diff --git a/.gitignore b/.gitignore index eaef097a5..beacafca5 100644 --- a/.gitignore +++ b/.gitignore @@ -114,6 +114,7 @@ venv.bak/ *.code-workspace .vscode/ .DS_Store +*.bak changelogs/.plugin-cache.yaml # inventory for testing diff --git a/README.md b/README.md index df9d916e2..c202e2e0a 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,7 @@ Name | Description [vyos.vyos.vyos_system](https://github.com/vyos/vyos.vyos/blob/main/docs/vyos.vyos.vyos_system_module.rst)|Run `set system` commands on VyOS devices [vyos.vyos.vyos_user](https://github.com/vyos/vyos.vyos/blob/main/docs/vyos.vyos.vyos_user_module.rst)|Manage the collection of local users on VyOS device [vyos.vyos.vyos_vlan](https://github.com/vyos/vyos.vyos/blob/main/docs/vyos.vyos.vyos_vlan_module.rst)|Manage VLANs on VyOS network devices +[vyos.vyos.vyos_vrrp](https://github.com/vyos/vyos.vyos/blob/main/docs/vyos.vyos.vyos_vrrp_module.rst)|Manage VRRP and load balancer configuration on VyOS diff --git a/changelogs/fragments/t6820_vrrp.yml b/changelogs/fragments/t6820_vrrp.yml new file mode 100644 index 000000000..34343bbfd --- /dev/null +++ b/changelogs/fragments/t6820_vrrp.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - vyos_vrrp - Add VRRP (High Availability) support diff --git a/docs/vyos.vyos.vyos_vrrp_module.rst b/docs/vyos.vyos.vyos_vrrp_module.rst new file mode 100644 index 000000000..08d3387a0 --- /dev/null +++ b/docs/vyos.vyos.vyos_vrrp_module.rst @@ -0,0 +1,2648 @@ +.. _vyos.vyos.vyos_vrrp_module: + + +******************* +vyos.vyos.vyos_vrrp +******************* + +**Manage VRRP and load balancer configuration on VyOS** + + +Version added: 1.0.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module configures VRRP groups, global VRRP parameters, VRRP sync groups, and LVS-style virtual servers on VyOS 1.4+. +- Supports creation, modification, deletion, replacement, rendering, and parsing of VRRP-related configuration. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ dictionary +
+ 		+ +
Full VRRP and virtual server configuration.
+
+
+ disable + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Disable all VRRP and L4-LB configuration under this module.
+
+
+ virtual_servers + +
+ list + / elements=dictionary +
+ 		+ +
List of load balancer virtual server (LVS) definitions.
+
+
+ address + +
+ string +
+ 		+ +
Virtual IP address for the server.
+
+
+ algorithm + +
+ string +
+ 		+ +
Load balancing algorithm used for dispatching connections.
+
+
+ alias + +
+ string + / required +
+ 		+ +
Unique identifier for the virtual server.
+
+
+ delay_loop + +
+ integer +
+ 		+ +
Delay loop interval in seconds.
+
+
+ forward_method + +
+ string +
+ 		+
    Choices: +
  • direct
    • +
  • nat
    • +
+ 		+
Forwarding method used by LVS.
+
+
+ fwmark + +
+ string +
+ 		+ +
Firewall mark for LVS traffic classification.
+
+
+ persistence_timeout + +
+ string +
+ 		+ +
Client persistence timeout in seconds.
+
+
+ port + +
+ integer +
+ 		+ +
TCP/UDP port provided by the virtual service.
+
+
+ protocol + +
+ string +
+ 		+
    Choices: +
  • tcp
    • +
  • udp
    • +
+ 		+
Transport protocol for the virtual server.
+
+
+ real_servers + +
+ list + / elements=dictionary +
+ 		+ +
Backend real servers behind the virtual service.
+
+
+ address + +
+ string + / required +
+ 		+ +
Real server IP address.
+
+
+ health_check_script + +
+ string +
+ 		+ +
Path to health check script used for backend validation.
+
+
+ port + +
+ integer +
+ 		+ +
Backend server port.
+
+
+ vrrp + +
+ dictionary +
+ 		+ +
VRRP configuration including groups, global parameters, SNMP settings, and sync-groups.
+
+
+ global_parameters + +
+ dictionary +
+ 		+ +
Global VRRP tuning parameters.
+
+
+ garp + +
+ dictionary +
+ 		+ +
Gratuitous ARP related configuration.
+
+
+ interval + +
+ integer +
+ 		+ +
GARP interval in seconds.
+
+
+ master_delay + +
+ integer +
+ 		+ +
Delay before sending GARP as master.
+
+
+ master_refresh + +
+ integer +
+ 		+ +
Refresh interval for master GARP announcements.
+
+
+ master_refresh_repeat + +
+ integer +
+ 		+ +
Number of times to repeat refresh announcements.
+
+
+ master_repeat + +
+ integer +
+ 		+ +
Number of GARP repeats when transitioning to master.
+
+
+ startup_delay + +
+ integer +
+ 		+ +
Delay before VRRP starts after boot.
+
+
+ version + +
+ string +
+ 		+ +
VRRP protocol version.
+
+
+ groups + +
+ list + / elements=dictionary +
+ 		+ +
VRRP instance configuration groups.
+
+
+ address + +
+ string +
+ 		+ +
Virtual router IP address.
+
+
+ advertise_interval + +
+ integer +
+ 		+ +
VRRP advertisement interval.
+
+
+ authentication + +
+ dictionary +
+ 		+ +
VRRP group authentication options.
+
+
+ password + +
+ string +
+ 		+ +
Authentication password.
+
+
+ type + +
+ string +
+ 		+ +
Authentication type.
+
+
+ description + +
+ string +
+ 		+ +
Text description for the VRRP group.
+
+
+ disable + +
+ boolean +
+ 		+
    Choices: +
  • no ←
    • +
  • yes
    • +
+ 		+
Disable this VRRP group.
+
+
+ excluded_address + +
+ string +
+ 		+ +
IP address excluded from source checks.
+
+
+ garp + +
+ dictionary +
+ 		+ +
GARP-specific settings for this group.
+
+
+ interval + +
+ integer +
+ 		+ +
GARP interval.
+
+
+ master_delay + +
+ integer +
+ 		+ +
GARP master delay.
+
+
+ master_refresh + +
+ integer +
+ 		+ +
GARP master refresh interval.
+
+
+ master_refresh_repeat + +
+ integer +
+ 		+ +
Repeated refresh sends.
+
+
+ master_repeat + +
+ integer +
+ 		+ +
GARP repeat count.
+
+
+ health_check + +
+ dictionary +
+ 		+ +
VRRP group health check options.
+
+
+ failure_count + +
+ integer +
+ 		+ +
Allowed number of failed checks.
+
+
+ interval + +
+ integer +
+ 		+ +
Health check interval.
+
+
+ ping + +
+ string +
+ 		+ +
Host to ping for checks.
+
+
+ script + +
+ string +
+ 		+ +
Script to execute for health checking.
+
+
+ hello_source_address + +
+ string +
+ 		+ +
Source address for VRRP hello packets.
+
+
+ interface + +
+ string +
+ 		+ +
Interface used by the VRRP group.
+
+
+ name + +
+ string + / required +
+ 		+ +
VRRP group name.
+
+
+ no_preempt + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Disable preemption.
+
+
+ peer_address + +
+ string +
+ 		+ +
Peer VRRP router address.
+
+
+ preempt_delay + +
+ integer +
+ 		+ +
Delay before taking master role.
+
+
+ priority + +
+ integer +
+ 		+ +
VRRP priority (higher = preferred master).
+
+
+ rfc3768_compatibility + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable or disable RFC3768 compatibility mode.
