diff options
Diffstat (limited to 'plugins')
33 files changed, 2489 insertions, 840 deletions
diff --git a/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py b/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py index 196db0c7..5b6d404d 100644 --- a/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py +++ b/plugins/module_utils/network/vyos/argspec/route_maps/route_maps.py @@ -74,6 +74,8 @@ class Route_mapsArgs(object): # pylint: disable=R0903 }, "extcommunity_rt": {"type": "str"}, "extcommunity_soo": {"type": "str"}, + "extcommunity_bandwidth": {"type": "str"}, + "extcommunity_bandwidth_non_transitive": {"type": "bool"}, "ip_next_hop": {"type": "str"}, "ipv6_next_hop": { "type": "dict", @@ -100,6 +102,7 @@ class Route_mapsArgs(object): # pylint: disable=R0903 "src": {"type": "str"}, "tag": {"type": "str"}, "weight": {"type": "str"}, + "table": {"type": "str"}, }, }, "match": { @@ -178,6 +181,23 @@ class Route_mapsArgs(object): # pylint: disable=R0903 "next_hop": {"type": "str"}, }, }, + "protocol": { + "type": "str", + "choices": [ + "babel", + "bgp", + "connected", + "isis", + "kernel", + "ospf", + "ospfv3", + "rip", + "ripng", + "static", + "table", + "vnc", + ], + }, "large_community_large_community_list": { "type": "str", }, diff --git a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py index e2a25e32..0d73d209 100644 --- a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py @@ -31,11 +31,11 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils list_diff_want_only, in_target_not_none, ) - +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version -from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import LooseVersion - class Firewall_global(ConfigBase): """ @@ -258,11 +258,7 @@ class Firewall_global(ConfigBase): self._form_attr_cmd(attr=key, key=self._bool_to_str(val), opr=opr), ) continue - if ( - key in l_set - and not self._in_target(h, key) - and not self._is_del(l_set, h) - ): + if key in l_set and not self._in_target(h, key) and not self._is_del(l_set, h): commands.append( self._form_attr_cmd(attr=key, val=self._bool_to_str(val), opr=opr), ) @@ -373,6 +369,8 @@ class Firewall_global(ConfigBase): ) elif not opr and key in l_set: if key == "name" and self._is_grp_del(h, want, key): + if commands[-1] == cmd + " " + want["name"] + " " + self._grp_type(attr): + commands.pop() commands.append(cmd + " " + want["name"]) continue if not (h and in_target_not_none(h, key)) and not self._is_grp_del(h, want, "name"): @@ -435,6 +433,14 @@ class Firewall_global(ConfigBase): + " " + member[self._get_mem_type(type)], ) + elif not opr and not have: + commands.append( + cmd + + " " + + name + + " " + + self._grp_type(type), + ) return commands def _get_mem_type(self, group): @@ -473,7 +479,9 @@ class Firewall_global(ConfigBase): for key, val in iteritems(w): if val and key != "connection_type": if opr and key in l_set and not (h and self._is_w_same(w, h, key)): - if key == "log" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if key == "log" and LooseVersion( + get_os_version(self._module), + ) >= LooseVersion("1.4"): commands.append( self._form_attr_cmd( key=attr + " " + w["connection_type"], @@ -499,7 +507,9 @@ class Firewall_global(ConfigBase): ), ) break # delete the whole thing and move on - if (not self._in_target(h, key) or h[key] is None) and (self._in_target(w, key) and w[key]): + if (not self._in_target(h, key) or h[key] is None) and ( + self._in_target(w, key) and w[key] + ): # delete if not being replaced and value currently exists commands.append( self._form_attr_cmd( @@ -531,11 +541,11 @@ class Firewall_global(ConfigBase): if want: for w in want: h = self.search_attrib_in_have(have, w, "afi") - if 'afi' in w: - afi = w['afi'] + if "afi" in w: + afi = w["afi"] else: - if h and 'afi' in h: - afi = h['afi'] + if h and "afi" in h: + afi = h["afi"] else: afi = None afi = None @@ -547,7 +557,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) elif not opr and key in l_set: @@ -557,7 +567,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) continue @@ -567,7 +577,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) elif key == "icmp_redirects": @@ -587,11 +597,11 @@ class Firewall_global(ConfigBase): commands = [] h_red = {} l_set = ("send", "receive") - if w and 'afi' in w: - afi = w['afi'] + if w and "afi" in w: + afi = w["afi"] else: - if h and 'afi' in h: - afi = h['afi'] + if h and "afi" in h: + afi = h["afi"] else: afi = None if w[attr]: @@ -600,7 +610,12 @@ class Firewall_global(ConfigBase): for item, value in iteritems(w[attr]): if opr and item in l_set and not (h_red and self._is_w_same(w[attr], h_red, item)): commands.append( - self._form_attr_cmd(attr=item, val=self._bool_to_str(value), opr=opr, type=afi) + self._form_attr_cmd( + attr=item, + val=self._bool_to_str(value), + opr=opr, + type=afi, + ), ) elif ( not opr @@ -634,7 +649,12 @@ class Firewall_global(ConfigBase): :param type: AF type of attribute. :return: generated command. """ - command = self._compute_command(key=key, attr=self._map_attrib(attr, type=type), val=val, opr=opr) + command = self._compute_command( + key=key, + attr=self._map_attrib(attr, type=type), + val=val, + opr=opr, + ) return command def _compute_command(self, key=None, attr=None, val=None, remove=False, opr=True): @@ -651,14 +671,20 @@ class Firewall_global(ConfigBase): cmd = "delete firewall " else: cmd = "set firewall " - if attr and key != "group" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if ( + attr + and key != "group" + and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4") + ): cmd += "global-options " if key: cmd += key.replace("_", "-") + " " if attr: cmd += attr.replace("_", "-") if val and opr: - if key == "state_policy" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if key == "state_policy" and LooseVersion(get_os_version(self._module)) >= LooseVersion( + "1.4", + ): cmd += "" else: cmd += " '" + str(val) + "'" diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py index 5c2ef6ca..bb6055b7 100644 --- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py @@ -1167,13 +1167,19 @@ class Firewall_rules(ConfigBase): return True elif isinstance(w, list) and isinstance(rs, list): try: - sorted_list1 = sorted(w, key=lambda x: str(x)) # pylint: disable=unnecessary-lambda - sorted_list2 = sorted( - rs, - key=lambda x: str(x), # pylint: disable=unnecessary-lambda - ) + def comparison(x): + if 'name' in x: + return x['name'] + if 'number' in x: + return x['number'] + return str(x) + + sorted_list1 = sorted(w, key=comparison) + sorted_list2 = sorted(rs, key=comparison) except TypeError: return False + if len(sorted_list1) != len(sorted_list2): + return False return all(self._is_same_rs(x, y) for x, y in zip(sorted_list1, sorted_list2)) else: return w == rs diff --git a/plugins/module_utils/network/vyos/config/route_maps/route_maps.py b/plugins/module_utils/network/vyos/config/route_maps/route_maps.py index 9b6c3e9d..9692a253 100644 --- a/plugins/module_utils/network/vyos/config/route_maps/route_maps.py +++ b/plugins/module_utils/network/vyos/config/route_maps/route_maps.py @@ -31,6 +31,13 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps import ( Route_mapsTemplate, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps_14 import ( + Route_mapsTemplate14, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version class Route_maps(ResourceModule): @@ -59,6 +66,8 @@ class Route_maps(ResourceModule): "set_bgp_extcommunity_rt", "set_extcommunity_rt", "set_extcommunity_soo", + "set_extcommunity_bandwidth", + "set_extcommunity_bandwidth_non_transitive", "set_ip_next_hop", "set_ipv6_next_hop", "set_large_community", @@ -70,6 +79,7 @@ class Route_maps(ResourceModule): "set_src", "set_tag", "set_weight", + "set_table", "set_comm_list", "set_comm_list_delete", "set_community", @@ -89,15 +99,34 @@ class Route_maps(ResourceModule): "on_match_next", "match_ipv6_address", "match_ipv6_nexthop", + "match_protocol", "match_rpki", ] + def _validate_template(self): + version = get_os_version(self._module) + if LooseVersion(version) >= LooseVersion("1.4"): + self._tmplt = Route_mapsTemplate14() + else: + self._tmplt = Route_mapsTemplate() + + def parse(self): + """override parse to check template""" + self._validate_template() + return super().parse() + + def get_parser(self, name): + """get_parsers""" + self._validate_template() + return super().get_parser(name) + def execute_module(self): """Execute the module :rtype: A dictionary :returns: The result from module execution """ + self._validate_template() if self.state not in ["parsed", "gathered"]: self.generate_commands() self.run_commands() diff --git a/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py b/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py index 2ad54e63..cfae26e3 100644 --- a/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py +++ b/plugins/module_utils/network/vyos/facts/route_maps/route_maps.py @@ -25,6 +25,13 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.rou from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps import ( Route_mapsTemplate, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.route_maps_14 import ( + Route_mapsTemplate14, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version class Route_mapsFacts(object): @@ -59,11 +66,18 @@ class Route_mapsFacts(object): """ facts = {} objs = [] + + if LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + route_maps_class = Route_mapsTemplate14 + else: + route_maps_class = Route_mapsTemplate + if not data: data = self.get_config(connection) # parse native config using the Route_maps template - route_maps_parser = Route_mapsTemplate(lines=data.splitlines()) + route_maps_parser = route_maps_class(lines=data.splitlines()) + if route_maps_parser.parse().get("route_maps"): objs = list(route_maps_parser.parse().get("route_maps").values()) for item in objs: diff --git a/plugins/module_utils/network/vyos/rm_templates/route_maps.py b/plugins/module_utils/network/vyos/rm_templates/route_maps.py index 8f218a6b..c6b88f7b 100644 --- a/plugins/module_utils/network/vyos/rm_templates/route_maps.py +++ b/plugins/module_utils/network/vyos/rm_templates/route_maps.py @@ -310,12 +310,12 @@ class Route_mapsTemplate(NetworkTemplate): "name": "set_as_path_prepend", "getval": re.compile( r""" - ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path-prepend\s(?P<as>\S+) - *$""", + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path-prepend\s(?P<as>.*) + $""", re.VERBOSE, ), "compval": "set.as_path_prepend", - "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path-prepend {{set.as_path_prepend}}", + "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path-prepend '{{set.as_path_prepend}}'", "result": { "route_maps": { "{{ route_map }}": { @@ -337,10 +337,11 @@ class Route_mapsTemplate(NetworkTemplate): "name": "set_atomic_aggregate", "getval": re.compile( r""" - ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\satomic-aggregate(?P<as>) + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\s(?P<as>atomic-aggregate) *$""", re.VERBOSE, ), + "compval": "set.atomic_aggregate", "setval": "policy route-map {{route_map}} rule {{sequence}} set atomic-aggregate", "result": { "route_maps": { @@ -391,13 +392,13 @@ class Route_mapsTemplate(NetworkTemplate): "name": "set_comm_list", "getval": re.compile( r""" - ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\scomm-list\scomm-list\s(?P<comm_list>\S+) + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\scommunity-list\s(?P<comm_list>\S+) *$""", re.VERBOSE, ), - "compval": "set.comm_list.comm_list", + "compval": "match.community.community_list", "setval": "policy route-map {{route_map}} rule {{sequence}} " - "set comm-list comm-list {{set.comm_list.comm_list}}", + "match community community-list {{set.comm_list.comm_list}}", "result": { "route_maps": { "{{ route_map }}": { @@ -406,8 +407,8 @@ class Route_mapsTemplate(NetworkTemplate): "{{sequence}}": { "sequence": "{{sequence}}", - "set": { - "comm_list": {"comm_list": "{{comm_list}}"}, + "match": { + "community": {"community_list": "{{comm_list}}"}, }, }, }, @@ -500,6 +501,62 @@ class Route_mapsTemplate(NetworkTemplate): }, }, { + "name": "set_extcommunity_bandwidth", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\sbandwidth\s(?P<extcommunity_bw>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth {{set.extcommunity_bandwidth}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth": "{{extcommunity_bw}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_bandwidth_non_transitive", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\s(?P<extcommunity_bw_nt>bandwidth-non-transitive) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth_non_transitive", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth-non-transitive", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth_non_transitive": "{{True if extcommunity_bw_nt is defined}}", + }, + }, + }, + }, + }, + }, + }, + { "name": "set_ip_next_hop", "getval": re.compile( r""" @@ -813,6 +870,34 @@ class Route_mapsTemplate(NetworkTemplate): }, }, { + "name": "set_table", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\stable\s(?P<table>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.weight", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set table {{set.table}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "table": "{{table}}", + }, + }, + }, + }, + }, + }, + }, + { "name": "set_community", "getval": re.compile( r""" @@ -1261,6 +1346,33 @@ class Route_mapsTemplate(NetworkTemplate): }, }, { + "name": "match_protocol", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sprotocol\s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.protocol", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match protocol {{match.protocol}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "protocol": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + { "name": "match_rpki", "getval": re.compile( r""" diff --git a/plugins/module_utils/network/vyos/rm_templates/route_maps_14.py b/plugins/module_utils/network/vyos/rm_templates/route_maps_14.py new file mode 100644 index 00000000..6564280d --- /dev/null +++ b/plugins/module_utils/network/vyos/rm_templates/route_maps_14.py @@ -0,0 +1,1405 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +""" +The Route_maps parser templates file. This contains +a list of parser definitions and associated functions that +facilitates both facts gathering and native command generation for +the given network resource. +""" + +import re + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.network_template import ( + NetworkTemplate, +) + + +class Route_mapsTemplate14(NetworkTemplate): + def __init__(self, lines=None): + prefix = {"set": "set", "remove": "delete"} + super(Route_mapsTemplate14, self).