Fortios_config PR (#21409)
* Remove state & change backup strategy & fix doc fragment * Missing __init__.py * Move backup to module_utils + add backup_path & backup_filename params * Fix pep8 * Change backup_path type from str to path * Change license from gpl to bsd * Fix doc and backup param leftover * Fix Doc
This commit is contained in:
parent
dd9a39b27b
commit
1e84c401f1
4 changed files with 320 additions and 0 deletions
60
lib/ansible/module_utils/fortios.py
Normal file
60
lib/ansible/module_utils/fortios.py
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
# This code is part of Ansible, but is an independent component.
|
||||||
|
# This particular file snippet, and this file snippet only, is BSD licensed.
|
||||||
|
# Modules you write using this snippet, which is embedded dynamically by Ansible
|
||||||
|
# still belong to the author of the module, and may assign their own license
|
||||||
|
# to the complete work.
|
||||||
|
#
|
||||||
|
# Copyright (c), Benjamin Jolivot <bjolivot@gmail.com>, 2014
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# Redistribution and use in source and binary forms, with or without modification,
|
||||||
|
# are permitted provided that the following conditions are met:
|
||||||
|
#
|
||||||
|
# * Redistributions of source code must retain the above copyright
|
||||||
|
# notice, this list of conditions and the following disclaimer.
|
||||||
|
# * Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
# this list of conditions and the following disclaimer in the documentation
|
||||||
|
# and/or other materials provided with the distribution.
|
||||||
|
#
|
||||||
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||||
|
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
|
||||||
|
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
#
|
||||||
|
import os
|
||||||
|
import time
|
||||||
|
|
||||||
|
|
||||||
|
fortios_argument_spec = dict(
|
||||||
|
host = dict(required=True ),
|
||||||
|
username = dict(required=True ),
|
||||||
|
password = dict(required=True, type='str', no_log=True ),
|
||||||
|
timeout = dict(type='int', default=60),
|
||||||
|
vdom = dict(type='str', default=None ),
|
||||||
|
backup = dict(type='bool', default=False),
|
||||||
|
backup_path = dict(type='path'),
|
||||||
|
backup_filename = dict(type='str'),
|
||||||
|
)
|
||||||
|
|
||||||
|
fortios_required_if = [
|
||||||
|
['backup', True , ['backup_path'] ],
|
||||||
|
]
|
||||||
|
|
||||||
|
def backup(module,running_config):
|
||||||
|
backup_path = module.params['backup_path']
|
||||||
|
if not os.path.exists(backup_path):
|
||||||
|
try:
|
||||||
|
os.mkdir(backup_path)
|
||||||
|
except:
|
||||||
|
module.fail_json(msg="Can't create directory {0} Permission denied ?".format(backup_path))
|
||||||
|
tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time()))
|
||||||
|
filename = '%s/%s_config.%s' % (backup_path, module.params['host'], tstamp)
|
||||||
|
try:
|
||||||
|
open(filename, 'w').write(running_config)
|
||||||
|
except:
|
||||||
|
module.fail_json(msg="Can't create backup file {0} Permission denied ?".format(filename))
|
0
lib/ansible/modules/network/fortios/__init__.py
Normal file
0
lib/ansible/modules/network/fortios/__init__.py
Normal file
201
lib/ansible/modules/network/fortios/fortios_config.py
Normal file
201
lib/ansible/modules/network/fortios/fortios_config.py
Normal file
|
@ -0,0 +1,201 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
#
|
||||||
|
# Ansible module to manage configuration on fortios devices
|
||||||
|
# (c) 2016, Benjamin Jolivot <bjolivot@gmail.com>
|
||||||
|
#
|
||||||
|
# This file is part of Ansible
|
||||||
|
#
|
||||||
|
# Ansible is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# Ansible is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
|
||||||
|
ANSIBLE_METADATA = {
|
||||||
|
'status': ['preview'],
|
||||||
|
'supported_by': 'community',
|
||||||
|
'version': '1.0'
|
||||||
|
}
|
||||||
|
|
||||||
|
DOCUMENTATION = """
|
||||||
|
---
|
||||||
|
module: fortios_address
|
||||||
|
version_added: "2.3"
|
||||||
|
author: "Benjamin Jolivot (@bjolivot)"
|
||||||
|
short_description: Manage fortios firewall config
|
||||||
|
description:
|
||||||
|
- This module provides management of FortiOS Devices configuration.
