Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

edgeos_config - added diff result #184

Merged
merged 1 commit into from
Jan 25, 2021
Merged

edgeos_config - added diff result #184

merged 1 commit into from
Jan 25, 2021

Conversation

virtualguy
Copy link
Contributor

SUMMARY

Add diff output when applying changes using edgeos_config

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

edgeos_config

ADDITIONAL INFORMATION

This will print the full router config with changes shown in the edgeos json format (using the 'show' command)

         rule 5002 {
             description "masquerade for WAN 2"
             outbound-interface eth6
             type masquerade
         }
         rule 5003 {
>            description "masquerade for WAN 3"
             outbound-interface eth7
             type masquerade
         }

@virtualguy virtualguy marked this pull request as ready for review December 12, 2020 20:30
@felixfontein felixfontein added the check-before-release PR will be looked at again shortly before release and merged if possible. label Dec 13, 2020
@felixfontein
Copy link
Collaborator

I'm not at all familiar with the edgeos code, but it looks like it should not break something. So if it works for you I'm happy to assume it works. If nobody complains, I'll merge this before the next release.

I hope that someone who knows edgeos will take a closer look though...

@virtualguy
Copy link
Contributor Author

I'll try and give it a rigorous test across the couple of device variants we have here. So far it looks good.

One question on the preferred diff output format, currently it prints the whole router config with markers (like '>') to indicate changed lines as generated by the 'show' command. An alternative is to only print the changed lines using the 'compare' command. Examples below, but I think my preference is for the latter

The full router config in annotated json(ish) format from the 'show' command prior to 'commit'

TASK [router : configure EdgeOS] *********************************************************************************************************************************************************************************************************************************************************
firewall {
     all-ping enable
     broadcast-ping disable
     group {
         network-group PRIVATE_NETS {
             network 192.168.0.0/16
             network 172.16.0.0/12
             network 10.0.0.0/8
         }
     }
     ipv6-receive-redirects disable
     ipv6-src-route disable
     ip-src-route disable
     log-martians disable
     modify balance {
         rule 10 {
             action modify
             description "do NOT load balance lan to lan"
             destination {
                 group {
                     network-group PRIVATE_NETS
                 }
             }
             modify {
                 table main
             }
         }
         rule 30 {
             action modify
             description "do NOT load balance destination public address"
             destination {
                 group {
                     address-group ADDRv4_pppoe0
                 }
             }
             modify {
                 table main
             }
         }
         rule 40 {
             action modify
             description "do NOT load balance destination public address"
             destination {
                 group {
                     address-group ADDRv4_eth6
                 }
             }
             modify {
                 table main
             }
         }
         rule 50 {
             action modify
             description "do NOT load balance destination public address"
             destination {
                 group {
                     address-group ADDRv4_eth7
                 }
             }
             modify {
                 table main
             }
         }
         rule 70 {
             action modify
             modify {
                 lb-group G
             }
         }
     }
     name WAN_IN {
         default-action accept
         description "WAN to internal"
         rule 10 {
             action accept
             description https
             destination {
                 port 443
             }
             log disable
             protocol tcp
             state {
                 established enable
                 related enable
             }
         }
         rule 20 {
             action accept
             description "Allow established/related"
             state {
                 established enable
                 invalid enable
                 related enable
             }
         }
         rule 30 {
             action accept
             description ssh
             destination {
                 port 22
             }
             log disable
             protocol tcp_udp
         }
         rule 40 {
             action drop
             description "Drop invalid state"
             state {
                 invalid enable
             }
         }
     }
     name WAN_LOCAL {
         default-action accept
>        description "WAN to router"
         rule 10 {
             action accept
             description "Allow established/related"
             state {
                 established enable
                 related enable
             }
         }
+        rule 20 {
+            action drop
+            description "Drop invalid state"
+            state {
+                invalid enable
+            }
+        }
-        rule 30 {
-            action drop
-            description "Drop invalid state"
-            state {
-                invalid enable
-            }
-        }
     }
     options {
         mss-clamp {
             mss 1412
         }
     }
     receive-redirects disable
     send-redirects enable
     source-validation disable
     syn-cookies enable
 }
 interfaces {
     ethernet eth0 {
         address 192.168.1.1/24
         duplex auto
         speed auto
     }
     ethernet eth1 {
         address dhcp
         duplex auto
         poe {
             output 54v-4pair
         }
         speed auto
     }
     ethernet eth2 {
         bridge-group {
             bridge br0
         }
         duplex auto
         poe {
             output off
         }
         speed auto
     }
     ethernet eth3 {
         bridge-group {
             bridge br0
         }
         duplex auto
         poe {
             output 24v
         }
         speed auto
     }
     ethernet eth4 {
         bridge-group {
             bridge br0
         }
         duplex auto
         poe {
             output 24v
         }
         speed auto
     }
     ethernet eth5 {
         description "WAN 1 - pppoe"
         duplex auto
         firewall {
             in {
                 name WAN_IN
             }
             local {
                 name WAN_LOCAL
             }
         }
         poe {
             output off
         }
         speed auto
         vif 10 {
             address dhcp
             description "WAN 1 - pppoe"
             firewall {
                 in {
                     name WAN_IN
                 }
                 local {
                     name WAN_LOCAL
                 }
             }
         }
     }
     ethernet eth6 {
         address dhcp
         description "WAN 2 - dhcp"
         duplex auto
         firewall {
             in {
                 name WAN_IN
             }
             local {
                 name WAN_LOCAL
             }
         }
         poe {
             output off
         }
         speed auto
     }
     ethernet eth7 {
         address dhcp
         description "WAN 3 - dhcp"
         duplex auto
         firewall {
             in {
                 name WAN_IN
             }
             local {
                 name WAN_LOCAL
             }
         }
         poe {
             output 24v
         }
         speed auto
     }
     loopback lo {
     }
 }
 load-balance {
     group G {
         exclude-local-dns disable
         flush-on-active enable
         gateway-update-interval 20
         interface eth5 {
         }
         interface eth6 {
             failover-only
         }
         interface eth7 {
             failover-only
         }
         lb-local enable
         lb-local-metric-change disable
     }
 }
 service {
     dns {
         forwarding {
             cache-size 150
             listen-on br0
         }
     }
     gui {
         http-port 80
         https-port 443
         older-ciphers enable
     }
     nat {
         rule 5001 {
             description "masquerade for WAN 1"
             outbound-interface eth5.10
             type masquerade
         }
         rule 5002 {
             description "masquerade for WAN 2"
             outbound-interface eth6
             type masquerade
         }
         rule 5003 {
             description "masquerade for WAN 3"
             outbound-interface eth7
             type masquerade
         }
     }
     ssh {
         port 22
         protocol-version v2
     }
 }
 system {
     host-name EdgePoint-Router-8-Port
     ntp {
         server 0.ubnt.pool.ntp.org {
         }
         server 1.ubnt.pool.ntp.org {
         }
         server 2.ubnt.pool.ntp.org {
         }
         server 3.ubnt.pool.ntp.org {
         }
     }
     offload {
         hwnat disable
         ipv4 {
             forwarding enable
             pppoe enable
             vlan enable
         }
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone UTC
 }
[edit]
changed: [host01]

