mirror.MikroTik/zahodi.ansible-mikrotik
1
0
Fork 0
mirror of https://github.com/zahodi/ansible-mikrotik.git synced 2025-08-04 01:55:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

add check mode to radius

Browse source 
remove ovpn_client module
This commit is contained in:
Valentin Gurmeza 2017-06-05 16:10:27 -07:00
parent 928c795f4a
commit 2db5b6ee10
4 changed files with 47 additions and 479 deletions
Download patch file Download diff file Expand all files Collapse all files

277
library/mt_interface_ovpn_client.py
View file

@ -1,277 +0,0 @@
# -*- coding: utf-8 -*-
DOCUMENTATION = '''
module: mt_interface_ovpn_client
author:
- "Valentin Gurmeza"
- "Shaun Smiley"
version_added: "2.3"
short_description: Manage mikrotik openvpn client
requirements:
- mt_api
description:
- add, remove, or modify an openvpn client. Mikrotik uses ovpn alias for openvpn.
options:
hostname:
description:
- hotstname of mikrotik router
required: True
username:
description:
- username used to connect to mikrotik router
required: True
password:
description:
- password used for authentication to mikrotik router
required: True
state:
description:
- ovpn client present or absent
required: True
choices:
- present
- absent
comment:
description:
- ovpn client comment
required: False
name:
description:
- name of the ovpn client
user:
description:
- vpn user name
required: True # if state is present
connect_to:
description:
- Remote address of the OVPN server
required: True # if state is present
vpn_password:
description:
- ovpn client password
required: True # if state is present
port:
description:
- ovpn client port
required: False
max_mtu:
description:
- Maximum Transmission Unit. Max packet size that OVPN interface will be able to send without packet fragmentation.
required: False
profile:
description:
- Used PPP profile
required: False
certificate:
description:
- Name of the client certificate
required: False
mac_address:
description:
- Mac address of OVPN interface
required: False
add_default_route:
description:
- Whether to add OVPN remote address as a default route
required: False
choices:
- yes
- no
cipher:
description:
- Allowed ciphers
required: False
choices:
- blowfish128
- aes128
- aes192
- aes256
auth:
description:
- Allowed authentication methods
required: False
choices:
- sha1
- md5
- null
- aes256
mode:
description:
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
required: False
choices:
- ip
- ethernet
'''
EXAMPLES = '''
- mt_interface_ovpn_client:
hostname: "{{ inventory_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
vpn_user: ansible_admin
connect_to: 192.168.230.1
client_name: ansible_test
vpn_password: 'password'
'''
import mt_api
import re
from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
hostname = dict(required=True),
username = dict(required=True),
password = dict(required=True),
name = dict(required=True, type='str'),
user = dict(required=False, type='str'),
connect_to = dict(required=False, type='str'),
comment = dict(required=False, type='str'),
vpn_password = dict(required=False, type='str'),
port = dict(required=False, type='str'),
max_mtu = dict(required=False, type='str'),
profile = dict(required=False, type='str'),
certificate = dict(required=False, type='str'),
mac_address = dict(required=False, type='str'),
add_default_route = dict(
required = False,
choices = ['yes', 'no'],
type='str'
),
cipher = dict(
required = False,
choices = ['blowfish128', 'aes128', 'aes192', 'aes256'],
type='str'
),
auth = dict(
required = False,
choices = ['sha1', 'md5', 'null'],
type='str'
),
mode = dict(
required = False,
choices = ['ip', 'ethernet'],
type='str'
),
state = dict(
required = False,
choices = ['present', 'absent'],
type = 'str'
),
)
)
hostname = module.params['hostname']
username = module.params['username']
password = module.params['password']
state = module.params['state']
ansible_client_name = module.params['name']
ansible_mac_address = module.params['mac_address']
changed = False
msg = ""
mk = mt_api.Mikrotik(hostname, username, password)
try:
mk.login()
except:
module.fail_json(
msg="Could not log into Mikrotik device." +
" Check the username and password.",
)
ovpn_client_path = '/interface/ovpn-client'
response = mk.api_print(base_path=ovpn_client_path)
ovpn_client_params = module.params
mikrotik_client_name = ""
mikrotik_ovpn_client = {}
for item in response:
if 'name' in item[1].keys():
if ansible_client_name == item[1]['name']:
mikrotik_client_name = item[1]['name']
mikrotik_ovpn_client = item[1]
#######################################
# remove keys with empty values
# remove unneeded parameters
# modify keys with '_' to match mikrotik parameters
######################################
remove_params = ['hostname', 'username', 'password', 'state']
for i in remove_params:
del ovpn_client_params[i]
for key in ovpn_client_params.keys():
if ovpn_client_params[key] is None:
del ovpn_client_params[key]
for key in ovpn_client_params.keys():
if 'vpn_password' == key:
ovpn_client_params['password'] = ovpn_client_params[key]
del ovpn_client_params[key]
for key in ovpn_client_params.keys():
new_key = re.sub('_','-', key)
if new_key != key:
ovpn_client_params[new_key] = ovpn_client_params[key]
del ovpn_client_params[key]
if state == "present":
if mikrotik_ovpn_client == {}:
mk.api_add(
base_path=ovpn_client_path,
params=ovpn_client_params
)
module.exit_json(
changed=True,
failed=False,
msg=ansible_client_name + " client added"
)
else:
mikrotik_ovpn_client['add-default-route'] = 'no'
if 'comment' in ovpn_client_params and 'comment' not in mikrotik_ovpn_client:
mikrotik_ovpn_client['comment'] = None
client_id = mikrotik_ovpn_client['.id']
for i in ['.id', 'running']:
mikrotik_ovpn_client.pop(i)
update_keys = {}
for key, value in ovpn_client_params.items():
if value != mikrotik_ovpn_client[key]:
update_keys[key] = value
if update_keys == {}:
module.exit_json(
changed=False,
failed=False,
)
else:
update_keys['numbers'] = client_id
mk.api_edit(
base_path=ovpn_client_path,
params=update_keys
)
module.exit_json(
changed=True,
failed=False,
msg=update_keys,
)
else:
if mikrotik_ovpn_client == {}:
module.exit_json(
changed=False,
failed=False,
)
else:
remove_response = mk.api_remove(
base_path=ovpn_client_path,
remove_id=mikrotik_ovpn_client['.id']
)
module.exit_json(
changed=True,
failed=False,
msg=remove_response[0]
)
if __name__ == '__main__':
main()

