__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = """
module: nxos_aaa_server
extends_documentation_fragment:
- cisco.nxos.nxos
short_description: Manages AAA server global configuration.
description:
- Manages AAA server global configuration
version_added: 1.0.0
author:
- Jason Edelman (@jedelman8)
notes:
- Tested against NXOSv 7.3.(0)D1(1) on VIRL
- Limited Support for Cisco MDS
- The server_type parameter is always required.
- If encrypt_type is not supplied, the global AAA server key will be stored as encrypted
(type 7).
- Changes to the global AAA server key with encrypt_type=0 are not idempotent.
- state=default will set the supplied parameters to their default values. The parameters
that you want to default must also be set to default. If global_key=default, the
global key will be removed.
options:
server_type:
description:
- The server type is either radius or tacacs.
required: true
choices:
- radius
- tacacs
type: str
global_key:
description:
- Global AAA shared secret or keyword 'default'.
type: str
encrypt_type:
description:
- The state of encryption applied to the entered global key. O clear text, 7 encrypted.
Type-6 encryption is not supported.
choices:
- '0'
- '7'
type: str
deadtime:
description:
- Duration for which a non-reachable AAA server is skipped, in minutes or keyword
'default. Range is 1-1440. Device default is 0.
type: str
server_timeout:
description:
- Global AAA server timeout period, in seconds or keyword 'default. Range is 1-60.
Device default is 5.
type: str
directed_request:
description:
- Enables direct authentication requests to AAA server or keyword 'default' Device
default is disabled.
choices:
- enabled
- disabled
- default
type: str
state:
description:
- Manage the state of the resource.
default: present
choices:
- present
- default
type: str
"""
EXAMPLES = """
# Radius Server Basic settings
- name: Radius Server Basic settings
cisco.nxos.nxos_aaa_server:
server_type: radius
server_timeout: 9
deadtime: 20
directed_request: enabled
# Tacacs Server Basic settings
- name: Tacacs Server Basic settings
cisco.nxos.nxos_aaa_server:
server_type: tacacs
server_timeout: 8
deadtime: 19
directed_request: disabled
# Setting Global Key
- name: AAA Server Global Key
cisco.nxos.nxos_aaa_server:
server_type: radius
global_key: test_key
"""
RETURN = """
commands:
description: command sent to the device
returned: always
type: list
sample: ["radius-server deadtime 22", "radius-server timeout 11",
"radius-server directed-request"]
"""
import re
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.nxos.plugins.module_utils.network.nxos.nxos import (
load_config,
run_commands,
)
PARAM_TO_DEFAULT_KEYMAP = {
"server_timeout": "5",
"deadtime": "0",
"directed_request": "disabled",
}
def execute_show_command(command, module):
command = {"command": command, "output": "text"}
return run_commands(module, command)
def flatten_list(command_lists):
flat_command_list = []
for command in command_lists:
if isinstance(command, list):
flat_command_list.extend(command)
else:
flat_command_list.append(command)
return flat_command_list
def get_aaa_server_info(server_type, module):
aaa_server_info = {}
server_command = "show {0}-server".format(server_type)
request_command = "show {0}-server directed-request".format(server_type)
global_key_command = "show run | sec {0}".format(server_type)
aaa_regex = r".*{0}-server\skey\s\d\s+(?P<key>\S+).*".format(server_type)
server_body = execute_show_command(server_command, module)[0]
split_server = server_body.splitlines()
for line in split_server:
if line.startswith("timeout"):
aaa_server_info["server_timeout"] = line.split(":")[1]
elif line.startswith("deadtime"):
aaa_server_info["deadtime"] = line.split(":")[1]
request_body = execute_show_command(request_command, module)[0]
if bool(request_body):
aaa_server_info["directed_request"] = request_body.replace("\n", "")
else:
aaa_server_info["directed_request"] = "disabled"
key_body = execute_show_command(global_key_command, module)[0]
try:
match_global_key = re.match(aaa_regex, key_body, re.DOTALL)
group_key = match_global_key.groupdict()
aaa_server_info["global_key"] = group_key["key"].replace('"', "")
except (AttributeError, TypeError):
aaa_server_info["global_key"] = None
