ansible  2.9.27
About: Ansible is an IT Configuration Management, Deployment \
About: Ansible (2.x) is an IT Configuration Management, Deployment & Orchestration tool.
ansible download page.
  Fossies Dox: ansible-2.9.27.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

aci_bd.py
Go to the documentation of this file.
1#!/usr/bin/python
2# -*- coding: utf-8 -*-
3
4# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
5
6from __future__ import absolute_import, division, print_function
7__metaclass__ = type
8
9ANSIBLE_METADATA = {'metadata_version': '1.1',
10 'status': ['preview'],
11 'supported_by': 'certified'}
12
13DOCUMENTATION = r'''
14---
15module: aci_bd
16short_description: Manage Bridge Domains (BD) objects (fv:BD)
17description:
18- Manages Bridge Domains (BD) on Cisco ACI fabrics.
19version_added: '2.4'
20options:
21 arp_flooding:
22 description:
23 - Determines if the Bridge Domain should flood ARP traffic.
24 - The APIC defaults to C(no) when unset during creation.
25 type: bool
26 bd:
27 description:
28 - The name of the Bridge Domain.
29 type: str
30 aliases: [ bd_name, name ]
31 bd_type:
32 description:
33 - The type of traffic on the Bridge Domain.
34 - The APIC defaults to C(ethernet) when unset during creation.
35 type: str
36 choices: [ ethernet, fc ]
37 description:
38 description:
39 - Description for the Bridge Domain.
40 type: str
41 enable_multicast:
42 description:
43 - Determines if PIM is enabled.
44 - The APIC defaults to C(no) when unset during creation.
45 type: bool
46 enable_routing:
47 description:
48 - Determines if IP forwarding should be allowed.
49 - The APIC defaults to C(yes) when unset during creation.
50 type: bool
51 endpoint_clear:
52 description:
53 - Clears all End Points in all Leaves when C(yes).
54 - The value is not reset to disabled once End Points have been cleared; that requires a second task.
55 - The APIC defaults to C(no) when unset during creation.
56 type: bool
57 endpoint_move_detect:
58 description:
59 - Determines if GARP should be enabled to detect when End Points move.
60 - The APIC defaults to C(garp) when unset during creation.
61 type: str
62 choices: [ default, garp ]
63 endpoint_retention_action:
64 description:
65 - Determines if the Bridge Domain should inherit or resolve the End Point Retention Policy.
66 - The APIC defaults to C(resolve) when unset during creation.
67 type: str
68 choices: [ inherit, resolve ]
69 endpoint_retention_policy:
70 description:
71 - The name of the End Point Retention Policy the Bridge Domain should use when
72 overriding the default End Point Retention Policy.
73 type: str
74 igmp_snoop_policy:
75 description:
76 - The name of the IGMP Snooping Policy the Bridge Domain should use when
77 overriding the default IGMP Snooping Policy.
78 type: str
79 ip_learning:
80 description:
81 - Determines if the Bridge Domain should learn End Point IPs.
82 - The APIC defaults to C(yes) when unset during creation.
83 type: bool
84 ipv6_nd_policy:
85 description:
86 - The name of the IPv6 Neighbor Discovery Policy the Bridge Domain should use when
87 overridding the default IPV6 ND Policy.
88 type: str
89 l2_unknown_unicast:
90 description:
91 - Determines what forwarding method to use for unknown l2 destinations.
92 - The APIC defaults to C(proxy) when unset during creation.
93 type: str
94 choices: [ proxy, flood ]
95 l3_unknown_multicast:
96 description:
97 - Determines the forwarding method to use for unknown multicast destinations.
98 - The APIC defaults to C(flood) when unset during creation.
99 type: str
100 choices: [ flood, opt-flood ]
101 limit_ip_learn:
102 description:
103 - Determines if the BD should limit IP learning to only subnets owned by the Bridge Domain.
104 - The APIC defaults to C(yes) when unset during creation.
105 type: bool
106 mac_address:
107 description:
108 - The MAC Address to assign to the C(bd) instead of using the default.
