reference_bandwidth: 4 +# set: true +# distribute_list: +# acls: +# - direction: out +# name: '10' +# - direction: in +# name: '123' +# domain_id: +# ip_address: +# address: 192.0.3.1 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# vrf: blue +# - areas: +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# filter_list: +# - direction: out +# name: test_prefix_out +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# default_information: +# originate: true +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# network: +# - address: 198.51.100.0 +# area: '5' +# wildcard_bits: 0.0.0.255 +# process_id: 1 +# +# commands: +# - no router ospf 1 +# +# processes: +# - areas: +# - area_id: '10' +# capability: true +# auto_cost: +# reference_bandwidth: 4 +# set: true +# distribute_list: +# acls: +# - direction: out +# name: '10' +# - direction: in +# name: '123' +# domain_id: +# ip_address: +# address: 192.0.3.1 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# vrf: blue +# +# After state: +# ------------ +# router-ios#sh running-config | section ^router ospf +# router ospf 200 vrf blue +# domain-id 192.0.3.1 +# max-metric router-lsa on-startup 100 +# auto-cost reference-bandwidth 4 +# area 10 capability default-exclusion +# distribute-list 10 out +# distribute-list 123 in + +# Using deleted without any config passed (NOTE: This will delete all OSPFV2 configuration from device) + +# Before state: +# ------------- +# +# router-ios#sh running-config | section ^router ospf +# router ospf 200 vrf blue +# domain-id 192.0.3.1 +# max-metric router-lsa on-startup 100 +# auto-cost reference-bandwidth 4 +# area 10 capability default-exclusion +# distribute-list 10 out +# distribute-list 123 in +# router ospf 1 +# max-metric router-lsa on-startup 110 +# area 10 authentication message-digest +# area 10 nssa default-information-originate metric 10 +# area 10 nssa translate type7 suppress-fa +# area 10 default-cost 10 +# area 10 filter-list prefix test_prefix_out out +# network 198.51.100.0 0.0.0.255 area 5 +# default-information originate + +- name: Delete all OSPF processes + cisco.ios.ios_ospfv2: + state: deleted + +# Task Output: +# ------------ + +# before: +# processes: +# - areas: +# - area_id: '10' +# capability: true +# auto_cost: +# reference_bandwidth: 4 +# set: true +# distribute_list: +# acls: +# - direction: out +# name: '10' +# - direction: in +# name: '123' +# domain_id: +# ip_address: +# address: 192.0.3.1 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# vrf: blue +# - areas: +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# filter_list: +# - direction: out +# name: test_prefix_out +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# default_information: +# originate: true +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# network: +# - address: 198.51.100.0 +# area: '5' +# wildcard_bits: 0.0.0.255 +# process_id: 1 +# +# commands: +# - no router ospf 200 vrf blue +# - no router ospf 1 +# +# after: {} +# +# After state: +# ------------ +# router-ios#sh running-config | section ^router ospf +# router-ios# + # Using Gathered # Before state: @@ -1413,103 +1803,61 @@ EXAMPLES = """ # network 198.51.100.0 0.0.0.255 area 5 # default-information originate -- name: Gather OSPFV2 provided configurations +- name: Gather OSPFV2 running configurations cisco.ios.ios_ospfv2: config: state: gathered -# Module Execution Result: -# ------------------------ +# Task Output: +# ------------ # -# "gathered": { -# "processes": [ -# { -# "areas": [ -# { -# "area_id": "5", -# "authentication": { -# "enable": true -# }, -# "capability": true -# }, -# { -# "area_id": "10", -# "authentication": { -# "message_digest": true -# }, -# "default_cost": 10, -# "filter_list": [ -# { -# "direction": "in", -# "name": "test_prefix_in" -# }, -# { -# "direction": "out", -# "name": "test_prefix_out" -# } -# ], -# "nssa": { -# "default_information_originate": { -# "metric": 10 -# }, -# "translate": "suppress-fa" -# } -# } -# ], -# "default_information": { -# "originate": true -# }, -# "max_metric": { -# "on_startup": { -# "time": 110 -# }, -# "router_lsa": true -# }, -# "network": { -# "address": "198.51.100.0", -# "area": "5", -# "wildcard_bits": "0.0.0.255" -# }, -# "process_id": 1 -# }, -# { -# "areas": [ -# { -# "area_id": "10", -# "capability": true -# } -# ], -# "auto_cost": { -# "reference_bandwidth": 4 -# }, -# "distribute_list": { -# "acls": [ -# { -# "direction": "out", -# "name": "10" -# }, -# { -# "direction": "in", -# "name": "123" -# } -# ] -# }, -# "domain_id": { -# "ip_address": { -# "address": "192.0.3.1" -# } -# }, -# "max_metric": { -# "on_startup": { -# "time": 100 -# }, -# "router_lsa": true -# }, -# "process_id": 200, -# "vrf": "blue" -# } -# ] -# } +# gathered: +# processes: +# - areas: +# - area_id: '10' +# capability: true +# auto_cost: +# reference_bandwidth: 4 +# set: true +# distribute_list: +# acls: +# - direction: out +# name: '10' +# - direction: in +# name: '123' +# domain_id: +# ip_address: +# address: 192.0.3.1 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# vrf: blue +# - areas: +# - area_id: '10' +# authentication: +# message_digest: true +# default_cost: 10 +# filter_list: +# - direction: out +# name: test_prefix_out +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# default_information: +# originate: true +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# network: +# - address: 198.51.100.0 +# area: '5' +# wildcard_bits: 0.0.0.255 +# process_id: 1 + # After state: # ------------ @@ -1589,30 +1937,30 @@ EXAMPLES = """ direction: in state: rendered -# Module Execution Result: -# ------------------------ +# Task Output: +# ------------ + +# rendered: +# - router ospf 200 vrf blue +# - auto-cost reference-bandwidth 4 +# - distribute-list 10 out +# - distribute-list 123 in +# - domain-id 192.0.3.1 +# - max-metric router-lsa on-startup 100 +# - area 10 capability default-exclusion +# - router ospf 1 +# - default-information originate +# - max-metric router-lsa on-startup 110 +# - network 198.51.100.0 0.0.0.255 area 5 +# - area 10 authentication message-digest +# - area 10 default-cost 10 +# - area 10 nssa translate type7 suppress-fa +# - area 10 nssa default-information-originate metric 10 +# - area 10 filter-list prefix test_prefix_out out +# - area 10 filter-list prefix test_prefix_in in +# - area 5 authentication +# - area 5 capability default-exclusion # -# "rendered": [ -# "router ospf 200 vrf blue", -# "auto-cost reference-bandwidth 4", -# "distribute-list 10 out", -# "distribute-list 123 in", -# "domain-id 192.0.3.1", -# "max-metric router-lsa on-startup 100", -# "area 10 capability default-exclusion", -# "router ospf 1", -# "default-information originate", -# "max-metric router-lsa on-startup 110", -# "network 198.51.100.0 0.0.0.255 area 5", -# "area 10 authentication message-digest", -# "area 10 default-cost 10", -# "area 10 nssa translate type7 suppress-fa", -# "area 10 nssa default-information-originate metric 10", -# "area 10 filter-list prefix test_prefix_out out", -# "area 10 filter-list prefix test_prefix_in in", -# "area 5 authentication", -# "area 5 capability default-exclusion" -# ] # Using Parsed @@ -1631,38 +1979,26 @@ EXAMPLES = """ running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed -# Module Execution Result: -# ------------------------ -# -# "parsed": { -# "processes": [ -# { -# "areas": [ -# { -# "area_id": "5", -# "authentication": { -# "message_digest": true -# }, -# "nssa": { -# "default_information_originate": { -# "metric": 10 -# }, -# "translate": "suppress-fa" -# } -# } -# ], -# "auto_cost": { -# "reference_bandwidth": 5 -# }, -# "domain_id": { -# "ip_address": { -# "address": "192.0.5.1" -# } -# }, -# "process_id": 100 -# } -# ] -# } +# Task Output: +# ------------ + +# parsed: +# processes: +# - areas: +# - area_id: '5' +# authentication: +# message_digest: true +# nssa: +# default_information_originate: +# metric: 10 +# translate: suppress-fa +# auto_cost: +# reference_bandwidth: 5 +# set: true +# domain_id: +# ip_address: +# address: 192.0.5.1 +# process_id: 100 """ RETURN = """ @@ -1685,6 +2021,28 @@ commands: returned: always type: list sample: ['router ospf 200 vrf blue', 'auto-cost reference-bandwidth 5', 'domain-id 192.0.4.1'] +rendered: + description: The provided configuration in the task rendered in device-native format (offline). + returned: when I(state) is C(rendered) + type: list + sample: + - router ospf 200 vrf blue + - auto-cost reference-bandwidth 4 + - distribute-list 10 out +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when I(state) is C(gathered) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +parsed: + description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. + returned: when I(state) is C(parsed) + type: dict + sample: > + This output will always be in the same format as the + module argspec. """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_ospfv3.py b/ansible_collections/cisco/ios/plugins/modules/ios_ospfv3.py index 376b23645..321e1cfc9 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_ospfv3.