|
||||||
|
extends_documentation_fragment: fortios
|
||||||
|
options:
|
||||||
|
src:
|
||||||
|
description:
|
||||||
|
- The I(src) argument provides a path to the configuration file
|
||||||
|
to load into the remote device.
|
||||||
|
filter:
|
||||||
|
description:
|
||||||
|
- Only for partial backup, you can restrict by giving expected configuration path (ex. firewall address).
|
||||||
|
default: ""
|
||||||
|
notes:
|
||||||
|
- This module requires pyFG python library
|
||||||
|
"""
|
||||||
|
|
||||||
|
EXAMPLES = """
|
||||||
|
- name: Backup current config
|
||||||
|
fortios_config:
|
||||||
|
host: 192.168.0.254
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
- name: Backup only address objects
|
||||||
|
fortios_config:
|
||||||
|
host: 192.168.0.254
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
backup: yes
|
||||||
|
backup_path: /tmp/forti_backup/
|
||||||
|
filter: "firewall address"
|
||||||
|
|
||||||
|
- name: Update configuration from file
|
||||||
|
fortios_config:
|
||||||
|
host: 192.168.0.254
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
src: new_configuration.conf
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
RETURN = """
|
||||||
|
running_config:
|
||||||
|
description: full config string
|
||||||
|
returned: always
|
||||||
|
type: string
|
||||||
|
change_string:
|
||||||
|
description: The commands really executed by the module
|
||||||
|
returned: only if config changed
|
||||||
|
type: string
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
from ansible.module_utils.fortios import fortios_argument_spec, fortios_required_if
|
||||||
|
from ansible.module_utils.fortios import backup
|
||||||
|
|
||||||
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
|
from ansible.module_utils.pycompat24 import get_exception
|
||||||
|
|
||||||
|
|
||||||
|
#check for pyFG lib
|
||||||
|
try:
|
||||||
|
from pyFG import FortiOS, FortiConfig
|
||||||
|
from pyFG.fortios import logger
|
||||||
|
from pyFG.exceptions import CommandExecutionException, FailedCommit, ForcedCommit
|
||||||
|
HAS_PYFG=True
|
||||||
|
except:
|
||||||
|
HAS_PYFG=False
|
||||||
|
|
||||||
|
# some blocks don't support update, so remove them
|
||||||
|
NOT_UPDATABLE_CONFIG_OBJECTS=[
|
||||||
|
"vpn certificate local",
|
||||||
|
]
|
||||||
|
|
||||||
|
def main():
|
||||||
|
argument_spec = dict(
|
||||||
|
src = dict(type='str', default=None),
|
||||||
|
filter = dict(type='str', default=""),
|
||||||
|
)
|
||||||
|
|
||||||
|
argument_spec.update(fortios_argument_spec)
|
||||||
|
|
||||||
|
required_if = fortios_required_if
|
||||||
|
|
||||||
|
module = AnsibleModule(
|
||||||
|
argument_spec=argument_spec,
|
||||||
|
supports_check_mode=True,
|
||||||
|
required_if=required_if,
|
||||||
|
)
|
||||||
|
|
||||||
|
result = dict(changed=False)
|
||||||
|
|
||||||
|
# fail if pyFG not present
|
||||||
|
if not HAS_PYFG:
|
||||||
|
module.fail_json(msg='Could not import the python library pyFG required by this module')
|
||||||
|
|
||||||
|
#define device
|
||||||
|
f = FortiOS( module.params['host'],
|
||||||
|
username=module.params['username'],
|
||||||
|
password=module.params['password'],
|
||||||
|
timeout=module.params['username'],
|
||||||
|
vdom=module.params['vdom'])
|
||||||
|
|
||||||
|
#connect
|
||||||
|
try:
|
||||||
|
f.open()
|
||||||
|
except:
|
||||||
|
module.fail_json(msg='Error connecting device')
|
||||||
|
|
||||||
|
#get config
|
||||||
|
try:
|
||||||
|
f.load_config(path=module.params['filter'])
|
||||||
|
result['running_config'] = f.running_config.to_text()
|
||||||
|
|
||||||
|
except:
|
||||||
|
module.fail_json(msg='Error reading running config')
|
||||||
|
|
||||||
|
#backup config
|
||||||
|
if module.params['backup']:
