mirror.MikroTik/zahodi.ansible-mikrotik
1
0
Fork 0
mirror of https://github.com/zahodi/ansible-mikrotik.git synced 2025-07-31 16:14:25 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

work in progress

Browse source 
- check for lists in mt_common
- move current radius module to a backup
- radius use common class
- move a radius and hotspot tests to tasks/
This commit is contained in:
Valentin Gurmeza 2017-06-14 18:15:48 -07:00
parent 06654d4d46
commit 9973f637aa
6 changed files with 689 additions and 561 deletions
Download patch file Download diff file Expand all files Collapse all files

237
library/mt_radius.py
View file

@ -14,83 +14,42 @@ options:
hostname:
description:
- hotstname of mikrotik router
required: True
username:
description:
- username used to connect to mikrotik router
required: True
password:
description:
- password used for authentication to mikrotik router
required: True
state:
description:
- client present or absent
required: True
required: False
choices:
- present
- absent
comment:
description:
- This module only ensures entries that match the comment field.
Thus, you should make unique comments for every entry.
required: True # only if state is present
address:
description:
- IPv4 or IPv6 address of RADIUS server
required: False
secret:
description:
- Shared secret used to access the RADIUS server
required: False
default: null
timeout:
description:
- Timeout after which the request should be resend
required: False
default: null
service:
description:
- Router services that will use this RADIUS server:
choices:
- 'hotspot' # HotSpot authentication service
- 'login' # router's local user authentication
- 'ppp # Point-to-Point clients authentication
- 'wireless # wireless client authentication (client's MAC address is sent as User-Name)
- 'dhcp # DHCP protocol client authentication (client's MAC address is sent as User-Name)IPv4 or IPv6 address of RADIUS server
required: False
default: null
incoming:
accept:
choices: ['true', 'false' ]
port: "3799"
description:
- Whether to accept the unsolicited messages.
Also include the port number to listen for the requests on.
Accept and port values must be strings
required: False
default: null
'''
EXAMPLES = '''
# Add a new radius entry
- mt_radius:
- mt_dhcp_server:
hostname: "{{ inventory_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: radius
settings:
address: 192.168.230.1
comment: ansible_test
timeout: '2s500ms'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
'''
import mt_api
from ansible.module_utils.basic import AnsibleModule
from mt_common import MikrotikIdempotent
def main():
@ -99,14 +58,14 @@ def main():
hostname = dict(required=True),
username = dict(required=True),
password = dict(required=True),
address = dict(required=False, type='str'),
comment = dict(required=True, type='str'),
secret = dict(required=False, type='str'),
service = dict(required=False, type='list'),
timeout = dict(required=False, type='str'),
incoming= dict(required=False, type='dict'),
state = dict(
settings = dict(required=False, type='dict'),
parameter = dict(
required = True,
choices = ['radius', 'incoming'],
type = 'str'
),
state = dict(
required = False,
choices = ['present', 'absent'],
type = 'str'
),
@ -114,152 +73,52 @@ def main():
supports_check_mode=True
)
hostname = module.params['hostname']
username = module.params['username']
password = module.params['password']
state = module.params['state']
check_mode = module.check_mode
changed = False
msg = ""
idempotent_parameter = None
params = module.params
radius_path = '/radius'
mk = mt_api.Mikrotik(hostname, username, password)
try:
mk.login()
except:
if params['parameter'] == 'radius':
idempotent_parameter = 'comment'
params['parameter'] = "/radius"
if params['parameter'] == 'incoming':
params['parameter'] = "/radius/incoming"
mt_obj = MikrotikIdempotent(
hostname = params['hostname'],
username = params['username'],
password = params['password'],
state = params['state'],
desired_params = params['settings'],
idempotent_param = idempotent_parameter,
api_path = str(params['parameter']),
check_mode = module.check_mode,
)
mt_obj.sync_state()
