diff options
139 files changed, 4794 insertions, 1964 deletions
diff --git a/.github/workflows/ah_token_refresh.yml b/.github/workflows/ah_token_refresh.yml new file mode 100644 index 00000000..096685dd --- /dev/null +++ b/.github/workflows/ah_token_refresh.yml @@ -0,0 +1,14 @@ +name: Refresh the automation hub token +# the token expires every 30 days, so we need to refresh it +on: + schedule: + - cron: '0 12 1,15 * *' # run 12pm on the 1st and 15th of the month + workflow_dispatch: + +jobs: + refresh: + uses: ansible/team-devtools/.github/workflows/ah_token_refresh.yml@v22.5.0 + with: + environment: release + secrets: + ah_token: ${{ secrets.AH_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index cab10556..d5617c09 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,7 +12,7 @@ repos: - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: check-symlinks @@ -39,18 +39,18 @@ repos: - prettier-plugin-toml - repo: https://github.com/PyCQA/isort - rev: 5.13.2 + rev: 6.0.0 hooks: - id: isort name: Sort import statements using isort args: [--filter-files] - repo: https://github.com/psf/black - rev: 24.4.2 + rev: 25.1.0 hooks: - id: black - repo: https://github.com/pycqa/flake8 - rev: 7.1.0 + rev: 7.1.2 hooks: - id: flake8 diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4ccf0b59..4eac017f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,6 +4,118 @@ Vyos Collection Release Notes .. contents:: Topics +v6.0.0 +====== + +Release Summary +--------------- + +This is the first significant release from the VyOS community for these modules. +This release is focussed on 1.3+ of VyOS and will be the last major release to +support 1.3 fully. Although efforts have been made to maintain compatibility +with the existing vyos collection modules, there have breaking changes where +necessary to configuration parameters. Please review all changes carefully before updating. + +Major Changes +------------- + +- bgp modules - Added support for 1.4+ "system-as". 1.3 embedded as_number is still supported +- vyos bgp modules - Many configuration attributes moved from `bgp_global` to `bgp_address_family` module (see documentation). +- vyos_bgp_address_family - Aligned with version 1.3+ configuration - aggregate_address, maximum_paths, network, and redistribute moved from `bgp_global` module. These are now Address-family specific. Many neighbor attributes also moved from `vyos_bgp_global` to `vyos_bgp_address_family` module. +- vyos_bgp_global - Aligned with version 1.3+ configuration - aggregate_address, maximum_paths, network, and redistribute Removed to `bgp_address_family` module. +- vyos_user - add support for encrypted password specification +- vyos_user - add support for public-key authentication + +Minor Changes +------------- + +- README.md - Add Communication section with Forum information. +- vyos_bgp_address_family - Redistribute, network stanza - added support for modifiers (metric, backdoor etc as per T6829) +- vyos_bgp_global - Added support for `solo` neighbor attribute +- vyos_config - block get_config call if match is set to "none" +- vyos_facts - added `network_os_major_version` to facts +- vyos_firewall_global - Added support for input, output, and forward chains (1.4+) +- vyos_firewall_global - Added support for log-level in state-policy (1.4+) +- vyos_firewall_global - with 1.4+, use the the global keyword to define global firewall rules +- vyos_firewall_interfaces - added support for VIF interfaces +- vyos_firewall_interfaces - enable support for 1.4 firewall +- vyos_firewall_interfaces - expanded firewall interface types to match existing types +- vyos_firewall_rules - Add support for diff mode for rulesets +- vyos_firewall_rules - Added support for 1.4+ firewall rules +- vyos_firewall_rules - Fixed comparing of firewall rules +- vyos_firewall_rules - added support for 1.5+ firewall `match-ipsec-in`, `match-ipsec-out`, `match-none-in`, `match-none-out` +- vyos_firewall_rules - added support for packet-length-exclude for 1.4+ and the states +- vyos_l3_interfaces - make l3_interfaces pick up loopback interfaces +- vyos_lldp_global - address is now addresses, with appropriate coercion for existing address keys +- vyos_ntp_global - Added ntp options for 1.5+ (interleave, ptp) +- vyos_ntp_global - Added support for VyOS 1.4+ (chronyd vs ntpd) +- vyos_ntp_global - Added syntax for allow_client in 1.4+ +- vyos_ospf_interaces - support for 1.4 ospf interfaces +- vyos_ospf_interfaces - add support for VyOS 1.3- virtual interfaces +- vyos_ospf_interfaces - add support for VyOS 1.4+, which moved interface configuration from the interfaces to ospf/ospfv3 interfaces configuration +- vyos_route_maps - add support for as-path-prepend policy option + +Breaking Changes / Porting Guide +-------------------------------- + +- Removed `vyos_logging`. Use `vyos_logging_global` instead. +- lldp_global - if "address" is available, merge will cause it to be added, in contrast to the previous behavior where it was replaced. When used in replace mode, it will remove any existing addresses and replace them with the new one. +- vyos_bgp_address_family - Support for 1.3+ VyOS only +- vyos_bgp_global - Support for 1.3+ VyOS only +- vyos_firewall_rules - removed p2p options as they have been removed prior to 1.3 of VyOS +- vyos_firewall_rules - tcp.flags is now a list with an inversion flag to support 1.4+ firewall rules, but still supports 1.3- +- vyos_lldp_global - civic_address is no longer a valid key (removed prior to 1.3) +- vyos_logging_global - For 1.4, `protocol` is an attribute of the syslog host, not the facility +- vyos_snmp_server - no longer works with versions prior to 1.3 +- vyos_snmp_server - parameter `engine_id` is no longer a `user` or `trap_target` parameter and is now a `snmp_v3` parameter +- vyos_snmp_server - parameters `encrypted-key` and `plaintext-key` are now `encrypted-password` and `plaintext-password` +- vyos_user - explicit support for version 1.3+ only +- vyos_user - removed level (and its alias, role) they were removed in 1.3 + +Deprecated Features +------------------- + +- vyos_bgp_global - no_ipv4_unicast - deprecated for use with VyOS 1.4+, use `ipv4_unicast` instead +- vyos_firewall_interfaces - deprecated for use with VyOS 1.4+, firewalls are no longer connected directly to interfaces. See the Firewall Configuration documentation for how to establish a connection betwen the firewall rulesets and the flow, interface, or zone. +- vyos_lldp_global - `address` is deprecated, use `addresses` instead. To be removed in 7.0.0. +- vyos_logging_global - `protocol` is deprecated for 1.4 and later, use `facility` instead. To be removed in next major version where supprot for 1.3 is removed + +Bugfixes +-------- + +- vyos_config - Fix change detection for recent Vyos versions +- vyos_firewall_global - Fix removing last member of a firewall group. +- vyos_firewall_global - Fixed ipv6 route-redirects and tests +- vyos_firewall_global - Fixed parsing of global-options (1.4+) +- vyos_firewall_global - Fixed state-policy deletion (partial and full) +- vyos_firewall_global - fixed behavior for stanzas processing by facts in 1.4+ (e.g. present/absent stanza vs enable/disable) +- vyos_firewall_global - fixed the facts parsers to include state-policies, redirect +- vyos_firewall_rules - Allow deleting of firewall description. +- vyos_firewall_rules - Fix limit parameter processing +- vyos_firewall_rules - fixed behavior for log, disable attributes +- vyos_firewall_rules - fixed behavior for override and replaced states +- vyos_interfaces - fixed bug where 'replace' would delete an active disable and not reinstate it +- vyos_interfaces - fixed over-zealous handling of disable, which could catch other interface items that are disabled. +- vyos_l3_interfaces - fix delete in interfaces to remove vif completely if in affected interface +- vyos_l3_interfaces - fix override in interfaces to remove vif completely if not present in new config +- vyos_l3_interfaces - fix replace in interfaces to remove vif completely if not present in new config +- vyos_logging_global - Fixed v1.3 and before when `protocol` and `level` were set for the same host +- vyos_ospf_interfaces - fixed get_config to cater for unordered command lists in 1.4+ +- vyos_ospfv2 - passive-interface processing for 1.3- and 1.4+ +- vyos_ospfv3 - added support for adding interfaces to areas +- vyos_static routes - fixed the facts, argspecs, config to include interface-routes +- vyos_user - fix handling of `full-name` in parser and module + +Known Issues +------------ + +- existing code for 1.3 facility protocol and facility level are not compatible, only one will be set and level is the priority. + +Documentation Changes +--------------------- + +- Update module documentation to reflect 1.4+ support + v5.0.0 ====== @@ -210,12 +210,15 @@ Additionally: on the local network - eth1 and eth2 should be defined and uncofirgured (they'll be overwritten by the tests) - eth3 and beyond should not be present or interface-related tests will fail +- when using VMs for testing, ensure that the interfaces don't use `virtio`, as it will supress + some interface configurations. `e1000e` is a good choice for testing. - eth0 is also expected to show `duplex auto` and `speed auto` in the output of `show interfaces`, however others are not due to the fact that they are repeatedly deleted and recreated which causes the default values to be hidden. ## Changelogs -<!--Add a link to a changelog.md file or an external docsite to cover this information. --> + +Change logs are available [here](https://github.com/vyos/vyos.vyos/blob/main/CHANGELOG.rst). ## Release notes diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index b20932d2..f92f47be 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -431,3 +431,194 @@ releases: - release_500.yaml - undeprecate.yaml release_date: "2024-06-25" + 6.0.0: + changes: + breaking_changes: + - Removed `vyos_logging`. Use `vyos_logging_global` instead. + - lldp_global - if "address" is available, merge will cause it to be added, + in contrast to the previous behavior where it was replaced. When used in replace + mode, it will remove any existing addresses and replace them with the new + one. + - vyos_bgp_address_family - Support for 1.3+ VyOS only + - vyos_bgp_global - Support for 1.3+ VyOS only + - vyos_firewall_rules - removed p2p options as they have been removed prior + to 1.3 of VyOS + - vyos_firewall_rules - tcp.flags is now a list with an inversion flag to support + 1.4+ firewall rules, but still supports 1.3- + - vyos_lldp_global - civic_address is no longer a valid key (removed prior to + 1.3) + - vyos_logging_global - For 1.4, `protocol` is an attribute of the syslog host, + not the facility + - vyos_snmp_server - no longer works with versions prior to 1.3 + - vyos_snmp_server - parameter `engine_id` is no longer a `user` or `trap_target` + parameter and is now a `snmp_v3` parameter + - vyos_snmp_server - parameters `encrypted-key` and `plaintext-key` are now + `encrypted-password` and `plaintext-password` + - vyos_user - explicit support for version 1.3+ only + - vyos_user - removed level (and its alias, role) they were removed in 1.3 + bugfixes: + - vyos_config - Fix change detection for recent Vyos versions + - vyos_firewall_global - Fix removing last member of a firewall group. + - vyos_firewall_global - Fixed ipv6 route-redirects and tests + - vyos_firewall_global - Fixed parsing of global-options (1.4+) + - vyos_firewall_global - Fixed state-policy deletion (partial and full) + - vyos_firewall_global - fixed behavior for stanzas processing by facts in 1.4+ + (e.g. present/absent stanza vs enable/disable) + - vyos_firewall_global - fixed the facts parsers to include state-policies, + redirect + - vyos_firewall_rules - Allow deleting of firewall description. + - vyos_firewall_rules - Fix limit parameter processing + - vyos_firewall_rules - fixed behavior for log, disable attributes + - vyos_firewall_rules - fixed behavior for override and replaced states + - vyos_interfaces - fixed bug where 'replace' would delete an active disable + and not reinstate it + - vyos_interfaces - fixed over-zealous handling of disable, which could catch + other interface items that are disabled. + - vyos_l3_interfaces - fix delete in interfaces to remove vif completely if + in affected interface + - vyos_l3_interfaces - fix override in interfaces to remove vif completely if + not present in new config + - vyos_l3_interfaces - fix replace in interfaces to remove vif completely if + not present in new config + - vyos_logging_global - Fixed v1.3 and before when `protocol` and `level` were + set for the same host + - vyos_ospf_interfaces - fixed get_config to cater for unordered command lists + in 1.4+ + - vyos_ospfv2 - passive-interface processing for 1.3- and 1.4+ + - vyos_ospfv3 - added support for adding interfaces to areas + - vyos_static routes - fixed the facts, argspecs, config to include interface-routes + - vyos_user - fix handling of `full-name` in parser and module + deprecated_features: + - vyos_bgp_global - no_ipv4_unicast - deprecated for use with VyOS 1.4+, use + `ipv4_unicast` instead + - vyos_firewall_interfaces - deprecated for use with VyOS 1.4+, firewalls are + no longer connected directly to interfaces. See the Firewall Configuration + documentation for how to establish a connection betwen the firewall rulesets + and the flow, interface, or zone. + - vyos_lldp_global - `address` is deprecated, use `addresses` instead. To be + removed in 7.0.0. + - vyos_logging_global - `protocol` is deprecated for 1.4 and later, use `facility` + instead. To be removed in next major version where supprot for 1.3 is removed + doc_changes: + - Update module documentation to reflect 1.4+ support + known_issues: + - existing code for 1.3 facility protocol and facility level are not compatible, + only one will be set and level is the priority. + major_changes: + - bgp modules - Added support for 1.4+ "system-as". 1.3 embedded as_number is + still supported + - vyos bgp modules - Many configuration attributes moved from `bgp_global` to + `bgp_address_family` module (see documentation). + - vyos_bgp_address_family - Aligned with version 1.3+ configuration - aggregate_address, + maximum_paths, network, and redistribute moved from `bgp_global` module. These + are now Address-family specific. Many neighbor attributes also moved from + `vyos_bgp_global` to `vyos_bgp_address_family` module. + - vyos_bgp_global - Aligned with version 1.3+ configuration - aggregate_address, + maximum_paths, network, and redistribute Removed to `bgp_address_family` module. + - vyos_user - add support for encrypted password specification + - vyos_user - add support for public-key authentication + minor_changes: + - README.md - Add Communication section with Forum information. + - vyos_bgp_address_family - Redistribute, network stanza - added support for + modifiers (metric, backdoor etc as per T6829) + - vyos_bgp_global - Added support for `solo` neighbor attribute + - vyos_config - block get_config call if match is set to "none" + - vyos_facts - added `network_os_major_version` to facts + - vyos_firewall_global - Added support for input, output, and forward chains + (1.4+) + - vyos_firewall_global - Added support for log-level in state-policy (1.4+) + - vyos_firewall_global - with 1.4+, use the the global keyword to define global + firewall rules + - vyos_firewall_interfaces - added support for VIF interfaces + - vyos_firewall_interfaces - enable support for 1.4 firewall + - vyos_firewall_interfaces - expanded firewall interface types to match existing + types + - vyos_firewall_rules - Add support for diff mode for rulesets + - vyos_firewall_rules - Added support for 1.4+ firewall rules + - vyos_firewall_rules - Fixed comparing of firewall rules + - vyos_firewall_rules - added support for 1.5+ firewall `match-ipsec-in`, `match-ipsec-out`, + `match-none-in`, `match-none-out` + - vyos_firewall_rules - added support for packet-length-exclude for 1.4+ and + the states + - vyos_l3_interfaces - make l3_interfaces pick up loopback interfaces + - vyos_lldp_global - address is now addresses, with appropriate coercion for + existing address keys + - vyos_ntp_global - Added ntp options for 1.5+ (interleave, ptp) + - vyos_ntp_global - Added support for VyOS 1.4+ (chronyd vs ntpd) + - vyos_ntp_global - Added syntax for allow_client in 1.4+ + - vyos_ospf_interaces - support for 1.4 ospf interfaces + - vyos_ospf_interfaces - add support for VyOS 1.3- virtual interfaces + - vyos_ospf_interfaces - add support for VyOS 1.4+, which moved interface configuration + from the interfaces to ospf/ospfv3 interfaces configuration + - vyos_route_maps - add support for as-path-prepend policy option + release_summary: + "This is the first significant release from the VyOS community + for these modules. + + This release is focussed on 1.3+ of VyOS and will be the last major release + to + + support 1.3 fully. Although efforts have been made to maintain compatibility + + with the existing vyos collection modules, there have breaking changes where + + necessary to configuration parameters. Please review all changes carefully + before updating. + + " + fragments: + - 0-readme.yml + - 6.0.0.yml + - T151-prepare-for-release.yaml + - T6817_T6825_ovr_rep.yml + - T6821_route_map_options.yml + - T6829-ospfv3-v1.3-area-interfacces.yml + - T6831_ospf_vif.yml + - T6833_fw_rules_limit.yaml + - T6834-static-routes-interfaces.yml + - T6891-docsite.yaml + - T6894-ntp-integration-tests.yml + - T6987-logging-changes.yml + - T6988-fix-user.yml + - T7002-firewall-global-integration-tests.yml + - T7003-firewall-interface-integration-tests.yml + - T7006-interface-integration-tests.yml + - T7008-l3-interface-integration-tests.yml + - T7010-lag-interfaces-integration-tests.yaml + - T7011-lldp-integration-tests.yaml + - T7012_ospf-integration-tests.yaml + - T7012_ospfv2_integration_tests.yaml + - T7012_ospfv3_integration_tests.yaml + - T7013_route-maps-integration-tests.yml + - T7015_static_routes_integration_tests.yaml + - T7083_firewall_rules.yml + - T7088-codecoverage.yml + - T7127-fix-interface-integration-13.yaml + - T7153-remove-logging.yaml + - T7162-interface-preflight.yaml + - T7236_firewall_rules.yml + - T7238_logging_global.yml + - T7259-get_config.yaml + - T7260-remove-last-firewall-group-member.yaml + - T7284-delete_firewall_description.yml + - T7329_snmp_server_support.yml + - T7391_domain_search.yaml + - bgp_address_family.yaml + - bgp_global.yaml + - cliconf.yml + - firewall_global_14.yml + - firewall_global_parsing.yml + - firewall_interface_types.yml + - firewall_rules.yml + - firewall_rules_diff.yml + - fix-recent-vyos-version-change-detection.yml + - integration_tests_fixes.yml + - interfaces_update.yml + - ntp_global.yaml + - pre-release6.yaml + - resource_updates.yml + - revert-409-paramiko-compatible.yaml + - snmp_server.yml + - test_module_patch.yml + - tests.yml + release_date: "2025-06-25" diff --git a/changelogs/fragments/0-readme.yml b/changelogs/fragments/0-readme.yml deleted file mode 100644 index 41a129d3..00000000 --- a/changelogs/fragments/0-readme.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - README.md - Add Communication section with Forum information. diff --git a/changelogs/fragments/6.0.0.yml b/changelogs/fragments/6.0.0.yml deleted file mode 100644 index ecd702e4..00000000 --- a/changelogs/fragments/6.0.0.yml +++ /dev/null @@ -1,6 +0,0 @@ -release_summary: | - This is the first significant release from the VyOS community for these modules. - This release is focussed on 1.3+ of VyOS and will be the last major release to - support 1.3 fully. Although efforts have been made to maintain compatibility - with the existing vyos collection modules, there have breaking changes where - necessary to configuration parameters. Please review all changes carefully before updating. diff --git a/changelogs/fragments/T151-prepare-for-release.yaml b/changelogs/fragments/T151-prepare-for-release.yaml deleted file mode 100644 index f1601d08..00000000 --- a/changelogs/fragments/T151-prepare-for-release.yaml +++ /dev/null @@ -1,3 +0,0 @@ -trivial: - - update galaxy.yml for release version 6.0.0 - - update fragments to include modules, re-align with requirements diff --git a/changelogs/fragments/T6817_T6825_ovr_rep.yml b/changelogs/fragments/T6817_T6825_ovr_rep.yml deleted file mode 100644 index 17af8a44..00000000 --- a/changelogs/fragments/T6817_T6825_ovr_rep.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -minor_changes: - - vyos_firewall_rules - added support for packet-length-exclude for 1.4+ and the states -bugfixes: - - vyos_firewall_rules - fixed behavior for override and replaced states - - vyos_firewall_rules - fixed behavior for log, disable attributes -trivial: - - vyos_firewall_rules - added a separate test suite test_vyos_firewall_rules14.py diff --git a/changelogs/fragments/T6829-ospfv3-v1.3-area-interfacces.yml b/changelogs/fragments/T6829-ospfv3-v1.3-area-interfacces.yml deleted file mode 100644 index 7a969007..00000000 --- a/changelogs/fragments/T6829-ospfv3-v1.3-area-interfacces.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -bugfixes: - - vyos_ospfv3 - added support for adding interfaces to areas -trivial: - - vyos_ospfv3 - updated unit test suites to include area interfaces - - vyos_ospfv3 - added v1.4 unit test diff --git a/changelogs/fragments/T6831_ospf_vif.yml b/changelogs/fragments/T6831_ospf_vif.yml deleted file mode 100644 index 97a4c7c8..00000000 --- a/changelogs/fragments/T6831_ospf_vif.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - vyos_ospf_interfaces - add support for VyOS 1.3- virtual interfaces diff --git a/changelogs/fragments/T6833_fw_rules_limit.yaml b/changelogs/fragments/T6833_fw_rules_limit.yaml deleted file mode 100644 index 3e6f7beb..00000000 --- a/changelogs/fragments/T6833_fw_rules_limit.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - vyos_firewall_rules - Fix limit parameter processing diff --git a/changelogs/fragments/T6834-static-routes-interfaces.yml b/changelogs/fragments/T6834-static-routes-interfaces.yml deleted file mode 100644 index e827f598..00000000 --- a/changelogs/fragments/T6834-static-routes-interfaces.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -bugfixes: - - vyos_static routes - fixed the facts, argspecs, config to include interface-routes -trivial: - - vyos_static routes - updated unit test suites to include interface-routes diff --git a/changelogs/fragments/T6891-docsite.yaml b/changelogs/fragments/T6891-docsite.yaml deleted file mode 100644 index 7667ac7b..00000000 --- a/changelogs/fragments/T6891-docsite.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - move docsite VyOS platform docs internal diff --git a/changelogs/fragments/T6894-ntp-integration-tests.yml b/changelogs/fragments/T6894-ntp-integration-tests.yml deleted file mode 100644 index 5096866c..00000000 --- a/changelogs/fragments/T6894-ntp-integration-tests.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -minor_changes: - - vyos_ntp_global - Added ntp options for 1.5+ (interleave, ptp) -trivial: - - vyos_ntp_global - Synchronized argspec and docs with core module - - vyos_ntp_global - Fix integration tests for 1.3+ diff --git a/changelogs/fragments/T6987-logging-changes.yml b/changelogs/fragments/T6987-logging-changes.yml deleted file mode 100644 index 89f50337..00000000 --- a/changelogs/fragments/T6987-logging-changes.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -breaking_changes: - - vyos_logging_global - For 1.4, `protocol` is an attribute of the syslog host, not the facility - -bugfixes: - - vyos_logging_global - Fixed v1.3 and before when `protocol` and `level` were set for the same host - -deprecated_features: - - vyos_logging_global - `protocol` is deprecated for 1.4 and later, use `facility` instead. To be removed - in next major version where supprot for 1.3 is removed - -known_issues: - - existing code for 1.3 facility protocol and facility level are not compatible, - only one will be set and level is the priority. - -trivial: - - vyos_logging_global - Fixed integration test for `vyos_facts` which was brittle due to line dependencies in checks - - vyos_logging_global - Fixed integration test for `vyos_config` due to bad commands. 1.3 frequently won't finish due - to timeouts or system failures during the tests, but 1.4 and 1.5 diff --git a/changelogs/fragments/T6988-fix-user.yml b/changelogs/fragments/T6988-fix-user.yml deleted file mode 100644 index 05966e62..00000000 --- a/changelogs/fragments/T6988-fix-user.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -breaking_changes: - - vyos_user - removed level (and its alias, role) they were removed in 1.3 - - vyos_user - explicit support for version 1.3+ only - -major_changes: - - vyos_user - add support for public-key authentication - - vyos_user - add support for encrypted password specification - -bugfixes: - - vyos_user - fix handling of `full-name` in parser and module - -trivial: - - vyos_user - fix parsing of `full-name` to ignore quotes - - vyos_user - fix integration tests for smoke diff --git a/changelogs/fragments/T7002-firewall-global-integration-tests.yml b/changelogs/fragments/T7002-firewall-global-integration-tests.yml deleted file mode 100644 index c94a76fc..00000000 --- a/changelogs/fragments/T7002-firewall-global-integration-tests.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -bugfixes: - - vyos_firewall_global - fixed the facts parsers to include state-policies, redirect - - vyos_firewall_global - fixed behavior for stanzas processing by facts in 1.4+ (e.g. present/absent stanza vs enable/disable) -trivial: - - vyos_firewall_global - updated unit test suites to include units for 1.4+ and missing attributes (e.g. log) - - vyos_firewall_global - re-factored integration test suite structure to D.R.Y and add support for 1.4+ - - vyos_firewall_global - cleared-up the obsolete stanzas (e.g. config-trap) diff --git a/changelogs/fragments/T7003-firewall-interface-integration-tests.yml b/changelogs/fragments/T7003-firewall-interface-integration-tests.yml deleted file mode 100644 index 03541174..00000000 --- a/changelogs/fragments/T7003-firewall-interface-integration-tests.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - fix integration tests for `firewall_interfaces` for v1.3- diff --git a/changelogs/fragments/T7006-interface-integration-tests.yml b/changelogs/fragments/T7006-interface-integration-tests.yml deleted file mode 100644 index 61c4e70a..00000000 --- a/changelogs/fragments/T7006-interface-integration-tests.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -trivial: - - vyos interfaces tests - adjust for loopback being removed in `vyos_l3_interfaces` - - vyos interfaces tests - fixed `vyos_interfaces` for 1.5+ - - actions - update codecov updloader to version 5 diff --git a/changelogs/fragments/T7008-l3-interface-integration-tests.yml b/changelogs/fragments/T7008-l3-interface-integration-tests.yml deleted file mode 100644 index 36b377b3..00000000 --- a/changelogs/fragments/T7008-l3-interface-integration-tests.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -bugfixes: - - vyos_l3_interfaces - fix replace in interfaces to remove vif completely if not present in new config - - vyos_l3_interfaces - fix override in interfaces to remove vif completely if not present in new config - - vyos_l3_interfaces - fix delete in interfaces to remove vif completely if in affected interface - -trivial: - - vyos_l3_interfaces - fix integration tests for `l3_interfaces` - - vyos_l3_interfaces - fix integration tests for `interfaces` - - vyos_l3_interfaces - added unit test for unknown interface type diff --git a/changelogs/fragments/T7010-lag-interfaces-integration-tests.yaml b/changelogs/fragments/T7010-lag-interfaces-integration-tests.yaml deleted file mode 100644 index 23b918f4..00000000 --- a/changelogs/fragments/T7010-lag-interfaces-integration-tests.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -trivial: - - vyos_lag_interfaces - fix integration tests for `lag_interfaces` - - vyos_lag_interfaces - add unit tests for `lag_interfaces` diff --git a/changelogs/fragments/T7011-lldp-integration-tests.yaml b/changelogs/fragments/T7011-lldp-integration-tests.yaml deleted file mode 100644 index 60601681..00000000 --- a/changelogs/fragments/T7011-lldp-integration-tests.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -breaking_changes: - - lldp_global - if "address" is available, merge will cause it to be added, in contrast to - the previous behavior where it was replaced. When used in replace mode, it - will remove any existing addresses and replace them with the new one. - - vyos_lldp_global - civic_address is no longer a valid key (removed prior to 1.3) - -deprecated_features: - - vyos_lldp_global - `address` is deprecated, use `addresses` instead. To be removed in 7.0.0. -minor_changes: - - vyos_lldp_global - address is now addresses, with appropriate coercion for existing address keys diff --git a/changelogs/fragments/T7012_ospf-integration-tests.yaml b/changelogs/fragments/T7012_ospf-integration-tests.yaml deleted file mode 100644 index b696b2aa..00000000 --- a/changelogs/fragments/T7012_ospf-integration-tests.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -minor_changes: - - vyos_ospf_interfaces - add support for VyOS 1.4+, which moved interface configuration from the interfaces to ospf/ospfv3 interfaces configuration -bugfixes: - - vyos_ospf_interfaces - fixed get_config to cater for unordered command lists in 1.4+ -trivial: - - vyos_ospf_interfaces - re-worked intergration test suite structure to D.R.Y. - - vyos_ospf_interfaces - added support for 1.4+ VyOS - - vyos_ospf_interfaces - updated unit test suite to cater for 1.4+ bugfixes diff --git a/changelogs/fragments/T7012_ospfv2_integration_tests.yaml b/changelogs/fragments/T7012_ospfv2_integration_tests.yaml deleted file mode 100644 index b1382697..00000000 --- a/changelogs/fragments/T7012_ospfv2_integration_tests.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -trivial: - - vyos_ospfv2 - fix intergration test suite. - - vyos_ospfv2 - fix unit tests. -bugfixes: - - vyos_ospfv2 - passive-interface processing for 1.3- and 1.4+ diff --git a/changelogs/fragments/T7012_ospfv3_integration_tests.yaml b/changelogs/fragments/T7012_ospfv3_integration_tests.yaml deleted file mode 100644 index b8f1f8b3..00000000 --- a/changelogs/fragments/T7012_ospfv3_integration_tests.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - vyos_ospfv2 - fix intergration test suite. diff --git a/changelogs/fragments/T7013_route-maps-integration-tests.yml b/changelogs/fragments/T7013_route-maps-integration-tests.yml deleted file mode 100644 index 1290bbf5..00000000 --- a/changelogs/fragments/T7013_route-maps-integration-tests.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - vyos_route_maps - Refactor the integration tests structure and support for 1.4+ versions diff --git a/changelogs/fragments/T7015_static_routes_integration_tests.yaml b/changelogs/fragments/T7015_static_routes_integration_tests.yaml deleted file mode 100644 index 2328784f..00000000 --- a/changelogs/fragments/T7015_static_routes_integration_tests.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - vyos_static_routes - Fixed for v1.3- and 1.4+ diff --git a/changelogs/fragments/T7083_firewall_rules.yml b/changelogs/fragments/T7083_firewall_rules.yml deleted file mode 100644 index bc2c5ca4..00000000 --- a/changelogs/fragments/T7083_firewall_rules.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -breaking_changes: - - vyos_firewall_rules - removed p2p options as they have been removed prior to 1.3 of VyOS diff --git a/changelogs/fragments/T7088-codecoverage.yml b/changelogs/fragments/T7088-codecoverage.yml deleted file mode 100644 index 6925c85f..00000000 --- a/changelogs/fragments/T7088-codecoverage.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - use our own code coverage diff --git a/changelogs/fragments/T7127-fix-interface-integration-13.yaml b/changelogs/fragments/T7127-fix-interface-integration-13.yaml deleted file mode 100644 index 9623fab6..00000000 --- a/changelogs/fragments/T7127-fix-interface-integration-13.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - vyos_interfaces - fix bug in RTT tests on 1.3 due to handling of MTUs diff --git a/changelogs/fragments/T7153-remove-logging.yaml b/changelogs/fragments/T7153-remove-logging.yaml deleted file mode 100644 index 92f5b099..00000000 --- a/changelogs/fragments/T7153-remove-logging.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -breaking_changes: - - Removed `vyos_logging`. Use `vyos_logging_global` instead. diff --git a/changelogs/fragments/T7236_firewall_rules.yml b/changelogs/fragments/T7236_firewall_rules.yml deleted file mode 100644 index bad04832..00000000 --- a/changelogs/fragments/T7236_firewall_rules.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - vyos_firewall_rules - Fixed comparing of firewall rules diff --git a/changelogs/fragments/T7238_logging_global.yml b/changelogs/fragments/T7238_logging_global.yml deleted file mode 100644 index 2be46968..00000000 --- a/changelogs/fragments/T7238_logging_global.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - vyos_logging_global - fix get_version in integration tests diff --git a/changelogs/fragments/T7284-delete_firewall_description.yml b/changelogs/fragments/T7284-delete_firewall_description.yml deleted file mode 100644 index fe2b1882..00000000 --- a/changelogs/fragments/T7284-delete_firewall_description.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - vyos_firewall_rules - Allow deleting of firewall description. diff --git a/changelogs/fragments/T7329_snmp_server_support.yml b/changelogs/fragments/T7329_snmp_server_support.yml deleted file mode 100644 index 6d661240..00000000 --- a/changelogs/fragments/T7329_snmp_server_support.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -trivial: - - prepare_vyos_tests - fix dependency script for intergration tests to run on e1000e vNiC - - vyos_snmp_server - add SNMPv3 engine ID to vars and merged.yaml and rendered.yaml to meet 1.4.x and 1.5.x requirements diff --git a/changelogs/fragments/bgp_address_family.yaml b/changelogs/fragments/bgp_address_family.yaml deleted file mode 100644 index 606bc4bc..00000000 --- a/changelogs/fragments/bgp_address_family.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -major_changes: - - vyos_bgp_address_family - Aligned with version 1.3+ configuration - aggregate_address, maximum_paths, network, and redistribute - moved from `bgp_global` module. These are now Address-family specific. Many neighbor attributes also moved from `vyos_bgp_global` - to `vyos_bgp_address_family` module. - - bgp modules - Added support for 1.4+ "system-as". 1.3 embedded as_number is still supported -breaking_changes: - - vyos_bgp_address_family - Support for 1.3+ VyOS only - -minor_changes: - - vyos_bgp_address_family - Redistribute, network stanza - added support for modifiers (metric, backdoor etc as per T6829) - -trivial: - - vyos_bgp_address_family - Fixed tests for 1.4+ bgp_address_family - - vyos_bgp_address_family - updated documentation diff --git a/changelogs/fragments/bgp_global.yaml b/changelogs/fragments/bgp_global.yaml deleted file mode 100644 index 1a1ab310..00000000 --- a/changelogs/fragments/bgp_global.