mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
980 lines
35 KiB
Python
980 lines
35 KiB
Python
|
#!/usr/bin/python
|
||
|
#
|
||
|
# This file is part of Ansible
|
||
|
#
|
||
|
# Ansible is free software: you can redistribute it and/or modify
|
||
|
# it under the terms of the GNU General Public License as published by
|
||
|
# the Free Software Foundation, either version 3 of the License, or
|
||
|
# (at your option) any later version.
|
||
|
#
|
||
|
# Ansible is distributed in the hope that it will be useful,
|
||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
# GNU General Public License for more details.
|
||
|
#
|
||
|
# You should have received a copy of the GNU General Public License
|
||
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||
|
#
|
||
|
|
||
|
from __future__ import (absolute_import, division, print_function)
|
||
|
__metaclass__ = type
|
||
|
|
||
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||
|
'status': ['preview'],
|
||
|
'supported_by': 'community'}
|
||
|
|
||
|
DOCUMENTATION = '''
|
||
|
---
|
||
|
module: ce_snmp_community
|
||
|
short_description: Manages SNMP community configuration on HUAWEI CloudEngine switches.
|
||
|
description:
|
||
|
- Manages SNMP community configuration on HUAWEI CloudEngine switches.
|
||
|
author:
|
||
|
- wangdezhuang (@QijunPan)
|
||
|
notes:
|
||
|
- This module requires the netconf system service be enabled on the remote device being managed.
|
||
|
- Recommended connection is C(netconf).
|
||
|
- This module also works with C(local) connections for legacy playbooks.
|
||
|
options:
|
||
|
acl_number:
|
||
|
description:
|
||
|
- Access control list number.
|
||
|
community_name:
|
||
|
description:
|
||
|
- Unique name to identify the community.
|
||
|
access_right:
|
||
|
description:
|
||
|
- Access right read or write.
|
||
|
choices: ['read','write']
|
||
|
community_mib_view:
|
||
|
description:
|
||
|
- Mib view name.
|
||
|
group_name:
|
||
|
description:
|
||
|
- Unique name to identify the SNMPv3 group.
|
||
|
security_level:
|
||
|
description:
|
||
|
- Security level indicating whether to use authentication and encryption.
|
||
|
choices: ['noAuthNoPriv', 'authentication', 'privacy']
|
||
|
read_view:
|
||
|
description:
|
||
|
- Mib view name for read.
|
||
|
write_view:
|
||
|
description:
|
||
|
- Mib view name for write.
|
||
|
notify_view:
|
||
|
description:
|
||
|
- Mib view name for notification.
|
||
|
state:
|
||
|
description:
|
||
|
- Manage the state of the resource.
|
||
|
default: present
|
||
|
choices: ['present','absent']
|
||
|
'''
|
||
|
|
||
|
EXAMPLES = '''
|
||
|
|
||
|
- name: CloudEngine snmp community test
|
||
|
hosts: cloudengine
|
||
|
connection: local
|
||
|
gather_facts: no
|
||
|
vars:
|
||
|
cli:
|
||
|
host: "{{ inventory_hostname }}"
|
||
|
port: "{{ ansible_ssh_port }}"
|
||
|
username: "{{ username }}"
|
||
|
password: "{{ password }}"
|
||
|
transport: cli
|
||
|
|
||
|
tasks:
|
||
|
|
||
|
- name: "Config SNMP community"
|
||
|
ce_snmp_community:
|
||
|
state: present
|
||
|
community_name: Wdz123456789
|
||
|
access_right: write
|
||
|
provider: "{{ cli }}"
|
||
|
|
||
|
- name: "Undo SNMP community"
|
||
|
ce_snmp_community:
|
||
|
state: absent
|
||
|
community_name: Wdz123456789
|
||
|
access_right: write
|
||
|
provider: "{{ cli }}"
|
||
|
|
||
|
- name: "Config SNMP group"
|
||
|
ce_snmp_community:
|
||
|
state: present
|
||
|
group_name: wdz_group
|
||
|
security_level: noAuthNoPriv
|
||
|
acl_number: 2000
|
||
|
provider: "{{ cli }}"
|
||
|
|
||
|
- name: "Undo SNMP group"
|
||
|
ce_snmp_community:
|
||
|
state: absent
|
||
|
group_name: wdz_group
|
||
|
security_level: noAuthNoPriv
|
||
|
acl_number: 2000
|
||
|
provider: "{{ cli }}"
|
||
|
'''
|
||
|
|
||
|
RETURN = '''
|
||
|
changed:
|
||
|
description: check to see if a change was made on the device
|
||
|
returned: always
|
||
|
type: bool
|
||
|
sample: true
|
||
|
proposed:
|
||
|
description: k/v pairs of parameters passed into module
|
||
|
returned: always
|
||
|
type: dict
|
||
|
sample: {"acl_number": "2000", "group_name": "wdz_group",
|
