VhddlmZmZmZeZdZdZdZddl m Z ddl m Z ddl Z Gdd eZGd d eZd Zed k(reyy))absolute_importdivisionprint_functiona module: nmcli author: - Chris Long (@alcamie101) short_description: Manage Networking requirements: - nmcli extends_documentation_fragment: - community.general.attributes description: - Manage the network devices. Create, modify and manage various connection and device type, for example V(ethernet), V(team), V(bond), V(vlan) and so on. - 'On CentOS 8 and Fedora >=29 like systems, the requirements can be met by installing the following packages: NetworkManager.' - 'On CentOS 7 and Fedora <=28 like systems, the requirements can be met by installing the following packages: NetworkManager-tui.' - 'On Ubuntu and Debian like systems, the requirements can be met by installing the following packages: network-manager.' - 'On openSUSE, the requirements can be met by installing the following packages: NetworkManager.' attributes: check_mode: support: full diff_mode: support: full options: state: description: - Whether the device should exist or not, taking action if the state is different from what is stated. - Using O(state=present) to create connection will automatically bring connection up. - Using O(state=up) and O(state=down) will not modify connection with other parameters. These states have been added in community.general 9.5.0. type: str required: true choices: [absent, present, up, down] autoconnect: description: - Whether the connection should start on boot. - Whether the connection profile can be automatically activated. type: bool default: true conn_name: description: - The name used to call the connection. Pattern is V([-][-]). type: str required: true conn_reload: description: - Whether the connection should be reloaded if it was modified. type: bool required: false default: false version_added: 9.5.0 ifname: description: - The interface to bind the connection to. - The connection will only be applicable to this interface name. - A special value of V(*) can be used for interface-independent connections. - The ifname argument is mandatory for all connection types except bond, team, bridge, vlan and vpn. - This parameter defaults to O(conn_name) when left unset for all connection types except vpn that removes it. type: str type: description: - This is the type of device or network connection that you wish to create or modify. - Type V(dummy) is added in community.general 3.5.0. - Type V(gsm) is added in community.general 3.7.0. - Type V(infiniband) is added in community.general 2.0.0. - Type V(loopback) is added in community.general 8.1.0. - Type V(macvlan) is added in community.general 6.6.0. - Type V(ovs-bridge) is added in community.general 8.6.0. - Type V(ovs-interface) is added in community.general 8.6.0. - Type V(ovs-port) is added in community.general 8.6.0. - Type V(wireguard) is added in community.general 4.3.0. - Type V(vpn) is added in community.general 5.1.0. - Type V(vrf) is added in community.general 10.4.0. - Using V(bond-slave), V(bridge-slave), or V(team-slave) implies V(ethernet) connection type with corresponding O(slave_type) option. - If you want to control non-ethernet connection attached to V(bond), V(bridge), or V(team) consider using O(slave_type) option. type: str choices: - bond - bond-slave - bridge - bridge-slave - dummy - ethernet - generic - gre - infiniband - ipip - macvlan - sit - team - team-slave - vlan - vxlan - wifi - gsm - wireguard - ovs-bridge - ovs-port - ovs-interface - vpn - vrf - loopback mode: description: - This is the type of device or network connection that you wish to create for a bond or bridge. type: str choices: [802.3ad, active-backup, balance-alb, balance-rr, balance-tlb, balance-xor, broadcast] default: balance-rr transport_mode: description: - This option sets the connection type of Infiniband IPoIB devices. type: str choices: [datagram, connected] version_added: 5.8.0 infiniband_mac: description: - MAC address of the Infiniband IPoIB devices. type: str version_added: 10.6.0 slave_type: description: - Type of the device of this slave's master connection (for example V(bond)). - Type V(ovs-port) is added in community.general 8.6.0. type: str choices: ['bond', 'bridge', 'team', 'ovs-port', 'vrf'] version_added: 7.0.0 master: description: - Master ] STP forwarding delay, in seconds. type: int default: 15 hellotime: description: - This is only used with bridge - [hello-time <1-10>] STP hello time, in seconds. type: int default: 2 maxage: description: - This is only used with bridge - [max-age <6-42>] STP maximum message age, in seconds. type: int default: 20 ageingtime: description: - This is only used with bridge - [ageing-time <0-1000000>] the Ethernet MAC address aging time, in seconds. type: int default: 300 mac: description: - MAC address of the connection. - Note this requires a recent kernel feature, originally introduced in 3.15 upstream kernel. type: str slavepriority: