diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 000000000..8d9bb70b8 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,5 @@ +--- +profile: production + +exclude_paths: + - changelogs/changelog.yaml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 000000000..853e4b69c --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,12 @@ +--- +name: ansible-lint +on: # yamllint disable-line rule:truthy + pull_request: + branches: ["main"] +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index af56f4f0a..0fb4cc0cf 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,8 +14,6 @@ on: # yamllint disable-line rule:truthy jobs: - ansible-lint: - uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main changelog: uses: ansible-network/github_actions/.github/workflows/changelog.yml@main if: github.event_name != 'schedule' @@ -32,7 +30,6 @@ jobs: all_green: if: ${{ always() && (github.event_name != 'schedule') }} needs: - - ansible-lint - changelog - sanity - unit-galaxy @@ -40,10 +37,10 @@ jobs: runs-on: ubuntu-latest steps: - run: >- - python -c "assert set([ - '${{ needs.ansible-lint.result }}', + python -c "assert 'failure' not in + set([ '${{ needs.changelog.result }}', '${{ needs.sanity.result }}', '${{ needs.unit-galaxy.result }}', '${{ needs.unit-source.result }}' - ]) == {'success', 'skipped'}" + ])" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ba23076fb..11737c939 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -18,12 +18,12 @@ repos: - id: trailing-whitespace - repo: https://github.com/asottile/add-trailing-comma - rev: v3.0.0 + rev: v3.0.1 hooks: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v3.0.0-alpha.9-for-vscode" + rev: "v3.0.2" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" @@ -41,6 +41,6 @@ repos: args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 23.3.0 + rev: 23.7.0 hooks: - id: black diff --git a/README.md b/README.md index 18c333bd9..ac061831b 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This collection has been tested against Cisco IOS XE Version 17.3 on CML. ## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.9.10**. +This collection has been tested against following Ansible versions: **>=2.13.11**. For collections that support Ansible 2.9, please ensure you update your `network_os` to use the fully qualified collection name (for example, `cisco.ios.ios`). diff --git a/changelogs/fragments/bgp_address_family_bug.yml b/changelogs/fragments/bgp_address_family_bug.yml new file mode 100644 index 000000000..bcdeb379e --- /dev/null +++ b/changelogs/fragments/bgp_address_family_bug.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - bgp_address_family - fix deleted string with int concat issue in bgp_address_family. diff --git a/changelogs/fragments/bug_ios_service-private_config_encryption.yml b/changelogs/fragments/bug_ios_service-private_config_encryption.yml new file mode 100644 index 000000000..df10e2e3a --- /dev/null +++ b/changelogs/fragments/bug_ios_service-private_config_encryption.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - ios_service - Put condition to add `private_config_encryption` in default services diff --git a/changelogs/fragments/fix_prefix_list_docs.yaml b/changelogs/fragments/fix_prefix_list_docs.yaml new file mode 100644 index 000000000..90ba28164 --- /dev/null +++ b/changelogs/fragments/fix_prefix_list_docs.yaml @@ -0,0 +1,3 @@ +--- +doc_changes: + - Fix prefix_lists docs. diff --git a/changelogs/fragments/ios_acls.yaml b/changelogs/fragments/ios_acls.yaml new file mode 100644 index 000000000..aa43f3c3d --- /dev/null +++ b/changelogs/fragments/ios_acls.yaml @@ -0,0 +1,3 @@ +--- +doc_changes: + - "ios_acls - update examples and use YAML output in them for better readibility." diff --git a/changelogs/fragments/ios_acls_fix.yaml b/changelogs/fragments/ios_acls_fix.yaml new file mode 100644 index 000000000..112c0347e --- /dev/null +++ b/changelogs/fragments/ios_acls_fix.yaml @@ -0,0 +1,6 @@ +--- +doc_changes: + - "ios_command - Fix formatting of examples." +bugfixes: + - "ios_acls - Fix standard acls rendering." + - "ios_acls - Fix protocol_options rendering corrects processing of overridden/ replaced state." diff --git a/changelogs/fragments/ios_snmp_user.yml b/changelogs/fragments/ios_snmp_user.yml new file mode 100644 index 000000000..3f8e1150c --- /dev/null +++ b/changelogs/fragments/ios_snmp_user.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - ios_snmp_user - update the user part to compare correctly the auth and privacy parts. diff --git a/changelogs/fragments/prefix_list_fix.yaml b/changelogs/fragments/prefix_list_fix.yaml new file mode 100644 index 000000000..71d265a83 --- /dev/null +++ b/changelogs/fragments/prefix_list_fix.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - ios_prefix_lists - fix deleted state to remove exisiting prefix lists from configuration. diff --git a/changelogs/fragments/stderr_re_fix.yaml b/changelogs/fragments/stderr_re_fix.yaml new file mode 100644 index 000000000..cad0d7a19 --- /dev/null +++ b/changelogs/fragments/stderr_re_fix.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - The regex looking for errors in the terminal output was matching anything with '\S+ Error:'. Caused issues with 'show runnning-config' if this string appeared in the output. Updated the regex to require the % anchor. diff --git a/changelogs/fragments/update_ospf_docs.yaml b/changelogs/fragments/update_ospf_docs.yaml new file mode 100644 index 000000000..b05419bf7 --- /dev/null +++ b/changelogs/fragments/update_ospf_docs.yaml @@ -0,0 +1,5 @@ +--- +doc_changes: + - Update examples for ospfv2 + - Update examples for ospfv3 + - Update examples for ospf_interfaces diff --git a/docs/cisco.ios.ios_acls_module.rst b/docs/cisco.ios.ios_acls_module.rst index e0b61c7ed..fc99fbcd7 100644 --- a/docs/cisco.ios.ios_acls_module.rst +++ b/docs/cisco.ios.ios_acls_module.rst @@ -3910,34 +3910,7 @@ Examples # Before state: # ------------- # - # vios#sh access-lists - # Extended IP access list 100 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 - - - name: Merge provided configuration with device configuration - cisco.ios.ios_acls: - config: - - afi: ipv4 - acls: - - name: 100 - aces: - - sequence: 10 - protocol_options: - icmp: - traceroute: true - state: merged - - # After state: - # ------------ - # - # Play Execution fails, with error: - # Cannot update existing sequence 10 of ACLs 100 with state merged. - # Please use state replaced or overridden. - - # Before state: - # ------------- - # - # vios#sh access-lists + # vios#show access-lists # Extended IP access list 110 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 @@ -3962,6 +3935,12 @@ Examples protocol_options: icmp: traceroute: true + source: + address: 192.168.3.0 + wildcard_bits: 255.255.255.0 + destination: + any: True + grant: permit - grant: deny protocol_options: tcp: @@ -3972,7 +3951,7 @@ Examples host: 198.51.110.0 port_protocol: eq: telnet - - name: test + - name: extended_acl_1 acl_type: extended aces: - grant: deny @@ -4044,29 +4023,187 @@ Examples dscp: af11 state: merged - # Commands fired: - # --------------- + # Task Output + # ----------- + # + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # echo: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '100' + # afi: ipv4 + # commands: + # - ip access-list extended 110 + # - deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # - 30 permit icmp 192.168.3.0 255.255.255.0 any traceroute + # - ip access-list extended extended_acl_1 + # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 + # - ip access-list standard std_acl + # - deny 192.168.1.20 + # - deny 192.168.2.0 0.0.0.255 + # - ip access-list extended 123 + # - deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # - deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # - remark remarks for extended ACL 1 + # - remark check ACL + # - ipv6 access-list R1_TRAFFIC + # - deny tcp any eq www any eq telnet ack dscp af11 # - # - ip access-list standard std_acl - # - deny 192.168.1.200 - # - deny 192.168.2.0 0.0.0.255 - # - ip access-list extended 110 - # - 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # - deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # - ip access-list extended test - # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # - ip access-list extended 123 - # - deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # - deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # - remark remarks for extended ACL 1 - # - remark check ACL - # - ipv6 access-list R1_TRAFFIC - # - deny tcp any eq www any eq telnet ack dscp af11 + # after: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # echo: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # - destination: + # any: true + # grant: permit + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 30 + # source: + # address: 0.0.0.0 + # wildcard_bits: 255.255.255.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # - remarks: + # - remarks for extended ACL 1 + # - check ACL + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: extended_acl_1 + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.20 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 # After state: # ------------ # - # vios#sh access-lists + # vios#show access-lists # Standard IP access list std_acl # 10 deny 192.168.1.200 # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 @@ -4083,25 +4220,63 @@ Examples # IPv6 access list R1_TRAFFIC # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # vios#show running-config | include ip(v6)* access-list|remark + # ip access-list standard std_acl + # ip access-list extended extended_acl_1 + # ip access-list extended 110 + # ip access-list extended 123 + # remark remarks for extended ACL 1 + # remark check ACL + # ipv6 access-list R1_TRAFFIC + + # Using merged (update existing ACE - will fail) + + # Before state: + # ------------- + # + # vios#show access-lists + # Extended IP access list 100 + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 + + - name: Merge provided configuration with device configuration + cisco.ios.ios_acls: + config: + - afi: ipv4 + acls: + - name: 100 + aces: + - sequence: 10 + protocol_options: + icmp: + traceroute: true + state: merged + + # After state: + # ------------ + # + # Play Execution fails, with error: + # Cannot update existing sequence 10 of ACLs 100 with state merged. + # Please use state replaced or overridden. + # Using replaced # Before state: # ------------- # - # vios#sh access-lists + # vios#show access-lists # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # Extended IP access list R1_TRAFFIC + # 10 deny tcp any eq www any eq telnet ack dscp af11 # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: Replaces device configuration of listed acls with provided configuration cisco.ios.ios_acls: @@ -4147,14 +4322,270 @@ Examples eq: 10 state: replaced - # Commands fired: - # --------------- + # Task Output + # ----------- + # + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # acl_type: extended + # name: R1_TRAFFIC + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 # - # - no ip access-list extended 110 - # - ip access-list extended 110 - # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 - # - ip access-list extended 150 - # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # commands: + # - ip access-list extended 110 + # - no 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # - no 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 + # - ip access-list extended 150 + # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # + # after: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # syn: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # address: 198.51.110.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # syn: true + # sequence: 20 + # source: + # address: 198.51.100.