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -major_changes: - - vyos bgp modules - Many configuration attributes moved from `bgp_global` to `bgp_address_family` module (see documentation). - - vyos_bgp_global - Aligned with version 1.3+ configuration - aggregate_address, maximum_paths, network, and redistribute - Removed to `bgp_address_family` module. -minor_changes: - - vyos_bgp_global - Added support for `solo` neighbor attribute -breaking_changes: - - vyos_bgp_global - Support for 1.3+ VyOS only - -deprecated_features: - - vyos_bgp_global - no_ipv4_unicast - deprecated for use with VyOS 1.4+, use `ipv4_unicast` instead - -trivial: - - vyos_bgp_global - Fixed tests for 1.4+ bgp_global - - vyos_bgp_global - updated documentation diff --git a/changelogs/fragments/cliconf.yml b/changelogs/fragments/cliconf.yml deleted file mode 100644 index 69e105bc..00000000 --- a/changelogs/fragments/cliconf.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - vyos_facts - added `network_os_major_version` to facts diff --git a/changelogs/fragments/firewall_global_14.yml b/changelogs/fragments/firewall_global_14.yml deleted file mode 100644 index 4b993ab5..00000000 --- a/changelogs/fragments/firewall_global_14.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -minor_changes: - - vyos_firewall_global - with 1.4+, use the the global keyword to define global firewall rules - - vyos_firewall_global - Added support for input, output, and forward chains (1.4+) - - vyos_firewall_global - Added support for log-level in state-policy (1.4+) -bugfixes: - - vyos_firewall_global - Fixed ipv6 route-redirects and tests - - vyos_firewall_global - Fixed state-policy deletion (partial and full) diff --git a/changelogs/fragments/firewall_global_parsing.yml b/changelogs/fragments/firewall_global_parsing.yml deleted file mode 100644 index 98275fff..00000000 --- a/changelogs/fragments/firewall_global_parsing.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - vyos_firewall_global - Fixed parsing of global-options (1.4+) diff --git a/changelogs/fragments/firewall_interface_types.yml b/changelogs/fragments/firewall_interface_types.yml deleted file mode 100644 index 8fc8eb47..00000000 --- a/changelogs/fragments/firewall_interface_types.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -minor_changes: - - vyos_firewall_interfaces - added support for VIF interfaces - - vyos_firewall_interfaces - expanded firewall interface types to match existing types - -deprecated_features: - - vyos_firewall_interfaces - deprecated for use with VyOS 1.4+, firewalls are no longer - connected directly to interfaces. See the Firewall Configuration documentation - for how to establish a connection betwen the firewall rulesets and the flow, interface, or zone. diff --git a/changelogs/fragments/firewall_rules.yml b/changelogs/fragments/firewall_rules.yml deleted file mode 100644 index 495da458..00000000 --- a/changelogs/fragments/firewall_rules.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -breaking_changes: - - vyos_firewall_rules - tcp.flags is now a list with an inversion flag to support 1.4+ firewall rules, but still supports 1.3- - -minor_changes: - - vyos_firewall_rules - Added support for 1.4+ firewall rules - - vyos_firewall_rules - added support for 1.5+ firewall `match-ipsec-in`, `match-ipsec-out`, `match-none-in`, `match-none-out` - -trivial: - - vyos_firewall_rules - fix tests for 1.4+ firewall rules (ICMP V6 code and type) diff --git a/changelogs/fragments/firewall_rules_diff.yml b/changelogs/fragments/firewall_rules_diff.yml deleted file mode 100644 index 9e62a515..00000000 --- a/changelogs/fragments/firewall_rules_diff.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - vyos_firewall_rules - Add support for diff mode for rulesets diff --git a/changelogs/fragments/fix-recent-vyos-version-change-detection.yml b/changelogs/fragments/fix-recent-vyos-version-change-detection.yml deleted file mode 100644 index 2e506259..00000000 --- a/changelogs/fragments/fix-recent-vyos-version-change-detection.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - vyos_config - Fix change detection for recent Vyos versions diff --git a/changelogs/fragments/interfaces_update.yml b/changelogs/fragments/interfaces_update.yml deleted file mode 100644 index 5702b7a4..00000000 --- a/changelogs/fragments/interfaces_update.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -minor_changes: - - vyos_l3_interfaces - make l3_interfaces pick up loopback interfaces - - vyos_firewall_interfaces - enable support for 1.4 firewall - - vyos_ospf_interaces - support for 1.4 ospf interfaces -bugfixes: - - vyos_interfaces - fixed bug where 'replace' would delete an active disable and not reinstate it - - vyos_interfaces - fixed over-zealous handling of disable, which could catch other interface - items that are disabled. - -trivial: - - vyos interface plugins - added tests for verifying imterface disable/enable diff --git a/changelogs/fragments/ntp_global.yaml b/changelogs/fragments/ntp_global.yaml deleted file mode 100644 index b3177efb..00000000 --- a/changelogs/fragments/ntp_global.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -minor_changes: - - vyos_ntp_global - Added support for VyOS 1.4+ (chronyd vs ntpd) - - vyos_ntp_global - Added syntax for allow_client in 1.4+ -trivial: - - vyos_ntp_global - Added test suite for ntp_global and 1.4+ diff --git a/changelogs/fragments/resource_updates.yml b/changelogs/fragments/resource_updates.yml deleted file mode 100644 index 5a0c5e0e..00000000 --- a/changelogs/fragments/resource_updates.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - updated resources and re-ran resource templates for existing older template code diff --git a/changelogs/fragments/snmp_server.yml b/changelogs/fragments/snmp_server.yml deleted file mode 100644 index 5794c350..00000000 --- a/changelogs/fragments/snmp_server.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -breaking_changes: - - vyos_snmp_server - parameter `engine_id` is no longer a `user` or `trap_target` parameter and is now a `snmp_v3` parameter - - vyos_snmp_server - parameters `encrypted-key` and `plaintext-key` are now `encrypted-password` and `plaintext-password` - - vyos_snmp_server - no longer works with versions prior to 1.3 - -trivial: - - vyos_snmp_server - 192.0.2.1/24 (TEST-NET-1) is used on eth1 for testing to accomodate services that check - valid configurations (such as SNMP) - - vyos_snmp_server - use encrypted passwords for SNMPv3 tests as VyOS now converts those "when next reloaded" - - vyos_snmp_server - fixed integration tests for 1.3+ for `vyos_hostname` diff --git a/changelogs/fragments/test_module_patch.yml b/changelogs/fragments/test_module_patch.yml deleted file mode 100644 index 557a941a..00000000 --- a/changelogs/fragments/test_module_patch.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - util.py - Add mock _ANSIBLE_PROFILE to reflect changes to Ansible libs diff --git a/changelogs/fragments/tests.yml b/changelogs/fragments/tests.yml deleted file mode 100644 index 78e3d597..00000000 --- a/changelogs/fragments/tests.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - ignore 2.19 sanity tests for now diff --git a/changelogs/fragments/typing_extensions_fix.yml b/changelogs/fragments/typing_extensions_fix.yml new file mode 100644 index 00000000..951d0877 --- /dev/null +++ b/changelogs/fragments/typing_extensions_fix.yml @@ -0,0 +1,3 @@ +--- +trivial: + - test_requirements.txt - Add missing Py3.13 typing_extenstions lib diff --git a/docs/vyos.vyos.vyos_banner_module.rst b/docs/vyos.vyos.vyos_banner_module.rst index 4a847f77..0223d5b0 100644 --- a/docs/vyos.vyos.vyos_banner_module.rst +++ b/docs/vyos.vyos.vyos_banner_module.rst @@ -95,7 +95,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide <network_guide>` diff --git a/docs/vyos.vyos.vyos_bgp_address_family_module.rst b/docs/vyos.vyos.vyos_bgp_address_family_module.rst index e17dfdd7..b82d29cf 100644 --- a/docs/vyos.vyos.vyos_bgp_address_family_module.rst +++ b/docs/vyos.vyos.vyos_bgp_address_family_module.rst @@ -18,7 +18,8 @@ Version added: 1.0.0 Synopsis -------- - This module manages BGP address family configuration of interfaces on devices running VYOS. -- Tested against VYOS 1.3, 1.4 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ @@ -1214,17 +1215,18 @@ Examples # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv4-unicast redistribute static metric '50' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ # # Module Execution: @@ -1292,17 +1294,17 @@ Examples # "before": {}, # "changed": true, # "commands": [ - # "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" + # "set protocols bgp address-family ipv4-unicast redistribute static metric 50", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ], # @@ -1311,17 +1313,18 @@ Examples # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv4-unicast redistribute static metric '50' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ - name: Replace provided configuration with device configuration @@ -1351,15 +1354,16 @@ Examples # After State: # # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv4-unicast redistribute static metric '50' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ # # @@ -1478,39 +1482,40 @@ Examples # }, # "changed": true, # "commands": [ - # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", - # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", - # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", - # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", - # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" + # "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", + # "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", + # "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", + # "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", + # "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" # ], # Using overridden # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor - # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' - # set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only - # set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv4-unicast network 35.1.1.0/24 backdoor + # set protocols bgp address-family ipv4-unicast redistribute static metric '50' + # set protocols bgp address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only + # set protocols bgp address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ - name: Override @@ -1540,13 +1545,14 @@ Examples # After State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only - # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' - # set protocols bgp 100 neighbor 20.33.1.1/24 - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only + # set protocols bgp address-family ipv6-unicast redistribute static metric '50' + # set protocols bgp neighbor 20.33.1.1/24 + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ @@ -1671,21 +1677,21 @@ Examples # }, # "changed": true, # "commands": [ - # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", - # "delete protocols bgp 100 address-family ipv6 aggregate-address", - # "delete protocols bgp 100 address-family ipv6 network", - # "delete protocols bgp 100 address-family ipv4 network", - # "delete protocols bgp 100 address-family ipv4 redistribute", - # "set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", - # "set protocols bgp 100 address-family ipv6-unicast redistribute static metric 50", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" + # "delete protocols bgp neighbor 20.33.1.1/24 address-family", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override", + # "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", + # "delete protocols bgp address-family ipv6 aggregate-address", + # "delete protocols bgp address-family ipv6 network", + # "delete protocols bgp address-family ipv4 network", + # "delete protocols bgp address-family ipv4 redistribute", + # "set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", + # "set protocols bgp address-family ipv6-unicast redistribute static metric 50", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" # ], # @@ -1694,22 +1700,23 @@ Examples # Before State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only - # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' - # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self - # set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only + # set protocols bgp address-family ipv4-unicast redistribute static metric '50' + # set protocols bgp address-family ipv6-unicast redistribute static metric '50' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' + # set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self + # set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ - name: Delete @@ -1729,11 +1736,12 @@ Examples # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med - # set protocols bgp 100 neighbor 100.11.34.12 + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv6-unicast redistribute static metric '50' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med + # set protocols bgp neighbor 100.11.34.12 # vyos@vyos:~$ # # @@ -1856,9 +1864,9 @@ Examples # }, # "changed": true, # "commands": [ - # "delete protocols bgp 100 address-family ipv4-unicast", - # "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast", - # "delete protocols bgp 100 neighbor 100.11.34.12 address-family" + # "delete protocols bgp address-family ipv4-unicast", + # "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast", + # "delete protocols bgp neighbor 100.11.34.12 address-family" # ], # @@ -1948,15 +1956,16 @@ Examples # Native config: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor - # set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' - # set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only - # set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' - # set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override - # set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med - # set protocols bgp 100 neighbor 100.11.34.12 + # set protocols bgp system-as 100 + # set protocols bgp address-family ipv4-unicast network 35.1.1.0/24 backdoor + # set protocols bgp address-family ipv4-unicast redistribute static metric '50' + # set protocols bgp address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only + # set protocols bgp address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' + # set protocols bgp address-family ipv6-unicast redistribute static metric '50' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override + # set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med + # set protocols bgp neighbor 100.11.34.12 - name: gather configs vyos.vyos.vyos_bgp_address_family: @@ -2060,17 +2069,17 @@ Examples # Module Execution: # "rendered": [ - # "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", - # "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", - # "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" + # "set protocols bgp address-family ipv4-unicast redistribute static metric 50", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", + # "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", + # "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ] diff --git a/docs/vyos.vyos.vyos_bgp_global_module.rst b/docs/vyos.vyos.vyos_bgp_global_module.rst index 64a1b7e0..ecf44968 100644 --- a/docs/vyos.vyos.vyos_bgp_global_module.rst +++ b/docs/vyos.vyos.vyos_bgp_global_module.rst @@ -18,7 +18,8 @@ Version added: 1.0.0 Synopsis -------- - This module manages BGP global configuration of interfaces on devices running VYOS. -- Tested against VYOS 1.3, 1.4 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ @@ -1381,33 +1382,34 @@ Examples # After State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' - # set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' - # set protocols bgp 65536 maximum-paths ebgp '20' - # set protocols bgp 65536 maximum-paths ibgp '55' - # set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' - # set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' - # set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' - # set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' - # set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' - # set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' - # set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' - # set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' - # set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' - # set protocols bgp 65536 network 192.1.13.0/24 'backdoor' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 parameters bestpath 'compare-routerid' - # set protocols bgp 65536 parameters confederation identifier '66' - # set protocols bgp 65536 parameters confederation peers '20' - # set protocols bgp 65536 parameters confederation peers '55' - # set protocols bgp 65536 parameters default 'no-ipv4-unicast' - # set protocols bgp 65536 parameters router-id '192.1.2.9' - # set protocols bgp 65536 redistribute connected route-map 'map01' - # set protocols bgp 65536 redistribute kernel metric '45' - # set protocols bgp 65536 timers keepalive '35' + # set protocols bgp system-as 65536 + # set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' + # set protocols bgp aggregate-address 203.0.113.0/24 'as-set' + # set protocols bgp maximum-paths ebgp '20' + # set protocols bgp maximum-paths ibgp '55' + # set protocols bgp neighbor 192.0.2.25 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.25 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.25 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' + # set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' + # set protocols bgp neighbor 203.0.113.5 remote-as '101' + # set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' + # set protocols bgp neighbor 5001::64 distribute-list export '20' + # set protocols bgp neighbor 5001::64 distribute-list import '40' + # set protocols bgp neighbor 5001::64 maximum-prefix '34' + # set protocols bgp network 192.1.13.0/24 'backdoor' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters confederation identifier '66' + # set protocols bgp parameters confederation peers '20' + # set protocols bgp parameters confederation peers '55' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters router-id '192.1.2.9' + # set protocols bgp redistribute connected route-map 'map01' + # set protocols bgp redistribute kernel metric '45' + # set protocols bgp timers keepalive '35' # vyos@vyos:~$ # # # Module Execution: @@ -1513,33 +1515,33 @@ Examples # "before": {}, # "changed": true, # "commands": [ - # "set protocols bgp 65536 neighbor 192.0.2.25 disable-connected-check", - # "set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime 30", - # "set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive 10", - # "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged as-path", - # "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged med", - # "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged next-hop", - # "set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop 2", - # "set protocols bgp 65536 neighbor 203.0.113.5 remote-as 101", - # "set protocols bgp 65536 neighbor 203.0.113.5 update-source 192.0.2.25", - # "set protocols bgp 65536 neighbor 5001::64 maximum-prefix 34", - # "set protocols bgp 65536 neighbor 5001::64 distribute-list export 20", - # "set protocols bgp 65536 neighbor 5001::64 distribute-list import 40", - # "set protocols bgp 65536 redistribute kernel metric 45", - # "set protocols bgp 65536 redistribute connected route-map map01", - # "set protocols bgp 65536 network 192.1.13.0/24 backdoor", - # "set protocols bgp 65536 aggregate-address 203.0.113.0/24 as-set", - # "set protocols bgp 65536 aggregate-address 192.0.2.0/24 summary-only", - # "set protocols bgp 65536 parameters bestpath as-path confed", - # "set protocols bgp 65536 parameters bestpath compare-routerid", - # "set protocols bgp 65536 parameters default no-ipv4-unicast", - # "set protocols bgp 65536 parameters router-id 192.1.2.9", - # "set protocols bgp 65536 parameters confederation peers 20", - # "set protocols bgp 65536 parameters confederation peers 55", - # "set protocols bgp 65536 parameters confederation identifier 66", - # "set protocols bgp 65536 maximum-paths ebgp 20", - # "set protocols bgp 65536 maximum-paths ibgp 55", - # "set protocols bgp 65536 timers keepalive 35" + # "set protocols bgp neighbor 192.0.2.25 disable-connected-check", + # "set protocols bgp neighbor 192.0.2.25 timers holdtime 30", + # "set protocols bgp neighbor 192.0.2.25 timers keepalive 10", + # "set protocols bgp neighbor 203.0.113.5 attribute-unchanged as-path", + # "set protocols bgp neighbor 203.0.113.5 attribute-unchanged med", + # "set protocols bgp neighbor 203.0.113.5 attribute-unchanged next-hop", + # "set protocols bgp neighbor 203.0.113.5 ebgp-multihop 2", + # "set protocols bgp neighbor 203.0.113.5 remote-as 101", + # "set protocols bgp neighbor 203.0.113.5 update-source 192.0.2.25", + # "set protocols bgp neighbor 5001::64 maximum-prefix 34", + # "set protocols bgp neighbor 5001::64 distribute-list export 20", + # "set protocols bgp neighbor 5001::64 distribute-list import 40", + # "set protocols bgp redistribute kernel metric 45", + # "set protocols bgp redistribute connected route-map map01", + # "set protocols bgp network 192.1.13.0/24 backdoor", + # "set protocols bgp aggregate-address 203.0.113.0/24 as-set", + # "set protocols bgp aggregate-address 192.0.2.0/24 summary-only", + # "set protocols bgp parameters bestpath as-path confed", + # "set protocols bgp parameters bestpath compare-routerid", + # "set protocols bgp parameters default no-ipv4-unicast", + # "set protocols bgp parameters router-id 192.1.2.9", + # "set protocols bgp parameters confederation peers 20", + # "set protocols bgp parameters confederation peers 55", + # "set protocols bgp parameters confederation identifier 66", + # "set protocols bgp maximum-paths ebgp 20", + # "set protocols bgp maximum-paths ibgp 55", + # "set protocols bgp timers keepalive 35" # ], # Using replaced: @@ -1548,33 +1550,34 @@ Examples # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' - # set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' - # set protocols bgp 65536 maximum-paths ebgp '20' - # set protocols bgp 65536 maximum-paths ibgp '55' - # set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' - # set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' - # set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' - # set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' - # set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' - # set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' - # set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' - # set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' - # set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' - # set protocols bgp 65536 network 192.1.13.0/24 'backdoor' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 parameters bestpath 'compare-routerid' - # set protocols bgp 65536 parameters confederation identifier '66' - # set protocols bgp 65536 parameters confederation peers '20' - # set protocols bgp 65536 parameters confederation peers '55' - # set protocols bgp 65536 parameters default 'no-ipv4-unicast' - # set protocols bgp 65536 parameters router-id '192.1.2.9' - # set protocols bgp 65536 redistribute connected route-map 'map01' - # set protocols bgp 65536 redistribute kernel metric '45' - # set protocols bgp 65536 timers keepalive '35' + # set protocols bgp system-as 65536 + # set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' + # set protocols bgp aggregate-address 203.0.113.0/24 'as-set' + # set protocols bgp maximum-paths ebgp '20' + # set protocols bgp maximum-paths ibgp '55' + # set protocols bgp neighbor 192.0.2.25 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.25 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.25 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' + # set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' + # set protocols bgp neighbor 203.0.113.5 remote-as '101' + # set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' + # set protocols bgp neighbor 5001::64 distribute-list export '20' + # set protocols bgp neighbor 5001::64 distribute-list import '40' + # set protocols bgp neighbor 5001::64 maximum-prefix '34' + # set protocols bgp network 192.1.13.0/24 'backdoor' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters confederation identifier '66' + # set protocols bgp parameters confederation peers '20' + # set protocols bgp parameters confederation peers '55' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters router-id '192.1.2.9' + # set protocols bgp redistribute connected route-map 'map01' + # set protocols bgp redistribute kernel metric '45' + # set protocols bgp timers keepalive '35' # vyos@vyos:~$ - name: Replace @@ -1599,11 +1602,12 @@ Examples # After state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval '72' - # set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list 'receive' - # set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 redistribute static route-map 'map01' + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ # # @@ -1738,26 +1742,26 @@ Examples # }, # "changed": true, # "commands": [ - # "delete protocols bgp 65536 timers", - # "delete protocols bgp 65536 maximum-paths ", - # "delete protocols bgp 65536 maximum-paths ", - # "delete protocols bgp 65536 parameters router-id 192.1.2.9", - # "delete protocols bgp 65536 parameters default", - # "delete protocols bgp 65536 parameters confederation", - # "delete protocols bgp 65536 parameters bestpath compare-routerid", - # "delete protocols bgp 65536 aggregate-address", - # "delete protocols bgp 65536 network 192.1.13.0/24", - # "delete protocols bgp 65536 redistribute kernel", - # "delete protocols bgp 65536 redistribute kernel", - # "delete protocols bgp 65536 redistribute connected", - # "delete protocols bgp 65536 redistribute connected", - # "delete protocols bgp 65536 neighbor 5001::64", - # "delete protocols bgp 65536 neighbor 203.0.113.5", - # "delete protocols bgp 65536 neighbor 192.0.2.25", - # "set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval 72", - # "set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list receive", - # "set protocols bgp 65536 redistribute static route-map map01", - # "set protocols bgp 65536 network 203.0.113.0/24 route-map map01" + # "delete protocols bgp timers", + # "delete protocols bgp maximum-paths ", + # "delete protocols bgp maximum-paths ", + # "delete protocols bgp parameters router-id 192.1.2.9", + # "delete protocols bgp parameters default", + # "delete protocols bgp parameters confederation", + # "delete protocols bgp parameters bestpath compare-routerid", + # "delete protocols bgp aggregate-address", + # "delete protocols bgp network 192.1.13.0/24", + # "delete protocols bgp redistribute kernel", + # "delete protocols bgp redistribute kernel", + # "delete protocols bgp redistribute connected", + # "delete protocols bgp redistribute connected", + # "delete protocols bgp neighbor 5001::64", + # "delete protocols bgp neighbor 203.0.113.5", + # "delete protocols bgp neighbor 192.0.2.25", + # "set protocols bgp neighbor 192.0.2.40 advertisement-interval 72", + # "set protocols bgp neighbor 192.0.2.40 capability orf prefix-list receive", + # "set protocols bgp redistribute static route-map map01", + # "set protocols bgp network 203.0.113.0/24 route-map map01" # ], # Using deleted: @@ -1766,11 +1770,12 @@ Examples # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval '72' - # set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list 'receive' - # set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 redistribute static route-map 'map01' + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ - name: Delete configuration @@ -1822,10 +1827,10 @@ Examples # }, # "changed": true, # "commands": [ - # "delete protocols bgp 65536 neighbor 192.0.2.40", - # "delete protocols bgp 65536 redistribute", - # "delete protocols bgp 65536 network", - # "delete protocols bgp 65536 parameters" + # "delete protocols bgp neighbor 192.0.2.40", + # "delete protocols bgp redistribute", + # "delete protocols bgp network", + # "delete protocols bgp parameters" # ], # Using purged: @@ -1833,33 +1838,34 @@ Examples # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' - # set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' - # set protocols bgp 65536 maximum-paths ebgp '20' - # set protocols bgp 65536 maximum-paths ibgp '55' - # set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' - # set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' - # set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' - # set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' - # set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' - # set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' - # set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' - # set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' - # set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' - # set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' - # set protocols bgp 65536 network 192.1.13.0/24 'backdoor' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 parameters bestpath 'compare-routerid' - # set protocols bgp 65536 parameters confederation identifier '66' - # set protocols bgp 65536 parameters confederation peers '20' - # set protocols bgp 65536 parameters confederation peers '55' - # set protocols bgp 65536 parameters default 'no-ipv4-unicast' - # set protocols bgp 65536 parameters router-id '192.1.2.9' - # set protocols bgp 65536 redistribute connected route-map 'map01' - # set protocols bgp 65536 redistribute kernel metric '45' - # set protocols bgp 65536 timers keepalive '35' + # set protocols bgp system-as 65536 + # set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' + # set protocols bgp aggregate-address 203.0.113.0/24 'as-set' + # set protocols bgp maximum-paths ebgp '20' + # set protocols bgp maximum-paths ibgp '55' + # set protocols bgp neighbor 192.0.2.25 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.25 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.25 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' + # set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' + # set protocols bgp neighbor 203.0.113.5 remote-as '101' + # set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' + # set protocols bgp neighbor 5001::64 distribute-list export '20' + # set protocols bgp neighbor 5001::64 distribute-list import '40' + # set protocols bgp neighbor 5001::64 maximum-prefix '34' + # set protocols bgp network 192.1.13.0/24 'backdoor' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters confederation identifier '66' + # set protocols bgp parameters confederation peers '20' + # set protocols bgp parameters confederation peers '55' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters router-id '192.1.2.9' + # set protocols bgp redistribute connected route-map 'map01' + # set protocols bgp redistribute kernel metric '45' + # set protocols bgp timers keepalive '35' # vyos@vyos:~$ @@ -1985,26 +1991,27 @@ Examples # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' - # set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' - # set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' - # set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' - # set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' - # set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' - # set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' - # set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' - # set protocols bgp 65536 parameters 'always-compare-med' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 parameters bestpath 'compare-routerid' - # set protocols bgp 65536 parameters dampening half-life '33' - # set protocols bgp 65536 parameters dampening max-suppress-time '20' - # set protocols bgp 65536 parameters dampening re-use '60' - # set protocols bgp 65536 parameters dampening start-suppress-time '5' - # set protocols bgp 65536 parameters default 'no-ipv4-unicast' - # set protocols bgp 65536 parameters distance global external '66' - # set protocols bgp 65536 parameters distance global internal '20' - # set protocols bgp 65536 parameters distance global local '10' - # set protocols bgp 65536 redistribute static route-map 'map01' + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.43 capability 'dynamic' + # set protocols bgp neighbor 192.0.2.43 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.43 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.43 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' + # set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters 'always-compare-med' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters dampening half-life '33' + # set protocols bgp parameters dampening max-suppress-time '20' + # set protocols bgp parameters dampening re-use '60' + # set protocols bgp parameters dampening start-suppress-time '5' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters distance global external '66' + # set protocols bgp parameters distance global internal '20' + # set protocols bgp parameters distance global local '10' + # set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ ^C # vyos@vyos:~$ @@ -2041,26 +2048,27 @@ Examples # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" - # set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' - # set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' - # set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' - # set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' - # set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' - # set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' - # set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' - # set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' - # set protocols bgp 65536 parameters 'always-compare-med' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 parameters bestpath 'compare-routerid' - # set protocols bgp 65536 parameters dampening half-life '33' - # set protocols bgp 65536 parameters dampening max-suppress-time '20' - # set protocols bgp 65536 parameters dampening re-use '60' - # set protocols bgp 65536 parameters dampening start-suppress-time '5' - # set protocols bgp 65536 parameters default 'no-ipv4-unicast' - # set protocols bgp 65536 parameters distance global external '66' - # set protocols bgp 65536 parameters distance global internal '20' - # set protocols bgp 65536 parameters distance global local '10' - # set protocols bgp 65536 redistribute static route-map 'map01' + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.43 capability 'dynamic' + # set protocols bgp neighbor 192.0.2.43 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.43 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.43 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' + # set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters 'always-compare-med' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters dampening half-life '33' + # set protocols bgp parameters dampening max-suppress-time '20' + # set protocols bgp parameters dampening re-use '60' + # set protocols bgp parameters dampening start-suppress-time '5' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters distance global external '66' + # set protocols bgp parameters distance global internal '20' + # set protocols bgp parameters distance global local '10' + # set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ ^C - name: gather configs @@ -2134,26 +2142,26 @@ Examples # parsed.cfg - # set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' - # set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' - # set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' - # set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' - # set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' - # set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' - # set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' - # set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' - # set protocols bgp 65536 parameters 'always-compare-med' - # set protocols bgp 65536 parameters bestpath as-path 'confed' - # set protocols bgp 65536 parameters bestpath 'compare-routerid' - # set protocols bgp 65536 parameters dampening half-life '33' - # set protocols bgp 65536 parameters dampening max-suppress-time '20' - # set protocols bgp 65536 parameters dampening re-use '60' - # set protocols bgp 65536 parameters dampening start-suppress-time '5' - # set protocols bgp 65536 parameters default 'no-ipv4-unicast' - # set protocols bgp 65536 parameters distance global external '66' - # set protocols bgp 65536 parameters distance global internal '20' - # set protocols bgp 65536 parameters distance global local '10' - # set protocols bgp 65536 redistribute static route-map 'map01' + # set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.43 capability 'dynamic' + # set protocols bgp neighbor 192.0.2.43 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.43 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.43 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' + # set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters 'always-compare-med' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters dampening half-life '33' + # set protocols bgp parameters dampening max-suppress-time '20' + # set protocols bgp parameters dampening re-use '60' + # set protocols bgp parameters dampening start-suppress-time '5' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters distance global external '66' + # set protocols bgp parameters distance global internal '20' + # set protocols bgp parameters distance global local '10' + # set protocols bgp redistribute static route-map 'map01' - name: parse configs vyos.vyos.vyos_bgp_global: @@ -2272,25 +2280,25 @@ Examples # Module Execution: # "rendered": [ - # "set protocols bgp 65536 neighbor 192.0.2.43 disable-connected-check", - # "set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval 72", - # "set protocols bgp 65536 neighbor 192.0.2.43 capability dynamic", - # "set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime 30", - # "set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive 10", - # "set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list receive", - # "set protocols bgp 65536 redistribute static route-map map01", - # "set protocols bgp 65536 network 203.0.113.0/24 route-map map01", - # "set protocols bgp 65536 parameters always-compare-med", - # "set protocols bgp 65536 parameters dampening half-life 33", - # "set protocols bgp 65536 parameters dampening max-suppress-time 20", - # "set protocols bgp 65536 parameters dampening re-use 60", - # "set protocols bgp 65536 parameters dampening start-suppress-time 5", - # "set protocols bgp 65536 parameters distance global internal 20", - # "set protocols bgp 65536 parameters distance global local 10", - # "set protocols bgp 65536 parameters distance global external 66", - # "set protocols bgp 65536 parameters bestpath as-path confed", - # "set protocols bgp 65536 parameters bestpath compare-routerid", - # "set protocols bgp 65536 parameters default no-ipv4-unicast" + # "set protocols bgp neighbor 192.0.2.43 disable-connected-check", + # "set protocols bgp neighbor 192.0.2.43 advertisement-interval 72", + # "set protocols bgp neighbor 192.0.2.43 capability dynamic", + # "set protocols bgp neighbor 192.0.2.43 timers holdtime 30", + # "set protocols bgp neighbor 192.0.2.43 timers keepalive 10", + # "set protocols bgp neighbor 203.0.113.0 capability orf prefix-list receive", + # "set protocols bgp redistribute static route-map map01", + # "set protocols bgp network 203.0.113.0/24 route-map map01", + # "set protocols bgp parameters always-compare-med", + # "set protocols bgp parameters dampening half-life 33", + # "set protocols bgp parameters dampening max-suppress-time 20", + # "set protocols bgp parameters dampening re-use 60", + # "set protocols bgp parameters dampening start-suppress-time 5", + # "set protocols bgp parameters distance global internal 20", + # "set protocols bgp parameters distance global local 10", + # "set protocols bgp parameters distance global external 66", + # "set protocols bgp parameters bestpath as-path confed", + # "set protocols bgp parameters bestpath compare-routerid", + # "set protocols bgp parameters default no-ipv4-unicast" # ] @@ -2355,7 +2363,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The set of commands pushed to the remote device.