+
+
+ track + +
+ dictionary +
+ 		+ +
Track interface and VRRP behaviour.
+
+
+ exclude_vrrp_interface + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Exclude VRRP interface from tracking.
+
+
+ interface + +
+ string +
+ 		+ +
Interface to track.
+
+
+ transition_script + +
+ dictionary +
+ 		+ +
Scripts executed during VRRP state transitions.
+
+
+ backup + +
+ string +
+ 		+ +
Path to backup script.
+
+
+ fault + +
+ string +
+ 		+ +
Path to fault script.
+
+
+ master + +
+ string +
+ 		+ +
Path to master script.
+
+
+ stop + +
+ string +
+ 		+ +
Path to stop script.
+
+
+ vrid + +
+ integer + / required +
+ 		+ +
VRRP Virtual Router ID.
+
+
+ snmp + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Enable SNMP support for VRRP.
+
+
+ sync_groups + +
+ list + / elements=dictionary +
+ 		+ +
VRRP sync-groups for coordinated failover.
+
+
+ health_check + +
+ dictionary +
+ 		+ +
Health check options for sync group.
+
+
+ failure_count + +
+ integer +
+ 		+ +
Allowed number of failures.
+
+
+ interval + +
+ integer +
+ 		+ +
Health check interval.
+
+
+ ping + +
+ string +
+ 		+ +
Host to ping.
+
+
+ script + +
+ string +
+ 		+ +
Script to run for health checking.
+
+
+ member + +
+ list + / elements=string +
+ 		+ +
List of VRRP groups participating in this sync group.
+
+
+ name + +
+ string + / required +
+ 		+ +
Sync-group name.
+
+
+ transition_script + +
+ dictionary +
+ 		+ +
Transition scripts for sync group events.
+
+
+ backup + +
+ string +
+ 		+ +
Backup state script.
+
+
+ fault + +
+ string +
+ 		+ +
Fault state script.
+
+
+ master + +
+ string +
+ 		+ +
Master state script.
+
+
+ stop + +
+ string +
+ 		+ +
Stop state script.
+
+
+ running_config + +
+ string +
+ 		+ +
Used only when state=parsed. Must contain the output of show configuration commands | grep high-availability.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • deleted
    • +
  • merged ←
    • +
  • purged
    • +
  • replaced
    • +
  • gathered
    • +
  • rendered
    • +
  • parsed
    • +
+ 		+
Desired end state of the VRRP configuration.
+
+
+ + + + +Examples +-------- + +.. code-block:: yaml + + # Using merged + # Before state + + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # vyos@vyos:~$ + + - name: Merge provided configuration with device configuration + vyos.vyos.vyos_vrrp: + config: + as_number: "65536" + aggregate_address: + - prefix: "203.0.113.0/24" + as_set: true + - prefix: "192.0.2.0/24" + summary_only: true + network: + - address: "192.1.13.0/24" + backdoor: true + redistribute: + - protocol: "kernel" + metric: 45 + - protocol: "connected" + route_map: "map01" + maximum_paths: + - path: "ebgp" + count: 20 + - path: "ibgp" + count: 55 + timers: + keepalive: 35 + bgp_params: + bestpath: + as_path: "confed" + compare_routerid: true + default: + no_ipv4_unicast: true + router_id: "192.1.2.9" + confederation: + - peers: 20 + - peers: 55 + - identifier: 66 + neighbor: + - address: "192.0.2.25" + disable_connected_check: true + timers: + holdtime: 30 + keepalive: 10 + - address: "203.0.113.5" + attribute_unchanged: + as_path: true + med: true + ebgp_multihop: 2 + remote_as: 101 + update_source: "192.0.2.25" + - address: "5001::64" + maximum_prefix: 34 + distribute_list: + - acl: 20 + action: "export" + - acl: 40 + action: "import" + state: merged + + # After State + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp system-as 65536 + # set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' + # set protocols bgp aggregate-address 203.0.113.0/24 'as-set' + # set protocols bgp maximum-paths ebgp '20' + # set protocols bgp maximum-paths ibgp '55' + # set protocols bgp neighbor 192.0.2.25 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.25 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.25 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' + # set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' + # set protocols bgp neighbor 203.0.113.5 remote-as '101' + # set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' + # set protocols bgp neighbor 5001::64 distribute-list export '20' + # set protocols bgp neighbor 5001::64 distribute-list import '40' + # set protocols bgp neighbor 5001::64 maximum-prefix '34' + # set protocols bgp network 192.1.13.0/24 'backdoor' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters confederation identifier '66' + # set protocols bgp parameters confederation peers '20' + # set protocols bgp parameters confederation peers '55' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters router-id '192.1.2.9' + # set protocols bgp redistribute connected route-map 'map01' + # set protocols bgp redistribute kernel metric '45' + # set protocols bgp timers keepalive '35' + # vyos@vyos:~$ + # + # # Module Execution: + # + # "after": { + # "aggregate_address": [ + # { + # "prefix": "192.0.2.0/24", + # "summary_only": true + # }, + # { + # "prefix": "203.0.113.0/24", + # "as_set": true + # } + # ], + # "as_number": 65536, + # "bgp_params": { + # "bestpath": { + # "as_path": "confed", + # "compare_routerid": true + # }, + # "confederation": [ + # { + # "identifier": 66 + # }, + # { + # "peers": 20 + # }, + # { + # "peers": 55 + # } + # ], + # "default": { + # "no_ipv4_unicast": true + # }, + # "router_id": "192.1.2.9" + # }, + # "maximum_paths": [ + # { + # "count": 20, + # "path": "ebgp" + # }, + # { + # "count": 55, + # "path": "ibgp" + # } + # ], + # "neighbor": [ + # { + # "address": "192.0.2.25", + # "disable_connected_check": true, + # "timers": { + # "holdtime": 30, + # "keepalive": 10 + # } + # }, + # { + # "address": "203.0.113.5", + # "attribute_unchanged": { + # "as_path": true, + # "med": true, + # "next_hop": true + # }, + # "ebgp_multihop": 2, + # "remote_as": 101, + # "update_source": "192.0.2.25" + # }, + # { + # "address": "5001::64", + # "distribute_list": [ + # { + # "acl": 20, + # "action": "export" + # }, + # { + # "acl": 40, + # "action": "import" + # } + # ], + # "maximum_prefix": 34 + # } + # ], + # "network": [ + # { + # "address": "192.1.13.0/24", + # "backdoor": true + # } + # ], + # "redistribute": [ + # { + # "protocol": "connected", + # "route_map": "map01" + # }, + # { + # "metric": 45, + # "protocol": "kernel" + # } + # ], + # "timers": { + # "keepalive": 35 + # } + # }, + # "before": {}, + # "changed": true, + # "commands": [ + # "set protocols bgp neighbor 192.0.2.25 disable-connected-check", + # "set protocols bgp neighbor 192.0.2.25 timers holdtime 30", + # "set protocols bgp neighbor 192.0.2.25 timers keepalive 10", + # "set protocols bgp neighbor 203.0.113.5 attribute-unchanged as-path", + # "set protocols bgp neighbor 203.0.113.5 attribute-unchanged med", + # "set protocols bgp neighbor 203.0.113.5 attribute-unchanged next-hop", + # "set protocols bgp neighbor 203.0.113.5 ebgp-multihop 2", + # "set protocols bgp neighbor 203.0.113.5 remote-as 101", + # "set protocols bgp neighbor 203.0.113.5 update-source 192.0.2.25", + # "set protocols bgp neighbor 5001::64 maximum-prefix 34", + # "set protocols bgp neighbor 5001::64 distribute-list export 20", + # "set protocols bgp neighbor 5001::64 distribute-list import 40", + # "set protocols bgp redistribute kernel metric 45", + # "set protocols bgp redistribute connected route-map map01", + # "set protocols bgp network 192.1.13.0/24 backdoor", + # "set protocols bgp aggregate-address 203.0.113.0/24 as-set", + # "set protocols bgp aggregate-address 192.0.2.0/24 summary-only", + # "set protocols bgp parameters bestpath as-path confed", + # "set protocols bgp parameters bestpath