nuage_vspk – Manage Nuage VSP environments¶
New in version 2.4.
Synopsis¶
Manage or find Nuage VSP entities, this includes create, update, delete, assign, unassign and find, with all supported properties.
Requirements¶
The below requirements are needed on the host that executes this module.
Python 2.7
Supports Nuage VSP 4.0Rx & 5.x.y
Proper VSPK-Python installed for your Nuage version
Tested with NuageX https://nuagex.io
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
auth
-
/ required
|
Dict with the authentication information required to connect to a Nuage VSP environment.
Requires a api_username parameter (example csproot).
Requires either a api_password parameter (example csproot) or a api_certificate and api_key parameters, which point to the certificate and key files for certificate based authentication.
Requires a api_enterprise parameter (example csp).
Requires a api_url parameter (example https://10.0.0.10:8443).
Requires a api_version parameter (example v4_0).
|
|
children
-
|
Can be used to specify a set of child entities.
A mandatory property of each child is the type.
Supported optional properties of each child are id, properties and match_filter.
The function of each of these properties is the same as in the general task definition.
This can be used recursively
Only useable in case state=present.
|
|
command
-
|
|
Specifies a command to be executed.
With command=find, if parent_id and parent_type are defined, it will only search within the parent. Otherwise, if allowed, will search in the root object.
With command=find, if id is specified, it will only return the single entity matching the id.
With command=find, otherwise, if match_filter is define, it will use that filter to search.
With command=find, otherwise, if properties are defined, it will do an AND search using all properties.
With command=change_password, a password of a user can be changed. Warning - In case the password is the same as the existing, it will throw an error.
With command=wait_for_job, the module will wait for a job to either have a status of SUCCESS or ERROR. In case an ERROR status is found, the module will exit with an error.
With command=wait_for_job, the job will always be returned, even if the state is ERROR situation.
Either state or command needs to be defined, both can not be defined at the same time.
|
id
-
|
The ID of the entity you want to work on.
In combination with command=find, it will only return the single entity.
In combination with state, it will either update or delete this entity.
Will take precedence over match_filter and properties whenever an entity needs to be found.
|
|
match_filter
-
|
A filter used when looking (both in command and state for entities, in the format the Nuage VSP API expects.
If match_filter is defined, it will take precedence over the properties, but not on the id
|
|
parent_id
-
|
The ID of the parent of the entity you want to work on.
When state is specified, the entity will be gathered from this parent, if it exists, unless an id is specified.
When command=find is specified, the entity will be searched for in this parent, unless an id is specified.
If specified, parent_type also needs to be specified.
|
|
parent_type
-
|
The type of parent the ID is specified for (example Enterprise).
This should match the objects CamelCase class name in VSPK-Python.
This Class name can be found on https://nuagenetworks.github.io/vspkdoc/index.html.
If specified, parent_id also needs to be specified.
|
|
properties
-
|
Properties are the key, value pairs of the different properties an entity has.
If no id and no match_filter is specified, these are used to find or determine if the entity exists.
|
|
state
-
|
|
Specifies the desired state of the entity.
If state=present, in case the entity already exists, will update the entity if it is needed.
If state=present, in case the relationship with the parent is a member relationship, will assign the entity as a member of the parent.
If state=absent, in case the relationship with the parent is a member relationship, will unassign the entity as a member of the parent.
Either state or command needs to be defined, both can not be defined at the same time.
|
type
-
/ required
|
The type of entity you want to work on (example Enterprise).
This should match the objects CamelCase class name in VSPK-Python.
This Class name can be found on https://nuagenetworks.github.io/vspkdoc/index.html.
|
Notes¶
Note
Check mode is supported, but with some caveats. It will not do any changes, and if possible try to determine if it is able do what is requested.
In case a parent id is provided from a previous task, it might be empty and if a search is possible on root, it will do so, which can impact performance.
