90b090b021
* adding OS9 ansible collections * adding OS9 collections Co-authored-by: Patil <Komal_uttamrao_Patil@Dell.com>
680 lines
No EOL
42 KiB
Django/Jinja
680 lines
No EOL
42 KiB
Django/Jinja
#jinja2: trim_blocks: True,lstrip_blocks: True
|
|
{#############################################
|
|
Purpose:
|
|
Configure AAA commands for os9 Devices
|
|
os9_aaa:
|
|
tacacs_server:
|
|
key: 7
|
|
key_string: 9ea8ec421c2e2e5bec757f44205015f6d81e83a4f0aa52fa
|
|
group:
|
|
- name: TACACS
|
|
host:
|
|
- ip: 2001:4898:f0:f09b::1000
|
|
key: 0
|
|
key_string: aaa
|
|
auth_port: 3
|
|
timeout: 2
|
|
state: present
|
|
vrf:
|
|
vrf_name: test
|
|
source_intf: fortyGigE 1/2
|
|
state: present
|
|
state: present
|
|
host:
|
|
- ip: 2001:4898:f0:f09b::1000
|
|
key: 0
|
|
key_string: aaa
|
|
auth_port: 3
|
|
timeout: 2
|
|
state: present
|
|
radius_server:
|
|
key: 7
|
|
key_string: 9ea8ec421c2e2e5bec757f44205015f6d81e83a4f0aa52fb
|
|
retransmit: 5
|
|
timeout: 10
|
|
deadtime: 2000
|
|
group:
|
|
- name: Radius
|
|
host:
|
|
- ip: 2001:4898:f0:f09b::1001
|
|
key: 0
|
|
key_string: aaa
|
|
retransmit: 5
|
|
auth_port: 3
|
|
timeout: 2
|
|
state: present
|
|
vrf:
|
|
vrf_name: test
|
|
source_intf: fortyGigE 1/3
|
|
state: present
|
|
state: present
|
|
host:
|
|
- ip: 2001:4898:f0:f09b::1001
|
|
key: 0
|
|
key_string: aaa
|
|
retransmit: 5
|
|
auth_port: 3
|
|
timeout: 2
|
|
state: present
|
|
aaa_accounting:
|
|
commands:
|
|
- enable_level: 2
|
|
accounting_list_name: aa
|
|
no_accounting: true
|
|
record_option: start-stop
|
|
state: present
|
|
suppress: True
|
|
exec:
|
|
- accounting_list_name: aaa
|
|
no_accounting: true
|
|
state: present
|
|
dot1x: none
|
|
rest: none
|
|
aaa_authorization:
|
|
commands:
|
|
- enable_level: 2
|
|
authorization_list_name: aa
|
|
use_data: local
|
|
state: present
|
|
- role_name: netadmin
|
|
authorization_list_name: aa
|
|
authorization_method: none
|
|
use_data: local
|
|
config_commands: True
|
|
role_only: True
|
|
exec:
|
|
- authorization_list_name: aaa
|
|
authorization_method: if-authenticated
|
|
use_data: local
|
|
state: present
|
|
aaa_radius:
|
|
group: RADIUS
|
|
auth_method: pap
|
|
aaa_tacacs:
|
|
group: TACACS
|
|
aaa_authentication:
|
|
auth_list:
|
|
- name: default
|
|
login_or_enable: login
|
|
server: tacacs+
|
|
use_password: local
|
|
state: present
|
|
- name: console
|
|
server: radius
|
|
login_or_enable: login
|
|
use_password: local
|
|
line_terminal:
|
|
vty 0:
|
|
authorization:
|
|
commands:
|
|
- enable_level: 2
|
|
authorization_list_name: aa
|
|
state: present
|
|
- enable_level: 2
|
|
authorization_list_name: aa
|
|
state: present
|
|
exec:
|
|
- authorization_list_name: aa
|
|
state: present
|
|
accounting:
|
|
commands:
|
|
- enable_level: 2
|
|
accounting_list_name: aa
|
|
state: present
|
|
- enable_level: 2
|
|
accounting_list_name: aa
|
|
state: present
|
|
exec:
|
|
- accounting_list_name: aa
|
|
state: present
|
|
authentication:
|
|
enable: aa
|
|
login: console
|
|
##################################################}
|
|
{% if os9_aaa is defined and os9_aaa %}
|
|
{% for key in os9_aaa.keys() %}
|
|
{% set aaa_vars = os9_aaa[key] %}
|
|
{% if key == "tacacs_server" %}
|
|
{% set server = "tacacs-server" %}
|
|
{% endif %}
|
|
{% if key == "radius_server" %}
|
|
{% set server = "radius-server" %}
|
|
{% endif %}
|
|
{% if server is defined and server %}
|
|
{% if aaa_vars %}
|
|
{% set item = aaa_vars %}
|
|
{% if item.retransmit is defined %}
|
|
{% if item.retransmit %}
|
|
{{ server }} retransmit {{ item.retransmit }}
|
|
{% else %}
|
|
no {{ server }} retransmit
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.timeout is defined %}
|
|
{% if item.timeout %}
|
|
{{ server }} timeout {{ item.timeout }}
|
|
{% else %}
|
|
no {{ server }} timeout
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.deadtime is defined %}
|
|
{% if item.deadtime %}
|
|
{{ server }} deadtime {{ item.deadtime }}
|
|
{% else %}
|
|
no {{ server }} deadtime
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.key is defined %}
|
|
{% if item.key == 0 or item.key == 7 %}
|
|
{% if item.key_string is defined and item.key_string%}
|
|
{{ server }} key {{ item.key }} {{ item.key_string }}
|
|
{% endif %}
|
|
{% elif item.key %}
|
|
{{ server }} key {{ item.key }}
|
|
{% else %}
|
|
no {{ server }} key
