From 717b6e7c1a0772c7cf2e69ccae16ce1d0b2dc97b Mon Sep 17 00:00:00 2001 From: Samer Deeb Date: Fri, 1 Dec 2017 09:03:02 -0800 Subject: [PATCH] Add mlnxos_config module (#33356) * Add new module mlnxos_config Signed-off-by: Samer Deeb * Add unit-test for mlnxos_config module Signed-off-by: Samer Deeb --- lib/ansible/module_utils/mlnxos.py | 17 +- .../modules/network/mlnxos/mlnxos_config.py | 256 ++++++++++++++++++ lib/ansible/plugins/action/mlnxos.py | 3 +- lib/ansible/plugins/action/mlnxos_config.py | 111 ++++++++ .../mlnxos/fixtures/mlnxos_config_config.cfg | 115 ++++++++ .../mlnxos/fixtures/mlnxos_config_src.cfg | 3 + .../modules/network/mlnxos/mlnxos_module.py | 13 +- .../network/mlnxos/test_mlnxos_config.py | 113 ++++++++ 8 files changed, 624 insertions(+), 7 deletions(-) create mode 100644 lib/ansible/modules/network/mlnxos/mlnxos_config.py create mode 100644 lib/ansible/plugins/action/mlnxos_config.py create mode 100644 test/units/modules/network/mlnxos/fixtures/mlnxos_config_config.cfg create mode 100644 test/units/modules/network/mlnxos/fixtures/mlnxos_config_src.cfg create mode 100644 test/units/modules/network/mlnxos/test_mlnxos_config.py diff --git a/lib/ansible/module_utils/mlnxos.py b/lib/ansible/module_utils/mlnxos.py index 334312f0c2..819eb904b2 100644 --- a/lib/ansible/module_utils/mlnxos.py +++ b/lib/ansible/module_utils/mlnxos.py @@ -20,7 +20,7 @@ from ansible.module_utils._text import to_text from ansible.module_utils.basic import env_fallback -from ansible.module_utils.connection import Connection +from ansible.module_utils.connection import Connection, ConnectionError from ansible.module_utils.network_common import to_list, EntityCollection _DEVICE_CONFIGS = {} @@ -85,3 +85,18 @@ def run_commands(module, commands, check_rc=True): responses.append(to_text(out, errors='surrogate_then_replace')) return responses + + +def get_config(module, source='running'): + conn = get_connection(module) + out = conn.get_config(source) + cfg = to_text(out, errors='surrogate_then_replace').strip() + return cfg + + +def load_config(module, config): + try: + conn = get_connection(module) + conn.edit_config(config) + except ConnectionError as exc: + module.fail_json(msg=to_text(exc)) diff --git a/lib/ansible/modules/network/mlnxos/mlnxos_config.py b/lib/ansible/modules/network/mlnxos/mlnxos_config.py new file mode 100644 index 0000000000..578e654d22 --- /dev/null +++ b/lib/ansible/modules/network/mlnxos/mlnxos_config.py @@ -0,0 +1,256 @@ +#!/usr/bin/python +# +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: mlnxos_config +extends_documentation_fragment: mlnxos +version_added: "2.5" +author: "Alex Tabachnik (@atabachnik), Samer Deeb (@samerd)" +short_description: Manage Mellanox MLNX-OS configuration sections +description: + - Mellanox MLNX-OS configurations uses a simple block indent file syntax + for segmenting configuration into sections. This module provides + an implementation for working with MLNXOS configuration sections in + a deterministic way. +options: + lines: + description: + - The ordered set of commands that should be configured in the + section. The commands must be the exact same commands as found + in the device running-config. Be sure to note the configuration + command syntax as some commands are automatically modified by the + device config parser. + required: false + default: null + aliases: ['commands'] + parents: + description: + - The ordered set of parents that uniquely identify the section + the commands should be checked against. If the parents argument + is omitted, the commands are checked against the set of top + level or global commands. + required: false + default: null + src: + description: + - Specifies the source path to the file that contains the configuration + or configuration template to load. The path to the source file can + either be the full path on the Ansible control host or a relative + path from the playbook or role root directory. This argument is mutually + exclusive with I(lines). + required: false + default: null + before: + description: + - The ordered set of commands to push on to the command stack if + a change needs to be made. This allows the playbook designer + the opportunity to perform configuration commands prior to pushing + any changes without affecting how the set of commands are matched + against the system. + required: false + default: null + after: + description: + - The ordered