</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">['set protocols bgp 65536 redistribute static route-map map01', 'set protocols bgp 65536 network 203.0.113.0/24 route-map map01', 'set protocols bgp 65536 parameters always-compare-med']</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">['set protocols bgp redistribute static route-map map01', 'set protocols bgp network 203.0.113.0/24 route-map map01', 'set protocols bgp parameters always-compare-med']</div> </td> </tr> <tr> @@ -2406,7 +2414,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The provided configuration in the task rendered in device-native format (offline).</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">['set protocols bgp 65536 redistribute static route-map map01', 'set protocols bgp 65536 network 203.0.113.0/24 route-map map01', 'set protocols bgp 65536 parameters always-compare-med']</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">['set protocols bgp redistribute static route-map map01', 'set protocols bgp network 203.0.113.0/24 route-map map01', 'set protocols bgp parameters always-compare-med']</div> </td> </tr> </table> diff --git a/docs/vyos.vyos.vyos_command_module.rst b/docs/vyos.vyos.vyos_command_module.rst index 34506d48..d3e96752 100644 --- a/docs/vyos.vyos.vyos_command_module.rst +++ b/docs/vyos.vyos.vyos_command_module.rst @@ -129,7 +129,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - Running ``show system boot-messages all`` will cause the module to hang since VyOS is using a custom pager setting to display the output of that command. - If a command sent to the device requires answering a prompt, it is possible to pass a dict containing *command*, *answer* and *prompt*. See examples. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. diff --git a/docs/vyos.vyos.vyos_config_module.rst b/docs/vyos.vyos.vyos_config_module.rst index 999a3f58..1efbd38f 100644 --- a/docs/vyos.vyos.vyos_config_module.rst +++ b/docs/vyos.vyos.vyos_config_module.rst @@ -208,7 +208,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - To ensure idempotency and correct diff the configuration lines in the relevant module options should be similar to how they appear if present in the running configuration on device including the indentation. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide <network_guide>` diff --git a/docs/vyos.vyos.vyos_facts_module.rst b/docs/vyos.vyos.vyos_facts_module.rst index 836224ff..ec45d6d5 100644 --- a/docs/vyos.vyos.vyos_facts_module.rst +++ b/docs/vyos.vyos.vyos_facts_module.rst @@ -93,7 +93,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide <network_guide>` diff --git a/docs/vyos.vyos.vyos_firewall_global_module.rst b/docs/vyos.vyos.vyos_firewall_global_module.rst index 76f2ca7a..8ab253c2 100644 --- a/docs/vyos.vyos.vyos_firewall_global_module.rst +++ b/docs/vyos.vyos.vyos_firewall_global_module.rst @@ -847,7 +847,8 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8. + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. + - The provided examples of commands are valid for VyOS 1.4+ - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. @@ -925,7 +926,7 @@ Examples # "set firewall global-options send-redirects 'enable'", # "set firewall global-options config-trap 'enable'", # "set firewall global-options state-policy established action 'accept'", - # "set firewall global-options state-policy established log 'enable'", + # "set firewall global-options state-policy established log, # "set firewall global-options state-policy established log-level 'emerg'", # "set firewall global-options state-policy invalid action 'reject'", # "set firewall global-options broadcast-ping 'enable'", @@ -1741,7 +1742,7 @@ Examples # "set firewall global-options send-redirects 'enable'", # "set firewall global-options config-trap 'enable'", # "set firewall global-options state-policy established action 'accept'", - # "set firewall global-options state-policy established log 'enable'", + # "set firewall global-options state-policy established log, # "set firewall global-options state-policy invalid action 'reject'", # "set firewall global-options broadcast-ping 'enable'", # "set firewall global-options all-ping 'enable'", diff --git a/docs/vyos.vyos.vyos_firewall_rules_module.rst b/docs/vyos.vyos.vyos_firewall_rules_module.rst index 75536b89..982dd1d4 100644 --- a/docs/vyos.vyos.vyos_firewall_rules_module.rst +++ b/docs/vyos.vyos.vyos_firewall_rules_module.rst @@ -1782,7 +1782,8 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8. + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. + - The provided examples of commands are valid for VyOS 1.4+ - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. @@ -1799,14 +1800,14 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall name Downlink default-action 'accept' - # set firewall name Downlink description 'IPv4 INBOUND rule set' - # set firewall name Downlink rule 501 action 'accept' - # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' - # set firewall name Downlink rule 501 ipsec 'match-ipsec' - # set firewall name Downlink rule 502 action 'reject' - # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' - # set firewall name Downlink rule 502 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink default-action 'accept' + # set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' + # set firewall ipv4 name Downlink rule 501 action 'accept' + # set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' + # set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink rule 502 action 'reject' + # set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' + # set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -1848,7 +1849,7 @@ Examples # } # ] # "commands": [ - # "delete firewall name Downlink" + # "delete firewall ipv4 name Downlink" # ] # # "after": [] @@ -1864,25 +1865,25 @@ Examples # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall ipv6-name UPLINK rule 1 action 'accept' - # set firewall ipv6-name UPLINK rule 1 - # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' - # set firewall ipv6-name UPLINK rule 2 action 'accept' - # set firewall ipv6-name UPLINK rule 2 - # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv6 name UPLINK rule 1 action 'accept' + # set firewall ipv6 name UPLINK rule 1 + # set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK rule 2 action 'accept' + # set firewall ipv6 name UPLINK rule 2 + # set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' # set firewall group address-group 'inbound' - # set firewall name Downlink default-action 'accept' - # set firewall name Downlink description 'IPv4 INBOUND rule set' - # set firewall name Downlink rule 501 action 'accept' - # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' - # set firewall name Downlink rule 501 ipsec 'match-ipsec' - # set firewall name Downlink rule 502 action 'reject' - # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' - # set firewall name Downlink rule 502 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink default-action 'accept' + # set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' + # set firewall ipv4 name Downlink rule 501 action 'accept' + # set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' + # set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink rule 502 action 'reject' + # set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' + # set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -1946,23 +1947,23 @@ Examples # } # ] # "commands": [ - # "delete firewall name" + # "delete firewall ipv4 name" # ] # # "after": [] # After state # ------------ # vyos@vyos:~$ show configuration commands| grep firewall - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall ipv6-name UPLINK rule 1 action 'accept' - # set firewall ipv6-name UPLINK rule 1 - # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' - # set firewall ipv6-name UPLINK rule 2 action 'accept' - # set firewall ipv6-name UPLINK rule 2 - # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv6 name UPLINK rule 1 action 'accept' + # set firewall ipv6 name UPLINK rule 1 + # set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK rule 2 action 'accept' + # set firewall ipv6 name UPLINK rule 2 + # set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' # Using deleted to delete all the the firewall rules when provided config is empty @@ -1972,14 +1973,14 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall name Downlink default-action 'accept' - # set firewall name Downlink description 'IPv4 INBOUND rule set' - # set firewall name Downlink rule 501 action 'accept' - # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' - # set firewall name Downlink rule 501 ipsec 'match-ipsec' - # set firewall name Downlink rule 502 action 'reject' - # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' - # set firewall name Downlink rule 502 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink default-action 'accept' + # set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' + # set firewall ipv4 name Downlink rule 501 action 'accept' + # set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' + # set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink rule 502 action 'reject' + # set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' + # set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -2017,7 +2018,7 @@ Examples # } # ] # "commands": [ - # "delete firewall name" + # "delete firewall ipv4 name" # ] # # "after": [] @@ -2089,35 +2090,33 @@ Examples # before": [] # # "commands": [ - # "set firewall ipv6-name UPLINK default-action 'accept'", - # "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", - # "set firewall ipv6-name UPLINK rule 1 action 'accept'", - # "set firewall ipv6-name UPLINK rule 1", - # "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", - # "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'", - # "set firewall ipv6-name UPLINK rule 2 action 'accept'", - # "set firewall ipv6-name UPLINK rule 2", - # "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", - # "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'", - # "set firewall name INBOUND default-action 'accept'", - # "set firewall name INBOUND description 'IPv4 INBOUND rule set'", - # "set firewall name INBOUND rule 101 action 'accept'", - # "set firewall name INBOUND rule 101", - # "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", - # "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", - # "set firewall name INBOUND rule 102 action 'reject'", - # "set firewall name INBOUND rule 102", - # "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", - # "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", - # "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", - # "set firewall name INBOUND rule 103 destination group address-group inbound", - # "set firewall name INBOUND rule 103", - # "set firewall name INBOUND rule 103 source address 192.0.2.0", - # "set firewall name INBOUND rule 103 state established enable", - # "set firewall name INBOUND rule 103 state related enable", - # "set firewall name INBOUND rule 103 state invalid disable", - # "set firewall name INBOUND rule 103 state new disable", - # "set firewall name INBOUND rule 103 action 'accept'" + # "set firewall ipv6 name UPLINK default-action 'accept'", + # "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'", + # "set firewall ipv6 name UPLINK rule 1 action 'accept'", + # "set firewall ipv6 name UPLINK rule 1", + # "set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", + # "set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'", + # "set firewall ipv6 name UPLINK rule 2 action 'accept'", + # "set firewall ipv6 name UPLINK rule 2", + # "set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", + # "set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'", + # "set firewall ipv4 name INBOUND default-action 'accept'", + # "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'", + # "set firewall ipv4 name INBOUND rule 101 action 'accept'", + # "set firewall ipv4 name INBOUND rule 101", + # "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", + # "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'", + # "set firewall ipv4 name INBOUND rule 102 action 'reject'", + # "set firewall ipv4 name INBOUND rule 102", + # "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", + # "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'", + # "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", + # "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound", + # "set firewall ipv4 name INBOUND rule 103", + # "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0", + # "set firewall ipv4 name INBOUND rule 103 state established", + # "set firewall ipv4 name INBOUND rule 103 state related", + # "set firewall ipv4 name INBOUND rule 103 action 'accept'" # ] # # "after": [ @@ -2195,30 +2194,28 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall ipv6-name UPLINK rule 1 action 'accept' - # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' - # set firewall ipv6-name UPLINK rule 2 action 'accept' - # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' - # set firewall name INBOUND default-action 'accept' - # set firewall name INBOUND description 'IPv4 INBOUND rule set' - # set firewall name INBOUND rule 101 action 'accept' - # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - # set firewall name INBOUND rule 101 ipsec 'match-ipsec' - # set firewall name INBOUND rule 102 action 'reject' - # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' - # set firewall name INBOUND rule 102 ipsec 'match-ipsec' - # set firewall name INBOUND rule 103 action 'accept' - # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' - # set firewall name INBOUND rule 103 destination group address-group 'inbound' - # set firewall name INBOUND rule 103 source address '192.0.2.0' - # set firewall name INBOUND rule 103 state established 'enable' - # set firewall name INBOUND rule 103 state invalid 'disable' - # set firewall name INBOUND rule 103 state new 'disable' - # set firewall name INBOUND rule 103 state related 'enable' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv6 name UPLINK rule 1 action 'accept' + # set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK rule 2 action 'accept' + # set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND default-action 'accept' + # set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' + # set firewall ipv4 name INBOUND rule 101 action 'accept' + # set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 102 action 'reject' + # set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 103 action 'accept' + # set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' + # set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' + # set firewall ipv4 name INBOUND rule 103 state established + # set firewall ipv4 name INBOUND rule 103 state related # Using replaced @@ -2228,30 +2225,28 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall ipv6-name UPLINK rule 1 action 'accept' - # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' - # set firewall ipv6-name UPLINK rule 2 action 'accept' - # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' - # set firewall name INBOUND default-action 'accept' - # set firewall name INBOUND description 'IPv4 INBOUND rule set' - # set firewall name INBOUND rule 101 action 'accept' - # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - # set firewall name INBOUND rule 101 ipsec 'match-ipsec' - # set firewall name INBOUND rule 102 action 'reject' - # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' - # set firewall name INBOUND rule 102 ipsec 'match-ipsec' - # set firewall name INBOUND rule 103 action 'accept' - # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' - # set firewall name INBOUND rule 103 destination group address-group 'inbound' - # set firewall name INBOUND rule 103 source address '192.0.2.0' - # set firewall name INBOUND rule 103 state established 'enable' - # set firewall name INBOUND rule 103 state invalid 'disable' - # set firewall name INBOUND rule 103 state new 'disable' - # set firewall name INBOUND rule 103 state related 'enable' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv6 name UPLINK rule 1 action 'accept' + # set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK rule 2 action 'accept' + # set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND default-action 'accept' + # set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' + # set firewall ipv4 name INBOUND rule 101 action 'accept' + # set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 102 action 'reject' + # set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 103 action 'accept' + # set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' + # set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' + # set firewall ipv4 name INBOUND rule 103 state established + # set firewall ipv4 name INBOUND rule 103 state related # - name: >- Replace device configurations of listed firewall rules with provided @@ -2355,14 +2350,14 @@ Examples # ] # # "commands": [ - # "delete firewall ipv6-name UPLINK rule 1", - # "delete firewall ipv6-name UPLINK rule 2", - # "delete firewall name INBOUND rule 102", - # "delete firewall name INBOUND rule 103", - # "set firewall name INBOUND rule 104 action 'reject'", - # "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", - # "set firewall name INBOUND rule 104", - # "set firewall name INBOUND rule 104 ipsec 'match-none'" + # "delete firewall ipv6 name UPLINK rule 1", + # "delete firewall ipv6 name UPLINK rule 2", + # "delete firewall ipv4 name INBOUND rule 102", + # "delete firewall ipv4 name INBOUND rule 103", + # "set firewall ipv4 name INBOUND rule 104 action 'reject'", + # "set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", + # "set firewall ipv4 name INBOUND rule 104", + # "set firewall ipv4 name INBOUND rule 104 ipsec 'match-none'" # ] # # "after": [ @@ -2407,16 +2402,16 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall name INBOUND default-action 'accept' - # set firewall name INBOUND description 'IPv4 INBOUND rule set' - # set firewall name INBOUND rule 101 action 'accept' - # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - # set firewall name INBOUND rule 101 ipsec 'match-ipsec' - # set firewall name INBOUND rule 104 action 'reject' - # set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' - # set firewall name INBOUND rule 104 ipsec 'match-none' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv4 name INBOUND default-action 'accept' + # set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' + # set firewall ipv4 name INBOUND rule 101 action 'accept' + # set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 104 action 'reject' + # set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 104 ipsec 'match-none' # Using overridden @@ -2426,16 +2421,16 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall name INBOUND default-action 'accept' - # set firewall name INBOUND description 'IPv4 INBOUND rule set' - # set firewall name INBOUND rule 101 action 'accept' - # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - # set firewall name INBOUND rule 101 ipsec 'match-ipsec' - # set firewall name INBOUND rule 104 action 'reject' - # set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' - # set firewall name INBOUND rule 104 ipsec 'match-none' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv4 name INBOUND default-action 'accept' + # set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' + # set firewall ipv4 name INBOUND rule 101 action 'accept' + # set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 104 action 'reject' + # set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 104 ipsec 'match-none' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_firewall_rules: @@ -2499,18 +2494,18 @@ Examples # ] # # "commands": [ - # "delete firewall ipv6-name UPLINK", - # "delete firewall name INBOUND", - # "set firewall name Downlink default-action 'accept'", - # "set firewall name Downlink description 'IPv4 INBOUND rule set'", - # "set firewall name Downlink rule 501 action 'accept'", - # "set firewall name Downlink rule 501", - # "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'", - # "set firewall name Downlink rule 501 ipsec 'match-ipsec'", - # "set firewall name Downlink rule 502 action 'reject'", - # "set firewall name Downlink rule 502", - # "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", - # "set firewall name Downlink rule 502 ipsec 'match-ipsec'" + # "delete firewall ipv6 name UPLINK", + # "delete firewall ipv4 name INBOUND", + # "set firewall ipv4 name Downlink default-action 'accept'", + # "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'", + # "set firewall ipv4 name Downlink rule 501 action 'accept'", + # "set firewall ipv4 name Downlink rule 501", + # "set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'", + # "set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'", + # "set firewall ipv4 name Downlink rule 502 action 'reject'", + # "set firewall ipv4 name Downlink rule 502", + # "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'", + # "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" # # # "after": [ @@ -2546,14 +2541,14 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall name Downlink default-action 'accept' - # set firewall name Downlink description 'IPv4 INBOUND rule set' - # set firewall name Downlink rule 501 action 'accept' - # set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' - # set firewall name Downlink rule 501 ipsec 'match-ipsec' - # set firewall name Downlink rule 502 action 'reject' - # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' - # set firewall name Downlink rule 502 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink default-action 'accept' + # set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' + # set firewall ipv4 name Downlink rule 501 action 'accept' + # set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' + # set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' + # set firewall ipv4 name Downlink rule 502 action 'reject' + # set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' + # set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' # Using gathered @@ -2563,30 +2558,28 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall ipv6-name UPLINK rule 1 action 'accept' - # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' - # set firewall ipv6-name UPLINK rule 2 action 'accept' - # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' - # set firewall name INBOUND default-action 'accept' - # set firewall name INBOUND description 'IPv4 INBOUND rule set' - # set firewall name INBOUND rule 101 action 'accept' - # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - # set firewall name INBOUND rule 101 ipsec 'match-ipsec' - # set firewall name INBOUND rule 102 action 'reject' - # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' - # set firewall name INBOUND rule 102 ipsec 'match-ipsec' - # set firewall name INBOUND rule 103 action 'accept' - # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' - # set firewall name INBOUND rule 103 destination group address-group 'inbound' - # set firewall name INBOUND rule 103 source address '192.0.2.0' - # set firewall name INBOUND rule 103 state established 'enable' - # set firewall name INBOUND rule 103 state invalid 'disable' - # set firewall name INBOUND rule 103 state new 'disable' - # set firewall name INBOUND rule 103 state related 'enable' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv6 name UPLINK rule 1 action 'accept' + # set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK rule 2 action 'accept' + # set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND default-action 'accept' + # set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' + # set firewall ipv4 name INBOUND rule 101 action 'accept' + # set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 102 action 'reject' + # set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 103 action 'accept' + # set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' + # set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' + # set firewall ipv4 name INBOUND rule 103 state established + # set firewall ipv4 name INBOUND rule 103 state related # - name: Gather listed firewall rules with provided configurations vyos.vyos.vyos_firewall_rules: @@ -2674,30 +2667,28 @@ Examples # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' - # set firewall ipv6-name UPLINK default-action 'accept' - # set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - # set firewall ipv6-name UPLINK rule 1 action 'accept' - # set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' - # set firewall ipv6-name UPLINK rule 2 action 'accept' - # set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' - # set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' - # set firewall name INBOUND default-action 'accept' - # set firewall name INBOUND description 'IPv4 INBOUND rule set' - # set firewall name INBOUND rule 101 action 'accept' - # set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - # set firewall name INBOUND rule 101 ipsec 'match-ipsec' - # set firewall name INBOUND rule 102 action 'reject' - # set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' - # set firewall name INBOUND rule 102 ipsec 'match-ipsec' - # set firewall name INBOUND rule 103 action 'accept' - # set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' - # set firewall name INBOUND rule 103 destination group address-group 'inbound' - # set firewall name INBOUND rule 103 source address '192.0.2.0' - # set firewall name INBOUND rule 103 state established 'enable' - # set firewall name INBOUND rule 103 state invalid 'disable' - # set firewall name INBOUND rule 103 state new 'disable' - # set firewall name INBOUND rule 103 state related 'enable' + # set firewall ipv6 name UPLINK default-action 'accept' + # set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' + # set firewall ipv6 name UPLINK rule 1 action 'accept' + # set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' + # set firewall ipv6 name UPLINK rule 2 action 'accept' + # set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' + # set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND default-action 'accept' + # set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' + # set firewall ipv4 name INBOUND rule 101 action 'accept' + # set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 102 action 'reject' + # set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' + # set firewall ipv4 name INBOUND rule 103 action 'accept' + # set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' + # set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' + # set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' + # set firewall ipv4 name INBOUND rule 103 state established + # set firewall ipv4 name INBOUND rule 103 state related # Using rendered @@ -2747,27 +2738,25 @@ Examples # # # "rendered": [ - # "set firewall ipv6-name UPLINK default-action 'accept'", - # "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", - # "set firewall name INBOUND default-action 'accept'", - # "set firewall name INBOUND description 'IPv4 INBOUND rule set'", - # "set firewall name INBOUND rule 101 action 'accept'", - # "set firewall name INBOUND rule 101", - # "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", - # "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", - # "set firewall name INBOUND rule 102 action 'reject'", - # "set firewall name INBOUND rule 102", - # "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", - # "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", - # "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", - # "set firewall name INBOUND rule 103 destination group address-group inbound", - # "set firewall name INBOUND rule 103", - # "set firewall name INBOUND rule 103 source address 192.0.2.0", - # "set firewall name INBOUND rule 103 state established enable", - # "set firewall name INBOUND rule 103 state related enable", - # "set firewall name INBOUND rule 103 state invalid disable", - # "set firewall name INBOUND rule 103 state new disable", - # "set firewall name INBOUND rule 103 action 'accept'" + # "set firewall ipv6 name UPLINK default-action 'accept'", + # "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'", + # "set firewall ipv4 name INBOUND default-action 'accept'", + # "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'", + # "set firewall ipv4 name INBOUND rule 101 action 'accept'", + # "set firewall ipv4 name INBOUND rule 101", + # "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", + # "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'", + # "set firewall ipv4 name INBOUND rule 102 action 'reject'", + # "set firewall ipv4 name INBOUND rule 102", + # "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", + # "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'", + # "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", + # "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound", + # "set firewall ipv4 name INBOUND rule 103", + # "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0", + # "set firewall ipv4 name INBOUND rule 103 state established", + # "set firewall ipv4 name INBOUND rule 103 state related", + # "set firewall ipv4 name INBOUND rule 103 action 'accept'" # ] @@ -2778,14 +2767,14 @@ Examples vyos.vyos.vyos_firewall_rules: running_config: "set firewall group address-group 'inbound' - set firewall name Downlink default-action 'accept' - set firewall name Downlink description 'IPv4 INBOUND rule set' - set firewall name Downlink rule 501 action 'accept' - set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' - set firewall name Downlink rule 501 ipsec 'match-ipsec' - set firewall name Downlink rule 502 action 'reject' - set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' - set firewall name Downlink rule 502 ipsec 'match-ipsec'" + set firewall ipv4 name Downlink default-action 'accept' + set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' + set firewall ipv4 name Downlink rule 501 action 'accept' + set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' + set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' + set firewall ipv4 name Downlink rule 502 action 'reject' + set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' + set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" state: parsed # # @@ -2883,7 +2872,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The set of commands pushed to the remote device.