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '150' + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # acl_type: extended + # name: R1_TRAFFIC + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 # After state: # ------------- @@ -4182,18 +4613,18 @@ Examples # # vios#sh access-lists # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # Extended IP access list R1_TRAFFIC + # 10 deny tcp any eq www any eq telnet ack dscp af11 # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: Override device configuration of all acls with provided configuration cisco.ios.ios_acls: @@ -4242,73 +4673,394 @@ Examples eq: 10 state: overridden - # Commands fired: - # --------------- + # Task Output + # ----------- # - # - no ip access-list standard std_acl - # - no ip access-list extended 110 - # - no ip access-list extended 123 - # - no ip access-list extended 150 - # - no ip access-list extended test - # - no ipv6 access-list R1_TRAFFIC - # - ip access-list extended 150 - # - 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 - # - ip access-list extended 110 - # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # acl_type: extended + # name: R1_TRAFFIC + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # + # commands: + # - ip access-list extended 110 + # - no 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # - no 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 + # - ip access-list extended 150 + # - 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # - no ip access-list extended 123 + # - no ip access-list extended R1_TRAFFIC + # - no ip access-list standard std_acl + # - no ip access-list extended test + # + # after: + # - acls: + # - aces: + # - destination: + # address: 198.51.110.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 198.51.100.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.110.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # syn: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '150' + # afi: ipv4 # After state: # ------------- # - # vios#sh access-lists + # vios#show access-lists # Extended IP access list 110 - # 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 + # 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 # Extended IP access list 150 - # 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + - # Using Deleted + # Using deleted - delete ACL(s) # Before state: # ------------- # # vios#sh access-lists # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # Extended IP access list extended_acl_1 + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: "Delete ACLs (Note: This won't delete the all configured ACLs)" cisco.ios.ios_acls: config: - afi: ipv4 acls: - - name: test + - name: extended_acl_1 acl_type: extended - name: 110 - - afi: ipv6 - acls: - - name: R1_TRAFFIC state: deleted - # Commands fired: - # --------------- + # Task Output + # ----------- + # + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: extended_acl_1 + # afi: ipv4 # - # - no ip access-list extended test - # - no ip access-list extended 110 - # - no ipv6 access-list R1_TRAFFIC + # commands: + # - no ip access-list extended 110 + # - no ip access-list extended extended_acl_1 + # + # after: + # - acls: + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # afi: ipv4 # After state: # ------------- # - # vios#sh access-lists + # vios#show access-lists # Standard IP access list std_acl # 10 deny 192.168.1.200 # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 @@ -4316,23 +5068,25 @@ Examples # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # Using deleted - delete ACLs based on AFI + # Before state: # ------------- # - # vios#sh access-lists + # vios#show access-lists # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 - name: "Delete ACLs based on AFI (Note: This won't delete the all configured ACLs)" cisco.ios.ios_acls: @@ -4340,63 +5094,331 @@ Examples - afi: ipv4 state: deleted - # Commands fired: - # --------------- + # Task Output + # ----------- + # + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 + # + # commands: + # - no ip access-list extended 110 + # - no ip access-list extended 123 + # - no ip access-list standard std_acl + # - no ip access-list extended test # - # - no ip access-list standard std_acl - # - no ip access-list extended test - # - no ip access-list extended 110 - # - no ip access-list extended 123 + # after: + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 # After state: # ------------- # - # vios#sh access-lists + # vios#show access-lists # IPv6 access list R1_TRAFFIC # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 - # Using Deleted without any config passed - #"(NOTE: This will delete all of configured ACLs)" + + # Using deleted - delete all ACLs # Before state: # ------------- # # vios#sh access-lists # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 - - name: - "Delete ALL of configured ACLs (Note: This WILL delete the all configured - ACLs)" + - name: Delete ALL of configured ACLs cisco.ios.ios_acls: state: deleted - # Commands fired: - # --------------- + # Task Output + # ----------- + # + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 + # + # commands: + # - no ip access-list extended test + # - no ip access-list extended 110 + # - no ip access-list extended 123 + # - no ip access-list extended test + # - no ipv6 access-list R1_TRAFFIC # - # - no ip access-list extended test - # - no ip access-list extended 110 - # - no ip access-list extended 123 - # - no ip access-list extended test - # - no ipv6 access-list R1_TRAFFIC + # after: [] # After state: # ------------- # - # vios#sh access-lists + # vios#show access-lists + - # Using Gathered + # Using gathered # Before state: # ------------- @@ -4416,169 +5438,138 @@ Examples # IPv6 access list R1_TRAFFIC # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 - - name: Gather listed acls with provided configurations + - name: Gather ACLs configuration from target device cisco.ios.ios_acls: - config: state: gathered # Module Execution Result: # ------------------------ # - # "gathered": [ - # { - # "acls": [ - # { - # "aces": [ - # { - # "destination": { - # "address": "192.0.3.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "dscp": "ef", - # "grant": "deny", - # "protocol_options": { - # "icmp": { - # "echo": true - # } - # }, - # "sequence": 10, - # "source": { - # "address": "192.0.2.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "ttl": { - # "eq": 10 - # } - # } - # ], - # "acl_type": "extended", - # "name": "110" - # }, - # { - # "aces": [ - # { - # "destination": { - # "address": "198.51.101.0", - # "port_protocol": { - # "eq": "telnet" - # }, - # "wildcard_bits": "0.0.0.255" - # }, - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "sequence": 10, - # "source": { - # "address": "198.51.100.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "tos": { - # "service_value": 12 - # } - # }, - # { - # "destination": { - # "address": "192.0.4.0", - # "port_protocol": { - # "eq": "www" - # }, - # "wildcard_bits": "0.0.0.255" - # }, - # "dscp": "ef", - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "sequence": 20, - # "source": { - # "address": "192.0.3.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "ttl": { - # "lt": 20 - # } - # } - # ], - # "acl_type": "extended", - # "name": "123" - # }, - # { - # "aces": [ - # { - # "destination": { - # "address": "192.0.3.0", - # "port_protocol": { - # "eq": "www" - # }, - # "wildcard_bits": "0.0.0.255" - # }, - # "grant": "deny", - # "option": { - # "traceroute": true - # }, - # "protocol_options": { - # "tcp": { - # "fin": true - # } - # }, - # "sequence": 10, - # "source": { - # "address": "192.0.2.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "ttl": { - # "eq": 10 - # } - # } - # ], - # "acl_type": "extended", - # "name": "test_acl" - # } - # ], - # "afi": "ipv4" - # }, - # { - # "acls": [ - # { - # "aces": [ - # { - # "destination": { - # "any": true, - # "port_protocol": { - # "eq": "telnet" - # } - # }, - # "dscp": "af11", - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "sequence": 10, - # "source": { - # "any": true, - # "port_protocol": { - # "eq": "www" - # } - # } - # } - # ], - # "name": "R1_TRAFFIC" - # } - # ], - # "afi": "ipv6" - # } - # ] + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 - # Using Rendered + # Using rendered - - name: Rendered the provided configuration with the existing running configuration + - name: Render the provided configuration into platform specific configuration lines cisco.ios.ios_acls: config: - afi: ipv4 @@ -4625,12 +5616,12 @@ Examples # Module Execution Result: # ------------------------ # - # "rendered": [ - # "ip access-list extended 110", - # "10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10", - # "ip access-list extended 150", - # "deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10" - # ] + # rendered: + # - ip access-list extended 110 + # - 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 + # - ip access-list extended 150 + # - deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # # Using Parsed @@ -4648,39 +5639,26 @@ Examples # Module Execution Result: # ------------------------ # - # "parsed": [ - # { - # "acls": [ - # { - # "aces": [ - # { - # "destination": { - # "any": true, - # "port_protocol": { - # "eq": "telnet" - # } - # }, - # "dscp": "af11", - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "source": { - # "any": true, - # "port_protocol": { - # "eq": "www" - # } - # } - # } - # ], - # "name": "R1_TRAFFIC" - # } - # ], - # "afi": "ipv6" - # } - # ] + # parsed: + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 diff --git a/docs/cisco.ios.ios_bgp_global_module.rst b/docs/cisco.ios.ios_bgp_global_module.rst index ae5309ec0..ad461f776 100644 --- a/docs/cisco.ios.ios_bgp_global_module.rst +++ b/docs/cisco.ios.ios_bgp_global_module.rst @@ -9664,6 +9664,7 @@ Examples # networks: # - address: 192.0.2.2 # - address: 192.0.2.3 + # # commands: # - router bgp 65000 # - no bgp bestpath compare-routerid diff --git a/docs/cisco.ios.ios_command_module.rst b/docs/cisco.ios.ios_command_module.rst index 305641a9a..51437902e 100644 --- a/docs/cisco.ios.ios_command_module.rst +++ b/docs/cisco.ios.ios_command_module.rst @@ -141,7 +141,7 @@ Examples - name: Run show version on remote devices cisco.ios.ios_command: - commands: show version' + commands: show version # output- diff --git a/docs/cisco.ios.ios_ospf_interfaces_module.rst b/docs/cisco.ios.ios_ospf_interfaces_module.rst index 1c19bef92..e780288c0 100644 --- a/docs/cisco.ios.ios_ospf_interfaces_module.rst +++ b/docs/cisco.ios.ios_ospf_interfaces_module.rst @@ -1529,19 +1529,60 @@ Examples - name: GigabitEthernet0/1 state: deleted - # Commands Fired: - # --------------- - # - # "commands": [ - # "interface GigabitEthernet0/1", - # "no ipv6 ospf 55 area 105", - # "no ipv6 ospf adjacency stagger disable", - # "no ipv6 ospf priority 20", - # "no ipv6 ospf transmit-delay 30" - # ] + # Task Output: + # ------------ + # before: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv6 + # priority: 20 + # process: + # area_id: '105' + # id: 55 + # transmit_delay: 30 + # name: GigabitEthernet0/1 + # - address_family: + # - adjacency: true + # afi: ipv4 + # cost: + # interface_cost: 30 + # priority: 40 + # process: + # area_id: '20' + # id: 10 + # ttl_security: + # hops: 50 + # set: true + # name: GigabitEthernet0/2 + # + # commands: + # - interface GigabitEthernet0/1 + # - no ipv6 ospf 55 area 105 + # - no ipv6 ospf adjacency stagger disable + # - no ipv6 ospf priority 20 + # - no ipv6 ospf transmit-delay 30 + # + # after: + # - name: GigabitEthernet0/0 + # - name: GigabitEthernet0/1 + # - address_family: + # - adjacency: true + # afi: ipv4 + # cost: + # interface_cost: 30 + # priority: 40 + # process: + # area_id: '20' + # id: 10 + # ttl_security: + # hops: 50 + # set: true + # name: GigabitEthernet0/2 + # # After state: - # ------------- + # ------------ # router-ios#sh running-config | section ^interface # interface GigabitEthernet0/0 # interface GigabitEthernet0/1 @@ -1575,22 +1616,51 @@ Examples cisco.ios.ios_ospf_interfaces: state: deleted - # Commands Fired: - # --------------- + # Task Output: + # ------------ + + # before: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv6 + # priority: 20 + # process: + # area_id: '105' + # id: 55 + # transmit_delay: 30 + # name: GigabitEthernet0/1 + # - address_family: + # - adjacency: true + # afi: ipv4 + # cost: + # interface_cost: 30 + # priority: 40 + # process: + # area_id: '20' + # id: 10 + # ttl_security: + # hops: 50 + # set: true + # name: GigabitEthernet0/2 + # + # commands: + # - interface GigabitEthernet0/2 + # - no ip ospf 10 area 20 + # - no ip ospf adjacency stagger disable + # - no ip ospf cost 30 + # - no ip ospf priority 40 + # - no ip ospf ttl-security hops 50 + # - interface GigabitEthernet0/1 + # - no ipv6 ospf 55 area 105 + # - no ipv6 ospf adjacency stagger disable + # - no ipv6 ospf priority 20 + # - no ipv6 ospf transmit-delay 30 # - # "commands": [ - # "interface GigabitEthernet0/2", - # "no ip ospf 10 area 20", - # "no ip ospf adjacency stagger disable", - # "no ip ospf cost 30", - # "no ip ospf priority 40", - # "no ip ospf ttl-security hops 50", - # "interface GigabitEthernet0/1", - # "no ipv6 ospf 55 area 105", - # "no ipv6 ospf adjacency stagger