||
|
"security_level": "noAuthNoPriv", "state": "present"}
|
||
|
existing:
|
||
|
description: k/v pairs of existing aaa server
|
||
|
returned: always
|
||
|
type: dict
|
||
|
sample: {}
|
||
|
end_state:
|
||
|
description: k/v pairs of aaa params after module execution
|
||
|
returned: always
|
||
|
type: dict
|
||
|
sample: {"snmp v3 group": {"snmp_group": ["wdz_group", "noAuthNoPriv", "2000"]}}
|
||
|
updates:
|
||
|
description: command sent to the device
|
||
|
returned: always
|
||
|
type: list
|
||
|
sample: ["snmp-agent group v3 wdz_group noauthentication acl 2000"]
|
||
|
'''
|
||
|
|
||
|
from xml.etree import ElementTree
|
||
|
from ansible.module_utils.basic import AnsibleModule
|
||
|
from ansible_collections.community.general.plugins.module_utils.network.cloudengine.ce import get_nc_config, set_nc_config, ce_argument_spec
|
||
|
|
||
|
|
||
|
# get snmp community
|
||
|
CE_GET_SNMP_COMMUNITY_HEADER = """
|
||
|
<filter type="subtree">
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<communitys>
|
||
|
<community>
|
||
|
<communityName></communityName>
|
||
|
<accessRight></accessRight>
|
||
|
"""
|
||
|
CE_GET_SNMP_COMMUNITY_TAIL = """
|
||
|
</community>
|
||
|
</communitys>
|
||
|
</snmp>
|
||
|
</filter>
|
||
|
"""
|
||
|
# merge snmp community
|
||
|
CE_MERGE_SNMP_COMMUNITY_HEADER = """
|
||
|
<config>
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<communitys>
|
||
|
<community operation="merge">
|
||
|
<communityName>%s</communityName>
|
||
|
<accessRight>%s</accessRight>
|
||
|
"""
|
||
|
CE_MERGE_SNMP_COMMUNITY_TAIL = """
|
||
|
</community>
|
||
|
</communitys>
|
||
|
</snmp>
|
||
|
</config>
|
||
|
"""
|
||
|
# create snmp community
|
||
|
CE_CREATE_SNMP_COMMUNITY_HEADER = """
|
||
|
<config>
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<communitys>
|
||
|
<community operation="create">
|
||
|
<communityName>%s</communityName>
|
||
|
<accessRight>%s</accessRight>
|
||
|
"""
|
||
|
CE_CREATE_SNMP_COMMUNITY_TAIL = """
|
||
|
</community>
|
||
|
</communitys>
|
||
|
</snmp>
|
||
|
</config>
|
||
|
"""
|
||
|
# delete snmp community
|
||
|
CE_DELETE_SNMP_COMMUNITY_HEADER = """
|
||
|
<config>
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<communitys>
|
||
|
<community operation="delete">
|
||
|
<communityName>%s</communityName>
|
||
|
<accessRight>%s</accessRight>
|
||
|
"""
|
||
|
CE_DELETE_SNMP_COMMUNITY_TAIL = """
|
||
|
</community>
|
||
|
</communitys>
|
||
|
</snmp>
|
||
|
</config>
|
||
|
"""
|
||
|
|
||
|
# get snmp v3 group
|
||
|
CE_GET_SNMP_V3_GROUP_HEADER = """
|
||
|
<filter type="subtree">
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<snmpv3Groups>
|
||
|
<snmpv3Group>
|
||
|
<groupName></groupName>
|
||
|
<securityLevel></securityLevel>
|
||
|
"""
|
||
|
CE_GET_SNMP_V3_GROUP_TAIL = """
|
||
|
</snmpv3Group>
|
||
|
</snmpv3Groups>
|
||
|
</snmp>
|
||
|
</filter>
|
||
|
"""
|
||
|
# merge snmp v3 group
|
||
|
CE_MERGE_SNMP_V3_GROUP_HEADER = """
|
||
|
<config>
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<snmpv3Groups>
|
||
|
<snmpv3Group operation="merge">
|
||
|
<groupName>%s</groupName>
|
||
|
<securityLevel>%s</securityLevel>
|
||
|
"""
|
||
|
CE_MERGE_SNMP_V3_GROUP_TAIL = """
|
||
|
</snmpv3Group>
|
||
|
</snmpv3Groups>
|
||
|
</snmp>
|
||
|
</config>
|
||
|
"""
|
||
|
# create snmp v3 group
|
||
|
CE_CREATE_SNMP_V3_GROUP_HEADER = """
|
||
|
<config>
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<snmpv3Groups>
|
||
|
<snmpv3Group operation="create">
|
||
|
<groupName>%s</groupName>
|
||
|
<securityLevel>%s</securityLevel>
|
||
|
"""
|
||
|
CE_CREATE_SNMP_V3_GROUP_TAIL = """
|
||
|
</snmpv3Group>
|
||
|
</snmpv3Groups>
|
||
|
</snmp>
|
||
|
</config>
|
||
|
"""
|
||
|
# delete snmp v3 group
|
||
|
CE_DELETE_SNMP_V3_GROUP_HEADER = """
|
||
|
<config>
|
||
|
<snmp xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
|
||
|
<snmpv3Groups>
|
||
|
<snmpv3Group operation="delete">
|
||
|
<groupName>%s</groupName>
|
||
|
<securityLevel>%s</securityLevel>
|
||
|
"""
|
||
|
CE_DELETE_SNMP_V3_GROUP_TAIL = """
|
||
|
</snmpv3Group>
|
||
|
</snmpv3Groups>
|
||
|
</snmp>
|
