Try SpotterModify data at paths with API
| "added in version" 2.2.0 of community.routeros"
Authors: Felix Fontein (@felixfontein)
Install with ansible-galaxy collection install community.routeros:==2.14.0
collections:
- name: community.routeros
version: 2.14.0Allows to modify information for a path using the API.
Use the M(community.routeros.api_find_and_modify) module to modify one or multiple entries in a controlled way depending on some search conditions.
To make a backup of a path that can be restored with this module, use the M(community.routeros.api_info) module.
The module ignores dynamic and builtin entries.
B(Note) that this module is still heavily in development, and only supports B(some) paths. If you want to support new paths, or think you found problems with existing paths, please first L(create an issue in the community.routeros Issue Tracker,https://github.com/ansible-collections/community.routeros/issues/).
---
- name: Setup DHCP server networks
# Ensures that we have exactly two DHCP server networks (in the specified order)
community.routeros.api_modify:
path: ip dhcp-server network
handle_absent_entries: remove
handle_entries_content: remove_as_much_as_possible
ensure_order: true
data:
- address: 192.168.88.0/24
comment: admin network
dns-server: 192.168.88.1
gateway: 192.168.88.1
- address: 192.168.1.0/24
comment: customer network 1
dns-server: 192.168.1.1
gateway: 192.168.1.1
netmask: 24
- name: Adjust NAT
community.routeros.api_modify:
hostname: "{{ hostname }}"
password: "{{ password }}"
username: "{{ username }}"
path: ip firewall nat
data:
- action: masquerade
chain: srcnat
comment: NAT to WAN
out-interface-list: WAN
# Three ways to unset values:
# - nothing after `:`
# - "empty" value (null/~/None)
# - prepend '!'
out-interface:
to-addresses: ~
'!to-ports':
tls:
aliases:
- ssl
default: false
description:
- If is set TLS will be used for RouterOS API connection.
required: false
type: bool
data:
description:
- Data to ensure that is present for this path.
- Fields not provided will not be modified.
- If C(.id) appears in an entry, it will be ignored.
elements: dict
required: true
type: list
path:
choices:
- caps-man aaa
- caps-man access-list
- caps-man channel
- caps-man configuration
- caps-man datapath
- caps-man manager
- caps-man manager interface
- caps-man provisioning
- caps-man security
- certificate settings
- interface bonding
- interface bridge
- interface bridge mlag
- interface bridge port
- interface bridge port-controller
- interface bridge port-extender
- interface bridge settings
- interface bridge vlan
- interface detect-internet
- interface eoip
- interface ethernet
- interface ethernet poe
- interface ethernet switch
- interface ethernet switch port
- interface gre
- interface gre6
- interface l2tp-server server
- interface list
- interface list member
- interface ovpn-client
- interface ovpn-server server
- interface ppp-client
- interface pppoe-client
- interface pptp-server server
- interface sstp-server server
- interface vlan
- interface vrrp
- interface wifi
- interface wifi aaa
- interface wifi access-list
- interface wifi cap
- interface wifi capsman
- interface wifi channel
- interface wifi configuration
- interface wifi datapath
- interface wifi interworking
- interface wifi provisioning
- interface wifi security
- interface wifi steering
- interface wifiwave2
- interface wifiwave2 aaa
- interface wifiwave2 access-list
- interface wifiwave2 cap
- interface wifiwave2 capsman
- interface wifiwave2 channel
- interface wifiwave2 configuration
- interface wifiwave2 datapath
- interface wifiwave2 interworking
- interface wifiwave2 provisioning
- interface wifiwave2 security
- interface wifiwave2 steering
- interface wireguard
- interface wireguard peers
- interface wireless
- interface wireless align
- interface wireless cap
- interface wireless security-profiles
- interface wireless sniffer
- interface wireless snooper
- iot modbus
- ip accounting
- ip accounting web-access
- ip address
- ip arp
- ip cloud
- ip cloud advanced
- ip dhcp-client
- ip dhcp-client option
- ip dhcp-server
- ip dhcp-server config
- ip dhcp-server lease
- ip dhcp-server network
- ip dhcp-server option
- ip dhcp-server option sets
- ip dns
- ip dns static
- ip firewall address-list
- ip firewall connection tracking
- ip firewall filter
- ip firewall layer7-protocol
- ip firewall mangle
- ip firewall nat
- ip firewall raw
- ip firewall service-port
- ip hotspot service-port
- ip ipsec identity
- ip ipsec peer
- ip ipsec policy
- ip ipsec profile
- ip ipsec proposal
- ip ipsec settings
- ip neighbor discovery-settings
- ip pool
- ip proxy
- ip route
- ip route vrf
- ip service
- ip settings
- ip smb
- ip socks
- ip ssh
- ip tftp settings
- ip traffic-flow
- ip traffic-flow ipfix
- ip traffic-flow target
- ip upnp
- ip upnp interfaces
- ip vrf
- ipv6 address
- ipv6 dhcp-client
- ipv6 dhcp-server
- ipv6 dhcp-server option
- ipv6 firewall address-list
- ipv6 firewall filter
- ipv6 firewall mangle
- ipv6 firewall nat
- ipv6 firewall raw
- ipv6 nd
- ipv6 nd prefix default
- ipv6 route
- ipv6 settings
- mpls
- mpls ldp
- port firmware
- port remote-access
- ppp aaa
- ppp profile
- queue interface
- queue tree
- radius
- radius incoming
- routing bgp connection
- routing bgp instance
- routing bgp template
- routing filter rule
- routing filter select-rule
- routing id
- routing mme
- routing ospf area
- routing ospf area range
- routing ospf instance
- routing ospf interface-template
- routing pimsm instance
- routing pimsm interface-template
- routing rip
- routing ripng
- routing rule
- routing table
- snmp
- snmp community
- system clock
- system clock manual
- system identity
- system leds settings
- system logging
- system logging action
- system note
- system ntp client
- system ntp client servers
- system ntp server
- system package update
- system routerboard settings
- system scheduler
- system script
- system upgrade mirror
- system ups
- system watchdog
- tool bandwidth-server
- tool e-mail
- tool graphing
- tool graphing interface
- tool graphing resource
- tool mac-server
- tool mac-server mac-winbox
- tool mac-server ping
- tool netwatch
- tool romon
- tool sms
- tool sniffer
- tool traffic-generator
- user
- user aaa
- user group
- user settings
description:
- Path to query.
