mirror of
https://github.com/zahodi/ansible-mikrotik.git
synced 2025-07-16 13:14:21 +02:00
277 lines
7.4 KiB
Python
277 lines
7.4 KiB
Python
# -*- coding: utf-8 -*-
|
|
DOCUMENTATION = '''
|
|
module: mt_interface_ovpn_client
|
|
author:
|
|
- "Valentin Gurmeza"
|
|
- "Shaun Smiley"
|
|
version_added: "2.3"
|
|
short_description: Manage mikrotik openvpn client
|
|
requirements:
|
|
- mt_api
|
|
description:
|
|
- add, remove, or modify an openvpn client. Mikrotik uses ovpn alias for openvpn.
|
|
options:
|
|
hostname:
|
|
description:
|
|
- hotstname of mikrotik router
|
|
required: True
|
|
username:
|
|
description:
|
|
- username used to connect to mikrotik router
|
|
required: True
|
|
password:
|
|
description:
|
|
- password used for authentication to mikrotik router
|
|
required: True
|
|
state:
|
|
description:
|
|
- ovpn client present or absent
|
|
required: True
|
|
choices:
|
|
- present
|
|
- absent
|
|
comment:
|
|
description:
|
|
- ovpn client comment
|
|
required: False
|
|
name:
|
|
description:
|
|
- name of the ovpn client
|
|
user:
|
|
description:
|
|
- vpn user name
|
|
required: True # if state is present
|
|
connect_to:
|
|
description:
|
|
- Remote address of the OVPN server
|
|
required: True # if state is present
|
|
vpn_password:
|
|
description:
|
|
- ovpn client password
|
|
required: True # if state is present
|
|
port:
|
|
description:
|
|
- ovpn client port
|
|
required: False
|
|
max_mtu:
|
|
description:
|
|
- Maximum Transmission Unit. Max packet size that OVPN interface will be able to send without packet fragmentation.
|
|
required: False
|
|
profile:
|
|
description:
|
|
- Used PPP profile
|
|
required: False
|
|
certificate:
|
|
description:
|
|
- Name of the client certificate
|
|
required: False
|
|
mac_address:
|
|
description:
|
|
- Mac address of OVPN interface
|
|
required: False
|
|
add_default_route:
|
|
description:
|
|
- Whether to add OVPN remote address as a default route
|
|
required: False
|
|
choices:
|
|
- yes
|
|
- no
|
|
cipher:
|
|
description:
|
|
- Allowed ciphers
|
|
required: False
|
|
choices:
|
|
- blowfish128
|
|
- aes128
|
|
- aes192
|
|
- aes256
|
|
auth:
|
|
description:
|
|
- Allowed authentication methods
|
|
required: False
|
|
choices:
|
|
- sha1
|
|
- md5
|
|
- null
|
|
- aes256
|
|
mode:
|
|
description:
|
|
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
|
|
required: False
|
|
choices:
|
|
- ip
|
|
- ethernet
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
- mt_interface_ovpn_client:
|
|
hostname: "{{ inventory_hostname }}"
|
|
username: "{{ mt_user }}"
|
|
password: "{{ mt_pass }}"
|
|
state: present
|
|
vpn_user: ansible_admin
|
|
connect_to: 192.168.230.1
|
|
client_name: ansible_test
|
|
vpn_password: 'password'
|
|
'''
|
|
|
|
import mt_api
|
|
import re
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
|
|
|
|
def main():
|
|
|
|
module = AnsibleModule(
|
|
argument_spec=dict(
|
|
hostname = dict(required=True),
|
|
username = dict(required=True),
|
|
password = dict(required=True),
|
|
name = dict(required=True, type='str'),
|
|
user = dict(required=False, type='str'),
|
|
connect_to = dict(required=False, type='str'),
|
|
comment = dict(required=False, type='str'),
|
|
vpn_password = dict(required=False, type='str'),
|
|
port = dict(required=False, type='str'),
|
|
max_mtu = dict(required=False, type='str'),
|
|
profile = dict(required=False, type='str'),
|
|
certificate = dict(required=False, type='str'),
|
|
mac_address = dict(required=False, type='str'),
|
|
add_default_route = dict(
|
|
required = False,
|
|