if mt_obj.failed:
module.fail_json(
msg="Could not log into Mikrotik device." +
" Check the username and password.",
msg = mt_obj.failed_msg
)
response = mk.api_print(radius_path)
radius_params = module.params
########################################################
# Check if we need to edit the incoming radius settings
########################################################
if radius_params['incoming'] is not None:
incoming_path = '/radius/incoming'
incoming_response = mk.api_print(incoming_path)
incoming = radius_params['incoming']
if incoming_response[0][1]['accept'] == incoming['accept']:
if incoming_response[0][1]['port'] == incoming['port']:
# nothing to do
pass
else:
# edit port
if not check_mode:
mk.api_edit(base_path=incoming_path, params=incoming)
else:
# edit the accept and the port
if not check_mode:
mk.api_edit(base_path=incoming_path, params=incoming)
#######################################
# Since we are grabbing all the parameters passed by the module
# We need to remove the one that won't be used
# as mikrotik parameters
remove_params = ['hostname', 'username', 'password', 'state', 'incoming']
for i in remove_params:
radius_params.pop(i)
#######################################
# remove keys with empty values
# convert service list to stings
######################################
for key in radius_params.keys():
if radius_params[key] is None:
radius_params.pop(key)
#################################################
# Convert service list to comma separated string
#################################################
list_to_string = ""
if 'service' in radius_params:
list_to_string = ','.join(map(str, radius_params['service']))
radius_params['service'] = list_to_string
################################################
# mikrotik_radius is the dictionary with the parameters
# we get from mikrotik
#################################
# We grab the first radius item to
# match the comment
#################################
mikrotik_radius = {}
for i in response:
if 'comment' in i[1]:
if i[1]['comment'] == radius_params['comment']:
mikrotik_radius = i[1]
break
##########################################################
# Define radius_id to be used by remove and edit function
##########################################################
if '.id' in mikrotik_radius:
radius_id = mikrotik_radius['.id']
else:
radius_id = False
######################################################
# If the state is present and we can't find matching
# radius comment we add a new item with all the parameters
# from Ansible
#######################################################
if state == "present":
if mikrotik_radius == {}:
if not check_mode:
mk.api_add(base_path=radius_path, params=radius_params)
elif mt_obj.changed:
module.exit_json(
failed=False,
changed=True,
msg="Added radius item",
msg=mt_obj.changed_msg,
diff={ "prepared": {
"old": mt_obj.old_params,
"new": mt_obj.new_params,
}},
)
###################################################
# If an item exists we check if all the parameters
# match what we have in ansible
######################################
else:
radius_diff_keys = {}
for key in radius_params:
if radius_params[key] != mikrotik_radius[key]:
radius_diff_keys[key] = radius_params[key]
if radius_diff_keys != {}:
radius_diff_keys['numbers'] = radius_id
if not check_mode:
mk.api_edit(base_path=radius_path, params=radius_diff_keys)
module.exit_json(
failed=False,
changed=True,
msg="Changed radius item: " + radius_params['comment']
)
else:
####################
# Already up date
module.exit_json(
failed=False,
changed=False,
)
elif state == "absent":
if radius_id:
if not check_mode:
mk.api_remove(base_path=radius_path, remove_id=radius_id)
module.exit_json(
failed=False,
changed=True,
msg=radius_params['comment'] + " removed"
)
#####################################################
# if radius_id is not set there is nothing to remove
#####################################################
else:
module.exit_json(
failed=False,
changed=False,
#msg='',
msg=params['settings'],
)
else:
module.exit_json(
failed=True,
changed=False,
)
if __name__ == '__main__':
main()

