diff --git a/lib/ansible/module_utils/mlnxos.py b/lib/ansible/module_utils/mlnxos.py
index 334312f0c2..819eb904b2 100644
--- a/lib/ansible/module_utils/mlnxos.py
+++ b/lib/ansible/module_utils/mlnxos.py
@@ -20,7 +20,7 @@
from ansible.module_utils._text import to_text
from ansible.module_utils.basic import env_fallback
-from ansible.module_utils.connection import Connection
+from ansible.module_utils.connection import Connection, ConnectionError
from ansible.module_utils.network_common import to_list, EntityCollection
_DEVICE_CONFIGS = {}
@@ -85,3 +85,18 @@ def run_commands(module, commands, check_rc=True):
responses.append(to_text(out, errors='surrogate_then_replace'))
return responses
+
+
+def get_config(module, source='running'):
+ conn = get_connection(module)
+ out = conn.get_config(source)
+ cfg = to_text(out, errors='surrogate_then_replace').strip()
+ return cfg
+
+
+def load_config(module, config):
+ try:
+ conn = get_connection(module)
+ conn.edit_config(config)
+ except ConnectionError as exc:
+ module.fail_json(msg=to_text(exc))
diff --git a/lib/ansible/modules/network/mlnxos/mlnxos_config.py b/lib/ansible/modules/network/mlnxos/mlnxos_config.py
new file mode 100644
index 0000000000..578e654d22
--- /dev/null
+++ b/lib/ansible/modules/network/mlnxos/mlnxos_config.py
@@ -0,0 +1,256 @@
+#!/usr/bin/python
+#
+# Copyright: Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: mlnxos_config
+extends_documentation_fragment: mlnxos
+version_added: "2.5"
+author: "Alex Tabachnik (@atabachnik), Samer Deeb (@samerd)"
+short_description: Manage Mellanox MLNX-OS configuration sections
+description:
+ - Mellanox MLNX-OS configurations uses a simple block indent file syntax
+ for segmenting configuration into sections. This module provides
+ an implementation for working with MLNXOS configuration sections in
+ a deterministic way.
+options:
+ lines:
+ description:
+ - The ordered set of commands that should be configured in the
+ section. The commands must be the exact same commands as found
+ in the device running-config. Be sure to note the configuration
+ command syntax as some commands are automatically modified by the
+ device config parser.
+ required: false
+ default: null
+ aliases: ['commands']
+ parents:
+ description:
+ - The ordered set of parents that uniquely identify the section
+ the commands should be checked against. If the parents argument
+ is omitted, the commands are checked against the set of top
+ level or global commands.
+ required: false
+ default: null
+ src:
+ description:
+ - Specifies the source path to the file that contains the configuration
+ or configuration template to load. The path to the source file can
+ either be the full path on the Ansible control host or a relative
+ path from the playbook or role root directory. This argument is mutually
+ exclusive with I(lines).
+ required: false
+ default: null
+ before:
+ description:
+ - The ordered set of commands to push on to the command stack if
+ a change needs to be made. This allows the playbook designer
+ the opportunity to perform configuration commands prior to pushing
+ any changes without affecting how the set of commands are matched
+ against the system.
+ required: false
+ default: null
+ after:
+ description:
+ - The ordered set of commands to append to the end of the command
+ stack if a change needs to be made. Just like with I(before) this
+ allows the playbook designer to append a set of commands to be
+ executed after the command set.
+ required: false
+ default: null
+ match:
+ description:
+ - Instructs the module on the way to perform the matching of
+ the set of commands against the current device config. If
+ match is set to I(line), commands are matched line by line. If
+ match is set to I(strict), command lines are matched with respect
+ to position. If match is set to I(exact), command lines
+ must be an equal match. Finally, if match is set to I(none), the
+ module will not attempt to compare the source configuration with
+ the running configuration on the remote device.
+ required: false
+ default: line
+ choices: ['line', 'strict', 'exact', 'none']
+ replace:
+ description:
+ - Instructs the module on the way to perform the configuration
+ on the device. If the replace argument is set to I(line) then
+ the modified lines are pushed to the device in configuration
+ mode. If the replace argument is set to I(block) then the entire
+ command block is pushed to the device in configuration mode if any
+ line is not correct
+ required: false
+ default: line
+ choices: ['line', 'block']
+ backup:
+ description:
+ - This argument will cause the module to create a full backup of
+ the current C(running-config) from the remote device before any
+ changes are made. The backup file is written to the C(backup)
+ folder in the playbook root directory. If the directory does not
+ exist, it is created.