109 - The APIC defaults to C(00:22:BD:F8:19:FF) when unset during creation.
110 type: str
111 aliases: [ mac ]
112 version_added: '2.5'
113 multi_dest:
114 description:
115 - Determines the forwarding method for L2 multicast, broadcast, and link layer traffic.
116 - The APIC defaults to C(bd-flood) when unset during creation.
117 type: str
118 choices: [ bd-flood, drop, encap-flood ]
119 state:
120 description:
121 - Use C(present) or C(absent) for adding or removing.
122 - Use C(query) for listing an object or multiple objects.
123 type: str
124 choices: [ absent, present, query ]
125 default: present
126 tenant:
127 description:
128 - The name of the Tenant.
129 type: str
130 aliases: [ tenant_name ]
131 vrf:
132 description:
133 - The name of the VRF.
134 type: str
135 aliases: [ vrf_name ]
136extends_documentation_fragment: aci
137notes:
138- The C(tenant) used must exist before using this module in your playbook.
139 The M(aci_tenant) module can be used for this.
140seealso:
141- module: aci_tenant
142- name: APIC Management Information Model reference
143 description: More information about the internal APIC class B(fv:BD).
144 link: https://developer.cisco.com/docs/apic-mim-ref/
145author:
146- Jacob McGill (@jmcgill298)
147'''
148
149EXAMPLES = r'''
150- name: Add Bridge Domain
151 aci_bd:
152 host: "{{ inventory_hostname }}"
153 username: "{{ username }}"
154 password: "{{ password }}"
155 validate_certs: no
156 tenant: prod
157 bd: web_servers
158 mac_address: 00:22:BD:F8:19:FE
159 vrf: prod_vrf
160 state: present
161 delegate_to: localhost
162
163- name: Add an FC Bridge Domain
164 aci_bd:
165 host: "{{ inventory_hostname }}"
166 username: "{{ username }}"
167 password: "{{ password }}"
168 validate_certs: no
169 tenant: prod
170 bd: storage
171 bd_type: fc
172 vrf: fc_vrf
173 enable_routing: no
174 state: present
175 delegate_to: localhost
176
177- name: Modify a Bridge Domain
178 aci_bd:
179 host: "{{ inventory_hostname }}"
180 username: "{{ username }}"
181 password: "{{ password }}"
182 validate_certs: yes
183 tenant: prod
184 bd: web_servers
185 arp_flooding: yes
186 l2_unknown_unicast: flood
187 state: present
188 delegate_to: localhost
189
190- name: Query All Bridge Domains
191 aci_bd:
192 host: "{{ inventory_hostname }}"
193 username: "{{ username }}"
194 password: "{{ password }}"
195 validate_certs: yes
196 state: query
197 delegate_to: localhost
198 register: query_result
199
200- name: Query a Bridge Domain
201 aci_bd:
202 host: "{{ inventory_hostname }}"
203 username: "{{ username }}"
204 password: "{{ password }}"
205 validate_certs: yes
206 tenant: prod
207 bd: web_servers
208 state: query
209 delegate_to: localhost
210 register: query_result
211
212- name: Delete a Bridge Domain
213 aci_bd:
214 host: "{{ inventory_hostname }}"
215 username: "{{ username }}"
216 password: "{{ password }}"
217 validate_certs: yes
218 tenant: prod
219 bd: web_servers
220 state: absent
221 delegate_to: localhost
222'''
223
224RETURN = r'''
225current:
226 description: The existing configuration from the APIC after the module has finished
227 returned: success
228 type: list
229 sample:
230 [
231 {
232 "fvTenant": {
233 "attributes": {
234 "descr": "Production environment",
235 "dn": "uni/tn-production",
236 "name": "production",
237 "nameAlias": "",
238 "ownerKey": "",
239 "ownerTag": ""
240 }
241 }
242 }
243 ]
244error:
245 description: The error information as returned from the APIC
246 returned: failure
247 type: dict
248 sample:
249 {
250 "code": "122",