description: - This is only used with 'bridge-slave' - [<0-63>] - STP priority of this slave. type: int default: 32 path_cost: description: - This is only used with 'bridge-slave' - [<1-65535>] - STP port cost for destinations using this slave. type: int default: 100 hairpin: description: - This is only used with 'bridge-slave' - 'hairpin mode' for the slave, which allows frames to be sent back out through the slave the frame was received on. - The default change to V(false) in community.general 7.0.0. It used to be V(true) before. type: bool default: false runner: description: - This is the type of device or network connection that you wish to create for a team. type: str choices: [broadcast, roundrobin, activebackup, loadbalance, lacp] default: roundrobin version_added: 3.4.0 runner_hwaddr_policy: description: - This defines the policy of how hardware addresses of team device and port devices should be set during the team lifetime. type: str choices: [same_all, by_active, only_active] version_added: 3.4.0 runner_fast_rate: description: - Option specifies the rate at which our link partner is asked to transmit LACPDU packets. If this is V(true) then packets will be sent once per second. Otherwise they will be sent every 30 seconds. - Only allowed for O(runner=lacp). type: bool version_added: 6.5.0 vlanid: description: - This is only used with VLAN - VLAN ID in range <0-4095>. type: int vlandev: description: - This is only used with VLAN - parent device this VLAN is on, can use ifname. type: str flags: description: - This is only used with VLAN - flags. type: str ingress: description: - This is only used with VLAN - VLAN ingress priority mapping. type: str egress: description: - This is only used with VLAN - VLAN egress priority mapping. type: str vxlan_id: description: - This is only used with VXLAN - VXLAN ID. type: int vxlan_remote: description: - This is only used with VXLAN - VXLAN destination IP address. type: str vxlan_local: description: - This is only used with VXLAN - VXLAN local IP address. type: str ip_tunnel_dev: description: - This is used with GRE/IPIP/SIT - parent device this GRE/IPIP/SIT tunnel, can use ifname. type: str ip_tunnel_remote: description: - This is used with GRE/IPIP/SIT - GRE/IPIP/SIT destination IP address. type: str ip_tunnel_local: description: - This is used with GRE/IPIP/SIT - GRE/IPIP/SIT local IP address. type: str ip_tunnel_input_key: description: - The key used for tunnel input packets. - Only used when O(type=gre). type: str version_added: 3.6.0 ip_tunnel_output_key: description: - The key used for tunnel output packets. - Only used when O(type=gre). type: str version_added: 3.6.0 table: description: - This is only used with VRF - VRF table number. type: int version_added: 10.4.0 zone: description: - The trust level of the connection. - When updating this property on a currently activated connection, the change takes effect immediately. type: str version_added: 2.0.0 wifi_sec: description: - The security configuration of the WiFi connection. - Note the list of suboption attributes may vary depending on which version of NetworkManager/nmcli is installed on the host. - 'An up-to-date list of supported attributes can be found here: U(https://networkmanager.dev/docs/api/latest/settings-802-11-wireless-security.html).' - 'For instance to use common WPA-PSK auth with a password: V({key-mgmt: wpa-psk, psk: my_password}).' type: dict suboptions: auth-alg: description: - When WEP is used (that is, if O(wifi_sec.key-mgmt) is V(none) or V(ieee8021x)) indicate the 802.11 authentication algorithm required by the AP here. - One of V(open) for Open System, V(shared) for Shared Key, or V(leap) for Cisco LEAP. - When using Cisco LEAP (that is, if O(wifi_sec.key-mgmt=ieee8021x) and O(wifi_sec.auth-alg=leap)) the O(wifi_sec.leap-username) and O(wifi_sec.leap-password) properties must be specified. type: str choices: [open, shared, leap] fils: description: - Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for the connection. - One of V(0) (use global default value), V(1) (disable FILS), V(2) (enable FILS if the supplicant and the access point support it) or V(3) (enable FILS and fail if not supported). - When set to V(0) and no global default is set, FILS will be optionally enabled. type: int choices: [0, 1, 2, 3] default: 0 group: description: - A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. - For maximum compatibility leave this property empty. type: list elements: str choices: [wep40, wep104, tkip, ccmp] key-mgmt: description: - Key management used for the connection. - One of V(none) (WEP or no password protection), V(ieee8021x) (Dynamic WEP), V(owe) (Opportunistic Wireless Encryption), V(wpa-psk) (WPA2 + WPA3 personal), V(sae) (WPA3 personal only), V(wpa-eap) (WPA2 + WPA3 enterprise) or V(wpa-eap-suite-b-192) (WPA3 enterprise only). - This property must be set for any Wi-Fi connection that uses