||
|
</config>
|
||
|
"""
|
||
|
|
||
|
|
||
|
class SnmpCommunity(object):
|
||
|
""" Manages SNMP community configuration """
|
||
|
|
||
|
def netconf_get_config(self, **kwargs):
|
||
|
""" Get configure through netconf """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
conf_str = kwargs["conf_str"]
|
||
|
|
||
|
xml_str = get_nc_config(module, conf_str)
|
||
|
|
||
|
return xml_str
|
||
|
|
||
|
def netconf_set_config(self, **kwargs):
|
||
|
""" Set configure through netconf """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
conf_str = kwargs["conf_str"]
|
||
|
|
||
|
xml_str = set_nc_config(module, conf_str)
|
||
|
|
||
|
return xml_str
|
||
|
|
||
|
def check_snmp_community_args(self, **kwargs):
|
||
|
""" Check snmp community args """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
result = dict()
|
||
|
need_cfg = False
|
||
|
result["community_info"] = []
|
||
|
state = module.params['state']
|
||
|
community_name = module.params['community_name']
|
||
|
access_right = module.params['access_right']
|
||
|
acl_number = module.params['acl_number']
|
||
|
community_mib_view = module.params['community_mib_view']
|
||
|
|
||
|
if community_name and access_right:
|
||
|
if len(community_name) > 32 or len(community_name) == 0:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of community_name %s is out of [1 - 32].' % community_name)
|
||
|
|
||
|
if acl_number:
|
||
|
if acl_number.isdigit():
|
||
|
if int(acl_number) > 2999 or int(acl_number) < 2000:
|
||
|
module.fail_json(
|
||
|
msg='Error: The value of acl_number %s is out of [2000 - 2999].' % acl_number)
|
||
|
else:
|
||
|
if not acl_number[0].isalpha() or len(acl_number) > 32 or len(acl_number) < 1:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of acl_number %s is out of [1 - 32] or is invalid.' % acl_number)
|
||
|
|
||
|
if community_mib_view:
|
||
|
if len(community_mib_view) > 32 or len(community_mib_view) == 0:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of community_mib_view %s is out of [1 - 32].' % community_mib_view)
|
||
|
|
||
|
conf_str = CE_GET_SNMP_COMMUNITY_HEADER
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber></aclNumber>"
|
||
|
if community_mib_view:
|
||
|
conf_str += "<mibViewName></mibViewName>"
|
||
|
|
||
|
conf_str += CE_GET_SNMP_COMMUNITY_TAIL
|
||
|
recv_xml = self.netconf_get_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<data/>" in recv_xml:
|
||
|
if state == "present":
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
xml_str = recv_xml.replace('\r', '').replace('\n', '').\
|
||
|
replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
|
||
|
replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
|
||
|
|
||
|
root = ElementTree.fromstring(xml_str)
|
||
|
community_info = root.findall("snmp/communitys/community")
|
||
|
if community_info:
|
||
|
for tmp in community_info:
|
||
|
tmp_dict = dict()
|
||
|
for site in tmp:
|
||
|
if site.tag in ["communityName", "accessRight", "aclNumber", "mibViewName"]:
|
||
|
tmp_dict[site.tag] = site.text
|
||
|
|
||
|
result["community_info"].append(tmp_dict)
|
||
|
|
||
|
if result["community_info"]:
|
||
|
community_name_list = list()
|
||
|
for tmp in result["community_info"]:
|
||
|
if "communityName" in tmp.keys():
|
||
|
community_name_list.append(tmp["communityName"])
|
||
|
|
||
|
if community_name not in community_name_list:
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
need_cfg_bool = True
|
||
|
|
||
|
for tmp in result["community_info"]:
|
||
|
if tmp["communityName"] == community_name:
|
||
|
|
||
|
cfg_bool_list = list()
|
||
|
|
||
|
if access_right:
|
||
|
if "accessRight" in tmp.keys():
|
||
|
need_cfg_access = False
|
||
|
if tmp["accessRight"] != access_right:
|
||
|
need_cfg_access = True
|
||
|
else:
|
||
|
need_cfg_access = True
|
||
|
|
||
|
cfg_bool_list.append(need_cfg_access)
|
||
|
|
||
|
if acl_number:
|
||
|
if "aclNumber" in tmp.keys():
|
||
|
need_cfg_acl = False
|
||
|
if tmp["aclNumber"] != acl_number:
|
||
|
need_cfg_acl = True
|
||
|
else:
|
||
|
need_cfg_acl = True
|
||
|
|
||
|
cfg_bool_list.append(need_cfg_acl)
|
||
|
|