disable", - # "no ipv6 ospf priority 20", - # "no ipv6 ospf transmit-delay 30" - # ] + # after: + # - name: GigabitEthernet0/0 + # - name: GigabitEthernet0/1 + # - name: GigabitEthernet0/2 # After state: # ------------- @@ -1644,29 +1714,67 @@ Examples transmit_delay: 45 state: merged - # Commands Fired: - # --------------- + # Task Output: + # ------------ + # before: [] + # + # commands: + # - interface GigabitEthernet0/1 + # - ip ospf 10 area 30 + # - ip ospf adjacency stagger disable + # - ip ospf bfd + # - ip ospf cost 5 + # - ip ospf dead-interval 5 + # - ip ospf demand-circuit ignore + # - ip ospf network broadcast + # - ip ospf priority 25 + # - ip ospf resync-timeout 10 + # - ip ospf shutdown + # - ip ospf ttl-security hops 50 + # - ipv6 ospf 35 area 45 + # - ipv6 ospf adjacency stagger disable + # - ipv6 ospf database-filter all out + # - ipv6 ospf manet peering link-metrics 10 + # - ipv6 ospf priority 55 + # - ipv6 ospf transmit-delay 45 # - # "commands": [ - # "interface GigabitEthernet0/1", - # "ip ospf 10 area 30", - # "ip ospf adjacency stagger disable", - # "ip ospf bfd", - # "ip ospf cost 5", - # "ip ospf dead-interval 5", - # "ip ospf demand-circuit ignore", - # "ip ospf network broadcast", - # "ip ospf priority 25", - # "ip ospf resync-timeout 10", - # "ip ospf shutdown", - # "ip ospf ttl-security hops 50", - # "ipv6 ospf 35 area 45", - # "ipv6 ospf adjacency stagger disable", - # "ipv6 ospf database-filter all out", - # "ipv6 ospf manet peering link-metrics 10", - # "ipv6 ospf priority 55", - # "ipv6 ospf transmit-delay 45" - # ] + # after: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv4 + # bfd: true + # cost: + # interface_cost: 5 + # dead_interval: + # time: 5 + # demand_circuit: + # enable: true + # ignore: true + # network: + # broadcast: true + # priority: 25 + # process: + # area_id: '30' + # id: 10 + # resync_timeout: 10 + # shutdown: true + # ttl_security: + # hops: 50 + # set: true + # - adjacency: true + # afi: ipv6 + # database_filter: true + # manet: + # link_metrics: + # cost_threshold: 10 + # priority: 55 + # process: + # area_id: '45' + # id: 35 + # transmit_delay: 45 + # name: GigabitEthernet0/1 + # - name: GigabitEthernet0/2 # After state: # ------------- @@ -1720,7 +1828,7 @@ Examples # ipv6 ospf manet peering link-metrics 10 # interface GigabitEthernet0/2 - - name: Override provided OSPF Interfaces configuration + - name: Override running config with provided OSPF Interfaces configuration cisco.ios.ios_ospf_interfaces: config: - name: GigabitEthernet0/1 @@ -1746,35 +1854,97 @@ Examples hops: 50 state: overridden - # Commands Fired: - # --------------- + # Task Output: + # ------------ + # + # before: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv4 + # bfd: true + # cost: + # interface_cost: 5 + # dead_interval: + # time: 5 + # demand_circuit: + # enable: true + # ignore: true + # network: + # broadcast: true + # priority: 25 + # process: + # area_id: '30' + # id: 10 + # resync_timeout: 10 + # shutdown: true + # ttl_security: + # hops: 50 + # set: true + # - adjacency: true + # afi: ipv6 + # database_filter: true + # manet: + # link_metrics: + # cost_threshold: 10 + # priority: 55 + # process: + # area_id: '45' + # id: 35 + # transmit_delay: 45 + # name: GigabitEthernet0/1 + # - name: GigabitEthernet0/2 + # + # commands: + # - interface GigabitEthernet0/2 + # - ip ospf 10 area 20 + # - ip ospf adjacency stagger disable + # - ip ospf cost 30 + # - ip ospf priority 40 + # - ip ospf ttl-security hops 50 + # - interface GigabitEthernet0/1 + # - ipv6 ospf 55 area 105 + # - no ipv6 ospf database-filter all out + # - no ipv6 ospf manet peering link-metrics 10 + # - ipv6 ospf priority 20 + # - ipv6 ospf transmit-delay 30 + # - no ip ospf 10 area 30 + # - no ip ospf adjacency stagger disable + # - no ip ospf bfd + # - no ip ospf cost 5 + # - no ip ospf dead-interval 5 + # - no ip ospf demand-circuit ignore + # - no ip ospf network broadcast + # - no ip ospf priority 25 + # - no ip ospf resync-timeout 10 + # - no ip ospf shutdown + # - no ip ospf ttl-security hops 50 + # + # parsed: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv6 + # priority: 20 + # process: + # area_id: '105' + # id: 55 + # transmit_delay: 30 + # name: GigabitEthernet0/1 + # - address_family: + # - adjacency: true + # afi: ipv4 + # cost: + # interface_cost: 30 + # priority: 40 + # process: + # area_id: '20' + # id: 10 + # ttl_security: + # hops: 50 + # set: true + # name: GigabitEthernet0/2 # - # "commands": [ - # "interface GigabitEthernet0/2", - # "ip ospf 10 area 20", - # "ip ospf adjacency stagger disable", - # "ip ospf cost 30", - # "ip ospf priority 40", - # "ip ospf ttl-security hops 50", - # "interface GigabitEthernet0/1", - # "ipv6 ospf 55 area 105", - # "no ipv6 ospf database-filter all out", - # "no ipv6 ospf manet peering link-metrics 10", - # "ipv6 ospf priority 20", - # "ipv6 ospf transmit-delay 30", - # "no ip ospf 10 area 30", - # "no ip ospf adjacency stagger disable", - # "no ip ospf bfd", - # "no ip ospf cost 5", - # "no ip ospf dead-interval 5", - # "no ip ospf demand-circuit ignore", - # "no ip ospf network broadcast", - # "no ip ospf priority 25", - # "no ip ospf resync-timeout 10", - # "no ip ospf shutdown", - # "no ip ospf ttl-security hops 50" - # ] - # After state: # ------------- # @@ -1833,18 +2003,102 @@ Examples transmit_delay: 30 state: replaced - # Commands Fired: - # --------------- - # "commands": [ - # "interface GigabitEthernet0/2", - # "ipv6 ospf 55 area 105", - # "ipv6 ospf adjacency stagger disable", - # "ipv6 ospf priority 20", - # "ipv6 ospf transmit-delay 30" - # ] + # Task Output: + # ------------ + # + # before: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv4 + # bfd: true + # cost: + # interface_cost: 5 + # dead_interval: + # time: 5 + # demand_circuit: + # enable: true + # ignore: true + # network: + # broadcast: true + # priority: 25 + # process: + # area_id: '30' + # id: 10 + # resync_timeout: 10 + # shutdown: true + # ttl_security: + # hops: 50 + # set: true + # - adjacency: true + # afi: ipv6 + # database_filter: true + # manet: + # link_metrics: + # cost_threshold: 10 + # priority: 55 + # process: + # area_id: '45' + # id: 35 + # transmit_delay: 45 + # name: GigabitEthernet0/1 + # - name: GigabitEthernet0/2 + # + # commands: + # - interface GigabitEthernet0/2 + # - ipv6 ospf 55 area 105 + # - ipv6 ospf adjacency stagger disable + # - ipv6 ospf priority 20 + # - ipv6 ospf transmit-delay 30 + # + # after: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv4 + # bfd: true + # cost: + # interface_cost: 5 + # dead_interval: + # time: 5 + # demand_circuit: + # enable: true + # ignore: true + # network: + # broadcast: true + # priority: 25 + # process: + # area_id: '30' + # id: 10 + # resync_timeout: 10 + # shutdown: true + # ttl_security: + # hops: 50 + # set: true + # - adjacency: true + # afi: ipv6 + # database_filter: true + # manet: + # link_metrics: + # cost_threshold: 10 + # priority: 55 + # process: + # area_id: '45' + # id: 35 + # transmit_delay: 45 + # name: GigabitEthernet0/1 + # - address_family: + # - adjacency: true + # afi: ipv6 + # priority: 20 + # process: + # area_id: '105' + # id: 55 + # transmit_delay: 30 + # name: GigabitEthernet0/2 # After state: - # ------------- + # ------------ # router-ios#sh running-config | section ^interface # interface GigabitEthernet0/0 # interface GigabitEthernet0/1 @@ -1903,65 +2157,46 @@ Examples config: state: gathered - # Module Execution Result: - # ------------------------ + # Task Output: + # ------------ # - # "gathered": [ - # { - # "name": "GigabitEthernet0/2" - # }, - # { - # "address_family": [ - # { - # "adjacency": true, - # "afi": "ipv4", - # "bfd": true, - # "cost": { - # "interface_cost": 5 - # }, - # "dead_interval": { - # "time": 5 - # }, - # "demand_circuit": { - # "ignore": true - # }, - # "network": { - # "broadcast": true - # }, - # "priority": 25, - # "process": { - # "area_id": "30", - # "id": 10 - # }, - # "resync_timeout": 10, - # "shutdown": true, - # "ttl_security": { - # "hops": 50 - # } - # }, - # { - # "adjacency": true, - # "afi": "ipv6", - # "database_filter": true, - # "manet": { - # "link_metrics": { - # "cost_threshold": 10 - # } - # }, - # "priority": 55, - # "process": { - # "area_id": "45", - # "id": 35 - # }, - # "transmit_delay": 45 - # } - # ], - # "name": "GigabitEthernet0/1" - # }, - # { - # "name": "GigabitEthernet0/0" - # } - # ] + # gathered: + # - name: GigabitEthernet0/0 + # - address_family: + # - adjacency: true + # afi: ipv4 + # bfd: true + # cost: + # interface_cost: 5 + # dead_interval: + # time: 5 + # demand_circuit: + # enable: true + # ignore: true + # network: + # broadcast: true + # priority: 25 + # process: + # area_id: '30' + # id: 10 + # resync_timeout: 10 + # shutdown: true + # ttl_security: + # hops: 50 + # set: true + # - adjacency: true + # afi: ipv6 + # database_filter: true + # manet: + # link_metrics: + # cost_threshold: 10 + # priority: 55 + # process: + # area_id: '45' + # id: 35 + # transmit_delay: 45 + # name: GigabitEthernet0/1 + # - name: GigabitEthernet0/2 # After state: # ------------ @@ -2027,29 +2262,29 @@ Examples transmit_delay: 45 state: rendered - # Module Execution Result: - # ------------------------ + # Task Output: + # ------------ + # + # rendered: + # - interface GigabitEthernet0/1 + # - ip ospf 10 area 30 + # - ip ospf adjacency stagger disable + # - ip ospf bfd + # - ip ospf cost 5 + # - ip ospf dead-interval 5 + # - ip ospf demand-circuit ignore + # - ip ospf network broadcast + # - ip ospf priority 25 + # - ip ospf resync-timeout 10 + # - ip ospf shutdown + # - ip ospf ttl-security hops 50 + # - ipv6 ospf 35 area 45 + # - ipv6 ospf adjacency stagger disable + # - ipv6 ospf database-filter all out + # - ipv6 ospf manet peering link-metrics 10 + # - ipv6 ospf priority 55 + # - ipv6 ospf transmit-delay 45 # - # "rendered": [ - # "interface GigabitEthernet0/1", - # "ip ospf 10 area 30", - # "ip ospf adjacency stagger disable", - # "ip ospf bfd", - # "ip ospf cost 5", - # "ip ospf dead-interval 5", - # "ip ospf demand-circuit ignore", - # "ip ospf network broadcast", - # "ip ospf priority 25", - # "ip ospf resync-timeout 10", - # "ip ospf shutdown", - # "ip ospf ttl-security hops 50", - # "ipv6 ospf 35 area 45", - # "ipv6 ospf adjacency stagger disable", - # "ipv6 ospf database-filter all out", - # "ipv6 ospf manet peering link-metrics 10", - # "ipv6 ospf priority 55", - # "ipv6 ospf transmit-delay 45" - # ] # Using Parsed @@ -2082,66 +2317,46 @@ Examples running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed - # Module Execution Result: - # ------------------------ + # Task Output: + # ------------ # - # "parsed": [ - # }, - # { - # "name": "GigabitEthernet0/2" - # }, - # { - # "address_family": [ - # { - # "adjacency": true, - # "afi": "ipv4", - # "bfd": true, - # "cost": { - # "interface_cost": 5 - # }, - # "dead_interval": { - # "time": 5 - # }, - # "demand_circuit": { - # "ignore": true - # }, - # "network": { - # "broadcast": true - # }, - # "priority": 25, - # "process": { - # "area_id": "30", - # "id": 10 - # }, - # "resync_timeout": 10, - # "shutdown": true, - # "ttl_security": { - # "hops": 50 - # } - # }, - # { - # "adjacency": true, - # "afi": "ipv6", - # "database_filter": true, - # "manet": { - # "link_metrics": { - # "cost_threshold": 10 - # } - # }, - # "priority": 55, - # "process": { - # "area_id": "45", - # "id": 35 - # }, - # "transmit_delay": 45 - # } - # ], - # "name": "GigabitEthernet0/1" - # }, - # { - # "name": "GigabitEthernet0/0" - # } - # ] + # parsed: + # - name: GigabitEthernet0/2 + # - address_family: + # - adjacency: true + # afi: ipv4 + # bfd: true + # cost: + # interface_cost: 5 + # dead_interval: + # time: 5 + # demand_circuit: + # enable: true + # ignore: true + # network: + # broadcast: true + # priority: 25 + # process: + # area_id: '30' + # id: 10 + # resync_timeout: 10 + # shutdown: true + # ttl_security: + # hops: 50 + # set: true + # - adjacency: true + # afi: ipv6 + # database_filter: true + # manet: + # link_metrics: + # cost_threshold: 10 + # priority: 55 + # process: + # area_id: '45' + # id: 35 + # transmit_delay: 45 + # name: GigabitEthernet0/1 + # - name: GigabitEthernet0/0 @@ -2163,7 +2378,7 @@ Common return values are documented `here after
- dictionary + list
when changed @@ -2180,7 +2395,7 @@ Common return values are documented `here before
- dictionary + list