+ required: false
+ default: no
+ choices: ['yes', 'no']
+ config:
+ description:
+ - The C(config) argument allows the playbook designer to supply
+ the base configuration to be used to validate configuration
+ changes necessary. If this argument is provided, the module
+ will not download the running-config from the remote node.
+ required: false
+ default: null
+ save:
+ description:
+ - The C(save) argument instructs the module to save the running-
+ config to the startup-config at the conclusion of the module
+ running. If check mode is specified, this argument is ignored.
+ required: false
+ default: no
+ choices: ['yes', 'no']
+"""
+
+EXAMPLES = """
+# Note: examples below use the following provider dict to handle
+# transport and authentication to the node.
+---
+vars:
+ cli:
+ host: "{{ inventory_hostname }}"
+ username: admin
+ password: admin
+ authorize: yes
+
+---
+- mlnxos_config:
+ lines:
+ - snmp-server community
+ - snmp-server host 10.2.2.2 traps version 2c
+ provider: "{{ cli }}"
+"""
+
+RETURN = """
+updates:
+ description: The set of commands that will be pushed to the remote device
+ returned: always
+ type: list
+ sample: ['...', '...']
+backup_path:
+ description: The full path to the backup file
+ returned: when backup is yes
+ type: string
+ sample: /playbooks/ansible/backup/mlnxos_config.2016-07-16@22:28:34
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.netcfg import NetworkConfig, dumps
+
+from ansible.module_utils.mlnxos import mlnxos_argument_spec, get_config, \
+ load_config, run_commands
+
+
+def get_candidate(module):
+ candidate = NetworkConfig(indent=1)
+ if module.params['src']:
+ candidate.load(module.params['src'])
+ elif module.params['lines']:
+ parents = module.params['parents'] or list()
+ candidate.add(module.params['lines'], parents=parents)
+ return candidate
+
+
+def run(module, result):
+ match = module.params['match']
+ replace = module.params['replace']
+ path = module.params['parents']
+
+ candidate = get_candidate(module)
+ if match != 'none':
+ contents = module.params['config']
+ if not contents:
+ contents = get_config(module)
+ config = NetworkConfig(indent=1, contents=contents)
+ configobjs = candidate.difference(config, path=path, match=match,
+ replace=replace)
+
+ else:
+ configobjs = candidate.items
+
+ if configobjs:
+ commands = dumps(configobjs, 'commands').split('\n')
+
+ if module.params['lines']:
+ if module.params['before']:
+ commands[:0] = module.params['before']
+
+ if module.params['after']:
+ commands.extend(module.params['after'])
+
+ result['updates'] = commands
+
+ # send the configuration commands to the device and merge
+ # them with the current running config
+ if not module.check_mode:
+ load_config(module, commands)
+ result['changed'] = True
+
+ if module.params['save']:
+ if not module.check_mode:
+ run_commands(module, 'configuration write')
+ result['changed'] = True
+
+
+def main():
+ """ main entry point for module execution
+ """
+ argument_spec = dict(
+ src=dict(type='path'),
+
+ lines=dict(aliases=['commands'], type='list'),
+ parents=dict(type='list'),
+
+ before=dict(type='list'),
+ after=dict(type='list'),
+
+ match=dict(default='line', choices=['line', 'strict', 'exact', 'none']),
+ replace=dict(default='line', choices=['line', 'block']),
+
+ config=dict(),
+
+ backup=dict(type='bool', default=False),
+ save=dict(type='bool', default=False),
+ )
+
+ argument_spec.update(mlnxos_argument_spec)
+
+ mutually_exclusive = [('lines', 'src'), ]
+
+ required_if = [('match', 'strict', ['lines']),
+ ('match', 'exact', ['lines']),
+ ('replace', 'block', ['lines'])]
+
+ module = AnsibleModule(argument_spec=argument_spec,
+ mutually_exclusive=mutually_exclusive,
+ required_if=required_if,
+ supports_check_mode=True)
+
+ result = {'changed': False}
+ if module.params['backup']:
+ result['__backup__'] = get_config(module)
+
+ run(module, result)
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/lib/ansible/plugins/action/mlnxos.py b/lib/ansible/plugins/action/mlnxos.py