||
|
if community_mib_view:
|
||
|
if "mibViewName" in tmp.keys():
|
||
|
need_cfg_mib = False
|
||
|
if tmp["mibViewName"] != community_mib_view:
|
||
|
need_cfg_mib = True
|
||
|
else:
|
||
|
need_cfg_mib = True
|
||
|
cfg_bool_list.append(need_cfg_mib)
|
||
|
|
||
|
if True not in cfg_bool_list:
|
||
|
need_cfg_bool = False
|
||
|
|
||
|
if state == "present":
|
||
|
if not need_cfg_bool:
|
||
|
need_cfg = False
|
||
|
else:
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
if not need_cfg_bool:
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
need_cfg = False
|
||
|
|
||
|
result["need_cfg"] = need_cfg
|
||
|
return result
|
||
|
|
||
|
def check_snmp_v3_group_args(self, **kwargs):
|
||
|
""" Check snmp v3 group args """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
result = dict()
|
||
|
need_cfg = False
|
||
|
result["group_info"] = []
|
||
|
state = module.params['state']
|
||
|
group_name = module.params['group_name']
|
||
|
security_level = module.params['security_level']
|
||
|
acl_number = module.params['acl_number']
|
||
|
read_view = module.params['read_view']
|
||
|
write_view = module.params['write_view']
|
||
|
notify_view = module.params['notify_view']
|
||
|
|
||
|
community_name = module.params['community_name']
|
||
|
access_right = module.params['access_right']
|
||
|
|
||
|
if group_name and security_level:
|
||
|
|
||
|
if community_name and access_right:
|
||
|
module.fail_json(
|
||
|
msg='Error: Community is used for v1/v2c, group_name is used for v3, do not '
|
||
|
'input at the same time.')
|
||
|
|
||
|
if len(group_name) > 32 or len(group_name) == 0:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of group_name %s is out of [1 - 32].' % group_name)
|
||
|
|
||
|
if acl_number:
|
||
|
if acl_number.isdigit():
|
||
|
if int(acl_number) > 2999 or int(acl_number) < 2000:
|
||
|
module.fail_json(
|
||
|
msg='Error: The value of acl_number %s is out of [2000 - 2999].' % acl_number)
|
||
|
else:
|
||
|
if not acl_number[0].isalpha() or len(acl_number) > 32 or len(acl_number) < 1:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of acl_number %s is out of [1 - 32] or is invalid.' % acl_number)
|
||
|
|
||
|
if read_view:
|
||
|
if len(read_view) > 32 or len(read_view) < 1:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of read_view %s is out of [1 - 32].' % read_view)
|
||
|
|
||
|
if write_view:
|
||
|
if len(write_view) > 32 or len(write_view) < 1:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of write_view %s is out of [1 - 32].' % write_view)
|
||
|
|
||
|
if notify_view:
|
||
|
if len(notify_view) > 32 or len(notify_view) < 1:
|
||
|
module.fail_json(
|
||
|
msg='Error: The len of notify_view %s is out of [1 - 32].' % notify_view)
|
||
|
|
||
|
conf_str = CE_GET_SNMP_V3_GROUP_HEADER
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber></aclNumber>"
|
||
|
if read_view:
|
||
|
conf_str += "<readViewName></readViewName>"
|
||
|
if write_view:
|
||
|
conf_str += "<writeViewName></writeViewName>"
|
||
|
if notify_view:
|
||
|
conf_str += "<notifyViewName></notifyViewName>"
|
||
|
|
||
|
conf_str += CE_GET_SNMP_V3_GROUP_TAIL
|
||
|
recv_xml = self.netconf_get_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<data/>" in recv_xml:
|
||
|
if state == "present":
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
xml_str = recv_xml.replace('\r', '').replace('\n', '').\
|
||
|
replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
|
||
|
replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
|
||
|
|
||
|
root = ElementTree.fromstring(xml_str)
|
||
|
group_info = root.findall("snmp/snmpv3Groups/snmpv3Group")
|
||
|
if group_info:
|
||
|
for tmp in group_info:
|
||
|
tmp_dict = dict()
|
||
|
for site in tmp:
|
||
|
if site.tag in ["groupName", "securityLevel", "readViewName", "writeViewName",
|
||
|
"notifyViewName", "aclNumber"]:
|
||
|
tmp_dict[site.tag] = site.text
|
||
|
|
||
|
result["group_info"].append(tmp_dict)
|
||
|
|
||
|
if result["group_info"]:
|
||
|
group_name_list = list()
|
||
|
|
||
|
for tmp in result["group_info"]:
|
||
|
if "groupName" in tmp.keys():
|
||
|