</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set firewall name Downlink default-action 'accept'", "set firewall name Downlink description 'IPv4 INBOUND rule set'", "set firewall name Downlink rule 501 action 'accept'", "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", "set firewall name Downlink rule 502 ipsec 'match-ipsec'"]</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set firewall ipv4 name Downlink default-action 'accept'", "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'", "set firewall ipv4 name Downlink rule 501 action 'accept'", "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'", "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'"]</div> </td> </tr> <tr> @@ -2934,7 +2923,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The provided configuration in the task rendered in device-native format (offline).</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set firewall name Downlink default-action 'accept'", "set firewall name Downlink description 'IPv4 INBOUND rule set'", "set firewall name Downlink rule 501 action 'accept'", "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", "set firewall name Downlink rule 502 ipsec 'match-ipsec'"]</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set firewall ipv4 name Downlink default-action 'accept'", "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'", "set firewall ipv4 name Downlink rule 501 action 'accept'", "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'", "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'"]</div> </td> </tr> </table> diff --git a/docs/vyos.vyos.vyos_interfaces_module.rst b/docs/vyos.vyos.vyos_interfaces_module.rst index 14f7a473..ce6fe71b 100644 --- a/docs/vyos.vyos.vyos_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_interfaces_module.rst @@ -313,7 +313,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. diff --git a/docs/vyos.vyos.vyos_lag_interfaces_module.rst b/docs/vyos.vyos.vyos_lag_interfaces_module.rst index 4f3e559d..534f2081 100644 --- a/docs/vyos.vyos.vyos_lag_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_lag_interfaces_module.rst @@ -265,7 +265,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8. + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. diff --git a/docs/vyos.vyos.vyos_lldp_global_module.rst b/docs/vyos.vyos.vyos_lldp_global_module.rst index 9e8758ce..f1c37b34 100644 --- a/docs/vyos.vyos.vyos_lldp_global_module.rst +++ b/docs/vyos.vyos.vyos_lldp_global_module.rst @@ -189,7 +189,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. diff --git a/docs/vyos.vyos.vyos_lldp_interfaces_module.rst b/docs/vyos.vyos.vyos_lldp_interfaces_module.rst index 8ace2650..8786eeb5 100644 --- a/docs/vyos.vyos.vyos_lldp_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_lldp_interfaces_module.rst @@ -267,7 +267,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. diff --git a/docs/vyos.vyos.vyos_logging_global_module.rst b/docs/vyos.vyos.vyos_logging_global_module.rst index 6d8550a6..71b77eb8 100644 --- a/docs/vyos.vyos.vyos_logging_global_module.rst +++ b/docs/vyos.vyos.vyos_logging_global_module.rst @@ -1024,7 +1024,7 @@ Notes ----- .. note:: - - Tested against vyos 1.3.8+ + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``network_cli``. - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays diff --git a/docs/vyos.vyos.vyos_ntp_global_module.rst b/docs/vyos.vyos.vyos_ntp_global_module.rst index 2975149d..da8a546e 100644 --- a/docs/vyos.vyos.vyos_ntp_global_module.rst +++ b/docs/vyos.vyos.vyos_ntp_global_module.rst @@ -200,7 +200,7 @@ Notes ----- .. note:: - - Tested against vyos 1.3.8 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``network_cli``. - VyOS v.1.4+ uses chronyd, and path changes from `system` to `service` diff --git a/docs/vyos.vyos.vyos_ospf_interfaces_module.rst b/docs/vyos.vyos.vyos_ospf_interfaces_module.rst index a74f53ca..9cf292a9 100644 --- a/docs/vyos.vyos.vyos_ospf_interfaces_module.rst +++ b/docs/vyos.vyos.vyos_ospf_interfaces_module.rst @@ -18,6 +18,7 @@ Version added: 1.2.0 Synopsis -------- - This module manages OSPF configuration of interfaces on devices running VYOS. +- The provided examples of commands are valid for VyOS 1.4+ @@ -499,14 +500,14 @@ Examples # -------------- # vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' - # set interfaces bonding bond2 ip ospf bandwidth '70' - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth1 ip ospf network 'point-to-point' - # set interfaces ethernet eth1 ip ospf priority '26' - # set interfaces ethernet eth1 ip ospf transmit-delay '50' - # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' + # set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' + # set protocols ospf interface bond2 bandwidth '70' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth1 network 'point-to-point' + # set protocols ospf interface eth1 priority '26' + # set protocols ospf interface eth1 transmit-delay '50' + # set protocols ospfv3 interface eth1 dead-interval '39' # "after": [ # " @@ -570,14 +571,14 @@ Examples # ], # "changed": true, # "commands": [ - # "set interfaces ethernet eth1 ip ospf transmit-delay 50", - # "set interfaces ethernet eth1 ip ospf priority 26", - # "set interfaces ethernet eth1 ip ospf network point-to-point", - # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", - # "set interfaces bonding bond2 ip ospf transmit-delay 45", - # "set interfaces bonding bond2 ip ospf bandwidth 70", - # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", - # "set interfaces bonding bond2 ipv6 ospfv3 passive" + # "set protocols ospf interface eth1 transmit-delay 50", + # "set protocols ospf interface eth1 priority 26", + # "set protocols ospf interface eth1 network point-to-point", + # "set protocols ospfv3 interface eth1 dead-interval 39", + # "set protocols ospf interface bond2 transmit-delay 45", + # "set protocols ospf interface bond2 bandwidth 70", + # "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key 1111111111232345", + # "set protocols ospfv3 interface bond2 passive" # ], # Using replaced: @@ -586,14 +587,14 @@ Examples # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' - # set interfaces bonding bond2 ip ospf bandwidth '70' - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth1 ip ospf network 'point-to-point' - # set interfaces ethernet eth1 ip ospf priority '26' - # set interfaces ethernet eth1 ip ospf transmit-delay '50' - # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' + # set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' + # set protocols ospf interface bond2 bandwidth '70' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth1 network 'point-to-point' + # set protocols ospf interface eth1 priority '26' + # set protocols ospf interface eth1 transmit-delay '50' + # set protocols ospfv3 interface eth1 dead-interval '39' - name: Replace provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: @@ -616,10 +617,10 @@ Examples # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth1 ip ospf cost '100' - # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth1 cost '100' + # set protocols ospfv3 interface eth1 ifmtu '33' # vyos@vyos:~$ # Module Execution @@ -709,14 +710,14 @@ Examples # ], # "changed": true, # "commands": [ - # "set interfaces ethernet eth1 ip ospf cost 100", - # "set interfaces ethernet eth1 ipv6 ospfv3 ifmtu 33", - # "delete interfaces ethernet eth1 ip ospf network point-to-point", - # "delete interfaces ethernet eth1 ip ospf priority 26", - # "delete interfaces ethernet eth1 ip ospf transmit-delay 50", - # "delete interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", - # "delete interfaces bonding bond2 ip ospf authentication", - # "delete interfaces bonding bond2 ip ospf bandwidth 70" + # "set protocols ospf interface eth1 cost 100", + # "set protocols ospfv3 interface eth1 ifmtu 33", + # "delete protocols ospf interface eth1 network point-to-point", + # "delete protocols ospf interface eth1 priority 26", + # "delete protocols ospf interface eth1 transmit-delay 50", + # "delete protocols ospfv3 interface eth1 dead-interval 39", + # "delete protocols ospf interface bond2 authentication", + # "delete protocols ospf interface bond2 bandwidth 70" # ], # @@ -727,16 +728,16 @@ Examples # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' - # set interfaces bonding bond2 ip ospf bandwidth '70' - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth1 ip ospf cost '100' - # set interfaces ethernet eth1 ip ospf network 'point-to-point' - # set interfaces ethernet eth1 ip ospf priority '26' - # set interfaces ethernet eth1 ip ospf transmit-delay '50' - # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' - # set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' + # set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' + # set protocols ospf interface bond2 bandwidth '70' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth1 cost '100' + # set protocols ospf interface eth1 network 'point-to-point' + # set protocols ospf interface eth1 priority '26' + # set protocols ospf interface eth1 transmit-delay '50' + # set protocols ospfv3 interface eth1 dead-interval '39' + # set protocols ospfv3 interface eth1 ifmtu '33' # vyos@vyos:~$ - name: Override device configuration with provided configuration @@ -755,9 +756,9 @@ Examples # ----------- # 200~vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces ethernet eth0 ip ospf cost '100' - # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' - # set interfaces ethernet eth0 ipv6 ospfv3 'passive' + # set protocols ospf interface eth0 cost '100' + # set protocols ospfv3 interface eth0 ifmtu '33' + # set protocols ospfv3 interface eth0 'passive' # vyos@vyos:~$ # # @@ -839,13 +840,13 @@ Examples # ], # "changed": true, # "commands": [ - # "delete interfaces bonding bond2 ip ospf", - # "delete interfaces bonding bond2 ipv6 ospfv3", - # "delete interfaces ethernet eth1 ip ospf", - # "delete interfaces ethernet eth1 ipv6 ospfv3", - # "set interfaces ethernet eth0 ip ospf cost 100", - # "set interfaces ethernet eth0 ipv6 ospfv3 ifmtu 33", - # "set interfaces ethernet eth0 ipv6 ospfv3 passive" + # "delete protocols ospf interface bond2", + # "delete protocols ospfv3 interface bond2", + # "delete protocols ospf interface eth1", + # "delete protocols ospfv3 interface eth1", + # "set protocols ospf interface eth0 cost 100", + # "set protocols ospfv3 interface eth0 ifmtu 33", + # "set protocols ospfv3 interface eth0 passive" # ], # @@ -856,17 +857,17 @@ Examples # ------------- # vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' - # set interfaces bonding bond2 ip ospf bandwidth '70' - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth0 ip ospf cost '100' - # set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' - # set interfaces ethernet eth0 ipv6 ospfv3 'passive' - # set interfaces ethernet eth1 ip ospf network 'point-to-point' - # set interfaces ethernet eth1 ip ospf priority '26' - # set interfaces ethernet eth1 ip ospf transmit-delay '50' - # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' + # set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' + # set protocols ospf interface bond2 bandwidth '70' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth0 cost '100' + # set protocols ospfv3 interface eth0 ifmtu '33' + # set protocols ospfv3 interface eth0 'passive' + # set protocols ospf interface eth1 network 'point-to-point' + # set protocols ospf interface eth1 priority '26' + # set protocols ospf interface eth1 transmit-delay '50' + # set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ - name: Delete device configuration @@ -879,14 +880,14 @@ Examples # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' - # set interfaces bonding bond2 ip ospf bandwidth '70' - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth1 ip ospf network 'point-to-point' - # set interfaces ethernet eth1 ip ospf priority '26' - # set interfaces ethernet eth1 ip ospf transmit-delay '50' - # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' + # set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' + # set protocols ospf interface bond2 bandwidth '70' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth1 network 'point-to-point' + # set protocols ospf interface eth1 priority '26' + # set protocols ospf interface eth1 transmit-delay '50' + # set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ # # @@ -995,25 +996,25 @@ Examples # ], # "changed": true, # "commands": [ - # "delete interfaces ethernet eth0 ip ospf", - # "delete interfaces ethernet eth0 ipv6 ospfv3" + # "delete protocols ospf interface eth0", + # "delete protocols ospfv3 interface eth0" # ], # # Using parsed: # parsed.cfg: - # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' - # set interfaces bonding bond2 ip ospf bandwidth '70' - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth0 ip ospf cost '50' - # set interfaces ethernet eth0 ip ospf priority '26' - # set interfaces ethernet eth0 ipv6 ospfv3 instance-id '33' - # set interfaces ethernet eth0 ipv6 ospfv3 'mtu-ignore' - # set interfaces ethernet eth1 ip ospf network 'point-to-point' - # set interfaces ethernet eth1 ip ospf priority '26' - # set interfaces ethernet eth1 ip ospf transmit-delay '50' - # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' + # set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' + # set protocols ospf interface bond2 bandwidth '70' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth0 cost '50' + # set protocols ospf interface eth0 priority '26' + # set protocols ospfv3 interface eth0 instance-id '33' + # set protocols ospfv3 interface eth0 'mtu-ignore' + # set protocols ospf interface eth1 network 'point-to-point' + # set protocols ospf interface eth1 priority '26' + # set protocols ospf interface eth1 transmit-delay '50' + # set protocols ospfv3 interface eth1 dead-interval '39' # - name: parse configs @@ -1108,14 +1109,14 @@ Examples # ---------------- # "rendered": [ - # "set interfaces ethernet eth1 ip ospf transmit-delay 50", - # "set interfaces ethernet eth1 ip ospf priority 26", - # "set interfaces ethernet eth1 ip ospf network point-to-point", - # "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", - # "set interfaces bonding bond2 ip ospf transmit-delay 45", - # "set interfaces bonding bond2 ip ospf bandwidth 70", - # "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", - # "set interfaces bonding bond2 ipv6 ospfv3 passive" + # "set protocols ospf interface eth1 transmit-delay 50", + # "set protocols ospf interface eth1 priority 26", + # "set protocols ospf interface eth1 network point-to-point", + # "set protocols ospfv3 interface eth1 dead-interval 39", + # "set protocols ospf interface bond2 transmit-delay 45", + # "set protocols ospf interface bond2 bandwidth 70", + # "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key 1111111111232345", + # "set protocols ospfv3 interface bond2 passive" # ] # @@ -1125,14 +1126,14 @@ Examples # Native Config: # vyos@vyos:~$ show configuration commands | match "ospf" - # set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' - # set interfaces bonding bond2 ip ospf bandwidth '70' - # set interfaces bonding bond2 ip ospf transmit-delay '45' - # set interfaces bonding bond2 ipv6 ospfv3 'passive' - # set interfaces ethernet eth1 ip ospf network 'point-to-point' - # set interfaces ethernet eth1 ip ospf priority '26' - # set interfaces ethernet eth1 ip ospf transmit-delay '50' - # set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' + # set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' + # set protocols ospf interface bond2 bandwidth '70' + # set protocols ospf interface bond2 transmit-delay '45' + # set protocols ospfv3 interface bond2 'passive' + # set protocols ospf interface eth1 network 'point-to-point' + # set protocols ospf interface eth1 priority '26' + # set protocols ospf interface eth1 transmit-delay '50' + # set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ - name: gather configs @@ -1251,7 +1252,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The set of commands pushed to the remote device.</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345'", "set interfaces bonding bond2 ip ospf bandwidth '70'", "set interfaces bonding bond2 ip ospf transmit-delay '45'"]</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345'", "set protocols ospf interface bond2 bandwidth '70'", "set protocols ospf interface bond2 transmit-delay '45'"]</div> </td> </tr> <tr> @@ -1302,7 +1303,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The provided configuration in the task rendered in device-native format (offline).</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345'", "set interfaces bonding bond2 ip ospf bandwidth '70'", "set interfaces bonding bond2 ip ospf transmit-delay '45'"]</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345'", "set protocols ospf interface bond2 bandwidth '70'", "set protocols ospf interface bond2 transmit-delay '45'"]</div> </td> </tr> </table> diff --git a/docs/vyos.vyos.vyos_ospfv2_module.rst b/docs/vyos.vyos.vyos_ospfv2_module.rst index 38e7e5ee..be060285 100644 --- a/docs/vyos.vyos.vyos_ospfv2_module.rst +++ b/docs/vyos.vyos.vyos_ospfv2_module.rst @@ -1641,7 +1641,8 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 + - The provided examples of commands are valid for VyOS 1.4+ - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. @@ -1740,8 +1741,8 @@ Examples # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", - # "set protocols ospf passive-interface eth1", - # "set protocols ospf passive-interface eth2", + # "set protocols ospf interface 'eth1' passive", + # "set protocols ospf interface 'eth2' passive", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", @@ -1885,8 +1886,8 @@ Examples # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' - # set protocols ospf passive-interface 'eth1' - # set protocols ospf passive-interface 'eth2' + # set protocols ospf interface 'eth1' passive + # set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -2148,8 +2149,8 @@ Examples # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' - # set protocols ospf passive-interface 'eth1' - # set protocols ospf passive-interface 'eth2' + # set protocols ospf interface 'eth1' passive + # set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -2185,8 +2186,8 @@ Examples # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' - # set protocols ospf passive-interface 'eth1' - # set protocols ospf passive-interface 'eth2' + # set protocols ospf interface 'eth1' passive + # set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -2343,7 +2344,7 @@ Examples # } # # "commands": [ - # "delete protocols ospf passive-interface eth2", + # "delete protocols ospf interface 'eth2' passive", # "delete protocols ospf area 3", # "delete protocols ospf area 4 range 192.0.3.0/24 cost", # "delete protocols ospf area 4 range 192.0.3.0/24", @@ -2475,7 +2476,7 @@ Examples # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' - # set protocols ospf passive-interface 'eth1' + # set protocols ospf interface 'eth1' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -2563,8 +2564,8 @@ Examples # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", - # "set protocols ospf passive-interface eth1", - # "set protocols ospf passive-interface eth2", + # "set protocols ospf interface 'eth1' passive", + # "set protocols ospf interface 'eth2' passive", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", @@ -2619,8 +2620,8 @@ Examples set protocols ospf parameters 'opaque-lsa' set protocols ospf parameters 'rfc1583-compatibility' set protocols ospf parameters router-id '192.0.1.1' - set protocols ospf passive-interface 'eth1' - set protocols ospf passive-interface 'eth2' + set protocols ospf interface 'eth1' passive + set protocols ospf interface 'eth2' passive set protocols ospf redistribute bgp metric '10' set protocols ospf redistribute bgp metric-type '2' state: parsed @@ -2756,8 +2757,8 @@ Examples # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' - # set protocols ospf passive-interface 'eth1' - # set protocols ospf passive-interface 'eth2' + # set protocols ospf interface 'eth1' passive + # set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -2892,8 +2893,8 @@ Examples # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' - # set protocols ospf passive-interface 'eth1' - # set protocols ospf passive-interface 'eth2' + # set protocols ospf interface 'eth1' passive + # set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -2929,8 +2930,8 @@ Examples # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' - # set protocols ospf passive-interface 'eth1' - # set protocols ospf passive-interface 'eth2' + # set protocols ospf interface 'eth1' passive + # set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -3108,7 +3109,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The set of commands pushed to the remote device.</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospf passive-interface 'eth1'"]</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">['set protocols ospf parameters router-id 192.0.1.1', "set protocols ospf interface 'eth1' passive"]</div> </td> </tr> </table> diff --git a/docs/vyos.vyos.vyos_ospfv3_module.rst b/docs/vyos.vyos.vyos_ospfv3_module.rst index 6957b77d..a1d317ae 100644 --- a/docs/vyos.vyos.vyos_ospfv3_module.rst +++ b/docs/vyos.vyos.vyos_ospfv3_module.rst @@ -378,7 +378,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. diff --git a/docs/vyos.vyos.vyos_ping_module.rst b/docs/vyos.vyos.vyos_ping_module.rst index e18552b8..06d63238 100644 --- a/docs/vyos.vyos.vyos_ping_module.rst +++ b/docs/vyos.vyos.vyos_ping_module.rst @@ -18,7 +18,7 @@ Version added: 1.0.0 Synopsis -------- - Tests reachability using ping from a VyOS device to a remote destination. -- Tested against VyOS 1.1.8 (helium) +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - For a general purpose network module, see the :ref:`ansible.netcommon.net_ping <ansible.netcommon.net_ping_module>` module. - For Windows targets, use the :ref:`ansible.windows.win_ping <ansible.windows.win_ping_module>` module instead. - For targets running Python, use the :ref:`ansible.builtin.ping <ansible.builtin.ping_module>` module instead. @@ -156,7 +156,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - For a general purpose network module, see the :ref:`ansible.netcommon.net_ping <ansible.netcommon.net_ping_module>` module. - For Windows targets, use the :ref:`ansible.windows.win_ping <ansible.windows.win_ping_module>` module instead. - For targets running Python, use the :ref:`ansible.builtin.ping <ansible.builtin.ping_module>` module instead. diff --git a/docs/vyos.vyos.vyos_prefix_lists_module.rst b/docs/vyos.vyos.vyos_prefix_lists_module.rst index cd74a602..6c8bcee9 100644 --- a/docs/vyos.vyos.vyos_prefix_lists_module.rst +++ b/docs/vyos.vyos.vyos_prefix_lists_module.rst @@ -305,7 +305,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium) + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``network_cli`` diff --git a/docs/vyos.vyos.vyos_route_maps_module.rst b/docs/vyos.vyos.vyos_route_maps_module.rst index 4e0c5322..093eda43 100644 --- a/docs/vyos.vyos.vyos_route_maps_module.rst +++ b/docs/vyos.vyos.vyos_route_maps_module.rst @@ -667,6 +667,38 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>protocol</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>babel</li> + <li>bgp</li> + <li>connected</li> + <li>isis</li> + <li>kernel</li> + <li>ospf</li> + <li>ospfv3</li> + <li>rip</li> + <li>ripng</li> + <li>static</li> + <li>table</li> + <li>vnc</li> + </ul> + </td> + <td> + <div>Source protocol to match.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>rpki</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -1015,6 +1047,46 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>extcommunity_bandwidth</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Set Bandwidth of Origin value. 1-25600|cumulative|num-multipaths VPN extended community</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>extcommunity_bandwidth_non_transitive</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Set the bandwidth extended community encoded as non-transitive True/False VPN extended community</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>extcommunity_rt</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -1265,6 +1337,24 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>table</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Set prefixes to table. Example <1-200></div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>tag</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -1363,7 +1453,7 @@ Notes ----- .. note:: - - Tested against vyos 1.3.8 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection ``network_cli``. diff --git a/docs/vyos.vyos.vyos_snmp_server_module.rst b/docs/vyos.vyos.vyos_snmp_server_module.rst index d11afaae..1fe0b10c 100644 --- a/docs/vyos.vyos.vyos_snmp_server_module.rst +++ b/docs/vyos.vyos.vyos_snmp_server_module.rst @@ -1128,7 +1128,7 @@ Notes ----- .. note:: - - Tested against vyos 1.3.8, 1.4.1 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025, 1.4.1 - This module works with connection ``network_cli``. - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays diff --git a/docs/vyos.vyos.vyos_static_routes_module.rst b/docs/vyos.vyos.vyos_static_routes_module.rst index 5c7723de..071911a1 100644 --- a/docs/vyos.vyos.vyos_static_routes_module.rst +++ b/docs/vyos.vyos.vyos_static_routes_module.rst @@ -334,7 +334,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.3.8. + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. diff --git a/docs/vyos.vyos.vyos_system_module.rst b/docs/vyos.vyos.vyos_system_module.rst index ba0fd01c..4cb6f5bc 100644 --- a/docs/vyos.vyos.vyos_system_module.rst +++ b/docs/vyos.vyos.vyos_system_module.rst @@ -123,7 +123,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide <network_guide>` diff --git a/docs/vyos.vyos.vyos_user_module.rst b/docs/vyos.vyos.vyos_user_module.rst index f95200b6..42b8ccce 100644 --- a/docs/vyos.vyos.vyos_user_module.rst +++ b/docs/vyos.vyos.vyos_user_module.rst @@ -437,7 +437,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide <network_guide>` diff --git a/docs/vyos.vyos.vyos_vlan_module.rst b/docs/vyos.vyos.vyos_vlan_module.rst index 1d5c877a..937fe3fe 100644 --- a/docs/vyos.vyos.vyos_vlan_module.rst +++ b/docs/vyos.vyos.vyos_vlan_module.rst @@ -309,7 +309,7 @@ Notes ----- .. note:: - - Tested against VyOS 1.1.8 (helium). + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection ``ansible.netcommon.network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide <network_guide>` diff --git a/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py b/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py index 196db0c7..5b6d404d 100644 --- a/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py +++ b/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py @@ -74,6 +74,8 @@ class Route_mapsArgs(object): # pylint: disable=R0903 }, "extcommunity_rt": {"type": "str"}, "extcommunity_soo": {"type": "str"}, + "extcommunity_bandwidth": {"type": "str"}, + "extcommunity_bandwidth_non_transitive": {"type": "bool"}, "ip_next_hop": {"type": "str"}, "ipv6_next_hop": { "type": "dict", @@ -100,6 +102,7 @@ class Route_mapsArgs(object): # pylint: disable=R0903 "src": {"type": "str"}, "tag": {"type": "str"}, "weight": {"type": "str"}, + "table": {"type": "str"}, }, }, "match": { @@ -178,6 +181,23 @@ class Route_mapsArgs(object): # pylint: disable=R0903 "next_hop": {"type": "str"}, }, }, + "protocol": { + "type": "str", + "choices": [ + "babel", + "bgp", + "connected", + "isis", + "kernel", + "ospf", + "ospfv3", + "rip", + "ripng", + "static", + "table", + "vnc", + ], + }, "large_community_large_community_list": { "type": "str", }, diff --git a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py index e2a25e32..0d73d209 100644 --- a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py @@ -31,11 +31,11 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils list_diff_want_only, in_target_not_none, ) - +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version -from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import LooseVersion - class Firewall_global(ConfigBase): """ @@ -258,11 +258,7 @@ class Firewall_global(ConfigBase): self._form_attr_cmd(attr=key, key=self._bool_to_str(val), opr=opr), ) continue - if ( - key in l_set - and not self._in_target(h, key) - and not self._is_del(l_set, h) - ): + if key in l_set and not self._in_target(h, key) and not self._is_del(l_set, h): commands.append( self._form_attr_cmd(attr=key, val=self._bool_to_str(val), opr=opr), ) @@ -373,6 +369,8 @@ class Firewall_global(ConfigBase): ) elif not opr and key in l_set: if key == "name" and self._is_grp_del(h, want, key): + if commands[-1] == cmd + " " + want["name"] + " " + self._grp_type(attr): + commands.pop() commands.append(cmd + " " + want["name"]) continue if not (h and in_target_not_none(h, key)) and not self._is_grp_del(h, want, "name"): @@ -435,6 +433,14 @@ class Firewall_global(ConfigBase): + " " + member[self._get_mem_type(type)], ) + elif not opr and not have: + commands.append( + cmd + + " " + + name + + " " + + self._grp_type(type), + ) return commands def _get_mem_type(self, group): @@ -473,7 +479,9 @@ class Firewall_global(ConfigBase): for key, val in iteritems(w): if val and key != "connection_type": if opr and key in l_set and not (h and self._is_w_same(w, h, key)): - if key == "log" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if key == "log" and LooseVersion( + get_os_version(self._module), + ) >= LooseVersion("1.4"): commands.append( self._form_attr_cmd( key=attr + " " + w["connection_type"], @@ -499,7 +507,9 @@ class Firewall_global(ConfigBase): ), ) break # delete the whole thing and move on - if (not self._in_target(h, key) or h[key] is None) and (self._in_target(w, key) and w[key]): + if (not self._in_target(h, key) or h[key] is None) and ( + self._in_target(w, key) and w[key] + ): # delete if not being replaced and value currently exists commands.append( self._form_attr_cmd( @@ -531,11 +541,11 @@ class Firewall_global(ConfigBase): if want: for w in want: h = self.search_attrib_in_have(have, w, "afi") - if 'afi' in w: - afi = w['afi'] + if "afi" in w: + afi = w["afi"] else: - if h and 'afi' in h: - afi = h['afi'] + if h and "afi" in h: + afi = h["afi"] else: afi = None afi = None @@ -547,7 +557,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) elif not opr and key in l_set: @@ -557,7 +567,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) continue @@ -567,7 +577,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) elif key == "icmp_redirects": @@ -587,11 +597,11 @@ class Firewall_global(ConfigBase): commands = [] h_red = {} l_set = ("send", "receive") - if w and 'afi' in w: - afi = w['afi'] + if w and "afi" in w: + afi = w["afi"] else: - if h and 'afi' in h: - afi = h['afi'] + if h and "afi" in h: + afi = h["afi"] else: afi = None if w[attr]: @@ -600,7 +610,12 @@ class Firewall_global(ConfigBase): for item, value in iteritems(w[attr]): if opr and item in l_set and not (h_red and self._is_w_same(w[attr], h_red, item)): commands.append( - self._form_attr_cmd(attr=item, val=self._bool_to_str(value), opr=opr, type=afi) + self._form_attr_cmd( + attr=item, + val=self._bool_to_str(value), + opr=opr, + type=afi, + ), ) elif ( not opr @@ -634,7 +649,12 @@ class Firewall_global(ConfigBase): :param type: AF type of attribute. :return: generated command. """ - command = self._compute_command(key=key, attr=self._map_attrib(attr, type=type), val=val, opr=opr) + command = self._compute_command( + key=key, + attr=self._map_attrib(attr, type=type), + val=val, + opr=opr, + ) return command def _compute_command(self, key=None, attr=None, val=None, remove=False, opr=True): @@ -651,14 +671,20 @@ class Firewall_global(ConfigBase): cmd = "delete firewall " else: cmd = "set firewall " - if attr and key != "group" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if ( + attr + and key != "group" + and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4") + ): cmd += "global-options " if key: cmd += key.replace("_", "-") + " " if attr: cmd += attr.replace("_", "-") if val and opr: - if key == "state_policy" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if key == "state_policy" and LooseVersion(get_os_version(self._module)) >= LooseVersion( + "1.4", + ): cmd += "" else: cmd += " '" + str(val) + "'" diff --git a/plugins/module_utils/network/vyos/config/route_maps/route_maps.py b/plugins/module_utils/network/vyos/config/route_maps/route_maps.py index 9b6c3e9d..9692a253 100644 --- a/plugins/module_utils/network/vyos/config/route_maps/route_maps.py +++ b/plugins/module_utils/network/vyos/config/route_maps/route_maps.py @@ -31,6 +31,13 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps import ( Route_mapsTemplate, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps_14 import ( + Route_mapsTemplate14, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version class Route_maps(ResourceModule): @@ -59,6 +66,8 @@ class Route_maps(ResourceModule): "set_bgp_extcommunity_rt", "set_extcommunity_rt", "set_extcommunity_soo", + "set_extcommunity_bandwidth", + "set_extcommunity_bandwidth_non_transitive", "set_ip_next_hop", "set_ipv6_next_hop", "set_large_community", @@ -70,6 +79,7 @@ class Route_maps(ResourceModule): "set_src", "set_tag", "set_weight", + "set_table", "set_comm_list", "set_comm_list_delete", "set_community", @@ -89,15 +99,34 @@ class Route_maps(ResourceModule): "on_match_next", "match_ipv6_address", "match_ipv6_nexthop", + "match_protocol", "match_rpki", ] + def _validate_template(self): + version = get_os_version(self._module) + if LooseVersion(version) >= LooseVersion("1.4"): + self._tmplt = Route_mapsTemplate14() + else: + self._tmplt = Route_mapsTemplate() + + def parse(self): + """override parse to check template""" + self._validate_template() + return super().parse() + + def get_parser(self, name): + """get_parsers""" + self._validate_template() + return super().get_parser(name) + def execute_module(self): """Execute the module :rtype: A dictionary :returns: The result from module execution """ + self._validate_template() if self.state not in ["parsed", "gathered"]: self.generate_commands() self.run_commands() diff --git a/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py b/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py index 2ad54e63..cfae26e3 100644 --- a/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py +++ b/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py @@ -25,6 +25,13 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.rou from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps import ( Route_mapsTemplate, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps_14 import ( + Route_mapsTemplate14, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version class Route_mapsFacts(object): @@ -59,11 +66,18 @@ class Route_mapsFacts(object): """ facts = {} objs = [] + + if LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + route_maps_class = Route_mapsTemplate14 + else: + route_maps_class = Route_mapsTemplate + if not data: data = self.get_config(connection) # parse native config using the Route_maps template - route_maps_parser = Route_mapsTemplate(lines=data.splitlines()) + route_maps_parser = route_maps_class(lines=data.splitlines()) + if route_maps_parser.parse().get("route_maps"): objs = list(route_maps_parser.parse().get("route_maps").values()) for item in objs: diff --git a/plugins/module_utils/network/vyos/rm_templates/route_maps.py b/plugins/module_utils/network/vyos/rm_templates/route_maps.py index 8f218a6b..c6b88f7b 100644 --- a/plugins/module_utils/network/vyos/rm_templates/route_maps.py +++ b/plugins/module_utils/network/vyos/rm_templates/route_maps.py @@ -310,12 +310,12 @@ class Route_mapsTemplate(NetworkTemplate): "name": "set_as_path_prepend", "getval": re.compile( r""" - ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path-prepend\s(?P<as>\S+) - *$""", + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path-prepend\s(?P<as>.