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_ospfv3.py @@ -1310,91 +1310,6 @@ options: """ EXAMPLES = """ -# Using deleted - -# Before state: -# ------------- -# -# router-ios#sh running-config | section ^router ospfv3 -# router ospfv3 1 -# max-metric router-lsa on-startup 110 -# area 10 nssa default-information-originate metric 10 -# ! -# address-family ipv4 unicast vrf blue -# adjacency stagger 50 50 -# area 25 nssa default-information-originate metric 25 nssa-only -# exit-address-family -# router ospfv3 200 -# max-metric router-lsa on-startup 100 -# auto-cost reference-bandwidth 4 -# ! -# address-family ipv4 unicast -# adjacency stagger 200 200 -# exit-address-family - -- name: Delete provided OSPF V3 processes - cisco.ios.ios_ospfv3: - config: - processes: - - process_id: 1 - state: deleted - -# Commands Fired: -# --------------- -# -# "commands": [ -# "no router ospfv3 1" -# ] - -# After state: -# ------------- -# router-ios#sh running-config | section ^router ospfv3 -# router ospfv3 200 -# max-metric router-lsa on-startup 100 -# auto-cost reference-bandwidth 4 -# ! -# address-family ipv4 unicast -# adjacency stagger 200 200 -# exit-address-family - -# Using deleted without any config passed (NOTE: This will delete all OSPFV3 configuration from device) - -# Before state: -# ------------- -# -# router-ios#sh running-config | section ^router ospfv3 -# router ospfv3 1 -# max-metric router-lsa on-startup 110 -# area 10 nssa default-information-originate metric 10 -# ! -# address-family ipv4 unicast vrf blue -# adjacency stagger 50 50 -# area 25 nssa default-information-originate metric 25 nssa-only -# exit-address-family -# router ospfv3 200 -# max-metric router-lsa on-startup 100 -# auto-cost reference-bandwidth 4 -# ! -# address-family ipv4 unicast -# adjacency stagger 200 200 -# exit-address-family - -- name: Delete all OSPF processes - cisco.ios.ios_ospfv3: - state: deleted - -# Commands Fired: -# --------------- -# -# "commands": [ -# "no router ospfv3 200", -# "no router ospfv3 1" -# ] - -# After state: -# ------------- -# router-ios#sh running-config | section ^router ospfv3 -# router-ios# # Using merged @@ -1452,26 +1367,189 @@ EXAMPLES = """ reference_bandwidth: 4 state: merged -# Commands Fired: -# --------------- +# Task Output: +# ------------ + +# before: {} +# +# commands: +# - router ospfv3 1 +# - max-metric router-lsa on-startup 110 +# - area 10 nssa default-information-originate metric 10 +# - address-family ipv4 unicast vrf blue +# - adjacency stagger 50 50 +# - area 25 nssa default-information-originate metric 25 nssa-only +# - exit-address-family +# - router ospfv3 200 +# - auto-cost reference-bandwidth 4 +# - max-metric router-lsa on-startup 100 +# - address-family ipv4 unicast +# - adjacency stagger 200 200 +# - exit-address-family +# +# after: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 + +# After state: +# ------------- +# +# router-ios#sh running-config | section ^router ospfv3 +# router ospfv3 1 +# max-metric router-lsa on-startup 110 +# area 10 nssa default-information-originate metric 10 +# ! +# address-family ipv4 unicast vrf blue +# adjacency stagger 50 50 +# area 25 nssa default-information-originate metric 25 nssa-only +# exit-address-family +# router ospfv3 200 +# max-metric router-lsa on-startup 100 +# auto-cost reference-bandwidth 4 +# ! +# address-family ipv4 unicast +# adjacency stagger 200 200 +# exit-address-family + +# Using deleted + +# Before state: +# ------------- # -# "commands": [ -# "router ospfv3 1", -# "max-metric router-lsa on-startup 110", -# "area 10 nssa default-information-originate metric 10", -# "address-family ipv4 unicast vrf blue", -# "adjacency stagger 50 50", -# "area 25 nssa default-information-originate metric 25 nssa-only", -# "exit-address-family", -# "router ospfv3 200", -# "auto-cost reference-bandwidth 4", -# "max-metric router-lsa on-startup 100", -# "address-family ipv4 unicast", -# "adjacency stagger 200 200", -# "exit-address-family" -# ] +# router-ios#sh running-config | section ^router ospfv3 +# router ospfv3 1 +# max-metric router-lsa on-startup 110 +# area 10 nssa default-information-originate metric 10 +# ! +# address-family ipv4 unicast vrf blue +# adjacency stagger 50 50 +# area 25 nssa default-information-originate metric 25 nssa-only +# exit-address-family +# router ospfv3 200 +# max-metric router-lsa on-startup 100 +# auto-cost reference-bandwidth 4 +# ! +# address-family ipv4 unicast +# adjacency stagger 200 200 +# exit-address-family + +- name: Delete provided OSPF V3 processes + cisco.ios.ios_ospfv3: + config: + processes: + - process_id: 1 + state: deleted + +# Task Output: +# ------------ +# before: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# +# commands: +# - no router ospfv3 1 +# +# parsed: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# # After state: +# ------------ +# router-ios#sh running-config | section ^router ospfv3 +# router ospfv3 200 +# max-metric router-lsa on-startup 100 +# auto-cost reference-bandwidth 4 +# ! +# address-family ipv4 unicast +# adjacency stagger 200 200 +# exit-address-family + +# Using deleted without any config passed (NOTE: This will delete all OSPFV3 configuration from device) + +# Before state: # ------------- # # router-ios#sh running-config | section ^router ospfv3 @@ -1491,6 +1569,64 @@ EXAMPLES = """ # adjacency stagger 200 200 # exit-address-family +- name: Delete all OSPF processes + cisco.ios.ios_ospfv3: + state: deleted + +# Task Output: +# ------------ + +# before: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# +# commands: +# - no router ospfv3 200 +# - no router ospfv3 1 +# +# after: {} +# +# After state: +# ------------ +# router-ios#sh running-config | section ^router ospfv3 +# router-ios# + + # Using overridden # Before state: @@ -1540,23 +1676,86 @@ EXAMPLES = """ metric: 10 state: overridden -# Commands Fired: -# --------------- +# Task Output: +# ------------ + +# before: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 # -# "commands": [ -# "no router ospfv3 1", -# "router ospfv3 200", -# "no auto-cost reference-bandwidth 4", -# "max-metric router-lsa on-startup 200", -# "area 10 nssa default-information-originate metric 10", -# "address-family ipv4 unicast", -# "adjacency stagger 50 50", -# "area 200 nssa default-information-originate metric 200 nssa-only", -# "exit-address-family" -# ] +# commands: +# - no router ospfv3 1 +# - router ospfv3 200 +# - no auto-cost reference-bandwidth 4 +# - max-metric router-lsa on-startup 200 +# - area 10 nssa default-information-originate metric 10 +# - address-family ipv4 unicast +# - adjacency stagger 50 50 +# - area 200 nssa default-information-originate metric 200 nssa-only +# - exit-address-family +# +# after: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '200' +# nssa: +# default_information_originate: +# metric: 200 +# nssa_only: true +# unicast: true +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 200 +# router_lsa: true +# process_id: 200 # After state: -# ------------- +# ------------ # # router-ios#sh running-config | section ^router ospfv3 # router ospfv3 200 @@ -1590,7 +1789,7 @@ EXAMPLES = """ # adjacency stagger 200 200 # exit-address-family -- name: Replaced provided OSPFV3 configuration +- name: Perform replace with provided configurations. cisco.ios.ios_ospfv3: config: processes: @@ -1618,19 +1817,103 @@ EXAMPLES = """ metric: 10 state: replaced -# Commands Fired: -# --------------- -# "commands": [ -# "router ospfv3 200", -# "no auto-cost reference-bandwidth 4", -# "max-metric router-lsa on-startup 200", -# "area 10 nssa default-information-originate metric 10", -# "address-family ipv4 unicast", -# "adjacency stagger 50 50", -# "area 200 nssa default-information-originate metric 200 nssa-only", -# "exit-address-family" -# ] +# Task Output: +# ------------ +# before: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 +# +# commands: +# - router ospfv3 200 +# - no auto-cost reference-bandwidth 4 +# - max-metric router-lsa on-startup 200 +# - area 10 nssa default-information-originate metric 10 +# - address-family ipv4 unicast +# - adjacency stagger 50 50 +# - area 200 nssa default-information-originate metric 200 nssa-only +# - exit-address-family +# +# after: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - afi: ipv4 +# areas: +# - area_id: '200' +# nssa: +# default_information_originate: +# metric: 200 +# nssa_only: true +# unicast: true +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 200 +# router_lsa: true +# process_id: 200 +# # After state: # ------------- # router-ios#sh running-config | section ^router ospfv3 @@ -1678,76 +1961,47 @@ EXAMPLES = """ config: state: gathered -# Module Execution Result: -# ------------------------ +# Task Output: +# ------------ # -# "gathered": { -# "processes": [ -# { -# "address_family": [ -# { -# "adjacency": { -# "max_adjacency": 50, -# "min_adjacency": 50 -# }, -# "afi": "ipv4", -# "areas": [ -# { -# "area_id": "25", -# "nssa": { -# "default_information_originate": { -# "metric": 25, -# "nssa_only": true -# } -# } -# } -# ], -# "unicast": true, -# "vrf": "blue" -# } -# ], -# "areas": [ -# { -# "area_id": "10", -# "nssa": { -# "default_information_originate": { -# "metric": 10 -# } -# } -# } -# ], -# "max_metric": { -# "on_startup": { -# "time": 110 -# }, -# "router_lsa": true -# }, -# "process_id": 1 -# }, -# { -# "address_family": [ -# { -# "adjacency": { -# "max_adjacency": 200, -# "min_adjacency": 200 -# }, -# "afi": "ipv4", -# "unicast": true -# } -# ], -# "auto_cost": { -# "reference_bandwidth": 4 -# }, -# "max_metric": { -# "on_startup": { -# "time": 100 -# }, -# "router_lsa": true -# }, -# "process_id": 200 -# } -# ] -# } +# parsed: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 # After state: # ------------ @@ -1819,24 +2073,24 @@ EXAMPLES = """ reference_bandwidth: 4 state: rendered -# Module Execution Result: -# ------------------------ -# -# "rendered": [ -# "router ospfv3 1", -# "max-metric router-lsa on-startup 110", -# "area 10 nssa default-information-originate metric 10", -# "address-family ipv4 unicast vrf blue", -# "adjacency stagger 50 50", -# "area 25 nssa default-information-originate metric 25 nssa-only", -# "exit-address-family", -# "router