gabstopper / ansible-stonesoft

Ansible libraries for automating Stonesoft FW Management
Apache License 2.0
10 stars 3 forks source link

Remove Element #13

Closed meandus closed 6 years ago

meandus commented 6 years ago

Hi, How is it possible to remove an element from a group ? How is it possible to delete an element from SMC ?

Regards :)

gabstopper commented 6 years ago

Will have to add the functionality to add to a group but you can use network_element.yml to delete an element:

- name: Delete network elements. Use a list of elements by name
  network_element:
    smc_logging:
        level: 10
        path: /Users/davidlepage/Downloads/ansible-smc.log
    state: absent
    elements:
      - group:
          - mygroup
          - newgroupa
      - host:
          - hosta
          - hostb
      - network:
          - networka
      - address_range:
          - myrange
      - interface_zone:
          - myzone
      - domain_name:
          - mydomain.com
      - router:
          - myrouter
      - ip_list:
          - myiplist

https://github.com/gabstopper/ansible-stonesoft/blob/master/playbooks/network_element.yml

meandus commented 6 years ago

my question is regarding to remove a element from a group, not to delete the group

-name:Delete network elements. Use a list of elements by name network_element: smc_logging: level:10 path:/Users/davidlepage/Downloads/ansible-smc.log state:absent elements: -group: -mynetwork-object

Le 04/04/2018 à 15:30, David LePage a écrit :

Will have to add the functionality to add to a group but you can use network_element.yml to delete an element:

-name:Delete network elements. Use a list of elements by name network_element: smc_logging: level:10 path:/Users/davidlepage/Downloads/ansible-smc.log state:absent elements: -group: -mygroup -newgroupa -host: -hosta -hostb -network: -networka -address_range: -myrange -interface_zone: -myzone -domain_name: -mydomain.com -router: -myrouter -ip_list: -myiplist

https://github.com/gabstopper/ansible-stonesoft/blob/master/playbooks/network_element.yml

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/gabstopper/ansible-stonesoft/issues/13#issuecomment-378600232, or mute the thread https://github.com/notifications/unsubscribe-auth/AEEKjBHPVmgxdsJpFqDSDs21FdXRnrQaks5tlMrlgaJpZM4TFBnD.

gabstopper commented 6 years ago

Ok, understood. Group handling will be fixed in network_element to accomodate that. Do you see the need to also delete any element type? I was going to extend network_element to allow more generic removals of any element type based on the 'entry point'.

meandus commented 6 years ago

May be in the future ... good to remove dynamic routing elements (prefix, route map, as, etc)

To delete only an interface, a vlan on an interface, delete a static route, add a static route on cluster, delete a antispoofing network or add a static antispoofing network. ;)

Rémy.

Le 4 avril 2018 15:53:29 GMT+02:00, David LePage notifications@github.com a écrit :

Ok, understood. Group handling will be fixed in network_element to accomodate that. Do you see the need to also delete any element type? I was going to extend network_element to allow more generic removals of any element type based on the 'entry point'.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/13#issuecomment-378607615

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Hi Remy, You can delete an interface and individual VLAN with the current logic now. The process would be to fetch the entire engine as yaml using engine_facts, then adding the parameter: delete_undefined_interfaces: true and remove the interfaces/vlans you want to remove.

In addition to this, the antispoofing network and announced networks will be removed if the bgp parameter is defined and the elements are different. The yaml configuration is considered to be the current state of the configuration. I will be adding some more in depth supplementary documentation besides the base level ansible docs once the changes become more static (getting close).

gabstopper commented 6 years ago

Hi Remy, I have updated the engine library to support a much more broad set of operations and merged the logic between single fw and fw_cluster. The only real difference is when creating the engine you must specify the engine type. In addition, the engine yaml differs between the two but there is an example playbook for both l3fw_cluster and l3fw.

gabstopper commented 6 years ago

Current version supports removing or appending to an existing group using: remove_members. Overwriting a current group can be accomplished by adding append_lists=False.