__init__(lines=lines, tmplt=self, prefix=prefix) + + # fmt: off + PARSERS = [ + { + "name": "route_map", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+) + *$""", + re.VERBOSE, + ), + "compval": "route_map", + "setval": "policy route-map {{route_map}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + }, + }, + }, + }, + { + "name": "sequence", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+) + *$""", + re.VERBOSE, + ), + "compval": "sequence", + "setval": "policy route-map {{route_map}} rule {{sequence}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + }, + }, + }, + }, + }, + }, + { + "name": "call", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\scall\s(?P<call>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} call {{call}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "call": "{{call}}", + }, + }, + }, + }, + }, + }, + { + "name": "description", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sdescription\s(?P<description>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} description {{description}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "description": "{{description}}", + }, + }, + }, + }, + }, + }, + { + "name": "action", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\saction\s(?P<action>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} action {{action}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "action": "{{action}}", + }, + }, + }, + }, + }, + }, + { + "name": "continue_sequence", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\scontinue\s(?P<continue>\S+) + *$""", + re.VERBOSE, + ), + "setval": "policy route-map {{route_map}} rule {{sequence}} continue {{continue_sequence}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "continue_sequence": "{{continue}}", + }, + }, + }, + }, + }, + }, + { + "name": "on_match_next", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\son-match\s(?P<next>next) + *$""", + re.VERBOSE, + ), + "compval": "on_match.next", + "setval": "policy route-map {{route_map}} rule {{sequence}} on-match next", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "on_match": { + "next": "{{True if next is defined}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "on_match_goto", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\son-match\sgoto\s(?P<goto>\S+) + *$""", + re.VERBOSE, + ), + "compval": "on_match.goto", + "setval": "policy route-map {{route_map}} rule {{sequence}} on-match goto {{on_match.goto}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "on_match": { + "goto": "{{goto}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_aggregator_ip", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\saggregator\sip\s(?P<ip>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.aggregator.ip", + "setval": "policy route-map {{route_map}} rule {{sequence}} set aggregator ip {{set.aggregator.ip}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "aggregator": { + "ip": "{{ip}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_aggregator_as", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\saggregator\sas\s(?P<as>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.aggregator.as", + "setval": "policy route-map {{route_map}} rule {{sequence}} set aggregator as {{set.aggregator.as}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "aggregator": { + "as": "{{as}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_as_path_exclude", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path\sexclude\s(?P<as>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.as_path_exclude", + "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path exclude {{set.as_path_exclude}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "as_path_exclude": "{{as}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_as_path_prepend", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sas-path\sprepend\s(?P<as>.*) + $""", + re.VERBOSE, + ), + "compval": "set.as_path_prepend", + "setval": "policy route-map {{route_map}} rule {{sequence}} set as-path prepend '{{set.as_path_prepend}}'", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "as_path_prepend": "{{as}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_atomic_aggregate", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\s(?P<as>atomic-aggregate) + *$""", + re.VERBOSE, + ), + "compval": "set.atomic_aggregate", + "setval": "policy route-map {{route_map}} rule {{sequence}} set atomic-aggregate", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "atomic_aggregate": "{{True if as is defined}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_bgp_extcommunity_rt", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sbgp-extcommunity-rt\s(?P<bgp>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.bgp_extcommunity_rt", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set bgp-extcommunity-rt {{set.bgp_extcommunity_rt}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "bgp_extcommunity_rt": "{{bgp}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_comm_list", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\scommunity-list\s(?P<comm_list>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.community.community_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match community community-list {{set.comm_list.comm_list}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "community": {"community_list": "{{comm_list}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_comm_list_delete", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\scomm-list\sdelete(?P<delete>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.comm_list.comm_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set comm-list delete", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "comm_list": {"delete": "{{True if delete is defined}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_rt", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\srt\s(?P<extcommunity_rt>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_rt", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity rt {{set.extcommunity_rt}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_rt": "{{extcommunity_rt}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_soo", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\ssoo\s(?P<extcommunity_soo>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_soo", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity soo {{set.extcommunity_soo}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_soo": "{{extcommunity_soo}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_bandwidth", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\sbandwidth\s(?P<extcommunity_bw>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth {{set.extcommunity_bandwidth}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth": "{{extcommunity_bw}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_extcommunity_bandwidth_non_transitive", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sextcommunity\s(?P<extcommunity_bw_nt>bandwidth-non-transitive) + *$""", + re.VERBOSE, + ), + "compval": "set.extcommunity_bandwidth_non_transitive", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set extcommunity bandwidth-non-transitive", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "extcommunity_bandwidth_non_transitive": "{{True if extcommunity_bw_nt is defined}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_ip_next_hop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sip-next-hop\s(?P<ip_next_hop>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.ip_next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set ip-next-hop {{set.ip_next_hop}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "ip_next_hop": "{{ip_next_hop}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_ipv6_next_hop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sipv6-next-hop + \s(?P<type>global|local) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.ipv6_next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set ipv6-next-hop {{set.ipv6_next_hop.ip_type}} {{set.ipv6_next_hop.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "ipv6_next_hop": { + "ip_type": "{{type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_large_community", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\slarge-community\s(?P<op>none|replace\s(?P<large_community>\S+)) + $""", + re.VERBOSE, + ), + "compval": "set.large_community", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set large-community {{set.large_community if set.large_community == 'none' else 'replace ' + set.large_community}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "large_community": "{{op if op == 'none' else large_community}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_local_preference", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\slocal-preference\s(?P<local_preference>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.local_preference", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set local-preference {{set.local_preference}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "local_preference": "{{local_preference}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_metric", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\smetric\s(?P<metric>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.metric", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set metric {{set.metric}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "metric": "{{metric}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_metric_type", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\smetric-type\s(?P<metric_type>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.metric_type", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set metric-type {{set.metric_type}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "metric_type": "{{metric_type}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_origin", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sorigin\s(?P<origin>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.origin", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set origin {{set.origin}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "origin": "{{origin}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_originator_id", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\soriginator-id\s(?P<originator_id>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.originator_id", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set originator-id {{set.originator_id}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "originator_id": "{{originator_id}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_src", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\ssrc\s(?P<src>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.src", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set src {{set.src}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "src": "{{src}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_tag", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\stag\s(?P<tag>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.tag", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set tag {{set.tag}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "tag": "{{tag}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_weight", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\sweight\s(?P<weight>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.weight", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set weight {{set.weight}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "weight": "{{weight}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_table", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\stable\s(?P<table>\S+) + *$""", + re.VERBOSE, + ), + "compval": "set.weight", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set table {{set.table}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "table": "{{table}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "set_community", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\sset\scommunity\s(?P<op>none|replace\s(?P<value>\S+)) + $""", + re.VERBOSE, + ), + "compval": "set.community.value", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "set community {{set.community.value if set.community.value == 'none' else 'replace ' + set.community.