index c728b81c7a..da4b800ea4 100644
--- a/lib/ansible/plugins/action/mlnxos.py
+++ b/lib/ansible/plugins/action/mlnxos.py
@@ -29,7 +29,6 @@ from ansible.utils.display import Display
from ansible.module_utils.mlnxos import mlnxos_provider_spec
-
try:
from __main__ import display
except ImportError:
@@ -61,6 +60,8 @@ class ActionModule(_ActionModule):
self._play_context.private_key_file
pc.timeout = int(provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT)
pc.become = provider['authorize'] or False
+ if pc.become:
+ pc.become_method = 'enable'
pc.become_pass = provider['auth_pass']
display.vvv('using connection plugin %s' %
diff --git a/lib/ansible/plugins/action/mlnxos_config.py b/lib/ansible/plugins/action/mlnxos_config.py
new file mode 100644
index 0000000000..751f90c7ce
--- /dev/null
+++ b/lib/ansible/plugins/action/mlnxos_config.py
@@ -0,0 +1,111 @@
+#
+# (c) 2017, Red Hat, Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+#
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import re
+import time
+import glob
+
+from ansible.plugins.action.mlnxos import ActionModule as _ActionModule
+from ansible.module_utils._text import to_text
+from ansible.module_utils.six.moves.urllib.parse import urlsplit
+
+PRIVATE_KEYS_RE = re.compile('__.+__')
+
+
+class ActionModule(_ActionModule):
+
+ def run(self, tmp=None, task_vars=None):
+
+ if self._task.args.get('src'):
+ try:
+ self._handle_template()
+ except ValueError as exc:
+ return dict(failed=True, msg=exc.message)
+
+ result = super(ActionModule, self).run(tmp, task_vars)
+
+ if self._task.args.get('backup') and result.get('__backup__'):
+ # User requested backup and no error occurred in module.
+ # NOTE: If there is a parameter error, _backup key may not be in results.
+ filepath = self._write_backup(task_vars['inventory_hostname'],
+ result['__backup__'])
+
+ result['backup_path'] = filepath
+
+ # strip out any keys that have two leading and two trailing
+ # underscore characters
+ for key in result.keys():
+ if PRIVATE_KEYS_RE.match(key):
+ del result[key]
+
+ return result
+
+ def _get_working_path(self):
+ cwd = self._loader.get_basedir()
+ if self._task._role is not None:
+ cwd = self._task._role._role_path
+ return cwd
+
+ def _write_backup(self, host, contents):
+ backup_path = self._get_working_path() + '/backup'
+ if not os.path.exists(backup_path):
+ os.mkdir(backup_path)
+ for fn in glob.glob('%s/%s*' % (backup_path, host)):
+ os.remove(fn)
+ tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time()))
+ filename = '%s/%s_config.%s' % (backup_path, host, tstamp)
+ open(filename, 'w').write(contents)
+ return filename
+
+ def _handle_template(self):
+ src = self._task.args.get('src')
+ working_path = self._get_working_path()
+
+ if os.path.isabs(src) or urlsplit('src').scheme:
+ source = src
+ else:
+ source = self._loader.path_dwim_relative(working_path, 'templates', src)
+ if not source:
+ source = self._loader.path_dwim_relative(working_path, src)
+
+ if not os.path.exists(source):
+ raise ValueError('path specified in src not found')
+
+ try:
+ with open(source, 'r') as f:
+ template_data = to_text(f.read())
+ except IOError:
+ return dict(failed=True, msg='unable to load src file')
+
+ # Create a template search path in the following order:
+ # [working_path, self_role_path, dependent_role_paths, dirname(source)]
+ searchpath = [working_path]
+ if self._task._role is not None:
+ searchpath.append(self._task._role._role_path)
+ if hasattr(self._task, "_block:"):
+ dep_chain = self._task._block.get_dep_chain()
+ if dep_chain is not None:
+ for role in dep_chain:
+ searchpath.append(role._role_path)
+ searchpath.append(os.path.dirname(source))
+ self._templar.environment.loader.searchpath = searchpath
+ self._task.args['src'] = self._templar.template(template_data)
diff --git a/test/units/modules/network/mlnxos/fixtures/mlnxos_config_config.cfg b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_config.cfg
new file mode 100644
index 0000000000..38062a8c74
