add the module collection

2025-07-22 11:54:24 +02:00 · 2017-05-25 16:30:10 -07:00 · 2017-05-25 16:30:10 -07:00 · 428dd5e0e2
commit 428dd5e0e2
parent 3609e520c5
22 changed files with 3741 additions and 0 deletions
--- a/library/mt_interface_ovpn_client.py
+++ b/library/mt_interface_ovpn_client.py
@ -0,0 +1,277 @@
+# -*- coding: utf-8 -*-
+DOCUMENTATION = '''
+module: mt_interface_ovpn_client
+author:
+  - "Valentin Gurmeza"
+  - "Shaun Smiley"
+version_added: "2.3"
+short_description: Manage mikrotik openvpn client
+requirements:
+  - mt_api
+description:
+  - add, remove, or modify an openvpn client. Mikrotik uses ovpn alias for openvpn.
+options:
+  hostname:
+    description:
+      - hotstname of mikrotik router
+    required: True
+  username:
+    description:
+      - username used to connect to mikrotik router
+    required: True
+  password:
+    description:
+      - password used for authentication to mikrotik router
+    required: True
+  state:
+    description:
+      - ovpn client present or absent
+    required: True
+    choices:
+      - present
+      - absent
+  comment:
+    description:
+      - ovpn client comment
+    required: False
+  name:
+    description:
+      - name of the ovpn client
+  user:
+    description:
+      - vpn user name
+    required: True # if state is present
+  connect_to:
+    description:
+      - Remote address of the OVPN server
+    required: True # if state is present
+  vpn_password:
+    description:
+      - ovpn client password
+    required: True # if state is present
+  port:
+    description:
+      - ovpn client port
+    required: False
+  max_mtu:
+    description:
+      -  Maximum Transmission Unit. Max packet size that OVPN interface will be able to send without packet fragmentation.
+    required: False
+  profile:
+    description:
+      - Used PPP profile
+    required: False
+  certificate:
+    description:
+      - Name of the client certificate
+    required: False
+  mac_address:
+    description:
+      - Mac address of OVPN interface
+    required: False
+  add_default_route:
+    description:
+      - Whether to add OVPN remote address as a default route
+    required: False
+    choices:
+      - yes
+      - no
+  cipher:
+    description:
+      - Allowed ciphers
+    required: False
+    choices:
+      - blowfish128
+      - aes128
+      - aes192
+      - aes256
+  auth:
+    description:
+      - Allowed authentication methods
+    required: False
+    choices:
+      - sha1
+      - md5
+      - null
+      - aes256
+  mode:
+    description:
+      - Layer3 or layer2 tunnel mode (alternatively tun, tap)
+    required: False
+    choices:
+      - ip
+      - ethernet
+'''
+
+EXAMPLES = '''
+- mt_interface_ovpn_client:
+    hostname:      "{{ inventory_hostname }}"
+    username:      "{{ mt_user }}"
+    password:      "{{ mt_pass }}"
+    state:         present
+    vpn_user:      ansible_admin
+    connect_to:    192.168.230.1
+    client_name:   ansible_test
+    vpn_password: 'password'
+'''
+
+import mt_api
+import re
+from ansible.module_utils.basic import AnsibleModule
+
+
+def main():
+
+  module = AnsibleModule(
+      argument_spec=dict(
+          hostname     = dict(required=True),
+          username     = dict(required=True),
+          password     = dict(required=True),
+          name         = dict(required=True, type='str'),
+          user         = dict(required=False, type='str'),
+          connect_to   = dict(required=False, type='str'),
+          comment      = dict(required=False, type='str'),
+          vpn_password = dict(required=False, type='str'),
+          port         = dict(required=False, type='str'),
+          max_mtu      = dict(required=False, type='str'),
+          profile      = dict(required=False, type='str'),
+          certificate  = dict(required=False, type='str'),
+          mac_address  = dict(required=False, type='str'),
+          add_default_route  = dict(
+              required  = False,
+              choices = ['yes', 'no'],
+              type='str'