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "set": { + "community": { + "value": "{{op if op == 'none' else value}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_as_path", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sas-path\s(?P<as_path>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.as_path", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match as-path {{match.as_path}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "as_path": "{{as_path}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_community_community_list", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\scommunity-list\s(?P<community_list>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.community.community_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match community community-list {{match.community.community_list}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "community": {"community_list": "{{community_list}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_community_exact_match", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\scommunity\sexact-match(?P<exact_match>) + *$""", + re.VERBOSE, + ), + "compval": "match.community.exact_match", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match community exact-match", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "community": {"exact_match": "{{True if exact_match is defined}}"}, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_extcommunity", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sextcommunity\s(?P<extcommunity>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.extcommunity", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match extcommunity {{match.extcommunity}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "extcommunity": "{{extcommunity}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_interface", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sinterface\s(?P<interface>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.interface", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match interface {{match.interface}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "interface": "{{interface}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_large_community_large_community_list", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\slarge-community\slarge-community-list\s(?P<lc>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.large_community_large_community_list", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match large-community large-community-list {{match.large_community_large_community_list}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "large_community_large_community_list": "{{lc}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_metric", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\smetric\s(?P<metric>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.metric", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match metric {{match.metric}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "metric": "{{metric}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_origin", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sorigin\s(?P<origin>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.origin", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match origin {{match.origin}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "origin": "{{origin}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_peer", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\speer\s(?P<peer>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.peer", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match peer {{match.peer}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": + { + "sequence": "{{sequence}}", + "match": { + "peer": "{{peer}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ip_address", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sip\saddress + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ip.address", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ip address {{match.ip.address.list_type}} {{match.ip.address.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ip": { + "address": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ip_next_hop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sip\snexthop + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ip.next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ip nexthop {{match.ip.next_hop.list_type}} {{match.ip.next_hop.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ip": { + "next_hop": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ip_route_source", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sip\sroute-source + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ip.route_source", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ip route-source {{match.ip.route_source.list_type}} {{match.ip.route_source.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ip": { + "route_source": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ipv6_address", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sipv6\saddress + \s(?P<list_type>access-list|prefix-list) + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ipv6.address", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ipv6 address {{match.ipv6.address.list_type}} {{match.ipv6.address.value}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ipv6": { + "address": { + "list_type": "{{list_type}}", + "value": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_ipv6_nexthop", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sipv6\snexthop + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.ipv6.next_hop", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match ipv6 nexthop {{match.ipv6.next_hop}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "ipv6": { + "next_hop": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_protocol", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\sprotocol\s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.protocol", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match protocol {{match.protocol}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "protocol": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + { + "name": "match_rpki", + "getval": re.compile( + r""" + ^set\spolicy\sroute-map\s(?P<route_map>\S+)\srule\s(?P<sequence>\d+)\smatch\srpki + \s(?P<value>\S+) + *$""", + re.VERBOSE, + ), + "compval": "match.rpki", + "setval": "policy route-map {{route_map}} rule {{sequence}} " + "match rpki {{match.rpki}}", + "result": { + "route_maps": { + "{{ route_map }}": { + "route_map": '{{ route_map }}', + "entries": { + "{{sequence}}": { + "sequence": "{{sequence}}", + "match": { + "rpki": "{{value}}", + }, + }, + }, + }, + }, + }, + }, + + ] + # fmt: on diff --git a/plugins/module_utils/network/vyos/vyos.py b/plugins/module_utils/network/vyos/vyos.py index 1430b1b1..6bd8daee 100644 --- a/plugins/module_utils/network/vyos/vyos.py +++ b/plugins/module_utils/network/vyos/vyos.py @@ -34,6 +34,7 @@ import json from ansible.module_utils._text import to_text from ansible.module_utils.connection import Connection, ConnectionError + _DEVICE_CONFIGS = {} @@ -68,8 +69,13 @@ def get_config(module, flags=None, format=None): flags = [] if flags is None else flags global _DEVICE_CONFIGS - if _DEVICE_CONFIGS != {}: - return _DEVICE_CONFIGS + # If _DEVICE_CONFIGS is non-empty and module.params["match"] is "none", + # return the cached device configurations. This avoids redundant calls + # to the connection when no specific match criteria are provided. + if _DEVICE_CONFIGS != {} and ( + module.params["match"] is not None and module.params["match"] == "none" + ): + return to_text(_DEVICE_CONFIGS) else: connection = get_connection(module) try: diff --git a/plugins/modules/vyos_banner.py b/plugins/modules/vyos_banner.py index 6b1da84b..c6598023 100644 --- a/plugins/modules/vyos_banner.py +++ b/plugins/modules/vyos_banner.py @@ -33,7 +33,7 @@ description: VyOS. It allows playbooks to add or remote banner text from the active running configuration. version_added: 1.0.0 notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: banner: diff --git a/plugins/modules/vyos_bgp_address_family.py b/plugins/modules/vyos_bgp_address_family.py index 14c3605d..c59b43e4 100644 --- a/plugins/modules/vyos_bgp_address_family.py +++ b/plugins/modules/vyos_bgp_address_family.py @@ -19,7 +19,8 @@ version_added: 1.0.0 short_description: BGP Address Family resource module description: - This module manages BGP address family configuration of interfaces on devices running VYOS. -- Tested against VYOS 1.3, 1.4 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ author: Gomathi Selvi Srinivasan (@GomathiselviS) options: config: @@ -285,17 +286,18 @@ EXAMPLES = """ # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ # # Module Execution: @@ -363,17 +365,17 @@ EXAMPLES = """ # "before": {}, # "changed": true, # "commands": [ -# "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" +# "set protocols bgp address-family ipv4-unicast redistribute static metric 50", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ], # @@ -382,17 +384,18 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' # vyos@vyos:~$ - name: Replace provided configuration with device configuration @@ -422,15 +425,16 @@ EXAMPLES = """ # After State: # # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ # # @@ -549,39 +553,40 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number 4", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export 10", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix 45", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self" # ], # Using overridden # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only -# set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast network 35.1.1.0/24 backdoor +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only +# set protocols bgp address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list export '10' # vyos@vyos:~$ - name: Override @@ -611,13 +616,14 @@ EXAMPLES = """ # After State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ @@ -742,21 +748,21 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast default-originate", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast as-override", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", -# "delete protocols bgp 100 address-family ipv6 aggregate-address", -# "delete protocols bgp 100 address-family ipv6 network", -# "delete protocols bgp 100 address-family ipv4 network", -# "delete protocols bgp 100 address-family ipv4 redistribute", -# "set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", -# "set protocols bgp 100 address-family ipv6-unicast redistribute static metric 50", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" +# "delete protocols bgp neighbor 20.33.1.1/24 address-family", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast distribute-list", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast default-originate", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast attribute-unchanged", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast as-override", +# "delete protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast allowas-in", +# "delete protocols bgp address-family ipv6 aggregate-address", +# "delete protocols bgp address-family ipv6 network", +# "delete protocols bgp address-family ipv4 network", +# "delete protocols bgp address-family ipv4 redistribute", +# "set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only", +# "set protocols bgp address-family ipv6-unicast redistribute static metric 50", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix 45", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import map01" # ], # @@ -765,22 +771,23 @@ EXAMPLES = """ # Before State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight '50' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self -# set protocols bgp 100 neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast aggregate-address 60.9.2.0/24 summary-only +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map 'map01' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export '10' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import 'map01' +# set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight '50' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast maximum-prefix '45' +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast nexthop-self +# set protocols bgp neighbor 100.11.34.12 address-family ipv6-unicast route-map import 'map01' # vyos@vyos:~$ - name: Delete @@ -800,11 +807,12 @@ EXAMPLES = """ # After State: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 # vyos@vyos:~$ # # @@ -927,9 +935,9 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 100 address-family ipv4-unicast", -# "delete protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast", -# "delete protocols bgp 100 neighbor 100.11.34.12 address-family" +# "delete protocols bgp address-family ipv4-unicast", +# "delete protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast", +# "delete protocols bgp neighbor 100.11.34.12 address-family" # ], # @@ -1019,15 +1027,16 @@ EXAMPLES = """ # Native config: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 100 address-family ipv4-unicast network 35.1.1.0/24 backdoor -# set protocols bgp 100 address-family ipv4-unicast redistribute static metric '50' -# set protocols bgp 100 address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only -# set protocols bgp 100 address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' -# set protocols bgp 100 address-family ipv6-unicast redistribute static metric '50' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override -# set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med -# set protocols bgp 100 neighbor 100.11.34.12 +# set protocols bgp system-as 100 +# set protocols bgp address-family ipv4-unicast network 35.1.1.0/24 backdoor +# set protocols bgp address-family ipv4-unicast redistribute static metric '50' +# set protocols bgp address-family ipv6-unicast aggregate-address 6601:1:1:1::/64 summary-only +# set protocols bgp address-family ipv6-unicast network 5001:1:1:1::/64 route-map 'map01' +# set protocols bgp address-family ipv6-unicast redistribute static metric '50' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number '4' +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override +# set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med +# set protocols bgp neighbor 100.11.34.12 - name: gather configs vyos.vyos.vyos_bgp_address_family: @@ -1131,17 +1140,17 @@ EXAMPLES = """ # Module Execution: # "rendered": [ -# "set protocols bgp 100 address-family ipv4-unicast redistribute static metric 50", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", -# "set protocols bgp 100 neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", -# "set protocols bgp 100 neighbor 100.11.34.12 address-family ipv4-unicast weight 50" +# "set protocols bgp address-family ipv4-unicast redistribute static metric 50", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast allowas-in number 4", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast as-override", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv4-unicast attribute-unchanged med", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast default-originate route-map map01", +# "set protocols bgp neighbor 20.33.1.1/24 address-family ipv6-unicast distribute-list export 10", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast maximum-prefix 45", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast nexthop-self", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map export map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast route-map import map01", +# "set protocols bgp neighbor 100.11.34.12 address-family ipv4-unicast weight 50" # ] """ diff --git a/plugins/modules/vyos_bgp_global.py b/plugins/modules/vyos_bgp_global.py index 4d7db472..fe14bc0f 100644 --- a/plugins/modules/vyos_bgp_global.py +++ b/plugins/modules/vyos_bgp_global.py @@ -19,7 +19,8 @@ version_added: 1.0.0 short_description: BGP global resource module description: - This module manages BGP global configuration of interfaces on devices running VYOS. -- Tested against VYOS 1.3, 1.4 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ author: - Gomathi Selvi Srinivasan (@GomathiselviS) options: @@ -539,33 +540,34 @@ EXAMPLES = """ # After State # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' -# set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' -# set protocols bgp 65536 maximum-paths ebgp '20' -# set protocols bgp 65536 maximum-paths ibgp '55' -# set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' -# set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' -# set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' -# set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' -# set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' -# set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' -# set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' -# set protocols bgp 65536 network 192.1.13.0/24 'backdoor' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters confederation identifier '66' -# set protocols bgp 65536 parameters confederation peers '20' -# set protocols bgp 65536 parameters confederation peers '55' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters router-id '192.1.2.9' -# set protocols bgp 65536 redistribute connected route-map 'map01' -# set protocols bgp 65536 redistribute kernel metric '45' -# set protocols bgp 65536 timers keepalive '35' +# set protocols bgp system-as 65536 +# set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' +# set protocols bgp aggregate-address 203.0.113.0/24 'as-set' +# set protocols bgp maximum-paths ebgp '20' +# set protocols bgp maximum-paths ibgp '55' +# set protocols bgp neighbor 192.0.2.25 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.25 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.25 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' +# set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' +# set protocols bgp neighbor 203.0.113.5 remote-as '101' +# set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' +# set protocols bgp neighbor 5001::64 distribute-list export '20' +# set protocols bgp neighbor 5001::64 distribute-list import '40' +# set protocols bgp neighbor 5001::64 maximum-prefix '34' +# set protocols bgp network 192.1.13.0/24 'backdoor' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters confederation identifier '66' +# set protocols bgp parameters confederation peers '20' +# set protocols bgp parameters confederation peers '55' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters router-id '192.1.2.9' +# set protocols bgp redistribute connected route-map 'map01' +# set protocols bgp redistribute kernel metric '45' +# set protocols bgp timers keepalive '35' # vyos@vyos:~$ # # # Module Execution: @@ -671,33 +673,33 @@ EXAMPLES = """ # "before": {}, # "changed": true, # "commands": [ -# "set protocols bgp 65536 neighbor 192.0.2.25 disable-connected-check", -# "set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime 30", -# "set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive 10", -# "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged as-path", -# "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged med", -# "set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged next-hop", -# "set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop 2", -# "set protocols bgp 65536 neighbor 203.0.113.5 remote-as 101", -# "set protocols bgp 65536 neighbor 203.0.113.5 update-source 192.0.2.25", -# "set protocols bgp 65536 neighbor 5001::64 maximum-prefix 34", -# "set protocols bgp 65536 neighbor 5001::64 distribute-list export 20", -# "set protocols bgp 65536 neighbor 5001::64 distribute-list import 40", -# "set protocols bgp 65536 redistribute kernel metric 45", -# "set protocols bgp 65536 redistribute connected route-map map01", -# "set protocols bgp 65536 network 192.1.13.0/24 backdoor", -# "set protocols bgp 65536 aggregate-address 203.0.113.0/24 as-set", -# "set protocols bgp 65536 aggregate-address 192.0.2.0/24 summary-only", -# "set protocols bgp 65536 parameters bestpath as-path confed", -# "set protocols bgp 65536 parameters bestpath compare-routerid", -# "set protocols bgp 65536 parameters default no-ipv4-unicast", -# "set protocols bgp 65536 parameters router-id 192.1.2.9", -# "set protocols bgp 65536 parameters confederation peers 20", -# "set protocols bgp 65536 parameters confederation peers 55", -# "set protocols bgp 65536 parameters confederation identifier 66", -# "set protocols bgp 65536 maximum-paths ebgp 20", -# "set protocols bgp 65536 maximum-paths ibgp 55", -# "set protocols bgp 65536 timers keepalive 35" +# "set protocols bgp neighbor 192.0.2.25 disable-connected-check", +# "set protocols bgp neighbor 192.0.2.25 timers holdtime 30", +# "set protocols bgp neighbor 192.0.2.25 timers keepalive 10", +# "set protocols bgp neighbor 203.0.113.5 attribute-unchanged as-path", +# "set protocols bgp neighbor 203.0.113.5 attribute-unchanged med", +# "set protocols bgp neighbor 203.0.113.5 attribute-unchanged next-hop", +# "set protocols bgp neighbor 203.0.113.5 ebgp-multihop 2", +# "set protocols bgp neighbor 203.0.113.5 remote-as 101", +# "set protocols bgp neighbor 203.0.113.5 update-source 192.0.2.25", +# "set protocols bgp neighbor 5001::64 maximum-prefix 34", +# "set protocols bgp neighbor 5001::64 distribute-list export 20", +# "set protocols bgp neighbor 5001::64 distribute-list import 40", +# "set protocols bgp redistribute kernel metric 45", +# "set protocols bgp redistribute connected route-map map01", +# "set protocols bgp network 192.1.13.0/24 backdoor", +# "set protocols bgp aggregate-address 203.0.113.0/24 as-set", +# "set protocols bgp aggregate-address 192.0.2.0/24 summary-only", +# "set protocols bgp parameters bestpath as-path confed", +# "set protocols bgp parameters bestpath compare-routerid", +# "set protocols bgp parameters default no-ipv4-unicast", +# "set protocols bgp parameters router-id 192.1.2.9", +# "set protocols bgp parameters confederation peers 20", +# "set protocols bgp parameters confederation peers 55", +# "set protocols bgp parameters confederation identifier 66", +# "set protocols bgp maximum-paths ebgp 20", +# "set protocols bgp maximum-paths ibgp 55", +# "set protocols bgp timers keepalive 35" # ], # Using replaced: @@ -706,33 +708,34 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' -# set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' -# set protocols bgp 65536 maximum-paths ebgp '20' -# set protocols bgp 65536 maximum-paths ibgp '55' -# set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' -# set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' -# set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' -# set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' -# set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' -# set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' -# set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' -# set protocols bgp 65536 network 192.1.13.0/24 'backdoor' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters confederation identifier '66' -# set protocols bgp 65536 parameters confederation peers '20' -# set protocols bgp 65536 parameters confederation peers '55' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters router-id '192.1.2.9' -# set protocols bgp 65536 redistribute connected route-map 'map01' -# set protocols bgp 65536 redistribute kernel metric '45' -# set protocols bgp 65536 timers keepalive '35' +# set protocols bgp system-as 65536 +# set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' +# set protocols bgp aggregate-address 203.0.113.0/24 'as-set' +# set protocols bgp maximum-paths ebgp '20' +# set protocols bgp maximum-paths ibgp '55' +# set protocols bgp neighbor 192.0.2.25 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.25 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.25 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' +# set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' +# set protocols bgp neighbor 203.0.113.5 remote-as '101' +# set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' +# set protocols bgp neighbor 5001::64 distribute-list export '20' +# set protocols bgp neighbor 5001::64 distribute-list import '40' +# set protocols bgp neighbor 5001::64 maximum-prefix '34' +# set protocols bgp network 192.1.13.0/24 'backdoor' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters confederation identifier '66' +# set protocols bgp parameters confederation peers '20' +# set protocols bgp parameters confederation peers '55' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters router-id '192.1.2.9' +# set protocols bgp redistribute connected route-map 'map01' +# set protocols bgp redistribute kernel metric '45' +# set protocols bgp timers keepalive '35' # vyos@vyos:~$ - name: Replace @@ -757,11 +760,12 @@ EXAMPLES = """ # After state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ # # @@ -896,26 +900,26 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 65536 timers", -# "delete protocols bgp 65536 maximum-paths ", -# "delete protocols bgp 65536 maximum-paths ", -# "delete protocols bgp 65536 parameters router-id 192.1.2.9", -# "delete protocols bgp 65536 parameters default", -# "delete protocols bgp 65536 parameters confederation", -# "delete protocols bgp 65536 parameters bestpath compare-routerid", -# "delete protocols bgp 65536 aggregate-address", -# "delete protocols bgp 65536 network 192.1.13.0/24", -# "delete protocols bgp 65536 redistribute kernel", -# "delete protocols bgp 65536 redistribute kernel", -# "delete protocols bgp 65536 redistribute connected", -# "delete protocols bgp 65536 redistribute connected", -# "delete protocols bgp 65536 neighbor 5001::64", -# "delete protocols bgp 65536 neighbor 203.0.113.5", -# "delete protocols bgp 65536 neighbor 192.0.2.25", -# "set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval 72", -# "set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list receive", -# "set protocols bgp 65536 redistribute static route-map map01", -# "set protocols bgp 65536 network 203.0.113.0/24 route-map map01" +# "delete protocols bgp timers", +# "delete protocols bgp maximum-paths ", +# "delete protocols bgp maximum-paths ", +# "delete protocols bgp parameters router-id 192.1.2.9", +# "delete protocols bgp parameters default", +# "delete protocols bgp parameters confederation", +# "delete protocols bgp parameters bestpath compare-routerid", +# "delete protocols bgp aggregate-address", +# "delete protocols bgp network 192.1.13.0/24", +# "delete protocols bgp redistribute kernel", +# "delete protocols bgp redistribute kernel", +# "delete protocols bgp redistribute connected", +# "delete protocols bgp redistribute connected", +# "delete protocols bgp neighbor 5001::64", +# "delete protocols bgp neighbor 203.0.113.5", +# "delete protocols bgp neighbor 192.0.2.25", +# "set protocols bgp neighbor 192.0.2.40 advertisement-interval 72", +# "set protocols bgp neighbor 192.0.2.40 capability orf prefix-list receive", +# "set protocols bgp redistribute static route-map map01", +# "set protocols bgp network 203.0.113.0/24 route-map map01" # ], # Using deleted: @@ -924,11 +928,12 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.40 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.40 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ - name: Delete configuration @@ -980,10 +985,10 @@ EXAMPLES = """ # }, # "changed": true, # "commands": [ -# "delete protocols bgp 65536 neighbor 192.0.2.40", -# "delete protocols bgp 65536 redistribute", -# "delete protocols bgp 65536 network", -# "delete protocols bgp 65536 parameters" +# "delete protocols bgp neighbor 192.0.2.40", +# "delete protocols bgp redistribute", +# "delete protocols bgp network", +# "delete protocols bgp parameters" # ], # Using purged: @@ -991,33 +996,34 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 aggregate-address 192.0.2.0/24 'summary-only' -# set protocols bgp 65536 aggregate-address 203.0.113.0/24 'as-set' -# set protocols bgp 65536 maximum-paths