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.host is defined and item.host %}
|
|
{% for hostlist in item.host %}
|
|
{% if hostlist.ip is defined and hostlist.ip %}
|
|
{% if hostlist.state is defined and hostlist.state == "absent" %}
|
|
{% if (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7) ) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) %}
|
|
no {{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
no {{ server }} host {{ hostlist.ip }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7) )%}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }}
|
|
{% else %}
|
|
no {{ server }} host {{ hostlist.ip }}
|
|
{% endif %}
|
|
{% else %}
|
|
{% if (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key== 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) %}
|
|
{{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server"%}
|
|
{{ server }} host {{ hostlist.ip }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7))%}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }}
|
|
{% else %}
|
|
{{ server }} host {{ hostlist.ip }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.group is defined and item.group %}
|
|
{% for groupitem in item.group %}
|
|
{% if groupitem.name is defined and groupitem.name %}
|
|
{% if groupitem.state is defined and groupitem.state == "absent" %}
|
|
no {{ server }} group {{ groupitem.name }}
|
|
{% else %}
|
|
{{ server }} group {{ groupitem.name }}
|
|
{% if groupitem.host is defined and groupitem.host %}
|
|
{% for hostlist in groupitem.host %}
|
|
{% if hostlist.ip is defined and hostlist.ip %}
|
|
{% if hostlist.state is defined and hostlist.state == "absent" %}
|
|
{% if (hostlist.key is defined and (hostlist.key or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and (hostlist.key or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.key is defined and (hostlist.key or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) %}
|
|
no {{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
no {{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
no {{ server }} host {{ hostlist.ip }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) %}
|
|
no {{ server }} host {{ hostlist.ip }} key {{ hostlist.key }}
|
|
{% else %}
|
|
no {{ server }} host {{ hostlist.ip }}
|
|
{% endif %}
|
|
{% else %}
|
|
{% if (hostlist.key is defined and (hostlist.key== 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) and (hostlist.key_string is defined and hostlist.key_string) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.key is defined and hostlist.key) and (hostlist.timeout is defined and hostlist.timeout) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) and (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) and (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server" %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.timeout is defined and hostlist.timeout) %}
|
|
{{ server }} host {{ hostlist.ip }} timeout {{ hostlist.timeout }}
|
|
{% elif (hostlist.auth_port is defined and hostlist.auth_port) %}
|
|
{% if server == "radius-server" %}{%set port = "auth-port" %}{%else %}{% set port = "port" %}{% endif %}
|
|
{{ server }} host {{ hostlist.ip }} {{ port }} {{ hostlist.auth_port }}
|
|
{% elif (hostlist.retransmit is defined and hostlist.retransmit) and server == "radius-server"%}
|
|
{{ server }} host {{ hostlist.ip }} retransmit {{ hostlist.retransmit }}
|
|
{% elif (hostlist.key is defined and (hostlist.key == 0 or hostlist.key == 7)) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }} {{ hostlist.key_string }}
|
|
{% elif (hostlist.key is defined and hostlist.key) %}
|
|
{{ server }} host {{ hostlist.ip }} key {{ hostlist.key }}
|
|
{% else %}
|
|
{{ server }} host {{ hostlist.ip }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if groupitem.vrf is defined and groupitem.vrf %}
|
|
{% if groupitem.vrf.vrf_name is defined and groupitem.vrf.vrf_name %}
|
|
{% if groupitem.vrf.state is defined and groupitem.vrf.state == "absent" %}
|
|
no {{ server }} vrf {{ groupitem.vrf.vrf_name }}
|
|
{% else %}
|
|
{% if groupitem.vrf.source_intf is defined and groupitem.vrf.source_intf %}
|
|
{{ server }} vrf {{ groupitem.vrf.vrf_name }} source-interface {{ groupitem.vrf.source_intf }}
|
|
{% else %}
|
|
{{ server }} vrf {{ groupitem.vrf.vrf_name }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
{% if os9_aaa.aaa_accounting is defined and os9_aaa.aaa_accounting %}