group_name_list.append(tmp["groupName"])
|
||
|
if group_name not in group_name_list:
|
||
|
if state == "present":
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
need_cfg = False
|
||
|
else:
|
||
|
need_cfg_bool = True
|
||
|
for tmp in result["group_info"]:
|
||
|
if tmp["groupName"] == group_name:
|
||
|
|
||
|
cfg_bool_list = list()
|
||
|
|
||
|
if security_level:
|
||
|
if "securityLevel" in tmp.keys():
|
||
|
need_cfg_group = False
|
||
|
if tmp["securityLevel"] != security_level:
|
||
|
need_cfg_group = True
|
||
|
else:
|
||
|
need_cfg_group = True
|
||
|
|
||
|
cfg_bool_list.append(need_cfg_group)
|
||
|
|
||
|
if acl_number:
|
||
|
if "aclNumber" in tmp.keys():
|
||
|
need_cfg_acl = False
|
||
|
if tmp["aclNumber"] != acl_number:
|
||
|
need_cfg_acl = True
|
||
|
else:
|
||
|
need_cfg_acl = True
|
||
|
|
||
|
cfg_bool_list.append(need_cfg_acl)
|
||
|
|
||
|
if read_view:
|
||
|
if "readViewName" in tmp.keys():
|
||
|
need_cfg_read = False
|
||
|
if tmp["readViewName"] != read_view:
|
||
|
need_cfg_read = True
|
||
|
else:
|
||
|
need_cfg_read = True
|
||
|
cfg_bool_list.append(need_cfg_read)
|
||
|
|
||
|
if write_view:
|
||
|
if "writeViewName" in tmp.keys():
|
||
|
need_cfg_write = False
|
||
|
if tmp["writeViewName"] != write_view:
|
||
|
need_cfg_write = True
|
||
|
else:
|
||
|
need_cfg_write = True
|
||
|
cfg_bool_list.append(need_cfg_write)
|
||
|
|
||
|
if notify_view:
|
||
|
if "notifyViewName" in tmp.keys():
|
||
|
need_cfg_notify = False
|
||
|
if tmp["notifyViewName"] != notify_view:
|
||
|
need_cfg_notify = True
|
||
|
else:
|
||
|
need_cfg_notify = True
|
||
|
cfg_bool_list.append(need_cfg_notify)
|
||
|
|
||
|
if True not in cfg_bool_list:
|
||
|
need_cfg_bool = False
|
||
|
|
||
|
if state == "present":
|
||
|
if not need_cfg_bool:
|
||
|
need_cfg = False
|
||
|
else:
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
if not need_cfg_bool:
|
||
|
need_cfg = True
|
||
|
else:
|
||
|
need_cfg = False
|
||
|
|
||
|
result["need_cfg"] = need_cfg
|
||
|
return result
|
||
|
|
||
|
def merge_snmp_community(self, **kwargs):
|
||
|
""" Merge snmp community operation """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
community_name = module.params['community_name']
|
||
|
access_right = module.params['access_right']
|
||
|
acl_number = module.params['acl_number']
|
||
|
community_mib_view = module.params['community_mib_view']
|
||
|
|
||
|
conf_str = CE_MERGE_SNMP_COMMUNITY_HEADER % (
|
||
|
community_name, access_right)
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber>%s</aclNumber>" % acl_number
|
||
|
if community_mib_view:
|
||
|
conf_str += "<mibViewName>%s</mibViewName>" % community_mib_view
|
||
|
|
||
|
conf_str += CE_MERGE_SNMP_COMMUNITY_TAIL
|
||
|
|
||
|
recv_xml = self.netconf_set_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<ok/>" not in recv_xml:
|
||
|
module.fail_json(msg='Error: Merge snmp community failed.')
|
||
|
|
||
|
community_safe_name = "******"
|
||
|
|
||
|
cmd = "snmp-agent community %s %s" % (access_right, community_safe_name)
|
||
|
|
||
|
if acl_number:
|
||
|
cmd += " acl %s" % acl_number
|
||
|
if community_mib_view:
|
||
|
cmd += " mib-view %s" % community_mib_view
|
||
|
|
||
|
return cmd
|
||
|
|
||
|
def create_snmp_community(self, **kwargs):
|
||
|
""" Create snmp community operation """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
community_name = module.params['community_name']
|
||
|
access_right = module.params['access_right']
|
||
|
acl_number = module.params['acl_number']
|
||
|
community_mib_view = module.params['community_mib_view']
|
||
|
|
||
|
conf_str = CE_CREATE_SNMP_COMMUNITY_HEADER % (
|
||
|
community_name, access_right)
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber>%s</aclNumber>" % acl_number
|
||
|
if community_mib_view:
|
||
|
conf_str += "<mibViewName>%s</mibViewName>" % community_mib_view
|
||
|
|
||
|
conf_str += CE_CREATE_SNMP_COMMUNITY_TAIL
|
||
|
|
||
|
recv_xml = self.netconf_set_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<ok/>" not in recv_xml:
|
||
|
module.fail_json(msg='Error: Create snmp community failed.')