251 "text": "unknown managed object class foo"
252 }
253raw:
254 description: The raw output returned by the APIC REST API (xml or json)
255 returned: parse error
256 type: str
257 sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
258sent:
259 description: The actual/minimal configuration pushed to the APIC
260 returned: info
261 type: list
262 sample:
263 {
264 "fvTenant": {
265 "attributes": {
266 "descr": "Production environment"
267 }
268 }
269 }
270previous:
271 description: The original configuration from the APIC before the module has started
272 returned: info
273 type: list
274 sample:
275 [
276 {
277 "fvTenant": {
278 "attributes": {
279 "descr": "Production",
280 "dn": "uni/tn-production",
281 "name": "production",
282 "nameAlias": "",
283 "ownerKey": "",
284 "ownerTag": ""
285 }
286 }
287 }
288 ]
289proposed:
290 description: The assembled configuration from the user-provided parameters
291 returned: info
292 type: dict
293 sample:
294 {
295 "fvTenant": {
296 "attributes": {
297 "descr": "Production environment",
298 "name": "production"
299 }
300 }
301 }
302filter_string:
303 description: The filter string used for the request
304 returned: failure or debug
305 type: str
306 sample: ?rsp-prop-include=config-only
307method:
308 description: The HTTP method used for the request to the APIC
309 returned: failure or debug
310 type: str
311 sample: POST
312response:
313 description: The HTTP response from the APIC
314 returned: failure or debug
315 type: str
316 sample: OK (30 bytes)
317status:
318 description: The HTTP status from the APIC
319 returned: failure or debug
320 type: int
321 sample: 200
322url:
323 description: The HTTP url used for the request to the APIC
324 returned: failure or debug
325 type: str
326 sample: https://10.11.12.13/api/mo/uni/tn-production.json
327'''
328
329from ansible.module_utils.basic import AnsibleModule
330from ansible.module_utils.network.aci.aci import ACIModule, aci_argument_spec
331
332
333def main():
334 argument_spec = aci_argument_spec()
335 argument_spec.update(
336 arp_flooding=dict(type='bool'),
337 bd=dict(type='str', aliases=['bd_name', 'name']), # Not required for querying all objects
338 bd_type=dict(type='str', choices=['ethernet', 'fc']),
339 description=dict(type='str'),
340 enable_multicast=dict(type='bool'),
341 enable_routing=dict(type='bool'),
342 endpoint_clear=dict(type='bool'),
343 endpoint_move_detect=dict(type='str', choices=['default', 'garp']),
344 endpoint_retention_action=dict(type='str', choices=['inherit', 'resolve']),
345 endpoint_retention_policy=dict(type='str'),
346 igmp_snoop_policy=dict(type='str'),
347 ip_learning=dict(type='bool'),
348 ipv6_nd_policy=dict(type='str'),
349 l2_unknown_unicast=dict(type='str', choices=['proxy', 'flood']),
350 l3_unknown_multicast=dict(type='str', choices=['flood', 'opt-flood']),
351 limit_ip_learn=dict(type='bool'),
352 mac_address=dict(type='str', aliases=['mac']),
353 multi_dest=dict(type='str', choices=['bd-flood', 'drop', 'encap-flood']),
354 state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
355 tenant=dict(type='str', aliases=['tenant_name']), # Not required for querying all objects
356 vrf=dict(type='str', aliases=['vrf_name']),
357 gateway_ip=dict(type='str', removed_in_version='2.4'), # Deprecated starting from v2.4
358 scope=dict(type='str', removed_in_version='2.4'), # Deprecated starting from v2.4
359 subnet_mask=dict(type='str', removed_in_version='2.4'), # Deprecated starting from v2.4
360 )
361
362 module = AnsibleModule(
363 argument_spec=argument_spec,
