diff --git a/lib/ansible/modules/extras/network/asa/asa_template.py b/lib/ansible/modules/extras/network/asa/asa_template.py new file mode 100644 index 0000000000..9644fa71f8 --- /dev/null +++ b/lib/ansible/modules/extras/network/asa/asa_template.py @@ -0,0 +1,175 @@ +#!/usr/bin/python +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# +DOCUMENTATION = """ +--- +module: asa_template +version_added: "2.2" +author: "Peter Sprygada (@privateip) & Patrick Ogenstad (@ogenstad)" +short_description: Manage Cisco ASA device configurations over SSH +description: + - Manages Cisco ASA network device configurations over SSH. This module + allows implementors to work with the device running-config. It + provides a way to push a set of commands onto a network device + by evaluting the current running-config and only pushing configuration + commands that are not already configured. The config source can + be a set of commands or a template. +extends_documentation_fragment: asa +options: + src: + description: + - The path to the config source. The source can be either a + file with config or a template that will be merged during + runtime. By default the task will first search for the source + file in role or playbook root folder in templates unless a full + path to the file is given. + required: true + force: + description: + - The force argument instructs the module not to consider the + current device running-config. When set to true, this will + cause the module to push the contents of I(src) into the device + without first checking if already configured. + required: false + default: false + choices: [ "true", "false" ] + include_defaults: + description: + - The module, by default, will collect the current device + running-config to use as a base for comparision to the commands + in I(src). Setting this value to true will cause the command + issued to add any necessary flags to collect all defaults as + well as the device configuration. If the destination device + does not support such a flag, this argument is silently ignored. + required: false + default: false + choices: [ "true", "false" ] + backup: + description: + - When this argument is configured true, the module will backup + the running-config from the node prior to making any changes. + The backup file will be written to backup_{{ hostname }} in + the root of the playbook directory. + required: false + default: false + choices: [ "true", "false" ] + config: + description: + - The module, by default, will connect to the remote device and + retrieve the current running-config to use as a base for comparing + against the contents of source. There are times when it is not + desirable to have the task get the current running-config for + every task. The I(config) argument allows the implementer to + pass in the configuruation to use as the base config for + comparision. + required: false + default: null +""" + +EXAMPLES = """ +- name: push a configuration onto the device + asa_template: + host: hostname + username: foo + src: config.j2 + +- name: forceable push a configuration onto the device + asa_template: + host: hostname + username: foo + src: config.j2 + force: yes + +- name: provide the base configuration for comparision + asa_template: + host: hostname + username: foo + src: candidate_config.txt + config: current_config.txt +""" + +RETURN = """ +updates: + description: The set of commands that will be pushed to the remote device + returned: always + type: list + sample: ['...', '...'] + +responses: + description: The set of responses from issuing the commands on the device + retured: when not check_mode + type: list + sample: ['...', '...'] +""" + + +def get_config(module): + config = module.params['config'] or dict() + if not config and not module.params['force']: + config = module.config + return config + + +def main(): + """ main entry point for module execution + """ + + argument_spec = dict( + src=dict(), + force=dict(default=False, type='bool'), + include_defaults=dict(default=True, type='bool'), + backup=dict(default=False, type='bool'), + config=dict(), + ) + + mutually_exclusive = [('config', 'backup'), ('config', 'force')] + + module = get_module(argument_spec=argument_spec, + mutually_exclusive=mutually_exclusive, + supports_check_mode=True) + + result = dict(changed=False) + + candidate = NetworkConfig(contents=module.params['src'], indent=1) + + contents = get_config(module) + if contents: + config = NetworkConfig(contents=contents, indent=1) + result['_backup'] = contents + + if not module.params['force']: + commands = candidate.difference(config) + else: + commands = str(candidate).split('\n') + + if commands: + if not module.check_mode: + commands = [str(c).strip() for c in commands] + response = module.configure(commands) + result['responses'] = response + result['changed'] = True + + result['updates'] = commands + module.exit_json(**result) + + +from ansible.module_utils.basic import * +from ansible.module_utils.shell import * +from ansible.module_utils.netcfg import * +from ansible.module_utils.asa import * +if __name__ == '__main__': + main()