|
||
|
|
||
|
community_safe_name = "******"
|
||
|
|
||
|
cmd = "snmp-agent community %s %s" % (access_right, community_safe_name)
|
||
|
|
||
|
if acl_number:
|
||
|
cmd += " acl %s" % acl_number
|
||
|
if community_mib_view:
|
||
|
cmd += " mib-view %s" % community_mib_view
|
||
|
|
||
|
return cmd
|
||
|
|
||
|
def delete_snmp_community(self, **kwargs):
|
||
|
""" Delete snmp community operation """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
community_name = module.params['community_name']
|
||
|
access_right = module.params['access_right']
|
||
|
acl_number = module.params['acl_number']
|
||
|
community_mib_view = module.params['community_mib_view']
|
||
|
|
||
|
conf_str = CE_DELETE_SNMP_COMMUNITY_HEADER % (
|
||
|
community_name, access_right)
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber>%s</aclNumber>" % acl_number
|
||
|
if community_mib_view:
|
||
|
conf_str += "<mibViewName>%s</mibViewName>" % community_mib_view
|
||
|
|
||
|
conf_str += CE_DELETE_SNMP_COMMUNITY_TAIL
|
||
|
|
||
|
recv_xml = self.netconf_set_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<ok/>" not in recv_xml:
|
||
|
module.fail_json(msg='Error: Create snmp community failed.')
|
||
|
|
||
|
community_safe_name = "******"
|
||
|
cmd = "undo snmp-agent community %s %s" % (
|
||
|
access_right, community_safe_name)
|
||
|
|
||
|
return cmd
|
||
|
|
||
|
def merge_snmp_v3_group(self, **kwargs):
|
||
|
""" Merge snmp v3 group operation """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
group_name = module.params['group_name']
|
||
|
security_level = module.params['security_level']
|
||
|
acl_number = module.params['acl_number']
|
||
|
read_view = module.params['read_view']
|
||
|
write_view = module.params['write_view']
|
||
|
notify_view = module.params['notify_view']
|
||
|
|
||
|
conf_str = CE_MERGE_SNMP_V3_GROUP_HEADER % (group_name, security_level)
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber>%s</aclNumber>" % acl_number
|
||
|
if read_view:
|
||
|
conf_str += "<readViewName>%s</readViewName>" % read_view
|
||
|
if write_view:
|
||
|
conf_str += "<writeViewName>%s</writeViewName>" % write_view
|
||
|
if notify_view:
|
||
|
conf_str += "<notifyViewName>%s</notifyViewName>" % notify_view
|
||
|
conf_str += CE_MERGE_SNMP_V3_GROUP_TAIL
|
||
|
|
||
|
recv_xml = self.netconf_set_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<ok/>" not in recv_xml:
|
||
|
module.fail_json(msg='Error: Merge snmp v3 group failed.')
|
||
|
|
||
|
if security_level == "noAuthNoPriv":
|
||
|
security_level_cli = "noauthentication"
|
||
|
elif security_level == "authentication":
|
||
|
security_level_cli = "authentication"
|
||
|
elif security_level == "privacy":
|
||
|
security_level_cli = "privacy"
|
||
|
|
||
|
cmd = "snmp-agent group v3 %s %s" % (group_name, security_level_cli)
|
||
|
|
||
|
if read_view:
|
||
|
cmd += " read-view %s" % read_view
|
||
|
if write_view:
|
||
|
cmd += " write-view %s" % write_view
|
||
|
if notify_view:
|
||
|
cmd += " notify-view %s" % notify_view
|
||
|
if acl_number:
|
||
|
cmd += " acl %s" % acl_number
|
||
|
|
||
|
return cmd
|
||
|
|
||
|
def create_snmp_v3_group(self, **kwargs):
|
||
|
""" Create snmp v3 group operation """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
group_name = module.params['group_name']
|
||
|
security_level = module.params['security_level']
|
||
|
acl_number = module.params['acl_number']
|
||
|
read_view = module.params['read_view']
|
||
|
write_view = module.params['write_view']
|
||
|
notify_view = module.params['notify_view']
|
||
|
|
||
|
conf_str = CE_CREATE_SNMP_V3_GROUP_HEADER % (
|
||
|
group_name, security_level)
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber>%s</aclNumber>" % acl_number
|
||
|
if read_view:
|
||
|
conf_str += "<readViewName>%s</readViewName>" % read_view
|
||
|
if write_view:
|
||
|
conf_str += "<writeViewName>%s</writeViewName>" % write_view
|
||
|
if notify_view:
|
||
|
conf_str += "<notifyViewName>%s</notifyViewName>" % notify_view
|
||
|
conf_str += CE_CREATE_SNMP_V3_GROUP_TAIL
|
||
|
|
||
|
recv_xml = self.netconf_set_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<ok/>" not in recv_xml:
|
||
|
module.fail_json(msg='Error: Create snmp v3 group failed.')