security. type: str choices: [none, ieee8021x, owe, wpa-psk, sae, wpa-eap, wpa-eap-suite-b-192] leap-password-flags: description: Flags indicating how to handle the O(wifi_sec.leap-password) property. type: list elements: int leap-password: description: The login password for legacy LEAP connections (that is, if O(wifi_sec.key-mgmt=ieee8021x) and O(wifi_sec.auth-alg=leap)). type: str leap-username: description: The login username for legacy LEAP connections (that is, if O(wifi_sec.key-mgmt=ieee8021x) and O(wifi_sec.auth-alg=leap)). type: str pairwise: description: - A list of pairwise encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. - For maximum compatibility leave this property empty. type: list elements: str choices: [tkip, ccmp] pmf: description: - Indicates whether Protected Management Frames (802.11w) must be enabled for the connection. - One of V(0) (use global default value), V(1) (disable PMF), V(2) (enable PMF if the supplicant and the access point support it) or V(3) (enable PMF and fail if not supported). - When set to V(0) and no global default is set, PMF will be optionally enabled. type: int choices: [0, 1, 2, 3] default: 0 proto: description: - List of strings specifying the allowed WPA protocol versions to use. - Each element may be V(wpa) (allow WPA) or V(rsn) (allow WPA2/RSN). - If not specified, both WPA and RSN connections are allowed. type: list elements: str choices: [wpa, rsn] psk-flags: description: Flags indicating how to handle the O(wifi_sec.psk) property. type: list elements: int psk: description: - Pre-Shared-Key for WPA networks. - For WPA-PSK, it is either an ASCII passphrase of 8 to 63 characters that is (as specified in the 802.11i standard) hashed to derive the actual key, or the key in form of 64 hexadecimal character. - The WPA3-Personal networks use a passphrase of any length for SAE authentication. type: str wep-key-flags: description: - Flags indicating how to handle the O(wifi_sec.wep-key0), O(wifi_sec.wep-key1), O(wifi_sec.wep-key2), and O(wifi_sec.wep-key3) properties. type: list elements: int wep-key-type: description: - Controls the interpretation of WEP keys. - Allowed values are V(1), in which case the key is either a 10- or 26-character hexadecimal string, or a 5- or 13-character ASCII password; or V(2), in which case the passphrase is provided as a string and will be hashed using the de-facto MD5 method to derive the actual WEP key. type: int choices: [1, 2] wep-key0: description: - Index 0 WEP key. This is the WEP key used in most networks. - See the O(wifi_sec.wep-key-type) property for a description of how this key is interpreted. type: str wep-key1: description: - Index 1 WEP key. This WEP index is not used by most networks. - See the O(wifi_sec.wep-key-type) property for a description of how this key is interpreted. type: str wep-key2: description: - Index 2 WEP key. This WEP index is not used by most networks. - See the O(wifi_sec.wep-key-type) property for a description of how this key is interpreted. type: str wep-key3: description: - Index 3 WEP key. This WEP index is not used by most networks. - See the O(wifi_sec.wep-key-type) property for a description of how this key is interpreted. type: str wep-tx-keyidx: description: - When static WEP is used (that is, if O(wifi_sec.key-mgmt=none)) and a non-default WEP key index is used by the AP, put that WEP key index here. - Valid values are V(0) (default key) through V(3). - Note that some consumer access points (like the Linksys WRT54G) number the keys V(1) to V(4). type: int choices: [0, 1, 2, 3] default: 0 wps-method: description: - Flags indicating which mode of WPS is to be used if any. - There is little point in changing the default setting as NetworkManager will automatically determine whether it is feasible to start WPS enrollment from the Access Point capabilities. - WPS can be disabled by setting this property to a value of V(1). type: int default: 0 version_added: 3.0.0 ssid: description: - Name of the Wireless router or the access point. type: str version_added: 3.0.0 wifi: description: - The configuration of the WiFi connection. - Note the list of suboption attributes may vary depending on which version of NetworkManager/nmcli is installed on the host. - 'An up-to-date list of supported attributes can be found here: U(https://networkmanager.dev/docs/api/latest/settings-802-11-wireless.html).' - 'For instance to create a hidden AP mode WiFi connection: V({hidden: true, mode: ap}).' type: dict suboptions: ap-isolation: description: - Configures AP isolation, which prevents communication between wireless devices connected to this AP. - This property can be set to a value different from V(-1) only when the interface is configured in AP mode. - If set to V(1), devices are not able to communicate with each other. This increases security because it protects devices against attacks from other clients in the network. At the same