265
library/mt_radius_backup.py Normal file
View file

@ -0,0 +1,265 @@
# -*- coding: utf-8 -*-
DOCUMENTATION = '''
module: mt_radius
author:
- "Valentin Gurmeza"
- "Shaun Smiley"
version_added: "2.3"
short_description: Manage mikrotik radius client
requirements:
- mt_api
description:
- Add or remove a radius client
options:
hostname:
description:
- hotstname of mikrotik router
required: True
username:
description:
- username used to connect to mikrotik router
required: True
password:
description:
- password used for authentication to mikrotik router
required: True
state:
description:
- client present or absent
required: True
choices:
- present
- absent
comment:
description:
- This module only ensures entries that match the comment field.
Thus, you should make unique comments for every entry.
required: True # only if state is present
address:
description:
- IPv4 or IPv6 address of RADIUS server
required: False
secret:
description:
- Shared secret used to access the RADIUS server
required: False
default: null
timeout:
description:
- Timeout after which the request should be resend
required: False
default: null
service:
description:
- Router services that will use this RADIUS server:
choices:
- 'hotspot' # HotSpot authentication service
- 'login' # router's local user authentication
- 'ppp # Point-to-Point clients authentication
- 'wireless # wireless client authentication (client's MAC address is sent as User-Name)
- 'dhcp # DHCP protocol client authentication (client's MAC address is sent as User-Name)IPv4 or IPv6 address of RADIUS server
required: False
default: null
incoming:
accept:
choices: ['true', 'false' ]
port: "3799"
description:
- Whether to accept the unsolicited messages.
Also include the port number to listen for the requests on.
Accept and port values must be strings
required: False
default: null
'''
EXAMPLES = '''
# Add a new radius entry
- mt_radius:
hostname: "{{ inventory_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
address: 192.168.230.1
comment: ansible_test
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
'''
import mt_api
from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
hostname= dict(required=True),
username= dict(required=True),
password= dict(required=True),
address = dict(required=False, type='str'),
comment = dict(required=True, type='str'),
secret = dict(required=False, type='str'),
service = dict(required=False, type='list'),
timeout = dict(required=False, type='str'),
incoming= dict(required=False, type='dict'),
state = dict(
required = True,
choices = ['present', 'absent'],
type = 'str'
),
),
supports_check_mode=True
)
hostname = module.params['hostname']
username = module.params['username']
password = module.params['password']
state = module.params['state']
check_mode = module.check_mode
changed = False
msg = ""
radius_path = '/radius'
mk = mt_api.Mikrotik(hostname, username, password)
try:
mk.login()
except:
module.fail_json(
msg="Could not log into Mikrotik device." +
" Check the username and password.",
)
response = mk.api_print(radius_path)
radius_params = module.params
########################################################
# Check if we need to edit the incoming radius settings
########################################################
if radius_params['incoming'] is not None:
incoming_path = '/radius/incoming'
incoming_response = mk.api_print(incoming_path)
incoming = radius_params['incoming']
if incoming_response[0][1]['accept'] == incoming['accept']:
if incoming_response[0][1]['port'] == incoming['port']:
# nothing to do
pass
else:
# edit port
if not check_mode:
mk.api_edit(base_path=incoming_path, params=incoming)
else:
# edit the accept and the port
if not check_mode:
mk.api_edit(base_path=incoming_path, params=incoming)
#######################################
# Since we are grabbing all the parameters passed by the module
# We need to remove the one that won't be used
# as mikrotik parameters
remove_params = ['hostname', 'username', 'password', 'state', 'incoming']
for i in remove_params:
radius_params.pop(i)
#######################################
# remove keys with empty values
# convert service list to stings
######################################
for key in radius_params.keys():
if radius_params[key] is None:
radius_params.pop(key)
#################################################
# Convert service list to comma separated string
#################################################
list_to_string = ""
if 'service' in radius_params:
list_to_string = ','.join(map(str, radius_params['service']))
radius_params['service'] = list_to_string
################################################
# mikrotik_radius is the dictionary with the parameters
# we get from mikrotik
#################################
# We grab the first radius item to
# match the comment
#################################
mikrotik_radius = {}
for i in response:
if 'comment' in i[1]:
if i[1]['comment'] == radius_params['comment']:
mikrotik_radius = i[1]
break
##########################################################
# Define radius_id to be used by remove and edit function
##########################################################
if '.id' in mikrotik_radius:
radius_id = mikrotik_radius['.id']
else:
radius_id = False
######################################################
# If the state is present and we can't find matching
# radius comment we add a new item with all the parameters
# from Ansible
#######################################################
if state == "present":
if mikrotik_radius == {}:
if not check_mode:
mk.api_add(base_path=radius_path, params=radius_params)
module.exit_json(
failed=False,
changed=True,
msg="Added radius item",
)
###################################################
# If an item exists we check if all the parameters
# match what we have in ansible
######################################
else:
radius_diff_keys = {}
for key in radius_params:
if radius_params[key] != mikrotik_radius[key]:
radius_diff_keys[key] = radius_params[key]
if radius_diff_keys != {}:
radius_diff_keys['numbers'] = radius_id
if not check_mode:
mk.api_edit(base_path=radius_path, params=radius_diff_keys)
module.exit_json(
failed=False,
changed=True,
msg="Changed radius item: " + radius_params['comment']
)
else:
####################
# Already up date
module.exit_json(
failed=False,
changed=False,
)
elif state == "absent":
if radius_id:
if not check_mode:
mk.api_remove(base_path=radius_path, remove_id=radius_id)
module.exit_json(
failed=False,
changed=True,
msg=radius_params['comment'] + " removed"
)
#####################################################
# if radius_id is not set there is nothing to remove
#####################################################
else:
module.exit_json(
failed=False,
changed=False,
)
else:
module.exit_json(
failed=True,
changed=False,
)
if __name__ == '__main__':
main()