--- /dev/null
+++ b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_config.cfg
@@ -0,0 +1,115 @@
+##
+## Running database "initial"
+## Generated at 2017/11/28 17:52:08 +0000
+## Hostname: ufm-switch16
+##
+
+##
+## Running-config temporary prefix mode setting
+##
+no cli default prefix-modes enable
+
+##
+## License keys
+##
+ license install 11223344
+
+##
+## MLAG protocol
+##
+ protocol mlag
+
+##
+## Interface Ethernet configuration
+##
+ interface mlag-port-channel 2
+ interface port-channel 1
+ interface ethernet 1/7-1/8 channel-group 1 mode active
+ interface ethernet 1/32 mlag-channel-group 2 mode on
+ interface mlag-port-channel 2 switchport mode hybrid
+ interface mlag-port-channel 2 no shutdown
+
+##
+## LAG configuration
+##
+ lacp
+
+##
+## VLAN configuration
+##
+ vlan 101
+ vlan 4094
+ interface mlag-port-channel 2 switchport access vlan 101
+
+##
+## STP configuration
+##
+no spanning-tree
+
+##
+## L3 configuration
+##
+ ip routing vrf default
+ interface vlan 101
+ interface vlan 4094
+ interface vlan 101 ip address 10.0.0.254 255.255.255.0
+ interface vlan 4094 ip address 10.10.10.1 255.255.255.0
+
+##
+## Other IP configuration
+##
+hostname ufm-switch16
+
+##
+## DCBX PFC configuration
+##
+ dcb priority-flow-control enable force
+ interface ethernet 1/7-1/8 dcb priority-flow-control mode on force
+ interface port-channel 1 dcb priority-flow-control mode on force
+
+##
+## LLDP configuration
+##
+ lldp
+
+##
+## MAGP configuration
+##
+ protocol magp
+ interface vlan 101 magp 102
+ interface vlan 101 magp 102 ip virtual-router address 10.0.0.252
+ interface vlan 101 magp 102 ip virtual-router mac-address 00:00:5E:00:01:01
+
+##
+## MLAG configurations
+##
+ mlag-vip neo-mlag-vip-4094 ip 192.168.1.1 /24 force
+no mlag shutdown
+ mlag system-mac 00:00:5E:00:01:00
+ interface port-channel 1 ipl 1
+ interface vlan 4094 ipl 1 peer-address 10.10.10.2
+
+##
+## AAA remote server configuration
+##
+# ldap bind-password ********
+# radius-server key ********
+# tacacs-server key ********
+
+##
+## Network management configuration
+##
+# web proxy auth basic password ********
+ telnet-server enable
+
+##
+## X.509 certificates configuration
+##
+#
+# Certificate name system-self-signed, ID 51f545df9722387056f674401f510ff56077800b
+# (public-cert config omitted since private-key config is hidden)
+
+##
+## Persistent prefix mode setting
+##
+cli default prefix-modes enable
\ No newline at end of file
diff --git a/test/units/modules/network/mlnxos/fixtures/mlnxos_config_src.cfg b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_src.cfg
new file mode 100644
index 0000000000..2fc2ada110
--- /dev/null
+++ b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_src.cfg
@@ -0,0 +1,3 @@
+no cli default prefix-modes enable
+interface mlag-port-channel 2
+
diff --git a/test/units/modules/network/mlnxos/mlnxos_module.py b/test/units/modules/network/mlnxos/mlnxos_module.py
index fe9f0c000b..48d416a3b9 100644
--- a/test/units/modules/network/mlnxos/mlnxos_module.py
+++ b/test/units/modules/network/mlnxos/mlnxos_module.py
@@ -24,7 +24,6 @@ import os
from units.modules.utils import AnsibleExitJson, AnsibleFailJson, ModuleTestCase
-
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
fixture_data = {}
@@ -49,7 +48,7 @@ def load_fixture(name):
class TestMlnxosModule(ModuleTestCase):
- def execute_module(self, failed=False, changed=False, commands=None, inputs=None, sort=True, defaults=False, transport='cli'):
+ def execute_module(self, failed=False, changed=False, commands=None, is_updates=False, sort=True, transport='cli'):
self.load_fixtures(commands, transport=transport)
@@ -61,10 +60,14 @@ class TestMlnxosModule(ModuleTestCase):
self.assertEqual(result['changed'], changed, result)
if commands is not None:
- if sort:
- self.assertEqual(sorted(commands), sorted(result['commands']), result['commands'])
+ if is_updates:
+ commands_res = result.get('updates')
else:
- self.assertEqual(commands, result['commands'], result['commands'])