Or the 'compare' output

TASK [router : configure EdgeOS] *********************************************************************************************************************************************************************************************************************************************************
[edit firewall name WAN_LOCAL]
>description "WAN to router"
+rule 20 {
+    action drop
+    description "Drop invalid state"
+    state {
+        invalid enable
+    }
+}
-rule 30 {
-    action drop
-    description "Drop invalid state"
-    state {
-        invalid enable
-    }
-}
[edit]
changed: [host01]

@felixfontein
Copy link
Collaborator

One question on the preferred diff output format, currently it prints the whole router config with markers (like '>') to indicate changed lines as generated by the 'show' command. An alternative is to only print the changed lines using the 'compare' command. Examples below, but I think my preference is for the latter

The full output looks a big excessive, but I'm not using this module (or edgeos in general), so no idea how useful or annoying that is. In general, I think a shorter output concentrating on the changes is more useful. Since you seem to agree here, it's probaly better to change it that way :)

@Turgon37 Turgon37 mentioned this pull request Dec 25, 2020
Merged
@felixfontein
Copy link
Collaborator

@virtualguy do you still plan to do this change?

Otherwise I will merge soon, so it gets into community.network 2.0.0 (to be released next week).

@virtualguy virtualguy force-pushed the add-edgeos-config-diff branch 2 times, most recently from ce0f172 to 331f0b7 Compare January 21, 2021 09:05
@virtualguy
Copy link
Contributor Author

@virtualguy do you still plan to do this change?

Otherwise I will merge soon, so it gets into community.network 2.0.0 (to be released next week).

Thanks for the reminder, done now and tested working for me on an EdgePoint R8

@felixfontein felixfontein merged commit 316b727 into ansible-collections:main Jan 25, 2021
@felixfontein
Copy link
Collaborator

@virtualguy thanks for contributing!

@felixfontein felixfontein removed the check-before-release PR will be looked at again shortly before release and merged if possible. label Jan 25, 2021
@jplitza jplitza mentioned this pull request Feb 1, 2021
Open
@Andersson007
Copy link
Contributor

@virtualguy hi, would you like to have your GH login added to .github/BOTMETA.yml as a maintainer of the module?
You'll be notified about Issues/PRs related to the module and your shipit will be counted by bot for automerge (needs two for bugfixes and minor changes).
What do you think?

@Andersson007
Copy link
Contributor

@virtualguy my OS doesn't allow me to see who added a thumbs up:) So the same question to you ^

@virtualguy
Copy link
Contributor Author

Hah fair enough. Yes please add me :)

@Andersson007
Copy link
Contributor

@virtualguy great, thanks! done #256 could you please approve the PR?

To see what it gives, see #199 (comment)

@patchback patchback bot mentioned this pull request Mar 8, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixfontein felixfontein felixfontein approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@virtualguy @felixfontein @Andersson007