ebgp '20' -# set protocols bgp 65536 maximum-paths ibgp '55' -# set protocols bgp 65536 neighbor 192.0.2.25 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.25 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.25 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'as-path' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'med' -# set protocols bgp 65536 neighbor 203.0.113.5 attribute-unchanged 'next-hop' -# set protocols bgp 65536 neighbor 203.0.113.5 ebgp-multihop '2' -# set protocols bgp 65536 neighbor 203.0.113.5 remote-as '101' -# set protocols bgp 65536 neighbor 203.0.113.5 update-source '192.0.2.25' -# set protocols bgp 65536 neighbor 5001::64 distribute-list export '20' -# set protocols bgp 65536 neighbor 5001::64 distribute-list import '40' -# set protocols bgp 65536 neighbor 5001::64 maximum-prefix '34' -# set protocols bgp 65536 network 192.1.13.0/24 'backdoor' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters confederation identifier '66' -# set protocols bgp 65536 parameters confederation peers '20' -# set protocols bgp 65536 parameters confederation peers '55' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters router-id '192.1.2.9' -# set protocols bgp 65536 redistribute connected route-map 'map01' -# set protocols bgp 65536 redistribute kernel metric '45' -# set protocols bgp 65536 timers keepalive '35' +# set protocols bgp system-as 65536 +# set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' +# set protocols bgp aggregate-address 203.0.113.0/24 'as-set' +# set protocols bgp maximum-paths ebgp '20' +# set protocols bgp maximum-paths ibgp '55' +# set protocols bgp neighbor 192.0.2.25 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.25 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.25 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' +# set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' +# set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' +# set protocols bgp neighbor 203.0.113.5 remote-as '101' +# set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' +# set protocols bgp neighbor 5001::64 distribute-list export '20' +# set protocols bgp neighbor 5001::64 distribute-list import '40' +# set protocols bgp neighbor 5001::64 maximum-prefix '34' +# set protocols bgp network 192.1.13.0/24 'backdoor' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters confederation identifier '66' +# set protocols bgp parameters confederation peers '20' +# set protocols bgp parameters confederation peers '55' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters router-id '192.1.2.9' +# set protocols bgp redistribute connected route-map 'map01' +# set protocols bgp redistribute kernel metric '45' +# set protocols bgp timers keepalive '35' # vyos@vyos:~$ @@ -1143,26 +1149,27 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' -# set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' -# set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters 'always-compare-med' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters dampening half-life '33' -# set protocols bgp 65536 parameters dampening max-suppress-time '20' -# set protocols bgp 65536 parameters dampening re-use '60' -# set protocols bgp 65536 parameters dampening start-suppress-time '5' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters distance global external '66' -# set protocols bgp 65536 parameters distance global internal '20' -# set protocols bgp 65536 parameters distance global local '10' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.43 capability 'dynamic' +# set protocols bgp neighbor 192.0.2.43 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.43 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.43 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' +# set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters 'always-compare-med' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters dampening half-life '33' +# set protocols bgp parameters dampening max-suppress-time '20' +# set protocols bgp parameters dampening re-use '60' +# set protocols bgp parameters dampening start-suppress-time '5' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters distance global external '66' +# set protocols bgp parameters distance global internal '20' +# set protocols bgp parameters distance global local '10' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ ^C # vyos@vyos:~$ @@ -1199,26 +1206,27 @@ EXAMPLES = """ # Before state: # vyos@vyos:~$ show configuration commands | match "set protocols bgp" -# set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' -# set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' -# set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters 'always-compare-med' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters dampening half-life '33' -# set protocols bgp 65536 parameters dampening max-suppress-time '20' -# set protocols bgp 65536 parameters dampening re-use '60' -# set protocols bgp 65536 parameters dampening start-suppress-time '5' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters distance global external '66' -# set protocols bgp 65536 parameters distance global internal '20' -# set protocols bgp 65536 parameters distance global local '10' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp system-as 65536 +# set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.43 capability 'dynamic' +# set protocols bgp neighbor 192.0.2.43 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.43 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.43 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' +# set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters 'always-compare-med' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters dampening half-life '33' +# set protocols bgp parameters dampening max-suppress-time '20' +# set protocols bgp parameters dampening re-use '60' +# set protocols bgp parameters dampening start-suppress-time '5' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters distance global external '66' +# set protocols bgp parameters distance global internal '20' +# set protocols bgp parameters distance global local '10' +# set protocols bgp redistribute static route-map 'map01' # vyos@vyos:~$ ^C - name: gather configs @@ -1292,26 +1300,26 @@ EXAMPLES = """ # parsed.cfg -# set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval '72' -# set protocols bgp 65536 neighbor 192.0.2.43 capability 'dynamic' -# set protocols bgp 65536 neighbor 192.0.2.43 'disable-connected-check' -# set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime '30' -# set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive '10' -# set protocols bgp 65536 neighbor 203.0.113.0 address-family 'ipv6-unicast' -# set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list 'receive' -# set protocols bgp 65536 network 203.0.113.0/24 route-map 'map01' -# set protocols bgp 65536 parameters 'always-compare-med' -# set protocols bgp 65536 parameters bestpath as-path 'confed' -# set protocols bgp 65536 parameters bestpath 'compare-routerid' -# set protocols bgp 65536 parameters dampening half-life '33' -# set protocols bgp 65536 parameters dampening max-suppress-time '20' -# set protocols bgp 65536 parameters dampening re-use '60' -# set protocols bgp 65536 parameters dampening start-suppress-time '5' -# set protocols bgp 65536 parameters default 'no-ipv4-unicast' -# set protocols bgp 65536 parameters distance global external '66' -# set protocols bgp 65536 parameters distance global internal '20' -# set protocols bgp 65536 parameters distance global local '10' -# set protocols bgp 65536 redistribute static route-map 'map01' +# set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' +# set protocols bgp neighbor 192.0.2.43 capability 'dynamic' +# set protocols bgp neighbor 192.0.2.43 'disable-connected-check' +# set protocols bgp neighbor 192.0.2.43 timers holdtime '30' +# set protocols bgp neighbor 192.0.2.43 timers keepalive '10' +# set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' +# set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' +# set protocols bgp network 203.0.113.0/24 route-map 'map01' +# set protocols bgp parameters 'always-compare-med' +# set protocols bgp parameters bestpath as-path 'confed' +# set protocols bgp parameters bestpath 'compare-routerid' +# set protocols bgp parameters dampening half-life '33' +# set protocols bgp parameters dampening max-suppress-time '20' +# set protocols bgp parameters dampening re-use '60' +# set protocols bgp parameters dampening start-suppress-time '5' +# set protocols bgp parameters default 'no-ipv4-unicast' +# set protocols bgp parameters distance global external '66' +# set protocols bgp parameters distance global internal '20' +# set protocols bgp parameters distance global local '10' +# set protocols bgp redistribute static route-map 'map01' - name: parse configs vyos.vyos.vyos_bgp_global: @@ -1430,25 +1438,25 @@ EXAMPLES = """ # Module Execution: # "rendered": [ -# "set protocols bgp 65536 neighbor 192.0.2.43 disable-connected-check", -# "set protocols bgp 65536 neighbor 192.0.2.43 advertisement-interval 72", -# "set protocols bgp 65536 neighbor 192.0.2.43 capability dynamic", -# "set protocols bgp 65536 neighbor 192.0.2.43 timers holdtime 30", -# "set protocols bgp 65536 neighbor 192.0.2.43 timers keepalive 10", -# "set protocols bgp 65536 neighbor 203.0.113.0 capability orf prefix-list receive", -# "set protocols bgp 65536 redistribute static route-map map01", -# "set protocols bgp 65536 network 203.0.113.0/24 route-map map01", -# "set protocols bgp 65536 parameters always-compare-med", -# "set protocols bgp 65536 parameters dampening half-life 33", -# "set protocols bgp 65536 parameters dampening max-suppress-time 20", -# "set protocols bgp 65536 parameters dampening re-use 60", -# "set protocols bgp 65536 parameters dampening start-suppress-time 5", -# "set protocols bgp 65536 parameters distance global internal 20", -# "set protocols bgp 65536 parameters distance global local 10", -# "set protocols bgp 65536 parameters distance global external 66", -# "set protocols bgp 65536 parameters bestpath as-path confed", -# "set protocols bgp 65536 parameters bestpath compare-routerid", -# "set protocols bgp 65536 parameters default no-ipv4-unicast" +# "set protocols bgp neighbor 192.0.2.43 disable-connected-check", +# "set protocols bgp neighbor 192.0.2.43 advertisement-interval 72", +# "set protocols bgp neighbor 192.0.2.43 capability dynamic", +# "set protocols bgp neighbor 192.0.2.43 timers holdtime 30", +# "set protocols bgp neighbor 192.0.2.43 timers keepalive 10", +# "set protocols bgp neighbor 203.0.113.0 capability orf prefix-list receive", +# "set protocols bgp redistribute static route-map map01", +# "set protocols bgp network 203.0.113.0/24 route-map map01", +# "set protocols bgp parameters always-compare-med", +# "set protocols bgp parameters dampening half-life 33", +# "set protocols bgp parameters dampening max-suppress-time 20", +# "set protocols bgp parameters dampening re-use 60", +# "set protocols bgp parameters dampening start-suppress-time 5", +# "set protocols bgp parameters distance global internal 20", +# "set protocols bgp parameters distance global local 10", +# "set protocols bgp parameters distance global external 66", +# "set protocols bgp parameters bestpath as-path confed", +# "set protocols bgp parameters bestpath compare-routerid", +# "set protocols bgp parameters default no-ipv4-unicast" # ] """ @@ -1472,17 +1480,17 @@ commands: returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) type: list sample: - - set protocols bgp 65536 redistribute static route-map map01 - - set protocols bgp 65536 network 203.0.113.0/24 route-map map01 - - set protocols bgp 65536 parameters always-compare-med + - set protocols bgp redistribute static route-map map01 + - set protocols bgp network 203.0.113.0/24 route-map map01 + - set protocols bgp parameters always-compare-med rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) type: list sample: - - set protocols bgp 65536 redistribute static route-map map01 - - set protocols bgp 65536 network 203.0.113.0/24 route-map map01 - - set protocols bgp 65536 parameters always-compare-med + - set protocols bgp redistribute static route-map map01 + - set protocols bgp network 203.0.113.0/24 route-map map01 + - set protocols bgp parameters always-compare-med gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) diff --git a/plugins/modules/vyos_command.py b/plugins/modules/vyos_command.py index bacbe26a..766370c2 100644 --- a/plugins/modules/vyos_command.py +++ b/plugins/modules/vyos_command.py @@ -86,7 +86,7 @@ options: default: 1 type: int notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - Running C(show system boot-messages all) will cause the module to hang since VyOS is using a custom pager setting to display the output of that command. - If a command sent to the device requires answering a prompt, it is possible to pass diff --git a/plugins/modules/vyos_config.py b/plugins/modules/vyos_config.py index 60be02c8..eeb6bc44 100644 --- a/plugins/modules/vyos_config.py +++ b/plugins/modules/vyos_config.py @@ -34,7 +34,7 @@ version_added: 1.0.0 extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). - To ensure idempotency and correct diff the configuration lines in the relevant module options should be similar to how they appear if present in the running configuration on device including the indentation. @@ -286,6 +286,7 @@ def sanitize_config(config, result): def run(module, result): # get the current active config from the node or passed in via # the config param + config = module.params["config"] or get_config(module) # create the candidate config object from the arguments @@ -360,7 +361,7 @@ def main(): diff = run_commands(module, commands=["configure", "compare saved"])[1] if diff not in { "[edit]", - "No changes between working and saved configurations.