|
|
{% set aaa_accounting = os9_aaa.aaa_accounting %}
|
|
{% if aaa_accounting.suppress is defined %}
|
|
{% if aaa_accounting.suppress %}
|
|
aaa accounting suppress null-username
|
|
{% else %}
|
|
no aaa accounting suppress null-username
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if aaa_accounting.dot1x is defined %}
|
|
{% if aaa_accounting.dot1x == "none" %}
|
|
aaa accounting dot1x default none
|
|
{% elif aaa_accounting.dotx %}
|
|
aaa accounting dot1x default {{ aaa_accounting.dot1x }} tacacs+
|
|
{% else %}
|
|
no aaa accounting dotx default
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if aaa_accounting.rest is defined %}
|
|
{% if aaa_accounting.rest == "none" %}
|
|
aaa accounting rest default none
|
|
{% elif aaa_accounting.rest %}
|
|
aaa accounting rest default {{ aaa_accounting.rest }} tacacs+
|
|
{% else %}
|
|
no aaa accounting rest default
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if aaa_accounting.exec is defined and aaa_accounting.exec %}
|
|
{% for command in aaa_accounting.exec %}
|
|
{% if command.accounting_list_name is defined and command.accounting_list_name %}
|
|
{% if command.state is defined and command.state == "absent" %}
|
|
no aaa accounting exec {{ command.accounting_list_name }}
|
|
{% else %}
|
|
{% if command.record_option is defined and command.record_option %}
|
|
aaa accounting exec {{ command.accounting_list_name }} {{ command.record_option }} tacacs+
|
|
{% elif command.no_accounting is defined and command.no_accounting %}
|
|
aaa accounting exec {{ command.accounting_list_name }} none
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if aaa_accounting.commands is defined and aaa_accounting.commands %}
|
|
{% for command in aaa_accounting.commands %}
|
|
{% if command.enable_level is defined and command.enable_level %}
|
|
{% if command.accounting_list_name is defined and command.accounting_list_name %}
|
|
{% if command.state is defined and command.state == "absent" %}
|
|
no aaa accounting commands {{ command.enable_level }} {{ command.accounting_list_name }}
|
|
{% else %}
|
|
{% if command.record_option is defined and command.record_option %}
|
|
aaa accounting commands {{ command.enable_level }} {{ command.accounting_list_name }} {{ command.record_option }} tacacs+
|
|
{% elif command.no_accounting is defined and command.no_accounting %}
|
|
aaa accounting commands {{ command.enable_level }} {{ command.accounting_list_name }} none
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% elif command.role_name is defined and command.role_name %}
|
|
{% if command.accounting_list_name is defined and command.accounting_list_name %}
|
|
{% if command.state is defined and command.state == "absent" %}
|
|
no aaa accounting commands role {{ command.role_name }} {{ command.accounting_list_name }}
|
|
{% else %}
|
|
{% if command.record_option is defined and command.record_option %}
|
|
aaa accounting commands role {{ command.role_name }} {{ command.accounting_list_name }} {{ command.record_option }} tacacs+
|
|
{% elif command.no_accounting is defined and command.no_accounting %}
|
|
aaa accounting commands role {{ command.role_name }} {{ command.accounting_list_name }} none
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if os9_aaa.aaa_authorization is defined and os9_aaa.aaa_authorization %}
|
|
{% set aaa_authorization = os9_aaa.aaa_authorization %}
|
|
{% if aaa_authorization.config_commands is defined %}
|
|
{% if aaa_authorization.config_commands %}
|
|
aaa authorization config-commands
|
|
{% else %}
|
|
no aaa authorization config-commands
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if aaa_authorization.role_only is defined %}
|
|
{% if aaa_authorization.role_only %}
|
|
aaa authorization role-only
|
|
{% else %}
|
|
no aaa authorization role-only
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if aaa_authorization.exec is defined and aaa_authorization.exec %}
|
|
{% for command in aaa_authorization.exec %}
|
|
{% if command.authorization_list_name is defined and command.authorization_list_name %}
|
|
{% if command.state is defined and command.state == "absent" %}
|
|
no aaa authorization exec {{ command.authorization_list_name }}
|
|
{% else %}
|
|
{% if command.use_data is defined and command.use_data %}
|
|
{% if command.authorization_method is defined and command.authorization_method %}