ospfv3 200", -# "auto-cost reference-bandwidth 4", -# "max-metric router-lsa on-startup 100", -# "address-family ipv4 unicast", -# "adjacency stagger 200 200", -# "exit-address-family" -# ] +# Task Output: +# ------------ + +# rendered: +# - router ospfv3 1 +# - max-metric router-lsa on-startup 110 +# - area 10 nssa default-information-originate metric 10 +# - address-family ipv4 unicast vrf blue +# - adjacency stagger 50 50 +# - area 25 nssa default-information-originate metric 25 nssa-only +# - exit-address-family +# - router ospfv3 200 +# - auto-cost reference-bandwidth 4 +# - max-metric router-lsa on-startup 100 +# - address-family ipv4 unicast +# - adjacency stagger 200 200 +# - exit-address-family + # Using Parsed @@ -1859,60 +2113,52 @@ EXAMPLES = """ # adjacency stagger 200 200 # exit-address-family -- name: Parse the provided configuration with the existing running configuration +- name: Parse the provided configuration and display structured ospfv3 facts. cisco.ios.ios_ospfv3: running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed -# Module Execution Result: -# ------------------------ +# Task Output: +# ------------ # -# "parsed": { -# "processes": [ -# { -# "address_family": [ -# { -# "adjacency": { -# "max_adjacency": 50, -# "min_adjacency": 50 -# }, -# "afi": "ipv4", -# "areas": [ -# { -# "area_id": "25", -# "nssa": { -# "default_information_originate": { -# "metric": 25, -# "nssa_only": true -# } -# } -# } -# ], -# "unicast": true, -# "vrf": "blue" -# } -# ], -# "areas": [ -# { -# "area_id": "10", -# "nssa": { -# "default_information_originate": { -# "metric": 10 -# } -# } -# } -# ], -# "max_metric": { -# "on_startup": { -# "time": 110 -# }, -# "router_lsa": true -# }, -# "process_id": 1 -# } -# ] -# } - +# parsed: +# processes: +# - address_family: +# - adjacency: +# max_adjacency: 50 +# min_adjacency: 50 +# afi: ipv4 +# areas: +# - area_id: '25' +# nssa: +# default_information_originate: +# metric: 25 +# nssa_only: true +# unicast: true +# vrf: blue +# areas: +# - area_id: '10' +# nssa: +# default_information_originate: +# metric: 10 +# max_metric: +# on_startup: +# time: 110 +# router_lsa: true +# process_id: 1 +# - address_family: +# - adjacency: +# max_adjacency: 200 +# min_adjacency: 200 +# afi: ipv4 +# unicast: true +# auto_cost: +# reference_bandwidth: 4 +# max_metric: +# on_startup: +# time: 100 +# router_lsa: true +# process_id: 200 """ RETURN = """ @@ -1935,6 +2181,28 @@ commands: returned: always type: list sample: ['router ospfv3 1', 'address-family ipv4 unicast vrf blue', 'adjacency stagger 50 50'] +rendered: + description: The provided configuration in the task rendered in device-native format (offline). + returned: when I(state) is C(rendered) + type: list + sample: + - router ospfv3 1 + - max-metric router-lsa on-startup 110 + - area 10 nssa default-information-originate metric 10 +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when I(state) is C(gathered) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +parsed: + description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. + returned: when I(state) is C(parsed) + type: dict + sample: > + This output will always be in the same format as the + module argspec. """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_ping.py b/ansible_collections/cisco/ios/plugins/modules/ios_ping.py index c5fdd8153..23175c159 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_ping.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_ping.py @@ -51,6 +51,10 @@ options: description: - The source IP Address. type: str + size: + description: + - Size of the packet to send. + type: int egress: description: - Force egress interface bypassing routing. diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_prefix_lists.py b/ansible_collections/cisco/ios/plugins/modules/ios_prefix_lists.py index 23c9de9e1..311834c76 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_prefix_lists.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_prefix_lists.py @@ -19,7 +19,9 @@ short_description: Resource module to configure prefix lists. description: - This module configures and manages the attributes of prefix list on Cisco IOS. version_added: 2.2.0 -author: Sumit Jaiswal (@justjais) +author: + - Sagar Paul (@KB-perByte) + - Sumit Jaiswal (@justjais) notes: - Tested against Cisco IOSXE Version 17.3 on CML. - This module works with connection C(network_cli). @@ -151,16 +153,85 @@ EXAMPLES = """ - name: test_prefix state: deleted -# Commands Fired: -# --------------- -# -# "commands": [ -# "no ip prefix-list 10", -# "no ip prefix-list test_prefix" -# ] +# Task Output +# ------------- +# before: +# - afi: ipv4 +# prefix_lists: +# - description: this is test description +# entries: +# - action: deny +# le: 15 +# prefix: 1.0.0.0/8 +# sequence: 5 +# - action: deny +# ge: 10 +# prefix: 35.0.0.0/8 +# sequence: 10 +# - action: deny +# ge: 15 +# prefix: 12.0.0.0/8 +# sequence: 15 +# - action: deny +# ge: 20 +# le: 21 +# prefix: 14.0.0.0/8 +# sequence: 20 +# name: '10' +# - description: this is test +# entries: +# - action: deny +# ge: 15 +# prefix: 12.0.0.0/8 +# sequence: 50 +# name: test +# - description: this is for prefix-list +# entries: +# - action: deny +# ge: 10 +# le: 15 +# prefix: 35.0.0.0/8 +# sequence: 5 +# - action: deny +# ge: 20 +# prefix: 35.0.0.0/8 +# sequence: 10 +# name: test_prefix +# - afi: ipv6 +# prefix_lists: +# - description: this is ipv6 prefix-list +# entries: +# - action: deny +# ge: 80 +# prefix: 2001:DB8:0:4::/64 +# sequence: 10 +# name: test_ipv6 +# commands: +# - no ip prefix-list 10 +# - no ip prefix-list test_prefix +# after: +# - afi: ipv4 +# prefix_lists: +# - description: this is test +# entries: +# - action: deny +# ge: 15 +# prefix: 12.0.0.0/8 +# sequence: 50 +# name: test +# - afi: ipv6 +# prefix_lists: +# - description: this is ipv6 prefix-list +# entries: +# - action: deny +# ge: 80 +# prefix: 2001:DB8:0:4::/64 +# sequence: 10 +# name: test_ipv6 + # After state: -# ------------- +# ------------ # router-ios#sh running-config | section ^ip prefix-list|^ipv6 prefix-list # ip prefix-list test description this is test # ip prefix-list test seq 50 deny 12.0.0.0/8 ge 15 @@ -192,14 +263,74 @@ EXAMPLES = """ - afi: ipv4 state: deleted -# Commands Fired: -# --------------- -# -# "commands": [ -# "no ip prefix-list test", -# "no ip prefix-list 10", -# "no ip prefix-list test_prefix" -# ] +# Task Output +# ------------- +# before: +# - afi: ipv4 +# prefix_lists: +# - description: this is test description +# entries: +# - action: deny +# le: 15 +# prefix: 1.0.0.0/8 +# sequence: 5 +# - action: deny +# ge: 10 +# prefix: 35.0.0.0/8 +# sequence: 10 +# - action: deny +# ge: 15 +# prefix: 12.0.0.0/8 +# sequence: 15 +# - action: deny +# ge: 20 +# le: 21 +# prefix: 14.0.0.0/8 +# sequence: 20 +# name: '10' +# - description: this is test +# entries: +# - action: deny +# ge: 15 +# prefix: 12.0.0.0/8 +# sequence: 50 +# name: test +# - description: this is for prefix-list +# entries: +# - action: deny +# ge: 10 +# le: 15 +# prefix: 35.0.0.0/8 +# sequence: 5 +# - action: deny +# ge: 20 +# prefix: 35.0.0.0/8 +# sequence: 10 +# name: test_prefix +# - afi: ipv6 +# prefix_lists: +# - description: this is ipv6 prefix-list +# entries: +# - action: deny +# ge: 80 +# prefix: 2001:DB8:0:4::/64 +# sequence: 10 +# name: test_ipv6 +# commands: +# - "no ip prefix-list test", +# - "no ip prefix-list 10", +# - "no ip prefix-list test_prefix" +# after: +# - afi: ipv6 +# prefix_lists: +# - description: this is ipv6 prefix-list +# entries: +# - action: deny +# ge: 80 +# prefix: 2001:DB8:0:4::/64 +# sequence: 10 +# name: test_ipv6 + # After state: # ------------- diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_service.py b/ansible_collections/cisco/ios/plugins/modules/ios_service.py index 89fe2ed47..46c456569 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_service.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_service.py @@ -210,6 +210,7 @@ options: choices: - merged - replaced + - overridden - deleted - gathered - rendered @@ -217,6 +218,7 @@ options: default: merged description: - The state the configuration should be left in. + - The module have declaratively similar behavior for replaced and overridden state. - Refer to examples for more details. type: str """ @@ -434,7 +436,7 @@ EXAMPLES = """ # service dhcp # service password-recovery -- name: "Delete service configuration and restore default configuration for some importants service (those with a default value in module)" +- name: "Delete service configuration and restore default configuration for some important service (those with a default value in module)" cisco.ios.ios_service: state: deleted @@ -471,8 +473,8 @@ EXAMPLES = """ # prompt: true # slave_log: true -#·After·state: -#·------------ +# After state: +# ------------ # # router-ios#show running-config all | section ^service # service slave-log @@ -676,6 +678,7 @@ def main(): required_if=[ ["state", "merged", ["config"]], ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], ["state", "rendered", ["config"]], ["state", "parsed", ["running_config"]], ], diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_snmp_server.py b/ansible_collections/cisco/ios/plugins/modules/ios_snmp_server.py index 5cfc735d8..094d5c48d 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_snmp_server.