return aaa_server_info
def config_aaa_server(params, server_type):
cmds = []
deadtime = params.get("deadtime")
server_timeout = params.get("server_timeout")
directed_request = params.get("directed_request")
encrypt_type = params.get("encrypt_type", "7")
global_key = params.get("global_key")
if deadtime is not None:
cmds.append("{0}-server deadtime {1}".format(server_type, deadtime))
if server_timeout is not None:
cmds.append("{0}-server timeout {1}".format(server_type, server_timeout))
if directed_request is not None:
if directed_request == "enabled":
cmds.append("{0}-server directed-request".format(server_type))
elif directed_request == "disabled":
cmds.append("no {0}-server directed-request".format(server_type))
if global_key is not None:
cmds.append("{0}-server key {1} {2}".format(server_type, encrypt_type, global_key))
return cmds
def default_aaa_server(existing, params, server_type):
cmds = []
deadtime = params.get("deadtime")
server_timeout = params.get("server_timeout")
directed_request = params.get("directed_request")
global_key = params.get("global_key")
existing_key = existing.get("global_key")
if deadtime is not None and existing.get("deadtime") != PARAM_TO_DEFAULT_KEYMAP["deadtime"]:
cmds.append("no {0}-server deadtime 1".format(server_type))
if (
server_timeout is not None
and existing.get("server_timeout") != PARAM_TO_DEFAULT_KEYMAP["server_timeout"]
):
cmds.append("no {0}-server timeout 1".format(server_type))
if (
directed_request is not None
and existing.get("directed_request") != PARAM_TO_DEFAULT_KEYMAP["directed_request"]
):
cmds.append("no {0}-server directed-request".format(server_type))
if global_key is not None and existing_key is not None:
cmds.append("no {0}-server key 7 {1}".format(server_type, existing_key))
return cmds
def main():
argument_spec = dict(
server_type=dict(type="str", choices=["radius", "tacacs"], required=True),
global_key=dict(type="str", no_log=True),
encrypt_type=dict(type="str", choices=["0", "7"]),
deadtime=dict(type="str"),
server_timeout=dict(type="str"),
directed_request=dict(type="str", choices=["enabled", "disabled", "default"]),
state=dict(choices=["default", "present"], default="present"),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
warnings = list()
results = {"changed": False, "commands": [], "warnings": warnings}
server_type = module.params["server_type"]
global_key = module.params["global_key"]
encrypt_type = module.params["encrypt_type"]
deadtime = module.params["deadtime"]
server_timeout = module.params["server_timeout"]
directed_request = module.params["directed_request"]
state = module.params["state"]
if encrypt_type and not global_key:
module.fail_json(msg="encrypt_type must be used with global_key.")
args = dict(
server_type=server_type,
global_key=global_key,
encrypt_type=encrypt_type,
deadtime=deadtime,
server_timeout=server_timeout,
directed_request=directed_request,
)
proposed = dict((k, v) for k, v in args.items() if v is not None)
existing = get_aaa_server_info(server_type, module)
commands = []
if state == "present":
if deadtime:
try:
if int(deadtime) < 0 or int(deadtime) > 1440:
raise ValueError
except ValueError:
module.fail_json(msg="deadtime must be an integer between 0 and 1440")
if server_timeout:
try:
if int(server_timeout) < 1 or int(server_timeout) > 60:
raise ValueError
except ValueError:
module.fail_json(msg="server_timeout must be an integer between 1 and 60")
delta = dict(set(proposed.items()).difference(existing.items()))
if delta:
command = config_aaa_server(delta, server_type)
if command:
commands.append(command)
elif state == "default":
for key, value in proposed.items():
if key != "server_type" and value != "default":
module.fail_json(msg='Parameters must be set to "default"' "when state=default")
command = default_aaa_server(existing, proposed, server_type)
if command:
commands.append(command)
cmds = flatten_list(commands)
if cmds:
results["changed"] = True
if not module.check_mode:
load_config(module, cmds)
if "configure" in cmds:
cmds.pop(0)
results["commands"] = cmds
module.exit_json(**results)
if __name__ == "__main__":
main()
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| storage | Folder | 0755 |
|
|
| __init__.py | File | 0 B | 0644 |
|
| nxos_aaa_server.py | File | 10.19 KB | 0644 |