*) + $""", re.VERBOSE, ), "compval": "set.as_path_prepend", - "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path-prepend {{set.as_path_prepend}}", + "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path-prepend '{{set.as_path_prepend}}'", "result": { "route_maps": { "{{ route_map }}": { @@ -337,10 +337,11 @@ class Route_mapsTemplate(NetworkTemplate): "name": "set_atomic_aggregate", "getval": re.compile( r""" - ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\satomic-aggregate(?P<as>) + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\s(?P<as>atomic-aggregate) *$""", re.VERBOSE, ), + "compval": "set.atomic_aggregate", "setval": "policy route-map {{route_map}} rule {{sequence}} set atomic-aggregate", "result": { "route_maps": { @@ -391,13 +392,13 @@ class Route_mapsTemplate(NetworkTemplate): "name": "set_comm_list", "getval": re.compile( r""" - ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\scomm-list\scomm-list\s(?P<comm_list>\S+) + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\scommunity-list\s(?P<comm_list>\S+) *$""", re.VERBOSE, ), - "compval": "set.comm_list.comm_list", + "compval": "match.community.community_list", "setval": "policy route-map {{route_map}} rule {{sequence}} " - "set comm-list comm-list {{set.comm_list.comm_list}}", + "match community community-list {{set.comm_list.comm_list}}", "result": { "route_maps": { "{{ route_map }}": { @@ -406,8 +407,8 @@ class Route_mapsTemplate(NetworkTemplate): "{{sequence}}": { "sequence": "{{sequence}}", - "set": { - "comm_list": {"comm_list": "{{comm_list}}"}, + "match": { + "community": {"community_list": "{{comm_list}}"}, }, }, }, @@ -500,6 +501,62 @@ class Route_mapsTemplate(NetworkTemplate): }, }, { + "name": "set_extcommunity_bandwidth", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\sbandwidth\s(?P<extcommunity_bw>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth {{set.extcommunity_bandwidth}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth": "{{extcommunity_bw}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_bandwidth_non_transitive", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\s(?P<extcommunity_bw_nt>bandwidth-non-transitive) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth_non_transitive", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth-non-transitive", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth_non_transitive": "{{True if extcommunity_bw_nt is defined}}", + }, + }, + }, + }, + }, + }, + }, + { "name": "set_ip_next_hop", "getval": re.compile( r""" @@ -813,6 +870,34 @@ class Route_mapsTemplate(NetworkTemplate): }, }, { + "name": "set_table", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\stable\s(?P<table>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.weight", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set table {{set.table}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "table": "{{table}}", + }, + }, + }, + }, + }, + }, + }, + { "name": "set_community", "getval": re.compile( r""" @@ -1261,6 +1346,33 @@ class Route_mapsTemplate(NetworkTemplate): }, }, { + "name": "match_protocol", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sprotocol\s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.protocol", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match protocol {{match.protocol}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "protocol": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + { "name": "match_rpki", "getval": re.compile( r""" diff --git a/plugins/module_utils/network/vyos/rm_templates/route_maps_14.py b/plugins/module_utils/network/vyos/rm_templates/route_maps_14.py new file mode 100644 index 00000000..6564280d --- /dev/null +++ b/plugins/module_utils/network/vyos/rm_templates/route_maps_14.py @@ -0,0 +1,1405 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +""" +The Route_maps parser templates file. This contains +a list of parser definitions and associated functions that +facilitates both facts gathering and native command generation for +the given network resource. +""" + +import re + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.network_template import ( + NetworkTemplate, +) + + +class Route_mapsTemplate14(NetworkTemplate): + def __init__(self, lines=None): + prefix = {"set": "set", "remove": "delete"} + super(Route_mapsTemplate14, self).__init__(lines=lines, tmplt=self, prefix=prefix) + + # fmt: off + PARSERS = [ + { + "name": "route_map", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+) + *$""", + re.VERBOSE, + ), + "compval": "route_map", + "setval": "policy route-map {{route_map}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + }, + }, + }, + }, + { + "name": "sequence", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+) + *$""", + re.VERBOSE, + ), + "compval": "sequence", + "setval": "policy route-map {{route_map}} rule {{sequence}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + }, + }, + }, + }, + }, + }, + { + "name": "call", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\scall\s(?P<call>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} call {{call}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "call": "{{call}}", + }, + }, + }, + }, + }, + }, + { + "name": "description", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sdescription\s(?P<description>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} description {{description}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "description": "{{description}}", + }, + }, + }, + }, + }, + }, + { + "name": "action", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\saction\s(?P<action>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} action {{action}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "action": "{{action}}", + }, + }, + }, + }, + }, + }, + { + "name": "continue_sequence", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\scontinue\s(?P<continue>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} continue {{continue_sequence}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "continue_sequence": "{{continue}}", + }, + }, + }, + }, + }, + }, + { + "name": "on_match_next", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\son-match\s(?P<next>next) + *$""", + re.VERBOSE, + ), + "compval": "on_match.next", + "setval": "policy route-map {{route_map}} rule {{sequence}} on-match next", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "on_match": { + "next": "{{True if next is defined}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "on_match_goto", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\son-match\sgoto\s(?P<goto>\S+) + *$""", + re.VERBOSE, + ), + "compval": "on_match.goto", + "setval": "policy route-map {{route_map}} rule {{sequence}} on-match goto {{on_match.goto}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "on_match": { + "goto": "{{goto}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_aggregator_ip", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\saggregator\sip\s(?P<ip>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.aggregator.ip", + "setval": "policy route-map {{route_map}} rule {{sequence}} set aggregator ip {{set.aggregator.ip}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "aggregator": { + "ip": "{{ip}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_aggregator_as", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\saggregator\sas\s(?P<as>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.aggregator.as", + "setval": "policy route-map {{route_map}} rule {{sequence}} set aggregator as {{set.aggregator.as}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "aggregator": { + "as": "{{as}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_as_path_exclude", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path\sexclude\s(?P<as>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.as_path_exclude", + "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path exclude {{set.as_path_exclude}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "as_path_exclude": "{{as}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_as_path_prepend", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path\sprepend\s(?P<as>.*) + $""", + re.VERBOSE, + ), + "compval": "set.as_path_prepend", + "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path prepend '{{set.as_path_prepend}}'", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "as_path_prepend": "{{as}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_atomic_aggregate", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\s(?P<as>atomic-aggregate) + *$""", + re.VERBOSE, + ), + "compval": "set.atomic_aggregate", + "setval": "policy route-map {{route_map}} rule {{sequence}} set atomic-aggregate", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "atomic_aggregate": "{{True if as is defined}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_bgp_extcommunity_rt", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sbgp-extcommunity-rt\s(?P<bgp>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.bgp_extcommunity_rt", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set bgp-extcommunity-rt {{set.bgp_extcommunity_rt}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "bgp_extcommunity_rt": "{{bgp}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_comm_list", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\scommunity-list\s(?P<comm_list>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.community.community_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match community community-list {{set.comm_list.comm_list}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "community": {"community_list": "{{comm_list}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_comm_list_delete", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\scomm-list\sdelete(?P<delete>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.comm_list.comm_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set comm-list delete", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "comm_list": {"delete": "{{True if delete is defined}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_rt", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\srt\s(?P<extcommunity_rt>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_rt", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity rt {{set.extcommunity_rt}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_rt": "{{extcommunity_rt}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_soo", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\ssoo\s(?P<extcommunity_soo>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_soo", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity soo {{set.extcommunity_soo}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_soo": "{{extcommunity_soo}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_bandwidth", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\sbandwidth\s(?P<extcommunity_bw>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth {{set.extcommunity_bandwidth}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth": "{{extcommunity_bw}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_bandwidth_non_transitive", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\s(?P<extcommunity_bw_nt>bandwidth-non-transitive) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth_non_transitive", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth-non-transitive", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth_non_transitive": "{{True if extcommunity_bw_nt is defined}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_ip_next_hop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sip-next-hop\s(?P<ip_next_hop>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.ip_next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set ip-next-hop {{set.ip_next_hop}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "ip_next_hop": "{{ip_next_hop}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_ipv6_next_hop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sipv6-next-hop + \s(?P<type>global|local) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.ipv6_next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set ipv6-next-hop {{set.ipv6_next_hop.ip_type}} {{set.ipv6_next_hop.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "ipv6_next_hop": { + "ip_type": "{{type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_large_community", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\slarge-community\s(?P<op>none|replace\s(?P<large_community>\S+)) + $""", + re.VERBOSE, + ), + "compval": "set.large_community", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set large-community {{set.large_community if set.large_community == 'none' else 'replace ' + set.large_community}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "large_community": "{{op if op == 'none' else large_community}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_local_preference", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\slocal-preference\s(?P<local_preference>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.local_preference", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set local-preference {{set.local_preference}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "local_preference": "{{local_preference}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_metric", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\smetric\s(?P<metric>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.metric", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set metric {{set.metric}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "metric": "{{metric}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_metric_type", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\smetric-type\s(?P<metric_type>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.metric_type", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set metric-type {{set.metric_type}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "metric_type": "{{metric_type}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_origin", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sorigin\s(?P<origin>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.origin", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set origin {{set.origin}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "origin": "{{origin}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_originator_id", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\soriginator-id\s(?P<originator_id>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.originator_id", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set originator-id {{set.originator_id}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "originator_id": "{{originator_id}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_src", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\ssrc\s(?P<src>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.src", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set src {{set.src}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "src": "{{src}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_tag", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\stag\s(?P<tag>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.tag", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set tag {{set.tag}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "tag": "{{tag}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_weight", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sweight\s(?P<weight>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.weight", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set weight {{set.weight}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "weight": "{{weight}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_table", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\stable\s(?P<table>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.weight", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set table {{set.table}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "table": "{{table}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_community", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\scommunity\s(?P<op>none|replace\s(?P<value>\S+)) + $""", + re.VERBOSE, + ), + "compval": "set.community.value", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set community {{set.community.value if set.community.value == 'none' else 'replace ' + set.community.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "community": { + "value": "{{op if op == 'none' else value}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_as_path", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sas-path\s(?P<as_path>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.as_path", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match as-path {{match.as_path}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "as_path": "{{as_path}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_community_community_list", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\scommunity-list\s(?P<community_list>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.community.community_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match community community-list {{match.community.community_list}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "community": {"community_list": "{{community_list}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_community_exact_match", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\sexact-match(?P<exact_match>) + *$""", + re.VERBOSE, + ), + "compval": "match.community.exact_match", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match community exact-match", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "community": {"exact_match": "{{True if exact_match is defined}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_extcommunity", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sextcommunity\s(?P<extcommunity>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.extcommunity", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match extcommunity {{match.extcommunity}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "extcommunity": "{{extcommunity}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_interface", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sinterface\s(?P<interface>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.interface", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match interface {{match.interface}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "interface": "{{interface}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_large_community_large_community_list", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\slarge-community\slarge-community-list\s(?P<lc>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.large_community_large_community_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match large-community large-community-list {{match.large_community_large_community_list}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "large_community_large_community_list": "{{lc}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_metric", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\smetric\s(?P<metric>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.metric", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match metric {{match.metric}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "metric": "{{metric}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_origin", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sorigin\s(?P<origin>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.origin", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match origin {{match.origin}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "origin": "{{origin}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_peer", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\speer\s(?P<peer>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.peer", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match peer {{match.peer}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "peer": "{{peer}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ip_address", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sip\saddress + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ip.address", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ip address {{match.ip.address.list_type}} {{match.ip.address.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ip": { + "address": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ip_next_hop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sip\snexthop + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ip.next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ip nexthop {{match.ip.next_hop.list_type}} {{match.ip.next_hop.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ip": { + "next_hop": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ip_route_source", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sip\sroute-source + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ip.route_source", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ip route-source {{match.ip.route_source.list_type}} {{match.ip.route_source.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ip": { + "route_source": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ipv6_address", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sipv6\saddress + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ipv6.address", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ipv6 address {{match.ipv6.address.list_type}} {{match.ipv6.address.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ipv6": { + "address": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ipv6_nexthop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sipv6\snexthop + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ipv6.next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ipv6 nexthop {{match.ipv6.next_hop}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ipv6": { + "next_hop": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_protocol", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sprotocol\s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.protocol", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match protocol {{match.protocol}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "protocol": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_rpki", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\srpki + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.rpki", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match rpki {{match.rpki}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "rpki": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + + ] + # fmt: on diff --git a/plugins/module_utils/network/vyos/vyos.py b/plugins/module_utils/network/vyos/vyos.py index 1430b1b1..6bd8daee 100644 --- a/plugins/module_utils/network/vyos/vyos.py +++ b/plugins/module_utils/network/vyos/vyos.py @@ -34,6 +34,7 @@ import json from ansible.module_utils._text import to_text from ansible.module_utils.connection import Connection, ConnectionError + _DEVICE_CONFIGS = {} @@ -68,8 +69,13 @@ def get_config(module, flags=None, format=None): flags = [] if flags is None else flags global _DEVICE_CONFIGS - if _DEVICE_CONFIGS != {}: - return _DEVICE_CONFIGS + # If _DEVICE_CONFIGS is non-empty and module.params["match"] is "none", + # return the cached device configurations. This avoids redundant calls + # to the connection when no specific match criteria are provided. + if _DEVICE_CONFIGS != {} and ( + module.params["match"] is not None and module.params["match"] == "none" + ): + return to_text(_DEVICE_CONFIGS) else: connection = get_connection(module) try: diff --git a/plugins/modules/vyos_banner.py b/plugins/modules/vyos_banner.py index 6b1da84b..c6598023 100644 --- a/plugins/modules/vyos_banner.py +++ b/plugins/modules/vyos_banner.py @@ -33,7 +33,7 @@ description: VyOS. It allows playbooks to add or remote banner text from the active running configuration. version_added: 1.0.0 notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: banner: diff --git a/plugins/modules/vyos_bgp_address_family.py b/plugins/modules/vyos_bgp_address_family.py index 14c3605d..c59b43e4 100644 --- a/plugins/modules/vyos_bgp_address_family.py +++ b/plugins/modules/vyos_bgp_address_family.py @@ -19,7 +19,8 @@ version_added: 1.0.0 short_description: BGP Address Family resource module description: - This module manages BGP address family configuration of interfaces on devices running VYOS. -- Tested against VYOS 1.3, 1.4 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ author: Gomathi Selvi Srinivasan (@GomathiselviS) options: config: @@ -285,17 +286,18 @@ EXAMPLES = """ # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ # # Module Execution: @@ -363,17 +365,17 @@ EXAMPLES = """ # "before": {}, # "changed": true, # "commands": [ -# "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" +# "set protocols bgp address-family ipv4-unicast redistribute static metric 50", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ], # @@ -382,17 +384,18 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ - name: Replace provided configuration with device configuration @@ -422,15 +425,16 @@ EXAMPLES = """ # After State: # # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ # # @@ -549,39 +553,40 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" # ], # Using overridden # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only -# set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast network 35.1.1.0/24 backdoor +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only +# set protocols bgp address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ - name: Override @@ -611,13 +616,14 @@ EXAMPLES = """ # After State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ @@ -742,21 +748,21 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", -# "delete protocols bgp 100 address-family ipv6 aggregate-address", -# "delete protocols bgp 100 address-family ipv6 network", -# "delete protocols bgp 100 address-family ipv4 network", -# "delete protocols bgp 100 address-family ipv4 redistribute", -# "set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", -# "set protocols bgp 100 address-family ipv6-unicast redistribute static metric 50", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" +# "delete protocols bgp neighbor 20.33.1.1/24 address-family", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", +# "delete protocols bgp address-family ipv6 aggregate-address", +# "delete protocols bgp address-family ipv6 network", +# "delete protocols bgp address-family ipv4 network", +# "delete protocols bgp address-family ipv4 redistribute", +# "set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", +# "set protocols bgp address-family ipv6-unicast redistribute static metric 50", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" # ], # @@ -765,22 +771,23 @@ EXAMPLES = """ # Before State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ - name: Delete @@ -800,11 +807,12 @@ EXAMPLES = """ # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 # vyos@vyos:~$ # # @@ -927,9 +935,9 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 100 address-family ipv4-unicast", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family" +# "delete protocols bgp address-family ipv4-unicast", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast", +# "delete protocols bgp neighbor 100.11.34.12 address-family" # ], # @@ -1019,15 +1027,16 @@ EXAMPLES = """ # Native config: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only -# set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast network 35.1.1.0/24 backdoor +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only +# set protocols bgp address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 - name: gather configs vyos.vyos.vyos_bgp_address_family: @@ -1131,17 +1140,17 @@ EXAMPLES = """ # Module Execution: # "rendered": [ -# "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" +# "set protocols bgp address-family ipv4-unicast redistribute static metric 50", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ] """ diff --git a/plugins/modules/vyos_bgp_global.py b/plugins/modules/vyos_bgp_global.py index 4d7db472..fe14bc0f 100644 --- a/plugins/modules/vyos_bgp_global.py +++ b/plugins/modules/vyos_bgp_global.py @@ -19,7 +19,8 @@ version_added: 1.0.0 short_description: BGP global resource module description: - This module manages BGP global configuration of interfaces on devices running VYOS. -- Tested against VYOS 1.3, 1.4 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ author: - Gomathi Selvi Srinivasan (@GomathiselviS) options: @@ -539,33 +540,34 @@ EXAMPLES = """ # After State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' -# set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' -# set protocols bgp 65536 maximum-paths ebgp '20' -# set protocols bgp 65536 maximum-paths ibgp '55' -# set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' -# set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' -# set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' -# set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' -# set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' -# set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' -# set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' -# set protocols bgp 65536 network 192.1.13.0/24 'backdoor' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters confederation identifier '66' -# set protocols bgp 65536 parameters confederation peers '20' -# set protocols bgp 65536 parameters confederation peers '55' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters router-id '192.1.2.9' -# set protocols bgp 65536 redistribute connected route-map 'map01' -# set protocols bgp 65536 redistribute kernel metric '45' -# set protocols bgp 65536 timers keepalive '35' +# set protocols bgp system-as 65536 +# set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' +# set protocols bgp aggregate-address 203.0.113.0/24 'as-set' +# set protocols bgp maximum-paths ebgp '20' +# set protocols bgp maximum-paths ibgp '55' +# set protocols bgp neighbor 192.0.2.25 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.25 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.25 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' +# set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' +# set protocols bgp neighbor 203.0.113.5 remote-as '101' +# set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' +# set protocols bgp neighbor 5001::64 distribute-list export '20' +# set protocols bgp neighbor 5001::64 distribute-list import '40' +# set protocols bgp neighbor 5001::64 maximum-prefix '34' +# set protocols bgp network 192.1.13.0/24 'backdoor' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters confederation identifier '66' +# set protocols bgp parameters confederation peers '20' +# set protocols bgp parameters confederation peers '55' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters router-id '192.1.2.9' +# set protocols bgp redistribute connected route-map 'map01' +# set protocols bgp redistribute kernel metric '45' +# set protocols bgp timers keepalive '35' # vyos@vyos:~$ # # # Module Execution: @@ -671,33 +673,33 @@ EXAMPLES = """ # "before": {}, # "changed": true, # "commands": [ -# "set protocols bgp 65536 neighbor 192.0.2.25 disable-connected-check", -# "set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime 30", -# "set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive 10", -# "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged as-path", -# "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged med", -# "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged next-hop", -# "set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop 2", -# "set protocols bgp 65536 neighbor 203.0.113.5 remote-as 101", -# "set protocols bgp 65536 neighbor 203.0.113.5 update-source 192.0.2.25", -# "set protocols bgp 65536 neighbor 5001::64 maximum-prefix 34", -# "set protocols bgp 65536 neighbor 5001::64 distribute-list export 20", -# "set protocols bgp 65536 neighbor 5001::64 distribute-list import 40", -# "set protocols bgp 65536 redistribute kernel metric 45", -# "set protocols bgp 65536 redistribute connected route-map map01", -# "set protocols bgp 65536 network 192.1.13.0/24 backdoor", -# "set protocols bgp 65536 aggregate-address 203.0.113.0/24 as-set", -# "set protocols bgp 65536 aggregate-address 192.0.2.0/24 summary-only", -# "set protocols bgp 65536 parameters bestpath as-path confed", -# "set protocols bgp 65536 parameters bestpath compare-routerid", -# "set protocols bgp 65536 parameters default no-ipv4-unicast", -# "set protocols bgp 65536 parameters router-id 192.1.2.9", -# "set protocols bgp 65536 parameters confederation peers 20", -# "set protocols bgp 65536 parameters confederation peers 55", -# "set protocols bgp 65536 parameters confederation identifier 66", -# "set protocols bgp 65536 maximum-paths ebgp 20", -# "set protocols bgp 65536 maximum-paths ibgp 55", -# "set protocols bgp 65536 timers keepalive 35" +# "set protocols bgp neighbor 192.0.2.25 disable-connected-check", +# "set protocols bgp neighbor 192.0.2.25 timers holdtime 30", +# "set protocols bgp neighbor 192.0.2.25 timers keepalive 10", +# "set protocols bgp neighbor 203.0.113.5 attribute-unchanged as-path", +# "set protocols bgp neighbor 203.0.113.5 attribute-unchanged med", +# "set protocols bgp neighbor 203.0.113.5 attribute-unchanged next-hop", +# "set protocols bgp neighbor 203.0.113.5 ebgp-multihop 2", +# "set protocols bgp neighbor 203.0.113.5 remote-as 101", +# "set protocols bgp neighbor 203.0.113.5 update-source 192.0.2.25", +# "set protocols bgp neighbor 5001::64 maximum-prefix 34", +# "set protocols bgp neighbor 5001::64 distribute-list export 20", +# "set protocols bgp neighbor 5001::64 distribute-list import 40", +# "set protocols bgp redistribute kernel metric 45", +# "set protocols bgp redistribute connected route-map map01", +# "set protocols bgp network 192.1.13.0/24 backdoor", +# "set protocols bgp aggregate-address 203.0.113.0/24 as-set", +# "set protocols bgp aggregate-address 192.0.2.0/24 summary-only", +# "set protocols bgp parameters bestpath as-path confed", +# "set protocols bgp parameters bestpath compare-routerid", +# "set protocols bgp parameters default no-ipv4-unicast", +# "set protocols bgp parameters router-id 192.1.2.9", +# "set protocols bgp parameters confederation peers 20", +# "set protocols bgp parameters confederation peers 55", +# "set protocols bgp parameters confederation identifier 66", +# "set protocols bgp maximum-paths ebgp 20", +# "set protocols bgp maximum-paths ibgp 55", +# "set protocols bgp timers keepalive 35" # ], # Using replaced: @@ -706,33 +708,34 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' -# set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' -# set protocols bgp 65536 maximum-paths ebgp '20' -# set protocols bgp 65536 maximum-paths ibgp '55' -# set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' -# set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' -# set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' -# set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' -# set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' -# set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' -# set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' -# set