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_snmp_server.py @@ -121,6 +121,12 @@ options: context: description: Specify a context to associate with the group type: str + match: + choices: + - exact + - prefix + description: Specify a context name match criteria + type: str version_option: choices: - auth @@ -173,9 +179,9 @@ options: elements: str version: choices: - - "1" + - '1' - 2c - - "3" + - '3' description: Notification message SNMP version. type: str version_option: @@ -274,6 +280,9 @@ options: traps: description: Enable SNMP Traps suboptions: + aaa_server: + description: Enable SNMP AAA Server traps + type: bool auth_framework: description: Enable SNMP CISCO-AUTH-FRAMEWORK-MIB traps suboptions: @@ -343,6 +352,32 @@ options: description: Enable SNMP STP Bridge MIB topologychange traps type: bool type: dict + bulkstat: + description: Allow Data-Collection-MIB Collection notifications + suboptions: + enable: + description: Enable Data-Collection-MIB Collection and Transfert notifications + type: bool + collection: + description: Enable Data-Collection-MIB Collection notifications + type: bool + transfer: + description: Enable Data-Collection-MIB Transfer notifications + type: bool + type: dict + call_home: + description: SNMP CISCO-CALLHOME-MIB traps + suboptions: + enable: + description: Enable SNMP CISCO-CALLHOME-MIB traps + type: bool + message_send_fail: + description: Enable SNMP ccmSmtpMsgSendFailNotif notification + type: bool + server_fail: + description: Enable SNMP ccmSmtpServerFailNotif notification + type: bool + type: dict casa: description: Enable SNMP config casa traps type: bool @@ -409,21 +444,59 @@ options: entity: description: Enable SNMP entity traps type: bool + entity_diag: + description: Allow SNMP CISCO-ENTITY-DIAG-MIB traps + suboptions: + boot_up_fail: + description: Enable SNMP ceDiagBootUpFailedNotif traps + type: bool + enable: + description: Enable SNMP CISCO-ENTITY-DIAG-MIB traps + type: bool + hm_test_recover: + description: Enable SNMP ceDiagHMTestRecoverNotif traps + type: bool + hm_thresh_reached: + description: Enable SNMP ceDiagHMThresholdReachedNotif traps + type: bool + scheduled_test_fail: + description: Enable SNMP ceDiagScheduledTestFailedNotif traps + type: bool + type: dict + entity_perf: + description: Allow SNMP CISCO-ENTITY-PERFORMANCE-MIB traps + suboptions: + enable: + description: Enable SNMP CISCO-ENTITY-PERFORMANCE-MIB traps + type: bool + throughput_notif: + description: Enable ENTITY PERFORMANCE MIB throughput traps + type: bool + type: dict + entity_state: + description: Enable SNMP ENTITY-STATE-MIB traps + type: bool energywise: description: Enable SNMP energywise traps type: bool envmon: - description: Allow envmon related traps + description: Enable SNMP environmental monitor traps suboptions: + enable: + description: Enable/disable envmon traps + type: bool fan: - description: Enable SNMP envmon fan traps + description: + - Enable SNMP envmon fan traps + - This option is DEPRECATED and is replaced with fan_enable which accepts bool as input + - This attribute will be removed after 2024-09-01 suboptions: - shutdown: - description: Enable SNMP environmental monitor shutdown traps - type: bool enable: description: Enable/disable fan traps type: bool + shutdown: + description: Enable SNMP environmental monitor shutdown traps + type: bool status: description: Enable SNMP environmental status change traps type: bool @@ -434,6 +507,9 @@ options: description: Enable SNMP environmental monitor temperature traps type: bool type: dict + fan_enable: + description: Enable SNMP envmon fan traps + type: bool shutdown: description: Enable SNMP environmental monitor shutdown traps type: bool @@ -447,6 +523,9 @@ options: description: Enable SNMP environmental monitor temperature traps type: bool type: dict + errdisable: + description: Enable SNMP errdisable notifications + type: bool ethernet: description: Allow ethernet traps suboptions: @@ -455,7 +534,7 @@ options: suboptions: alarm: description: Enable SNMP Ethernet CFM fault alarm trap - type: bool + type: bool cc: description: Enable SNMP Ethernet CC trap type: dict @@ -503,12 +582,38 @@ options: type: bool type: dict type: dict + ether_oam: + description: Enable SNMP ethernet oam traps + type: bool event_manager: description: Enable SNMP event-manager traps type: bool - flowmon: - description: Enable SNMP flowmon traps - type: bool + flash: + description: SNMP FLASH notifications + suboptions: + enable: + description: Enable SNMP FLASH notifications + type: bool + insertion: + description: Enable SNMP Flash Insertion notifications + type: bool + lowspace: + description: Enable SNMP Flash Low Space notifications + type: bool + removal: + description: Enable SNMP Flash Removal notifications + type: bool + type: dict + flex_links: + description: SNMP FLEX Links traps + suboptions: + enable: + description: Enable SNMP FLEX Links traps + type: bool + status: + description: Enable SNMP FLEX Links status change traps + type: bool + type: dict firewall: description: Enable SNMP firewall traps suboptions: @@ -519,6 +624,9 @@ options: description: Enable firewall server status change trap type: bool type: dict + flowmon: + description: Enable SNMP flowmon traps + type: bool frame_relay: description: Allow frame-relay traps suboptions: @@ -608,6 +716,22 @@ options: ipsla: description: Enable SNMP ipsla traps type: bool + isis: + description: Enable SNMP isis traps + type: bool + l2tc: + description: Allow SNMP L2 Tunnel Config traps + suboptions: + enable: + description: Enable SNMP L2 Tunnel Config traps + type: bool + sys_threshold: + description: Enable SNMP L2TC System threshold traps + type: bool + threshold: + description: Enable SNMP L2 Tunnel Config threshold traps + type: bool + type: dict l2tun: description: Allow SNMP l2tun traps suboptions: @@ -618,15 +742,243 @@ options: description: Enable BFD session traps type: bool type: dict + license: + description: Enable license traps + type: bool + lisp: + description: Enable SNMP LISP MIB traps + type: bool + local_auth: + description: Enable SNMP local auth traps + type: bool + mac_notification: + description: Allow SNMP MAC Notification traps + suboptions: + enable: + description: Enable SNMP MAC Notification traps + type: bool + change: + description: Enable SNMP MAC Change traps + type: bool + move: + description: Enable SNMP MAC Move traps + type: bool + threshold: + description: Enable SNMP MAC Threshold traps + type: bool + type: dict + memory: + description: Allow MEMORY traps + suboptions: + enable: + description: Enable MEMORY traps + type: bool + bufferpeak: + description: Enable SNMP Memory Bufferpeak traps + type: bool + type: dict + mpls: + description: Enable SNMP mpls traps + suboptions: + fast_reroute: + description: Allow SNMP MPLS fast reroute traps + suboptions: + enable: + description: Enable SNMP MPLS fast reroute traps + type: bool + protected: + description: Enable MPLS fast reroute protection traps + type: bool + type: dict + ldp: + description: Allow SNMP MPLS label distribution protocol traps + suboptions: + enable: + description: Enable SNMP MPLS label distribution protocol traps + type: bool + pv_limit: + description: Enable MPLS LDP path vector limit mismatch traps + type: bool + session_down: + description: Enable MPLS LDP session down traps + type: bool + session_up: + description: Enable MPLS LDP session up traps + type: bool + threshold: + description: Enable MPLS LDP threshold exceeded traps + type: bool + type: dict + rfc: + description: Enable SNMP MPLS RFC traps + suboptions: + ldp: + description: Allow SNMP MPLS label distribution protocol RFC traps + suboptions: + enable: + description: Enable SNMP MPLS label distribution protocol RFC traps + type: bool + pv_limit: + description: Enable MPLS LDP path vector limit mismatch RFC traps + type: bool + session_down: + description: Enable MPLS LDP session down RFC traps + type: bool + session_up: + description: Enable MPLS LDP session up RFC traps + type: bool + threshold: + description: Enable MPLS LDP threshold exceeded RFC traps + type: bool + type: dict + traffic_eng: + description: Allow SNMP MPLS traffic engineering RFC traps + suboptions: + enable: + description: Enable SNMP MPLS traffic engineering RFC traps + type: bool + down: + description: Enable MPLS TE tunnel down RFC traps + type: bool + reoptimized: + description: Enable MPLS TE tunnel reoptimized RFC traps + type: bool + reroute: + description: Enable MPLS TE tunnel reroute RFC traps + type: bool + up: + description: Enable MPLS TE tunnel up RFC traps + type: bool + type: dict + vpn: + description: Allow SNMP MPLS Virtual Private Network RFC traps + suboptions: + enable: + description: Enable SNMP MPLS Virtual Private Network RFC traps + type: bool + illegal_label: + description: Enable MPLS VPN illegal label threshold exceeded RFC traps + type: bool + max_thresh_cleared: + description: Enable MPLS VPN maximum threshold cleared RFC traps + type: bool + max_threshold: + description: Enable MPLS VPN maximum threshold exceeded RFC traps + type: bool + mid_threshold: + description: Enable MPLS VPN middle threshold exceeded RFC traps + type: bool + vrf_down: + description: Enable MPLS VPN vrf down RFC traps + type: bool + vrf_up: + description: Enable MPLS VPN vrf up RFC traps + type: bool + type: dict + type: dict + traffic_eng: + description: Allow SNMP MPLS traffic engineering traps + suboptions: + enable: + description: Enable SNMP MPLS traffic engineering traps + type: bool + down: + description: Enable MPLS TE tunnel down traps + type: bool + reroute: + description: Enable MPLS TE tunnel reroute traps + type: bool + up: + description: Enable MPLS TE tunnel up traps + type: bool + type: dict + vpn: + description: Allow SNMP MPLS Virtual Private Network traps + suboptions: + enable: + description: Enable SNMP MPLS Virtual Private Network traps + type: bool + illegal_label: + description: Enable MPLS VPN illegal