65
pythonlibs/mt_common.py
View file

@ -1,39 +1,13 @@
#!/usr/bin/env python
import mt_api
import re
if 'policy' in ansible_scheduler_params:
dif_list = []
if 'policy' in mikrotik_scheduler_task:
policy = mikrotik_scheduler_task['policy'].split(',')
dif_list = set(ansible_scheduler_params['policy']) & set(policy)
if dif_list == []:
list_to_string = ""
list_to_string = ','.join(map(str, ansible_scheduler_params['policy']))
scheduler_diff_keys['policy'] = list_to_string
for key in ansible_scheduler_params:
if key != 'policy':
if key in mikrotik_scheduler_task:
if ansible_scheduler_params[key] != mikrotik_scheduler_task[key]:
scheduler_diff_keys[key] = ansible_scheduler_params[key]
else:
scheduler_diff_keys[key] = ansible_scheduler_params[key]
if scheduler_diff_keys != {}:
scheduler_diff_keys['numbers'] = client_id
if not check_mode:
mk.api_edit(base_path=api_path, params=scheduler_diff_keys)
changed = True
changed_message.append(
"Changed scheduler task : " + ansible_scheduler_params['name']
)
import sys
def list_string(ansible_list, mikrotik_string):
list_to_string = ""
list_to_string = ','.join(map(str, ansible_scheduler_params['policy']))
scheduler_diff_keys['policy'] = list_to_string
def list_to_string(list):
list_string = ""
list_string = ','.join(map(str, list))
return list_string
def clean_params(params):
@ -150,6 +124,11 @@ class MikrotikIdempotent():
# When current_param is empty we need to call api_add method to add
# all the parameters in the desired_params
if self.current_param is None:
# check if we have a list within the dictionary
# convert the list to string to pass to mikrotik
for i in self.desired_params:
if isinstance(self.desired_params[i], list):
self.desired_params[i] = list_to_string(self.desired_params[i])
self.new_params = self.desired_params
self.old_params = ""
if not self.check_mode:
@ -184,13 +163,27 @@ class MikrotikIdempotent():
# iterate over items in desired params and match against items in current_param
# to figure out the difference
for desired_param in self.desired_params:
self.desired_params[desired_param] = str(self.desired_params[desired_param])
if desired_param in self.current_param:
if self.current_param[desired_param] != self.desired_params[desired_param]:
out_params[desired_param] = self.desired_params[desired_param]
old_params[desired_param] = self.current_param[desired_param]
# check if we have a list within the dictionary
# convert mikrotik string to list to get a diff
if isinstance(self.desired_params[desired_param], list):
dif_list = []
if desired_param in self.current_param:
current_param_list = self.current_param[desired_param].split(',')
dif_list = set(self.desired_params[desired_param]) - set(current_param_list)
else:
out_params[desired_param] = self.desired_params[desired_param]
out_params[desired_param] = list_to_string(self.desired_params[desired_param])
if dif_list:
out_params[desired_param] = list_to_string(self.desired_params[desired_param])
old_params[desired_param] = self.current_param[desired_param]
continue
if self.current_param[desired_param] != str(self.desired_params[desired_param]):
out_params[desired_param] = str(self.desired_params[desired_param])
old_params[desired_param] = str(self.current_param[desired_param])
else:
if isinstance(desired_param, list):
out_params[desired_param] = list_to_string(self.desired_params[desired_param])
out_params[desired_param] = str(self.desired_params[desired_param])
if desired_param in self.current_param:
old_params[desired_param] = self.current_param[desired_param]