set of commands to append to the end of the command + stack if a change needs to be made. Just like with I(before) this + allows the playbook designer to append a set of commands to be + executed after the command set. + required: false + default: null + match: + description: + - Instructs the module on the way to perform the matching of + the set of commands against the current device config. If + match is set to I(line), commands are matched line by line. If + match is set to I(strict), command lines are matched with respect + to position. If match is set to I(exact), command lines + must be an equal match. Finally, if match is set to I(none), the + module will not attempt to compare the source configuration with + the running configuration on the remote device. + required: false + default: line + choices: ['line', 'strict', 'exact', 'none'] + replace: + description: + - Instructs the module on the way to perform the configuration + on the device. If the replace argument is set to I(line) then + the modified lines are pushed to the device in configuration + mode. If the replace argument is set to I(block) then the entire + command block is pushed to the device in configuration mode if any + line is not correct + required: false + default: line + choices: ['line', 'block'] + backup: + description: + - This argument will cause the module to create a full backup of + the current C(running-config) from the remote device before any + changes are made. The backup file is written to the C(backup) + folder in the playbook root directory. If the directory does not + exist, it is created. + required: false + default: no + choices: ['yes', 'no'] + config: + description: + - The C(config) argument allows the playbook designer to supply + the base configuration to be used to validate configuration + changes necessary. If this argument is provided, the module + will not download the running-config from the remote node. + required: false + default: null + save: + description: + - The C(save) argument instructs the module to save the running- + config to the startup-config at the conclusion of the module + running. If check mode is specified, this argument is ignored. + required: false + default: no + choices: ['yes', 'no'] +""" + +EXAMPLES = """ +# Note: examples below use the following provider dict to handle +# transport and authentication to the node. +--- +vars: + cli: + host: "{{ inventory_hostname }}" + username: admin + password: admin + authorize: yes + +--- +- mlnxos_config: + lines: + - snmp-server community + - snmp-server host 10.2.2.2 traps version 2c + provider: "{{ cli }}" +""" + +RETURN = """ +updates: + description: The set of commands that will be pushed to the remote device + returned: always + type: list + sample: ['...', '...'] +backup_path: + description: The full path to the backup file + returned: when backup is yes + type: string + sample: /playbooks/ansible/backup/mlnxos_config.2016-07-16@22:28:34 +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.netcfg import NetworkConfig, dumps + +from ansible.module_utils.mlnxos import mlnxos_argument_spec, get_config, \ + load_config, run_commands + + +def get_candidate(module): + candidate = NetworkConfig(indent=1) + if module.params['src']: + candidate.load(module.params['src']) + elif module.params['lines']: + parents = module.params['parents'] or list() + candidate.add(module.params['lines'], parents=parents) + return candidate + + +def run(module, result): + match = module.params['match'] + replace = module.params['replace'] + path = module.params['parents'] + + candidate = get_candidate(module) + if match != 'none': + contents = module.params['config'] + if not contents: + contents = get_config(module) + config = NetworkConfig(indent=1, contents=contents) + configobjs = candidate.difference(config, path=path, match=match, + replace=replace) + + else: + configobjs = candidate.items + + if configobjs: + commands = dumps(configobjs, 'commands').split('\n') + + if module.params['lines']: + if module.params['before']: + commands[:0] = module.params['before'] + + if module.params['after']: + commands.extend(module.params['after']) + + result['updates'] = commands + + # send the configuration commands to the device and merge + # them with the current running config + if not module.check_mode: + load_config(module, commands) + result['changed'] = True + + if module.params['save']: + if not