|
|
aaa authorization exec {{ command.authorization_list_name }} {{ command.use_data }} {{ command.authorization_method }}
|
|
{% else %}
|
|
aaa authorization exec {{ command.authorization_list_name }} {{ command.use_data }}
|
|
{% endif %}
|
|
{% else %}
|
|
{% if command.authorization_method is defined and command.authorization_method %}
|
|
aaa authorization exec {{ command.authorization_list_name }} {{ command.authorization_method }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if aaa_authorization.commands is defined and aaa_authorization.commands %}
|
|
{% for command in aaa_authorization.commands %}
|
|
{% if command.enable_level is defined and command.enable_level %}
|
|
{% if command.authorization_list_name is defined and command.authorization_list_name %}
|
|
{% if command.state is defined and command.state == "absent" %}
|
|
no aaa authorization commands {{ command.enable_level }} {{ command.authorization_list_name }}
|
|
{% else %}
|
|
{% if command.use_data is defined and command.use_data %}
|
|
{% if command.authorization_method is defined and command.authorization_method %}
|
|
aaa authorization commands {{ command.enable_level }} {{ command.authorization_list_name }} {{ command.use_data }} {{ command.authorization_method }}
|
|
{% else %}
|
|
aaa authorization commands {{ command.enable_level }} {{ command.authorization_list_name }} {{ command.use_data }}
|
|
{% endif %}
|
|
{% else %}
|
|
{% if command.authorization_method is defined and command.authorization_method %}
|
|
aaa authorization commands {{ command.enable_level }} {{ command.authorization_list_name }} {{ command.authorization_method }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% elif command.role_name is defined and command.role_name %}
|
|
{% if command.authorization_list_name is defined and command.authorization_list_name %}
|
|
{% if command.state is defined and command.state == "absent" %}
|
|
no aaa authorization commands role {{ command.role_name }} {{ command.authorization_list_name }}
|
|
{% else %}
|
|
{% if command.use_data is defined and command.use_data %}
|
|
{% if command.authorization_method is defined and command.authorization_method %}
|
|
aaa authorization commands role {{ command.role_name }} {{ command.authorization_list_name }} {{ command.use_data }} {{ command.authorization_method }}
|
|
{% else %}
|
|
aaa authorization commands role {{ command.role_name }} {{ command.authorization_list_name }} {{ command.use_data }}
|
|
{% endif %}
|
|
{% else %}
|
|
{% if command.authorization_method is defined and command.authorization_method %}
|
|
aaa authorization commands role {{ command.role_name }} {{ command.authorization_list_name }} {{ command.authorization_method }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if os9_aaa.aaa_radius is defined and os9_aaa.aaa_radius %}
|
|
{% if os9_aaa.aaa_radius.group is defined %}
|
|
{% if os9_aaa.aaa_radius.group %}
|
|
aaa radius group {{ os9_aaa.aaa_radius.group }}
|
|
{% else %}
|
|
no aaa radius group
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if os9_aaa.aaa_radius.auth_method is defined %}
|
|
{% if os9_aaa.aaa_radius.auth_method %}
|
|
aaa radius auth-method {{ os9_aaa.aaa_radius.auth_method }}
|
|
{% else %}
|
|
no aaa radius auth-method
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if os9_aaa.aaa_tacacs is defined and os9_aaa.aaa_tacacs %}
|
|
{% if os9_aaa.aaa_tacacs.group is defined %}
|
|
{% if os9_aaa.aaa_tacacs.group %}
|
|
aaa tacacs group {{ os9_aaa.aaa_tacacs.group }}
|
|
{% else %}
|
|
no aaa tacacs group
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if os9_aaa.aaa_authentication is defined and os9_aaa.aaa_authentication %}
|
|
{% if os9_aaa.aaa_authentication.auth_list is defined and os9_aaa.aaa_authentication.auth_list %}
|
|
{% for auth_list in os9_aaa.aaa_authentication.auth_list %}
|
|
{% if auth_list.login_or_enable is defined and auth_list.login_or_enable %}
|
|
{% if auth_list.name is defined and auth_list.name %}
|
|
{% if auth_list.state is defined and auth_list.state == "absent" %}
|
|
no aaa authentication {{ auth_list.login_or_enable }} {{ auth_list.name }}
|
|
{% else %}
|
|
{% if auth_list.server is defined and auth_list.server %}
|
|
{% if auth_list.use_password is defined and auth_list.use_password %}
|
|