when state is merged, replaced, overridden, deleted or purged diff --git a/docs/cisco.ios.ios_ospfv2_module.rst b/docs/cisco.ios.ios_ospfv2_module.rst index bab14554a..e2b814d95 100644 --- a/docs/cisco.ios.ios_ospfv2_module.rst +++ b/docs/cisco.ios.ios_ospfv2_module.rst @@ -4589,96 +4589,6 @@ Examples .. code-block:: yaml - # Using deleted - - # Before state: - # ------------- - # - # router-ios#sh running-config | section ^router ospf - # router ospf 200 vrf blue - # domain-id 192.0.3.1 - # max-metric router-lsa on-startup 100 - # auto-cost reference-bandwidth 4 - # area 10 capability default-exclusion - # distribute-list 10 out - # distribute-list 123 in - # router ospf 1 - # max-metric router-lsa on-startup 110 - # area 10 authentication message-digest - # area 10 nssa default-information-originate metric 10 - # area 10 nssa translate type7 suppress-fa - # area 10 default-cost 10 - # area 10 filter-list prefix test_prefix_out out - # network 198.51.100.0 0.0.0.255 area 5 - # default-information originate - - - name: Delete provided OSPF V2 processes - cisco.ios.ios_ospfv2: - config: - processes: - - process_id: 1 - - process_id: 200 - vrf: blue - state: deleted - - # Commands Fired: - # --------------- - # - # "commands": [ - # "no router ospf 1" - # ] - - # After state: - # ------------- - # router-ios#sh running-config | section ^router ospf - # router ospf 200 vrf blue - # domain-id 192.0.3.1 - # max-metric router-lsa on-startup 100 - # auto-cost reference-bandwidth 4 - # area 10 capability default-exclusion - # distribute-list 10 out - # distribute-list 123 in - - # Using deleted without any config passed (NOTE: This will delete all OSPFV2 configuration from device) - - # Before state: - # ------------- - # - # router-ios#sh running-config | section ^router ospf - # router ospf 200 vrf blue - # domain-id 192.0.3.1 - # max-metric router-lsa on-startup 100 - # auto-cost reference-bandwidth 4 - # area 10 capability default-exclusion - # distribute-list 10 out - # distribute-list 123 in - # router ospf 1 - # max-metric router-lsa on-startup 110 - # area 10 authentication message-digest - # area 10 nssa default-information-originate metric 10 - # area 10 nssa translate type7 suppress-fa - # area 10 default-cost 10 - # area 10 filter-list prefix test_prefix_out out - # network 198.51.100.0 0.0.0.255 area 5 - # default-information originate - - - name: Delete all OSPF processes - cisco.ios.ios_ospfv2: - state: deleted - - # Commands Fired: - # --------------- - # - # "commands": [ - # "no router ospf 200 vrf blue", - # "no router ospf 1" - # ] - - # After state: - # ------------- - # router-ios#sh running-config | section ^router ospf - # router-ios# - # Using merged # Before state: @@ -4749,35 +4659,93 @@ Examples direction: in state: merged - # Commands Fired: - # --------------- - # - # "commands": [ - # "router ospf 200 vrf blue", - # "auto-cost reference-bandwidth 4", - # "distribute-list 10 out", - # "distribute-list 123 in", - # "domain-id 192.0.3.1", - # "max-metric router-lsa on-startup 100", - # "area 10 capability default-exclusion", - # "router ospf 1", - # "default-information originate", - # "max-metric router-lsa on-startup 110", - # "network 198.51.100.0 0.0.0.255 area 5", - # "area 10 authentication message-digest", - # "area 10 default-cost 10", - # "area 10 nssa translate type7 suppress-fa", - # "area 10 nssa default-information-originate metric 10", - # "area 10 filter-list prefix test_prefix_out out", - # "area 10 filter-list prefix test_prefix_in in", - # "area 5 authentication", - # "area 5 capability default-exclusion" - # "passive-interface default" - # "no passive-interface GigabitEthernet0/1" - # ] + # Task Output: + # ------------ + + # before: {} + # commands: + # - router ospf 200 vrf blue + # - auto-cost reference-bandwidth 4 + # - domain-id 192.0.3.1 + # - max-metric router-lsa on-startup 100 + # - area 10 capability default-exclusion + # - distribute-list 10 out + # - distribute-list 123 in + # - router ospf 1 + # - default-information originate + # - max-metric router-lsa on-startup 110 + # - area 5 capability default-exclusion + # - area 10 authentication message-digest + # - area 10 default-cost 10 + # - area 10 nssa default-information-originate metric 10 + # - area 10 nssa translate type7 suppress-fa + # - area 10 filter-list prefix test_prefix_in in + # - area 10 filter-list prefix test_prefix_out out + # - network 198.51.100.0 0.0.0.255 area 5 + # - passive-interface default + # - no passive-interface GigabitEthernet0/1 + # - no passive-interface GigabitEthernet0/2 + + # after: + # processes: + # - areas: + # - area_id: '10' + # capability: true + # auto_cost: + # reference_bandwidth: 4 + # set: true + # distribute_list: + # acls: + # - direction: out + # name: '10' + # - direction: in + # name: '123' + # domain_id: + # ip_address: + # address: 192.0.3.1 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # vrf: blue + # - areas: + # - area_id: '5' + # capability: true + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # filter_list: + # - direction: in + # name: test_prefix_in + # - direction: out + # name: test_prefix_out + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # default_information: + # originate: true + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # network: + # - address: 198.51.100.0 + # area: '5' + # wildcard_bits: 0.0.0.255 + # passive_interfaces: + # default: true + # interface: + # name: + # - GigabitEthernet2 + # - GigabitEthernet1 + # set_interface: false + # process_id: 1 # After state: - # ------------- + # ------------ # # router-ios#sh running-config | section ^router ospf # router ospf 200 vrf blue @@ -4789,18 +4757,20 @@ Examples # distribute-list 123 in # router ospf 1 # max-metric router-lsa on-startup 110 + # area 5 capability default-exclusion # area 10 authentication message-digest # area 10 nssa default-information-originate metric 10 # area 10 nssa translate type7 suppress-fa # area 10 default-cost 10 + # area 10 filter-list prefix test_prefix_in in # area 10 filter-list prefix test_prefix_out out + # passive-interface default + # no passive-interface GigabitEthernet1 + # no passive-interface GigabitEthernet2 # network 198.51.100.0 0.0.0.255 area 5 # default-information originate - # passive-interface default - # no passive-interface GigabitEthernet0/1 - # no passive-interface GigabitEthernet0/2 - # Using overridden + # Using replaced # Before state: # ------------- @@ -4815,15 +4785,20 @@ Examples # distribute-list 123 in # router ospf 1 # max-metric router-lsa on-startup 110 + # area 5 capability default-exclusion # area 10 authentication message-digest # area 10 nssa default-information-originate metric 10 # area 10 nssa translate type7 suppress-fa # area 10 default-cost 10 + # area 10 filter-list prefix test_prefix_in in # area 10 filter-list prefix test_prefix_out out + # passive-interface default + # no passive-interface GigabitEthernet1 + # no passive-interface GigabitEthernet2 # network 198.51.100.0 0.0.0.255 area 5 # default-information originate - - name: Override provided OSPF V2 configuration + - name: Replace running config with provided OSPF V2 configuration cisco.ios.ios_ospfv2: config: processes: @@ -4859,35 +4834,156 @@ Examples default_information_originate: metric: 10 translate: suppress-fa - state: overridden + state: replaced - # Commands Fired: - # --------------- + # Task Output: + # ------------ + # + # before: + # processes: + # - areas: + # - area_id: '10' + # capability: true + # auto_cost: + # reference_bandwidth: 4 + # set: true + # distribute_list: + # acls: + # - direction: out + # name: '10' + # - direction: in + # name: '123' + # domain_id: + # ip_address: + # address: 192.0.3.1 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # vrf: blue + # - areas: + # - area_id: '5' + # capability: true + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # filter_list: + # - direction: in + # name: test_prefix_in + # - direction: out + # name: test_prefix_out + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # default_information: + # originate: true + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # network: + # - address: 198.51.100.0 + # area: '5' + # wildcard_bits: 0.0.0.255 + # passive_interfaces: + # default: true + # interface: + # name: + # - GigabitEthernet2 + # - GigabitEthernet1 + # set_interface: false + # process_id: 1 # - # "commands": [ - # "no router ospf 1", - # "router ospf 100 vrf ospf_vrf", - # "auto-cost reference-bandwidth 5", - # "domain-id 192.0.5.1", - # "area 5 authentication message-digest", - # "area 5 nssa translate type7 suppress-fa", - # "area 5 nssa default-information-originate metric 10", - # "router ospf 200 vrf blue", - # "no auto-cost reference-bandwidth 4", - # "no distribute-list 10 out", - # "no distribute-list 123 in", - # "domain-id 192.0.4.1", - # "max-metric router-lsa on-startup 200", - # "maximum-paths 15", - # "ttl-security all-interfaces hops 7", - # "area 10 authentication message-digest", - # "no area 10 capability default-exclusion", - # "area 10 default-cost 10" + # commands: + # - router ospf 100 vrf ospf_vrf + # - auto-cost reference-bandwidth 5 + # - domain-id 192.0.5.1 + # - area 5 authentication message-digest + # - area 5 nssa translate type7 suppress-fa + # - area 5 nssa default-information-originate metric 10 + # - router ospf 200 vrf blue + # - no auto-cost reference-bandwidth 4 + # - no distribute-list 10 out + # - no distribute-list 123 in + # - domain-id 192.0.4.1 + # - max-metric router-lsa on-startup 200 + # - maximum-paths 15 + # - ttl-security all-interfaces hops 7 + # - area 10 authentication message-digest + # - no area 10 capability default-exclusion + # - area 10 default-cost 10 # ] + # + # after: + # processes: + # - areas: + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # domain_id: + # ip_address: + # address: 192.0.4.1 + # max_metric: + # on_startup: + # time: 200 + # router_lsa: true + # maximum_paths: 15 + # process_id: 200 + # ttl_security: + # hops: 7 + # vrf: blue + # - areas: + # - area_id: '5' + # authentication: + # message_digest: true + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # auto_cost: + # reference_bandwidth: 5 + # set: true + # domain_id: + # ip_address: + # address: 192.0.5.1 + # process_id: 100 + # vrf: ospf_vrf + # - areas: + # - area_id: '5' + # authentication: + # enable: true + # capability: true + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # filter_list: + # - direction: in + # name: test_prefix_in + # - direction: out + # name: test_prefix_out + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # default_information: + # originate: true + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # network: + # - address: 198.51.100.0 + # area: '5' + # wildcard_bits: 0.0.0.255 + # process_id: 1 # After state: # ------------- - # # router-ios#sh running-config | section ^router ospf # router ospf 200 vrf blue # domain-id 192.0.4.1 @@ -4902,8 +4998,20 @@ Examples # area 5 authentication message-digest # area 5 nssa default-information-originate metric 10 # area 5 nssa translate type7 suppress-fa + # router ospf 1 + # max-metric router-lsa on-startup 110 + # area 5 capability default-exclusion + # area 5 authentication + # area 10 authentication message-digest + # area 10 nssa default-information-originate metric 10 + # area 10 nssa translate type7 suppress-fa + # area 10 default-cost 10 + # area 10 filter-list prefix test_prefix_in in + # area 10 filter-list prefix test_prefix_out out + # network 198.51.100.0 0.0.0.255 area 5 + # default-information originate - # Using replaced + # Using overridden # Before state: # ------------- @@ -4926,7 +5034,7 @@ Examples # network 198.51.100.0 0.0.0.255 area 5 # default-information originate - - name: Replaced provided OSPF V2 configuration + - name: Override provided OSPF V2 configuration cisco.ios.ios_ospfv2: config: processes: @@ -4962,32 +5070,117 @@ Examples default_information_originate: metric: 10 translate: suppress-fa - state: replaced + state: overridden - # Commands Fired: - # --------------- - # "commands": [ - # "router ospf 100 vrf ospf_vrf", - # "auto-cost reference-bandwidth 5", - # "domain-id 192.0.5.1", - # "area 5 authentication message-digest", - # "area 5 nssa translate type7 suppress-fa", - # "area 5 nssa default-information-originate metric 10", - # "router ospf 200 vrf blue", - # "no auto-cost reference-bandwidth 4", - # "no distribute-list 10 out", - # "no distribute-list 123 in", - # "domain-id 192.0.4.1", - # "max-metric router-lsa on-startup 200", - # "maximum-paths 15", - # "ttl-security all-interfaces hops 7", - # "area 10 authentication message-digest", - # "no area 10 capability default-exclusion", - # "area 10 