choices = ['yes', 'no'],
|
|
type='str'
|
|
),
|
|
cipher = dict(
|
|
required = False,
|
|
choices = ['blowfish128', 'aes128', 'aes192', 'aes256'],
|
|
type='str'
|
|
),
|
|
auth = dict(
|
|
required = False,
|
|
choices = ['sha1', 'md5', 'null'],
|
|
type='str'
|
|
),
|
|
mode = dict(
|
|
required = False,
|
|
choices = ['ip', 'ethernet'],
|
|
type='str'
|
|
),
|
|
state = dict(
|
|
required = False,
|
|
choices = ['present', 'absent'],
|
|
type = 'str'
|
|
),
|
|
)
|
|
)
|
|
|
|
hostname = module.params['hostname']
|
|
username = module.params['username']
|
|
password = module.params['password']
|
|
state = module.params['state']
|
|
ansible_client_name = module.params['name']
|
|
ansible_mac_address = module.params['mac_address']
|
|
changed = False
|
|
msg = ""
|
|
|
|
mk = mt_api.Mikrotik(hostname, username, password)
|
|
try:
|
|
mk.login()
|
|
except:
|
|
module.fail_json(
|
|
msg="Could not log into Mikrotik device." +
|
|
" Check the username and password.",
|
|
)
|
|
|
|
ovpn_client_path = '/interface/ovpn-client'
|
|
|
|
response = mk.api_print(base_path=ovpn_client_path)
|
|
ovpn_client_params = module.params
|
|
mikrotik_client_name = ""
|
|
mikrotik_ovpn_client = {}
|
|
for item in response:
|
|
if 'name' in item[1].keys():
|
|
if ansible_client_name == item[1]['name']:
|
|
mikrotik_client_name = item[1]['name']
|
|
mikrotik_ovpn_client = item[1]
|
|
|
|
#######################################
|
|
# remove keys with empty values
|
|
# remove unneeded parameters
|
|
# modify keys with '_' to match mikrotik parameters
|
|
######################################
|
|
remove_params = ['hostname', 'username', 'password', 'state']
|
|
for i in remove_params:
|
|
del ovpn_client_params[i]
|
|
for key in ovpn_client_params.keys():
|
|
if ovpn_client_params[key] is None:
|
|
del ovpn_client_params[key]
|
|
|
|
for key in ovpn_client_params.keys():
|
|
if 'vpn_password' == key:
|
|
ovpn_client_params['password'] = ovpn_client_params[key]
|
|
del ovpn_client_params[key]
|
|
|
|
for key in ovpn_client_params.keys():
|
|
new_key = re.sub('_','-', key)
|
|
if new_key != key:
|
|
ovpn_client_params[new_key] = ovpn_client_params[key]
|
|
del ovpn_client_params[key]
|
|
|
|
if state == "present":
|
|
if mikrotik_ovpn_client == {}:
|
|
mk.api_add(
|
|
base_path=ovpn_client_path,
|
|
params=ovpn_client_params
|
|
)
|
|
module.exit_json(
|
|
changed=True,
|
|
failed=False,
|
|
msg=ansible_client_name + " client added"
|
|
)
|
|
else:
|
|
mikrotik_ovpn_client['add-default-route'] = 'no'
|
|
if 'comment' in ovpn_client_params and 'comment' not in mikrotik_ovpn_client:
|
|
mikrotik_ovpn_client['comment'] = None
|
|
client_id = mikrotik_ovpn_client['.id']
|
|
for i in ['.id', 'running']:
|
|
mikrotik_ovpn_client.pop(i)
|
|
update_keys = {}
|
|
for key, value in ovpn_client_params.items():
|
|
if value != mikrotik_ovpn_client[key]:
|
|
update_keys[key] = value
|
|
if update_keys == {}:
|
|
module.exit_json(
|
|
changed=False,
|
|
failed=False,
|
|
)
|
|
else:
|
|
update_keys['numbers'] = client_id
|
|
mk.api_edit(
|
|
base_path=ovpn_client_path,
|
|
params=update_keys
|
|
)
|
|
module.exit_json(
|
|
changed=True,
|
|
failed=False,
|
|
msg=update_keys,
|
|
)
|
|
else:
|
|
if mikrotik_ovpn_client == {}:
|
|
module.exit_json(
|
|
changed=False,
|
|
failed=False,
|
|
)
|
|
else:
|
|
remove_response = mk.api_remove(
|
|
base_path=ovpn_client_path,
|
|
remove_id=mikrotik_ovpn_client['.id']
|
|
)
|
|
module.exit_json(
|
|
changed=True,
|
|
failed=False,
|
|
msg=remove_response[0]
|
|
)
|
|
|
|
if __name__ == '__main__':
|
|
main()
|