compare-routerid", + # "set protocols bgp parameters default no-ipv4-unicast", + # "set protocols bgp parameters router-id 192.1.2.9", + # "set protocols bgp parameters confederation peers 20", + # "set protocols bgp parameters confederation peers 55", + # "set protocols bgp parameters confederation identifier 66", + # "set protocols bgp maximum-paths ebgp 20", + # "set protocols bgp maximum-paths ibgp 55", + # "set protocols bgp timers keepalive 35" + # ], + + # Using replaced: + # -------------- + + # Before state: + + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp system-as 65536 + # set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' + # set protocols bgp aggregate-address 203.0.113.0/24 'as-set' + # set protocols bgp maximum-paths ebgp '20' + # set protocols bgp maximum-paths ibgp '55' + # set protocols bgp neighbor 192.0.2.25 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.25 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.25 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' + # set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' + # set protocols bgp neighbor 203.0.113.5 remote-as '101' + # set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' + # set protocols bgp neighbor 5001::64 distribute-list export '20' + # set protocols bgp neighbor 5001::64 distribute-list import '40' + # set protocols bgp neighbor 5001::64 maximum-prefix '34' + # set protocols bgp network 192.1.13.0/24 'backdoor' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters confederation identifier '66' + # set protocols bgp parameters confederation peers '20' + # set protocols bgp parameters confederation peers '55' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters router-id '192.1.2.9' + # set protocols bgp redistribute connected route-map 'map01' + # set protocols bgp redistribute kernel metric '45' + # set protocols bgp timers keepalive '35' + # vyos@vyos:~$ + + - name: Replace + vyos.vyos.vyos_vrrp: + config: + as_number: "65536" + network: + - address: "203.0.113.0/24" + route_map: map01 + redistribute: + - protocol: "static" + route_map: "map01" + neighbor: + - address: "192.0.2.40" + advertisement_interval: 72 + capability: + orf: "receive" + bgp_params: + bestpath: + as_path: "confed" + state: replaced + # After state: + + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp redistribute static route-map 'map01' + # vyos@vyos:~$ + # + # + # Module Execution: + # + # "after": { + # "as_number": 65536, + # "bgp_params": { + # "bestpath": { + # "as_path": "confed" + # } + # }, + # "neighbor": [ + # { + # "address": "192.0.2.40", + # "advertisement_interval": 72, + # "capability": { + # "orf": "receive" + # } + # } + # ], + # "network": [ + # { + # "address": "203.0.113.0/24", + # "route_map": "map01" + # } + # ], + # "redistribute": [ + # { + # "protocol": "static", + # "route_map": "map01" + # } + # ] + # }, + # "before": { + # "aggregate_address": [ + # { + # "prefix": "192.0.2.0/24", + # "summary_only": true + # }, + # { + # "prefix": "203.0.113.0/24", + # "as_set": true + # } + # ], + # "as_number": 65536, + # "bgp_params": { + # "bestpath": { + # "as_path": "confed", + # "compare_routerid": true + # }, + # "confederation": [ + # { + # "identifier": 66 + # }, + # { + # "peers": 20 + # }, + # { + # "peers": 55 + # } + # ], + # "default": { + # "no_ipv4_unicast": true + # }, + # "router_id": "192.1.2.9" + # }, + # "maximum_paths": [ + # { + # "count": 20, + # "path": "ebgp" + # }, + # { + # "count": 55, + # "path": "ibgp" + # } + # ], + # "neighbor": [ + # { + # "address": "192.0.2.25", + # "disable_connected_check": true, + # "timers": { + # "holdtime": 30, + # "keepalive": 10 + # } + # }, + # { + # "address": "203.0.113.5", + # "attribute_unchanged": { + # "as_path": true, + # "med": true, + # "next_hop": true + # }, + # "ebgp_multihop": 2, + # "remote_as": 101, + # "update_source": "192.0.2.25" + # }, + # { + # "address": "5001::64", + # "distribute_list": [ + # { + # "acl": 20, + # "action": "export" + # }, + # { + # "acl": 40, + # "action": "import" + # } + # ], + # "maximum_prefix": 34 + # } + # ], + # "network": [ + # { + # "address": "192.1.13.0/24", + # "backdoor": true + # } + # ], + # "redistribute": [ + # { + # "protocol": "connected", + # "route_map": "map01" + # }, + # { + # "metric": 45, + # "protocol": "kernel" + # } + # ], + # "timers": { + # "keepalive": 35 + # } + # }, + # "changed": true, + # "commands": [ + # "delete protocols bgp timers", + # "delete protocols bgp maximum-paths ", + # "delete protocols bgp maximum-paths ", + # "delete protocols bgp parameters router-id 192.1.2.9", + # "delete protocols bgp parameters default", + # "delete protocols bgp parameters confederation", + # "delete protocols bgp parameters bestpath compare-routerid", + # "delete protocols bgp aggregate-address", + # "delete protocols bgp network 192.1.13.0/24", + # "delete protocols bgp redistribute kernel", + # "delete protocols bgp redistribute kernel", + # "delete protocols bgp redistribute connected", + # "delete protocols bgp redistribute connected", + # "delete protocols bgp neighbor 5001::64", + # "delete protocols bgp neighbor 203.0.113.5", + # "delete protocols bgp neighbor 192.0.2.25", + # "set protocols bgp neighbor 192.0.2.40 advertisement-interval 72", + # "set protocols bgp neighbor 192.0.2.40 capability orf prefix-list receive", + # "set protocols bgp redistribute static route-map map01", + # "set protocols bgp network 203.0.113.0/24 route-map map01" + # ], + + # Using deleted: + # ------------- + + # Before state: + + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.40 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.40 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp redistribute static route-map 'map01' + # vyos@vyos:~$ + + - name: Delete configuration + vyos.vyos.vyos_vrrp: + config: + as_number: "65536" + state: deleted + + # After state: + + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp '65536' + # vyos@vyos:~$ + # + # + # Module Execution: + # + # "after": { + # "as_number": 65536 + # }, + # "before": { + # "as_number": 65536, + # "bgp_params": { + # "bestpath": { + # "as_path": "confed" + # } + # }, + # "neighbor": [ + # { + # "address": "192.0.2.40", + # "advertisement_interval": 72, + # "capability": { + # "orf": "receive" + # } + # } + # ], + # "network": [ + # { + # "address": "203.0.113.0/24", + # "route_map": "map01" + # } + # ], + # "redistribute": [ + # { + # "protocol": "static", + # "route_map": "map01" + # } + # ] + # }, + # "changed": true, + # "commands": [ + # "delete protocols bgp neighbor 192.0.2.40", + # "delete protocols bgp redistribute", + # "delete protocols bgp network", + # "delete protocols bgp parameters" + # ], + + # Using purged: + + # Before state: + + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp system-as 65536 + # set protocols bgp aggregate-address 192.0.2.0/24 'summary-only' + # set protocols bgp aggregate-address 203.0.113.0/24 'as-set' + # set protocols bgp maximum-paths ebgp '20' + # set protocols bgp maximum-paths ibgp '55' + # set protocols bgp neighbor 192.0.2.25 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.25 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.25 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'as-path' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'med' + # set protocols bgp neighbor 203.0.113.5 attribute-unchanged 'next-hop' + # set protocols bgp neighbor 203.0.113.5 ebgp-multihop '2' + # set protocols bgp neighbor 203.0.113.5 remote-as '101' + # set