default-cost 10" - # ] + # Task Output: + # ------------ + # before: + # processes: + # - areas: + # - area_id: '10' + # capability: true + # auto_cost: + # reference_bandwidth: 4 + # set: true + # distribute_list: + # acls: + # - direction: out + # name: '10' + # - direction: in + # name: '123' + # domain_id: + # ip_address: + # address: 192.0.3.1 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # vrf: blue + # - areas: + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # filter_list: + # - direction: out + # name: test_prefix_out + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # default_information: + # originate: true + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # network: + # - address: 198.51.100.0 + # area: '5' + # wildcard_bits: 0.0.0.255 + # process_id: 1 + # + # commands: + # - no router ospf 1 + # - router ospf 100 vrf ospf_vrf + # - auto-cost reference-bandwidth 5 + # - domain-id 192.0.5.1 + # - area 5 authentication message-digest + # - area 5 nssa translate type7 suppress-fa + # - area 5 nssa default-information-originate metric 10 + # - router ospf 200 vrf blue + # - no auto-cost reference-bandwidth 4 + # - no distribute-list 10 out + # - no distribute-list 123 in + # - domain-id 192.0.4.1 + # - max-metric router-lsa on-startup 200 + # - maximum-paths 15 + # - ttl-security all-interfaces hops 7 + # - area 10 authentication message-digest + # - no area 10 capability default-exclusion + # - area 10 default-cost 10 + # + # after: + # processes: + # - areas: + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # domain_id: + # ip_address: + # address: 192.0.4.1 + # max_metric: + # on_startup: + # time: 200 + # router_lsa: true + # maximum_paths: 15 + # process_id: 200 + # ttl_security: + # hops: 7 + # vrf: blue + # - areas: + # - area_id: '5' + # authentication: + # message_digest: true + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # auto_cost: + # reference_bandwidth: 5 + # set: true + # domain_id: + # ip_address: + # address: 192.0.5.1 + # process_id: 100 + # vrf: ospf_vrf + # # After state: - # ------------- + # ------------ + # # router-ios#sh running-config | section ^router ospf # router ospf 200 vrf blue # domain-id 192.0.4.1 @@ -5002,19 +5195,214 @@ Examples # area 5 authentication message-digest # area 5 nssa default-information-originate metric 10 # area 5 nssa translate type7 suppress-fa + + # Using deleted + + # Before state: + # ------------- + # + # router-ios#sh running-config | section ^router ospf + # router ospf 200 vrf blue + # domain-id 192.0.3.1 + # max-metric router-lsa on-startup 100 + # auto-cost reference-bandwidth 4 + # area 10 capability default-exclusion + # distribute-list 10 out + # distribute-list 123 in + # router ospf 1 + # max-metric router-lsa on-startup 110 + # area 10 authentication message-digest + # area 10 nssa default-information-originate metric 10 + # area 10 nssa translate type7 suppress-fa + # area 10 default-cost 10 + # area 10 filter-list prefix test_prefix_out out + # network 198.51.100.0 0.0.0.255 area 5 + # default-information originate + + - name: Delete provided OSPF V2 processes + cisco.ios.ios_ospfv2: + config: + processes: + - process_id: 1 + - process_id: 200 + vrf: blue + state: deleted + + # Task Output: + # ------------ + + # before: + # processes: + # - areas: + # - area_id: '10' + # capability: true + # auto_cost: + # reference_bandwidth: 4 + # set: true + # distribute_list: + # acls: + # - direction: out + # name: '10' + # - direction: in + # name: '123' + # domain_id: + # ip_address: + # address: 192.0.3.1 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # vrf: blue + # - areas: + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # filter_list: + # - direction: out + # name: test_prefix_out + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # default_information: + # originate: true + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # network: + # - address: 198.51.100.0 + # area: '5' + # wildcard_bits: 0.0.0.255 + # process_id: 1 + # + # commands: + # - no router ospf 1 + # + # processes: + # - areas: + # - area_id: '10' + # capability: true + # auto_cost: + # reference_bandwidth: 4 + # set: true + # distribute_list: + # acls: + # - direction: out + # name: '10' + # - direction: in + # name: '123' + # domain_id: + # ip_address: + # address: 192.0.3.1 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # vrf: blue + # + # After state: + # ------------ + # router-ios#sh running-config | section ^router ospf + # router ospf 200 vrf blue + # domain-id 192.0.3.1 + # max-metric router-lsa on-startup 100 + # auto-cost reference-bandwidth 4 + # area 10 capability default-exclusion + # distribute-list 10 out + # distribute-list 123 in + + # Using deleted without any config passed (NOTE: This will delete all OSPFV2 configuration from device) + + # Before state: + # ------------- + # + # router-ios#sh running-config | section ^router ospf + # router ospf 200 vrf blue + # domain-id 192.0.3.1 + # max-metric router-lsa on-startup 100 + # auto-cost reference-bandwidth 4 + # area 10 capability default-exclusion + # distribute-list 10 out + # distribute-list 123 in # router ospf 1 # max-metric router-lsa on-startup 110 - # area 5 capability default-exclusion - # area 5 authentication # area 10 authentication message-digest # area 10 nssa default-information-originate metric 10 # area 10 nssa translate type7 suppress-fa # area 10 default-cost 10 - # area 10 filter-list prefix test_prefix_in in # area 10 filter-list prefix test_prefix_out out # network 198.51.100.0 0.0.0.255 area 5 # default-information originate + - name: Delete all OSPF processes + cisco.ios.ios_ospfv2: + state: deleted + + # Task Output: + # ------------ + + # before: + # processes: + # - areas: + # - area_id: '10' + # capability: true + # auto_cost: + # reference_bandwidth: 4 + # set: true + # distribute_list: + # acls: + # - direction: out + # name: '10' + # - direction: in + # name: '123' + # domain_id: + # ip_address: + # address: 192.0.3.1 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # vrf: blue + # - areas: + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # filter_list: + # - direction: out + # name: test_prefix_out + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # default_information: + # originate: true + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # network: + # - address: 198.51.100.0 + # area: '5' + # wildcard_bits: 0.0.0.255 + # process_id: 1 + # + # commands: + # - no router ospf 200 vrf blue + # - no router ospf 1 + # + # after: {} + # + # After state: + # ------------ + # router-ios#sh running-config | section ^router ospf + # router-ios# + # Using Gathered # Before state: @@ -5038,103 +5426,61 @@ Examples # network 198.51.100.0 0.0.0.255 area 5 # default-information originate - - name: Gather OSPFV2 provided configurations + - name: Gather OSPFV2 running configurations cisco.ios.ios_ospfv2: config: state: gathered - # Module Execution Result: - # ------------------------ + # Task Output: + # ------------ # - # "gathered": { - # "processes": [ - # { - # "areas": [ - # { - # "area_id": "5", - # "authentication": { - # "enable": true - # }, - # "capability": true - # }, - # { - # "area_id": "10", - # "authentication": { - # "message_digest": true - # }, - # "default_cost": 10, - # "filter_list": [ - # { - # "direction": "in", - # "name": "test_prefix_in" - # }, - # { - # "direction": "out", - # "name": "test_prefix_out" - # } - # ], - # "nssa": { - # "default_information_originate": { - # "metric": 10 - # }, - # "translate": "suppress-fa" - # } - # } - # ], - # "default_information": { - # "originate": true - # }, - # "max_metric": { - # "on_startup": { - # "time": 110 - # }, - # "router_lsa": true - # }, - # "network": { - # "address": "198.51.100.0", - # "area": "5", - # "wildcard_bits": "0.0.0.255" - # }, - # "process_id": 1 - # }, - # { - # "areas": [ - # { - # "area_id": "10", - # "capability": true - # } - # ], - # "auto_cost": { - # "reference_bandwidth": 4 - # }, - # "distribute_list": { - # "acls": [ - # { - # "direction": "out", - # "name": "10" - # }, - # { - # "direction": "in", - # "name": "123" - # } - # ] - # }, - # "domain_id": { - # "ip_address": { - # "address": "192.0.3.1" - # } - # }, - # "max_metric": { - # "on_startup": { - # "time": 100 - # }, - # "router_lsa": true - # }, - # "process_id": 200, - # "vrf": "blue" - # } - # ] - # } + # gathered: + # processes: + # - areas: + # - area_id: '10' + # capability: true + # auto_cost: + # reference_bandwidth: 4 + # set: true + # distribute_list: + # acls: + # - direction: out + # name: '10' + # - direction: in + # name: '123' + # domain_id: + # ip_address: + # address: 192.0.3.1 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # vrf: blue + # - areas: + # - area_id: '10' + # authentication: + # message_digest: true + # default_cost: 10 + # filter_list: + # - direction: out + # name: test_prefix_out + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # default_information: + # originate: true + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # network: + # - address: 198.51.100.0 + # area: '5' + # wildcard_bits: 0.0.0.255 + # process_id: 1 + # After state: # ------------ @@ -5214,30 +5560,30 @@ Examples direction: in state: rendered - # Module Execution Result: - # ------------------------ + # Task Output: + # ------------ + + # rendered: + # - router ospf 200 vrf blue + # - auto-cost reference-bandwidth 4 + # - distribute-list 10 out + # - distribute-list 123 in + # - domain-id 192.0.3.1 + # - max-metric router-lsa on-startup 100 + # - area 10 capability default-exclusion + # - router ospf 1 + # - default-information originate + # - max-metric router-lsa on-startup 110 + # - network 198.51.100.0 0.0.0.255 area 5 + # - area 10 authentication message-digest + # - area 10 default-cost 10 + # - area 10 nssa translate type7 suppress-fa + # - area 10 nssa default-information-originate metric 10 + # - area 10 filter-list prefix test_prefix_out out + # - area 10 filter-list prefix test_prefix_in in + # - area 5 authentication + # - area 5 capability default-exclusion # - # "rendered": [ - # "router ospf 200 vrf blue", - # "auto-cost reference-bandwidth 4", - # "distribute-list 10 out", - # "distribute-list 123 in", - # "domain-id 192.0.3.1", - # "max-metric router-lsa on-startup 100", - # "area 10 capability default-exclusion", - # "router ospf 1", - # "default-information originate", - # "max-metric router-lsa on-startup 110", - # "network 198.51.100.0 0.0.0.255 area 5", - # "area 10 authentication message-digest", - # "area 10 default-cost 10", - # "area 10 nssa translate type7 suppress-fa", - # "area 10 nssa default-information-originate metric 10", - # "area 10 filter-list prefix test_prefix_out out", - # "area 10 filter-list prefix test_prefix_in in", - # "area 5 authentication", - # "area 5 capability default-exclusion" - # ] # Using Parsed @@ -5256,38 +5602,26 @@ Examples running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed - # Module Execution Result: - # ------------------------ - # - # "parsed": { - # "processes": [ - # { - # "areas": [ - # { - # "area_id": "5", - # "authentication": { - # "message_digest": true - # }, - # "nssa": { - # "default_information_originate": { - # "metric": 10 - # }, - # "translate": "suppress-fa" - # } - # } - # ], - # "auto_cost": { - # "reference_bandwidth": 5 - # }, - # "domain_id": { - # "ip_address": { - # "address": "192.0.5.1" - # } - # }, - # "process_id": 100 - # } - # ] - # } + # Task Output: + # ------------ + + # parsed: + # processes: + # - areas: + # - area_id: '5' + # authentication: + # message_digest: true + # nssa: + # default_information_originate: + # metric: 10 + # translate: suppress-fa + # auto_cost: + # reference_bandwidth: 5 + # set: true + # domain_id: + # ip_address: + # address: 192.0.5.1 + # process_id: 100 @@ -5356,6 +5690,57 @@ Common return values are documented `here ['router ospf 200 vrf blue', 'auto-cost reference-bandwidth 5', 'domain-id 192.0.4.1'] + + +
+ gathered + +
+ dictionary +
+ + when state is gathered + +
Facts about the network resource gathered from the remote device as structured data.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+ + + + +
+ parsed + +
+ dictionary +
+ + when state is parsed + +
The device native config provided in running_config option parsed into structured data as per module argspec.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+ + + + +
+ rendered + +
+ list +
+ + when state is rendered + +
The provided configuration in the task rendered in device-native format (offline).