Examples¶
# This can be executed as a single role, with the following vars
# vars:
# auth:
# api_username: csproot
# api_password: csproot
# api_enterprise: csp
# api_url: https://10.0.0.10:8443
# api_version: v5_0
# enterprise_name: Ansible-Enterprise
# enterprise_new_name: Ansible-Updated-Enterprise
#
# or, for certificate based authentication
# vars:
# auth:
# api_username: csproot
# api_certificate: /path/to/user-certificate.pem
# api_key: /path/to/user-Key.pem
# api_enterprise: csp
# api_url: https://10.0.0.10:8443
# api_version: v5_0
# enterprise_name: Ansible-Enterprise
# enterprise_new_name: Ansible-Updated-Enterprise
# Creating a new enterprise
- name: Create Enterprise
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: Enterprise
state: present
properties:
name: "{{ enterprise_name }}-basic"
register: nuage_enterprise
# Checking if an Enterprise with the new name already exists
- name: Check if an Enterprise exists with the new name
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: Enterprise
command: find
properties:
name: "{{ enterprise_new_name }}-basic"
ignore_errors: yes
register: nuage_check_enterprise
# Updating an enterprise's name
- name: Update Enterprise name
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: Enterprise
id: "{{ nuage_enterprise.id }}"
state: present
properties:
name: "{{ enterprise_new_name }}-basic"
when: nuage_check_enterprise is failed
# Creating a User in an Enterprise
- name: Create admin user
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: User
parent_id: "{{ nuage_enterprise.id }}"
parent_type: Enterprise
state: present
match_filter: "userName == 'ansible-admin'"
properties:
email: "[email protected]"
first_name: "Ansible"
last_name: "Admin"
password: "ansible-password"
user_name: "ansible-admin"
register: nuage_user
# Updating password for User
- name: Update admin password
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: User
id: "{{ nuage_user.id }}"
command: change_password
properties:
password: "ansible-new-password"
ignore_errors: yes
# Finding a group in an enterprise
- name: Find Administrators group in Enterprise
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: Group
parent_id: "{{ nuage_enterprise.id }}"
parent_type: Enterprise
command: find
properties:
name: "Administrators"
register: nuage_group
# Assign the user to the group
- name: Assign admin user to administrators
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: User
id: "{{ nuage_user.id }}"
parent_id: "{{ nuage_group.id }}"
parent_type: Group
state: present
# Creating multiple DomainTemplates
- name: Create multiple DomainTemplates
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: DomainTemplate
parent_id: "{{ nuage_enterprise.id }}"
parent_type: Enterprise
state: present
properties:
name: "{{ item }}"
description: "Created by Ansible"
with_items:
- "Template-1"
- "Template-2"
# Finding all DomainTemplates
- name: Fetching all DomainTemplates
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: DomainTemplate
parent_id: "{{ nuage_enterprise.id }}"
parent_type: Enterprise
command: find
register: nuage_domain_templates
# Deleting all DomainTemplates
- name: Deleting all found DomainTemplates
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: DomainTemplate
state: absent
id: "{{ item.ID }}"
with_items: "{{ nuage_domain_templates.entities }}"
when: nuage_domain_templates.entities is defined
# Unassign user from group
- name: Unassign admin user to administrators
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: User
id: "{{ nuage_user.id }}"
parent_id: "{{ nuage_group.id }}"
parent_type: Group
state: absent
# Deleting an enterprise
- name: Delete Enterprise
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: Enterprise
id: "{{ nuage_enterprise.id }}"
state: absent
# Setup an enterprise with Children
- name: Setup Enterprise and domain structure
connection: local
nuage_vspk:
auth: "{{ nuage_auth }}"
type: Enterprise
state: present
properties:
name: "Child-based-Enterprise"
children:
- type: L2DomainTemplate
properties:
name: "Unmanaged-Template"
children:
- type: EgressACLTemplate
match_filter: "name == 'Allow All'"
properties:
name: "Allow All"
active: true
default_allow_ip: true
default_allow_non_ip: true
default_install_acl_implicit_rules: true
description: "Created by Ansible"
priority_type: "TOP"
- type: IngressACLTemplate
match_filter: "name == 'Allow All'"
properties:
name: "Allow All"
active: true
default_allow_ip: true
default_allow_non_ip: true
description: "Created by Ansible"
priority_type: "TOP"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
entities
list
|
On state=present and find, with only one element in case of state=present or find=one. |
A list of entities handled. Each element is the to_dict() of the entity.
Sample:
[{'ID': 'acabc435-3946-4117-a719-b8895a335830"', 'assocEntityType': 'DOMAIN', 'command': 'BEGIN_POLICY_CHANGES', 'creationDate': 1487515656000, 'entityScope': 'ENTERPRISE', 'externalID': None, 'lastUpdatedBy': '8a6f0e20-a4db-4878-ad84-9cc61756cd5e', 'lastUpdatedDate': 1487515656000, 'owner': '8a6f0e20-a4db-4878-ad84-9cc61756cd5e', 'parameters': None, 'parentID': 'a22fddb9-3da4-4945-bd2e-9d27fe3d62e0', 'parentType': 'domain', 'progress': 0.0, 'result': None, 'status': 'RUNNING'}]
|
id
string
|
On state=present and command=find in case one entity was found. |
The id of the entity that was found, created, updated or assigned.
Sample:
bae07d8d-d29c-4e2b-b6ba-621b4807a333
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]