diff --git a/lib/ansible/modules/network/cloudengine/ce_vxlan_global.py b/lib/ansible/modules/network/cloudengine/ce_vxlan_global.py
new file mode 100644
index 0000000000..7dd1fed8e0
--- /dev/null
+++ b/lib/ansible/modules/network/cloudengine/ce_vxlan_global.py
@@ -0,0 +1,562 @@
+#!/usr/bin/python
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+
+ANSIBLE_METADATA = {'status': ['preview'],
+ 'supported_by': 'community',
+ 'metadata_version': '1.0'}
+
+DOCUMENTATION = """
+---
+module: ce_vxlan_global
+version_added: "2.4"
+short_description: Manages global attributes of VXLAN and bridge domain on HUAWEI CloudEngine devices.
+description:
+ - Manages global attributes of VXLAN and bridge domain on HUAWEI CloudEngine devices.
+author: QijunPan (@CloudEngine-Ansible)
+options:
+ bridge_domain_id:
+ description:
+ - Specifies a bridge domain ID.
+ The value is an integer ranging from 1 to 16777215.
+ required: false
+ default: null
+ tunnel_mode_vxlan:
+ description:
+ - Set the tunnel mode to VXLAN when configuring the VXLAN feature.
+ required: false
+ choices: ['enable', 'disable']
+ default: null
+ nvo3_prevent_loops:
+ description:
+ - Loop prevention of VXLAN traffic in non-enhanced mode.
+ When the device works in non-enhanced mode,
+ inter-card forwarding of VXLAN traffic may result in loops.
+ required: false
+ choices: ['enable', 'disable']
+ default: null
+ nvo3_acl_extend:
+ description:
+ - Enabling or disabling the VXLAN ACL extension function.
+ required: false
+ choices: ['enable', 'disable']
+ default: null
+ nvo3_gw_enhanced:
+ description:
+ - Configuring the Layer 3 VXLAN Gateway to Work in Non-loopback Mode.
+ required: false
+ choices: ['l2', 'l3']
+ default: null
+ nvo3_service_extend:
+ description:
+ - Enabling or disabling the VXLAN service extension function.
+ required: false
+ choices: ['enable', 'disable']
+ default: null
+ nvo3_eth_trunk_hash:
+ description:
+ - Eth-Trunk from load balancing VXLAN packets in optimized mode.
+ required: false
+ choices: ['enable','disable']
+ default: null
+ nvo3_ecmp_hash:
+ description:
+ - Load balancing of VXLAN packets through ECMP in optimized mode.
+ required: false
+ choices: ['enable', 'disable']
+ default: null
+ state:
+ description:
+ - Determines whether the config should be present or not
+ on the device.
+ required: false
+ default: present
+ choices: ['present', 'absent']
+"""
+
+EXAMPLES = '''
+- name: vxlan global module test
+ hosts: ce128
+ connection: local
+ gather_facts: no
+ vars:
+ cli:
+ host: "{{ inventory_hostname }}"
+ port: "{{ ansible_ssh_port }}"
+ username: "{{ username }}"
+ password: "{{ password }}"
+ transport: cli
+
+ tasks:
+
+ - name: Create bridge domain and set tunnel mode to VXLAN
+ ce_vxlan_global:
+ bridge_domain_id: 100
+ nvo3_acl_extend: enable
+ provider: "{{ cli }}"
+'''
+
+RETURN = '''
+proposed:
+ description: k/v pairs of parameters passed into module
+ returned: verbose mode
+ type: dict
+ sample: {"bridge_domain_id": "100", "nvo3_acl_extend": "enable", state="present"}
+existing:
+ description: k/v pairs of existing configuration
+ returned: verbose mode
+ type: dict
+ sample: {"bridge_domain": {"80", "90"}, "nvo3_acl_extend": "disable"}
+end_state:
+ description: k/v pairs of configuration after module execution
+ returned: verbose mode
+ type: dict
+ sample: {"bridge_domain_id": {"80", "90", "100"}, "nvo3_acl_extend": "enable"}
+updates:
+ description: commands sent to the device
+ returned: always
+ type: list
+ sample: ["bridge-domain 100",
+ "ip tunnel mode vxlan"]
+changed:
+ description: check to see if a change was made on the device
+ returned: always
+ type: boolean
+ sample: true
+'''
+
+import re
+from xml.etree import ElementTree
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ce import get_config, load_config, get_nc_config
+from ansible.module_utils.ce import ce_argument_spec
+
+
+CE_NC_GET_BRIDGE_DOMAIN = """
+
+
+
+
+
+
+
+
+
+"""
+
+
+def is_config_exist(cmp_cfg, test_cfg):
+ """is configuration exist?"""