+
+
Sample:
+
['router ospf 200 vrf blue', 'auto-cost reference-bandwidth 4', 'distribute-list 10 out']
+ +

diff --git a/docs/cisco.ios.ios_ospfv3_module.rst b/docs/cisco.ios.ios_ospfv3_module.rst index af86b6cfa..950c4ed9e 100644 --- a/docs/cisco.ios.ios_ospfv3_module.rst +++ b/docs/cisco.ios.ios_ospfv3_module.rst @@ -6572,92 +6572,6 @@ Examples .. code-block:: yaml - # Using deleted - - # Before state: - # ------------- - # - # router-ios#sh running-config | section ^router ospfv3 - # router ospfv3 1 - # max-metric router-lsa on-startup 110 - # area 10 nssa default-information-originate metric 10 - # ! - # address-family ipv4 unicast vrf blue - # adjacency stagger 50 50 - # area 25 nssa default-information-originate metric 25 nssa-only - # exit-address-family - # router ospfv3 200 - # max-metric router-lsa on-startup 100 - # auto-cost reference-bandwidth 4 - # ! - # address-family ipv4 unicast - # adjacency stagger 200 200 - # exit-address-family - - - name: Delete provided OSPF V3 processes - cisco.ios.ios_ospfv3: - config: - processes: - - process_id: 1 - state: deleted - - # Commands Fired: - # --------------- - # - # "commands": [ - # "no router ospfv3 1" - # ] - - # After state: - # ------------- - # router-ios#sh running-config | section ^router ospfv3 - # router ospfv3 200 - # max-metric router-lsa on-startup 100 - # auto-cost reference-bandwidth 4 - # ! - # address-family ipv4 unicast - # adjacency stagger 200 200 - # exit-address-family - - # Using deleted without any config passed (NOTE: This will delete all OSPFV3 configuration from device) - - # Before state: - # ------------- - # - # router-ios#sh running-config | section ^router ospfv3 - # router ospfv3 1 - # max-metric router-lsa on-startup 110 - # area 10 nssa default-information-originate metric 10 - # ! - # address-family ipv4 unicast vrf blue - # adjacency stagger 50 50 - # area 25 nssa default-information-originate metric 25 nssa-only - # exit-address-family - # router ospfv3 200 - # max-metric router-lsa on-startup 100 - # auto-cost reference-bandwidth 4 - # ! - # address-family ipv4 unicast - # adjacency stagger 200 200 - # exit-address-family - - - name: Delete all OSPF processes - cisco.ios.ios_ospfv3: - state: deleted - - # Commands Fired: - # --------------- - # - # "commands": [ - # "no router ospfv3 200", - # "no router ospfv3 1" - # ] - - # After state: - # ------------- - # router-ios#sh running-config | section ^router ospfv3 - # router-ios# - # Using merged # Before state: @@ -6714,26 +6628,189 @@ Examples reference_bandwidth: 4 state: merged - # Commands Fired: - # --------------- + # Task Output: + # ------------ + + # before: {} + # + # commands: + # - router ospfv3 1 + # - max-metric router-lsa on-startup 110 + # - area 10 nssa default-information-originate metric 10 + # - address-family ipv4 unicast vrf blue + # - adjacency stagger 50 50 + # - area 25 nssa default-information-originate metric 25 nssa-only + # - exit-address-family + # - router ospfv3 200 + # - auto-cost reference-bandwidth 4 + # - max-metric router-lsa on-startup 100 + # - address-family ipv4 unicast + # - adjacency stagger 200 200 + # - exit-address-family # - # "commands": [ - # "router ospfv3 1", - # "max-metric router-lsa on-startup 110", - # "area 10 nssa default-information-originate metric 10", - # "address-family ipv4 unicast vrf blue", - # "adjacency stagger 50 50", - # "area 25 nssa default-information-originate metric 25 nssa-only", - # "exit-address-family", - # "router ospfv3 200", - # "auto-cost reference-bandwidth 4", - # "max-metric router-lsa on-startup 100", - # "address-family ipv4 unicast", - # "adjacency stagger 200 200", - # "exit-address-family" - # ] + # after: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + + # After state: + # ------------- + # + # router-ios#sh running-config | section ^router ospfv3 + # router ospfv3 1 + # max-metric router-lsa on-startup 110 + # area 10 nssa default-information-originate metric 10 + # ! + # address-family ipv4 unicast vrf blue + # adjacency stagger 50 50 + # area 25 nssa default-information-originate metric 25 nssa-only + # exit-address-family + # router ospfv3 200 + # max-metric router-lsa on-startup 100 + # auto-cost reference-bandwidth 4 + # ! + # address-family ipv4 unicast + # adjacency stagger 200 200 + # exit-address-family + + # Using deleted + + # Before state: + # ------------- + # + # router-ios#sh running-config | section ^router ospfv3 + # router ospfv3 1 + # max-metric router-lsa on-startup 110 + # area 10 nssa default-information-originate metric 10 + # ! + # address-family ipv4 unicast vrf blue + # adjacency stagger 50 50 + # area 25 nssa default-information-originate metric 25 nssa-only + # exit-address-family + # router ospfv3 200 + # max-metric router-lsa on-startup 100 + # auto-cost reference-bandwidth 4 + # ! + # address-family ipv4 unicast + # adjacency stagger 200 200 + # exit-address-family + - name: Delete provided OSPF V3 processes + cisco.ios.ios_ospfv3: + config: + processes: + - process_id: 1 + state: deleted + + # Task Output: + # ------------ + + # before: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # + # commands: + # - no router ospfv3 1 + # + # parsed: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # # After state: + # ------------ + # router-ios#sh running-config | section ^router ospfv3 + # router ospfv3 200 + # max-metric router-lsa on-startup 100 + # auto-cost reference-bandwidth 4 + # ! + # address-family ipv4 unicast + # adjacency stagger 200 200 + # exit-address-family + + # Using deleted without any config passed (NOTE: This will delete all OSPFV3 configuration from device) + + # Before state: # ------------- # # router-ios#sh running-config | section ^router ospfv3 @@ -6753,6 +6830,64 @@ Examples # adjacency stagger 200 200 # exit-address-family + - name: Delete all OSPF processes + cisco.ios.ios_ospfv3: + state: deleted + + # Task Output: + # ------------ + + # before: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # + # commands: + # - no router ospfv3 200 + # - no router ospfv3 1 + # + # after: {} + # + # After state: + # ------------ + # router-ios#sh running-config | section ^router ospfv3 + # router-ios# + + # Using overridden # Before state: @@ -6802,23 +6937,86 @@ Examples metric: 10 state: overridden - # Commands Fired: - # --------------- + # Task Output: + # ------------ + + # before: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # + # commands: + # - no router ospfv3 1 + # - router ospfv3 200 + # - no auto-cost reference-bandwidth 4 + # - max-metric router-lsa on-startup 200 + # - area 10 nssa default-information-originate metric 10 + # - address-family ipv4 unicast + # - adjacency stagger 50 50 + # - area 200 nssa default-information-originate metric 200 nssa-only + # - exit-address-family # - # "commands": [ - # "no router ospfv3 1", - # "router ospfv3 200", - # "no auto-cost reference-bandwidth 4", - # "max-metric router-lsa on-startup 200", - # "area 10 nssa default-information-originate metric 10", - # "address-family ipv4 unicast", - # "adjacency stagger 50 50", - # "area 200 nssa default-information-originate metric 200 nssa-only", - # "exit-address-family" - # ] + # after: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '200' + # nssa: + # default_information_originate: + # metric: 200 + # nssa_only: true + # unicast: true + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 200 + # router_lsa: true + # process_id: 200 # After state: - # ------------- + # ------------ # # router-ios#sh running-config | section ^router ospfv3 # router ospfv3 200 @@ -6852,7 +7050,7 @@ Examples # adjacency stagger 200 200 # exit-address-family - - name: Replaced provided OSPFV3 configuration + - name: Perform replace with provided configurations. cisco.ios.ios_ospfv3: config: processes: @@ -6880,19 +7078,103 @@ Examples metric: 10 state: replaced - # Commands Fired: - # --------------- - # "commands": [ - # "router ospfv3 200", - # "no auto-cost reference-bandwidth 4", - # "max-metric router-lsa on-startup 200", - # "area 10 nssa default-information-originate metric 10", - # "address-family ipv4 unicast", - # "adjacency stagger 50 50", - # "area 200 nssa default-information-originate metric 200 nssa-only", - # "exit-address-family" - # ] + # Task Output: + # ------------ + # before: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 + # + # commands: + # - router ospfv3 200 + # - no auto-cost reference-bandwidth 4 + # - max-metric router-lsa on-startup 200 + # - area 10 nssa default-information-originate metric 10 + # - address-family ipv4 unicast + # - adjacency stagger 50 50 + # - area 200 nssa default-information-originate metric 200 nssa-only + # - exit-address-family + # + # after: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - afi: ipv4 + # areas: + # - area_id: '200' + # nssa: + # default_information_originate: + # metric: 200 + # nssa_only: true + # unicast: true + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 200 + # router_lsa: true + # process_id: 200 + # # After state: # ------------- # router-ios#sh running-config | section ^router ospfv3 @@ -6940,76 +7222,47 @@ Examples config: state: gathered - # Module Execution Result: - # ------------------------ + # Task Output: + # ------------ # - # "gathered": { - # "processes": [ - # { - # "address_family": [ - # { - # "adjacency": { - # "max_adjacency": 50, - # "min_adjacency": 50 - # }, - # "afi": "ipv4", - # "areas": [ - # { - # "area_id": "25", - # "nssa": { - # "default_information_originate": { - # "metric": 25, - # "nssa_only": true - # } - # } - # } - # ], - # "unicast": true, - # "vrf": "blue" - # } - # ], - # "areas": [ - # { - # "area_id": "10", - # "nssa": { - # "default_information_originate": { - # "metric": 10 - # } - # } - # } - # ], - # "max_metric": { - # "on_startup": { - # "time": 110 - # }, - # "router_lsa": true - # }, - # "process_id": 1 - # }, - # { - # "address_family": [ - # { - # "adjacency": { - # "max_adjacency": 200, - # "min_adjacency": 200 - # }, - # "afi": "ipv4", - # "unicast": true - # } - # ], - # "auto_cost": { - # "reference_bandwidth": 4 - # }, - # "max_metric": { - # "on_startup": { - # "time": 100 - # }, - # "router_lsa": true - # }, - # "process_id": 200 - # } - # ] - # } + # parsed: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 # After state: # ------------ @@ -7081,24 +7334,24 @@ Examples reference_bandwidth: 4 state: rendered - # Module Execution Result: - # ------------------------ - # - # "rendered": [ - # "router ospfv3 1", - # "max-metric router-lsa on-startup 110", - # "area 10 nssa default-information-originate metric 10", - # "address-family ipv4 unicast vrf blue", - # "adjacency stagger 50 50", - # "area 25 nssa default-information-originate metric 25 nssa-only", - # "exit-address-family", - # "router ospfv3 200", - # "auto-cost reference-bandwidth 4", - # "max-metric router-lsa on-startup 100", - # "address-family ipv4 unicast", - # "adjacency stagger 200 200", - # "exit-address-family" - # ] + # Task Output: + # ------------ + + # rendered: + # - router ospfv3 1 + # - max-metric router-lsa on-startup 110 + # - area 10 nssa default-information-originate metric 10 + # - address-family ipv4 unicast vrf blue + # - adjacency stagger 50 50 + # - area 25 nssa default-information-originate metric 25 nssa-only + # - exit-address-family + # - router ospfv3 200 + # - auto-cost reference-bandwidth 4 + # - max-metric router-lsa on-startup 100 + # - address-family ipv4 unicast + # - adjacency stagger 200 200 + # - exit-address-family + # Using Parsed @@ -7121,59 +7374,52 @@ Examples # adjacency stagger 200 200 # exit-address-family - - name: Parse the provided configuration with the existing running configuration + - name: Parse the provided configuration and display structured ospfv3 facts. cisco.ios.ios_ospfv3: running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed - # Module Execution Result: - # ------------------------ + # Task Output: + # ------------ # - # "parsed": { - # "processes": [ - # { - # "address_family": [ - # { - # "adjacency": { - # "max_adjacency": 50, - # "min_adjacency": 50 - # }, - # "afi": "ipv4", - # "areas": [ - # { - # "area_id": "25", - # "nssa": { - # "default_information_originate": { - # "metric": 25, - # "nssa_only": true - # } - # } - # } - # ], - # "unicast": true, - # "vrf": "blue" - # } - # ], - # "areas": [ - # { - # "area_id": "10", - # "nssa": { - # "default_information_originate": { - # "metric": 10 - # } - # } - # } - # ], - # "max_metric": { - # "on_startup": { - # "time": 110 - # }, - # "router_lsa": true - # }, - # "process_id": 1 - # } - # ] - # } + # parsed: + # processes: + # - address_family: + # - adjacency: + # max_adjacency: 50 + # min_adjacency: 50 + # afi: ipv4 + # areas: + # - area_id: '25' + # nssa: + # default_information_originate: + # metric: 25 + # nssa_only: true + # unicast: true + # vrf: blue + # areas: + # - area_id: '10' + # nssa: + # default_information_originate: + # metric: 10 + # max_metric: + # on_startup: + # time: 110 + # router_lsa: true + # process_id: 1 + # - address_family: + # - adjacency: + # max_adjacency: 200 + # min_adjacency: 200 + # afi: ipv4 + # unicast: true + # auto_cost: + # reference_bandwidth: 4 + # max_metric: + # on_startup: + # time: 100 + # router_lsa: true + # process_id: 200 @@ -7242,6 +7488,57 @@ Common return values are documented `here ['router ospfv3 1', 'address-family ipv4 unicast vrf blue', 'adjacency stagger 50 50'] + + +
+ gathered + +
+ dictionary +
+ + when state is gathered + +
Facts about the network resource gathered from the remote device as structured data.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+ + + + +
+ parsed + +
+ dictionary +
+ + when state is parsed + +
The device native config provided in running_config option parsed into structured data as per module argspec.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+ + + + +
+ rendered + +
+ list +
+ + when state is rendered + +
The provided configuration in the task rendered in device-native format (offline).