protocols bgp neighbor 203.0.113.5 update-source '192.0.2.25' + # set protocols bgp neighbor 5001::64 distribute-list export '20' + # set protocols bgp neighbor 5001::64 distribute-list import '40' + # set protocols bgp neighbor 5001::64 maximum-prefix '34' + # set protocols bgp network 192.1.13.0/24 'backdoor' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters confederation identifier '66' + # set protocols bgp parameters confederation peers '20' + # set protocols bgp parameters confederation peers '55' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters router-id '192.1.2.9' + # set protocols bgp redistribute connected route-map 'map01' + # set protocols bgp redistribute kernel metric '45' + # set protocols bgp timers keepalive '35' + # vyos@vyos:~$ + + + - name: Purge configuration + vyos.vyos.vyos_vrrp: + config: + as_number: "65536" + state: purged + + # After state: + + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # vyos@vyos:~$ + # + # Module Execution: + # + # "after": {}, + # "before": { + # "aggregate_address": [ + # { + # "prefix": "192.0.2.0/24", + # "summary_only": true + # }, + # { + # "prefix": "203.0.113.0/24", + # "as_set": true + # } + # ], + # "as_number": 65536, + # "bgp_params": { + # "bestpath": { + # "as_path": "confed", + # "compare_routerid": true + # }, + # "confederation": [ + # { + # "identifier": 66 + # }, + # { + # "peers": 20 + # }, + # { + # "peers": 55 + # } + # ], + # "default": { + # "no_ipv4_unicast": true + # }, + # "router_id": "192.1.2.9" + # }, + # "maximum_paths": [ + # { + # "count": 20, + # "path": "ebgp" + # }, + # { + # "count": 55, + # "path": "ibgp" + # } + # ], + # "neighbor": [ + # { + # "address": "192.0.2.25", + # "disable_connected_check": true, + # "timers": { + # "holdtime": 30, + # "keepalive": 10 + # } + # }, + # { + # "address": "203.0.113.5", + # "attribute_unchanged": { + # "as_path": true, + # "med": true, + # "next_hop": true + # }, + # "ebgp_multihop": 2, + # "remote_as": 101, + # "update_source": "192.0.2.25" + # }, + # { + # "address": "5001::64", + # "distribute_list": [ + # { + # "acl": 20, + # "action": "export" + # }, + # { + # "acl": 40, + # "action": "import" + # } + # ], + # "maximum_prefix": 34 + # } + # ], + # "network": [ + # { + # "address": "192.1.13.0/24", + # "backdoor": true + # } + # ], + # "redistribute": [ + # { + # "protocol": "connected", + # "route_map": "map01" + # }, + # { + # "metric": 45, + # "protocol": "kernel" + # } + # ], + # "timers": { + # "keepalive": 35 + # } + # }, + # "changed": true, + # "commands": [ + # "delete protocols bgp 65536" + # ], + + + # Deleted in presence of address family under neighbors: + + # Before state: + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.43 capability 'dynamic' + # set protocols bgp neighbor 192.0.2.43 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.43 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.43 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' + # set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters 'always-compare-med' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters dampening half-life '33' + # set protocols bgp parameters dampening max-suppress-time '20' + # set protocols bgp parameters dampening re-use '60' + # set protocols bgp parameters dampening start-suppress-time '5' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters distance global external '66' + # set protocols bgp parameters distance global internal '20' + # set protocols bgp parameters distance global local '10' + # set protocols bgp redistribute static route-map 'map01' + # vyos@vyos:~$ ^C + # vyos@vyos:~$ + + - name: Delete configuration + vyos.vyos.vyos_vrrp: + config: + as_number: "65536" + state: deleted + + # Module Execution: + # + # "changed": false, + # "invocation": { + # "module_args": { + # "config": { + # "aggregate_address": null, + # "as_number": 65536, + # "bgp_params": null, + # "maximum_paths": null, + # "neighbor": null, + # "network": null, + # "redistribute": null, + # "timers": null + # }, + # "running_config": null, + # "state": "deleted" + # } + # }, + # "msg": "Use the _bgp_address_family module to delete the address_family under neighbor 203.0.113.0, before replacing/deleting the neighbor." + # } + + # using gathered: + # -------------- + + # Before state: + # vyos@vyos:~$ show configuration commands | match "set protocols bgp" + # set protocols bgp system-as 65536 + # set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.43 capability 'dynamic' + # set protocols bgp neighbor 192.0.2.43 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.43 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.43 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' + # set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters 'always-compare-med' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters dampening half-life '33' + # set protocols bgp parameters dampening max-suppress-time '20' + # set protocols bgp parameters dampening re-use '60' + # set protocols bgp parameters dampening start-suppress-time '5' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters distance global external '66' + # set protocols bgp parameters distance global internal '20' + # set protocols bgp parameters distance global local '10' + # set protocols bgp redistribute static route-map 'map01' + # vyos@vyos:~$ ^C + + - name: gather configs + vyos.vyos.vyos_vrrp: + state: gathered + + # Module Execution: + # "gathered": { + # "as_number": 65536, + # "bgp_params": { + # "always_compare_med": true, + # "bestpath": { + # "as_path": "confed", + # "compare_routerid": true + # }, + # "default": { + # "no_ipv4_unicast": true + # }, + # "distance": [ + # { + # "type": "external", + # "value": 66 + # }, + # { + # "type": "internal", + # "value": 20 + # }, + # { + # "type": "local", + # "value": 10 + # } + # ] + # }, + # "neighbor": [ + # { + # "address": "192.0.2.43", + # "advertisement_interval": 72, + # "capability": { + # "dynamic": true + # }, + # "disable_connected_check": true, + # "timers": { + # "holdtime": 30, + # "keepalive": 10 + # } + # }, + # { + # "address": "203.0.113.0", + # "capability": { + # "orf": "receive" + # } + # } + # ], + # "network": [ + # { + # "address": "203.0.113.0/24", + # "route_map": "map01" + # } + # ], + # "redistribute": [ + # { + # "protocol": "static", + # "route_map": "map01" + # } + # ] + # }, + # + + # Using parsed: + # ------------ + + # parsed.cfg + + # set protocols bgp neighbor 192.0.2.43 advertisement-interval '72' + # set protocols bgp neighbor 192.0.2.43 capability 'dynamic' + # set protocols bgp neighbor 192.0.2.43 'disable-connected-check' + # set protocols bgp neighbor 192.0.2.43 timers holdtime '30' + # set protocols bgp neighbor 192.0.2.43 timers keepalive '10' + # set protocols bgp neighbor 203.0.113.0 address-family 'ipv6-unicast' + # set protocols bgp neighbor 203.0.113.0 capability orf prefix-list 'receive' + # set protocols bgp network 203.0.113.0/24 route-map 'map01' + # set protocols bgp parameters 'always-compare-med' + # set protocols bgp parameters bestpath as-path 'confed' + # set protocols bgp parameters bestpath 'compare-routerid' + # set protocols bgp parameters dampening half-life '33' + # set protocols bgp parameters dampening max-suppress-time '20' + # set protocols bgp parameters dampening re-use '60' + # set protocols bgp parameters dampening start-suppress-time '5' + # set protocols bgp parameters default 'no-ipv4-unicast' + # set protocols bgp parameters distance global external '66' + # set protocols bgp parameters distance global internal '20' + # set protocols bgp parameters distance global local '10' + # set protocols bgp redistribute static route-map 'map01' + + - name: parse configs + vyos.vyos.vyos_vrrp: + running_config: "{{ lookup('file', './parsed.cfg') }}" + state: parsed + tags: + - parsed + + # Module execution: + # "parsed": { + # "as_number": 65536, + # "bgp_params": { + # "always_compare_med": true, + # "bestpath": { + # "as_path": "confed", + # "compare_routerid": true + # }, + # "default": { + # "no_ipv4_unicast": true + # }, + # "distance": [ + # { + # "type": "external", + # "value": 66 + # }, + # { + # "type": "internal", + # "value": 20 + # }, + # { + # "type": "local", + # "value": 10 + # } + # ] + # }, + # "neighbor": [ + # { + # "address": "192.0.2.43", + # "advertisement_interval": 72, + # "capability": { + # "dynamic": true + # }, + # "disable_connected_check": true, + # "timers": { + # "holdtime": 30, + # "keepalive": 10 + # } + # }, + # { + # "address": "203.0.113.0", + # "capability": { + # "orf": "receive" + # } + # } + # ], + # "network": [ + # { + # "address": "203.0.113.0/24", + # "route_map": "map01" + # } + # ], + # "redistribute": [ + # { + # "protocol": "static", + # "route_map": "map01" + # } + # ] + # } + # + + # Using rendered: + # -------------- + + - name: Render + vyos.vyos.vyos_vrrp: + config: + as_number: "65536" + network: + - address: "203.0.113.0/24" + route_map: map01 + redistribute: + - protocol: "static" + route_map: "map01" + bgp_params: + always_compare_med: true + dampening: + start_suppress_time: 5 + max_suppress_time: 20 + half_life: 33 + re_use: 60 + distance: + - type: "internal" + value: 20 + - type: "local" + value: 10 + - type: "external" + value: 66 + bestpath: + as_path: "confed" + compare_routerid: true + default: + no_ipv4_unicast: true + neighbor: + - address: "192.0.2.43" + disable_connected_check: true + advertisement_interval: 72 + capability: + dynamic: true + timers: + holdtime: 30 + keepalive: 10 + - address: "203.0.113.0" + capability: + orf: "receive" + state: rendered + + # Module Execution: + # "rendered": [ + # "set protocols bgp neighbor 192.0.2.43 disable-connected-check", + # "set protocols bgp neighbor 192.0.2.43 advertisement-interval 72", + # "set protocols bgp neighbor 192.0.2.43 capability dynamic", + # "set protocols bgp neighbor 192.0.2.43 timers holdtime 30", + # "set protocols bgp neighbor 192.0.2.43 timers keepalive 10", + # "set protocols bgp neighbor 203.0.113.0 capability orf prefix-list receive", + # "set protocols bgp redistribute static route-map map01", + # "set protocols bgp network 203.0.113.0/24 route-map map01", + # "set protocols bgp parameters always-compare-med", + # "set protocols bgp parameters dampening half-life 33", + # "set protocols bgp parameters dampening max-suppress-time 20", + # "set protocols bgp parameters dampening re-use 60", + # "set protocols bgp parameters dampening start-suppress-time 5", + # "set protocols bgp parameters distance global internal 20", + # "set protocols bgp parameters distance global local 10", + # "set protocols bgp parameters distance global external 66", + # "set protocols bgp parameters bestpath as-path confed", + # "set protocols bgp parameters bestpath compare-routerid", + # "set protocols bgp parameters default no-ipv4-unicast" + # ] + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ dictionary +
+ 		when changed +
The resulting configuration after module execution.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ before + +
+ dictionary +
+ 		when state is merged, replaced, overridden, deleted or purged +
The configuration prior to the module execution.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ commands + +
+ list +
+ 		when state is merged, replaced, overridden, deleted or purged +
The set of commands pushed to the remote device.
+
+
Sample:
+
['set protocols bgp redistribute static route-map map01', 'set protocols bgp network 203.0.113.0/24 route-map map01', 'set protocols bgp parameters always-compare-med']
+
+
+ gathered + +
+ list +
+ 		when state is gathered +
Facts about the network resource gathered from the remote device as structured data.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ parsed + +
+ list +
+ 		when state is parsed +
The device native config provided in running_config option parsed into structured data as per module argspec.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ rendered + +
+ list +
+ 		when state is rendered +
The provided configuration in the task rendered in device-native format (offline).
+
+
Sample:
+
['set protocols bgp redistribute static route-map map01', 'set protocols bgp network 203.0.113.0/24 route-map map01', 'set protocols bgp parameters always-compare-med']
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Evgeny Molotkov (@omnom62) diff --git a/plugins/action/vyos_vrrp.py b/plugins/action/vyos_vrrp.py new file mode 120000 index 000000000..331a791fc --- /dev/null +++ b/plugins/action/vyos_vrrp.py @@ -0,0 +1 @@ +vyos.py \ No newline at end of file diff --git a/plugins/module_utils/network/vyos/argspec/vrrp/__init__.py b/plugins/module_utils/network/vyos/argspec/vrrp/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/plugins/module_utils/network/vyos/argspec/vrrp/vrrp.py b/plugins/module_utils/network/vyos/argspec/vrrp/vrrp.py new file mode 100644 index 000000000..7e00a2f84 --- /dev/null +++ b/plugins/module_utils/network/vyos/argspec/vrrp/vrrp.py @@ -0,0 +1,191 @@ +# -*- coding: utf-8 -*- +# Copyright 2024 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +############################################# +# WARNING # +############################################# +# +# This file is auto generated by the +# cli_rm_builder. +# +# Manually editing this file is not advised. +# +# To update the argspec make the desired changes +# in the module docstring and re-run +# cli_rm_builder. +# +############################################# + +""" +The arg spec for the vyos_vrrp module +""" + + +class VrrpArgs(object): # pylint: disable=R0903 + """The arg spec for the vyos_vrrp module""" + + argument_spec = { + "config": { + "type": "dict", + "required": False, + "options": { + "disable": {"type": "bool", "default": False}, + "virtual_servers": { + "type": "list", + "elements": "dict", + "options": { + "alias": {"type": "str", "required": True}, + "address": {"type": "str"}, + "algorithm": {"type": "str"}, + "delay_loop": {"type": "int"}, + "forward_method": {"type": "str", "choices": ["direct", "nat"]}, + "fwmark": {"type": "str"}, + "persistence_timeout": {"type": "str"}, + "port": {"type": "int"}, + "protocol": {"type": "str", "choices": ["tcp", "udp"]}, + "real_servers": { + "type": "list", + "elements": "dict", + "options": { + "address": {"type": "str", "required": True}, + "port": {"type": "int"}, + "health_check_script": {"type": "str"}, + }, + }, + }, + }, + "vrrp": { + "type": "dict", + "options": { + "global_parameters": { + "type": "dict", + "options": { + "garp": { + "type": "dict", + "options": { + "interval": {"type": "int"}, + "master_delay": {"type": "int"}, + "master_refresh": {"type": "int"}, + "master_refresh_repeat": {"type": "int"}, + "master_repeat": {"type": "int"}, + }, + }, + "startup_delay": {"type": "int"}, + "version": {"type": "str"}, + }, + }, + "groups": { + "type": "list", + "elements": "dict", + "options": { + "name": {"type": "str", "required": True}, + "address": {"type": "str"}, + "advertise_interval": {"type": "int"}, + "authentication