+
+ if not cmp_cfg or not test_cfg:
+ return False
+
+ return bool(test_cfg in cmp_cfg)
+
+
+def get_nvo3_gw_enhanced(cmp_cfg):
+ """get the Layer 3 VXLAN Gateway to Work in Non-loopback Mode """
+
+ get = re.findall(
+ r"assign forward nvo3-gateway enhanced (l[2|3])", cmp_cfg)
+ if not get:
+ return None
+ else:
+ return get[0]
+
+
+class VxlanGlobal(object):
+ """
+ Manages global attributes of VXLAN and bridge domain.
+ """
+
+ def __init__(self, argument_spec):
+ self.spec = argument_spec
+ self.module = None
+ self.init_module()
+
+ # module input info
+ self.tunnel_mode_vxlan = self.module.params['tunnel_mode_vxlan']
+ self.nvo3_prevent_loops = self.module.params['nvo3_prevent_loops']
+ self.nvo3_acl_extend = self.module.params['nvo3_acl_extend']
+ self.nvo3_gw_enhanced = self.module.params['nvo3_gw_enhanced']
+ self.nvo3_service_extend = self.module.params['nvo3_service_extend']
+ self.nvo3_eth_trunk_hash = self.module.params['nvo3_eth_trunk_hash']
+ self.nvo3_ecmp_hash = self.module.params['nvo3_ecmp_hash']
+ self.bridge_domain_id = self.module.params['bridge_domain_id']
+ self.state = self.module.params['state']
+
+ # state
+ self.config = "" # current config
+ self.bd_info = list()
+ self.changed = False
+ self.updates_cmd = list()
+ self.commands = list()
+ self.results = dict()
+ self.proposed = dict()
+ self.existing = dict()
+ self.end_state = dict()
+
+ def init_module(self):
+ """init module"""
+
+ self.module = AnsibleModule(
+ argument_spec=self.spec, supports_check_mode=True)
+
+ def cli_load_config(self, commands):
+ """load config by cli"""
+
+ if not self.module.check_mode:
+ load_config(self.module, commands)
+
+ def get_current_config(self):
+ """get current configuration"""
+
+ flags = list()
+ exp = " include-default | include vxlan|assign | exclude undo"
+ flags.append(exp)
+ return get_config(self.module, flags)
+
+ def cli_add_command(self, command, undo=False):
+ """add command to self.update_cmd and self.commands"""
+
+ if undo and command.lower() not in ["quit", "return"]:
+ cmd = "undo " + command
+ else:
+ cmd = command
+
+ self.commands.append(cmd) # set to device
+ if command.lower() not in ["quit", "return"]:
+ self.updates_cmd.append(cmd) # show updates result
+
+ def get_bd_list(self):
+ """get bridge domain list"""
+
+ bd_info = list()
+ conf_str = CE_NC_GET_BRIDGE_DOMAIN
+ xml_str = get_nc_config(self.module, conf_str)
+ if "" in xml_str:
+ return bd_info
+
+ xml_str = xml_str.replace('\r', '').replace('\n', '').\
+ replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
+ replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
+
+ # get bridge domain info
+ root = ElementTree.fromstring(xml_str)
+ bds = root.findall("data/evc/bds/bd/bdId")
+ if not bds:
+ return bd_info
+
+ for bridge_domain in bds:
+ if bridge_domain.tag == "bdId":
+ bd_info.append(bridge_domain.text)
+
+ return bd_info
+
+ def config_bridge_domain(self):
+ """manage bridge domain"""
+
+ if not self.bridge_domain_id:
+ return
+
+ cmd = "bridge-domain %s" % self.bridge_domain_id
+ exist = self.bridge_domain_id in self.bd_info
+ if self.state == "present":
+ if not exist:
+ self.cli_add_command(cmd)
+ self.cli_add_command("quit")
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ def config_tunnel_mode(self):
+ """config tunnel mode vxlan"""
+
+ # ip tunnel mode vxlan
+ if self.tunnel_mode_vxlan:
+ cmd = "ip tunnel mode vxlan"
+ exist = is_config_exist(self.config, cmd)
+ if self.tunnel_mode_vxlan == "enable":
+ if not exist:
+ self.cli_add_command(cmd)
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ def config_assign_forward(self):
+ """config assign forward command"""
+
+ # [undo] assign forward nvo3-gateway enhanced {l2|l3)
+ if self.nvo3_gw_enhanced:
+ cmd = "assign forward nvo3-gateway enhanced %s" % self.nvo3_gw_enhanced