+
+
Sample:
+
['router ospfv3 1', 'max-metric router-lsa on-startup 110', 'area 10 nssa default-information-originate metric 10']
+ +

diff --git a/docs/cisco.ios.ios_prefix_lists_module.rst b/docs/cisco.ios.ios_prefix_lists_module.rst index 0f021a78e..3a221d33e 100644 --- a/docs/cisco.ios.ios_prefix_lists_module.rst +++ b/docs/cisco.ios.ios_prefix_lists_module.rst @@ -348,16 +348,85 @@ Examples - name: test_prefix state: deleted - # Commands Fired: - # --------------- - # - # "commands": [ - # "no ip prefix-list 10", - # "no ip prefix-list test_prefix" - # ] + # Task Output + # ------------- + # before: + # - afi: ipv4 + # prefix_lists: + # - description: this is test description + # entries: + # - action: deny + # le: 15 + # prefix: 1.0.0.0/8 + # sequence: 5 + # - action: deny + # ge: 10 + # prefix: 35.0.0.0/8 + # sequence: 10 + # - action: deny + # ge: 15 + # prefix: 12.0.0.0/8 + # sequence: 15 + # - action: deny + # ge: 20 + # le: 21 + # prefix: 14.0.0.0/8 + # sequence: 20 + # name: '10' + # - description: this is test + # entries: + # - action: deny + # ge: 15 + # prefix: 12.0.0.0/8 + # sequence: 50 + # name: test + # - description: this is for prefix-list + # entries: + # - action: deny + # ge: 10 + # le: 15 + # prefix: 35.0.0.0/8 + # sequence: 5 + # - action: deny + # ge: 20 + # prefix: 35.0.0.0/8 + # sequence: 10 + # name: test_prefix + # - afi: ipv6 + # prefix_lists: + # - description: this is ipv6 prefix-list + # entries: + # - action: deny + # ge: 80 + # prefix: 2001:DB8:0:4::/64 + # sequence: 10 + # name: test_ipv6 + # commands: + # - no ip prefix-list 10 + # - no ip prefix-list test_prefix + # after: + # - afi: ipv4 + # prefix_lists: + # - description: this is test + # entries: + # - action: deny + # ge: 15 + # prefix: 12.0.0.0/8 + # sequence: 50 + # name: test + # - afi: ipv6 + # prefix_lists: + # - description: this is ipv6 prefix-list + # entries: + # - action: deny + # ge: 80 + # prefix: 2001:DB8:0:4::/64 + # sequence: 10 + # name: test_ipv6 + # After state: - # ------------- + # ------------ # router-ios#sh running-config | section ^ip prefix-list|^ipv6 prefix-list # ip prefix-list test description this is test # ip prefix-list test seq 50 deny 12.0.0.0/8 ge 15 @@ -389,14 +458,76 @@ Examples - afi: ipv4 state: deleted - # Commands Fired: - # --------------- - # - # "commands": [ - # "no ip prefix-list test", - # "no ip prefix-list 10", - # "no ip prefix-list test_prefix" - # ] + + + # Task Output + # ------------- + # before: + # - afi: ipv4 + # prefix_lists: + # - description: this is test description + # entries: + # - action: deny + # le: 15 + # prefix: 1.0.0.0/8 + # sequence: 5 + # - action: deny + # ge: 10 + # prefix: 35.0.0.0/8 + # sequence: 10 + # - action: deny + # ge: 15 + # prefix: 12.0.0.0/8 + # sequence: 15 + # - action: deny + # ge: 20 + # le: 21 + # prefix: 14.0.0.0/8 + # sequence: 20 + # name: '10' + # - description: this is test + # entries: + # - action: deny + # ge: 15 + # prefix: 12.0.0.0/8 + # sequence: 50 + # name: test + # - description: this is for prefix-list + # entries: + # - action: deny + # ge: 10 + # le: 15 + # prefix: 35.0.0.0/8 + # sequence: 5 + # - action: deny + # ge: 20 + # prefix: 35.0.0.0/8 + # sequence: 10 + # name: test_prefix + # - afi: ipv6 + # prefix_lists: + # - description: this is ipv6 prefix-list + # entries: + # - action: deny + # ge: 80 + # prefix: 2001:DB8:0:4::/64 + # sequence: 10 + # name: test_ipv6 + # commands: + # - "no ip prefix-list test", + # - "no ip prefix-list 10", + # - "no ip prefix-list test_prefix" + # after: + # - afi: ipv6 + # prefix_lists: + # - description: this is ipv6 prefix-list + # entries: + # - action: deny + # ge: 80 + # prefix: 2001:DB8:0:4::/64 + # sequence: 10 + # name: test_ipv6 + # After state: # ------------- @@ -1137,4 +1268,5 @@ Status Authors ~~~~~~~ +- Sagar Paul (@KB-perByte) - Sumit Jaiswal (@justjais) diff --git a/meta/runtime.yml b/meta/runtime.yml index 55584b22f..14d31cd1c 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -206,4 +206,4 @@ plugin_routing: redirect: cisco.ios.ios_vlans vrf: redirect: cisco.ios.ios_vrf -requires_ansible: ">=2.9.10" +requires_ansible: ">=2.13.11" diff --git a/plugins/module_utils/network/ios/config/acls/acls.py b/plugins/module_utils/network/ios/config/acls/acls.py index 9d29555cc..c40157c28 100644 --- a/plugins/module_utils/network/ios/config/acls/acls.py +++ b/plugins/module_utils/network/ios/config/acls/acls.py @@ -192,6 +192,7 @@ def sanitize_protocol_options(self, wace, hace): list(wace.get("protocol_options"))[0] == hace.get("protocol") ): hace.pop("protocol") + hace["protocol_options"] = wace.get("protocol_options") return hace def acl_name_cmd(self, name, afi, acl_type): @@ -226,9 +227,15 @@ def list_to_dict(self, param): if acl.get("aces"): temp_rem = [] # remarks if defined in an ace for ace in acl.get("aces"): # each ace turned to dict - if ace.get("destination") and ace.get("destination", {}).get( - "port_protocol", - {}, + if ( + ace.get("destination") + and ace.get("destination", {}).get( + "port_protocol", + {}, + ) + and not ace.get("destination", {}) + .get("port_protocol", {}) + .get("range") ): for k, v in ( ace.get("destination", {}).get("port_protocol", {}).items() diff --git a/plugins/module_utils/network/ios/config/prefix_lists/prefix_lists.py b/plugins/module_utils/network/ios/config/prefix_lists/prefix_lists.py index 7c4ebe5ec..210fb234d 100644 --- a/plugins/module_utils/network/ios/config/prefix_lists/prefix_lists.py +++ b/plugins/module_utils/network/ios/config/prefix_lists/prefix_lists.py @@ -63,12 +63,10 @@ def generate_commands(self): want, have and desired state. """ wantd = {entry["afi"]: entry for entry in self.want} - haved = {entry["afi"]: entry for entry in self.have} - # Convert each of config list to dict - for each in wantd, haved: - self.list_to_dict(each) + self._prefix_list_transform(wantd) + self._prefix_list_transform(haved) # if state is merged, merge want onto have and then compare if self.state == "merged": @@ -76,44 +74,24 @@ def generate_commands(self): # if state is deleted, empty out wantd and set haved to wantd if self.state == "deleted": - temp = None - for k, v in iteritems(haved): - if k in wantd: - if wantd[k].get("prefix_lists"): - want_afi_name = wantd[k].get("prefix_lists", {}) - haved[k]["prefix_lists"] = { - key: val - for key, val in iteritems(v.get("prefix_lists")) - if key in want_afi_name - } - elif wantd: - temp = k - if temp: - haved.pop(k) - wantd = {} - for k, have in iteritems(haved): - for key, val in iteritems(have["prefix_lists"]): - if k == "ipv4": - k = "ip" - self.commands.append("no {0} prefix-list {1}".format(k, key)) + haved = {k: v for k, v in iteritems(haved) if k in wantd or not wantd} + for key, hvalue in iteritems(haved): + wvalue = wantd.pop(key, {}) + if wvalue: + wplists = wvalue.get("prefix_lists", {}) + hplists = hvalue.get("prefix_lists", {}) + hvalue["prefix_lists"] = { + k: v for k, v in iteritems(hplists) if k in wplists or not wplists + } # remove superfluous config for overridden and deleted if self.state in ["overridden", "deleted"]: for k, have in iteritems(haved): - want_afi = wantd.get(k, {}) - for key, val in iteritems(have["prefix_lists"]): - if k == "ipv4": - k = "ip" - if want_afi and key not in want_afi.get("prefix_lists"): - self.commands.append("no {0} prefix-list {1}".format(k, key)) + if k not in wantd: + self._compare(want={}, have=have) for k, want in iteritems(wantd): self._compare(want=want, have=haved.pop(k, {})) - # alligning cmd with negate cmd 1st followed by config cmd - if self.state in ["overridden", "replaced"]: - self.commands = [each for each in self.commands if "no" in each] + [ - each for each in self.commands if "no" not in each - ] def _compare(self, want, have): """Leverages the base class `compare()` method and @@ -121,130 +99,48 @@ def _compare(self, want, have): the `want` and `have` data with the `parsers` defined for the Prefix_lists network resource. """ - if want != have and self.state != "deleted": - for k, v in iteritems(want["prefix_lists"]): - if have.get("prefix_lists") and have["prefix_lists"].get(k): - have_prefix = have["prefix_lists"].pop(k, {}) - for key, val in iteritems(v.get("entries")): - if have_prefix.get("entries"): - have_prefix_param = have_prefix["entries"].pop(key, {}) - else: - have_prefix_param = None - if have_prefix.get("description"): - self.compare( - parsers=self.parsers, - want={ - "afi": want["afi"], - "name": k, - "prefix_list": {"description": v["description"]}, - }, - have={ - "afi": want["afi"], - "name": k, - "prefix_list": {"description": have_prefix.pop("description")}, - }, - ) - if have_prefix_param and val != have_prefix_param: - if key == "description": - # Code snippet should be removed when Description param is removed from - # entries level as this supports deprecated level of Description - self.compare( - parsers=self.parsers, - want={"afi": want["afi"], "name": k, "prefix_list": {key: val}}, - have={ - "afi": have["afi"], - "name": k, - "prefix_list": {key: have_prefix_param}, - }, - ) - else: - if self.state == "merged" and have_prefix_param.get( - "sequence", - ) == val.get("sequence"): - self._module.fail_json( - "Cannot update existing sequence {0} of Prefix Lists {1} with state merged.".format( - val.get("sequence"), - k, - ) - + " Please use state replaced or overridden.", - ) - self.compare( - parsers=self.parsers, - want=dict(), - have={ - "afi": have["afi"], - "name": k, - "prefix_list": have_prefix_param, - }, - ) - self.compare( - parsers=self.parsers, - want={"afi": want["afi"], "name": k, "prefix_list": val}, - have={ - "afi": have["afi"], - "name": k, - "prefix_list": have_prefix_param, - }, - ) - elif val and val != have_prefix_param: - self.compare( - parsers=self.parsers, - want={"afi": want["afi"], "name": k, "prefix_list": val}, - have=dict(), - ) - if have_prefix and (self.state == "replaced" or self.state == "overridden"): - if have_prefix.get("description"): - # Code snippet should be removed when Description param is removed from - # entries level as this supports deprecated level of Description - self.compare( - parsers=self.parsers, - want=dict(), - have={ - "afi": want["afi"], - "name": k, - "prefix_list": {"description": have_prefix["description"]}, - }, - ) - for key, val in iteritems(have_prefix.get("entries")): - self.compare( - parsers=self.parsers, - want=dict(), - have={"afi": have["afi"], "name": k, "prefix_list": val}, - ) - elif v: - if v.get("description"): - self.compare( - parsers=self.parsers, - want={ - "afi": want["afi"], - "name": k, - "prefix_list": {"description": v["description"]}, - }, - have=dict(), - ) - for key, val in iteritems(v.get("entries")): - self.compare( - parsers=self.parsers, - want={"afi": want["afi"], "name": k, "prefix_list": val}, - have=dict(), - ) + wplists = want.get("prefix_lists", {}) + hplists = have.get("prefix_lists", {}) + for wk, wentry in iteritems(wplists): + hentry = hplists.pop(wk, {}) + self.compare(["description"], want=wentry, have=hentry) + # compare sequences + self._compare_seqs(wentry.pop("entries", {}), hentry.pop("entries", {})) - def list_to_dict(self, param): - if param: - for key, val in iteritems(param): - if val.get("prefix_lists"): - temp_prefix_list = {} - for each in val["prefix_lists"]: - temp_entries = dict() - if each.get("entries"): - for every in each["entries"]: - temp_entries.update({str(every["sequence"]): every}) - temp_prefix_list.update( - { - each["name"]: { - "description": each.get("description"), - "entries": temp_entries, - }, - }, + if self.state in ["overridden", "deleted"]: + # remove remaining prefix lists + for h in hplists.values(): + self.commands.append( + "no {0} prefix-list {1}".format(h["afi"].replace("ipv4", "ip"), h["name"]), + ) + + def _compare_seqs(self, want, have): + for wseq, wentry in iteritems(want): + hentry = have.pop(wseq, {}) + if hentry != wentry: + if hentry: + if self.state == "merged": + self._module.fail_json( + msg="Cannot update existing sequence {0} of prefix list {1} with state merged." + " Please use state replaced or overridden.".format( + hentry["sequence"], + hentry["name"], + ), ) - val["prefix_lists"] = temp_prefix_list + else: + self.addcmd(hentry, "entry", negate=True) + self.addcmd(wentry, "entry") + # remove remaining entries from have prefix list + for hseq in have.values(): + self.addcmd(hseq, "entry", negate=True) + + def _prefix_list_transform(self, entry): + for afi, value in iteritems(entry): + if "prefix_lists" in value: + for plist in value["prefix_lists"]: + plist.update({"afi": afi}) + if "entries" in plist: + for seq in plist["entries"]: + seq.update({"afi": afi, "name": plist["name"]}) + plist["entries"] = {x["sequence"]: x for x in plist["entries"]} + value["prefix_lists"] = {entry["name"]: entry for entry in value["prefix_lists"]} diff --git a/plugins/module_utils/network/ios/config/service/service.py b/plugins/module_utils/network/ios/config/service/service.py index f92dbedce..6a4c8a1ff 100644 --- a/plugins/module_utils/network/ios/config/service/service.py +++ b/plugins/module_utils/network/ios/config/service/service.py @@ -103,9 +103,11 @@ def generate_commands(self): "prompt": True, "slave_log": True, "password_recovery": True, - "private_config_encryption": True, } + if "private_config_encryption" in haved: + service_default["private_config_encryption"] = True + # if state is merged, merge want onto have and then compare if self.state == "merged": wantd = dict_merge(haved, wantd) diff --git a/plugins/module_utils/network/ios/config/snmp_server/snmp_server.py b/plugins/module_utils/network/ios/config/snmp_server/snmp_server.py index ff45f7b5f..7440875f9 100644 --- a/plugins/module_utils/network/ios/config/snmp_server/snmp_server.py +++ b/plugins/module_utils/network/ios/config/snmp_server/snmp_server.py @@ -186,16 +186,39 @@ def _compare(self, want, have): def _compare_lists_attrs(self, want, have): """Compare list of dict""" for _parser in self.list_parsers: - i_want = want.get(_parser, {}) - i_have = have.get(_parser, {}) - for key, wanting in iteritems(i_want): - haveing = i_have.pop(key, {}) - if wanting != haveing: - if haveing and self.state in ["overridden", "replaced"]: - self.addcmd(haveing, _parser, negate=True) - self.addcmd(wanting, _parser) - for key, haveing in iteritems(i_have): - self.addcmd(haveing, _parser, negate=True) + if _parser == "users": + i_want = want.get(_parser, {}) + i_have = have.get(_parser, {}) + for key, wanting in iteritems(i_want): + wanting_compare = deepcopy(wanting) + if ( + "authentication" in wanting_compare + and "password" in wanting_compare["authentication"] + ): + wanting_compare["authentication"].pop("password") + if ( + "encryption" in wanting_compare + and "password" in wanting_compare["encryption"] + ): + wanting_compare["encryption"].pop("password") + haveing = i_have.pop(key, {}) + if wanting_compare != haveing: + if haveing and self.state in ["overridden", "replaced"]: + self.addcmd(haveing, _parser, negate=True) + self.addcmd(wanting, _parser) + for key, haveing in iteritems(i_have): + self.addcmd(haveing, _parser, negate=True) + else: + i_want = want.get(_parser, {}) + i_have = have.get(_parser, {}) + for key, wanting in iteritems(i_want): + haveing = i_have.pop(key, {}) + if wanting != haveing: + if haveing and self.state in ["overridden", "replaced"]: + self.addcmd(haveing, _parser, negate=True) + self.addcmd(wanting, _parser) + for key, haveing in iteritems(i_have): + self.addcmd(haveing, _parser, negate=True) def _snmp_list_to_dict(self, data): """Convert all list of dicts to dicts of dicts""" diff --git a/plugins/module_utils/network/ios/facts/acls/acls.py b/plugins/module_utils/network/ios/facts/acls/acls.py index 6037d99e1..50cf69cab 100644 --- a/plugins/module_utils/network/ios/facts/acls/acls.py +++ b/plugins/module_utils/network/ios/facts/acls/acls.py @@ -34,7 +34,7 @@ class AclsFacts(object): """The ios_acls fact class""" - def __init__(self, module, subspec="config", options="options"): + def __init__(self, module): self._module = module self.argument_spec = AclsArgs.argument_spec diff --git a/plugins/module_utils/network/ios/facts/prefix_lists/prefix_lists.py b/plugins/module_utils/network/ios/facts/prefix_lists/prefix_lists.py index 167f68c73..80a73e18c 100644 --- a/plugins/module_utils/network/ios/facts/prefix_lists/prefix_lists.py +++ b/plugins/module_utils/network/ios/facts/prefix_lists/prefix_lists.py @@ -15,9 +15,6 @@ based on the configuration. """ -from copy import copy - -from ansible.module_utils.six import iteritems from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import utils from ansible_collections.cisco.ios.plugins.module_utils.network.ios.argspec.prefix_lists.prefix_lists import ( @@ -59,50 +56,18 @@ def populate_facts(self, connection, ansible_facts, data=None): objs = prefix_lists_parser.parse() final_objs = [] - temp = {} - temp["afi"] = None - temp["prefix_lists"] = [] + + _prefix_list = {"ipv4": [], "ipv6": []} if objs: - for k, v in iteritems(objs): - temp_prefix_list = {} - temp_prefix_list["entries"] = [] - if not temp["afi"] or v["afi"] != temp["afi"]: - if temp and temp["afi"]: - temp["prefix_lists"] = sorted( - temp["prefix_lists"], - key=lambda k, sk="name": str(k[sk]), - ) - # additional check for py3.5 - if len(final_objs) == 2: - for each in final_objs: - if v["afi"] == each["afi"]: - each["prefix_lists"].extend(temp["prefix_lists"]) - else: - final_objs.append(copy(temp)) - temp["prefix_lists"] = [] - temp["afi"] = v["afi"] - for each in v["prefix_lists"]: - if not temp_prefix_list.get("name"): - temp_prefix_list["name"] = each["name"] - if not temp_prefix_list.get("description") and each.get("description"): - temp_prefix_list["description"] = each["description"] - if each["entries"] and not each["entries"].get("description"): - temp_prefix_list["entries"].append(each["entries"]) - temp["prefix_lists"].append(temp_prefix_list) - if temp and temp["afi"]: - temp["prefix_lists"] = sorted( - temp["prefix_lists"], - key=lambda k, sk="name": str(k[sk]), + for prefixes in list(objs.values()): + _afi = prefixes.pop("afi") + _prefix_list[_afi].append( + prefixes, ) - # additional check for py3.5 - if len(final_objs) == 2: - for each in final_objs: - if v["afi"] == each["afi"]: - each["prefix_lists"].extend(temp["prefix_lists"]) - else: - final_objs.append(copy(temp)) - - final_objs = sorted(final_objs, key=lambda k, sk="afi": k[sk]) + if _prefix_list.get("ipv4"): + final_objs.append({"afi": "ipv4", "prefix_lists": _prefix_list.pop("ipv4")}) + if _prefix_list.get("ipv6"): + final_objs.append({"afi": "ipv6", "prefix_lists": _prefix_list.pop("ipv6")}) ansible_facts["ansible_network_resources"].pop("prefix_lists", None) diff --git a/plugins/module_utils/network/ios/facts/snmp_server/snmp_server.py b/plugins/module_utils/network/ios/facts/snmp_server/snmp_server.py index 1cb6e7f48..b419fddd5 100644 --- a/plugins/module_utils/network/ios/facts/snmp_server/snmp_server.py +++ b/plugins/module_utils/network/ios/facts/snmp_server/snmp_server.py @@ -15,6 +15,7 @@ based on the configuration. """ +import re from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import utils @@ -93,18 +94,36 @@ def get_snmpv3_user_facts(self, snmpv3_user): """ user_sets = snmpv3_user.split("User ") user_list = [] + re_snmp_auth = re.compile(r"^Authentication Protocol:\s*(MD5|SHA)") + re_snmp_priv = re.compile(r"^Privacy Protocol:\s*(3DES|AES|DES)([0-9]*)") + re_snmp_acl = re.compile(r"^.*active\s+(access-list: (\S+)|)\s*(IPv6 access-list: (\S+)|)") for user_set in user_sets: one_set = {} lines = user_set.splitlines() for line in lines: if line.startswith("name"): one_set["username"] = line.split(": ")[1] + continue if line.startswith("Group-name:"): one_set["group"] = line.split(": ")[1] - if "IPv6 access-list:" in line: - one_set["acl_v6"] = line.split(": ")[-1] - if "active\taccess-list:" in line: - one_set["acl_v4"] = line.split(": ")[-1] + continue + re_match = re_snmp_auth.search(line) + if re_match: + one_set["authentication"] = {"algorithm": re_match.group(1).lower()} + continue + re_match = re_snmp_priv.search(line) + if re_match: + one_set["encryption"] = {"priv": re_match.group(1).lower()} + if re_match.group(2): + one_set["encryption"]["priv_option"] = re_match.group(2) + continue + re_match = re_snmp_acl.search(line) + if re_match: + if re_match.group(2): + one_set["acl_v4"] = re_match.group(2) + if re_match.group(4): + one_set["acl_v6"] = re_match.group(4) + continue one_set["version"] = "v3" # defaults to version 3 data if len(one_set): user_list.append(one_set) diff --git a/plugins/module_utils/network/ios/rm_templates/acls.py b/plugins/module_utils/network/ios/rm_templates/acls.py index 164c93caf..a67b53d0b 100644 --- a/plugins/module_utils/network/ios/rm_templates/acls.py +++ b/plugins/module_utils/network/ios/rm_templates/acls.py @@ -149,7 +149,7 @@ def __init__(self, lines=None): r"""^(ip|ipv6) (\s(access-list)) (\s(standard|extended)) - (\s(?P\S+))? + (\s(?P\S+)) $""", re.VERBOSE, ), @@ -159,13 +159,12 @@ def __init__(self, lines=None): "shared": True, }, { - "name": "_mac_acls_name", # + "name": "_mac_acls_name", # mac acls to be removed "getval": re.compile( - r"""^(?PStandard|Extended|Reflexive)* - \s*(?PMAC)* - \s*access - \s*list* - \s*(?P.+)* + r"""^(?PStandard|Extended|Reflexive) + (\s(?PMAC)) + (\saccess\slist) + (\s(?P.+)) $""", re.VERBOSE, ), @@ -204,8 +203,8 @@ def __init__(self, lines=None): "name": "remarks_type_linear", "getval": re.compile( r"""^(access-list) - (\s(?P\S+))? - (\sremark\s(?P.+))? + (\s(?P\S+)) + (\sremark\s(?P.+)) $""", re.VERBOSE, ), @@ -224,7 +223,7 @@ def __init__(self, lines=None): "getval": re.compile( r"""\s*(?P\d+)* \s(?Pdeny|permit)? - (\s+(?P
(?!ahp|eigrp|esp|gre|icmp|igmp|ipv6|ipinip|ip|nos|object-group|ospf|pcp|pim|sctp|tcp|udp)\S+|\S+,))? + (\s+(?P
(?!ahp|any|eigrp|esp|gre|icmp|igmp|ipv6|ipinip|ip|nos|object-group|ospf|pcp|pim|sctp|tcp|udp)\S+|\S+,))? (\s*(?Pany))? (\swildcard\sbits\s(?P\S+))? (\shost\s(?P\S+))? @@ -266,19 +265,27 @@ def __init__(self, lines=None): (\sobject-group\s(?P\S+))| (\shost\s(?P\S+))| (\s(?P(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\s\S+)))? - (\s(?P(eq|gts|gt|lt|neq)\s(\S+|\d+)))? + (\seq\s(?P(\S+|\d+)))? + (\sgt\s(?P(\S+|\d+)))? + (\slt\s(?P(\S+|\d+)))? + (\sneq\s(?P(\S+|\d+)))? (\srange\s(?P\d+)\s(?P\d+))? (\s(?Pany))? (\sobject-group\s(?P\S+))? (\shost\s(?P\S+))? (\s(?P(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\s\S+))? - (\s(?P(eq|gts|lt|neq)\s(\S+|\d+)))? + (\seq\s(?P(\S+|\d+)))? + (\sgt\s(?P(\S+|\d+)))? + (\slt\s(?P(\S+|\d+)))? + (\sneq\s(?P(\S+|\d+)))? (\srange\s(?P\d+)\s(?P\d+))? (\s(?Padministratively-prohibited|alternate-address|conversion-error|dod-host-prohibited|dod-net-prohibited|echo-reply|echo|general-parameter-problem|host-isolated|host-precedence-unreachable|host-redirect|host-tos-redirect|host-tos-unreachable|host-unknown|host-unreachable|information-reply|information-request|mask-reply|mask-request|mobile-redirect|net-redirect|net-tos-redirect|net-tos-unreachable|net-unreachable|network-unknown|no-room-for-option|option-missing|packet-too-big|parameter-problem|port-unreachable|precedence-unreachable|protocol-unreachable|reassembly-timeout|redirect|router-advertisement|router-solicitation|source-quench|source-route-failed|time-exceeded|timestamp-reply|timestamp-request|traceroute|ttl-exceeded|unreachable|dvmrp|host-query|mtrace-resp|mtrace-route|pim|trace|v1host-report|v2host-report|v2leave-group|v3host-report|ack|established|fin|psh|rst|syn|urg))? (\sdscp\s(?P\S+))? (\s(?Pfragments))? - (\s(?Plog-input\s\(tag\s=\s\S+\)|log-input))? - (\s(?Plog\s\(tag\s=\s\S+\)|log))? + (\slog-input\s\(tag\s=\s(?P\S+\)|log-input))? + (\s(?Plog-input))? + (\slog\s\(tag\s=\s(?P\S+\)|log))? + (\s(?Plog))? (\soption\s(?P