module.check_mode: + run_commands(module, 'configuration write') + result['changed'] = True + + +def main(): + """ main entry point for module execution + """ + argument_spec = dict( + src=dict(type='path'), + + lines=dict(aliases=['commands'], type='list'), + parents=dict(type='list'), + + before=dict(type='list'), + after=dict(type='list'), + + match=dict(default='line', choices=['line', 'strict', 'exact', 'none']), + replace=dict(default='line', choices=['line', 'block']), + + config=dict(), + + backup=dict(type='bool', default=False), + save=dict(type='bool', default=False), + ) + + argument_spec.update(mlnxos_argument_spec) + + mutually_exclusive = [('lines', 'src'), ] + + required_if = [('match', 'strict', ['lines']), + ('match', 'exact', ['lines']), + ('replace', 'block', ['lines'])] + + module = AnsibleModule(argument_spec=argument_spec, + mutually_exclusive=mutually_exclusive, + required_if=required_if, + supports_check_mode=True) + + result = {'changed': False} + if module.params['backup']: + result['__backup__'] = get_config(module) + + run(module, result) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/plugins/action/mlnxos.py b/lib/ansible/plugins/action/mlnxos.py index c728b81c7a..da4b800ea4 100644 --- a/lib/ansible/plugins/action/mlnxos.py +++ b/lib/ansible/plugins/action/mlnxos.py @@ -29,7 +29,6 @@ from ansible.utils.display import Display from ansible.module_utils.mlnxos import mlnxos_provider_spec - try: from __main__ import display except ImportError: @@ -61,6 +60,8 @@ class ActionModule(_ActionModule): self._play_context.private_key_file pc.timeout = int(provider['timeout'] or C.PERSISTENT_COMMAND_TIMEOUT) pc.become = provider['authorize'] or False + if pc.become: + pc.become_method = 'enable' pc.become_pass = provider['auth_pass'] display.vvv('using connection plugin %s' % diff --git a/lib/ansible/plugins/action/mlnxos_config.py b/lib/ansible/plugins/action/mlnxos_config.py new file mode 100644 index 0000000000..751f90c7ce --- /dev/null +++ b/lib/ansible/plugins/action/mlnxos_config.py @@ -0,0 +1,111 @@ +# +# (c) 2017, Red Hat, Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os +import re +import time +import glob + +from ansible.plugins.action.mlnxos import ActionModule as _ActionModule +from ansible.module_utils._text import to_text +from ansible.module_utils.six.moves.urllib.parse import urlsplit + +PRIVATE_KEYS_RE = re.compile('__.+__') + + +class ActionModule(_ActionModule): + + def run(self, tmp=None, task_vars=None): + + if self._task.args.get('src'): + try: + self._handle_template() + except ValueError as exc: + return dict(failed=True, msg=exc.message) + + result = super(ActionModule, self).run(tmp, task_vars) + + if self._task.args.get('backup') and result.get('__backup__'): + # User requested backup and no error occurred in module. + # NOTE: If there is a parameter error, _backup key may not be in results. + filepath = self._write_backup(task_vars['inventory_hostname'], + result['__backup__']) + + result['backup_path'] = filepath + + # strip out any keys that have two leading and two trailing + # underscore characters + for key in result.keys(): + if PRIVATE_KEYS_RE.match(key): + del result[key] + + return result + + def _get_working_path(self): + cwd = self._loader.get_basedir() + if self._task._role is not None: + cwd = self._task._role._role_path + return cwd + + def _write_backup(self, host, contents): + backup_path = self._get_working_path() + '/backup' + if not os.path.exists(backup_path): + os.mkdir(backup_path) + for fn in glob.glob('%s/%s*' % (backup_path, host)): + os.remove(fn) + tstamp = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time())) + filename = '%s/%s_config.%s' % (backup_path, host, tstamp) + open(filename, 'w').write(contents) + return filename + + def _handle_template(self): + src = self._task.args.get('src') + working_path = self._get_working_path() + + if os.path.isabs(src) or urlsplit('src').scheme: + source = src + else: + source = self._loader.path_dwim_relative(working_path, 'templates', src) + if not source: + source = self._loader.path_dwim_relative(working_path, src) + + if not os.path.exists(source): + raise ValueError('path specified in src not found') + + try: + with open(source, 'r') as f: + template_data = to_text(f.read()) + except IOError: + return dict(failed=True, msg='unable to load src file') + + # Create a template search path in the following order: + # [working_path, self_role_path, dependent_role_paths, dirname(source)] + searchpath = [working_path] + if self._task._role is not None: + searchpath.append(self._task._role._role_path) + if hasattr(self._task, "_block:"): + dep_chain = self._task._block.get_dep_chain() + if dep_chain is not None: + for role in dep_chain: + searchpath.append(role._role_path) + searchpath.append(os.path.dirname(source)) + self._templar.environment.loader.searchpath = searchpath + self._task.args['src'] = self._templar.template(template_data) diff --git a/test/units/modules/network/mlnxos/fixtures/mlnxos_config_config.cfg b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_config.cfg new file mode 100644 index 0000000000..38062a8c74 --- /dev/null +++ b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_config.cfg @@ -0,0 +1,115 @@ +## +## Running database "initial" +## Generated at 2017/11/28 17:52:08 +0000 +## Hostname: ufm-switch16 +## + +## +## Running-config temporary prefix mode setting +## +no cli default prefix-modes enable + +## +## License keys +## + license install 11223344 + +## +## MLAG protocol +## + protocol mlag + +## +## Interface Ethernet configuration +## + interface mlag-port-channel 2 + interface port-channel 1 + interface ethernet 1/7-1/8 channel-group 1 mode active + interface ethernet 1/32 mlag-channel-group 2 mode on + interface mlag-port-channel 2 switchport mode hybrid + interface mlag-port-channel 2 no shutdown + +## +## LAG configuration +## + lacp + +## +## VLAN configuration +## + vlan 101 + vlan 4094 + interface mlag-port-channel 2 switchport access vlan 101 + +## +## STP configuration +## +no spanning-tree + +## +## L3 configuration +## + ip routing vrf default + interface vlan 101 + interface vlan 4094 + interface vlan 101 ip address 10.0.0.254 255.255.255.0 + interface vlan 4094 ip address 10.10.10.1 255.255.255.0 + +## +## Other IP configuration +## +hostname ufm-switch16 + +## +## DCBX PFC configuration +## + dcb priority-flow-control enable force + interface ethernet 1/7-1/8 dcb priority-flow-control mode on force + interface port-channel 1 dcb priority-flow-control mode on force + +## +## LLDP configuration +## + lldp + +## +## MAGP configuration +## + protocol magp + interface vlan 101 magp 102 + interface vlan 101 magp 102 ip virtual-router address 10.0.0.252 + interface vlan 101 magp 102 ip virtual-router mac-address 00:00:5E:00:01:01 + +## +## MLAG configurations +## + mlag-vip neo-mlag-vip-4094 ip 192.168.1.1 /24 force +no mlag shutdown + mlag system-mac 00:00:5E:00:01:00 + interface port-channel 1 ipl 1 + interface vlan 4094 ipl 1 peer-address 10.10.10.2 + +## +## AAA remote server configuration +## +# ldap bind-password ******** +# radius-server key ******** +# tacacs-server key ******** + +## +## Network management configuration +## +# web proxy auth basic password ******** + telnet-server enable + +## +## X.509 certificates configuration +## +# +# Certificate name system-self-signed, ID 51f545df9722387056f674401f510ff56077800b +# (public-cert config omitted since private-key config is hidden) + +## +## Persistent prefix mode setting +## +cli default prefix-modes enable \ No newline at end of file diff --git a/test/units/modules/network/mlnxos/fixtures/mlnxos_config_src.cfg b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_src.cfg new file mode 100644 index 0000000000..2fc2ada110 --- /dev/null +++ b/test/units/modules/network/mlnxos/fixtures/mlnxos_config_src.cfg @@ -0,0 +1,3 @@ +no cli default prefix-modes enable +interface mlag-port-channel 2 + diff --git a/test/units/modules/network/mlnxos/mlnxos_module.py b/test/units/modules/network/mlnxos/mlnxos_module.py index fe9f0c000b..48d416a3b9 100644 --- a/test/units/modules/network/mlnxos/mlnxos_module.py +++ b/test/units/modules/network/mlnxos/mlnxos_module.py @@ -24,7 +24,6 @@ import os from units.modules.utils import AnsibleExitJson, AnsibleFailJson, ModuleTestCase - fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') fixture_data = {} @@ -49,7 +48,7 @@ def load_fixture(name): class TestMlnxosModule(ModuleTestCase): - def execute_module(self, failed=False, changed=False, commands=None, inputs=None, sort=True, defaults=False, transport='cli'): + def execute_module(self, failed=False, changed=False, commands=None, is_updates=False, sort=True, transport='cli'): self.load_fixtures(commands, transport=transport) @@ -61,10 +60,14 @@ class