label threshold exceeded traps + type: bool + max_thresh_cleared: + description: Enable MPLS VPN maximum threshold cleared traps + type: bool + max_threshold: + description: Enable MPLS VPN maximum threshold exceeded traps + type: bool + mid_threshold: + description: Enable MPLS VPN middle threshold exceeded traps + type: bool + vrf_down: + description: Enable MPLS VPN vrf down traps + type: bool + vrf_up: + description: Enable MPLS VPN vrf up traps + type: bool + type: dict + type: dict + mpls_vpn: + description: + - Enable SNMP mpls traps + - This option is DEPRECATED and is replaced with mpls which accepts dict as input + - This attribute will be removed after 2024-09-01 + type: bool msdp: description: Enable SNMP msdp traps type: bool mvpn: description: Enable SNMP mvpn traps type: bool - mpls_vpn: - description: Enable SNMP mpls traps - type: bool + nhrp: + description: Allow SNMP NHRP traps + suboptions: + enable: + description: Enable SNMP NHRP traps + type: bool + nhc: + description: Allow Next Hop Client traps + suboptions: + enable: + description: Enable Next Hop Client traps + type: bool + down: + description: Enable Next Hop Client down trap + type: bool + up: + description: Enable Next Hop Client up trap + type: bool + type: dict + nhp: + description: Allow Next Hop Peer traps + suboptions: + enable: + description: Enable Next Hop Peer traps + type: bool + down: + description: Enable Next Hop Peer down trap + type: bool + up: + description: Enable Next Hop Peer up trap + type: bool + type: dict + nhs: + description: Allow Next Hop Server traps + suboptions: + enable: + description: Enable Next Hop Server traps + type: bool + down: + description: Enable Next Hop Server down trap + type: bool + up: + description: Enable Next Hop Server up trap + type: bool + type: dict + quota_exceeded: + description: Enable quota-exceeded trap + type: bool + type: dict ospf: description: Allow ospf related traps suboptions: @@ -673,6 +1025,65 @@ options: description: Enable/disable state change traps type: bool type: dict + ospfv3: + description: Allow OSPFv3 related traps + suboptions: + errors: + description: Error traps + suboptions: + enable: + description: Enable Error traps + type: bool + bad_packet: + description: Packet parse failure on non-virtual interfaces + type: bool + config_error: + description: Config mismatch errors on non-virtual interfaces + type: bool + virt_bad_packet: + description: Packet parse failure on virtual interfaces + type: bool + virt_config_error: + description: Config mismatch errors on virtual interfaces + type: bool + type: dict + rate_limit: + description: + - Trap rate limit values + - Rate limit window size in seconds (between 2 and 60) + type: int + state_change: + description: State change traps + suboptions: + enable: + description: Enable State change traps + type: bool + if_state_change: + description: Non_virtual interface state changes + type: bool + neighbor_restart_helper_status_change: + description: Neighbor graceful restart helper status changes + type: bool + neighbor_state_change: + description: Non_virtual neighbor state changes + type: bool + nssa_translator_status_change: + description: NSSA translator status changes + type: bool + restart_status_change: + description: Graceful restart status changes + type: bool + virtif_state_change: + description: Virtual interface state changes + type: bool + vn_restart_helper_status_change: + description: Virtual neighbor graceful restart helper status changes + type: bool + vn_state_change: + description: Virtual neighbor state changes + type: bool + type: dict + type: dict pim: description: Allow PIM traps suboptions: @@ -689,34 +1100,58 @@ options: description: Enable/disable PIM traps type: bool type: dict - vrfmib: - description: Allow vrfmib traps + pki: + description: Enable SNMP pki traps + type: bool + port_security: + description: Enable SNMP port security traps + type: bool + power_ethernet: + description: Allow SNMP power ethernet traps suboptions: - vrf_up: - description: Enable vrf-up trap - type: bool - vrf_down: - description: Enable vrf-down trap - type: bool - vnet_trunk_up: - description: Enable vnet-trunk-up trap + enable: + description: Enable SNMP power ethernet traps type: bool - vnet_trunk_down: - description: Enable vnet-trunk-down traps + group: + description: Enable SNMP inline power group based traps. + suboptions: + slot_id: + description: An integer between 1 and 20 (physical slot number) + type: int + threshold: + description: Threshold level for this slot + type: int + elements: dict + type: list + police: + description: Enable Policing Trap type: bool type: dict - pki: - description: Enable SNMP pki traps + pw_vc: + description: Enable SNMP pw vc traps + type: bool + rep: + description: Enable SNMP Resilient Ethernet Protocol Traps type: bool rsvp: description: Enable SNMP RSVP traps type: bool - isis: - description: Enable SNMP isis traps - type: bool - pw_vc: - description: Enable SNMP pw vc traps + rf: + description: Enable all SNMP traps defined in CISCO-RF-MIB type: bool + smart_license: + description: Allow smart license traps + suboptions: + enable: + description: Enable smart license traps + type: bool + entitlement: + description: Enable Entitlement Notification trap + type: bool + global: + description: Enable Global Notification traps + type: bool + type: dict snmp: description: Enable SNMP traps suboptions: @@ -736,18 +1171,198 @@ options: description: Enable warmStart trap type: bool type: dict + stackwise: + description: Enable SNMP stackwise traps + type: bool + stpx: + description: Allow SNMP STPX MIB traps + suboptions: + enable: + description: Enable SNMP STPX MIB traps + type: bool + inconsistency: + description: Enable SNMP STPX MIB InconsistencyUpdate traps + type: bool + loop_inconsistency: + description: Enable SNMP STPX MIB LoopInconsistencyUpdate traps + type: bool + root_inconsistency: + description: Enable SNMP STPX MIB RootInconsistencyUpdate traps + type: bool + type: dict syslog: description: Enable SNMP syslog traps type: bool transceiver_all: description: Enable SNMP transceiver traps type: bool + trustsec: + description: Allow SNMP CISCO-TRUSTSEC-MIB traps + suboptions: + authz_file_error: + description: Enable ctsAuthzCacheFileErrNotif notifications + type: bool + cache_file_error: + description: Enable ctsCacheFileAccessErrNotif notifications + type: bool + enable: + description: Enable SNMP CISCO-TRUSTSEC-MIB traps + type: bool + keystore_file_error: + description: Enable ctsSwKeystoreFileErrNotif notifications + type: bool + keystore_sync_fail: + description: Enable ctsSwKeystoreSyncFailNotif notifications + type: bool + random_number_fail: + description: Enable ctsSapRandonNumberFailNotif notifications + type: bool + src_entropy_fail: + description: Enable ctsSrcEntropyFailNotif notifications + type: bool + type: dict + trustsec_interface: + description: Allow SNMP CISCO-TRUSTSEC-INTERFACE-MIB traps + suboptions: + enable: + description: Enable SNMP CISCO-TRUSTSEC-INTERFACE-MIB traps + type: bool + authc_fail: + description: Enable ctsiIfAuthenticationFailNotif trap + type: bool + authz_fail: + description: Enable ctsiAuthorizationFailNotif trap + type: bool + sap_fail: + description: Enable ctsiIfSapNegotiationFailNotif trap + type: bool + supplicant_fail: + description: Enable ctsiIfAddSupplicantFailNotif trap + type: bool + unauthorized: + description: Enable ctsiIfUnauthorizedNotifEnable trap + type: bool + type: dict + trustsec_policy: + description: Allow SNMP CISCO-TRUSTSEC-POLICY-MIB traps + suboptions: + enable: + description: Enable SNMP CISCO-TRUSTSEC-POLICY-MIB traps + type: bool + authz_sgacl_fail: + description: Enable ctspAuthorizationSgaclFailNotif notifications + type: bool + peer_policy_updated: + description: Enable ctspPeerPolicyUpdatedNotif notifications + type: bool + type: dict + trustsec_server: + description: Allow SNMP CISCO-TRUSTSEC-SERVER-MIB traps + suboptions: + enable: + description: Enable SNMP CISCO-TRUSTSEC-SERVER-MIB traps + type: bool + provision_secret: + description: Enable ctsvNoProvisionSecretNotif notification + type: bool + radius_server: + description: Enable ctsvNoRadiusServerNotif notification + type: bool + type: dict + trustsec_sxp: + description: Allow SNMP CISCO-TRUSTSEC-SXP-MIB traps + suboptions: + enable: + description: Enable SNMP CISCO-TRUSTSEC-SXP-MIB traps + type: bool + binding_conflict: + description: Enable ctsxSxpBindingConflictNotif notifications + type: bool + binding_err: + description: Enable ctsxSxpBindingErrNotif notifications + type: bool + binding_expn_fail: + description: Enable ctsxSxpBindingExpnFailNotif notifications + type: bool + conn_config_err: + description: Enable ctsxSxpConnConfigErrNotif notifications + type: bool + conn_down: + description: Enable ctsxSxpConnDownNotif notifications + type: bool + conn_srcaddr_err: + description: Enable ctsxSxpConnSourceAddrErrNotif notifications + type: bool + conn_up: + description: Enable ctsxSxpConnUpNotif notifications + type: bool + msg_parse_err: + description: Enable ctsxSxpMsgParseErrNotif notifications + type: bool + oper_nodeid_change: + description: Enable ctsxSxpOperNodeIdChangeNotif notifications + type: bool + type: dict tty: description: Enable SNMP tty TCP connection traps type: bool + udld: + description: Allow SNMP CISCO-UDLDP-MIB traps + suboptions: + enable: + description: Enable SNMP CISCO-UDLDP-MIB traps + type: bool + link_fail_rpt: + description: Enable SNMP cudldpFastHelloLinkFailRptNotification traps + type: bool + status_change: + description: Enable SNMP cudldpFastHelloStatusChangeNotification traps + type: bool + type: dict + vlan_membership: + description: Enable SNMP VLAN membership traps + type: bool + vlancreate: + description: Enable SNMP VLAN created traps + type: bool + vlandelete: + description: Enable SNMP VLAN deleted traps + type: bool + vrfmib: + description: Allow vrfmib traps + suboptions: + vrf_up: + description: Enable vrf-up trap + type: bool + vrf_down: + description: Enable vrf-down trap + type: bool + vnet_trunk_up: + description: Enable vnet-trunk-up trap + type: bool + vnet_trunk_down: + description: Enable vnet-trunk-down traps + type: bool + type: dict vrrp: description: Enable SNMP vrrp traps type: bool + vswitch: + description: Allow SNMP Virtual Switch notifications + suboptions: + dual_active: + description: Enable SNMP Virtual Switch (Dual Active) notification + type: bool + enable: + description: Enable SNMP Virtual Switch notifications + type: bool + vsl: + description: Enable SNMP Virtual Switch Link (VSL) notification + type: bool + type: dict + vtp: + description: Enable SNMP VTP traps + type: bool type: dict users: description: Define a user who can access the SNMP engine @@ -1233,7 +1848,7 @@ EXAMPLES = """ # Before state: # ------------- -#router-ios#show running-config | section ^snmp-server +# router-ios#show running-config | section ^snmp-server # snmp-server engineID remote 172.16.0.12 udp-port 25 AB0C5342FF0F # snmp-server user userPaul dev v1 access 24 # snmp-server group mergedGroup v3 auth @@ -1939,7 +2554,6 @@ EXAMPLES = """ # } # ] # } - """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_static_routes.py b/ansible_collections/cisco/ios/plugins/modules/ios_static_routes.py index ffa7290e4..b3c57ad6d 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_static_routes.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_static_routes.py @@ -930,7 +930,6 @@ EXAMPLES = """ # tag: 50 # track: 150 # vrf: blue - """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_vlans.py b/ansible_collections/cisco/ios/plugins/modules/ios_vlans.py index 2877e4318..1dd3228ce 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_vlans.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_vlans.py @@ -95,6 +95,20 @@ options: - "List of private VLANs associated with the primary . Only works with `type: primary`." type: list elements: int + member: + description: + - Members of VLAN + type: dict + suboptions: + vni: + description: + - VXLAN vni + type: int + required: true + evi: + description: + - Ethernet Virtual Private Network (EVPN) + type: int running_config: description: - This option is used only with state I(parsed). @@ -104,6 +118,10 @@ options: transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the I(parsed) key within the result. type: str + configuration: + description: + When set to true, deals with vlan configuration CLIs + type: bool state: description: - The state the configuration should be left in @@ -206,6 +224,44 @@ EXAMPLES = """ # ------------------------------------------------------------------------------ # 10 +# Using merged (configuration: True) + +# Before state: +# ------------- +# +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 101 +# member evpn-instance 101 vni 10101 +# vlan configuration 201 +# member evpn-instance 201 vni 10201 + + +- name: Merge provided configuration with device configuration + cisco.ios.ios_vlans: + config: + - vlan_id: 102 + member: + vni: 10102 + evi: 102 + - vlan_id: 901 + member: + vni: 50901 + configuration: true + state: merged + +# After state: +# ------------ +# +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 101 +# member evpn-instance 101 vni 10101 +# vlan configuration 102 +# member evpn-instance 102 vni 10102 +# vlan configuration 201 +# member evpn-instance 201 vni 10201 +# vlan configuration 901 +# member vni 50901 + # Using overridden # Before state: @@ -268,6 +324,45 @@ EXAMPLES = """ # 1004 fdnet 101004 1500 - - - ieee - 0 0 # 1005 trnet 101005 1500 - - - ibm - 0 0 + +# Using overridden (configuration: True) + +# Before state: +# ------------- +# +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 101 +# member evpn-instance 101 vni 10101 +# vlan configuration 102 +# member evpn-instance 102 vni 10102 +# vlan configuration 201 +# member evpn-instance 201 vni 10201 +# vlan configuration 901 +# member vni 50901 + +- name: Override device configuration of all VLANs with provided configuration + cisco.ios.ios_vlans: + config: + - vlan_id: 101 + member: + vni: 10102 + evi: 102 + - vlan_id: 102 + member: + vni: 10101 + evi: 101 + configuration: true + state: overridden + +# After state: +# ------------ +# +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 101 +# member evpn-instance 102 vni 10102 +# vlan configuration 102 +# member evpn-instance 101 vni 10101 + # Using replaced # Before state: @@ -428,8 +523,41 @@ EXAMPLES = """ # 1004 fdnet 101004 1500 - - - ieee - 0 0 # 1005 trnet 101005 1500 - - - ibm - 0 0 +# Using deleted (configuration: True) + +# Before state: +# ------------- +# +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 101 +# member evpn-instance 101 vni 10101 +# vlan configuration 102 +# member evpn-instance 102 vni 10102 +# vlan configuration 201 +# member evpn-instance 201 vni 10201 +# vlan configuration 901 +# member vni 50901 + +- name: Delete attributes of given VLANs + cisco.ios.ios_vlans: + config: + - vlan_id: 101 + configuration: true + state: deleted + +# After state: +# ------------- +# +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 102 +# member evpn-instance 102 vni 10102 +# vlan configuration 201 +# member evpn-instance 201 vni 10201 +# vlan configuration 901 +# member vni 50901 + # Using Deleted without any config passed -#"(NOTE: This will delete all of configured vlans attributes)" +# "(NOTE: This will delete all of configured vlans attributes)" # Before state: # ------------- @@ -485,134 +613,108 @@ EXAMPLES = """ # 1004 fdnet 101004 1500 - - - ieee - 0 0 # 1005 trnet 101005 1500 - - - ibm - 0 0 -# Using Gathered +# Using Deleted without any config passed (configuration: True) +# "(NOTE: This will delete all of configured vlans attributes)" # Before state: # ------------- # -# vios_l2#show vlan -# VLAN Name Status Ports -# ---- -------------------------------- --------- ------------------------------- -# 1 default active Gi0/1, Gi0/2 -# 10 vlan_10 active -# 20 vlan_20 act/lshut -# 30 vlan_30 sus/lshut -# 1002 fddi-default act/unsup -# 1003 token-ring-default act/unsup -# 1004 fddinet-default act/unsup -# 1005 trnet-default act/unsup +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 101 +# member evpn-instance 101 vni 10101 +# vlan configuration 102 +# member evpn-instance 102 vni 10102 +# vlan configuration 201 +# member evpn-instance 201 vni 10201 +# vlan configuration 202 +# member evpn-instance 202 vni 10202 +# vlan configuration 901 +# member vni 50901 + +- name: Delete attributes of ALL VLANs + cisco.ios.ios_vlans: + configuration: true + state: deleted + +# After state: +# ------------- # -# VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 -# ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ -# 1 enet 100001 1500 - - - - - 0 0 -# 10 enet 100010 1500 - - - - - 0 0 -# 20 enet 100020 610 - - - - - 0 0 -# 30 enet 100030 1500 - - - - - 0 0 -# 1002 fddi 101002 1500 - - - - - 0 0 -# 1003 tr 101003 1500 - - - - - 0 0 -# 1004 fdnet 101004 1500 - - - ieee - 0 0 -# 1005 trnet 101005 1500 - - - ibm - 0 0 +# Leaf-01#show run nve | sec ^vlan configuration +# no vlan configuration 101 +# no vlan configuration 102 +# no vlan configuration 201 +# no vlan configuration 202 +# no vlan configuration 901 +# no vlan configuration 902 + +# Using Gathered (configuration: True) + +# Before state: +# ------------- # -# Remote SPAN VLANs -# ------------------------------------------------------------------------------ -# 10 +# Leaf-01#show run nve | sec ^vlan configuration +# vlan configuration 101 +# member evpn-instance 101 vni 10101 +# vlan configuration 102 +# member evpn-instance 102 vni 10102 +# vlan configuration 201 +# member evpn-instance 201 vni 10201 +# vlan configuration 202 +# member evpn-instance 202 vni 10202 +# vlan configuration 901 +# member vni 50901 - name: Gather listed vlans with provided configurations cisco.ios.ios_vlans: config: + configuration: true state: gathered # Module Execution Result: # ------------------------ # -# "gathered": [ -# { -# "mtu": 1500, -# "name": "default", -# "shutdown": "disabled", -# "state": "active", -# "vlan_id": 1 -# }, -# { -# "mtu": 1500, -# "name": "VLAN0010", -# "shutdown": "disabled", -# "state": "active", -# "vlan_id": 10 +# gathered = [ +# { +# "member": { +# "evi": 101, +# "vni": 10101 # }, -# { -# "mtu": 1500, -# "name": "VLAN0020", -# "shutdown": "disabled", -# "state": "active", -# "vlan_id": 20 +# "vlan_id": 101 +# }, +# { +# "member": { +# "evi": 102, +# "vni": 10102 # }, -# { -# "mtu": 1500, -# "name": "VLAN0030", -# "shutdown": "disabled", -# "state": "active", -# "vlan_id": 30 +# "vlan_id": 102 +# }, +# { +# "member": { +# "evi": 201, +# "vni": 10201 # }, -# { -# "mtu": 1500, -# "name": "fddi-default", -# "shutdown": "enabled", -# "state": "active", -# "vlan_id": 1002 +# "vlan_id": 201 +# }, +# { +# "member": { +# "evi": 202, +# "vni": 10202 # }, -# { -# "mtu": 1500, -# "name": "token-ring-default", -# "shutdown": "enabled", -# "state": "active", -# "vlan_id": 1003 +# "vlan_id": 202 +# }, +# { +# "member": { +# "vni": 50901 # }, -# { -# "mtu": 1500, -# "name": "fddinet-default", -# "shutdown": "enabled", -# "state": "active", -# "vlan_id": 1004 +# "vlan_id": 901 +# }, +# { +# "member": { +# "vni": 50902 # }, -# { -# "mtu": 