|
||
|
|
||
|
if security_level == "noAuthNoPriv":
|
||
|
security_level_cli = "noauthentication"
|
||
|
elif security_level == "authentication":
|
||
|
security_level_cli = "authentication"
|
||
|
elif security_level == "privacy":
|
||
|
security_level_cli = "privacy"
|
||
|
|
||
|
cmd = "snmp-agent group v3 %s %s" % (group_name, security_level_cli)
|
||
|
|
||
|
if read_view:
|
||
|
cmd += " read-view %s" % read_view
|
||
|
if write_view:
|
||
|
cmd += " write-view %s" % write_view
|
||
|
if notify_view:
|
||
|
cmd += " notify-view %s" % notify_view
|
||
|
if acl_number:
|
||
|
cmd += " acl %s" % acl_number
|
||
|
|
||
|
return cmd
|
||
|
|
||
|
def delete_snmp_v3_group(self, **kwargs):
|
||
|
""" Delete snmp v3 group operation """
|
||
|
|
||
|
module = kwargs["module"]
|
||
|
group_name = module.params['group_name']
|
||
|
security_level = module.params['security_level']
|
||
|
acl_number = module.params['acl_number']
|
||
|
read_view = module.params['read_view']
|
||
|
write_view = module.params['write_view']
|
||
|
notify_view = module.params['notify_view']
|
||
|
|
||
|
conf_str = CE_DELETE_SNMP_V3_GROUP_HEADER % (
|
||
|
group_name, security_level)
|
||
|
if acl_number:
|
||
|
conf_str += "<aclNumber>%s</aclNumber>" % acl_number
|
||
|
if read_view:
|
||
|
conf_str += "<readViewName>%s</readViewName>" % read_view
|
||
|
if write_view:
|
||
|
conf_str += "<writeViewName>%s</writeViewName>" % write_view
|
||
|
if notify_view:
|
||
|
conf_str += "<notifyViewName>%s</notifyViewName>" % notify_view
|
||
|
conf_str += CE_DELETE_SNMP_V3_GROUP_TAIL
|
||
|
|
||
|
recv_xml = self.netconf_set_config(module=module, conf_str=conf_str)
|
||
|
|
||
|
if "<ok/>" not in recv_xml:
|
||
|
module.fail_json(msg='Error: Delete snmp v3 group failed.')
|
||
|
|
||
|
if security_level == "noAuthNoPriv":
|
||
|
security_level_cli = "noauthentication"
|
||
|
elif security_level == "authentication":
|
||
|
security_level_cli = "authentication"
|
||
|
elif security_level == "privacy":
|
||
|
security_level_cli = "privacy"
|
||
|
|
||
|
cmd = "undo snmp-agent group v3 %s %s" % (
|
||
|
group_name, security_level_cli)
|
||
|
|
||
|
return cmd
|
||
|
|
||
|
|
||
|
def main():
|
||
|
""" main function """
|
||
|
|
||
|
argument_spec = dict(
|
||
|
state=dict(choices=['present', 'absent'], default='present'),
|
||
|
acl_number=dict(type='str'),
|
||
|
community_name=dict(type='str', no_log=True),
|
||
|
access_right=dict(choices=['read', 'write']),
|
||
|
community_mib_view=dict(type='str'),
|
||
|
group_name=dict(type='str'),
|
||
|
security_level=dict(
|
||
|
choices=['noAuthNoPriv', 'authentication', 'privacy']),
|
||
|
read_view=dict(type='str'),
|
||
|
write_view=dict(type='str'),
|
||
|
notify_view=dict(type='str')
|
||
|
)
|
||
|
|
||
|
argument_spec.update(ce_argument_spec)
|
||
|
required_together = [("community_name", "access_right"), ("security_level", "group_name")]
|
||
|
module = AnsibleModule(
|
||
|
argument_spec=argument_spec,
|
||
|
required_together=required_together,
|
||
|
supports_check_mode=True
|
||
|
)
|
||
|
|
||
|
changed = False
|
||
|
proposed = dict()
|
||
|
existing = dict()
|
||
|
end_state = dict()
|
||
|
updates = []
|
||
|
|
||
|
state = module.params['state']
|
||
|
acl_number = module.params['acl_number']
|
||
|
community_name = module.params['community_name']
|
||
|
community_mib_view = module.params['community_mib_view']
|
||
|
access_right = module.params['access_right']
|
||
|
group_name = module.params['group_name']
|
||
|
security_level = module.params['security_level']
|
||
|
read_view = module.params['read_view']
|
||
|
write_view = module.params['write_view']
|
||
|
notify_view = module.params['notify_view']
|
||
|
|
||
|
snmp_community_obj = SnmpCommunity()
|
||
|
|
||
|
if not snmp_community_obj:
|
||
|
module.fail_json(msg='Error: Init module failed.')
