ospf_element - OSPF Elements used in engine configurations¶

Synopsis ¶

OSPF elements are the building blocks to building an OSPF configuration on a firewall. Use this module to obtain available elements and their values.

Requirements (on host that executes module)¶

smc-python

Options ¶

parameter required default choices comments

case_sensitive

no

True

Whether to do a case sensitive match on the filter specified

elements

yes

List of OSPF related elements to create within the SMC. The list contain dicts representing valid OSPF element types as the key, and nested dict should be valid attributes of that OSPF element type.

Valid elements include: ospfv2_area, ospf_profile http://smc-python.readthedocs.io/en/latest/pages/reference.html#module-smc.routing.ospf

**Dictionary object elements**
parameter	required	comments
ospfv2_interface_settings	no	OSPF settings that can be applied directly to the interface that OSPF is attached to
ospvfv2_area	no	Create an OSPFv2 area element to be used on a routing interface to advertise OSPF. Suboptions describe key value pairs for the area dict.
ospfv2_domain_settings	no	OSPF domain settings can be applied on an OSPF profile to provide metrics and cost information for an OSPF profile. Set on the OSPF profile attribute domain_settings_ref.
ospfv2_profile	no	An OSPF profile defines how an OSPF area should behave with respects to redistributing routes between adjacent areas

exact_match

no

Whether to do an exact match on the filter specified

filter

no

*

String value to match against when making query. Matches all if not specified. A filter will attempt to find a match in the name, primary key field or comment field of a given record.

limit

no

10

Limit the number of results. Set to 0 to remove limit.

smc_address

no

FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS

smc_alt_filepath

no

Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored.

smc_api_key

no

API key for api client. The default value is the environment variable SMC_API_KEY Required if url

smc_api_version

no

Optional API version to connect to. If none is provided, the latests LTS SMC API version will be used based on the Management Center version. Can be set though the environment variable SMC_API_VERSION

smc_domain

no

Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable SMC_DOMAIN

smc_extra_args

no

Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.

**Dictionary object smc_extra_args**
parameter	required	default	choices	comments
verify	no	True	yes no	Is the connection to SMC is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.

smc_logging

no

Optionally enable SMC API logging to a file

**Dictionary object smc_logging**
parameter	required	default	choices	comments
path	yes			Full path to the log file
level	no			Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.

smc_timeout

no

Optional timeout for connections to the SMC. Can be set through environment SMC_TIMEOUT

state

no

present

present
absent

Create or delete an OSPF Element. If state=absent, the element dict must have at least the type of element and name field as a valid value.

Examples ¶

- name:
  hosts: localhost
  gather_facts: no
  tasks:
  - name: OSPF Elements
    register: result
    ospf_element:
      smc_logging:
        level: 10
        path: ansible-smc.log
      elements:
      - ospfv2_area:
          area_type: normal
          comment: null
          inbound_filters:
            ip_access_list:
            - myacl22
            ip_prefix_list:
            - mylist2
          interface_settings_ref: Default OSPFv2 Interface Settings
          name: myarea2
          outbound_filters:
            ip_access_list:
            - myservice
      - ospfv2_profile:
          comment: added by ansible
          default_metric: 123
          domain_settings_ref: Default OSPFv2 Domain Settings
          external_distance: 110
          inter_distance: 130
          intra_distance: 110
          name: myprofile
          redistribution_entry:
          - enabled: true
            metric_type: external_1
            type: bgp
          - enabled: true
            filter:
               route_map:
               - myroutemap
            metric: 2
            metric_type: external_1
            type: static
          - enabled: true
            filter:
              ip_access_list:
              - myacl
            metric_type: external_2
            type: connected
          - enabled: false
            metric_type: external_1
            type: kernel
          - enabled: false
            metric_type: external_1
            type: default_originate
      - ospfv2_domain_settings:
          abr_type: cisco
          auto_cost_bandwidth: 100
          deprecated_algorithm: false
          initial_delay: 203
          initial_hold_time: 1000
          max_hold_time: 10000
          name: mydomain2
          shutdown_max_metric_lsa: 0
          startup_max_metric_lsa: 0
      - ospfv2_interface_settings:
          authentication_type: none
          dead_interval: 40
          hello_interval: 10
          hello_interval_type: normal
          mtu_mismatch_detection: true
          name: myinterface
          password: ''
          retransmit_interval: 5
          router_priority: 1
          transmit_delay: 1
      #state: absent

- name: Unset an existing redistributed route ip access list or route map
  register: result
  ospf_element:
    elements:
    - ospfv2_profile:
      name: myprofile
      redistribution_entry:
      - enabled: true
        metric_type: external_1
        type: bgp
      - enabled: true
        filter: {}

Return Values ¶

Common return values are documented Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
state	Full json definition of NGFW	always	list	[{'action': 'created', 'type': 'ospfv2_area', 'name': 'myarea2'}, {'action': 'created', 'type': 'ospfv2_profile', 'name': 'myprofile'}, {'action': 'deleted', 'type': 'ospfv2_area', 'name': 'myarea2'}, {'action': 'failed to delete with reason: Cannot find specified element: myprofile, type: ospfv2_profile', 'type': 'ospfv2_profile', 'name': 'myprofile'}]
changed	Whether or not the change succeeded	always	bool

Notes ¶

Note

If a filter is not used in the query, this will return all results for the element type specified. The return data in this case will only contain the metadata for the element which will be name and type. To get detailed information about an element, use a filter. When using filters on network or service elements, the filter value will search the element fields, for example, you could use a filter of ‘1.1.1.1’ when searching for hosts and all hosts with this IP will be returned. The same applies for services. If you are unsure of the service name but know the port you require, your filter can be by port.

Author ¶

Forcepoint

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.