aaa authentication {{ auth_list.login_or_enable }} {{ auth_list.name }} {{ auth_list.server }} {{ auth_list.use_password }}
|
|
{% else %}
|
|
aaa authentication {{ auth_list.login_or_enable }} {{ auth_list.name }} {{ auth_list.server }}
|
|
{% endif %}
|
|
{% else %}
|
|
{% if auth_list.use_password is defined and auth_list.use_password %}
|
|
aaa authentication {{ auth_list.login_or_enable }} {{ auth_list.name }} {{ auth_list.use_password }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if os9_aaa.line_terminal is defined and os9_aaa.line_terminal %}
|
|
{% for terminal in os9_aaa.line_terminal.keys() %}
|
|
{% set terminal_vars = os9_aaa.line_terminal[terminal] %}
|
|
line {{ terminal }}
|
|
{% if terminal_vars.authorization is defined and terminal_vars.authorization %}
|
|
{% if terminal_vars.authorization.commands is defined and terminal_vars.authorization.commands %}
|
|
{% for commands in terminal_vars.authorization.commands %}
|
|
{% if commands.enable_level is defined and commands.enable_level %}
|
|
{% if commands.state is defined and commands.state == "absent" %}
|
|
no authorization commands {{ commands.enable_level }}
|
|
{% else %}
|
|
{% if commands.authorization_list_name is defined and commands.authorization_list_name %}
|
|
authorization commands {{ commands.enable_level }} {{ commands.authorization_list_name }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% elif commands.role_name is defined and commands.role_name %}
|
|
{% if commands.state is defined and commands.state == "absent" %}
|
|
no authorization commands role {{ commands.role_name }}
|
|
{% else %}
|
|
{% if commands.authorization_list_name is defined and commands.authorization_list_name %}
|
|
authorization commands role {{ commands.role_name }} {{ commands.authorization_list_name }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if terminal_vars.authorization.exec is defined and terminal_vars.authorization.exec %}
|
|
{% set exec = terminal_vars.authorization.exec %}
|
|
{% if exec.state is defined and exec.state == "absent" %}
|
|
no authorization exec
|
|
{% else %}
|
|
{% if exec.authorization_list_name is defined and exec.authorization_list_name %}
|
|
authorization exec {{ exec.authorization_list_name }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if terminal_vars.accounting is defined and terminal_vars.accounting %}
|
|
{% if terminal_vars.accounting.commands is defined and terminal_vars.accounting.commands %}
|
|
{% for commands in terminal_vars.accounting.commands %}
|
|
{% if commands.enable_level is defined and commands.enable_level %}
|
|
{% if commands.state is defined and commands.state == "absent" %}
|
|
no accounting commands {{ commands.enable_level }}
|
|
{% else %}
|
|
{% if commands.accounting_list_name is defined and commands.accounting_list_name %}
|
|
accounting commands {{ commands.enable_level }} {{ commands.accounting_list_name }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% elif commands.role_name is defined and commands.role_name %}
|
|
{% if commands.state is defined and commands.state == "absent" %}
|
|
no accounting commands role {{ commands.role_name }}
|
|
{% else %}
|
|
{% if commands.accounting_list_name is defined and commands.accounting_list_name %}
|
|
accounting commands role {{ commands.role_name }} {{ commands.accounting_list_name }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if terminal_vars.accounting.exec is defined and terminal_vars.accounting.exec %}
|
|
{% set exec = terminal_vars.accounting.exec %}
|
|
{% if exec.state is defined and exec.state == "absent" %}
|
|
no accounting exec
|
|
{% else %}
|
|
{% if exec.accounting_list_name is defined and exec.accounting_list_name %}
|
|
authorization exec {{ exec.accounting_list_name }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if terminal_vars.authentication is defined and terminal_vars.authentication %}
|
|
{% if terminal_vars.authentication.enable is defined %}
|
|
{% if terminal_vars.authentication.enable %}
|
|
enable authentication {{ terminal_vars.authentication.enable }}
|
|
{% else %}
|
|
no enable authentication
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if terminal_vars.authentication.login is defined %}
|
|
{% if terminal_vars.authentication.login %}
|
|
login authentication {{ terminal_vars.authentication.login }}
|
|
{% else %}
|
|
no login authentication
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %} |