+ exist = is_config_exist(self.config, cmd)
+ if self.state == "present":
+ if not exist:
+ self.cli_add_command(cmd)
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ # [undo] assign forward nvo3 f-linecard compatibility enable
+ if self.nvo3_prevent_loops:
+ cmd = "assign forward nvo3 f-linecard compatibility enable"
+ exist = is_config_exist(self.config, cmd)
+ if self.nvo3_prevent_loops == "enable":
+ if not exist:
+ self.cli_add_command(cmd)
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ # [undo] assign forward nvo3 acl extend enable
+ if self.nvo3_acl_extend:
+ cmd = "assign forward nvo3 acl extend enable"
+ exist = is_config_exist(self.config, cmd)
+ if self.nvo3_acl_extend == "enable":
+ if not exist:
+ self.cli_add_command(cmd)
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ # [undo] assign forward nvo3 service extend enable
+ if self.nvo3_service_extend:
+ cmd = "assign forward nvo3 service extend enable"
+ exist = is_config_exist(self.config, cmd)
+ if self.nvo3_service_extend == "enable":
+ if not exist:
+ self.cli_add_command(cmd)
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ # assign forward nvo3 eth-trunk hash {enable|disable}
+ if self.nvo3_eth_trunk_hash:
+ cmd = "assign forward nvo3 eth-trunk hash enable"
+ exist = is_config_exist(self.config, cmd)
+ if self.nvo3_eth_trunk_hash == "enable":
+ if not exist:
+ self.cli_add_command(cmd)
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ # [undo] assign forward nvo3 ecmp hash enable
+ if self.nvo3_ecmp_hash:
+ cmd = "assign forward nvo3 ecmp hash enable"
+ exist = is_config_exist(self.config, cmd)
+ if self.nvo3_ecmp_hash == "enable":
+ if not exist:
+ self.cli_add_command(cmd)
+ else:
+ if exist:
+ self.cli_add_command(cmd, undo=True)
+
+ def check_params(self):
+ """Check all input params"""
+
+ # bridge domain id check
+ if self.bridge_domain_id:
+ if not self.bridge_domain_id.isdigit():
+ self.module.fail_json(
+ msg="Error: bridge domain id is not digit.")
+ if int(self.bridge_domain_id) < 1 or int(self.bridge_domain_id) > 16777215:
+ self.module.fail_json(
+ msg="Error: bridge domain id is not in the range from 1 to 16777215.")
+
+ def get_proposed(self):
+ """get proposed info"""
+
+ if self.tunnel_mode_vxlan:
+ self.proposed["tunnel_mode_vxlan"] = self.tunnel_mode_vxlan
+ if self.nvo3_prevent_loops:
+ self.proposed["nvo3_prevent_loops"] = self.nvo3_prevent_loops
+ if self.nvo3_acl_extend:
+ self.proposed["nvo3_acl_extend"] = self.nvo3_acl_extend
+ if self.nvo3_gw_enhanced:
+ self.proposed["nvo3_gw_enhanced"] = self.nvo3_gw_enhanced
+ if self.nvo3_service_extend:
+ self.proposed["nvo3_service_extend"] = self.nvo3_service_extend
+ if self.nvo3_eth_trunk_hash:
+ self.proposed["nvo3_eth_trunk_hash"] = self.nvo3_eth_trunk_hash
+ if self.nvo3_ecmp_hash:
+ self.proposed["nvo3_ecmp_hash"] = self.nvo3_ecmp_hash
+ if self.bridge_domain_id:
+ self.proposed["bridge_domain_id"] = self.bridge_domain_id
+ self.proposed["state"] = self.state
+
+ def get_existing(self):
+ """get existing info"""
+
+ self.existing["bridge_domain"] = self.bd_info
+
+ cmd = "ip tunnel mode vxlan"
+ exist = is_config_exist(self.config, cmd)
+ if exist:
+ self.existing["tunnel_mode_vxlan"] = "enable"
+ else:
+ self.existing["tunnel_mode_vxlan"] = "disable"
+
+ cmd = "assign forward nvo3 f-linecard compatibility enable"
+ exist = is_config_exist(self.config, cmd)
+ if exist:
+ self.existing["nvo3_prevent_loops"] = "enable"
+ else:
+ self.existing["nvo3_prevent_loops"] = "disable"
+
+ cmd = "assign forward nvo3 acl extend enable"
+ exist = is_config_exist(self.config, cmd)
+ if exist:
+ self.existing["nvo3_acl_extend"] = "enable"
+ else:
+ self.existing["nvo3_acl_extend"] = "disable"
+
+ self.existing["nvo3_gw_enhanced"] = get_nvo3_gw_enhanced(