\n\n[edit]" + "No changes between working and saved configurations.\n\n[edit]", }: if not module.check_mode: run_commands(module, commands=["save"]) diff --git a/plugins/modules/vyos_facts.py b/plugins/modules/vyos_facts.py index a999bd31..abc3c707 100644 --- a/plugins/modules/vyos_facts.py +++ b/plugins/modules/vyos_facts.py @@ -28,7 +28,7 @@ author: extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: gather_subset: diff --git a/plugins/modules/vyos_firewall_global.py b/plugins/modules/vyos_firewall_global.py index e952ae50..50f92e91 100644 --- a/plugins/modules/vyos_firewall_global.py +++ b/plugins/modules/vyos_firewall_global.py @@ -46,7 +46,8 @@ description: VyOS devices. version_added: '1.0.0' notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. +- The provided examples of commands are valid for VyOS 1.4+ - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: @@ -373,7 +374,7 @@ EXAMPLES = """ # "set firewall global-options send-redirects 'enable'", # "set firewall global-options config-trap 'enable'", # "set firewall global-options state-policy established action 'accept'", -# "set firewall global-options state-policy established log 'enable'", +# "set firewall global-options state-policy established log, # "set firewall global-options state-policy established log-level 'emerg'", # "set firewall global-options state-policy invalid action 'reject'", # "set firewall global-options broadcast-ping 'enable'", @@ -1189,7 +1190,7 @@ EXAMPLES = """ # "set firewall global-options send-redirects 'enable'", # "set firewall global-options config-trap 'enable'", # "set firewall global-options state-policy established action 'accept'", -# "set firewall global-options state-policy established log 'enable'", +# "set firewall global-options state-policy established log, # "set firewall global-options state-policy invalid action 'reject'", # "set firewall global-options broadcast-ping 'enable'", # "set firewall global-options all-ping 'enable'", diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py index 850299ff..a7e58e23 100644 --- a/plugins/modules/vyos_firewall_rules.py +++ b/plugins/modules/vyos_firewall_rules.py @@ -47,7 +47,8 @@ author: - Rohit Thakur (@rohitthakur2590) - Gaige B. Paulsen (@gaige) notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. +- The provided examples of commands are valid for VyOS 1.4+ - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). @@ -570,14 +571,14 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -619,7 +620,7 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall name Downlink" +# "delete firewall ipv4 name Downlink" # ] # # "after": [] @@ -635,25 +636,25 @@ EXAMPLES = """ # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -717,23 +718,23 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall name" +# "delete firewall ipv4 name" # ] # # "after": [] # After state # ------------ # vyos@vyos:~$ show configuration commands| grep firewall -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' # Using deleted to delete all the the firewall rules when provided config is empty @@ -743,14 +744,14 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' # - name: Delete attributes of given firewall rules. vyos.vyos.vyos_firewall_rules: @@ -788,7 +789,7 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall name" +# "delete firewall ipv4 name" # ] # # "after": [] @@ -860,35 +861,33 @@ EXAMPLES = """ # before": [] # # "commands": [ -# "set firewall ipv6-name UPLINK default-action 'accept'", -# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", -# "set firewall ipv6-name UPLINK rule 1 action 'accept'", -# "set firewall ipv6-name UPLINK rule 1", -# "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", -# "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'", -# "set firewall ipv6-name UPLINK rule 2 action 'accept'", -# "set firewall ipv6-name UPLINK rule 2", -# "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", -# "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'", -# "set firewall name INBOUND default-action 'accept'", -# "set firewall name INBOUND description 'IPv4 INBOUND rule set'", -# "set firewall name INBOUND rule 101 action 'accept'", -# "set firewall name INBOUND rule 101", -# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", -# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 102 action 'reject'", -# "set firewall name INBOUND rule 102", -# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", -# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", -# "set firewall name INBOUND rule 103 destination group address-group inbound", -# "set firewall name INBOUND rule 103", -# "set firewall name INBOUND rule 103 source address 192.0.2.0", -# "set firewall name INBOUND rule 103 state established enable", -# "set firewall name INBOUND rule 103 state related enable", -# "set firewall name INBOUND rule 103 state invalid disable", -# "set firewall name INBOUND rule 103 state new disable", -# "set firewall name INBOUND rule 103 action 'accept'" +# "set firewall ipv6 name UPLINK default-action 'accept'", +# "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'", +# "set firewall ipv6 name UPLINK rule 1 action 'accept'", +# "set firewall ipv6 name UPLINK rule 1", +# "set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'", +# "set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'", +# "set firewall ipv6 name UPLINK rule 2 action 'accept'", +# "set firewall ipv6 name UPLINK rule 2", +# "set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'", +# "set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND default-action 'accept'", +# "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'", +# "set firewall ipv4 name INBOUND rule 101 action 'accept'", +# "set firewall ipv4 name INBOUND rule 101", +# "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 102 action 'reject'", +# "set firewall ipv4 name INBOUND rule 102", +# "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound", +# "set firewall ipv4 name INBOUND rule 103", +# "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0", +# "set firewall ipv4 name INBOUND rule 103 state established", +# "set firewall ipv4 name INBOUND rule 103 state related", +# "set firewall ipv4 name INBOUND rule 103 action 'accept'" # ] # # "after": [ @@ -966,30 +965,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # Using replaced @@ -999,30 +996,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # - name: >- Replace device configurations of listed firewall rules with provided @@ -1126,14 +1121,14 @@ EXAMPLES = """ # ] # # "commands": [ -# "delete firewall ipv6-name UPLINK rule 1", -# "delete firewall ipv6-name UPLINK rule 2", -# "delete firewall name INBOUND rule 102", -# "delete firewall name INBOUND rule 103", -# "set firewall name INBOUND rule 104 action 'reject'", -# "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", -# "set firewall name INBOUND rule 104", -# "set firewall name INBOUND rule 104 ipsec 'match-none'" +# "delete firewall ipv6 name UPLINK rule 1", +# "delete firewall ipv6 name UPLINK rule 2", +# "delete firewall ipv4 name INBOUND rule 102", +# "delete firewall ipv4 name INBOUND rule 103", +# "set firewall ipv4 name INBOUND rule 104 action 'reject'", +# "set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 104", +# "set firewall ipv4 name INBOUND rule 104 ipsec 'match-none'" # ] # # "after": [ @@ -1178,16 +1173,16 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 104 action 'reject' -# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' -# set firewall name INBOUND rule 104 ipsec 'match-none' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 104 action 'reject' +# set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 104 ipsec 'match-none' # Using overridden @@ -1197,16 +1192,16 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 104 action 'reject' -# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' -# set firewall name INBOUND rule 104 ipsec 'match-none' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 104 action 'reject' +# set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 104 ipsec 'match-none' # - name: Overrides all device configuration with provided configuration vyos.vyos.vyos_firewall_rules: @@ -1270,18 +1265,18 @@ EXAMPLES = """ # ] # # "commands": [ -# "delete firewall ipv6-name UPLINK", -# "delete firewall name INBOUND", -# "set firewall name Downlink default-action 'accept'", -# "set firewall name Downlink description 'IPv4 INBOUND rule set'", -# "set firewall name Downlink rule 501 action 'accept'", -# "set firewall name Downlink rule 501", -# "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'", -# "set firewall name Downlink rule 501 ipsec 'match-ipsec'", -# "set firewall name Downlink rule 502 action 'reject'", -# "set firewall name Downlink rule 502", -# "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'", -# "set firewall name Downlink rule 502 ipsec 'match-ipsec'" +# "delete firewall ipv6 name UPLINK", +# "delete firewall ipv4 name INBOUND", +# "set firewall ipv4 name Downlink default-action 'accept'", +# "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'", +# "set firewall ipv4 name Downlink rule 501 action 'accept'", +# "set firewall ipv4 name Downlink rule 501", +# "set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'", +# "set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'", +# "set firewall ipv4 name Downlink rule 502 action 'reject'", +# "set firewall ipv4 name Downlink rule 502", +# "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'", +# "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" # # # "after": [ @@ -1317,14 +1312,14 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink default-action 'accept' +# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' +# set firewall ipv4 name Downlink rule 501 action 'accept' +# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' +# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' +# set firewall ipv4 name Downlink rule 502 action 'reject' +# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' +# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec' # Using gathered @@ -1334,30 +1329,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # - name: Gather listed firewall rules with provided configurations vyos.vyos.vyos_firewall_rules: @@ -1445,30 +1438,28 @@ EXAMPLES = """ # # vyos@vyos:~$ show configuration commands| grep firewall # set firewall group address-group 'inbound' -# set firewall ipv6-name UPLINK default-action 'accept' -# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -# set firewall ipv6-name UPLINK rule 1 action 'accept' -# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -# set firewall ipv6-name UPLINK rule 2 action 'accept' -# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# set firewall name INBOUND default-action 'accept' -# set firewall name INBOUND description 'IPv4 INBOUND rule set' -# set firewall name INBOUND rule 101 action 'accept' -# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -# set firewall name INBOUND rule 101 ipsec 'match-ipsec' -# set firewall name INBOUND rule 102 action 'reject' -# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -# set firewall name INBOUND rule 102 ipsec 'match-ipsec' -# set firewall name INBOUND rule 103 action 'accept' -# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -# set firewall name INBOUND rule 103 destination group address-group 'inbound' -# set firewall name INBOUND rule 103 source address '192.0.2.0' -# set firewall name INBOUND rule 103 state established 'enable' -# set firewall name INBOUND rule 103 state invalid 'disable' -# set firewall name INBOUND rule 103 state new 'disable' -# set firewall name INBOUND rule 103 state related 'enable' +# set firewall ipv6 name UPLINK default-action 'accept' +# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6 name UPLINK rule 1 action 'accept' +# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6 name UPLINK rule 2 action 'accept' +# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND default-action 'accept' +# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set' +# set firewall ipv4 name INBOUND rule 101 action 'accept' +# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 102 action 'reject' +# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec' +# set firewall ipv4 name INBOUND rule 103 action 'accept' +# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound' +# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0' +# set firewall ipv4 name INBOUND rule 103 state established +# set firewall ipv4 name INBOUND rule 103 state related # Using rendered @@ -1518,27 +1509,25 @@ EXAMPLES = """ # # # "rendered": [ -# "set firewall ipv6-name UPLINK default-action 'accept'", -# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'", -# "set firewall name INBOUND default-action 'accept'", -# "set firewall name INBOUND description 'IPv4 INBOUND rule set'", -# "set firewall name INBOUND rule 101 action 'accept'", -# "set firewall name INBOUND rule 101", -# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", -# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 102 action 'reject'", -# "set firewall name INBOUND rule 102", -# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", -# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'", -# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", -# "set firewall name INBOUND rule 103 destination group address-group inbound", -# "set firewall name INBOUND rule 103", -# "set firewall name INBOUND rule 103 source address 192.0.2.0", -# "set firewall name INBOUND rule 103 state established enable", -# "set firewall name INBOUND rule 103 state related enable", -# "set firewall name INBOUND rule 103 state invalid disable", -# "set