1500, -# "name": "trnet-default", -# "shutdown": "enabled", -# "state": "active", -# "vlan_id": 1005 -# } -# ] - -# After state: -# ------------ -# -# vios_l2#show vlan -# VLAN Name Status Ports -# ---- -------------------------------- --------- ------------------------------- -# 1 default active Gi0/1, Gi0/2 -# 10 vlan_10 active -# 20 vlan_20 act/lshut -# 30 vlan_30 sus/lshut -# 1002 fddi-default act/unsup -# 1003 token-ring-default act/unsup -# 1004 fddinet-default act/unsup -# 1005 trnet-default act/unsup -# -# VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 -# ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ -# 1 enet 100001 1500 - - - - - 0 0 -# 10 enet 100010 1500 - - - - - 0 0 -# 20 enet 100020 610 - - - - - 0 0 -# 30 enet 100030 1500 - - - - - 0 0 -# 1002 fddi 101002 1500 - - - - - 0 0 -# 1003 tr 101003 1500 - - - - - 0 0 -# 1004 fdnet 101004 1500 - - - ieee - 0 0 -# 1005 trnet 101005 1500 - - - ibm - 0 0 -# -# Remote SPAN VLANs -# ------------------------------------------------------------------------------ -# 10 +# "vlan_id": 902 +# } +# ] # Using Rendered @@ -655,6 +757,31 @@ EXAMPLES = """ # "shutdown" # ] +# Using Rendered (configuration: True) + +- name: Render the commands for provided configuration + cisco.ios.ios_vlans: + config: + - vlan_id: 101 + member: + vni: 10101 + evi: 101 + - vlan_id: 102 + member: + vni: 10102 + evi: 102 + state: rendered + +# Module Execution Result: +# ------------------------ +# +# "rendered": [ +# "vlan configuration 101", +# "member evpn-instance 101 vni 10101", +# "vlan configuration 102", +# "member evpn-instance 102 vni 10102" +# ] + # Using Parsed # File: parsed.cfg @@ -748,6 +875,50 @@ EXAMPLES = """ # "vlan_id": 1005 # } # ] + +# Using Parsed (configuration: True) + +# File: parsed.cfg +# ---------------- +# +# vlan configuration 101 +# member evpn-instance 101 vni 10101 +# vlan configuration 102 +# member evpn-instance 102 vni 10102 +# vlan configuration 901 +# member vni 50901 + +- name: Parse the commands for provided configuration + cisco.ios.ios_vlans: + running_config: "{{ lookup('file', './parsed.cfg') }}" + configuration: true + state: parsed + +# Module Execution Result: +# ------------------------ +# +# "parsed": [ +# { +# "member": { +# "evi": 101, +# "vni": 10101 +# }, +# "vlan_id": 101 +# }, +# { +# "member": { +# "evi": 102, +# "vni": 10102 +# }, +# "vlan_id": 102 +# }, +# { +# "member": { +# "vni": 50901 +# }, +# "vlan_id": 901 +# } +# ] """ RETURN = """ diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_vrf.py b/ansible_collections/cisco/ios/plugins/modules/ios_vrf.py index 4165bcae5..27c6641eb 100644 --- a/ansible_collections/cisco/ios/plugins/modules/ios_vrf.py +++ b/ansible_collections/cisco/ios/plugins/modules/ios_vrf.py @@ -54,6 +54,11 @@ options: VRF definition value accepts alphanumeric characters used to provide additional information about the VRF. type: str + address_family: + description: + - The list of address families with MDT parameters to be configured on the remote IOS device. + type: list + elements: dict rd: description: - The router-distinguisher value uniquely identifies the VRF to routing processes @@ -256,7 +261,6 @@ EXAMPLES = """ route_both_ipv6: - 1:100 - 3:100 - """ RETURN = """ @@ -327,6 +331,39 @@ def add_command_to_vrf(name, cmd, commands): commands.append(cmd) +KEY_TO_COMMAND_MAP = { + "auto_discovery": "mdt auto-discovery ", + "default": "mdt default vxlan ", + "data_mcast": "mdt data vxlan ", + "data_threshold": "mdt data threshold ", + "overlay": "mdt overlay ", +} + + +def add_mdt_commands(afi_dict, vrf_name, commands): + for key, value in afi_dict["mdt"].items(): + cmd = KEY_TO_COMMAND_MAP[key] + + if key in ["default", "data_mcast"]: + cmd = cmd + value["vxlan_mcast_group"] + add_command_to_vrf(vrf_name, cmd, commands) + elif key == "data_threshold": + cmd = cmd + str(value) + add_command_to_vrf(vrf_name, cmd, commands) + elif key == "auto_discovery": + if value["vxlan"]["enable"]: + cmd = cmd + "vxlan" + if value["vxlan"].get("inter_as"): + cmd = cmd + " " + "inter-as" + add_command_to_vrf(vrf_name, cmd, commands) + elif key == "overlay": + if value["use_bgp"]["enable"]: + cmd = cmd + "use-bgp" + if value["use_bgp"].get("spt_only"): + cmd = cmd + " " + "spt-only" + add_command_to_vrf(vrf_name, cmd, commands) + + def map_obj_to_commands(updates, module): commands = list() for update in updates: @@ -416,6 +453,33 @@ def map_obj_to_commands(updates, module): add_command_to_vrf(want["name"], cmd, commands) cmd = "exit-address-family" add_command_to_vrf(want["name"], cmd, commands) + if needs_update(want, have, "address_family"): + for want_mdt in want["address_family"]: + afi = want_mdt["afi"] + af_dict = {} + data_dict = want_mdt["mdt"].pop("data", {}) + if data_dict: + if "vxlan_mcast_group" in data_dict: + want_mdt["mdt"]["data_mcast"] = { + "vxlan_mcast_group": data_dict["vxlan_mcast_group"], + } + if "threshold" in data_dict: + want_mdt["mdt"]["data_threshold"] = data_dict["threshold"] + + for key_in, value_in in want_mdt["mdt"].items(): + have_mdt = next( + (i for i in have.get("address_family", {}) if i["afi"] == afi), + {}, + ) + + if needs_update(want_mdt["mdt"], have_mdt.get("mdt", {}), key_in): + af_dict.update({key_in: value_in}) + if af_dict: + cmd = "address-family" + " " + str(afi) + add_command_to_vrf(want["name"], cmd, commands) + add_mdt_commands({"mdt": af_dict}, want["name"], commands) + add_command_to_vrf(want["name"], "exit-address-family", commands) + if want["interfaces"] is not None: for intf in set(have.get("interfaces", [])).difference(want["interfaces"]): commands.extend(["interface %s" % intf, "no vrf forwarding %s" % want["name"]]) @@ -545,6 +609,81 @@ def parse_export_ipv6(configobj, name): pass +def parse_mdt(configobj, name): + cfg = configobj["vrf definition %s" % name] + mdt_list = [] + + for ip in ["ipv4", "ipv6"]: + ret_dict = {} + try: + subcfg = cfg["address-family " + ip] + subcfg = "\n".join(subcfg.children) + except KeyError: + subcfg = "" + pass + + re1 = re.compile(r"^mdt +auto\-discovery +(?P<option>\S+)(\s+(?P<inter_as>inter\-as))?$") + re2 = re.compile(r"^mdt +default +vxlan +(?P<mcast_group>\S+)$") + re3 = re.compile(r"^mdt +data +vxlan +(?P<mcast_group>.+)$") + re4 = re.compile(r"^mdt +data +threshold +(?P<threshold_value>\d+)$") + re5 = re.compile(r"^mdt +overlay +(?P<use_bgp>use-bgp)(\s+(?P<spt_only>spt-only))?$") + + for line in subcfg.splitlines(): + line = line.strip() + m = re1.match(line) + if m: + group = m.groupdict() + ret_dict.setdefault("auto_discovery", {}).setdefault( + group["option"], + {}, + ).setdefault("enable", True) + if group["inter_as"]: + ret_dict.setdefault("auto_discovery", {}).setdefault( + group["option"], + {}, + ).setdefault("inter_as", True) + continue + + m = re2.match(line) + if m: + group = m.groupdict() + ret_dict.setdefault("default", {}).setdefault( + "vxlan_mcast_group", + group["mcast_group"], + ) + continue + + m = re3.match(line) + if m: + group = m.groupdict() + ret_dict.setdefault("data_mcast", {}).setdefault( + "vxlan_mcast_group", + group["mcast_group"], + ) + continue + + m = re4.match(line) + if m: + group = m.groupdict() + ret_dict.setdefault("data_threshold", int(group["threshold_value"])) + + m = re5.match(line) + if m: + group = m.groupdict() + ret_dict.setdefault("overlay", {}).setdefault( + "use_bgp", + {}, + ).setdefault("enable", True) + if group["spt_only"]: + ret_dict.setdefault("overlay", {}).setdefault( + "use_bgp", + {}, + ).setdefault("spt_only", True) + + mdt_list.append({"afi": ip, "mdt": ret_dict}) + return mdt_list + + def map_config_to_obj(module): config = get_config(module) configobj = NetworkConfig(indent=1, contents=config) @@ -569,6 +708,7 @@ def map_config_to_obj(module): "route_import_ipv6": parse_import_ipv6(configobj, item), "route_export_ipv6": parse_export_ipv6(configobj, item), "route_both_ipv6": parse_both(configobj, item, address_family="ipv6"), + "address_family": parse_mdt(configobj, item), } instances.append(obj) return instances @@ -624,6 +764,7 @@ def map_params_to_obj(module): item["route_import_ipv6"] = get_value("route_import_ipv6") item["route_export_ipv6"] = get_value("route_export_ipv6") item["route_both_ipv6"] = get_value("route_both_ipv6") + item["address_family"] = get_value("address_family") both_addresses_family = ["", "_ipv6", "_ipv4"] for address_family in both_addresses_family: if item["route_both%s" % address_family]: @@ -651,16 +792,18 @@ def update_objects(want, have): else: for key, value in iteritems(entry): if value: - try: - if isinstance(value, list): + if isinstance(value, list): + try: if sorted(value) != sorted(item[key]): if (entry, item) not in updates: updates.append((entry, item)) - elif value != item[key]: - if (entry, item) not in updates: + except TypeError: + if value != item[key]: updates.append((entry, item)) - except TypeError: - pass + pass + elif value != item[key]: + if (entry, item) not in updates: + updates.append((entry, item)) return updates @@ -693,6 +836,7 @@ def main(): vrfs=dict(type="list", elements="raw"), name=dict(), description=dict(), + address_family=dict(type="list", elements="dict"), rd=dict(), route_export=dict(type="list", elements="str"), route_import=dict(type="list", elements="str"), @@ -720,6 +864,7 @@ def main(): result["warnings"] = warnings want = map_params_to_obj(module) have = map_config_to_obj(module) + commands = map_obj_to_commands(update_objects(want, have), module) if module.params["purge"]: want_vrfs = [x["name"] for x in want] diff --git a/ansible_collections/cisco/ios/plugins/modules/ios_vxlan_vtep.py b/ansible_collections/cisco/ios/plugins/modules/ios_vxlan_vtep.py new file mode 100644 index 000000000..b2c5933e7 --- /dev/null +++ b/ansible_collections/cisco/ios/plugins/modules/ios_vxlan_vtep.py @@ -0,0 +1,404 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2023 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for ios_vxlan_vtep +""" + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +DOCUMENTATION = """ +module: ios_vxlan_vtep +short_description: Resource module to configure VXLAN VTEP interface. +description: This module provides declarative management of VXLAN VTEP interface on Cisco IOS network + devices. +version_added: 5.3.0 +author: Padmini Priyadarshini Sivaraj (@PadminiSivaraj) +notes: + - Tested against Cisco IOS device with Version 17.13.01 on Cat9k on CML. + - This module works with connection C(network_cli). + See U(https://docs.ansible.com/ansible/latest/network/user_guide/platform_ios.html) +options: + config: + description: A dictionary of VXLAN VTEP interface option + type: list + elements: dict + suboptions: + interface: + description: + - VXLAN VTEP interface + type: str + required: true + source_interface: + description: + - Source interface for the VXLAN VTEP interface + type: str + host_reachability_bgp: + description: + - Host reachability using EVPN protocol + type: bool + member: + description: + - Configure VNI member + type: dict + suboptions: + vni: + description: + - Configure VNI information + type: dict + suboptions: + l2vni: + description: + - Associates L2VNI with the VXLAN VTEP interface + type: list + elements: dict + suboptions: + vni: + description: VNI number + type: int + replication: + description: Replication type for the L2VNI + type: dict + suboptions: + type: + description: Replication type + type: str + choices: ['ingress', 'static'] + mcast_group: + description: Configure multicast group for VNI(s) + type: dict + suboptions: + ipv4: + description: IPv4 multicast group + type: str + ipv6: + description: IPv6 multicast group + type: str + l3vni: + description: + - Associates L3VNI with the VXLAN VTEP interface + type: list + elements: dict + suboptions: + vni: + description: VNI number + type: int + vrf: + description: VRF name of the L3VNI + type: str + running_config: + description: + - This option is used only with state I(parsed). + - The value of this option should be the output received from the IOS device by + executing the command B(show running-config | section ^interface nve). + - The state I(parsed) reads the configuration from C(running_config) option and + transforms it into Ansible structured data as per the resource module's argspec + and the value is then returned in the I(parsed) key within the result. + type: str + + state: + description: + - The state the configuration should be left in + type: str + choices: + - merged + - replaced + - overridden + - deleted + - rendered + - gathered + - parsed + default: merged +""" + +EXAMPLES = """ + +# Using state merged + +# Before state: +# ------------- +# interface nve1 +# no ip address +# source-interface Loopback1 +# host-reachability protocol bgp +# member vni 10101 mcast-group 225.0.0.101 +# member vni 10102 ingress-replication +# member vni 50901 vrf green +# member vni 10201 mcast-group 225.0.0.101 +# member vni 10202 ingress-replication +# member vni 50902 vrf blue + +# - name: Merge the provided configuration with the device configuration +# cisco.ios.ios_vxlan_vtep: +# config: +# - interface: nve1 +# source_interface: loopback2 +# member: +# vni: +# l2vni: +# - vni: 10101 +# replication: +# type: ingress +# - vni: 10201 +# replication: +# type: static +# mcast_group: +# ipv4: 225.0.0.101 +# ipv6: FF0E:225::101 +# l3vni: +# - vni: 50901 +# vrf: blue +# state: merged + +# Commands Fired: +# --------------- +# "commands": [ +# "interface nve1", +# "source-interface loopback2", +# "no member vni 10101 mcast-group 225.0.0.101", +# "member vni 10101 ingress-replication", +# "no member vni 10201 mcast-group 225.0.0.101", +# "member vni 10201 mcast-group 225.0.0.101 FF0E:225::101", +# "no member vni 50901 vrf green", +# "no member vni 50902 vrf blue", +# "member vni 50901 vrf blue" +# ], + +# After state: +# ------------ +# interface nve1 +# no ip address +# source-interface Loopback2 +# host-reachability protocol bgp +# member vni 10102 ingress-replication +# member vni 10202 ingress-replication +# member vni 10101 ingress-replication +# member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 +# member vni 50901 vrf blue + +# Using state replaced + +# Before state: +# ------------- +# interface nve1 +# no ip address +# source-interface Loopback2 +# host-reachability protocol bgp +# member vni 10102 ingress-replication +# member vni 10202 ingress-replication +# member vni 10101 ingress-replication +# member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 +# member vni 50901 vrf blue + +# - name: Replaces the device configuration with the provided configuration +# cisco.ios.ios_vxlan_vtep: +# config: +# - interface: nve1 +# source_interface: Loopback2 +# member: +# vni: +# l2vni: +# - vni: 10101 +# replication: +# type: static +# mcast_group: +# ipv6: FF0E:225::101 +# - vni: 10201 +# replication: +# type: static +# mcast_group: +# ipv6: FF0E:225::102 +# state: replaced + +# Commands Fired: +# --------------- +# "commands": [ +# "interface nve1", +# "no member vni 10101 ingress-replication", +# "member vni 10101 mcast-group FF0E:225::101", +# "no member vni 10201 mcast-group 225.0.0.101 FF0E:225::101", +# "member vni 10201 mcast-group FF0E:225::102", +# "no member vni 10102 ingress-replication", +# "no member vni 10202 ingress-replication", +# "no member vni 50901 vrf blue" +# ], + +# After state: +# ------------ +# interface nve1 +# no ip address +# source-interface Loopback2 +# host-reachability protocol bgp +# member vni 10101 mcast-group FF0E:225::101 +# member vni 10201 mcast-group FF0E:225::102 + +# Using state Deleted + +# Before state: +# ------------- +# interface nve1 +# no ip address +# source-interface Loopback2 +# host-reachability protocol bgp +# member vni 10101 mcast-group FF0E:225::101 +# member vni 10201 mcast-group FF0E:225::102 + +# - name: "Delete VXLAN VTEP interface" +# cisco.ios.ios_vxlan_vtep: +# config: +# - interface: nve1 +# state: deleted + +# Commands Fired: +# --------------- +# "commands": [ +# "interface nve1", +# "no source-interface Loopback2", +# "no host-reachability protocol bgp", +# "no member vni 10101 mcast-group FF0E:225::101", +# "no member vni 10201 mcast-group FF0E:225::102" +# ], + +# After state: +# ------------- +# interface nve1 +# no ip address + +# Using state Deleted with member VNIs + +# Before state: +# ------------- +# interface nve1 +# no ip address +# source-interface Loopback2 +# host-reachability protocol bgp +# member vni 10101 mcast-group FF0E:225::101 +# member vni 10102 mcast-group 225.0.0.101 +# member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 + +# - name: "Delete VXLAN VTEP interface with member VNIs" +# cisco.ios.ios_vxlan_vtep: +# config: +# - interface: nve1 +# source_interface: Loopback2 +# member: +# vni: +# l2vni: +# - vni: 10101 +# - vni: 10102 +# state: deleted + +# Commands Fired: +# --------------- +# "commands": [ +# "interface nve1", +# "no member vni 10101 mcast-group FF0E:225::101", +# "no member vni 10102 mcast-group 225.0.0.101" +# ], + +# After state: +# ------------- +# interface nve1 +# no ip address +# source-interface Loopback2 +# host-reachability protocol bgp +# member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 + +# Using state Deleted with no config + +# Before state: +# ------------- +# interface nve1 +# no ip address +# source-interface Loopback2 +# host-reachability protocol bgp +# member vni 10101 mcast-group FF0E:225::101 +# member vni 10201 mcast-group FF0E:225::102 + +# - name: "Delete VXLAN VTEP interface with no config" +# cisco.ios.ios_vxlan_vtep: +# state: deleted + +# Commands Fired: +# --------------- +# "commands": [ +# "interface nve1", +# "no source-interface Loopback2", +# "no host-reachability protocol bgp", +# "no member vni 10101 mcast-group FF0E:225::101", +# "no member vni 10201 mcast-group FF0E:225::102" +# ], + +# After state: +# ------------- +# interface nve1 +# no ip address +""" + +RETURN = """ +before: + description: The configuration prior to the module execution. + returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after module execution. + returned: when changed + type: dict + sample: > + This output will always be in the same format as the + module argspec. +commands: + description: The set of commands pushed to the remote device. + returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) + type: list + sample: + - 'interface nve1' + - 'source-interface Loopback1' + - 'host-reachability protocol bgp' + - 'member vni 10101 ingress-replication' +""" + +from ansible.module_utils.basic import AnsibleModule + +from ansible_collections.cisco.ios.plugins.module_utils.network.ios.argspec.vxlan_vtep.vxlan_vtep import ( + Vxlan_vtepArgs, +) +from ansible_collections.cisco.ios.plugins.module_utils.network.ios.config.vxlan_vtep.vxlan_vtep import ( + Vxlan_vtep, +) + + +def main(): + """ + Main entry point for module execution + + :returns: the result form module invocation + """ + module = AnsibleModule( + argument_spec=Vxlan_vtepArgs.argument_spec, + mutually_exclusive=[["config", "running_config"]], + required_if=[ + ["state", "merged", ["config"]], + ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], + ["state", "rendered", ["config"]], + ["state", "parsed", ["running_config"]], + ], + supports_check_mode=True, + ) + + result = Vxlan_vtep(module).execute_module() + module.exit_json(**result) + + +if __name__ == "__main__": + main() |