protocols bgp 65536 network 192.1.13.0/24 'backdoor' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters confederation identifier '66' -# set protocols bgp 65536 parameters confederation peers '20' -# set protocols bgp 65536 parameters confederation peers '55' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters router-id '192.1.2.9' -# set protocols bgp 65536 redistribute connected route-map 'map01' -# set protocols bgp 65536 redistribute kernel metric '45' -# set protocols bgp 65536 timers keepalive '35' +# set protocols bgp system-as 65536 +# set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' +# set protocols bgp aggregate-address 203.0.113.0/24 'as-set' +# set protocols bgp maximum-paths ebgp '20' +# set protocols bgp maximum-paths ibgp '55' +# set protocols bgp neighbor 192.0.2.25 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.25 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.25 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' +# set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' +# set protocols bgp neighbor 203.0.113.5 remote-as '101' +# set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' +# set protocols bgp neighbor 5001::64 distribute-list export '20' +# set protocols bgp neighbor 5001::64 distribute-list import '40' +# set protocols bgp neighbor 5001::64 maximum-prefix '34' +# set protocols bgp network 192.1.13.0/24 'backdoor' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters confederation identifier '66' +# set protocols bgp parameters confederation peers '20' +# set protocols bgp parameters confederation peers '55' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters router-id '192.1.2.9' +# set protocols bgp redistribute connected route-map 'map01' +# set protocols bgp redistribute kernel metric '45' +# set protocols bgp timers keepalive '35' # vyos@vyos:~$ - name: Replace @@ -757,11 +760,12 @@ EXAMPLES = """ # After state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ # # @@ -896,26 +900,26 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 65536 timers", -# "delete protocols bgp 65536 maximum-paths ", -# "delete protocols bgp 65536 maximum-paths ", -# "delete protocols bgp 65536 parameters router-id 192.1.2.9", -# "delete protocols bgp 65536 parameters default", -# "delete protocols bgp 65536 parameters confederation", -# "delete protocols bgp 65536 parameters bestpath compare-routerid", -# "delete protocols bgp 65536 aggregate-address", -# "delete protocols bgp 65536 network 192.1.13.0/24", -# "delete protocols bgp 65536 redistribute kernel", -# "delete protocols bgp 65536 redistribute kernel", -# "delete protocols bgp 65536 redistribute connected", -# "delete protocols bgp 65536 redistribute connected", -# "delete protocols bgp 65536 neighbor 5001::64", -# "delete protocols bgp 65536 neighbor 203.0.113.5", -# "delete protocols bgp 65536 neighbor 192.0.2.25", -# "set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval 72", -# "set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list receive", -# "set protocols bgp 65536 redistribute static route-map map01", -# "set protocols bgp 65536 network 203.0.113.0/24 route-map map01" +# "delete protocols bgp timers", +# "delete protocols bgp maximum-paths ", +# "delete protocols bgp maximum-paths ", +# "delete protocols bgp parameters router-id 192.1.2.9", +# "delete protocols bgp parameters default", +# "delete protocols bgp parameters confederation", +# "delete protocols bgp parameters bestpath compare-routerid", +# "delete protocols bgp aggregate-address", +# "delete protocols bgp network 192.1.13.0/24", +# "delete protocols bgp redistribute kernel", +# "delete protocols bgp redistribute kernel", +# "delete protocols bgp redistribute connected", +# "delete protocols bgp redistribute connected", +# "delete protocols bgp neighbor 5001::64", +# "delete protocols bgp neighbor 203.0.113.5", +# "delete protocols bgp neighbor 192.0.2.25", +# "set protocols bgp neighbor 192.0.2.40 advertisement-interval 72", +# "set protocols bgp neighbor 192.0.2.40 capability orf prefix-list receive", +# "set protocols bgp redistribute static route-map map01", +# "set protocols bgp network 203.0.113.0/24 route-map map01" # ], # Using deleted: @@ -924,11 +928,12 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ - name: Delete configuration @@ -980,10 +985,10 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 65536 neighbor 192.0.2.40", -# "delete protocols bgp 65536 redistribute", -# "delete protocols bgp 65536 network", -# "delete protocols bgp 65536 parameters" +# "delete protocols bgp neighbor 192.0.2.40", +# "delete protocols bgp redistribute", +# "delete protocols bgp network", +# "delete protocols bgp parameters" # ], # Using purged: @@ -991,33 +996,34 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' -# set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' -# set protocols bgp 65536 maximum-paths ebgp '20' -# set protocols bgp 65536 maximum-paths ibgp '55' -# set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' -# set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' -# set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' -# set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' -# set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' -# set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' -# set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' -# set protocols bgp 65536 network 192.1.13.0/24 'backdoor' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters confederation identifier '66' -# set protocols bgp 65536 parameters confederation peers '20' -# set protocols bgp 65536 parameters confederation peers '55' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters router-id '192.1.2.9' -# set protocols bgp 65536 redistribute connected route-map 'map01' -# set protocols bgp 65536 redistribute kernel metric '45' -# set protocols bgp 65536 timers keepalive '35' +# set protocols bgp system-as 65536 +# set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' +# set protocols bgp aggregate-address 203.0.113.0/24 'as-set' +# set protocols bgp maximum-paths ebgp '20' +# set protocols bgp maximum-paths ibgp '55' +# set protocols bgp neighbor 192.0.2.25 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.25 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.25 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' +# set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' +# set protocols bgp neighbor 203.0.113.5 remote-as '101' +# set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' +# set protocols bgp neighbor 5001::64 distribute-list export '20' +# set protocols bgp neighbor 5001::64 distribute-list import '40' +# set protocols bgp neighbor 5001::64 maximum-prefix '34' +# set protocols bgp network 192.1.13.0/24 'backdoor' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters confederation identifier '66' +# set protocols bgp parameters confederation peers '20' +# set protocols bgp parameters confederation peers '55' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters router-id '192.1.2.9' +# set protocols bgp redistribute connected route-map 'map01' +# set protocols bgp redistribute kernel metric '45' +# set protocols bgp timers keepalive '35' # vyos@vyos:~$ @@ -1143,26 +1149,27 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' -# set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' -# set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters 'always-compare-med' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters dampening half-life '33' -# set protocols bgp 65536 parameters dampening max-suppress-time '20' -# set protocols bgp 65536 parameters dampening re-use '60' -# set protocols bgp 65536 parameters dampening start-suppress-time '5' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters distance global external '66' -# set protocols bgp 65536 parameters distance global internal '20' -# set protocols bgp 65536 parameters distance global local '10' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.43 capability 'dynamic' +# set protocols bgp neighbor 192.0.2.43 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.43 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.43 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' +# set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters 'always-compare-med' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters dampening half-life '33' +# set protocols bgp parameters dampening max-suppress-time '20' +# set protocols bgp parameters dampening re-use '60' +# set protocols bgp parameters dampening start-suppress-time '5' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters distance global external '66' +# set protocols bgp parameters distance global internal '20' +# set protocols bgp parameters distance global local '10' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ ^C # vyos@vyos:~$ @@ -1199,26 +1206,27 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' -# set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' -# set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters 'always-compare-med' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters dampening half-life '33' -# set protocols bgp 65536 parameters dampening max-suppress-time '20' -# set protocols bgp 65536 parameters dampening re-use '60' -# set protocols bgp 65536 parameters dampening start-suppress-time '5' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters distance global external '66' -# set protocols bgp 65536 parameters distance global internal '20' -# set protocols bgp 65536 parameters distance global local '10' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.43 capability 'dynamic' +# set protocols bgp neighbor 192.0.2.43 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.43 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.43 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' +# set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters 'always-compare-med' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters dampening half-life '33' +# set protocols bgp parameters dampening max-suppress-time '20' +# set protocols bgp parameters dampening re-use '60' +# set protocols bgp parameters dampening start-suppress-time '5' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters distance global external '66' +# set protocols bgp parameters distance global internal '20' +# set protocols bgp parameters distance global local '10' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ ^C - name: gather configs @@ -1292,26 +1300,26 @@ EXAMPLES = """ # parsed.cfg -# set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' -# set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' -# set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters 'always-compare-med' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters dampening half-life '33' -# set protocols bgp 65536 parameters dampening max-suppress-time '20' -# set protocols bgp 65536 parameters dampening re-use '60' -# set protocols bgp 65536 parameters dampening start-suppress-time '5' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters distance global external '66' -# set protocols bgp 65536 parameters distance global internal '20' -# set protocols bgp 65536 parameters distance global local '10' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.43 capability 'dynamic' +# set protocols bgp neighbor 192.0.2.43 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.43 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.43 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' +# set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters 'always-compare-med' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters dampening half-life '33' +# set protocols bgp parameters dampening max-suppress-time '20' +# set protocols bgp parameters dampening re-use '60' +# set protocols bgp parameters dampening start-suppress-time '5' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters distance global external '66' +# set protocols bgp parameters distance global internal '20' +# set protocols bgp parameters distance global local '10' +# set protocols bgp redistribute static route-map 'map01' - name: parse configs vyos.vyos.vyos_bgp_global: @@ -1430,25 +1438,25 @@ EXAMPLES = """ # Module Execution: # "rendered": [ -# "set protocols bgp 65536 neighbor 192.0.2.43 disable-connected-check", -# "set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval 72", -# "set protocols bgp 65536 neighbor 192.0.2.43 capability dynamic", -# "set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime 30", -# "set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive 10", -# "set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list receive", -# "set protocols bgp 65536 redistribute static route-map map01", -# "set protocols bgp 65536 network 203.0.113.0/24 route-map map01", -# "set protocols bgp 65536 parameters always-compare-med", -# "set protocols bgp 65536 parameters dampening half-life 33", -# "set protocols bgp 65536 parameters dampening max-suppress-time 20", -# "set protocols bgp 65536 parameters dampening re-use 60", -# "set protocols bgp 65536 parameters dampening start-suppress-time 5", -# "set protocols bgp 65536 parameters distance global internal 20", -# "set protocols bgp 65536 parameters distance global local 10", -# "set protocols bgp 65536 parameters distance global external 66", -# "set protocols bgp 65536 parameters bestpath as-path confed", -# "set protocols bgp 65536 parameters bestpath compare-routerid", -# "set protocols bgp 65536 parameters default no-ipv4-unicast" +# "set protocols bgp neighbor 192.0.2.43 disable-connected-check", +# "set protocols bgp neighbor 192.0.2.43 advertisement-interval 72", +# "set protocols bgp neighbor 192.0.2.43 capability dynamic", +# "set protocols bgp neighbor 192.0.2.43 timers holdtime 30", +# "set protocols bgp neighbor 192.0.2.43 timers keepalive 10", +# "set protocols bgp neighbor 203.0.113.0 capability orf prefix-list receive", +# "set protocols bgp redistribute static route-map map01", +# "set protocols bgp network 203.0.113.0/24 route-map map01", +# "set protocols bgp parameters always-compare-med", +# "set protocols bgp parameters dampening half-life 33", +# "set protocols bgp parameters dampening max-suppress-time 20", +# "set protocols bgp parameters dampening re-use 60", +# "set protocols bgp parameters dampening start-suppress-time 5", +# "set protocols bgp parameters distance global internal 20", +# "set protocols bgp parameters distance global local 10", +# "set protocols bgp parameters distance global external 66", +# "set protocols bgp parameters bestpath as-path confed", +# "set protocols bgp parameters bestpath compare-routerid", +# "set protocols bgp parameters default no-ipv4-unicast" # ] """ @@ -1472,17 +1480,17 @@ commands: returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) type: list sample: - - set protocols bgp 65536 redistribute static route-map map01 - - set protocols bgp 65536 network 203.0.113.0/24 route-map map01 - - set protocols bgp 65536 parameters always-compare-med + - set protocols bgp redistribute static route-map map01 + - set protocols bgp network 203.0.113.0/24 route-map map01 + - set protocols bgp parameters always-compare-med rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) type: list sample: - - set protocols bgp 65536 redistribute static route-map map01 - - set protocols bgp 65536 network 203.0.113.0/24 route-map map01 - - set protocols bgp 65536 parameters always-compare-med + - set protocols bgp redistribute static route-map map01 + - set protocols bgp network 203.0.113.0/24 route-map map01 + - set protocols bgp parameters always-compare-med gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) diff --git a/plugins/modules/vyos_command.py b/plugins/modules/vyos_command.py index bacbe26a..766370c2 100644 --- a/plugins/modules/vyos_command.py +++ b/plugins/modules/vyos_command.py @@ -86,7 +86,7 @@ options: default: 1 type: int notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - Running C(show system boot-messages all) will cause the module to hang since VyOS is using a custom pager setting to display the output of that command. - If a command sent to the device requires answering a prompt, it is possible to pass diff --git a/plugins/modules/vyos_config.py b/plugins/modules/vyos_config.py index 60be02c8..eeb6bc44 100644 --- a/plugins/modules/vyos_config.py +++ b/plugins/modules/vyos_config.py @@ -34,7 +34,7 @@ version_added: 1.0.0 extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). - To ensure idempotency and correct diff the configuration lines in the relevant module options should be similar to how they appear if present in the running configuration on device including the indentation. @@ -286,6 +286,7 @@ def sanitize_config(config, result): def run(module, result): # get the current active config from the node or passed in via # the config param + config = module.params["config"] or get_config(module) # create the candidate config object from the arguments @@ -360,7 +361,7 @@ def main(): diff = run_commands(module, commands=["configure", "compare saved"])[1] if diff not in { "[edit]", - "No changes between working and saved configurations.\n\n[edit]" + "No changes between working and saved configurations.\n\n[edit]", }: if not module.check_mode: run_commands(module, commands=["save"]) diff --git a/plugins/modules/vyos_facts.py b/plugins/modules/vyos_facts.py index a999bd31..abc3c707 100644 --- a/plugins/modules/vyos_facts.py +++ b/plugins/modules/vyos_facts.py @@ -28,7 +28,7 @@ author: extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: gather_subset: diff --git a/plugins/modules/vyos_firewall_global.py b/plugins/modules/vyos_firewall_global.py index e952ae50..50f92e91 100644 --- a/plugins/modules/vyos_firewall_global.py +++ b/plugins/modules/vyos_firewall_global.py @@ -46,7 +46,8 @@ description: VyOS devices. version_added: '1.0.0' notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. +- The provided examples of commands are valid for VyOS 1.4+ - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: @@ -373,7 +374,7 @@ EXAMPLES = """ # "set firewall global-options send-redirects 'enable'", # "set firewall global-options config-trap 'enable'", # "set firewall global-options state-policy established action 'accept'", -# "set firewall global-options state-policy established log 'enable'", +# "set firewall global-options state-policy established log, # "set firewall global-options state-policy established log-level 'emerg'", # "set firewall global-options state-policy invalid action 'reject'", # "set firewall global-options broadcast-ping 'enable'", @@ -1189,7 +1190,7 @@ EXAMPLES = """ # "set firewall global-options send-redirects 'enable'", # "set firewall global-options config-trap 'enable'", # "set firewall global-options state-policy established action 'accept'", -# "set firewall global-options state-policy established log 'enable'", +# "set firewall global-options state-policy established log, # "set firewall global-options state-policy invalid action 'reject'", # "set firewall global-options broadcast-ping 'enable'", # "set firewall global-options all-ping 'enable'", diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py index 850299ff..a7e58e23 100644 --- a/plugins/modules/vyos_firewall_rules.py +++ b/plugins/modules/vyos_firewall_rules.py @@ -47,7 +47,8 @@ author: - Rohit Thakur (@rohitthakur2590) - Gaige B. Paulsen (@gaige) notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. +- The provided examples of commands are valid for VyOS 1.4+ - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). @@ -570,14 +571,14 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -619,7 +620,7 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall name Downlink" +# "delete firewall ipv4 name Downlink" # ] # # "after": [] @@ -635,25 +636,25 @@ EXAMPLES = """ # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -717,23 +718,23 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall name" +# "delete firewall ipv4 name" # ] # # "after": [] # After state # ------------ # vyos@vyos:~$ show configuration commands| grep firewall -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' # Using deleted to delete all the the firewall rules when provided config is empty @@ -743,14 +744,14 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -788,7 +789,7 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall name" +# "delete firewall ipv4 name" # ] # # "after": [] @@ -860,35 +861,33 @@ EXAMPLES = """ # before": [] # # "commands": [ -# "set firewall ipv6-name UPLINK default-action 'accept'", -# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", -# "set firewall ipv6-name UPLINK rule 1 action 'accept'", -# "set firewall ipv6-name UPLINK rule 1", -# "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", -# "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'", -# "set firewall ipv6-name UPLINK rule 2 action 'accept'", -# "set firewall ipv6-name UPLINK rule 2", -# "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", -# "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'", -# "set firewall name INBOUND default-action 'accept'", -# "set firewall name INBOUND description 'IPv4 INBOUND rule set'", -# "set firewall name INBOUND rule 101 action 'accept'", -# "set firewall name INBOUND rule 101", -# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", -# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 102 action 'reject'", -# "set firewall name INBOUND rule 102", -# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", -# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", -# "set firewall name INBOUND rule 103 destination group address-group inbound", -# "set firewall name INBOUND rule 103", -# "set firewall name INBOUND rule 103 source address 192.0.2.0", -# "set firewall name INBOUND rule 103 state established enable", -# "set firewall name INBOUND rule 103 state related enable", -# "set firewall name INBOUND rule 103 state invalid disable", -# "set firewall name INBOUND rule 103 state new disable", -# "set firewall name INBOUND rule 103 action 'accept'" +# "set firewall ipv6 name UPLINK default-action 'accept'", +# "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'", +# "set firewall ipv6 name UPLINK rule 1 action 'accept'", +# "set firewall ipv6 name UPLINK rule 1", +# "set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", +# "set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'", +# "set firewall ipv6 name UPLINK rule 2 action 'accept'", +# "set firewall ipv6 name UPLINK rule 2", +# "set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", +# "set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND default-action 'accept'", +# "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'", +# "set firewall ipv4 name INBOUND rule 101 action 'accept'", +# "set firewall ipv4 name INBOUND rule 101", +# "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 102 action 'reject'", +# "set firewall ipv4 name INBOUND rule 102", +# "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound", +# "set firewall ipv4 name INBOUND rule 103", +# "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0", +# "set firewall ipv4 name INBOUND rule 103 state established", +# "set firewall ipv4 name INBOUND rule 103 state related", +# "set firewall ipv4 name INBOUND rule 103 action 'accept'" # ] # # "after": [ @@ -966,30 +965,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # Using replaced @@ -999,30 +996,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # - name: >- Replace device configurations of listed firewall rules with provided @@ -1126,14 +1121,14 @@ EXAMPLES = """ # ] # # "commands": [ -# "delete firewall ipv6-name UPLINK rule 1", -# "delete firewall ipv6-name UPLINK rule 2", -# "delete firewall name INBOUND rule 102", -# "delete firewall name INBOUND rule 103", -# "set firewall name INBOUND rule 104 action 'reject'", -# "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", -# "set firewall name INBOUND rule 104", -# "set firewall name INBOUND rule 104 ipsec 'match-none'" +# "delete firewall ipv6 name UPLINK rule 1", +# "delete firewall ipv6 name UPLINK rule 2", +# "delete firewall ipv4 name INBOUND rule 102", +# "delete firewall ipv4 name INBOUND rule 103", +# "set firewall ipv4 name INBOUND rule 104 action 'reject'", +# "set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 104", +# "set firewall ipv4 name INBOUND rule 104 ipsec 'match-none'" # ] # # "after": [ @@ -1178,16 +1173,16 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 104 action 'reject' -# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' -# set firewall name INBOUND rule 104 ipsec 'match-none' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 104 action 'reject' +# set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 104 ipsec 'match-none' # Using overridden @@ -1197,16 +1192,16 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 104 action 'reject' -# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' -# set firewall name INBOUND rule 104 ipsec 'match-none' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 104 action 'reject' +# set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 104 ipsec 'match-none' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_firewall_rules: @@ -1270,18 +1265,18 @@ EXAMPLES = """ # ] # # "commands": [ -# "delete firewall ipv6-name UPLINK", -# "delete firewall name INBOUND", -# "set firewall name Downlink default-action 'accept'", -# "set firewall name Downlink description 'IPv4 INBOUND rule set'", -# "set firewall name Downlink rule 501 action 'accept'", -# "set firewall name Downlink rule 501", -# "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'", -# "set firewall name Downlink rule 501 ipsec 'match-ipsec'", -# "set firewall name Downlink rule 502 action 'reject'", -# "set firewall name Downlink rule 502", -# "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", -# "set firewall name Downlink rule 502 ipsec 'match-ipsec'" +# "delete firewall ipv6 name UPLINK", +# "delete firewall ipv4 name INBOUND", +# "set firewall ipv4 name Downlink default-action 'accept'", +# "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'", +# "set firewall ipv4 name Downlink rule 501 action 'accept'", +# "set firewall ipv4 name Downlink rule 501", +# "set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'", +# "set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'", +# "set firewall ipv4 name Downlink rule 502 action 'reject'", +# "set firewall ipv4 name Downlink rule 502", +# "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'", +# "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" # # # "after": [ @@ -1317,14 +1312,14 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' # Using gathered @@ -1334,30 +1329,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # - name: Gather listed firewall rules with provided configurations vyos.vyos.vyos_firewall_rules: @@ -1445,30 +1438,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # Using rendered @@ -1518,27 +1509,25 @@ EXAMPLES = """ # # # "rendered": [ -# "set firewall ipv6-name UPLINK default-action 'accept'", -# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", -# "set firewall name INBOUND default-action 'accept'", -# "set firewall name INBOUND description 'IPv4 INBOUND rule set'", -# "set firewall name INBOUND rule 101 action 'accept'", -# "set firewall name INBOUND rule 101", -# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", -# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 102 action 'reject'", -# "set firewall name INBOUND rule 102", -# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", -# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", -# "set firewall name INBOUND rule 103 destination group address-group inbound", -# "set firewall name INBOUND rule 103", -# "set firewall name INBOUND rule 103 source address 192.0.2.0", -# "set firewall name INBOUND rule 103 state established enable", -# "set firewall name INBOUND rule 103 state related enable", -# "set firewall name INBOUND rule 103 state invalid disable", -# "set firewall name INBOUND rule 103 state new disable", -# "set firewall name INBOUND rule 103 action 'accept'" +# "set firewall ipv6 name UPLINK default-action 'accept'", +# "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'", +# "set firewall ipv4 name INBOUND default-action 'accept'", +# "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'", +# "set firewall ipv4 name INBOUND rule 101 action 'accept'", +# "set firewall ipv4 name INBOUND rule 101", +# "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 102 action 'reject'", +# "set firewall ipv4 name INBOUND rule 102", +# "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound", +# "set firewall ipv4 name INBOUND rule 103", +# "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0", +# "set firewall ipv4 name INBOUND rule 103 state established", +# "set firewall ipv4 name INBOUND rule 103 state related", +# "set firewall ipv4 name INBOUND rule 103 action 'accept'" # ] @@ -1549,14 +1538,14 @@ EXAMPLES = """ vyos.vyos.vyos_firewall_rules: running_config: "set firewall group address-group 'inbound' - set firewall name Downlink default-action 'accept' - set firewall name Downlink description 'IPv4 INBOUND rule set' - set firewall name Downlink rule 501 action 'accept' - set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' - set firewall name Downlink rule 501 ipsec 'match-ipsec' - set firewall name Downlink rule 502 action 'reject' - set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' - set firewall name Downlink rule 502 ipsec 'match-ipsec'" + set firewall ipv4 name Downlink default-action 'accept' + set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' + set firewall ipv4 name Downlink rule 501 action 'accept' + set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' + set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' + set firewall ipv4 name Downlink rule 502 action 'reject' + set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' + set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" state: parsed # # @@ -1612,21 +1601,21 @@ commands: returned: always type: list sample: - - "set firewall name Downlink default-action 'accept'" - - "set firewall name Downlink description 'IPv4 INBOUND rule set'" - - "set firewall name Downlink rule 501 action 'accept'" - - "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'" - - "set firewall name Downlink rule 502 ipsec 'match-ipsec'" + - "set firewall ipv4 name Downlink default-action 'accept'" + - "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'" + - "set firewall ipv4 name Downlink rule 501 action 'accept'" + - "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'" + - "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) type: list sample: - - "set firewall name Downlink default-action 'accept'" - - "set firewall name Downlink description 'IPv4 INBOUND rule set'" - - "set firewall name Downlink rule 501 action 'accept'" - - "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'" - - "set firewall name Downlink rule 502 ipsec 'match-ipsec'" + - "set firewall ipv4 name Downlink default-action 'accept'" + - "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'" + - "set firewall ipv4 name Downlink rule 501 action 'accept'" + - "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'" + - "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) diff --git a/plugins/modules/vyos_interfaces.py b/plugins/modules/vyos_interfaces.py index 6125b4b9..82b4fd70 100644 --- a/plugins/modules/vyos_interfaces.py +++ b/plugins/modules/vyos_interfaces.py @@ -47,7 +47,7 @@ description: - This module supports managing base attributes of Ethernet, Bonding, VXLAN, Loopback and Virtual Tunnel Interfaces. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: diff --git a/plugins/modules/vyos_lag_interfaces.py b/plugins/modules/vyos_lag_interfaces.py index 090021ad..a90d0098 100644 --- a/plugins/modules/vyos_lag_interfaces.py +++ b/plugins/modules/vyos_lag_interfaces.py @@ -46,7 +46,7 @@ description: This module manages attributes of link aggregation groups on VyOS n author: - Rohit Thakur (@rohitthakur2590) notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: config: diff --git a/plugins/modules/vyos_lldp_global.py b/plugins/modules/vyos_lldp_global.py index 190f4513..d1ac618a 100644 --- a/plugins/modules/vyos_lldp_global.py +++ b/plugins/modules/vyos_lldp_global.py @@ -45,7 +45,7 @@ short_description: LLDP global resource module description: This module manages link layer discovery protocol (LLDP) attributes on VyOS devices. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: - Rohit Thakur (@rohitthakur2590) diff --git a/plugins/modules/vyos_lldp_interfaces.py b/plugins/modules/vyos_lldp_interfaces.py index 0a8f892b..ce1c9643 100644 --- a/plugins/modules/vyos_lldp_interfaces.py +++ b/plugins/modules/vyos_lldp_interfaces.py @@ -44,7 +44,7 @@ version_added: '1.0.0' short_description: LLDP interfaces resource module description: This module manages attributes of lldp interfaces on VyOS network devices. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: diff --git a/plugins/modules/vyos_logging_global.py b/plugins/modules/vyos_logging_global.py index 9479e7b2..3380b9ea 100644 --- a/plugins/modules/vyos_logging_global.py +++ b/plugins/modules/vyos_logging_global.py @@ -20,7 +20,7 @@ short_description: Logging resource module description: This module manages the logging attributes of Vyos network devices author: Sagar Paul (@KB-perByte) notes: - - Tested against vyos 1.3.8+ + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli). - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays diff --git a/plugins/modules/vyos_ntp_global.py b/plugins/modules/vyos_ntp_global.py index cad08a68..6461a32b 100644 --- a/plugins/modules/vyos_ntp_global.py +++ b/plugins/modules/vyos_ntp_global.py @@ -22,7 +22,7 @@ description: author: - Varshitha Yataluru (@YVarshitha) notes: -- Tested against vyos 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli). - "VyOS v.1.4+ uses chronyd, and path changes from `system` to `service`" options: diff --git a/plugins/modules/vyos_ospf_interfaces.py b/plugins/modules/vyos_ospf_interfaces.py index f86acb7a..6a065f17 100644 --- a/plugins/modules/vyos_ospf_interfaces.py +++ b/plugins/modules/vyos_ospf_interfaces.py @@ -19,6 +19,7 @@ version_added: 1.2.0 short_description: OSPF Interfaces Resource Module. description: - This module manages OSPF configuration of interfaces on devices running VYOS. +- The provided examples of commands are valid for VyOS 1.4+ author: Gomathi Selvi Srinivasan (@GomathiselviS) options: config: @@ -173,14 +174,14 @@ EXAMPLES = """ # -------------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # "after": [ # " @@ -244,14 +245,14 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "set interfaces ethernet eth1 ip ospf transmit-delay 50", -# "set interfaces ethernet eth1 ip ospf priority 26", -# "set interfaces ethernet eth1 ip ospf network point-to-point", -# "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", -# "set interfaces bonding bond2 ip ospf transmit-delay 45", -# "set interfaces bonding bond2 ip ospf bandwidth 70", -# "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", -# "set interfaces bonding bond2 ipv6 ospfv3 passive" +# "set protocols ospf interface eth1 transmit-delay 50", +# "set protocols ospf interface eth1 priority 26", +# "set protocols ospf interface eth1 network point-to-point", +# "set protocols ospfv3 interface eth1 dead-interval 39", +# "set protocols ospf interface bond2 transmit-delay 45", +# "set protocols ospf interface bond2 bandwidth 70", +# "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key 1111111111232345", +# "set protocols ospfv3 interface bond2 passive" # ], # Using replaced: @@ -260,14 +261,14 @@ EXAMPLES = """ # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' - name: Replace provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: @@ -290,10 +291,10 @@ EXAMPLES = """ # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf cost '100' -# set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 cost '100' +# set protocols ospfv3 interface eth1 ifmtu '33' # vyos@vyos:~$ # Module Execution @@ -383,14 +384,14 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "set interfaces ethernet eth1 ip ospf cost 100", -# "set interfaces ethernet eth1 ipv6 ospfv3 ifmtu 33", -# "delete interfaces ethernet eth1 ip ospf network point-to-point", -# "delete interfaces ethernet eth1 ip ospf priority 26", -# "delete interfaces ethernet eth1 ip ospf transmit-delay 50", -# "delete interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", -# "delete interfaces bonding bond2 ip ospf authentication", -# "delete interfaces bonding bond2 ip ospf bandwidth 70" +# "set protocols ospf interface eth1 cost 100", +# "set protocols ospfv3 interface eth1 ifmtu 33", +# "delete protocols ospf interface eth1 network point-to-point", +# "delete protocols ospf interface eth1 priority 26", +# "delete protocols ospf interface eth1 transmit-delay 50", +# "delete protocols ospfv3 interface eth1 dead-interval 39", +# "delete protocols ospf interface bond2 authentication", +# "delete protocols ospf interface bond2 bandwidth 70" # ], # @@ -401,16 +402,16 @@ EXAMPLES = """ # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf cost '100' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' -# set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 cost '100' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' +# set protocols ospfv3 interface eth1 ifmtu '33' # vyos@vyos:~$ - name: Override device configuration with provided configuration @@ -429,9 +430,9 @@ EXAMPLES = """ # ----------- # 200~vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces ethernet eth0 ip ospf cost '100' -# set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' -# set interfaces ethernet eth0 ipv6 ospfv3 'passive' +# set protocols ospf interface eth0 cost '100' +# set protocols ospfv3 interface eth0 ifmtu '33' +# set protocols ospfv3 interface eth0 'passive' # vyos@vyos:~$ # # @@ -513,13 +514,13 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "delete interfaces bonding bond2 ip ospf", -# "delete interfaces bonding bond2 ipv6 ospfv3", -# "delete interfaces ethernet eth1 ip ospf", -# "delete interfaces ethernet eth1 ipv6 ospfv3", -# "set interfaces ethernet eth0 ip ospf cost 100", -# "set interfaces ethernet eth0 ipv6 ospfv3 ifmtu 33", -# "set interfaces ethernet eth0 ipv6 ospfv3 passive" +# "delete protocols ospf interface bond2", +# "delete protocols ospfv3 interface bond2", +# "delete protocols ospf interface eth1", +# "delete protocols ospfv3 interface eth1", +# "set protocols ospf interface eth0 cost 100", +# "set protocols ospfv3 interface eth0 ifmtu 33", +# "set protocols ospfv3 interface eth0 passive" # ], # @@ -530,17 +531,17 @@ EXAMPLES = """ # ------------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth0 ip ospf cost '100' -# set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' -# set interfaces ethernet eth0 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth0 cost '100' +# set protocols ospfv3 interface eth0 ifmtu '33' +# set protocols ospfv3 interface eth0 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ - name: Delete device configuration @@ -553,14 +554,14 @@ EXAMPLES = """ # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ # # @@ -669,25 +670,25 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "delete interfaces ethernet eth0 ip ospf", -# "delete interfaces ethernet eth0 ipv6 ospfv3" +# "delete protocols ospf interface eth0", +# "delete protocols ospfv3 interface eth0" # ], # # Using parsed: # parsed.cfg: -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth0 ip ospf cost '50' -# set interfaces ethernet eth0 ip ospf priority '26' -# set interfaces ethernet eth0 ipv6 ospfv3 instance-id '33' -# set interfaces ethernet eth0 ipv6 ospfv3 'mtu-ignore' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth0 cost '50' +# set protocols ospf interface eth0 priority '26' +# set protocols ospfv3 interface eth0 instance-id '33' +# set protocols ospfv3 interface eth0 'mtu-ignore' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # - name: parse configs @@ -782,14 +783,14 @@ EXAMPLES = """ # ---------------- # "rendered": [ -# "set interfaces ethernet eth1 ip ospf transmit-delay 50", -# "set interfaces ethernet eth1 ip ospf priority 26", -# "set interfaces ethernet eth1 ip ospf network point-to-point", -# "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", -# "set interfaces bonding bond2 ip ospf transmit-delay 45", -# "set interfaces bonding bond2 ip ospf bandwidth 70", -# "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", -# "set interfaces bonding bond2 ipv6 ospfv3 passive" +# "set protocols ospf interface eth1 transmit-delay 50", +# "set protocols ospf interface eth1 priority 26", +# "set protocols ospf interface eth1 network point-to-point", +# "set protocols ospfv3 interface eth1 dead-interval 39", +# "set protocols ospf interface bond2 transmit-delay 45", +# "set protocols ospf interface bond2 bandwidth 70", +# "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key 1111111111232345", +# "set protocols ospfv3 interface bond2 passive" # ] # @@ -799,14 +800,14 @@ EXAMPLES = """ # Native Config: # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ - name: gather configs @@ -884,17 +885,17 @@ commands: returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) type: list sample: - - "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345'" - - "set interfaces bonding bond2 ip ospf bandwidth '70'" - - "set interfaces bonding bond2 ip ospf transmit-delay '45'" + - "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345'" + - "set protocols ospf interface bond2 bandwidth '70'" + - "set protocols ospf interface bond2 transmit-delay '45'" rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) type: list sample: - - "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345'" - - "set interfaces bonding bond2 ip ospf bandwidth '70'" - - "set interfaces bonding bond2 ip ospf transmit-delay '45'" + - "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345'" + - "set protocols ospf interface bond2 bandwidth '70'" + - "set protocols ospf interface bond2 transmit-delay '45'" gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) diff --git a/plugins/modules/vyos_ospfv2.py b/plugins/modules/vyos_ospfv2.py index a72b7fd2..000e4d39 100644 --- a/plugins/modules/vyos_ospfv2.py +++ b/plugins/modules/vyos_ospfv2.py @@ -45,7 +45,8 @@ short_description: OSPFv2 resource module description: This resource module configures and manages attributes of OSPFv2 routes on VyOS network devices. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: @@ -456,8 +457,8 @@ EXAMPLES = """ # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", -# "set protocols ospf passive-interface eth1", -# "set protocols ospf passive-interface eth2", +# "set protocols ospf interface 'eth1' passive", +# "set protocols ospf interface 'eth2' passive", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", @@ -601,8 +602,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -864,8 +865,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -901,8 +902,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -1059,7 +1060,7 @@ EXAMPLES = """ # } # # "commands": [ -# "delete protocols ospf passive-interface eth2", +# "delete protocols ospf interface 'eth2' passive", # "delete protocols ospf area 3", # "delete protocols ospf area 4 range 192.0.3.0/24 cost", # "delete protocols ospf area 4 range 192.0.3.0/24", @@ -1191,7 +1192,7 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' +# set protocols ospf interface 'eth1' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -1279,8 +1280,8 @@ EXAMPLES = """ # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", -# "set protocols ospf passive-interface eth1", -# "set protocols ospf passive-interface eth2", +# "set protocols ospf interface 'eth1' passive", +# "set protocols ospf interface 'eth2' passive", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", @@ -1335,8 +1336,8 @@ EXAMPLES = """ set protocols ospf parameters 'opaque-lsa' set protocols ospf parameters 'rfc1583-compatibility' set protocols ospf parameters router-id '192.0.1.1' - set protocols ospf passive-interface 'eth1' - set protocols ospf passive-interface 'eth2' + set protocols ospf interface 'eth1' passive + set protocols ospf interface 'eth2' passive set protocols ospf redistribute bgp metric '10' set protocols ospf redistribute bgp metric-type '2' state: parsed @@ -1472,8 +1473,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -1608,8 +1609,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -1645,8 +1646,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -1781,7 +1782,7 @@ commands: type: list sample: - "set protocols ospf parameters router-id 192.0.1.1" - - "set protocols ospf passive-interface 'eth1'" + - "set protocols ospf interface 'eth1' passive" """ diff --git a/plugins/modules/vyos_ospfv3.py b/plugins/modules/vyos_ospfv3.py index dbe9a857..fcb9d288 100644 --- a/plugins/modules/vyos_ospfv3.py +++ b/plugins/modules/vyos_ospfv3.py @@ -46,7 +46,7 @@ description: This resource module configures and manages attributes of OSPFv3 ro author: - Rohit Thakur (@rohitthakur2590) notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: diff --git a/plugins/modules/vyos_ping.py b/plugins/modules/vyos_ping.py index 98619399..58ca3459 100644 --- a/plugins/modules/vyos_ping.py +++ b/plugins/modules/vyos_ping.py @@ -30,7 +30,7 @@ module: vyos_ping short_description: Tests reachability using ping from VyOS network devices description: - Tests reachability using ping from a VyOS device to a remote destination. -- Tested against VyOS 1.1.8 (helium) +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - For a general purpose network module, see the M(ansible.netcommon.net_ping) module. - For Windows targets, use the M(ansible.windows.win_ping) module instead. - For targets running Python, use the M(ansible.builtin.ping) module instead. @@ -73,7 +73,7 @@ options: - present default: present notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - For a general purpose network module, see the M(ansible.netcommon.net_ping) module. - For Windows targets, use the M(ansible.windows.win_ping) module instead. - For targets running Python, use the M(ansible.builtin.ping) module instead. diff --git a/plugins/modules/vyos_prefix_lists.py b/plugins/modules/vyos_prefix_lists.py index 71d52b32..f613bf38 100644 --- a/plugins/modules/vyos_prefix_lists.py +++ b/plugins/modules/vyos_prefix_lists.py @@ -21,7 +21,7 @@ description: version_added: 2.4.0 author: Priyam Sahoo (@priyamsahoo) notes: - - Tested against VyOS 1.1.8 (helium) + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli) options: config: diff --git a/plugins/modules/vyos_route_maps.py b/plugins/modules/vyos_route_maps.py index 67d327a6..dfd22af9 100644 --- a/plugins/modules/vyos_route_maps.py +++ b/plugins/modules/vyos_route_maps.py @@ -21,7 +21,7 @@ description: - This module manages route map configurations on devices running VYOS. author: Ashwini Mhatre (@amhatre) notes: -- Tested against vyos 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli). options: config: @@ -103,6 +103,12 @@ options: extcommunity_soo: type: str description: Set Site of Origin value. ASN:nn_or_IP_address:nn VPN extended community + extcommunity_bandwidth: + type: str + description: Set Bandwidth of Origin value. 1-25600|cumulative|num-multipaths VPN extended community + extcommunity_bandwidth_non_transitive: + type: bool + description: Set the bandwidth extended community encoded as non-transitive True/False VPN extended community ip_next_hop: type: str description: IP address. @@ -146,6 +152,9 @@ options: weight: type: str description: Border Gateway Protocol (BGP) weight attribute. Example <0-4294967295> + table: + type: str + description: Set prefixes to table. Example <1-200> match: description: Route parameters to match. type: dict @@ -226,6 +235,10 @@ options: type: str description: RPKI validation value. choices: [ "notfound", "invalid", "valid" ] + protocol: + type: str + description: Source protocol to match. + choices: [ "babel","bgp","connected","isis","kernel","ospf","ospfv3","rip","ripng","static","table","vnc" ] on_match: type: dict description: Exit policy on matches. diff --git a/plugins/modules/vyos_snmp_server.py b/plugins/modules/vyos_snmp_server.py index f574919a..2d3ae88a 100644 --- a/plugins/modules/vyos_snmp_server.py +++ b/plugins/modules/vyos_snmp_server.py @@ -20,7 +20,7 @@ short_description: Manages snmp_server resource module description: This module manages the snmp server attributes of Vyos network devices author: Gomathi Selvi Srinivasan (@GomathiselviS) notes: - - Tested against vyos 1.3.8, 1.4.1 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025, 1.4.1 - This module works with connection C(network_cli). - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays diff --git a/plugins/modules/vyos_static_routes.py b/plugins/modules/vyos_static_routes.py index 0629a8bd..436fd36d 100644 --- a/plugins/modules/vyos_static_routes.py +++ b/plugins/modules/vyos_static_routes.py @@ -44,7 +44,7 @@ version_added: '1.0.0' short_description: Static routes resource module description: This module manages attributes of static routes on VyOS network devices. notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: diff --git a/plugins/modules/vyos_system.py b/plugins/modules/vyos_system.py index 96a0e9bc..4aa0e03d 100644 --- a/plugins/modules/vyos_system.py +++ b/plugins/modules/vyos_system.py @@ -16,6 +16,7 @@ # You should have received a copy of the GNU General Public License # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # + from __future__ import absolute_import, division, print_function @@ -33,7 +34,7 @@ version_added: 1.0.0 extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: host_name: @@ -94,21 +95,27 @@ EXAMPLES = """ - sub1.example.com - sub2.example.com """ +from re import M, findall from ansible.module_utils.basic import AnsibleModule +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import ( get_config, + get_os_version, load_config, ) -def spec_key_to_device_key(key): +def spec_key_to_device_key(key, module): device_key = key.replace("_", "-") - # domain-search is longer than just it's key + # domain-search differs in 1.3- and 1.4+ if device_key == "domain-search": - device_key += " domain" + if LooseVersion(get_os_version(module)) <= LooseVersion("1.3"): + device_key += " domain" return device_key @@ -119,19 +126,20 @@ def config_to_dict(module): config = {"domain_search": [], "name_server": []} for line in data.split("\n"): - if line.startswith("set system host-name"): - config["host_name"] = line[22:-1] - elif line.startswith("set system domain-name"): - config["domain_name"] = line[24:-1] - elif line.startswith("set system domain-search domain"): - config["domain_search"].append(line[33:-1]) - elif line.startswith("set system name-server"): - config["name_server"].append(line[24:-1]) - + config_line = findall(r"^set system\s+(\S+)(?:\s+domain)?\s+'([^']+)'", line, M) + if config_line: + if config_line[0][0] == "host-name": + config["host_name"] = config_line[0][1] + elif config_line[0][0] == "domain-name": + config["domain_name"] = config_line[0][1] + elif config_line[0][0] == "domain-search": + config["domain_search"].append(config_line[0][1]) + elif config_line[0][0] == "name-server": + config["name_server"].append(config_line[0][1]) return config -def spec_to_commands(want, have): +def spec_to_commands(want, have, module): commands = [] state = want.pop("state") @@ -140,7 +148,7 @@ def spec_to_commands(want, have): if state == "absent" and all(v is None for v in want.values()): # Clear everything for key in have: - commands.append("delete system %s" % spec_key_to_device_key(key)) + commands.append("delete system %s" % spec_key_to_device_key(key, module)) for key in want: if want[key] is None: @@ -148,7 +156,7 @@ def spec_to_commands(want, have): current = have.get(key) proposed = want[key] - device_key = spec_key_to_device_key(key) + device_key = spec_key_to_device_key(key, module) # These keys are lists which may need to be reconciled with the device if key in ["domain_search", "name_server"]: @@ -201,7 +209,7 @@ def main(): want = map_param_to_obj(module) have = config_to_dict(module) - commands = spec_to_commands(want, have) + commands = spec_to_commands(want, have, module) result["commands"] = commands if commands: diff --git a/plugins/modules/vyos_user.py b/plugins/modules/vyos_user.py index 5aebf943..4a68e559 100644 --- a/plugins/modules/vyos_user.py +++ b/plugins/modules/vyos_user.py @@ -37,7 +37,7 @@ version_added: 1.0.0 extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: aggregate: diff --git a/plugins/modules/vyos_vlan.py b/plugins/modules/vyos_vlan.py index 49cc1258..f0b68bc9 100644 --- a/plugins/modules/vyos_vlan.py +++ b/plugins/modules/vyos_vlan.py @@ -18,7 +18,7 @@ description: - This module provides declarative management of VLANs on VyOS network devices. version_added: 1.0.0 notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: name: diff --git a/test-requirements.txt b/test-requirements.txt index b3159d76..5ddd8a44 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2,3 +2,4 @@ pytest-ansible pytest-xdist pytest-cov +typing_extensions diff --git a/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml b/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml index 3a0e2cc4..276be083 100644 --- a/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml +++ b/tests/integration/targets/prepare_vyos_tests/tasks/main.yaml @@ -5,7 +5,7 @@ set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 speed auto set interfaces ethernet eth0 duplex auto - set interfaces ethernet eth1 address 192.0.2.1/24 + set interfaces ethernet eth1 set interfaces ethernet eth2 delete interfaces loopback lo vars: diff --git a/tests/integration/targets/vyos_config/tests/cli/save.yaml b/tests/integration/targets/vyos_config/tests/cli/save.yaml index e8a9035b..b39ef957 100644 --- a/tests/integration/targets/vyos_config/tests/cli/save.yaml +++ b/tests/integration/targets/vyos_config/tests/cli/save.yaml @@ -6,7 +6,7 @@ lines: set system host-name {{ inventory_hostname_short }} match: none -- name: configure hostaname and save +- name: configure hostname and save register: result vyos.vyos.vyos_config: lines: set system host-name foo @@ -17,7 +17,7 @@ - result.changed == true - "'set system host-name foo' in result.commands" -- name: configure hostaname and don't save +- name: configure hostname and don't save register: result vyos.vyos.vyos_config: lines: set system host-name bar diff --git a/tests/integration/targets/vyos_config/tests/cli/simple.yaml b/tests/integration/targets/vyos_config/tests/cli/simple.yaml index 3db59270..1559fa2b 100644 --- a/tests/integration/targets/vyos_config/tests/cli/simple.yaml +++ b/tests/integration/targets/vyos_config/tests/cli/simple.yaml @@ -25,6 +25,17 @@ that: - result.changed == false +- name: configure simple config command while match = 'none' + register: result + vyos.vyos.vyos_config: + lines: set system host-name foo + match: none + +- assert: + that: + - result.changed == true + - "'set system host-name foo' in result.commands" + - name: Delete services vyos.vyos.vyos_config: &id001 lines: diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml index 45bd9b6a..cbc994ba 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml @@ -9,6 +9,8 @@ config: |- {% for intf in ('eth1','eth2') %} set interfaces ethernet "{{ intf }}" description 'Configured by Ansible' + set interfaces ethernet "{{ intf }}" speed 'auto' + set interfaces ethernet "{{ intf }}" duplex 'auto' set interfaces ethernet "{{ intf }}" mtu '1500' set interfaces ethernet "{{ intf }}" vif 200 set interfaces ethernet "{{ intf }}" vif 200 description 'VIF - 200' diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml index 620bf53f..9f0734b4 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml @@ -17,17 +17,17 @@ - name: Assert that the before dicts were correctly generated assert: that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + - populate | symmetric_difference(result['before']) |length == 0 - name: Assert that the correct set of commands were generated assert: that: - - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - deleted['commands'] | symmetric_difference(result['commands']) |length == 0 - name: Assert that the after dicts were correctly generated assert: that: - - "{{ deleted['after'] | symmetric_difference(result['after']) |length == 0 }}" + - deleted['after'] | symmetric_difference(result['after']) |length == 0 - name: Delete attributes of given interfaces (IDEMPOTENT) register: result @@ -41,6 +41,6 @@ - name: Assert that the before dicts were correctly generated assert: that: - - "{{ deleted['after'] | symmetric_difference(result['before']) |length == 0 }}" + - deleted['after'] | symmetric_difference(result['before']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml index 88e53762..46a0e166 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml @@ -14,7 +14,7 @@ - name: Assert that gathered dicts was correctly generated assert: that: - - "{{ populate | symmetric_difference(result['gathered']) |length == 0 }}" + - populate | symmetric_difference(result['gathered']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml index 5c719b39..decdeca2 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml @@ -12,6 +12,8 @@ - name: eth1 description: Configured by Ansible - Interface 1 mtu: 1500 + speed: auto + duplex: auto vifs: - vlan_id: 100 description: Eth1 - VIF 100 @@ -28,17 +30,17 @@ - name: Assert that before dicts were correctly generated assert: - that: "{{ merged['before'] | symmetric_difference(result['before']) |length == 0 }}" + that: merged['before'] | symmetric_difference(result['before']) |length == 0 - name: Assert that correct set of commands were generated assert: that: - - "{{ merged['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - merged['commands'] | symmetric_difference(result['commands']) |length == 0 - name: Assert that after dicts was correctly generated assert: that: - - "{{ merged['after'] | symmetric_difference(result['after']) |length == 0 }}" + - merged['after'] | symmetric_difference(result['after']) |length == 0 - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) register: result @@ -52,6 +54,6 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ merged['after'] | symmetric_difference(result['before']) |length == 0 }}" + - merged['after'] | symmetric_difference(result['before']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml index 7e86d3e4..5d87ab68 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml @@ -21,17 +21,17 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + - populate | symmetric_difference(result['before']) |length == 0 - name: Assert that correct commands were generated assert: that: - - "{{ overridden['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - overridden['commands'] | symmetric_difference(result['commands']) |length == 0 - name: Assert that after dicts were correctly generated assert: that: - - "{{ overridden['after'] | symmetric_difference(result['after']) |length == 0 }}" + - overridden['after'] | symmetric_difference(result['after']) |length == 0 - name: Overrides all device configuration with provided configurations (IDEMPOTENT) register: result @@ -45,6 +45,6 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ overridden['after'] | symmetric_difference(result['before']) |length == 0 }}" + - overridden['after'] | symmetric_difference(result['before']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml index 0ebfd322..329d6b50 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml @@ -11,4 +11,4 @@ - name: Assert that config was correctly parsed assert: that: - - "{{ parsed['after'] | symmetric_difference(result['parsed']) |length == 0 }}" + - parsed['after'] | symmetric_difference(result['parsed']) |length == 0 diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml index c03347fa..7b66c50e 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml @@ -11,9 +11,13 @@ config: - name: eth0 enabled: true + duplex: auto + speed: auto - name: eth1 description: Configured by Ansible - Interface 1 mtu: 1500 + duplex: auto + speed: auto enabled: true vifs: - vlan_id: 100 diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml index 9d0a3a8b..5cfa4523 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml @@ -25,17 +25,11 @@ that: - replaced['commands'] | symmetric_difference(result['commands']) |length == 0 - - debug: - var: populate | symmetric_difference(result['before']) - - name: Assert that before dicts are correctly generated assert: that: - populate | symmetric_difference(result['before']) |length == 0 - - debug: - var: replaced['after'] | symmetric_difference(result['after']) - - name: Assert that after dict is correctly generated assert: that: diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml index cfe1b0f0..e6753cba 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml @@ -11,6 +11,8 @@ config: - name: eth0 enabled: true + duplex: auto + speed: auto - name: eth1 description: Interface - 1 @@ -62,7 +64,7 @@ - name: Assert that changes were applied assert: - that: "{{ round_trip['after'] | symmetric_difference(result['after']) |length == 0 }}" + that: round_trip['after'] | symmetric_difference(result['after']) |length == 0 - name: Revert back to base config using facts round trip register: revert @@ -72,6 +74,6 @@ - name: Assert that config was reverted assert: - that: "{{ base_config['after'] | symmetric_difference(revert['after']) |length == 0 }}" + that: base_config['after'] | symmetric_difference(revert['after']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/vars/main.yaml b/tests/integration/targets/vyos_interfaces/vars/main.yaml index 4e66747b..c65771f2 100644 --- a/tests/integration/targets/vyos_interfaces/vars/main.yaml +++ b/tests/integration/targets/vyos_interfaces/vars/main.yaml @@ -12,6 +12,8 @@ merged: commands: - set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1' - set interfaces ethernet eth1 mtu '1500' + - set interfaces ethernet eth1 duplex 'auto' + - set interfaces ethernet eth1 speed 'auto' - set interfaces ethernet eth1 vif 100 description 'Eth1 - VIF 100' - set interfaces ethernet eth1 vif 100 mtu '1404' - set interfaces ethernet eth1 vif 101 description 'Eth1 - VIF 101' @@ -27,6 +29,8 @@ merged: description: Configured by Ansible - Interface 1 mtu: 1500 enabled: true + duplex: auto + speed: auto vifs: - vlan_id: 100 description: Eth1 - VIF 100 @@ -44,6 +48,8 @@ populate: enabled: true description: Configured by Ansible mtu: 1500 + duplex: auto + speed: auto vifs: - vlan_id: 200 enabled: true @@ -52,6 +58,8 @@ populate: enabled: true description: Configured by Ansible mtu: 1500 + duplex: auto + speed: auto vifs: - vlan_id: 200 enabled: true @@ -63,10 +71,14 @@ populate: replaced: commands: - delete interfaces ethernet eth1 mtu + - delete interfaces ethernet eth1 speed + - delete interfaces ethernet eth1 duplex - delete interfaces ethernet eth1 vif 200 - set interfaces ethernet eth1 description 'Replaced by Ansible' - set interfaces ethernet eth1 vif 100 description 'VIF 100 - Replaced by Ansible' - delete interfaces ethernet eth2 vif 200 + - delete interfaces ethernet eth2 speed + - delete interfaces ethernet eth2 duplex - set interfaces ethernet eth2 description 'Replaced by Ansible' - set interfaces ethernet eth2 mtu '1400' after: @@ -107,8 +119,12 @@ overridden: commands: - delete interfaces ethernet eth1 description - delete interfaces ethernet eth1 mtu + - delete interfaces ethernet eth1 speed + - delete interfaces ethernet eth1 duplex - delete interfaces ethernet eth1 vif 200 - delete interfaces ethernet eth2 vif 200 + - delete interfaces ethernet eth2 speed + - delete interfaces ethernet eth2 duplex - set interfaces ethernet eth2 description 'Overridden by Ansible' - set interfaces ethernet eth2 mtu '1402' after: @@ -124,6 +140,10 @@ overridden: mtu: 1402 rendered: commands: + - set interfaces ethernet eth0 duplex 'auto' + - set interfaces ethernet eth0 speed 'auto' + - set interfaces ethernet eth1 duplex 'auto' + - set interfaces ethernet eth1 speed 'auto' - set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1' - set interfaces ethernet eth1 mtu '1500' - set interfaces ethernet eth1 vif 100 description 'Eth1 - VIF 100' @@ -137,9 +157,13 @@ deleted: - delete interfaces ethernet eth1 description - delete interfaces ethernet eth1 mtu - delete interfaces ethernet eth1 vif 200 + - delete interfaces ethernet eth1 speed + - delete interfaces ethernet eth1 duplex - delete interfaces ethernet eth2 description - delete interfaces ethernet eth2 mtu - delete interfaces ethernet eth2 vif 200 + - delete interfaces ethernet eth2 speed + - delete interfaces ethernet eth2 duplex after: - name: eth0 enabled: true @@ -149,6 +173,7 @@ deleted: enabled: true - name: eth2 enabled: true + round_trip: after: - name: eth0 diff --git a/tests/integration/targets/vyos_route_maps/tests/cli/replaced.yaml b/tests/integration/targets/vyos_route_maps/tests/cli/replaced.yaml index d7d05ec1..dce0cba9 100644 --- a/tests/integration/targets/vyos_route_maps/tests/cli/replaced.yaml +++ b/tests/integration/targets/vyos_route_maps/tests/cli/replaced.yaml @@ -31,7 +31,6 @@ - assert: that: - - result.commands|length == 7 - result.changed == true - result.commands|symmetric_difference(replaced.commands) == [] - result.after|symmetric_difference(ansible_facts['network_resources']['route_maps']) == [] diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml b/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml index f8aa82e8..5fade170 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/_populate_config.yaml @@ -2,6 +2,7 @@ - name: setup vyos.vyos.vyos_config: lines: + - set interface ethernet eth1 address 192.0.2.1/24 - set interface ethernet eth2 address 20.1.1.1/24 - set service snmp community switches authorization rw - set service snmp community bridges client 1.1.1.1 diff --git a/tests/integration/targets/vyos_snmp_server/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_snmp_server/tests/cli/_remove_config.yaml index 12cfb755..d30001f9 100644 --- a/tests/integration/targets/vyos_snmp_server/tests/cli/_remove_config.yaml +++ b/tests/integration/targets/vyos_snmp_server/tests/cli/_remove_config.yaml @@ -6,3 +6,12 @@ ignore_errors: true vars: ansible_connection: ansible.netcommon.network_cli + +- name: remove interfaces address + vyos.vyos.vyos_config: + lines: + - delete interface ethernet eth1 address + - delete interface ethernet eth2 address + ignore_errors: true + vars: + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_system/tests/cli/basic.yaml b/tests/integration/targets/vyos_system/tests/cli/basic.yaml index 29309e22..cf08f36f 100644 --- a/tests/integration/targets/vyos_system/tests/cli/basic.yaml +++ b/tests/integration/targets/vyos_system/tests/cli/basic.yaml @@ -55,9 +55,9 @@ ignore_errors: true vyos.vyos.vyos_config: lines: - - delete system name-server name-server 192.0.2.1 - - delete system name-server name-server 192.0.2.2 - - delete system name-server name-server 192.0.2.3 + - delete system name-server 192.0.2.1 + - delete system name-server 192.0.2.2 + - delete system name-server 192.0.2.3 match: none - debug: msg="END cli/basic.yaml on connection={{ ansible_connection }}" diff --git a/tests/integration/targets/vyos_system/tests/cli/domain_search.yaml b/tests/integration/targets/vyos_system/tests/cli/domain_search.yaml new file mode 100644 index 00000000..2422d2c7 --- /dev/null +++ b/tests/integration/targets/vyos_system/tests/cli/domain_search.yaml @@ -0,0 +1,43 @@ +--- +- debug: msg="START cli/domain_search.yaml on connection={{ ansible_connection }}" + +- name: ensure facts + include_tasks: _get_version.yaml + +- name: setup + ignore_errors: true + vyos.vyos.vyos_system: + domain_search: + - nbg.bufanda.ke + state: absent + +- name: configure domain search setting + register: result + vyos.vyos.vyos_system: + domain_search: + - nbg.bufanda.ke + +- assert: + that: + - result.changed == true + - result.commands|length == 1 + - "{{ merged['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: configure domain search setting + register: result + vyos.vyos.vyos_system: + domain_search: + - nbg.bufanda.ke + +- assert: + that: + - result.changed == false + +- name: teardown + ignore_errors: true + vyos.vyos.vyos_system: + domain_search: + - nbg.bufanda.ke + state: absent + +- debug: msg="END cli/basic.yaml on connection={{ ansible_connection }}" diff --git a/tests/integration/targets/vyos_system/vars/pre-v1_4.yaml b/tests/integration/targets/vyos_system/vars/pre-v1_4.yaml new file mode 100644 index 00000000..cb41c9c6 --- /dev/null +++ b/tests/integration/targets/vyos_system/vars/pre-v1_4.yaml @@ -0,0 +1,4 @@ +--- +merged: + commands: + - set system domain-search domain 'nbg.bufanda.ke' diff --git a/tests/integration/targets/vyos_system/vars/v1_4.yaml b/tests/integration/targets/vyos_system/vars/v1_4.yaml new file mode 100644 index 00000000..96f0b7c9 --- /dev/null +++ b/tests/integration/targets/vyos_system/vars/v1_4.yaml @@ -0,0 +1,4 @@ +--- +merged: + commands: + - set system domain-search 'nbg.bufanda.ke' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg index f54a03dc..464f132f 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg @@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1 set firewall group address-group RND-HOSTS address 192.0.2.3 set firewall group address-group RND-HOSTS address 192.0.2.5 set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists' +set firewall group address-group DELETE-HOSTS address 1.2.3.4 +set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests' set firewall group ipv6-address-group LOCAL-v6 address ::1 set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1 set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg index 0a1247dd..ad60b45c 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg @@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1 set firewall group address-group RND-HOSTS address 192.0.2.3 set firewall group address-group RND-HOSTS address 192.0.2.5 set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists' +set firewall group address-group DELETE-HOSTS address 1.2.3.4 +set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests' set firewall group ipv6-address-group LOCAL-v6 address ::1 set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1 set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_route_maps_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_route_maps_config_v14.cfg new file mode 100644 index 00000000..1e84e5eb --- /dev/null +++ b/tests/unit/modules/network/vyos/fixtures/vyos_route_maps_config_v14.cfg @@ -0,0 +1,18 @@ +set policy route-map test3 rule 1 action 'permit' +set policy route-map test3 rule 1 match interface 'eth2' +set policy route-map test3 rule 1 