firewall name INBOUND rule 103 state new disable", -# "set firewall name INBOUND rule 103 action 'accept'" +# "set firewall ipv6 name UPLINK default-action 'accept'", +# "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'", +# "set firewall ipv4 name INBOUND default-action 'accept'", +# "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'", +# "set firewall ipv4 name INBOUND rule 101 action 'accept'", +# "set firewall ipv4 name INBOUND rule 101", +# "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 102 action 'reject'", +# "set firewall ipv4 name INBOUND rule 102", +# "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'", +# "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'", +# "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound", +# "set firewall ipv4 name INBOUND rule 103", +# "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0", +# "set firewall ipv4 name INBOUND rule 103 state established", +# "set firewall ipv4 name INBOUND rule 103 state related", +# "set firewall ipv4 name INBOUND rule 103 action 'accept'" # ] @@ -1549,14 +1538,14 @@ EXAMPLES = """ vyos.vyos.vyos_firewall_rules: running_config: "set firewall group address-group 'inbound' - set firewall name Downlink default-action 'accept' - set firewall name Downlink description 'IPv4 INBOUND rule set' - set firewall name Downlink rule 501 action 'accept' - set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' - set firewall name Downlink rule 501 ipsec 'match-ipsec' - set firewall name Downlink rule 502 action 'reject' - set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' - set firewall name Downlink rule 502 ipsec 'match-ipsec'" + set firewall ipv4 name Downlink default-action 'accept' + set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set' + set firewall ipv4 name Downlink rule 501 action 'accept' + set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible' + set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec' + set firewall ipv4 name Downlink rule 502 action 'reject' + set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible' + set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" state: parsed # # @@ -1612,21 +1601,21 @@ commands: returned: always type: list sample: - - "set firewall name Downlink default-action 'accept'" - - "set firewall name Downlink description 'IPv4 INBOUND rule set'" - - "set firewall name Downlink rule 501 action 'accept'" - - "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'" - - "set firewall name Downlink rule 502 ipsec 'match-ipsec'" + - "set firewall ipv4 name Downlink default-action 'accept'" + - "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'" + - "set firewall ipv4 name Downlink rule 501 action 'accept'" + - "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'" + - "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) type: list sample: - - "set firewall name Downlink default-action 'accept'" - - "set firewall name Downlink description 'IPv4 INBOUND rule set'" - - "set firewall name Downlink rule 501 action 'accept'" - - "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'" - - "set firewall name Downlink rule 502 ipsec 'match-ipsec'" + - "set firewall ipv4 name Downlink default-action 'accept'" + - "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'" + - "set firewall ipv4 name Downlink rule 501 action 'accept'" + - "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'" + - "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'" gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) diff --git a/plugins/modules/vyos_interfaces.py b/plugins/modules/vyos_interfaces.py index 6125b4b9..82b4fd70 100644 --- a/plugins/modules/vyos_interfaces.py +++ b/plugins/modules/vyos_interfaces.py @@ -47,7 +47,7 @@ description: - This module supports managing base attributes of Ethernet, Bonding, VXLAN, Loopback and Virtual Tunnel Interfaces. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: diff --git a/plugins/modules/vyos_lag_interfaces.py b/plugins/modules/vyos_lag_interfaces.py index 090021ad..a90d0098 100644 --- a/plugins/modules/vyos_lag_interfaces.py +++ b/plugins/modules/vyos_lag_interfaces.py @@ -46,7 +46,7 @@ description: This module manages attributes of link aggregation groups on VyOS n author: - Rohit Thakur (@rohitthakur2590) notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: config: diff --git a/plugins/modules/vyos_lldp_global.py b/plugins/modules/vyos_lldp_global.py index 190f4513..d1ac618a 100644 --- a/plugins/modules/vyos_lldp_global.py +++ b/plugins/modules/vyos_lldp_global.py @@ -45,7 +45,7 @@ short_description: LLDP global resource module description: This module manages link layer discovery protocol (LLDP) attributes on VyOS devices. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: - Rohit Thakur (@rohitthakur2590) diff --git a/plugins/modules/vyos_lldp_interfaces.py b/plugins/modules/vyos_lldp_interfaces.py index 0a8f892b..ce1c9643 100644 --- a/plugins/modules/vyos_lldp_interfaces.py +++ b/plugins/modules/vyos_lldp_interfaces.py @@ -44,7 +44,7 @@ version_added: '1.0.0' short_description: LLDP interfaces resource module description: This module manages attributes of lldp interfaces on VyOS network devices. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: diff --git a/plugins/modules/vyos_logging_global.py b/plugins/modules/vyos_logging_global.py index 9479e7b2..3380b9ea 100644 --- a/plugins/modules/vyos_logging_global.py +++ b/plugins/modules/vyos_logging_global.py @@ -20,7 +20,7 @@ short_description: Logging resource module description: This module manages the logging attributes of Vyos network devices author: Sagar Paul (@KB-perByte) notes: - - Tested against vyos 1.3.8+ + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli). - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays diff --git a/plugins/modules/vyos_ntp_global.py b/plugins/modules/vyos_ntp_global.py index cad08a68..6461a32b 100644 --- a/plugins/modules/vyos_ntp_global.py +++ b/plugins/modules/vyos_ntp_global.py @@ -22,7 +22,7 @@ description: author: - Varshitha Yataluru (@YVarshitha) notes: -- Tested against vyos 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli). - "VyOS v.1.4+ uses chronyd, and path changes from `system` to `service`" options: diff --git a/plugins/modules/vyos_ospf_interfaces.py b/plugins/modules/vyos_ospf_interfaces.py index f86acb7a..6a065f17 100644 --- a/plugins/modules/vyos_ospf_interfaces.py +++ b/plugins/modules/vyos_ospf_interfaces.py @@ -19,6 +19,7 @@ version_added: 1.2.0 short_description: OSPF Interfaces Resource Module. description: - This module manages OSPF configuration of interfaces on devices running VYOS. +- The provided examples of commands are valid for VyOS 1.4+ author: Gomathi Selvi Srinivasan (@GomathiselviS) options: config: @@ -173,14 +174,14 @@ EXAMPLES = """ # -------------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # "after": [ # " @@ -244,14 +245,14 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "set interfaces ethernet eth1 ip ospf transmit-delay 50", -# "set interfaces ethernet eth1 ip ospf priority 26", -# "set interfaces ethernet eth1 ip ospf network point-to-point", -# "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", -# "set interfaces bonding bond2 ip ospf transmit-delay 45", -# "set interfaces bonding bond2 ip ospf bandwidth 70", -# "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", -# "set interfaces bonding bond2 ipv6 ospfv3 passive" +# "set protocols ospf interface eth1 transmit-delay 50", +# "set protocols ospf interface eth1 priority 26", +# "set protocols ospf interface eth1 network point-to-point", +# "set protocols ospfv3 interface eth1 dead-interval 39", +# "set protocols ospf interface bond2 transmit-delay 45", +# "set protocols ospf interface bond2 bandwidth 70", +# "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key 1111111111232345", +# "set protocols ospfv3 interface bond2 passive" # ], # Using replaced: @@ -260,14 +261,14 @@ EXAMPLES = """ # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' - name: Replace provided configuration with device configuration vyos.vyos.vyos_ospf_interfaces: @@ -290,10 +291,10 @@ EXAMPLES = """ # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf cost '100' -# set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 cost '100' +# set protocols ospfv3 interface eth1 ifmtu '33' # vyos@vyos:~$ # Module Execution @@ -383,14 +384,14 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "set interfaces ethernet eth1 ip ospf cost 100", -# "set interfaces ethernet eth1 ipv6 ospfv3 ifmtu 33", -# "delete interfaces ethernet eth1 ip ospf network point-to-point", -# "delete interfaces ethernet eth1 ip ospf priority 26", -# "delete interfaces ethernet eth1 ip ospf transmit-delay 50", -# "delete interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", -# "delete interfaces bonding bond2 ip ospf authentication", -# "delete interfaces bonding bond2 ip ospf bandwidth 70" +# "set protocols ospf interface eth1 cost 100", +# "set protocols ospfv3 interface eth1 ifmtu 33", +# "delete protocols ospf interface eth1 network point-to-point", +# "delete protocols ospf interface eth1 priority 26", +# "delete protocols ospf interface eth1 transmit-delay 50", +# "delete protocols ospfv3 interface eth1 dead-interval 39", +# "delete protocols ospf interface bond2 authentication", +# "delete protocols ospf interface bond2 bandwidth 70" # ], # @@ -401,16 +402,16 @@ EXAMPLES = """ # ------------ # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf cost '100' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' -# set interfaces ethernet eth1 ipv6 ospfv3 ifmtu '33' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 cost '100' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' +# set protocols ospfv3 interface eth1 ifmtu '33' # vyos@vyos:~$ - name: Override device configuration with provided configuration @@ -429,9 +430,9 @@ EXAMPLES = """ # ----------- # 200~vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces ethernet eth0 ip ospf cost '100' -# set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' -# set interfaces ethernet eth0 ipv6 ospfv3 'passive' +# set protocols ospf interface eth0 cost '100' +# set protocols ospfv3 interface eth0 ifmtu '33' +# set protocols ospfv3 interface eth0 'passive' # vyos@vyos:~$ # # @@ -513,13 +514,13 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "delete interfaces bonding bond2 ip ospf", -# "delete interfaces bonding bond2 ipv6 ospfv3", -# "delete interfaces ethernet eth1 ip ospf", -# "delete interfaces ethernet eth1 ipv6 ospfv3", -# "set interfaces ethernet eth0 ip ospf cost 100", -# "set interfaces ethernet eth0 ipv6 ospfv3 ifmtu 33", -# "set interfaces ethernet eth0 ipv6 ospfv3 passive" +# "delete protocols ospf interface bond2", +# "delete protocols ospfv3 interface bond2", +# "delete protocols ospf interface eth1", +# "delete protocols ospfv3 interface eth1", +# "set protocols ospf interface eth0 cost 100", +# "set protocols ospfv3 interface eth0 ifmtu 33", +# "set protocols ospfv3 interface eth0 passive" # ], # @@ -530,17 +531,17 @@ EXAMPLES = """ # ------------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth0 ip ospf cost '100' -# set interfaces ethernet eth0 ipv6 ospfv3 ifmtu '33' -# set interfaces ethernet eth0 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth0 cost '100' +# set protocols ospfv3 interface eth0 ifmtu '33' +# set protocols ospfv3 interface eth0 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ - name: Delete device configuration @@ -553,14 +554,14 @@ EXAMPLES = """ # ----------- # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ # # @@ -669,25 +670,25 @@ EXAMPLES = """ # ], # "changed": true, # "commands": [ -# "delete interfaces ethernet eth0 ip ospf", -# "delete interfaces ethernet eth0 ipv6 ospfv3" +# "delete protocols ospf interface eth0", +# "delete protocols ospfv3 interface eth0" # ], # # Using parsed: # parsed.cfg: -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth0 ip ospf cost '50' -# set interfaces ethernet eth0 ip ospf priority '26' -# set interfaces ethernet eth0 ipv6 ospfv3 instance-id '33' -# set interfaces ethernet eth0 ipv6 ospfv3 'mtu-ignore' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth0 cost '50' +# set protocols ospf interface eth0 priority '26' +# set protocols ospfv3 interface eth0 instance-id '33' +# set protocols ospfv3 interface eth0 'mtu-ignore' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # - name: parse configs @@ -782,14 +783,14 @@ EXAMPLES = """ # ---------------- # "rendered": [ -# "set interfaces ethernet eth1 ip ospf transmit-delay 50", -# "set interfaces ethernet eth1 ip ospf priority 26", -# "set interfaces ethernet eth1 ip ospf network point-to-point", -# "set interfaces ethernet eth1 ipv6 ospfv3 dead-interval 39", -# "set interfaces bonding bond2 ip ospf transmit-delay 45", -# "set interfaces bonding bond2 ip ospf bandwidth 70", -# "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key 1111111111232345", -# "set interfaces bonding bond2 ipv6 ospfv3 passive" +# "set protocols ospf interface eth1 transmit-delay 50", +# "set protocols ospf interface eth1 priority 26", +# "set protocols ospf interface eth1 network point-to-point", +# "set protocols ospfv3 interface eth1 dead-interval 39", +# "set protocols ospf interface bond2 transmit-delay 45", +# "set protocols ospf interface bond2 bandwidth 70", +# "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key 1111111111232345", +# "set protocols ospfv3 interface bond2 passive" # ] # @@ -799,14 +800,14 @@ EXAMPLES = """ # Native Config: # vyos@vyos:~$ show configuration commands | match "ospf" -# set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345' -# set interfaces bonding bond2 ip ospf bandwidth '70' -# set interfaces bonding bond2 ip ospf transmit-delay '45' -# set interfaces bonding bond2 ipv6 ospfv3 