TestMlnxosModule(ModuleTestCase): self.assertEqual(result['changed'], changed, result) if commands is not None: - if sort: - self.assertEqual(sorted(commands), sorted(result['commands']), result['commands']) + if is_updates: + commands_res = result.get('updates') else: - self.assertEqual(commands, result['commands'], result['commands']) + commands_res = result.get('commands') + if sort: + self.assertEqual(sorted(commands), sorted(commands_res), commands_res) + else: + self.assertEqual(commands, commands_res, commands_res) return result diff --git a/test/units/modules/network/mlnxos/test_mlnxos_config.py b/test/units/modules/network/mlnxos/test_mlnxos_config.py new file mode 100644 index 0000000000..243346f48d --- /dev/null +++ b/test/units/modules/network/mlnxos/test_mlnxos_config.py @@ -0,0 +1,113 @@ +# +# (c) 2016 Red Hat Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +# Make coding more python3-ish +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from ansible.compat.tests.mock import patch +from ansible.modules.network.mlnxos import mlnxos_config +from units.modules.utils import set_module_args +from .mlnxos_module import TestMlnxosModule, load_fixture + + +class TestMlnxosConfigModule(TestMlnxosModule): + + module = mlnxos_config + + def setUp(self): + super(TestMlnxosConfigModule, self).setUp() + + self.mock_get_config = patch('ansible.modules.network.mlnxos.mlnxos_config.get_config') + self.get_config = self.mock_get_config.start() + + self.mock_load_config = patch('ansible.modules.network.mlnxos.mlnxos_config.load_config') + self.load_config = self.mock_load_config.start() + + self.mock_run_commands = patch('ansible.modules.network.mlnxos.mlnxos_config.run_commands') + self.run_commands = self.mock_run_commands.start() + + def tearDown(self): + super(TestMlnxosConfigModule, self).tearDown() + self.mock_get_config.stop() + self.mock_load_config.stop() + self.mock_run_commands.stop() + + def load_fixtures(self, commands=None, transport='cli'): + config_file = 'mlnxos_config_config.cfg' + self.get_config.return_value = load_fixture(config_file) + self.load_config.return_value = None + + def test_mlnxos_config_unchanged(self): + src = load_fixture('mlnxos_config_config.cfg') + set_module_args(dict(src=src)) + self.execute_module() + + def test_mlnxos_config_src(self): + src = load_fixture('mlnxos_config_src.cfg') + set_module_args(dict(src=src)) + commands = [ + 'interface mlag-port-channel 2'] + self.execute_module(changed=True, commands=commands, is_updates=True) + + def test_mlnxos_config_backup(self): + set_module_args(dict(backup=True)) + result = self.execute_module() + self.assertIn('__backup__', result) + + def test_mlnxos_config_save(self): + set_module_args(dict(save='yes')) + self.execute_module(changed=True) + self.assertEqual(self.run_commands.call_count, 1) + self.assertEqual(self.get_config.call_count, 1) + self.assertEqual(self.load_config.call_count, 0) + args = self.run_commands.call_args[0][1] + self.assertIn('configuration write', args) + + def test_mlnxos_config_lines_wo_parents(self): + set_module_args(dict(lines=['hostname foo'])) + commands = ['hostname foo'] + self.execute_module(changed=True, commands=commands, is_updates=True) + + def test_mlnxos_config_before(self): + set_module_args(dict(lines=['hostname foo'], before=['test1', 'test2'])) + commands = ['test1', 'test2', 'hostname foo'] + self.execute_module(changed=True, commands=commands, sort=False, is_updates=True) + + def test_mlnxos_config_after(self): + set_module_args(dict(lines=['hostname foo'], after=['test1', 'test2'])) + commands = ['hostname foo', 'test1', 'test2'] + self.execute_module(changed=True, commands=commands, sort=False, is_updates=True) + + def test_mlnxos_config_before_after(self): + set_module_args(dict(lines=['hostname foo'], + before=['test1', 'test2'], + after=['test3', 'test4'])) + commands = ['test1', 'test2', 'hostname foo', 'test3', 'test4'] + self.execute_module(changed=True, commands=commands, sort=False, is_updates=True) + + def test_mlnxos_config_config(self): + config = 'hostname localhost' + set_module_args(dict(lines=['hostname router'], config=config)) + commands = ['hostname router'] + self.execute_module(changed=True, commands=commands, is_updates=True) + + def test_mlnxos_config_match_none(self): + lines = ['hostname router'] + set_module_args(dict(lines=lines, match='none')) + self.execute_module(changed=True, commands=lines, is_updates=True)