Try SpotterManage filter entries on Cisco ACI fabrics (vz:Entry)
| "added in version" 2.4 of ansible.builtin"
Authors: Swetha Chunduri (@schunduri), Dag Wieers (@dagwieers), Jacob McGill (@jmcgill298)
preview | supported by community
pipInstall with pip install ansible==2.4.3.0.post1
Manage filter entries for a filter on Cisco ACI fabrics.
More information from the internal APIC class I(vz:Entry) at U(https://developer.cisco.com/media/mim-ref/MO-vzEntry.html).
- aci_filter_entry:
action: "{{ action }}"
entry: "{{ entry }}"
tenant: "{{ tenant }}"
ether_name: "{{ ether_name }}"
icmp_msg_type: "{{ icmp_msg_type }}"
filter: "{{ filter }}"
descr: "{{ descr }}"
host: "{{ inventory_hostname }}"
username: "{{ user }}"
password: "{{ pass }}"
protocol: "{{ protocol }}"
host:
aliases:
- hostname
description:
- IP Address or hostname of APIC resolvable by Ansible control host.
- If the value is not specified in the task, the value of environment variable C(ACI_HOST)
will be used instead.
required: true
type: str
port:
description:
- Port number to be used for REST connection.
- The default value depends on parameter C(use_ssl).
- If the value is not specified in the task, the value of environment variable C(ACI_PORT)
will be used instead.
type: int
entry:
aliases:
- entry_name
- filter_entry
- name
description:
- Then name of the Filter Entry.
state:
choices:
- absent
- present
- query
default: present
description:
- present, absent, query
filter:
aliases:
- filter_name
description: The name of Filter that the entry should belong to.
tenant:
aliases:
- tenant_name
description:
- The name of the tenant.
timeout:
default: 30
description:
- The socket level timeout in seconds.
- If the value is not specified in the task, the value of environment variable C(ACI_TIMEOUT)
will be used instead.
type: int
use_ssl:
default: true
description:
- If C(no), an HTTP connection will be used instead of the default HTTPS connection.
- If the value is not specified in the task, the value of environment variable C(ACI_USE_SSL)
will be used instead.
type: bool
arp_flag:
choices:
- arp_reply
- arp_request
- unspecified
default: unspecified
description:
- The arp flag to use when the ether_type is arp.
- The APIC defaults new Filter Entries to C(unspecified).
dst_port:
choices:
- Valid TCP/UDP Port Ranges
default: unspecified
description:
- Used to set both destination start and end ports to the same value when ip_protocol
is tcp or udp.
- The APIC defaults new Filter Entries to C(unspecified).
password:
description:
- The password to use for authentication.
- This option is mutual exclusive with C(private_key). If C(private_key) is provided
too, it will be used instead.
- If the value is not specified in the task, the value of environment variables C(ACI_PASSWORD)
or C(ANSIBLE_NET_PASSWORD) will be used instead.
type: str
stateful:
description:
- Determines the statefulness of the filter entry.
username:
aliases:
- user
default: admin
description:
- The username to use for authentication.
- If the value is not specified in the task, the value of environment variables C(ACI_USERNAME)
or C(ANSIBLE_NET_USERNAME) will be used instead.
type: str
owner_key:
description:
- User-defined string for the ownerKey attribute of an ACI object.
- This attribute represents a key for enabling clients to own their data for entity
correlation.
- If the value is not specified in the task, the value of environment variable C(ACI_OWNER_KEY)
will be used instead.
type: str
owner_tag:
description:
- User-defined string for the ownerTag attribute of an ACI object.
- This attribute represents a tag for enabling clients to add their own data.
- For example, to indicate who created this object.
- If the value is not specified in the task, the value of environment variable C(ACI_OWNER_TAG)
will be used instead.
type: str
use_proxy:
default: true
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
- If the value is not specified in the task, the value of environment variable C(ACI_USE_PROXY)
will be used instead.
type: bool
annotation:
description:
- User-defined string for annotating an object.
- If the value is not specified in the task, the value of environment variable C(ACI_ANNOTATION)
will be used instead.
type: str
ether_type:
choices:
- arp
- fcoe
- ip
- mac_security
- mpls_ucast
- trill
- unspecified
default: unspecified
description:
- The Ethernet type.
- The APIC defaults new Filter Entries to C(unspecified).
description:
aliases:
- descr
description:
- Description for the Filter Entry.
ip_protocol:
choices:
- eigrp
- egp
- icmp
- icmpv6
- igmp
- igp
- l2tp
- ospfigp
- pim
- tcp
- udp
- unspecified
default: unspecified
description:
- The IP Protocol type when ether_type is ip.
- The APIC defaults new Filter Entries to C(unspecified).
output_path:
description:
- Path to a file that will be used to dump the ACI JSON configuration objects generated
by the module.
- If the value is not specified in the task, the value of environment variable C(ACI_OUTPUT_PATH)
will be used instead.
type: str
private_key:
aliases:
- cert_key
description:
- Either a PEM-formatted private key file or the private key content used for signature-based
authentication.
- This value also influences the default C(certificate_name) that is used.
- This option is mutual exclusive with C(password). If C(password) is provided too,
it will be ignored.
- If the value is not specified in the task, the value of environment variable C(ACI_PRIVATE_KEY)
will be used instead.
type: str
dst_port_end:
choices:
- Valid TCP/UDP Port Ranges
default: unspecified
description:
- Used to set the destination end port when ip_protocol is tcp or udp.
- The APIC defaults new Filter Entries to C(unspecified).
output_level:
choices:
- debug
- info
- normal
default: normal
description:
- Influence the output of this ACI module.
- C(normal) means the standard output, incl. C(current) dict
- C(info) adds informational output, incl. C(previous), C(proposed) and C(sent) dicts
- C(debug) adds debugging output, incl. C(filter_string), C(method), C(response),
C(status) and C(url) information
- If the value is not specified in the task, the value of environment variable C(ACI_OUTPUT_LEVEL)
will be used instead.
type: str
icmp_msg_type:
choices:
- dst_unreachable
- echo
- echo_reply
- src_quench
- time_exceeded
- unspecified
default: unspecified
description:
- ICMPv4 message type; used when ip_protocol is icmp.
- The APIC defaults new Filter Entries to C(unspecified).
dst_port_start:
choices:
- Valid TCP/UDP Port Ranges
default: unspecified
description:
- Used to set the destination start port when ip_protocol is tcp or udp.
- The APIC defaults new Filter Entries to C(unspecified).
icmp6_msg_type:
choices:
- dst_unreachable
- echo_request
- echo_reply
- neighbor_advertisement
- neighbor_solicitation
- redirect
- time_exceeded
- unspecified
default: unspecified
description:
- ICMPv6 message type; used when ip_protocol is icmpv6.
- The APIC defaults new Filter Entries to C(unspecified).
validate_certs:
default: true
description:
- If C(no), SSL certificates will not be validated.
- This should only set to C(no) when used on personally controlled sites using self-signed
certificates.
- If the value is not specified in the task, the value of environment variable C(ACI_VALIDATE_CERTS)
will be used instead.
type: bool
certificate_name:
aliases:
- cert_name
description:
- The X.509 certificate name attached to the APIC AAA user used for signature-based
authentication.
- If a C(private_key) filename was provided, this defaults to the C(private_key) basename,
without extension.
- If PEM-formatted content was provided for C(private_key), this defaults to the C(username)
value.
- If the value is not specified in the task, the value of environment variable C(ACI_CERTIFICATE_NAME)
will be used instead.
type: str