+ self.config)
+
+ cmd = "assign forward nvo3 service extend enable"
+ exist = is_config_exist(self.config, cmd)
+ if exist:
+ self.existing["nvo3_service_extend"] = "enable"
+ else:
+ self.existing["nvo3_service_extend"] = "disable"
+
+ cmd = "assign forward nvo3 eth-trunk hash enable"
+ exist = is_config_exist(self.config, cmd)
+ if exist:
+ self.existing["nvo3_eth_trunk_hash"] = "enable"
+ else:
+ self.existing["nvo3_eth_trunk_hash"] = "disable"
+
+ cmd = "assign forward nvo3 ecmp hash enable"
+ exist = is_config_exist(self.config, cmd)
+ if exist:
+ self.existing["nvo3_ecmp_hash"] = "disable"
+ else:
+ self.existing["nvo3_ecmp_hash"] = "disable"
+
+ def get_end_state(self):
+ """get end state info"""
+
+ config = self.get_current_config()
+
+ self.end_state["bridge_domain"] = self.get_bd_list()
+
+ cmd = "ip tunnel mode vxlan"
+ exist = is_config_exist(config, cmd)
+ if exist:
+ self.end_state["tunnel_mode_vxlan"] = "enable"
+ else:
+ self.end_state["tunnel_mode_vxlan"] = "disable"
+
+ cmd = "assign forward nvo3 f-linecard compatibility enable"
+ exist = is_config_exist(config, cmd)
+ if exist:
+ self.end_state["nvo3_prevent_loops"] = "enable"
+ else:
+ self.end_state["nvo3_prevent_loops"] = "disable"
+
+ cmd = "assign forward nvo3 acl extend enable"
+ exist = is_config_exist(config, cmd)
+ if exist:
+ self.end_state["nvo3_acl_extend"] = "enable"
+ else:
+ self.end_state["nvo3_acl_extend"] = "disable"
+
+ self.end_state["nvo3_gw_enhanced"] = get_nvo3_gw_enhanced(config)
+
+ cmd = "assign forward nvo3 service extend enable"
+ exist = is_config_exist(config, cmd)
+ if exist:
+ self.end_state["nvo3_service_extend"] = "enable"
+ else:
+ self.end_state["nvo3_service_extend"] = "disable"
+
+ cmd = "assign forward nvo3 eth-trunk hash enable"
+ exist = is_config_exist(config, cmd)
+ if exist:
+ self.end_state["nvo3_eth_trunk_hash"] = "enable"
+ else:
+ self.end_state["nvo3_eth_trunk_hash"] = "disable"
+
+ cmd = "assign forward nvo3 ecmp hash enable"
+ exist = is_config_exist(config, cmd)
+ if exist:
+ self.end_state["nvo3_ecmp_hash"] = "enable"
+ else:
+ self.end_state["nvo3_ecmp_hash"] = "disable"
+
+ def work(self):
+ """worker"""
+
+ self.check_params()
+ self.config = self.get_current_config()
+ self.bd_info = self.get_bd_list()
+ self.get_existing()
+ self.get_proposed()
+
+ # deal present or absent
+ self.config_bridge_domain()
+ self.config_tunnel_mode()
+ self.config_assign_forward()
+ if self.commands:
+ self.cli_load_config(self.commands)
+ self.changed = True
+
+ self.get_end_state()
+ self.results['changed'] = self.changed
+ self.results['proposed'] = self.proposed
+ self.results['existing'] = self.existing
+ self.results['end_state'] = self.end_state
+ if self.changed:
+ self.results['updates'] = self.updates_cmd
+ else:
+ self.results['updates'] = list()
+
+ self.module.exit_json(**self.results)
+
+
+def main():
+ """Module main"""
+
+ argument_spec = dict(
+ tunnel_mode_vxlan=dict(required=False, type='str',
+ choices=['enable', 'disable']),
+ nvo3_prevent_loops=dict(required=False, type='str',
+ choices=['enable', 'disable']),
+ nvo3_acl_extend=dict(required=False, type='str',
+ choices=['enable', 'disable']),
+ nvo3_gw_enhanced=dict(required=False, type='str',
+ choices=['l2', 'l3']),
+ nvo3_service_extend=dict(required=False, type='str',
+ choices=['enable', 'disable']),
+ nvo3_eth_trunk_hash=dict(required=False, type='str',
+ choices=['enable', 'disable']),
+ nvo3_ecmp_hash=dict(required=False, type='str',
+ choices=['enable', 'disable']),
+ bridge_domain_id=dict(required=False, type='str'),
+ state=dict(required=False, default='present',
+ choices=['present', 'absent'])
+ )
+ argument_spec.update(ce_argument_spec)
+ module = VxlanGlobal(argument_spec)
+ module.work()
+
+
+if __name__ == '__main__':
+ main()