+          ),
+          cipher       = dict(
+              required  = False,
+              choices   = ['blowfish128', 'aes128', 'aes192', 'aes256'],
+              type='str'
+          ),
+          auth          = dict(
+              required  = False,
+              choices   = ['sha1', 'md5', 'null'],
+              type='str'
+          ),
+          mode         = dict(
+              required  = False,
+              choices   = ['ip', 'ethernet'],
+              type='str'
+          ),
+          state         = dict(
+              required  = False,
+              choices   = ['present', 'absent'],
+              type      = 'str'
+          ),
+      )
+  )
+
+  hostname     = module.params['hostname']
+  username     = module.params['username']
+  password     = module.params['password']
+  state        = module.params['state']
+  ansible_client_name  = module.params['name']
+  ansible_mac_address = module.params['mac_address']
+  changed      = False
+  msg = ""
+
+  mk = mt_api.Mikrotik(hostname, username, password)
+  try:
+    mk.login()
+  except:
+    module.fail_json(
+        msg="Could not log into Mikrotik device." +
+        " Check the username and password.",
+    )
+
+  ovpn_client_path = '/interface/ovpn-client'
+
+  response = mk.api_print(base_path=ovpn_client_path)
+  ovpn_client_params = module.params
+  mikrotik_client_name = ""
+  mikrotik_ovpn_client = {}
+  for item in response:
+    if 'name' in item[1].keys():
+      if ansible_client_name == item[1]['name']:
+        mikrotik_client_name = item[1]['name']
+        mikrotik_ovpn_client = item[1]
+
+  #######################################
+  # remove keys with empty values
+  # remove unneeded parameters
+  # modify keys with '_' to match mikrotik parameters
+  ######################################
+  remove_params = ['hostname', 'username', 'password', 'state']
+  for i in remove_params:
+    del ovpn_client_params[i]
+  for key in ovpn_client_params.keys():
+    if ovpn_client_params[key] is None:
+      del ovpn_client_params[key]
+
+  for key in ovpn_client_params.keys():
+    if 'vpn_password' == key:
+      ovpn_client_params['password'] = ovpn_client_params[key]
+      del ovpn_client_params[key]
+
+  for key in ovpn_client_params.keys():
+    new_key = re.sub('_','-', key)
+    if new_key != key:
+      ovpn_client_params[new_key] = ovpn_client_params[key]
+      del ovpn_client_params[key]
+
+  if state == "present":
+    if mikrotik_ovpn_client == {}:
+      mk.api_add(
+          base_path=ovpn_client_path,
+          params=ovpn_client_params
+      )
+      module.exit_json(
+          changed=True,
+          failed=False,
+          msg=ansible_client_name + " client added"
+      )
+    else:
+      mikrotik_ovpn_client['add-default-route'] = 'no'
+      if 'comment' in ovpn_client_params and 'comment' not in mikrotik_ovpn_client:
+        mikrotik_ovpn_client['comment'] = None
+      client_id = mikrotik_ovpn_client['.id']
+      for i in ['.id', 'running']:
+        mikrotik_ovpn_client.pop(i)
+      update_keys = {}
+      for key, value in ovpn_client_params.items():
+          if value != mikrotik_ovpn_client[key]:
+              update_keys[key] = value
+      if update_keys == {}:
+        module.exit_json(
+            changed=False,
+            failed=False,
+        )
+      else:
+        update_keys['numbers'] = client_id
+        mk.api_edit(
+            base_path=ovpn_client_path,
+            params=update_keys
+        )
+        module.exit_json(
+            changed=True,
+            failed=False,
+            msg=update_keys,
+        )
+  else:
+    if mikrotik_ovpn_client == {}:
+        module.exit_json(
+            changed=False,
+            failed=False,
+        )
+    else:
+      remove_response = mk.api_remove(
+          base_path=ovpn_client_path,
+          remove_id=mikrotik_ovpn_client['.id']
+      )
+      module.exit_json(
+          changed=True,
+          failed=False,
+          msg=remove_response[0]
+      )
+
+if __name__ == '__main__':
+  main()