197
tests/integration/tasks/hotspot-tests.yml Normal file
View file

@ -0,0 +1,197 @@
- name: add a hotspot profile
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: profile
settings:
dns-name: internet.com
login-by: http-pap
name: Hotspot1
radius-interim-update: 3m
use-radius: "yes"
- name: NEVER_CHANGES add a hotspot profile, check idempotency
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: profile
state: present
settings:
dns-name: internet.com
login-by: http-pap
name: Hotspot1
radius-interim-update: 3m
use-radius: "yes"
register: profile_add
failed_when: (
not ansible_check_mode
) and (
( profile_add | changed )
)
- name: ALWAYS_CHANGES edit a hotspot profile, check changes
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: profile
state: present
settings:
dns-name: internet.com
login-by: http-pap
name: Hotspot1
radius-interim-update: 4m
use-radius: "yes"
register: profile_edit
failed_when: not ( profile_edit | changed )
- name: add a hotspot
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: hotspot
state: present
settings:
address-pool: pool1
disabled: "no"
interface: ether2
name: NETACCESS1
profile: Hotspot1
idle-timeout: 3s
- name: NEVER_CHANGES add a hotspot again, check idempotency
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: hotspot
settings:
address-pool: pool1
disabled: "no"
interface: ether2
name: NETACCESS1
profile: Hotspot1
idle-timeout: 3s
register: hotspot_add
failed_when: (
not ansible_check_mode
) and (
( hotspot_add | changed )
)
- name: ALWAYS_CHANGES edit a hotspot, check changes
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: hotspot
settings:
address-pool: pool1
disabled: "no"
interface: ether2
name: NETACCESS1
profile: Hotspot1
idle-timeout: 4s
register: hotspot_edit
failed_when: not ( hotspot_edit | changed )
- name: add a walled-garden
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
dst-host: google.com
server: NETACCESS1
method: PUT
- name: NEVER_CHANGES add a walled-garden, check idempotency
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
dst-host: google.com
server: NETACCESS1
method: PUT
register: walled_garden_add
failed_when: (
not ansible_check_mode
) and (
( walled_garden_add | changed )
)
- name: ALWAYS_CHANGES edit walled-garden settings, check changes
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
dst-host: google.com
server: NETACCESS1
method: TRACE
register: walled_garden_edit
failed_when: not ( walled_garden_edit | changed )
- name: ALWAYS_CHANGES remove walled-garden
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: absent
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
register: walled_garden_rem
failed_when: (
not ansible_check_mode
) and (
not ( walled_garden_rem | changed )
)
- name: ALWAYS_CHANGES remove a hotspot
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: hotspot
state: absent
settings:
name: NETACCESS1
register: hotspot_rem
failed_when: (
not ansible_check_mode
) and (
not ( hotspot_rem | changed )
)
- name: ALWAYS_CHANGES remove a hotspot profile
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: profile
state: absent
settings:
name: Hotspot1
register: profile_rem
failed_when: (
not ansible_check_mode
) and (
not ( profile_rem | changed )
)

129
tests/integration/tasks/radius-tests.yml Normal file
View file

@ -0,0 +1,129 @@
- name: Test adding a radius item
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
parameter: radius
settings:
address: "192.168.12.2"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
- name: ALWAYS_CHANGES Test editing an existing radius item (change address)
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
parameter: radius
settings:
address: "192.168.12.19"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
- dhcp
timeout: '2s500ms'
register: radius_test_1_edit
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_1_edit | changed )
)
- name: ALWAYS_CHANGES Test editing an existing radius item (change address back)
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
parameter: radius
settings:
address: "192.168.12.2"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
register: radius_test_1_edit
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_1_edit | changed )
)
- name: Test adding a duplicate of the first radius item
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
parameter: radius
settings:
address: "192.168.12.2"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
register: radius_test_1_duplicate
failed_when: (
not ansible_check_mode
) and (
( radius_test_1_duplicate|changed )
)
- name: ALWAYS_CHANGES Test adding another radius item to later remove
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
parameter: radius
settings:
address: "192.168.12.2"
comment: 'Ansible - radius test 2'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
register: radius_test_2
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_2 | changed )
)
- name: ALWAYS_CHANGES Test removing a radius item
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "absent"
parameter: radius
settings:
comment: 'Ansible - radius test 2'
register: radius_test_2_rem
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_2_rem | changed )
)
# incoming:
# accept: "true"
# port: "37988"