+ commands_res = result.get('commands')
+ if sort:
+ self.assertEqual(sorted(commands), sorted(commands_res), commands_res)
+ else:
+ self.assertEqual(commands, commands_res, commands_res)
return result
diff --git a/test/units/modules/network/mlnxos/test_mlnxos_config.py b/test/units/modules/network/mlnxos/test_mlnxos_config.py
new file mode 100644
index 0000000000..243346f48d
--- /dev/null
+++ b/test/units/modules/network/mlnxos/test_mlnxos_config.py
@@ -0,0 +1,113 @@
+#
+# (c) 2016 Red Hat Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible.compat.tests.mock import patch
+from ansible.modules.network.mlnxos import mlnxos_config
+from units.modules.utils import set_module_args
+from .mlnxos_module import TestMlnxosModule, load_fixture
+
+
+class TestMlnxosConfigModule(TestMlnxosModule):
+
+ module = mlnxos_config
+
+ def setUp(self):
+ super(TestMlnxosConfigModule, self).setUp()
+
+ self.mock_get_config = patch('ansible.modules.network.mlnxos.mlnxos_config.get_config')
+ self.get_config = self.mock_get_config.start()
+
+ self.mock_load_config = patch('ansible.modules.network.mlnxos.mlnxos_config.load_config')
+ self.load_config = self.mock_load_config.start()
+
+ self.mock_run_commands = patch('ansible.modules.network.mlnxos.mlnxos_config.run_commands')
+ self.run_commands = self.mock_run_commands.start()
+
+ def tearDown(self):
+ super(TestMlnxosConfigModule, self).tearDown()
+ self.mock_get_config.stop()
+ self.mock_load_config.stop()
+ self.mock_run_commands.stop()
+
+ def load_fixtures(self, commands=None, transport='cli'):
+ config_file = 'mlnxos_config_config.cfg'
+ self.get_config.return_value = load_fixture(config_file)
+ self.load_config.return_value = None
+
+ def test_mlnxos_config_unchanged(self):
+ src = load_fixture('mlnxos_config_config.cfg')
+ set_module_args(dict(src=src))
+ self.execute_module()
+
+ def test_mlnxos_config_src(self):
+ src = load_fixture('mlnxos_config_src.cfg')
+ set_module_args(dict(src=src))
+ commands = [
+ 'interface mlag-port-channel 2']
+ self.execute_module(changed=True, commands=commands, is_updates=True)
+
+ def test_mlnxos_config_backup(self):
+ set_module_args(dict(backup=True))
+ result = self.execute_module()
+ self.assertIn('__backup__', result)
+
+ def test_mlnxos_config_save(self):
+ set_module_args(dict(save='yes'))
+ self.execute_module(changed=True)
+ self.assertEqual(self.run_commands.call_count, 1)
+ self.assertEqual(self.get_config.call_count, 1)
+ self.assertEqual(self.load_config.call_count, 0)
+ args = self.run_commands.call_args[0][1]
+ self.assertIn('configuration write', args)
+
+ def test_mlnxos_config_lines_wo_parents(self):
+ set_module_args(dict(lines=['hostname foo']))
+ commands = ['hostname foo']
+ self.execute_module(changed=True, commands=commands, is_updates=True)
+
+ def test_mlnxos_config_before(self):
+ set_module_args(dict(lines=['hostname foo'], before=['test1', 'test2']))
+ commands = ['test1', 'test2', 'hostname foo']
+ self.execute_module(changed=True, commands=commands, sort=False, is_updates=True)
+
+ def test_mlnxos_config_after(self):
+ set_module_args(dict(lines=['hostname foo'], after=['test1', 'test2']))
+ commands = ['hostname foo', 'test1', 'test2']
+ self.execute_module(changed=True, commands=commands, sort=False, is_updates=True)
+
+ def test_mlnxos_config_before_after(self):
+ set_module_args(dict(lines=['hostname foo'],
+ before=['test1', 'test2'],
+ after=['test3', 'test4']))
+ commands = ['test1', 'test2', 'hostname foo', 'test3', 'test4']
+ self.execute_module(changed=True, commands=commands, sort=False, is_updates=True)
+
+ def test_mlnxos_config_config(self):
+ config = 'hostname localhost'
+ set_module_args(dict(lines=['hostname router'], config=config))
+ commands = ['hostname router']
+ self.execute_module(changed=True, commands=commands, is_updates=True)
+
+ def test_mlnxos_config_match_none(self):
+ lines = ['hostname router']
+ set_module_args(dict(lines=lines, match='none'))
+ self.execute_module(changed=True, commands=lines, is_updates=True)