": { + "type": "dict", + "options": { + "password": {"type": "str", "no_log": True}, + "type": {"type": "str"}, + }, + }, + "description": {"type": "str"}, + "disable": {"type": "bool", "default": False}, + "excluded_address": {"type": "str"}, + "garp": { + "type": "dict", + "options": { + "interval": {"type": "int"}, + "master_delay": {"type": "int"}, + "master_refresh": {"type": "int"}, + "master_refresh_repeat": {"type": "int"}, + "master_repeat": {"type": "int"}, + }, + }, + "health_check": { + "type": "dict", + "options": { + "failure_count": {"type": "int"}, + "interval": {"type": "int"}, + "ping": {"type": "str"}, + "script": {"type": "str"}, + }, + }, + "hello_source_address": {"type": "str"}, + "interface": {"type": "str"}, + "no_preempt": {"type": "bool"}, + "peer_address": {"type": "str"}, + "preempt_delay": {"type": "int"}, + "priority": {"type": "int"}, + "rfc3768_compatibility": {"type": "bool"}, + "track": { + "type": "dict", + "options": { + "exclude_vrrp_interface": {"type": "bool"}, + "interface": {"type": "str"}, + }, + }, + "transition_script": { + "type": "dict", + "options": { + "backup": {"type": "str"}, + "fault": {"type": "str"}, + "master": {"type": "str"}, + "stop": {"type": "str"}, + }, + }, + "vrid": {"type": "int", "required": True}, + }, + }, + "snmp": {"type": "bool"}, + "sync_groups": { + "type": "list", + "elements": "dict", + "options": { + "name": {"type": "str", "required": True}, + "health_check": { + "type": "dict", + "options": { + "failure_count": {"type": "int"}, + "interval": {"type": "int"}, + "ping": {"type": "str"}, + "script": {"type": "str"}, + }, + }, + "member": {"type": "list", "elements": "str"}, + "transition_script": { + "type": "dict", + "options": { + "backup": {"type": "str"}, + "fault": {"type": "str"}, + "master": {"type": "str"}, + "stop": {"type": "str"}, + }, + }, + }, + }, + }, + }, + }, + }, + "state": { + "type": "str", + "choices": [ + "deleted", + "merged", + "purged", + "replaced", + "gathered", + "rendered", + "parsed", + ], + "default": "merged", + }, + "running_config": {"type": "str"}, + } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/vyos/config/vrrp/__init__.py b/plugins/module_utils/network/vyos/config/vrrp/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/plugins/module_utils/network/vyos/config/vrrp/vrrp.py b/plugins/module_utils/network/vyos/config/vrrp/vrrp.py new file mode 100644 index 000000000..fc61ebb2d --- /dev/null +++ b/plugins/module_utils/network/vyos/config/vrrp/vrrp.py @@ -0,0 +1,214 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +""" +The vyos_vrrp config file. +It is in this file where the current configuration (as dict) +is compared to the provided configuration (as dict) and the command set +necessary to bring the current configuration to its desired end-state is +created. +""" + +from copy import deepcopy + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module import ( + ResourceModule, +) + +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import Facts +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.vrrp import ( + VrrpTemplate, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import combine +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version + + +# from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( +# dict_merge, +# ) + + +class Vrrp(ResourceModule): + """ + The vyos_vrrp config class + """ + + def __init__(self, module): + super(Vrrp, self).__init__( + empty_fact_val={}, + facts_module=Facts(module), + module=module, + resource="vrrp", + tmplt=VrrpTemplate(), + ) + self.parsers = [ + "disable", + ] + + def _validate_template(self): + version = get_os_version(self._module) + if LooseVersion(version) >= LooseVersion("1.4"): + self._tmplt = VrrpTemplate() + else: + self._module.fail_json(msg="VRRP is not supported in this version of VyOS") + + def parse(self): + """override parse to check template""" + self._validate_template() + return super().parse() + + def get_parser(self, name): + """get_parsers""" + self._validate_template() + return super().get_parser(name) + + def execute_module(self): + """Execute the module + + :rtype: A dictionary + :returns: The result from module execution + """ + if self.state not in ["parsed", "gathered"]: + self.generate_commands() + self.run_commands() + + return self.result + + def generate_commands(self): + """Generate configuration commands to send based on + want, have and desired state. + """ + wantd = {} + haved = {} + wantd = deepcopy(self.want) + haved = deepcopy(self.have) + + # self._module.fail_json(msg="WanT: " + str(self.want) + "========== H: " + str(self.have)) + + # if state is merged, merge want onto have and then compare + if self.state in ["merged"]: + wantd = combine(haved, wantd, recursive=True) + # self._module.fail_json(msg="Want: " + str(wantd) + "**** H: " + str(haved)) + + # if state is deleted, delete and empty out wantd + # if self.state == "deleted": + # w = deepcopy(wantd) + # if w == {} and haved != {}: + # self.commands = ["delete vrrp"] + # return + # for k, want in w.items(): + # if not (k in haved and haved[k]): + # del wantd[k] + # else: + # if isinstance(want, list): + # for entry in want: + # wname = entry.get("name") + # haved["instances"] = [ + # i for i in haved.get("instances", []) if i.get("name") != wname + # ] + # self.commands.append("delete vrrp name {}".format(wname)) + # else: + # self.commands.append("delete vrrp {}".format(k.replace("_", "-"))) + # del wantd[k] + # + # if self.state == "overridden": + # w = deepcopy(wantd) + # h = deepcopy(haved) + # for k, want in w.items(): + # if k in haved anzd haved[k] != want: + # if isinstance(want, list): + # for entry in want: + # wname = entry.get("name") + # hdict = next( + # (inst for inst in haved["instances"] if inst["name"] == wname), + # None, + # ) + # if entry != hdict: + # # self._module.fail_json(msg="Want: " + str(entry) + "**** H: " + str(hdict)) + # haved["instances"] = [ + # i for i in haved.get("instances", []) if i.get("name") != wname + # ] + # self.commands.append("delete vrrp name {}".format(wname)) + # self.commands.append("commit") + # + for k, want in wantd.items(): + if k == "vrrp": + self._compare_vrrp(want, haved.get(k, {})) + # self._module.fail_json(msg=k) + # if isinstance(want, list): + # self._module.fail_json(msg=str(want) + " +++ " + str(haved.pop(k, {}))) + self.compare( + parsers=self.parsers, + want={k: want}, + have={k: haved.pop(k, {})}, + ) + self._module.fail_json(msg=self.commands) + + # def _compare_vsrvs(self, want, have): + # """Compare virtual servers of VRRP.py""" + # parsers = [ + # "virtual_servers", + # "virtual_servers.real_servers", + # ] + # # self._module.fail_json(msg="want: " + str(want) + "**** have: " + str(have)) + # + # # for entry in want: + # # h = {} + # # wname = entry.get("name") + # # # h = next((vrrp for vrrp in have if vrrp["name"] == wname), {}) + # # h = { + # # k: v + # # for vrrp in have + # # if vrrp.get("name") == wname + # # for k, v in vrrp.items() + # # if k != "address_family" + # # } + # self.compare(parsers=parsers, want=entry, have=h) + # + # if "address_family" in entry: + # wafi = {"name": wname, "address_family": entry.get("address_family", [])} + # # hdict = next((item for item in have if item["name"] == wname), None) + # hdict = next((d for d in have if d.get("name") == wname), None) + # + # hafi = { + # "name": (hdict or {"name": wname})["name"], + # "address_family": hdict.get("address_family", []) if hdict else [], + # } + + # self._module.fail_json(msg="wafi: " + str(wafi) + "**** hafi: " + str(hafi)) + + def _compare_vrrp(self, want, have): + """Compare the instances of VRRP""" + vrrp_parsers = [ + "vrrp.snmp", + "vrrp.sync_groups.member", + # "vrrp.sync_groups.health_check", + # "vrrp.sync_groups.transition_script", + "vrrp.global_parameters.garp", + "vrrp.global_parameters", + # "version", + # "vrrp.group", + # "vrrp.group.aunthentication", + # "vrrp.group.garp", + # "vrrp.group.transition_script", + # "vrrp.group.health_check", + # "vrrp.group.track", + # "vrrp.group.transition_script", + ] + # self._module.fail_json(msg="wvrrp: " + str(want) + "**** hvrrp: " + str(have)) + + # self._module.fail_json(msg="want: " + str(want) + "**** have: " + str(have)) + + self.compare(parsers=vrrp_parsers, want={"vrrp": want}, have={"vrrp": have}) diff --git a/plugins/module_utils/network/vyos/facts/facts.py b/plugins/module_utils/network/vyos/facts/facts.py index 74bbda747..8cd7cbce9 100644 --- a/plugins/module_utils/network/vyos/facts/facts.py +++ b/plugins/module_utils/network/vyos/facts/facts.py @@ -80,6 +80,9 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.static_routes.static_routes import ( Static_routesFacts, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.vrrp.vrrp import ( + VrrpFacts, +) FACT_LEGACY_SUBSETS = dict(default=Default, neighbors=Neighbors, config=Config) @@ -104,6 +107,7 @@ ntp_global=Ntp_globalFacts, snmp_server=Snmp_serverFacts, hostname=HostnameFacts, + vrrp=VrrpFacts, ) diff --git a/plugins/module_utils/network/vyos/facts/vrrp/__init__.py b/plugins/module_utils/network/vyos/facts/vrrp/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/plugins/module_utils/network/vyos/facts/vrrp/vrrp.py b/plugins/module_utils/network/vyos/facts/vrrp/vrrp.py new file mode 100644 index 000000000..7ab044f90 --- /dev/null +++ b/plugins/module_utils/network/vyos/facts/vrrp/vrrp.py @@ -0,0 +1,149 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +""" +The vyos vrrp fact class +It is in this file the configuration is collected from the device +for a given resource, parsed, and the facts tree is populated +based on the configuration. +""" + +import re + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import utils + +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.vrrp.vrrp import ( + VrrpArgs, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.vrrp import ( + VrrpTemplate, +) + + +class VrrpFacts(object): + """The vyos vrrp facts class""" + + def __init__(self, module, subspec="config", options="options"): + self._module = module + self.argument_spec = VrrpArgs.argument_spec + + def get_device_data(self, connection): + return connection.get('show configuration commands | match "set high-availability"') + + def get_config_set(self, data, connection): + """To classify the configurations beased on vrrp""" + config_dict = {} + for config_line in data.splitlines(): + vrrp_grp = re.search(r"set high-availability vrrp group (\S+).*", config_line) + vrrp_gp = re.search( + r"set high-availability vrrp global-parameters (\S+).*", + config_line, + ) + vrrp_sg = re.search(r"set high-availability vrrp sync-group (\S+).*", config_line) + vrrp_vsrv = re.search(r"set high-availability virtual-server (\S+).*", config_line) + vrrp_disable = re.search(r"set high-availability disable", config_line) + vrrp_snmp = re.search(r"set high-availability vrrp snmp", config_line) + if vrrp_disable: + config_dict["disable"] = config_dict.get("disable", "") + config_line + "\n" + if vrrp_gp: + config_dict["global_parameters"] = ( + config_dict.get(vrrp_gp.group(1), "") + config_line + "\n" + ) + if vrrp_vsrv: + config_dict[vrrp_vsrv.group(1)] = ( + config_dict.get(vrrp_vsrv.group(1), "") + config_line + "\n" + ) + if vrrp_sg: + config_dict[vrrp_sg.group(1)] = ( + config_dict.get(vrrp_sg.group(1), "") + config_line + "\n" + ) + if vrrp_grp: + config_dict[vrrp_grp.group(1)] = ( + config_dict.get(vrrp_grp.group(1), "") + config_line + "\n" + ) + return list(config_dict.values()) + + def deep_merge(self, dest, src): + for key, value in src.items(): + if key in dest and isinstance(dest[key], dict) and isinstance(value, dict): + self.deep_merge(dest[key], value) + else: + dest[key] = value + return dest + + def populate_facts(self, connection, ansible_facts, data=None): + """Populate the facts for vrrp network resource + + :param connection: the device connection + :param ansible_facts: Facts dictionary + :param data: previously collected conf + + :rtype: dictionary + :returns: facts + """ + facts = {} + objs = {} + config_lines = [] + + if not data: + data = self.get_device_data(connection) + resources = self.get_config_set(data, connection) + vrrp_facts = {"disable": False, "virtual_servers": {}, "vrrp": {}} + for resource in resources: + vrrp_parser = VrrpTemplate( + lines=resource.split("\n"), + module=self._module, + ) + objs = vrrp_parser.parse() + if "disable" in objs: + vrrp_facts["disable"] = objs["disable"] + for section in ("virtual_servers", "vrrp"): + if section in objs: + for name, data in objs[section].items(): + existing = vrrp_facts[section].get(name, {}) + vrrp_facts[section][name] = self.deep_merge(existing, data) + ansible_facts["ansible_network_resources"].pop("vrrp", None) + # + vrrp_facts = self.normalize_config(vrrp_facts) + # + validate_parser = VrrpTemplate(lines=[], module=self._module) + params = utils.remove_empties( + validate_parser.validate_config( + self.argument_spec, + {"config": vrrp_facts}, + redact=True, + ), + ) + + facts["vrrp"] = params.get("config", []) + ansible_facts["ansible_network_resources"].update(facts) + return ansible_facts + + def normalize_config(self, config): + if not config: + return config + + # Normalize virtual_servers + if isinstance(config.get("virtual_servers"), dict): + config["virtual_servers"] = list(config["virtual_servers"].values()) + + # Normalize vrrp + vrrp = config.get("vrrp", {}) + if isinstance(vrrp.get("groups"), dict): + vrrp["groups"] = list(vrrp["groups"].values()) + if isinstance(vrrp.get("sync_groups"), dict): + vrrp["sync_groups"] = list(vrrp["sync_groups"].values()) + + # Normalize real_server inside each virtual_server + for vs in config.get("virtual_servers", []): + if isinstance(vs.get("real_servers"), dict): + vs["real_servers"] = list(vs["real_servers"].values()) + + return config diff --git a/plugins/module_utils/network/vyos/rm_templates/vrrp.py b/plugins/module_utils/network/vyos/rm_templates/vrrp.py new file mode 100644 index 000000000..778db3a6a --- /dev/null +++ b/plugins/module_utils/network/vyos/rm_templates/vrrp.py @@ -0,0 +1,763 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + + +__metaclass__ = type + +""" +The Bgp_global parser templates file. This contains +a list of parser definitions and associated functions that +facilitates both facts gathering and native command generation for +the given network resource. +""" + +import re + +# from ansible.module_utils.six import iteritems +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.network_template import ( + NetworkTemplate, +) + + +def _tmplt_vsrvs(config_data): + config_data = config_data["virtual-server"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +def _tmplt_vsrvs_rsrv(config_data): + config_data = config_data["virtual-server"]["real_servers"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +def _tmplt_sgroup_hc(config_data): + config_data = config_data["sync-group"]["health-check"] + command = [] + cmd = "high-availability vrrp sync-group health-check {health_check}".format(**config_data) + if "failure_count" in