'passive' -# set interfaces ethernet eth1 ip ospf network 'point-to-point' -# set interfaces ethernet eth1 ip ospf priority '26' -# set interfaces ethernet eth1 ip ospf transmit-delay '50' -# set interfaces ethernet eth1 ipv6 ospfv3 dead-interval '39' +# set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345' +# set protocols ospf interface bond2 bandwidth '70' +# set protocols ospf interface bond2 transmit-delay '45' +# set protocols ospfv3 interface bond2 'passive' +# set protocols ospf interface eth1 network 'point-to-point' +# set protocols ospf interface eth1 priority '26' +# set protocols ospf interface eth1 transmit-delay '50' +# set protocols ospfv3 interface eth1 dead-interval '39' # vyos@vyos:~$ - name: gather configs @@ -884,17 +885,17 @@ commands: returned: when I(state) is C(merged), C(replaced), C(overridden), C(deleted) or C(purged) type: list sample: - - "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345'" - - "set interfaces bonding bond2 ip ospf bandwidth '70'" - - "set interfaces bonding bond2 ip ospf transmit-delay '45'" + - "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345'" + - "set protocols ospf interface bond2 bandwidth '70'" + - "set protocols ospf interface bond2 transmit-delay '45'" rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) type: list sample: - - "set interfaces bonding bond2 ip ospf authentication md5 key-id 10 md5-key '1111111111232345'" - - "set interfaces bonding bond2 ip ospf bandwidth '70'" - - "set interfaces bonding bond2 ip ospf transmit-delay '45'" + - "set protocols ospf interface bond2 authentication md5 key-id 10 md5-key '1111111111232345'" + - "set protocols ospf interface bond2 bandwidth '70'" + - "set protocols ospf interface bond2 transmit-delay '45'" gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) diff --git a/plugins/modules/vyos_ospfv2.py b/plugins/modules/vyos_ospfv2.py index a72b7fd2..000e4d39 100644 --- a/plugins/modules/vyos_ospfv2.py +++ b/plugins/modules/vyos_ospfv2.py @@ -45,7 +45,8 @@ short_description: OSPFv2 resource module description: This resource module configures and manages attributes of OSPFv2 routes on VyOS network devices. notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 +- The provided examples of commands are valid for VyOS 1.4+ - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: @@ -456,8 +457,8 @@ EXAMPLES = """ # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", -# "set protocols ospf passive-interface eth1", -# "set protocols ospf passive-interface eth2", +# "set protocols ospf interface 'eth1' passive", +# "set protocols ospf interface 'eth2' passive", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", @@ -601,8 +602,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -864,8 +865,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -901,8 +902,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -1059,7 +1060,7 @@ EXAMPLES = """ # } # # "commands": [ -# "delete protocols ospf passive-interface eth2", +# "delete protocols ospf interface 'eth2' passive", # "delete protocols ospf area 3", # "delete protocols ospf area 4 range 192.0.3.0/24 cost", # "delete protocols ospf area 4 range 192.0.3.0/24", @@ -1191,7 +1192,7 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' +# set protocols ospf interface 'eth1' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -1279,8 +1280,8 @@ EXAMPLES = """ # "set protocols ospf parameters opaque-lsa", # "set protocols ospf parameters abr-type 'cisco'", # "set protocols ospf parameters rfc1583-compatibility", -# "set protocols ospf passive-interface eth1", -# "set protocols ospf passive-interface eth2", +# "set protocols ospf interface 'eth1' passive", +# "set protocols ospf interface 'eth2' passive", # "set protocols ospf max-metric router-lsa on-shutdown 10", # "set protocols ospf max-metric router-lsa administrative", # "set protocols ospf max-metric router-lsa on-startup 10", @@ -1335,8 +1336,8 @@ EXAMPLES = """ set protocols ospf parameters 'opaque-lsa' set protocols ospf parameters 'rfc1583-compatibility' set protocols ospf parameters router-id '192.0.1.1' - set protocols ospf passive-interface 'eth1' - set protocols ospf passive-interface 'eth2' + set protocols ospf interface 'eth1' passive + set protocols ospf interface 'eth2' passive set protocols ospf redistribute bgp metric '10' set protocols ospf redistribute bgp metric-type '2' state: parsed @@ -1472,8 +1473,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -1608,8 +1609,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' @@ -1645,8 +1646,8 @@ EXAMPLES = """ # set protocols ospf parameters 'opaque-lsa' # set protocols ospf parameters 'rfc1583-compatibility' # set protocols ospf parameters router-id '192.0.1.1' -# set protocols ospf passive-interface 'eth1' -# set protocols ospf passive-interface 'eth2' +# set protocols ospf interface 'eth1' passive +# set protocols ospf interface 'eth2' passive # set protocols ospf redistribute bgp metric '10' # set protocols ospf redistribute bgp metric-type '2' # @@ -1781,7 +1782,7 @@ commands: type: list sample: - "set protocols ospf parameters router-id 192.0.1.1" - - "set protocols ospf passive-interface 'eth1'" + - "set protocols ospf interface 'eth1' passive" """ diff --git a/plugins/modules/vyos_ospfv3.py b/plugins/modules/vyos_ospfv3.py index dbe9a857..fcb9d288 100644 --- a/plugins/modules/vyos_ospfv3.py +++ b/plugins/modules/vyos_ospfv3.py @@ -46,7 +46,7 @@ description: This resource module configures and manages attributes of OSPFv3 ro author: - Rohit Thakur (@rohitthakur2590) notes: -- Tested against VyOS 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: diff --git a/plugins/modules/vyos_ping.py b/plugins/modules/vyos_ping.py index 98619399..58ca3459 100644 --- a/plugins/modules/vyos_ping.py +++ b/plugins/modules/vyos_ping.py @@ -30,7 +30,7 @@ module: vyos_ping short_description: Tests reachability using ping from VyOS network devices description: - Tests reachability using ping from a VyOS device to a remote destination. -- Tested against VyOS 1.1.8 (helium) +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - For a general purpose network module, see the M(ansible.netcommon.net_ping) module. - For Windows targets, use the M(ansible.windows.win_ping) module instead. - For targets running Python, use the M(ansible.builtin.ping) module instead. @@ -73,7 +73,7 @@ options: - present default: present notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - For a general purpose network module, see the M(ansible.netcommon.net_ping) module. - For Windows targets, use the M(ansible.windows.win_ping) module instead. - For targets running Python, use the M(ansible.builtin.ping) module instead. diff --git a/plugins/modules/vyos_prefix_lists.py b/plugins/modules/vyos_prefix_lists.py index 71d52b32..f613bf38 100644 --- a/plugins/modules/vyos_prefix_lists.py +++ b/plugins/modules/vyos_prefix_lists.py @@ -21,7 +21,7 @@ description: version_added: 2.4.0 author: Priyam Sahoo (@priyamsahoo) notes: - - Tested against VyOS 1.1.8 (helium) + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli) options: config: diff --git a/plugins/modules/vyos_route_maps.py b/plugins/modules/vyos_route_maps.py index 67d327a6..dfd22af9 100644 --- a/plugins/modules/vyos_route_maps.py +++ b/plugins/modules/vyos_route_maps.py @@ -21,7 +21,7 @@ description: - This module manages route map configurations on devices running VYOS. author: Ashwini Mhatre (@amhatre) notes: -- Tested against vyos 1.3.8 +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025 - This module works with connection C(network_cli). options: config: @@ -103,6 +103,12 @@ options: extcommunity_soo: type: str description: Set Site of Origin value. ASN:nn_or_IP_address:nn VPN extended community + extcommunity_bandwidth: + type: str + description: Set Bandwidth of Origin value. 1-25600|cumulative|num-multipaths VPN extended community + extcommunity_bandwidth_non_transitive: + type: bool + description: Set the bandwidth extended community encoded as non-transitive True/False VPN extended community ip_next_hop: type: str description: IP address. @@ -146,6 +152,9 @@ options: weight: type: str description: Border Gateway Protocol (BGP) weight attribute. Example <0-4294967295> + table: + type: str + description: Set prefixes to table. Example <1-200> match: description: Route parameters to match. type: dict @@ -226,6 +235,10 @@ options: type: str description: RPKI validation value. choices: [ "notfound", "invalid", "valid" ] + protocol: + type: str + description: Source protocol to match. + choices: [ "babel","bgp","connected","isis","kernel","ospf","ospfv3","rip","ripng","static","table","vnc" ] on_match: type: dict description: Exit policy on matches. diff --git a/plugins/modules/vyos_snmp_server.py b/plugins/modules/vyos_snmp_server.py index f574919a..2d3ae88a 100644 --- a/plugins/modules/vyos_snmp_server.py +++ b/plugins/modules/vyos_snmp_server.py @@ -20,7 +20,7 @@ short_description: Manages snmp_server resource module description: This module manages the snmp server attributes of Vyos network devices author: Gomathi Selvi Srinivasan (@GomathiselviS) notes: - - Tested against vyos 1.3.8, 1.4.1 + - Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025, 1.4.1 - This module works with connection C(network_cli). - The Configuration defaults of the Vyos network devices are supposed to hinder idempotent behavior of plays diff --git a/plugins/modules/vyos_static_routes.py b/plugins/modules/vyos_static_routes.py index 0629a8bd..436fd36d 100644 --- a/plugins/modules/vyos_static_routes.py +++ b/plugins/modules/vyos_static_routes.py @@ -44,7 +44,7 @@ version_added: '1.0.0' short_description: Static routes resource module description: This module manages attributes of static routes on VyOS network devices. notes: -- Tested against VyOS 1.3.8. +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). author: diff --git a/plugins/modules/vyos_system.py b/plugins/modules/vyos_system.py index 96a0e9bc..4aa0e03d 100644 --- a/plugins/modules/vyos_system.py +++ b/plugins/modules/vyos_system.py @@ -16,6 +16,7 @@ # You should have received a copy of the GNU General Public License # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # + from __future__ import absolute_import, division, print_function @@ -33,7 +34,7 @@ version_added: 1.0.0 extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: host_name: @@ -94,21 +95,27 @@ EXAMPLES = """ - sub1.example.com - sub2.example.com """ +from re import M, findall from ansible.module_utils.basic import AnsibleModule +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import ( get_config, + get_os_version, load_config, ) -def spec_key_to_device_key(key): +def spec_key_to_device_key(key, module): device_key = key.replace("_", "-") - # domain-search is longer than just it's key + # domain-search differs in 1.3- and 1.4+ if device_key == "domain-search": - device_key += " domain" + if LooseVersion(get_os_version(module)) <= LooseVersion("1.3"): + device_key += " domain" return device_key @@ -119,19 +126,20 @@ def config_to_dict(module): config = {"domain_search": [], "name_server": []} for line in data.split("\n"): - if line.startswith("set system host-name"): - config["host_name"] = line[22:-1] - elif line.startswith("set system domain-name"): - config["domain_name"] = line[24:-1] - elif line.startswith("set system domain-search domain"): - config["domain_search"].append(line[33:-1]) - elif line.startswith("set system name-server"): - config["name_server"].append(line[24:-1]) - + config_line = findall(r"^set system\s+(\S+)(?:\s+domain)?\s+'([^']+)'", line, M) + if config_line: + if config_line[0][0] == "host-name": + config["host_name"] = config_line[0][1] + elif config_line[0][0] == "domain-name": + config["domain_name"] = config_line[0][1] + elif config_line[0][0] == "domain-search": + config["domain_search"].append(config_line[0][1]) + elif config_line[0][0] == "name-server": + config["name_server"].append(config_line[0][1]) return config -def spec_to_commands(want, have): +def spec_to_commands(want, have, module): commands = [] state = want.pop("state") @@ -140,7 +148,7 @@ def spec_to_commands(want, have): if state == "absent" and all(v is None for v in want.values()): # Clear everything for key in have: - commands.append("delete system %s" % spec_key_to_device_key(key)) + commands.append("delete system %s" % spec_key_to_device_key(key, module)) for key in want: if want[key] is None: @@ -148,7 +156,7 @@ def spec_to_commands(want, have): current = have.get(key) proposed = want[key] - device_key = spec_key_to_device_key(key) + device_key = spec_key_to_device_key(key, module) # These keys are lists which may need to be reconciled with the device if key in ["domain_search", "name_server"]: @@ -201,7 +209,7 @@ def main(): want = map_param_to_obj(module) have = config_to_dict(module) - commands = spec_to_commands(want, have) + commands = spec_to_commands(want, have, module) result["commands"] = commands if commands: diff --git a/plugins/modules/vyos_user.py b/plugins/modules/vyos_user.py index 5aebf943..4a68e559 100644 --- a/plugins/modules/vyos_user.py +++ b/plugins/modules/vyos_user.py @@ -37,7 +37,7 @@ version_added: 1.0.0 extends_documentation_fragment: - vyos.vyos.vyos notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: aggregate: diff --git a/plugins/modules/vyos_vlan.py b/plugins/modules/vyos_vlan.py index 49cc1258..f0b68bc9 100644 --- a/plugins/modules/vyos_vlan.py +++ b/plugins/modules/vyos_vlan.py @@ -18,7 +18,7 @@ description: - This module provides declarative management of VLANs on VyOS network devices. version_added: 1.0.0 notes: -- Tested against VyOS 1.1.8 (helium). +- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025. - This module works with connection C(ansible.netcommon.network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). options: name: |