- An example value is V(ip address). This is equivalent to running modification commands
in C(/ip address) in the RouterOS CLI.
required: true
type: str
port:
description:
- RouterOS api port. If O(tls) is set, port will apply to TLS/SSL connection.
- Defaults are V(8728) for the HTTP API, and V(8729) for the HTTPS API.
type: int
ca_path:
description:
- PEM formatted file that contains a CA certificate to be used for certificate validation.
- See also O(validate_cert_hostname). Only used when O(tls=true) and O(validate_certs=true).
type: path
version_added: 1.2.0
version_added_collection: community.routeros
timeout:
default: 10
description:
- Timeout for the request.
type: int
version_added: 2.3.0
version_added_collection: community.routeros
encoding:
default: ASCII
description:
- Use the specified encoding when communicating with the RouterOS device.
- Default is V(ASCII). Note that V(UTF-8) requires librouteros 3.2.1 or newer.
type: str
version_added: 2.1.0
version_added_collection: community.routeros
hostname:
description:
- RouterOS hostname API.
required: true
type: str
password:
description:
- RouterOS user password.
required: true
type: str
username:
description:
- RouterOS login user.
required: true
type: str
ensure_order:
default: false
description:
- Whether to ensure the same order of the config as present in O(data).
- Requires O(handle_absent_entries=remove).
type: bool
force_no_cert:
default: false
description:
- Set to V(true) to connect without a certificate when O(tls=true).
- See also O(validate_certs).
- B(Note:) this forces the use of anonymous Diffie-Hellman (ADH) ciphers. The protocol
is susceptible to Man-in-the-Middle attacks, because the keys used in the exchange
are not authenticated. Instead of simply connecting without a certificate to "make
things work" have a look at O(validate_certs) and O(ca_path).
type: bool
version_added: 2.4.0
version_added_collection: community.routeros
validate_certs:
default: true
description:
- Set to V(false) to skip validation of TLS certificates.
- See also O(validate_cert_hostname). Only used when O(tls=true).
- B(Note:) instead of simply deactivating certificate validations to "make things
work", please consider creating your own CA certificate and using it to sign certificates
used for your router. You can tell the module about your CA certificate with the
O(ca_path) option.
type: bool
version_added: 1.2.0
version_added_collection: community.routeros
handle_read_only:
choices:
- ignore
- validate
- error
default: error
description:
- How to handle values passed in for read-only fields.
- If V(ignore), they are not passed to the API.
- If V(validate), the values are not passed for creation, and for updating they are
compared to the value returned for the object. If they differ, the module fails.
- If V(error), the module will fail if read-only fields are provided.
type: str
version_added: 2.10.0
version_added_collection: community.routeros
handle_write_only:
choices:
- create_only
- always_update
- error
default: create_only
description:
- How to handle values passed in for write-only fields.
- If V(create_only), they are passed on creation, and ignored for updating.
- If V(always_update), they are always passed to the API. This means that if such
a value is present, the module will always result in C(changed) since there is no
way to validate whether the value actually changed.
- If V(error), the module will fail if write-only fields are provided.
type: str
version_added: 2.10.0
version_added_collection: community.routeros
handle_absent_entries:
choices:
- ignore
- remove
default: ignore
description:
- How to handle entries that are present in the current config, but not in O(data).
- V(ignore) ignores them.
- V(remove) removes them.
type: str
handle_entries_content:
choices:
- ignore
- remove
- remove_as_much_as_possible
default: ignore
description:
- For a single entry in O(data), this describes how to handle fields that are not
mentioned in that entry, but appear in the actual config.
- If V(ignore), they are not modified.
- If V(remove), they are removed. If at least one cannot be removed, the module will
fail.
- If V(remove_as_much_as_possible), all that can be removed will be removed. The ones
that cannot be removed will be kept.
- Note that V(remove) and V(remove_as_much_as_possible) do not apply to write-only
fields.
type: str
validate_cert_hostname:
default: false
description:
- Set to V(true) to validate hostnames in certificates.
- See also O(validate_certs). Only used when O(tls=true) and O(validate_certs=true).
type: bool
version_added: 1.2.0
version_added_collection: community.routeros
new_data:
description:
- A list of all elements for the current path after a change was made.
elements: dict
returned: always
sample:
- .id: '*1'
actual-interface: bridge
address: 192.168.1.1/24
comment: awesome
disabled: false
dynamic: false
interface: bridge
invalid: false
network: 192.168.1.0
type: list
old_data:
description:
- A list of all elements for the current path before a change was made.
elements: dict
returned: always
sample:
- .id: '*1'
actual-interface: bridge
address: 192.168.88.1/24
comment: defconf
disabled: false
dynamic: false
interface: bridge
invalid: false
network: 192.168.88.0
type: list