config_data: + failure_count_cmd = cmd + " failure-count {failure_count}".format(**config_data) + command.append(failure_count_cmd) + if "interval" in config_data: + interval_cmd = cmd + " interval {interval}".format(**config_data) + command.append(interval_cmd) + if "ping" in config_data: + ping_cmd = cmd + " ping {ping}".format(**config_data) + command.append(ping_cmd) + if "script" in config_data: + script_cmd = cmd + " script {script}".format(**config_data) + command.append(script_cmd) + return command + + +def _tmplt_sgroup_ts(config_data): + config_data = config_data["sync-group"]["transition-script"] + command = [] + cmd = "high-availability vrrp sync-group transition-script {transition_script}".format( + **config_data, + ) + if "backup" in config_data: + backup_cmd = cmd + " backup {backup}".format(**config_data) + command.append(backup_cmd) + if "fault" in config_data: + fault_cmd = cmd + " fault {fault}".format(**config_data) + command.append(fault_cmd) + if "master" in config_data: + master_cmd = cmd + " master {master}".format(**config_data) + command.append(master_cmd) + if "stop" in config_data: + stop_cmd = cmd + " stop {stop}".format(**config_data) + command.append(stop_cmd) + return command + + +def _tmplt_vrrp_gp(config_data): + config_data = config_data["vrrp"]["global_parameters"] + command = [] + cmd = "high-availability vrrp global-parameters {global_parameters}".format(**config_data) + if "version" in config_data: + version_cmd = cmd + " version {version}".format(**config_data) + command.append(version_cmd) + if "startup_delay" in config_data: + startup_delay_cmd = cmd + " startup-delay {startup_delay}".format(**config_data) + command.append(startup_delay_cmd) + return command + + +def _tmplt_vrrp_gp_garp(config_data): + config_data = config_data["vrrp"]["global_parameters"]["garp"] + command = [] + cmd = "high-availability vrrp global-parameters garp {garp}".format(**config_data) + if "interval" in config_data: + interval_cmd = cmd + " interval {interval}".format(**config_data) + command.append(interval_cmd) + if "master_delay" in config_data: + master_delay_cmd = cmd + " master-delay {master_delay}".format(**config_data) + command.append(master_delay_cmd) + if "master_refresh" in config_data: + master_refresh_cmd = cmd + " master-refresh {master_refresh}".format(**config_data) + command.append(master_refresh_cmd) + if "master_refresh_repeat" in config_data: + master_refresh_repeat_cmd = cmd + " master-refresh-repeat {master_refresh_repeat}".format( + **config_data, + ) + command.append(master_refresh_repeat_cmd) + if "master_repeat" in config_data: + master_repeat_cmd = cmd + " master-repeat {master_repeat}".format(**config_data) + command.append(master_repeat_cmd) + return command + + +def _tmplt_vrrp_group(config_data): + config_data = config_data["vrrp"]["group"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +def _tmplt_vrrp_group_track(config_data): + config_data = config_data["vrrp"]["group"]["track"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +def _tmplt_vrrp_group_hc(config_data): + config_data = config_data["vrrp"]["group"]["health-check"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +def _tmplt_vrrp_group_ts(config_data): + config_data = config_data["vrrp"]["group"]["transcription-script"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +def _tmplt_vrrp_group_garp(config_data): + config_data = config_data["vrrp"]["group"]["garp"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +def _tmplt_vrrp_group_auth(config_data): + config_data = config_data["vrrp"]["group"]["authentication"] + command = [] + # cmd = "service snmp v3 group {group}".format(**config_data) + # if "mode" in config_data: + # mode_cmd = cmd + " mode {mode}".format(**config_data) + # command.append(mode_cmd) + # if "seclevel" in config_data: + # sec_cmd = cmd + " seclevel {seclevel}".format(**config_data) + # command.append(sec_cmd) + # if "view" in config_data: + # view_cmd = cmd + " view {view}".format(**config_data) + # command.append(view_cmd) + return command + + +class VrrpTemplate(NetworkTemplate): + def __init__(self, lines=None, module=None): + prefix = {"set": "set", "remove": "delete"} + super(VrrpTemplate, self).__init__( + lines=lines, + tmplt=self, + prefix=prefix, + module=module, + ) + + # fmt: off + PARSERS = [ + { + "name": "disable", + "getval": re.compile( + r""" + ^set + \shigh-availability + \s(?Pdisable) + $""", + re.VERBOSE, + ), + "setval": "high-availability disable", + "result": { + "disable": "{{ True if disable is defined }}", + }, + }, + { + "name": "virtual_servers", + "getval": re.compile( + r""" + ^set\shigh-availability\svirtual-server + \s+(?P\S+) + (?:\s+address\s+(?P
\S+))? + (?:\s+algorithm\s+(?P\S+))? + (?:\s+delay-loop\s+(?P\S+))? + (?:\s+forward-method\s+(?P\S+))? + (?:\s+fwmark\s+(?P\S+))? + (?:\s+persistence-timeout\s+(?P\S+))? + (?:\s+port\s+(?P\S+))? + (?:\s+protocol\s+(?P\S+))? + $ + """, + re.VERBOSE, + ), + "setval": _tmplt_vsrvs, + "result": { + "virtual_servers": { + "{{ alias }}": { + "alias": "{{ alias }}", + "address": "{{ address if address is defined else None }}", + "algorithm": "{{ algorithm if algorithm is defined else None }}", + "delay_loop": "{{ delay_loop if delay_loop is defined else None }}", + "forward_method": "{{ forward_method if forward_method is defined else None }}", + "fwmark": "{{ fwmark if fwmark is defined else None }}", + "persistence_timeout": "{{ persistence_timeout if persistence_timeout is defined else None }}", + "port": "{{ port if port is defined else None }}", + "protocol": "{{ protocol if protocol is defined else None }}", + }, + }, + }, + }, + { + "name": "virtual_servers.real_servers", + "getval": re.compile( + r""" + ^set\shigh-availability\svirtual-server + \s+(?P\S+) + \sreal-server + \s+(?P
\S+) + (?:\s+port\s+(?P\S+))? + (?:\s+health-check\sscript\s+(?P\S+))? + (?:\s+connection-timeout\s+(?P\S+))? + $ + """, + re.VERBOSE, + ), + "setval": _tmplt_vsrvs_rsrv, + # "compval": "global_parameters.garp.master_refersh_repeat", + "result": { + "virtual_servers": { + "{{ alias }}": { + "alias": "{{ alias }}", + "real_servers": { + "{{ address }}": { + "address": "{{ address }}", + "port": "{{ port if port is defined else None }}", + "health_check_script": "{{ hcscript if hcscript is defined else None }}", + "connection_timeout": "{{ cont if cont is defined else None }}", + }, + }, + }, + }, + }, + }, + # { + # "name": "vrrp.sync_groups.member", + # "getval": re.compile( + # r""" + # ^set\shigh-availability\svrrp\ssync-group + # \s+(?P\S+) + # \smember + # \s+(?P\S+) + # $ + # """, + # re.VERBOSE, + # ), + # "setval": "set high-availability vrrp sync-group {{sgname}} member {{member}}", + # "result": { + # "vrrp": { + # "sync_groups": { + # "{{ sgname }}": { + # "name": "{{ sgname }}", + # "member": [ + # "{{ member }}" + # ], + # }, + # }, + # }, + # }, + # }, + { + "name": "vrrp.sync_groups.member", + "getval": re.compile( + r""" + ^set\shigh-availability\svrrp\ssync-group + \s+(?P\S+) + \smember + \s+(?P\S+) + $ + """, + re.VERBOSE, + ), + "setval": "set high-availability vrrp sync-group {{sgname}} member {{member}}", + "result": { + "vrrp": { + "sync_groups": [ + { + "name": "{{ sgname }}", + "member": ["{{ member }}"], + }, + ], + }, + }, + }, + { + "name": "vrrp.sync_groups.health_check", + "getval": re.compile( + r""" + ^set\shigh-availability\svrrp\ssync-group + \s+(?P\S+) + \shealth-check + (?:\s+failure-count\s+(?P\S+)) + ?(?:\s+interval\s+(?P\S+)) + ?(?:\s+ping\s+(?P\S+)) + ?(?:\s+script\s+(?P