319
tests/integration/tests.yml
View file

@ -548,125 +548,7 @@
###################
### radius
###################
- block:
- name: Test adding a radius item
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
address: "192.168.12.2"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
- name: ALWAYS_CHANGES Test editing an existing radius item (change address)
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
address: "192.168.12.19"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
register: radius_test_1_edit
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_1_edit | changed )
)
#changed_when: False
- name: ALWAYS_CHANGES Test editing an existing radius item (change address back)
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
address: "192.168.12.2"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
register: radius_test_1_edit
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_1_edit | changed )
)
#changed_when: False
- name: Test adding a duplicate of the first radius item
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
address: "192.168.12.2"
comment: 'Ansible - radius test 1'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
register: radius_test_1_duplicate
failed_when: (
not ansible_check_mode
) and (
( radius_test_1_duplicate|changed )
)
- name: ALWAYS_CHANGES Test adding another radius item to later remove
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "present"
address: "192.168.12.2"
comment: 'Ansible - radius test 2'
secret: 'password'
service:
- login
- hotspot
- wireless
timeout: '2s500ms'
register: radius_test_2
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_2 | changed )
)
- name: ALWAYS_CHANGES Test removing a radius item
mt_radius:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: "absent"
comment: 'Ansible - radius test 2'
incoming:
accept: "true"
port: "37988"
register: radius_test_2_rem
failed_when: (
not ansible_check_mode
) and (
not ( radius_test_2_rem | changed )
)
- include: tasks/radius-tests.yml
tags: radius
@ -1902,204 +1784,7 @@
###################
### hotspot
###################
- block:
- name: add a hotspot profile
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: profile
settings:
dns-name: internet.com
login-by: http-pap
name: Hotspot1
radius-interim-update: 3m
use-radius: "yes"
- name: NEVER_CHANGES add a hotspot profile, check idempotency
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: profile
state: present
settings:
dns-name: internet.com
login-by: http-pap
name: Hotspot1
radius-interim-update: 3m
use-radius: "yes"
register: profile_add
failed_when: (
not ansible_check_mode
) and (
( profile_add | changed )
)
- name: ALWAYS_CHANGES edit a hotspot profile, check changes
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: profile
state: present
settings:
dns-name: internet.com
login-by: http-pap
name: Hotspot1
radius-interim-update: 4m
use-radius: "yes"
register: profile_edit
failed_when: not ( profile_edit | changed )
- name: add a hotspot
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: hotspot
state: present
settings:
address-pool: pool1
disabled: "no"
interface: ether2
name: NETACCESS1
profile: Hotspot1
idle-timeout: 3s
- name: NEVER_CHANGES add a hotspot again, check idempotency
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: hotspot
settings:
address-pool: pool1
disabled: "no"
interface: ether2
name: NETACCESS1
profile: Hotspot1
idle-timeout: 3s
register: hotspot_add
failed_when: (
not ansible_check_mode
) and (
( hotspot_add | changed )
)
- name: ALWAYS_CHANGES edit a hotspot, check changes
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: hotspot
settings:
address-pool: pool1
disabled: "no"
interface: ether2
name: NETACCESS1
profile: Hotspot1
idle-timeout: 4s
register: hotspot_edit
failed_when: not ( hotspot_edit | changed )
- name: add a walled-garden
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
dst-host: google.com
server: NETACCESS1
method: PUT
- name: NEVER_CHANGES add a walled-garden, check idempotency
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
dst-host: google.com
server: NETACCESS1
method: PUT
register: walled_garden_add
failed_when: (
not ansible_check_mode
) and (
( walled_garden_add | changed )
)
- name: ALWAYS_CHANGES edit walled-garden settings, check changes
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: present
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
dst-host: google.com
server: NETACCESS1
method: TRACE
register: walled_garden_edit
failed_when: not ( walled_garden_edit | changed )
- name: ALWAYS_CHANGES remove walled-garden
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
state: absent
parameter: walled-garden
settings:
comment: "Allow Personal Web Portal"
register: walled_garden_rem
failed_when: (
not ansible_check_mode
) and (
not ( walled_garden_rem | changed )
)
- name: ALWAYS_CHANGES remove a hotspot
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: hotspot
state: absent
settings:
name: NETACCESS1
register: hotspot_rem
failed_when: (
not ansible_check_mode
) and (
not ( hotspot_rem | changed )
)
- name: ALWAYS_CHANGES remove a hotspot profile
mt_hotspot:
hostname: "{{ mt_hostname }}"
username: "{{ mt_user }}"
password: "{{ mt_pass }}"
parameter: profile
state: absent
settings:
name: Hotspot1
register: profile_rem
failed_when: (
not ansible_check_mode
) and (
not ( profile_rem | changed )
)
- include: tasks/hotspot-tests.yml
tags: hotspot
###################