178
library/mt_ip_firewall_filter.py
View file

@ -1,178 +0,0 @@
DOCUMENTATION = '''
module: mt_ip_firewall_filter
author:
- "Valentin Gurmeza"
- "Shaun Smiley"
version_added: "2.3"
short_description: Manage mikrotik /ip/firewall/filter
requirements:
- mt_api
description:
- FILL ME OUT
options:
hostname:
description:
-
username:
description:
-
password:
description:
-
rule:
description:
- a list containing dictionary parameters.
action, chain, comment, and place-before keys are required
force:
description:
- True/False value to force remove the rule regardless of the position in the rule list.
'''
EXAMPLES = '''
- mt_ip_firewall_filter:
hostname: "{{ inventory_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
rule:
action: accept
chain: forward
comment: controlled by ansible
place-before: "2"
'''
import mt_api
from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
hostname = dict(required=True),
username = dict(required=True),
password = dict(required=True),
rule = dict(required=False, type='dict'),
state = dict(
required = False,
default = "present",
choices = ['present', 'absent'],
type = 'str'
),
)
)
hostname = module.params['hostname']
username = module.params['username']
password = module.params['password']
rule = module.params['rule']
rule_state = module.params['state']
changed = False
msg = ""
filter_path = '/ip/firewall/filter'
mk = mt_api.Mikrotik(hostname, username, password)
try:
mk.login()
except:
module.fail_json(
msg="Could not log into Mikrotik device." +
" Check the username and password.",
)
# ##############################################
# Check if "place-before" is an integer
# #############################################
try:
placement = int(rule['place-before'])
if isinstance(placement, int):
pass
except:
module.exit_json(
failed=True,
changed=False,
msg="place-before is not set or is not set to an integer",
)
#######################################################
# Construct the fluff to ignore the extras from mikrotik response
########################################################
if "log" not in rule:
rule['log'] = "false"
if "log-prefix" not in rule:
rule['log-prefix'] = ""
fluff = (
"bytes",
"disabled",
"invalid",
"packets",
"dynamic",
"invalid",
".id",
)
###################################
# Check if rule is present
# exit if rule is not present
###################################
filter_response = mk.api_print(filter_path)
last_item = len(filter_response) - 2
order_number = int(rule['place-before'])
if order_number <= last_item:
clean_response = filter_response[order_number][1]
clean_response['place-before'] = rule['place-before']
placed_at_the_end = False
remove_id = clean_response['.id']
for f in fluff:
clean_response.pop(f, None)
else:
placed_at_the_end = True
if rule_state == "present":
if placed_at_the_end is False:
if rule == clean_response:
module.exit_json(
failed=False,
changed=False,
)
################################
# add the rule
##################################
else:
mk.api_remove(filter_path, remove_id)
mk.api_add(filter_path, rule)
module.exit_json(
failed=False,
changed=True,
)
else:
rule.pop('place-before', None)
mk.api_add(filter_path, rule)
module.exit_json(
failed=False,
changed=True,
)
#####################################
# Remove the rule
#####################################
elif rule_state == "absent":
if placed_at_the_end:
module.exit_json(
failed=False,
changed=False
)
else:
if rule == clean_response:
mk.api_remove(filter_path, remove_id)
module.exit_json(
failed=False,
changed=True
)
else:
module.exit_json(
failed=False,
changed=False
)
if __name__ == '__main__':
main()

41
library/mt_radius.py
View file

@ -94,30 +94,31 @@ from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
hostname= dict(required=True),
username= dict(required=True),
password= dict(required=True),
address = dict(required=False, type='str'),
comment = dict(required=True, type='str'),
secret = dict(required=False, type='str'),
service = dict(required=False, type='list'),
timeout = dict(required=False, type='str'),
incoming= dict(required=False, type='dict'),
state = dict(
required = True,
choices = ['present', 'absent'],
type = 'str'
),
)
argument_spec=dict(
hostname= dict(required=True),
username= dict(required=True),
password= dict(required=True),
address = dict(required=False, type='str'),
comment = dict(required=True, type='str'),
secret = dict(required=False, type='str'),
service = dict(required=False, type='list'),
timeout = dict(required=False, type='str'),
incoming= dict(required=False, type='dict'),
state = dict(
required = True,
choices = ['present', 'absent'],
type = 'str'
),
),
supports_check_mode=True
)
hostname = module.params['hostname']
username = module.params['username']
password = module.params['password']
state = module.params['state']
check_mode = module.check_mode
changed = False
msg = ""
@ -147,10 +148,12 @@ def main():
pass
else:
# edit port
mk.api_edit(base_path=incoming_path, params=incoming)
if not check_mode:
mk.api_edit(base_path=incoming_path, params=incoming)
else:
# edit the accept and the port
mk.api_edit(base_path=incoming_path, params=incoming)
if not check_mode:
mk.api_edit(base_path=incoming_path, params=incoming)
#######################################
# Since we are grabbing all the parameters passed by the module
# We need to remove the one that won't be used