|
| nxos_aaa_server_host.py | File | 10.92 KB | 0644 |
|
| nxos_acl_interfaces.py | File | 10.21 KB | 0644 |
|
| nxos_acls.py | File | 28.71 KB | 0644 |
|
| nxos_banner.py | File | 6.44 KB | 0644 |
|
| nxos_bfd_global.py | File | 9.08 KB | 0644 |
|
| nxos_bfd_interfaces.py | File | 6.84 KB | 0644 |
|
| nxos_bgp.py | File | 25.3 KB | 0644 |
|
| nxos_bgp_address_family.py | File | 30.41 KB | 0644 |
|
| nxos_bgp_af.py | File | 31.01 KB | 0644 |
|
| nxos_bgp_global.py | File | 48.43 KB | 0644 |
|
| nxos_bgp_neighbor.py | File | 18.79 KB | 0644 |
|
| nxos_bgp_neighbor_address_family.py | File | 33.62 KB | 0644 |
|
| nxos_bgp_neighbor_af.py | File | 26.84 KB | 0644 |
|
| nxos_command.py | File | 7.41 KB | 0644 |
|
| nxos_config.py | File | 22.51 KB | 0644 |
|
| nxos_devicealias.py | File | 18.33 KB | 0644 |
|
| nxos_evpn_global.py | File | 2.62 KB | 0644 |
|
| nxos_evpn_vni.py | File | 9.44 KB | 0644 |
|
| nxos_facts.py | File | 8.52 KB | 0644 |
|
| nxos_feature.py | File | 9.21 KB | 0644 |
|
| nxos_file_copy.py | File | 17.39 KB | 0644 |
|
| nxos_gir.py | File | 11.5 KB | 0644 |
|
| nxos_gir_profile_management.py | File | 5.84 KB | 0644 |
|
| nxos_hostname.py | File | 5.63 KB | 0644 |
|
| nxos_hsrp.py | File | 15.02 KB | 0644 |
|
| nxos_hsrp_interfaces.py | File | 6.16 KB | 0644 |
|
| nxos_igmp.py | File | 4.49 KB | 0644 |
|
| nxos_igmp_interface.py | File | 21.88 KB | 0644 |
|
| nxos_igmp_snooping.py | File | 9.72 KB | 0644 |
|
| nxos_install_os.py | File | 21.07 KB | 0644 |
|
| nxos_interfaces.py | File | 13.69 KB | 0644 |
|
| nxos_l2_interfaces.py | File | 12.05 KB | 0644 |
|
| nxos_l3_interfaces.py | File | 15.12 KB | 0644 |
|
| nxos_lacp.py | File | 6.39 KB | 0644 |
|
| nxos_lacp_interfaces.py | File | 9.13 KB | 0644 |
|
| nxos_lag_interfaces.py | File | 8.66 KB | 0644 |
|
| nxos_lldp_global.py | File | 8.68 KB | 0644 |
|
| nxos_lldp_interfaces.py | File | 6.21 KB | 0644 |
|
| nxos_logging.py | File | 27.52 KB | 0644 |
|
| nxos_logging_global.py | File | 21.08 KB | 0644 |
|
| nxos_ntp.py | File | 12.98 KB | 0644 |
|
| nxos_ntp_auth.py | File | 9.17 KB | 0644 |
|
| nxos_ntp_global.py | File | 19.63 KB | 0644 |
|
| nxos_ntp_options.py | File | 4.53 KB | 0644 |
|
| nxos_nxapi.py | File | 14.01 KB | 0644 |
|
| nxos_ospf_interfaces.py | File | 43.32 KB | 0644 |
|
| nxos_ospfv2.py | File | 62.64 KB | 0644 |
|
| nxos_ospfv3.py | File | 53.01 KB | 0644 |
|
| nxos_overlay_global.py | File | 5.64 KB | 0644 |
|
| nxos_pim.py | File | 6.15 KB | 0644 |
|
| nxos_pim_interface.py | File | 19.74 KB | 0644 |
|
| nxos_pim_rp_address.py | File | 7.61 KB | 0644 |
|
| nxos_ping.py | File | 7.05 KB | 0644 |
|
| nxos_prefix_lists.py | File | 26.39 KB | 0644 |
|
| nxos_reboot.py | File | 2.24 KB | 0644 |
|
| nxos_rollback.py | File | 3.51 KB | 0644 |
|
| nxos_route_maps.py | File | 57.7 KB | 0644 |
|
| nxos_rpm.py | File | 12.29 KB | 0644 |
|
| nxos_snapshot.py | File | 12.17 KB | 0644 |
|
| nxos_snmp_community.py | File | 6.6 KB | 0644 |
|
| nxos_snmp_contact.py | File | 3.81 KB | 0644 |
|
| nxos_snmp_host.py | File | 15.1 KB | 0644 |
|
| nxos_snmp_location.py | File | 3.91 KB | 0644 |
|
| nxos_snmp_server.py | File | 50.27 KB | 0644 |
|
| nxos_snmp_traps.py | File | 7.97 KB | 0644 |
|
| nxos_snmp_user.py | File | 12.34 KB | 0644 |
|
| nxos_static_routes.py | File | 20.79 KB | 0644 |
|
| nxos_system.py | File | 12.77 KB | 0644 |
|
| nxos_telemetry.py | File | 8.98 KB | 0644 |
|
| nxos_udld.py | File | 7.09 KB | 0644 |
|
| nxos_udld_interface.py | File | 8.51 KB | 0644 |
|
| nxos_user.py | File | 15.37 KB | 0644 |
|
| nxos_vlans.py | File | 10.6 KB | 0644 |
|
| nxos_vpc.py | File | 15.59 KB | 0644 |
|
| nxos_vpc_interface.py | File | 9.92 KB | 0644 |
|
| nxos_vrf.py | File | 19.78 KB | 0644 |
|
| nxos_vrf_af.py | File | 7.71 KB | 0644 |
|
| nxos_vrf_interface.py | File | 7.37 KB | 0644 |
|
| nxos_vrrp.py | File | 12 KB | 0644 |
|
| nxos_vsan.py | File | 10.8 KB | 0644 |
|
| nxos_vtp_domain.py | File | 5.73 KB | 0644 |
|
| nxos_vtp_password.py | File | 7.8 KB | 0644 |
|
| nxos_vtp_version.py | File | 5.54 KB | 0644 |
|
| nxos_vxlan_vtep.py | File | 16.86 KB | 0644 |
|
| nxos_vxlan_vtep_vni.py | File | 15.7 KB | 0644 |
|
| nxos_zone_zoneset.py | File | 33.96 KB | 0644 |
|