match ipv6 nexthop 'fdda:5cc1:23:4::1f' +set policy route-map test3 rule 1 match metric '1' +set policy route-map test3 rule 1 match peer '1.1.1.2' +set policy route-map test3 rule 1 match rpki 'invalid' +set policy route-map test3 rule 1 set bgp-extcommunity-rt '22:11' +set policy route-map test3 rule 1 set community replace 'internet' +set policy route-map test3 rule 1 set ipv6-next-hop global 'fdda:5cc1:23:4::1f' +set policy route-map test3 rule 1 set ip-next-hop '10.20.10.20' +set policy route-map test3 rule 1 set local-preference '4' +set policy route-map test3 rule 1 set metric '5' +set policy route-map test3 rule 1 set metric-type 'type-1' +set policy route-map test3 rule 1 set origin 'egp' +set policy route-map test3 rule 1 set originator-id '10.0.2.3' +set policy route-map test3 rule 1 set src '10.0.2.15' +set policy route-map test3 rule 1 set tag '5' +set policy route-map test3 rule 1 set weight '4' diff --git a/tests/unit/modules/network/vyos/test_vyos_bgp_address_family14.py b/tests/unit/modules/network/vyos/test_vyos_bgp_address_family14.py index 9e615ff0..c0c661ad 100644 --- a/tests/unit/modules/network/vyos/test_vyos_bgp_address_family14.py +++ b/tests/unit/modules/network/vyos/test_vyos_bgp_address_family14.py @@ -45,13 +45,13 @@ class TestVyosBgpafModule14(TestVyosModule): ) self.execute_show_command = self.mock_execute_show_command.start() self.mock_get_os_version = patch( - "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.bgp_address_family.bgp_address_family.get_os_version" + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.bgp_address_family.bgp_address_family.get_os_version", ) self.test_version = "1.4" self.get_os_version = self.mock_get_os_version.start() self.get_os_version.return_value = self.test_version self.mock_facts_get_os_version = patch( - "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_address_family.bgp_address_family.get_os_version" + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_address_family.bgp_address_family.get_os_version", ) self.get_facts_os_version = self.mock_facts_get_os_version.start() self.get_facts_os_version.return_value = self.test_version @@ -425,46 +425,6 @@ class TestVyosBgpafModule14(TestVyosModule): self.execute_module(changed=True, commands=commands) - # def test_vyos_bgp_address_family_incorrect_instance(self): - # set_module_args( - # dict( - # state="overridden", - # config=dict( - # as_number=100, - # address_family=[ - # dict( - # afi="ipv4", - # networks=[ - # dict(prefix="192.1.13.0/24", route_map="map01"), - # ], - # ), - # dict( - # afi="ipv6", - # redistribute=[dict(protocol="ospfv3", metric=20)], - # ), - # ], - # neighbors=[ - # dict( - # neighbor_address="192.10.21.25", - # address_family=[ - # dict( - # afi="ipv4", - # route_map=[dict(action="import", route_map="map01")], - # ), - # dict( - # afi="ipv6", - # distribute_list=[dict(action="export", acl=10)], - # route_server_client=True, - # ), - # ], - # ), - # ], - # ), - # ), - # ) - # result = self.execute_module(failed=True) - # self.assertIn("Only one bgp instance is allowed per device", result["msg"]) - def test_vyos_bgp_address_family_rendered(self): set_module_args( dict( @@ -708,7 +668,7 @@ class TestVyosBgpafModule14(TestVyosModule): ) self.execute_module(changed=False, commands=[]) - def test_vyos_bgp_address_family_replaced_asn(self): + def test_vyos_bgp_address_family_replaced_asn2(self): set_module_args( dict( state="replaced", @@ -764,7 +724,7 @@ class TestVyosBgpafModule14(TestVyosModule): ] self.execute_module(changed=True, commands=commands) - def test_vyos_bgp_address_family_overridden_asn(self): + def test_vyos_bgp_address_family_overridden_asn2(self): set_module_args( dict( state="overridden", @@ -842,13 +802,13 @@ class TestVyosBgpafOpsModule14(TestVyosModule): ) self.execute_show_command = self.mock_execute_show_command.start() self.mock_get_os_version = patch( - "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.bgp_address_family.bgp_address_family.get_os_version" + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.bgp_address_family.bgp_address_family.get_os_version", ) self.test_version = "1.4" self.get_os_version = self.mock_get_os_version.start() self.get_os_version.return_value = self.test_version self.mock_facts_get_os_version = patch( - "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_address_family.bgp_address_family.get_os_version" + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_address_family.bgp_address_family.get_os_version", ) self.get_facts_os_version = self.mock_facts_get_os_version.start() self.get_facts_os_version.return_value = self.test_version @@ -911,13 +871,13 @@ class TestVyosBgpafOpsModule14(TestVyosModule): ], redistribute=[ dict(protocol="ospf", metric=25), - ] + ], ), dict( afi="ipv6", redistribute=[ dict(protocol="ospfv3", metric=20), - dict(protocol="ripng") + dict(protocol="ripng"), ], ), ], @@ -948,13 +908,13 @@ class TestVyosBgpafOpsModule14(TestVyosModule): ], redistribute=[ dict(protocol="ospf", metric=25), - ] + ], ), dict( afi="ipv6", redistribute=[ dict(protocol="ospfv3", metric=20), - dict(protocol="ripng") + dict(protocol="ripng"), ], ), ], @@ -982,7 +942,7 @@ class TestVyosBgpafOpsModule14(TestVyosModule): afi="ipv4", networks=[ dict(prefix="192.2.13.0/24"), - ] + ], ), dict( afi="ipv6", diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py index 481cc1dd..db67ab2c 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py @@ -269,6 +269,12 @@ class TestVyosFirewallGlobalModule(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + # No members here + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", @@ -309,6 +315,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule): "delete firewall send-redirects", "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", + "delete firewall group address-group DELETE-HOSTS address", "set firewall group address-group RND-HOSTS address 192.0.2.7", "set firewall group address-group RND-HOSTS address 192.0.2.9", "delete firewall group network-group RND description", @@ -376,6 +383,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule): ), ) commands = [ + "delete firewall group address-group DELETE-HOSTS", "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", "delete firewall ipv6-src-route", @@ -412,6 +420,14 @@ class TestVyosFirewallGlobalModule(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + members=[ + dict(address='1.2.3.4'), + ] + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py index aae4aa83..0b85e62d 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py @@ -272,6 +272,12 @@ class TestVyosFirewallRulesModule14(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + # No members here + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", @@ -310,6 +316,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): commands = [ "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", + "delete firewall group address-group DELETE-HOSTS address", "delete firewall global-options all-ping", "delete firewall global-options state-policy related", "delete firewall global-options ipv6-src-route", @@ -350,6 +357,14 @@ class TestVyosFirewallRulesModule14(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + members=[ + dict(address='1.2.3.4'), + ] + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", @@ -451,6 +466,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "delete firewall global-options send-redirects", "set firewall global-options state-policy related action 'drop'", "delete firewall global-options state-policy related log-level", + "delete firewall group address-group DELETE-HOSTS", "set firewall global-options state-policy invalid action 'reject'", "set firewall group address-group RND-HOSTS address 192.0.2.7", "set firewall group address-group RND-HOSTS address 192.0.2.9", diff --git a/tests/unit/modules/network/vyos/test_vyos_route_maps.py b/tests/unit/modules/network/vyos/test_vyos_route_maps.py index ce13dcf2..db83ea40 100644 --- a/tests/unit/modules/network/vyos/test_vyos_route_maps.py +++ b/tests/unit/modules/network/vyos/test_vyos_route_maps.py @@ -50,6 +50,18 @@ class TestVyosRouteMapsModule(TestVyosModule): ) self.execute_show_command = self.mock_execute_show_command.start() + self.mock_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.route_maps.route_maps.get_os_version", + ) + self.test_version = "1.2" + self.get_os_version = self.mock_get_os_version.start() + self.get_os_version.return_value = self.test_version + self.mock_facts_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.route_maps.route_maps.get_os_version", + ) + self.get_facts_os_version = self.mock_facts_get_os_version.start() + self.get_facts_os_version.return_value = self.test_version + self.maxDiff = None def tearDown(self): super(TestVyosRouteMapsModule, self).tearDown() @@ -176,21 +188,25 @@ class TestVyosRouteMapsModule(TestVyosModule): self.execute_module(changed=True, commands=commands) - def test_route_maps_replaced(self): + def test_route_maps_extras_merged(self): set_module_args( dict( config=[ dict( - route_map="test3", + route_map="test2", entries=[ dict( sequence=1, action="permit", + call="2", + continue_sequence=2, match=dict( rpki="invalid", + interface="eth2", metric=1, peer="1.1.1.3", ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + community=dict(community_list="235"), ), set=dict( ipv6_next_hop=dict( @@ -198,9 +214,17 @@ class TestVyosRouteMapsModule(TestVyosModule): value="fdda:5cc1:23:4::1f", ), community=dict(value="internet"), + extcommunity_rt="22:11", + extcommunity_soo="220:110", + extcommunity_bandwidth="100", + extcommunity_bandwidth_non_transitive=True, + atomic_aggregate=True, + aggregator={"ip": "10.20.11.22", "as": "245"}, bgp_extcommunity_rt="22:11", ip_next_hop="10.20.10.22", large_community="10:20:21", + as_path_prepend="100 200 350", + as_path_exclude="150", local_preference=4, metric=5, metric_type="type-2", @@ -209,6 +233,85 @@ class TestVyosRouteMapsModule(TestVyosModule): src="10.0.2.15", tag=4, weight=4, + table=7, + ), + ), + ], + ), + ], + state="merged", + ), + ) + commands = [ + "set policy route-map test2 rule 1 action permit", + "set policy route-map test2 rule 1 call 2", + "set policy route-map test2 rule 1 set bgp-extcommunity-rt 22:11", + "set policy route-map test2 rule 1 set ip-next-hop 10.20.10.22", + "set policy route-map test2 rule 1 set ipv6-next-hop global fdda:5cc1:23:4::1f", + "set policy route-map test2 rule 1 set large-community 10:20:21", + "set policy route-map test2 rule 1 set as-path-prepend '100 200 350'", + "set policy route-map test2 rule 1 set as-path-exclude 150", + "set policy route-map test2 rule 1 set local-preference 4", + "set policy route-map test2 rule 1 set metric 5", + "set policy route-map test2 rule 1 set metric-type type-2", + "set policy route-map test2 rule 1 set origin egp", + "set policy route-map test2 rule 1 set originator-id 10.0.2.2", + "set policy route-map test2 rule 1 set src 10.0.2.15", + "set policy route-map test2 rule 1 set tag 4", + "set policy route-map test2 rule 1 set weight 4", + "set policy route-map test2 rule 1 set table 7", + "set policy route-map test2 rule 1 set community internet", + "set policy route-map test2 rule 1 set extcommunity-rt 22:11", + "set policy route-map test2 rule 1 set extcommunity-soo 220:110", + "set policy route-map test2 rule 1 set extcommunity bandwidth 100", + "set policy route-map test2 rule 1 set extcommunity bandwidth-non-transitive", + "set policy route-map test2 rule 1 set atomic-aggregate", + "set policy route-map test2 rule 1 set aggregator as 245", + "set policy route-map test2 rule 1 set aggregator ip 10.20.11.22", + "set policy route-map test2 rule 1 match interface eth2", + "set policy route-map test2 rule 1 match metric 1", + "set policy route-map test2 rule 1 match peer 1.1.1.3", + "set policy route-map test2 rule 1 match ipv6 nexthop fdda:5cc1:23:4::1f", + "set policy route-map test2 rule 1 match rpki invalid", + "set policy route-map test2 rule 1 match community community-list 235", + "set policy route-map test2 rule 1 continue 2", + ] + + self.execute_module(changed=True, commands=commands) + + def test_route_maps_replaced(self): + set_module_args( + dict( + config=[ + dict( + route_map="test3", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + metric=1, + peer="1.1.1.3", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="100:100"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.22", + large_community="10:20:21", + local_preference=4, + metric=5, + metric_type="type-2", + origin="egp", + originator_id="10.0.2.2", + src="fdda:5cc1:23:4::12", + tag=4, + weight=4, ), ), ], @@ -220,10 +323,12 @@ class TestVyosRouteMapsModule(TestVyosModule): commands = [ "delete policy route-map test3 rule 1 match interface eth2", "set policy route-map test3 rule 1 set ip-next-hop 10.20.10.22", + "set policy route-map test3 rule 1 set community 100:100", "set policy route-map test3 rule 1 set large-community 10:20:21", "set policy route-map test3 rule 1 set metric-type type-2", "set policy route-map test3 rule 1 set originator-id 10.0.2.2", "set policy route-map test3 rule 1 set tag 4", + "set policy route-map test3 rule 1 set src fdda:5cc1:23:4::12", "set policy route-map test3 rule 1 match peer 1.1.1.3", ] self.execute_module(changed=True, commands=commands) @@ -328,6 +433,32 @@ class TestVyosRouteMapsModule(TestVyosModule): ] self.execute_module(changed=True, commands=commands) + def test_route_maps__deny_overridden(self): + set_module_args( + dict( + config=[ + dict( + route_map="test2", + entries=[ + dict( + sequence=1, + action="deny", + match=dict(rpki="invalid", peer="1.1.1.5"), + ), + ], + ), + ], + state="overridden", + ), + ) + commands = [ + "delete policy route-map test3", + "set policy route-map test2 rule 1 action deny", + "set policy route-map test2 rule 1 match peer 1.1.1.5", + "set policy route-map test2 rule 1 match rpki invalid", + ] + self.execute_module(changed=True, commands=commands) + def test_vyos_route_maps_overridden_idempotent(self): set_module_args( dict( diff --git a/tests/unit/modules/network/vyos/test_vyos_route_maps14.py b/tests/unit/modules/network/vyos/test_vyos_route_maps14.py new file mode 100644 index 00000000..7bc5b74e --- /dev/null +++ b/tests/unit/modules/network/vyos/test_vyos_route_maps14.py @@ -0,0 +1,717 @@ +# (c) 2021 Red Hat Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +from unittest.mock import patch + +from ansible_collections.vyos.vyos.plugins.modules import vyos_route_maps +from ansible_collections.vyos.vyos.tests.unit.modules.utils import set_module_args + +from .vyos_module import TestVyosModule, load_fixture + + +class TestVyosRouteMapsModule(TestVyosModule): + module = vyos_route_maps + + def setUp(self): + super(TestVyosRouteMapsModule, self).setUp() + + self.mock_get_resource_connection_config = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module_base.get_resource_connection", + ) + self.get_resource_connection_config = self.mock_get_resource_connection_config.start() + + self.mock_get_resource_connection_facts = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.facts.facts.get_resource_connection", + ) + self.get_resource_connection_facts = self.mock_get_resource_connection_facts.start() + + self.mock_execute_show_command = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.route_maps.route_maps.Route_mapsFacts.get_config", + ) + + self.execute_show_command = self.mock_execute_show_command.start() + self.mock_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.route_maps.route_maps.get_os_version", + ) + self.test_version = "1.4" + self.get_os_version = self.mock_get_os_version.start() + self.get_os_version.return_value = self.test_version + self.mock_facts_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.route_maps.route_maps.get_os_version", + ) + self.get_facts_os_version = self.mock_facts_get_os_version.start() + self.get_facts_os_version.return_value = self.test_version + self.maxDiff = None + + def tearDown(self): + super(TestVyosRouteMapsModule, self).tearDown() + self.mock_get_resource_connection_config.stop() + self.mock_get_resource_connection_facts.stop() + self.mock_execute_show_command.stop() + + def load_fixtures(self, commands=None, filename=None): + if filename is None: + filename = "vyos_route_maps_config_v14.cfg" + + def load_from_file(*args, **kwargs): + output = load_fixture(filename) + return output + + self.execute_show_command.side_effect = load_from_file + + def test_vyos_route_maps_merged_idempotent(self): + set_module_args( + dict( + config=[ + dict( + route_map="test3", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + interface="eth2", + metric=1, + peer="1.1.1.2", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="internet"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.20", + local_preference=4, + metric=5, + metric_type="type-1", + origin="egp", + originator_id="10.0.2.3", + src="10.0.2.15", + tag=5, + weight=4, + ), + ), + ], + ), + ], + state="merged", + ), + ) + self.execute_module(changed=False, commands=[]) + + def test_route_maps_merged(self): + set_module_args( + dict( + config=[ + dict( + route_map="test2", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + interface="eth2", + metric=1, + peer="1.1.1.3", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="internet"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.22", + large_community="10:20:21", + local_preference=4, + metric=5, + metric_type="type-2", + origin="egp", + originator_id="10.0.2.2", + src="10.0.2.15", + tag=4, + weight=4, + ), + ), + ], + ), + ], + state="merged", + ), + ) + commands = [ + "set policy route-map test2 rule 1 action permit", + "set policy route-map test2 rule 1 set bgp-extcommunity-rt 22:11", + "set policy route-map test2 rule 1 set ip-next-hop 10.20.10.22", + "set policy route-map test2 rule 1 set ipv6-next-hop global fdda:5cc1:23:4::1f", + "set policy route-map test2 rule 1 set large-community replace 10:20:21", + "set policy route-map test2 rule 1 set local-preference 4", + "set policy route-map test2 rule 1 set metric 5", + "set policy route-map test2 rule 1 set metric-type type-2", + "set policy route-map test2 rule 1 set origin egp", + "set policy route-map test2 rule 1 set originator-id 10.0.2.2", + "set policy route-map test2 rule 1 set src 10.0.2.15", + "set policy route-map test2 rule 1 set tag 4", + "set policy route-map test2 rule 1 set weight 4", + "set policy route-map test2 rule 1 set community replace internet", + "set policy route-map test2 rule 1 match interface eth2", + "set policy route-map test2 rule 1 match metric 1", + "set policy route-map test2 rule 1 match peer 1.1.1.3", + "set policy route-map test2 rule 1 match ipv6 nexthop fdda:5cc1:23:4::1f", + "set policy route-map test2 rule 1 match rpki invalid", + ] + + self.execute_module(changed=True, commands=commands) + + def test_route_maps_extras_merged(self): + set_module_args( + dict( + config=[ + dict( + route_map="test2", + entries=[ + dict( + sequence=1, + action="permit", + call="2", + continue_sequence=2, + match=dict( + rpki="invalid", + interface="eth2", + metric=1, + peer="1.1.1.3", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + community=dict(community_list="235"), + protocol="bgp", + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="internet"), + extcommunity_rt="22:11", + extcommunity_soo="220:110", + extcommunity_bandwidth="100", + extcommunity_bandwidth_non_transitive=True, + atomic_aggregate=True, + aggregator={"ip": "10.20.11.22", "as": "245"}, + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.22", + large_community="10:20:21", + as_path_prepend="100 200 350", + as_path_exclude="150", + local_preference=4, + metric=5, + metric_type="type-2", + origin="egp", + originator_id="10.0.2.2", + src="10.0.2.15", + tag=4, + weight=4, + table=7, + ), + ), + ], + ), + ], + state="merged", + ), + ) + commands = [ + "set policy route-map test2 rule 1 action permit", + "set policy route-map test2 rule 1 call 2", + "set policy route-map test2 rule 1 set bgp-extcommunity-rt 22:11", + "set policy route-map test2 rule 1 set ip-next-hop 10.20.10.22", + "set policy route-map test2 rule 1 set ipv6-next-hop global fdda:5cc1:23:4::1f", + "set policy route-map test2 rule 1 set large-community replace 10:20:21", + "set policy route-map test2 rule 1 set as-path prepend '100 200 350'", + "set policy route-map test2 rule 1 set as-path exclude 150", + "set policy route-map test2 rule 1 set local-preference 4", + "set policy route-map test2 rule 1 set metric 5", + "set policy route-map test2 rule 1 set metric-type type-2", + "set policy route-map test2 rule 1 set origin egp", + "set policy route-map test2 rule 1 set originator-id 10.0.2.2", + "set policy route-map test2 rule 1 set src 10.0.2.15", + "set policy route-map test2 rule 1 set tag 4", + "set policy route-map test2 rule 1 set weight 4", + "set policy route-map test2 rule 1 set table 7", + "set policy route-map test2 rule 1 set community replace internet", + "set policy route-map test2 rule 1 set extcommunity rt 22:11", + "set policy route-map test2 rule 1 set extcommunity soo 220:110", + "set policy route-map test2 rule 1 set extcommunity bandwidth 100", + "set policy route-map test2 rule 1 set extcommunity bandwidth-non-transitive", + "set policy route-map test2 rule 1 set atomic-aggregate", + "set policy route-map test2 rule 1 set aggregator as 245", + "set policy route-map test2 rule 1 set aggregator ip 10.20.11.22", + "set policy route-map test2 rule 1 match interface eth2", + "set policy route-map test2 rule 1 match metric 1", + "set policy route-map test2 rule 1 match peer 1.1.1.3", + "set policy route-map test2 rule 1 match ipv6 nexthop fdda:5cc1:23:4::1f", + "set policy route-map test2 rule 1 match rpki invalid", + "set policy route-map test2 rule 1 match protocol bgp", + "set policy route-map test2 rule 1 match community community-list 235", + "set policy route-map test2 rule 1 continue 2", + ] + + self.execute_module(changed=True, commands=commands) + + def test_route_maps_replaced(self): + set_module_args( + dict( + config=[ + dict( + route_map="test3", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + metric=1, + peer="1.1.1.3", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="100:100"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.22", + large_community="10:20:21", + local_preference=4, + metric=5, + metric_type="type-2", + origin="egp", + originator_id="10.0.2.2", + src="fdda:5cc1:23:4::12", + tag=4, + weight=4, + ), + ), + ], + ), + ], + state="replaced", + ), + ) + commands = [ + "delete policy route-map test3 rule 1 match interface eth2", + "set policy route-map test3 rule 1 set ip-next-hop 10.20.10.22", + "set policy route-map test3 rule 1 set community replace 100:100", + "set policy route-map test3 rule 1 set large-community replace 10:20:21", + "set policy route-map test3 rule 1 set metric-type type-2", + "set policy route-map test3 rule 1 set originator-id 10.0.2.2", + "set policy route-map test3 rule 1 set tag 4", + "set policy route-map test3 rule 1 set src fdda:5cc1:23:4::12", + "set policy route-map test3 rule 1 match peer 1.1.1.3", + ] + self.execute_module(changed=True, commands=commands) + + def test_vyos_route_maps_replaced_idempotent(self): + set_module_args( + dict( + config=[ + dict( + route_map="test3", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + interface="eth2", + metric=1, + peer="1.1.1.2", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="internet"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.20", + local_preference=4, + metric=5, + metric_type="type-1", + origin="egp", + originator_id="10.0.2.3", + src="10.0.2.15", + tag=5, + weight=4, + ), + ), + ], + ), + ], + state="replaced", + ), + ) + self.execute_module(changed=False, commands=[]) + + def test_route_maps_overridden(self): + set_module_args( + dict( + config=[ + dict( + route_map="test2", + entries=[ + dict( + sequence=1, + action="permit", + match=dict(rpki="invalid", peer="1.1.1.3"), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="internet"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.22", + large_community="10:20:21", + local_preference=4, + metric=5, + metric_type="type-2", + origin="egp", + originator_id="10.0.2.2", + src="10.0.2.15", + tag=4, + weight=4, + ), + ), + ], + ), + ], + state="overridden", + ), + ) + commands = [ + "delete policy route-map test3", + "set policy route-map test2 rule 1 action permit", + "set policy route-map test2 rule 1 set bgp-extcommunity-rt 22:11", + "set policy route-map test2 rule 1 set ip-next-hop 10.20.10.22", + "set policy route-map test2 rule 1 set ipv6-next-hop global fdda:5cc1:23:4::1f", + "set policy route-map test2 rule 1 set large-community replace 10:20:21", + "set policy route-map test2 rule 1 set local-preference 4", + "set policy route-map test2 rule 1 set metric 5", + "set policy route-map test2 rule 1 set metric-type type-2", + "set policy route-map test2 rule 1 set origin egp", + "set policy route-map test2 rule 1 set originator-id 10.0.2.2", + "set policy route-map test2 rule 1 set src 10.0.2.15", + "set policy route-map test2 rule 1 set tag 4", + "set policy route-map test2 rule 1 set weight 4", + "set policy route-map test2 rule 1 set community replace internet", + "set policy route-map test2 rule 1 match peer 1.1.1.3", + "set policy route-map test2 rule 1 match rpki invalid", + ] + self.execute_module(changed=True, commands=commands) + + def test_route_maps__deny_overridden(self): + set_module_args( + dict( + config=[ + dict( + route_map="test2", + entries=[ + dict( + sequence=1, + action="deny", + match=dict(rpki="invalid", peer="1.1.1.5"), + ), + ], + ), + ], + state="overridden", + ), + ) + commands = [ + "delete policy route-map test3", + "set policy route-map test2 rule 1 action deny", + "set policy route-map test2 rule 1 match peer 1.1.1.5", + "set policy route-map test2 rule 1 match rpki invalid", + ] + self.execute_module(changed=True, commands=commands) + + def test_vyos_route_maps_overridden_idempotent(self): + set_module_args( + dict( + config=[ + dict( + route_map="test3", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + interface="eth2", + metric=1, + peer="1.1.1.2", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="internet"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.20", + local_preference=4, + metric=5, + metric_type="type-1", + origin="egp", + originator_id="10.0.2.3", + src="10.0.2.15", + tag=5, + weight=4, + ), + ), + ], + ), + ], + state="overridden", + ), + ) + self.execute_module(changed=False, commands=[]) + + def test_vyos_route_maps_rendered(self): + set_module_args( + dict( + config=[ + dict( + route_map="test3", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + interface="eth2", + metric=1, + peer="1.1.1.2", + ipv6=dict(next_hop="fdda:5cc1:23:4::1f"), + ), + set=dict( + ipv6_next_hop=dict( + ip_type="global", + value="fdda:5cc1:23:4::1f", + ), + community=dict(value="internet"), + bgp_extcommunity_rt="22:11", + ip_next_hop="10.20.10.20", + local_preference=4, + metric=5, + metric_type="type-1", + origin="egp", + originator_id="10.0.2.3", + src="10.0.2.15", + tag=5, + weight=4, + ), + ), + ], + ), + dict( + route_map="test1", + entries=[ + dict( + sequence=1, + action="permit", + description="test", + on_match=dict(next=True), + ), + dict( + sequence=2, + action="permit", + on_match=dict(goto=4), + ), + ], + ), + ], + state="rendered", + ), + ) + rendered_cmds = [ + "set policy route-map test3 rule 1 action permit", + "set policy route-map test3 rule 1 set bgp-extcommunity-rt 22:11", + "set policy route-map test3 rule 1 set ip-next-hop 10.20.10.20", + "set policy route-map test3 rule 1 set ipv6-next-hop global fdda:5cc1:23:4::1f", + "set policy route-map test3 rule 1 set local-preference 4", + "set policy route-map test3 rule 1 set metric 5", + "set policy route-map test3 rule 1 set metric-type type-1", + "set policy route-map test3 rule 1 set origin egp", + "set policy route-map test3 rule 1 set originator-id 10.0.2.3", + "set policy route-map test3 rule 1 set src 10.0.2.15", + "set policy route-map test3 rule 1 set tag 5", + "set policy route-map test3 rule 1 set weight 4", + "set policy route-map test3 rule 1 set community replace internet", + "set policy route-map test3 rule 1 match interface eth2", + "set policy route-map test3 rule 1 match metric 1", + "set policy route-map test3 rule 1 match peer 1.1.1.2", + "set policy route-map test3 rule 1 match ipv6 nexthop fdda:5cc1:23:4::1f", + "set policy route-map test3 rule 1 match rpki invalid", + "set policy route-map test1 rule 1 description test", + "set policy route-map test1 rule 1 action permit", + "set policy route-map test1 rule 1 on-match next", + "set policy route-map test1 rule 2 action permit", + "set policy route-map test1 rule 2 on-match goto 4", + ] + result = self.execute_module(changed=False) + self.assertEqual( + sorted(result["rendered"]), + sorted(rendered_cmds), + result["rendered"], + ) + + def test_yos_route_maps_parsed(self): + parsed_str = ( + "set policy route-map test3 rule 1 action 'permit'" + "\nset policy route-map test3 rule 1 match interface 'eth2'\nset policy route-map test3 rule 1 match ipv6 nexthop" + " 'fdda:5cc1:23:4::1f'\nset policy route-map test3 rule 1 match metric '1'\nset policy route-map test3 rule 1 match peer " + "'1.1.1.2'\nset policy route-map test3 rule 1 match rpki 'invalid'\nset policy route-map test3 rule 1 set bgp-extcommunity-rt " + "'22:11'\nset policy route-map test3 rule 1 set community replace 'internet'\nset policy route-map test3 rule 1 set ipv6-next-hop global" + " 'fdda:5cc1:23:4::1f'\nset policy route-map test3 rule 1 set ip-next-hop '10.20.10.20'\nset policy route-map " + "test3 rule 1 set local-preference '4'\nset policy route-map test3 rule 1 set metric '5'\nset policy route-map test3 " + "rule 1 set metric-type 'type-1'\nset policy route-map test3 rule 1 set origin 'egp'\nset policy route-map test3 rule 1 set originator-id " + "'10.0.2.3'\nset policy route-map test3 rule 1 set src '10.0.2.15'" + "\nset policy route-map test3 rule 1 set tag '5'\nset policy route-map test3 rule 1 set weight '4'" + ) + set_module_args(dict(running_config=parsed_str, state="parsed")) + result = self.execute_module(changed=False) + parsed_list = [ + { + "entries": [ + { + "action": "permit", + "match": { + "interface": "eth2", + "ipv6": {"next_hop": "fdda:5cc1:23:4::1f"}, + "metric": 1, + "peer": "1.1.1.2", + "rpki": "invalid", + }, + "sequence": 1, + "set": { + "bgp_extcommunity_rt": "22:11", + "community": {"value": "internet"}, + "ip_next_hop": "10.20.10.20", + "ipv6_next_hop": { + "ip_type": "global", + "value": "fdda:5cc1:23:4::1f", + }, + "local_preference": "4", + "metric": "5", + "metric_type": "type-1", + "origin": "egp", + "originator_id": "10.0.2.3", + "src": "10.0.2.15", + "tag": "5", + "weight": "4", + }, + }, + ], + "route_map": "test3", + }, + ] + self.assertEqual(parsed_list, result["parsed"]) + + def test_vyos_route_maps_gathered(self): + set_module_args(dict(state="gathered")) + result = self.execute_module(changed=False) + gathered_list = [ + { + "entries": [ + { + "action": "permit", + "match": { + "interface": "eth2", + "ipv6": {"next_hop": "fdda:5cc1:23:4::1f"}, + "metric": 1, + "peer": "1.1.1.2", + "rpki": "invalid", + }, + "sequence": 1, + "set": { + "bgp_extcommunity_rt": "22:11", + "community": {"value": "internet"}, + "ip_next_hop": "10.20.10.20", + "ipv6_next_hop": { + "ip_type": "global", + "value": "fdda:5cc1:23:4::1f", + }, + "local_preference": "4", + "metric": "5", + "metric_type": "type-1", + "origin": "egp", + "originator_id": "10.0.2.3", + "src": "10.0.2.15", + "tag": "5", + "weight": "4", + }, + }, + ], + "route_map": "test3", + }, + ] + self.assertEqual(gathered_list, result["gathered"]) + + def test_vyos_route_maps_deleted(self): + set_module_args( + dict( + config=[ + dict( + route_map="test3", + entries=[ + dict( + sequence=1, + action="permit", + match=dict( + rpki="invalid", + interface="eth2", + ), + set=dict( + origin="egp", + originator_id="10.0.2.3", + src="10.0.2.15", + tag=5, + weight=4, + ), + ), + ], + ), + ], + state="deleted", + ), + ) + commands = ["delete policy route-map test3"] + self.execute_module(changed=True, commands=commands) diff --git a/tests/unit/modules/network/vyos/test_vyos_system.py b/tests/unit/modules/network/vyos/test_vyos_system.py index cf405cab..5edfa0df 100644 --- a/tests/unit/modules/network/vyos/test_vyos_system.py +++ b/tests/unit/modules/network/vyos/test_vyos_system.py @@ -45,11 +45,26 @@ class TestVyosSystemModule(TestVyosModule): ) self.load_config = self.mock_load_config.start() + self.mock_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.modules.vyos_system.get_os_version", + ) + self.test_version = "1.2" + self.get_os_version = self.mock_get_os_version.start() + self.get_os_version.return_value = self.test_version + self.mock_facts_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.modules.vyos_system.get_os_version", + ) + self.get_facts_os_version = self.mock_facts_get_os_version.start() + self.get_facts_os_version.return_value = self.test_version + self.maxDiff = None + def tearDown(self): super(TestVyosSystemModule, self).tearDown() self.mock_get_config.stop() self.mock_load_config.stop() + self.mock_get_os_version.stop() + self.mock_facts_get_os_version.stop() def load_fixtures(self, commands=None, filename=None): self.get_config.return_value = load_fixture("vyos_config_config.cfg") @@ -112,3 +127,67 @@ class TestVyosSystemModule(TestVyosModule): "delete system name-server", ] self.execute_module(changed=True, commands=commands) + + +class TestVyosSystemModule14(TestVyosModule): + module = vyos_system + + def setUp(self): + super(TestVyosSystemModule14, self).setUp() + + self.mock_get_config = patch( + "ansible_collections.vyos.vyos.plugins.modules.vyos_system.get_config", + ) + self.get_config = self.mock_get_config.start() + + self.mock_load_config = patch( + "ansible_collections.vyos.vyos.plugins.modules.vyos_system.load_config", + ) + self.load_config = self.mock_load_config.start() + + self.mock_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.modules.vyos_system.get_os_version", + ) + self.test_version = "1.4" + self.get_os_version = self.mock_get_os_version.start() + self.get_os_version.return_value = self.test_version + self.mock_facts_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.modules.vyos_system.get_os_version", + ) + self.get_facts_os_version = self.mock_facts_get_os_version.start() + self.get_facts_os_version.return_value = self.test_version + self.maxDiff = None + + def tearDown(self): + super(TestVyosSystemModule14, self).tearDown() + + self.mock_get_config.stop() + self.mock_load_config.stop() + self.mock_get_os_version.stop() + self.mock_facts_get_os_version.stop() + + def load_fixtures(self, commands=None, filename=None): + self.get_config.return_value = load_fixture("vyos_config_config.cfg") + + def test_vyos_system_domain_search(self): + set_module_args(dict(domain_search=["foo.example.com", "bar.example.com"])) + commands = [ + "set system domain-search 'foo.example.com'", + "set system domain-search 'bar.example.com'", + ] + self.execute_module(changed=True, commands=commands) + + def test_vyos_system_clear_domain_search(self): + set_module_args(dict(domain_search=[])) + commands = ["delete system domain-search"] + self.execute_module(changed=True, commands=commands) + + def test_vyos_system_clear_all(self): + set_module_args(dict(state="absent")) + commands = [ + "delete system host-name", + "delete system domain-search", + "delete system domain-name", + "delete system name-server", + ] + self.execute_module(changed=True, commands=commands) |