364 supports_check_mode=True,
365 required_if=[
366 ['state', 'absent', ['bd', 'tenant']],
367 ['state', 'present', ['bd', 'tenant']],
368 ],
369 )
370
371 aci = ACIModule(module)
372
373 arp_flooding = aci.boolean(module.params['arp_flooding'])
374 bd = module.params['bd']
375 bd_type = module.params['bd_type']
376 if bd_type == 'ethernet':
377 # ethernet type is represented as regular, but that is not clear to the users
378 bd_type = 'regular'
379 description = module.params['description']
380 enable_multicast = aci.boolean(module.params['enable_multicast'])
381 enable_routing = aci.boolean(module.params['enable_routing'])
382 endpoint_clear = aci.boolean(module.params['endpoint_clear'])
383 endpoint_move_detect = module.params['endpoint_move_detect']
384 if endpoint_move_detect == 'default':
385 # the ACI default setting is an empty string, but that is not a good input value
386 endpoint_move_detect = ''
387 endpoint_retention_action = module.params['endpoint_retention_action']
388 endpoint_retention_policy = module.params['endpoint_retention_policy']
389 igmp_snoop_policy = module.params['igmp_snoop_policy']
390 ip_learning = aci.boolean(module.params['ip_learning'])
391 ipv6_nd_policy = module.params['ipv6_nd_policy']
392 l2_unknown_unicast = module.params['l2_unknown_unicast']
393 l3_unknown_multicast = module.params['l3_unknown_multicast']
394 limit_ip_learn = aci.boolean(module.params['limit_ip_learn'])
395 mac_address = module.params['mac_address']
396 multi_dest = module.params['multi_dest']
397 state = module.params['state']
398 tenant = module.params['tenant']
399 vrf = module.params['vrf']
400
401 # Give warning when fvSubnet parameters are passed as those have been moved to the aci_subnet module
402 if module.params['gateway_ip'] or module.params['subnet_mask'] or module.params['scope']:
403 module._warnings = ["The support for managing Subnets has been moved to its own module, aci_subnet. \
404 The new modules still supports 'gateway_ip' and 'subnet_mask' along with more features"]
405
406 aci.construct_url(
407 root_class=dict(
408 aci_class='fvTenant',
409 aci_rn='tn-{0}'.format(tenant),
410 module_object=tenant,
411 target_filter={'name': tenant},
412 ),
413 subclass_1=dict(
414 aci_class='fvBD',
415 aci_rn='BD-{0}'.format(bd),
416 module_object=bd,
417 target_filter={'name': bd},
418 ),
419 child_classes=['fvRsCtx', 'fvRsIgmpsn', 'fvRsBDToNdP', 'fvRsBdToEpRet'],
420 )
421
422 aci.get_existing()
423
424 if state == 'present':
425 aci.payload(
426 aci_class='fvBD',
427 class_config=dict(
428 arpFlood=arp_flooding,
429 descr=description,
430 epClear=endpoint_clear,
431 epMoveDetectMode=endpoint_move_detect,
432 ipLearning=ip_learning,
433 limitIpLearnToSubnets=limit_ip_learn,
434 mac=mac_address,
435 mcastAllow=enable_multicast,
436 multiDstPktAct=multi_dest,
437 name=bd,
438 type=bd_type,
439 unicastRoute=enable_routing,
440 unkMacUcastAct=l2_unknown_unicast,
441 unkMcastAct=l3_unknown_multicast,
442 ),
443 child_configs=[
444 {'fvRsCtx': {'attributes': {'tnFvCtxName': vrf}}},
445 {'fvRsIgmpsn': {'attributes': {'tnIgmpSnoopPolName': igmp_snoop_policy}}},
446 {'fvRsBDToNdP': {'attributes': {'tnNdIfPolName': ipv6_nd_policy}}},
447 {'fvRsBdToEpRet': {'attributes': {'resolveAct': endpoint_retention_action, 'tnFvEpRetPolName': endpoint_retention_policy}}},
448 ],
449 )
450
451 aci.get_diff(aci_class='fvBD')
452
453 aci.post_config()
454
455 elif state == 'absent':
456 aci.delete_config()
457
458 aci.exit_json()
459
460
461if __name__ == "__main__":
462 main()