|
||
|
|
||
|
snmp_community_rst = snmp_community_obj.check_snmp_community_args(
|
||
|
module=module)
|
||
|
snmp_v3_group_rst = snmp_community_obj.check_snmp_v3_group_args(
|
||
|
module=module)
|
||
|
|
||
|
# get proposed
|
||
|
proposed["state"] = state
|
||
|
if acl_number:
|
||
|
proposed["acl_number"] = acl_number
|
||
|
if community_name:
|
||
|
proposed["community_name"] = community_name
|
||
|
if community_mib_view:
|
||
|
proposed["community_mib_view"] = community_mib_view
|
||
|
if access_right:
|
||
|
proposed["access_right"] = access_right
|
||
|
if group_name:
|
||
|
proposed["group_name"] = group_name
|
||
|
if security_level:
|
||
|
proposed["security_level"] = security_level
|
||
|
if read_view:
|
||
|
proposed["read_view"] = read_view
|
||
|
if write_view:
|
||
|
proposed["write_view"] = write_view
|
||
|
if notify_view:
|
||
|
proposed["notify_view"] = notify_view
|
||
|
|
||
|
# state exist snmp community config
|
||
|
exist_tmp = dict()
|
||
|
for item in snmp_community_rst:
|
||
|
if item != "need_cfg":
|
||
|
exist_tmp[item] = snmp_community_rst[item]
|
||
|
|
||
|
if exist_tmp:
|
||
|
existing["snmp community"] = exist_tmp
|
||
|
# state exist snmp v3 group config
|
||
|
exist_tmp = dict()
|
||
|
for item in snmp_v3_group_rst:
|
||
|
if item != "need_cfg":
|
||
|
exist_tmp[item] = snmp_v3_group_rst[item]
|
||
|
|
||
|
if exist_tmp:
|
||
|
existing["snmp v3 group"] = exist_tmp
|
||
|
|
||
|
if state == "present":
|
||
|
if snmp_community_rst["need_cfg"]:
|
||
|
if len(snmp_community_rst["community_info"]) != 0:
|
||
|
cmd = snmp_community_obj.merge_snmp_community(module=module)
|
||
|
changed = True
|
||
|
updates.append(cmd)
|
||
|
else:
|
||
|
cmd = snmp_community_obj.create_snmp_community(module=module)
|
||
|
changed = True
|
||
|
updates.append(cmd)
|
||
|
|
||
|
if snmp_v3_group_rst["need_cfg"]:
|
||
|
if len(snmp_v3_group_rst["group_info"]):
|
||
|
cmd = snmp_community_obj.merge_snmp_v3_group(module=module)
|
||
|
changed = True
|
||
|
updates.append(cmd)
|
||
|
else:
|
||
|
cmd = snmp_community_obj.create_snmp_v3_group(module=module)
|
||
|
changed = True
|
||
|
updates.append(cmd)
|
||
|
|
||
|
else:
|
||
|
if snmp_community_rst["need_cfg"]:
|
||
|
cmd = snmp_community_obj.delete_snmp_community(module=module)
|
||
|
changed = True
|
||
|
updates.append(cmd)
|
||
|
if snmp_v3_group_rst["need_cfg"]:
|
||
|
cmd = snmp_community_obj.delete_snmp_v3_group(module=module)
|
||
|
changed = True
|
||
|
updates.append(cmd)
|
||
|
|
||
|
# state end snmp community config
|
||
|
snmp_community_rst = snmp_community_obj.check_snmp_community_args(
|
||
|
module=module)
|
||
|
end_tmp = dict()
|
||
|
for item in snmp_community_rst:
|
||
|
if item != "need_cfg":
|
||
|
end_tmp[item] = snmp_community_rst[item]
|
||
|
end_tmp[item] = snmp_community_rst[item]
|
||
|
if end_tmp:
|
||
|
end_state["snmp community"] = end_tmp
|
||
|
# state end snmp v3 group config
|
||
|
snmp_v3_group_rst = snmp_community_obj.check_snmp_v3_group_args(
|
||
|
module=module)
|
||
|
end_tmp = dict()
|
||
|
for item in snmp_v3_group_rst:
|
||
|
if item != "need_cfg":
|
||
|
end_tmp[item] = snmp_v3_group_rst[item]
|
||
|
if end_tmp:
|
||
|
end_state["snmp v3 group"] = end_tmp
|
||
|
|
||
|
results = dict()
|
||
|
results['proposed'] = proposed
|
||
|
results['existing'] = existing
|
||
|
results['changed'] = changed
|
||
|
results['end_state'] = end_state
|
||
|
results['updates'] = updates
|
||
|
|
||
|
module.exit_json(**results)
|
||
|
|
||
|
|
||
|
if __name__ == '__main__':
|
||
|
main()
|