|
||||||
|
backup(module, f.running_config.to_text())
|
||||||
|
|
||||||
|
|
||||||
|
#update config
|
||||||
|
if module.params['src'] is not None:
|
||||||
|
#store config in str
|
||||||
|
try:
|
||||||
|
conf_str = open(module.params['src'], 'r').read()
|
||||||
|
f.load_config(in_candidate=True, config_text=conf_str)
|
||||||
|
except:
|
||||||
|
module.fail_json(msg="Can't open configuration file, or configuration invalid")
|
||||||
|
|
||||||
|
#get updates lines
|
||||||
|
change_string = f.compare_config()
|
||||||
|
|
||||||
|
#remove not updatable parts
|
||||||
|
c = FortiConfig()
|
||||||
|
c.parse_config_output(change_string)
|
||||||
|
|
||||||
|
for o in NOT_UPDATABLE_CONFIG_OBJECTS:
|
||||||
|
c.del_block(o)
|
||||||
|
|
||||||
|
change_string = c.to_text()
|
||||||
|
|
||||||
|
if change_string != "":
|
||||||
|
result['change_string'] = change_string
|
||||||
|
result['changed'] = True
|
||||||
|
|
||||||
|
#Commit if not check mode
|
||||||
|
if module.check_mode is False and change_string != "":
|
||||||
|
try:
|
||||||
|
f.commit(change_string)
|
||||||
|
except CommandExecutionException:
|
||||||
|
e = get_exception()
|
||||||
|
module.fail_json(msg="Unable to execute command, check your args, the error was {0}".format(e.message))
|
||||||
|
except FailedCommit:
|
||||||
|
e = get_exception()
|
||||||
|
module.fail_json(msg="Unable to commit, check your args, the error was {0}".format(e.message))
|
||||||
|
except ForcedCommit:
|
||||||
|
e = get_exception()
|
||||||
|
module.fail_json(msg="Failed to force commit, check your args, the error was {0}".format(e.message))
|
||||||
|
|
||||||
|
module.exit_json(**result)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
|
|
59
lib/ansible/utils/module_docs_fragments/fortios.py
Normal file
59
lib/ansible/utils/module_docs_fragments/fortios.py
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
#
|
||||||
|
# (c) 2017, Benjamin Jolivot <bjolivot@gmail.com>
|
||||||
|
#
|
||||||
|
# This file is part of Ansible
|
||||||
|
#
|
||||||
|
# Ansible is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# Ansible is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
|
||||||
|
class ModuleDocFragment(object):
|
||||||
|
|
||||||
|
# Standard files documentation fragment
|
||||||
|
DOCUMENTATION = """
|
||||||
|
options:
|
||||||
|
host:
|
||||||
|
description:
|
||||||
|
- Specifies the DNS hostname or IP address for connecting to the remote fortios device.
|
||||||
|
required: true
|
||||||
|
username:
|
||||||
|
description:
|
||||||
|
- Configures the username used to authenticate to the remote device.
|
||||||
|
required: true
|
||||||
|
password:
|
||||||
|
description:
|
||||||
|
- Specifies the password used to authenticate to the remote device.
|
||||||
|
required: true
|
||||||
|
timeout:
|
||||||
|
description:
|
||||||
|
- Timeout in seconds for connecting to the remote device.
|
||||||
|
default: 60
|
||||||
|
vdom:
|
||||||
|
description:
|
||||||
|
- Specifies on which vdom to apply configuration
|
||||||
|
backup:
|
||||||
|
description:
|
||||||
|
- This argument will cause the module to create a backup of
|
||||||
|
the current C(running-config) from the remote device before any
|
||||||
|
changes are made. The backup file is written to the i(backup)
|
||||||
|
folder.
|
||||||
|
default: no
|
||||||
|
choices: ['yes', 'no']
|
||||||
|
backup_path:
|
||||||
|
description:
|
||||||
|
- Specifies where to store backup files. Required if I(backup=yes).
|
||||||
|
backup_filename:
|
||||||
|
description:
|
||||||
|
- Specifies the backup filename. If omitted filename will be
|
||||||
|
formated like HOST_config.YYYY-MM-DD@HH:MM:SS
|
||||||
|
"""
|
Loading…
Reference in a new issue