time, it prevents devices to access resources on the same wireless networks as file shares, printers, and so on. - If set to V(0), devices can talk to each other. - When set to V(-1), the global default is used; in case the global default is unspecified it is assumed to be V(0). type: int choices: [-1, 0, 1] default: -1 assigned-mac-address: description: - The new field for the cloned MAC address. - It can be either a hardware address in ASCII representation, or one of the special values V(preserve), V(permanent), V(random) or V(stable). - This field replaces the deprecated O(wifi.cloned-mac-address) on D-Bus, which can only contain explicit hardware addresses. - Note that this property only exists in D-Bus API. libnm and nmcli continue to call this property C(cloned-mac-address). type: str band: description: - 802.11 frequency band of the network. - One of V(a) for 5GHz 802.11a or V(bg) for 2.4GHz 802.11. - This will lock associations to the Wi-Fi network to the specific band, so for example, if V(a) is specified, the device will not associate with the same network in the 2.4GHz band even if the network's settings are compatible. - This setting depends on specific driver capability and may not work with all drivers. type: str choices: [a, bg] bssid: description: - If specified, directs the device to only associate with the given access point. - This capability is highly driver dependent and not supported by all devices. - Note this property does not control the BSSID used when creating an Ad-Hoc network and is unlikely to in the future. type: str channel: description: - Wireless channel to use for the Wi-Fi connection. - The device will only join (or create for Ad-Hoc networks) a Wi-Fi network on the specified channel. - Because channel numbers overlap between bands, this property also requires the O(wifi.band) property to be set. type: int default: 0 cloned-mac-address: description: - This D-Bus field is deprecated in favor of O(wifi.assigned-mac-address) which is more flexible and allows specifying special variants like V(random). - For libnm and nmcli, this field is called C(cloned-mac-address). type: str generate-mac-address-mask: description: - With O(wifi.cloned-mac-address) setting V(random) or V(stable), by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. - Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. - If the property is V(null), it is eligible to be overwritten by a default connection setting. - If the value is still V(null) or an empty string, the default is to create a locally-administered, unicast MAC address. - If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. - Setting V(FE:FF:FF:00:00:00) means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the V(random) or V(stable) algorithm. - If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. - For example, a value of V(FE:FF:FF:00:00:00 68:F7:28:00:00:00) will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. - A value of V(02:00:00:00:00:00 00:00:00:00:00:00) will create a fully scrambled globally-administered, burned-in MAC address. - If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, V(02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00) will create a fully scrambled MAC address, randomly locally or globally administered. type: str hidden: description: - If V(true), indicates that the network is a non-broadcasting network that hides its SSID. This works both in infrastructure and AP mode. - In infrastructure mode, various workarounds are used for a more reliable discovery of hidden networks, such as probe-scanning the SSID. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution. - In AP mode, the created network does not broadcast its SSID. - Note that marking the network as hidden may be a privacy issue for you (in infrastructure mode) or client stations (in AP mode), as the explicit probe-scans are distinctly recognizable on the air. type: bool default: false mac-address-blacklist: description: - A list of permanent MAC addresses of Wi-Fi devices to which this connection should never apply. - Each MAC address should be given in the standard hex-digits-and-colons notation (for example, V(00:11:22:33:44:55)). type: list elements: str mac-address-randomization: description: - One of V(0) (never randomize unless the user has set a global default to randomize and the supplicant supports randomization), V(1) (never randomize the MAC address), or V(2) (always randomize the MAC address). - This property is deprecated for O(wifi.cloned-mac-address). type: int default: 0 choices: [0, 1, 2] mac-address: description: - If specified, this connection will only apply to the Wi-Fi device whose permanent MAC address matches. - This property does not change the MAC address of the device (for example for MAC spoofing). type: str mode: description: Wi-Fi network mode. If blank, V(infrastructure) is assumed. type: str choices: [infrastructure, mesh, adhoc, ap] default: infrastructure mtu: description: If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames. type: int default: 0 powersave: description: - One of V(2) (disable Wi-Fi power saving), V(3) (enable Wi-Fi power saving), V(1) (do not touch currently configure setting) or V(0) (use the globally configured value). - All other values are reserved. type: int default: 0 choices: [0, 1, 2, 3] rate: description: - If non-zero, directs the device to only use the specified bitrate for communication with the access point. - Units are in Kb/s, so for example V(5500) = 5.5 Mbit/s. - This property is highly driver dependent and not all devices support setting a static bitrate. type: int default: 0 tx-power: description: - If non-zero, directs the device to use the specified transmit power. - Units are dBm. - This property is highly driver dependent and not all devices support setting a static transmit power. type: int default: 0 wake-on-wlan: description: - The NMSettingWirelessWakeOnWLan options to enable. Not all devices support all options. - May be any combination of C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_ANY) (V(0x2)), C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_DISCONNECT) (V(0x4)), C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_MAGIC) (V(0x8)), C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_GTK_REKEY_FAILURE) (V(0x10)), C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_EAP_IDENTITY_REQUEST) (V(0x20)), C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_4WAY_HANDSHAKE) (V(0x40)), C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_RFKILL_RELEASE) (V(0x80)), C(NM_SETTING_WIRELESS_WAKE_ON_WLAN_TCP) (V(0x100)) or the special values V(0x1) (to use global settings) and V(0x8000) (to disable management of Wake-on-LAN in NetworkManager). - Note the option values' sum must be specified in order to combine multiple options. type: int default: 1 version_added: 3.5.0 ignore_unsupported_suboptions: description: - Ignore suboptions which are invalid or unsupported by the version of NetworkManager/nmcli installed on the host. - Only O(wifi) and O(wifi_sec) options are currently affected. type: bool default: false version_added: 3.6.0 gsm: description: - The configuration of the GSM connection. - Note the list of suboption attributes may vary depending on which version of NetworkManager/nmcli is installed on the host. - 'An up-to-date list of supported attributes can be found here: U(https://networkmanager.dev/docs/api/latest/settings-gsm.html).' - 'For instance to use apn, pin, username and password: V({apn: provider.apn, pin: 1234, username: apn.username, password: apn.password}).' type: dict version_added: 3.7.0 suboptions: apn: description: - The GPRS Access Point Name specifying the APN used when establishing a data session with the GSM-based network. - The APN often determines how the user will be billed for their network usage and whether the user has access to the Internet or just a provider-specific walled-garden, so it is important to use the correct APN for the user's mobile broadband plan. - The APN may only be composed of the characters a-z, 0-9, ., and - per GSM 03.60 Section 14.9. type: str auto-config: description: When V(true), the settings such as O(gsm.apn), O(gsm.username), or O(gsm.password) will default to values that match the network the modem will register to in the Mobile Broadband Provider database. type: bool default: false device-id: description: - The device unique identifier (as given by the V(WWAN) management service) which this connection applies to. - If given, the connection will only apply to the specified device. type: str home-only: description: - When V(true), only connections to the home network will be allowed. - Connections to roaming networks will not be made. type: bool default: false mtu: description: If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames. type: int default: 0 network-id: description: - The Network ID (GSM LAI format, ie MCC-MNC) to force specific network registration. - If the Network ID is specified, NetworkManager will attempt to force the device to register only on the specified network. - This can be used to ensure that the device does not roam when direct roaming control of the device is not otherwise possible. type: str number: description: Legacy setting that used to help establishing PPP data sessions for GSM-based modems. type: str password: description: - The password used to authenticate with the network, if required. - Many providers do not require a password, or accept any password. - But if a password is required, it is specified here. type: str password-flags: description: - NMSettingSecretFlags indicating how to handle the O(gsm.password) property. - 'Following choices are allowed: V(0) B(NONE): The system is responsible for providing and storing this secret (default), V(1) B(AGENT_OWNED): A user secret agent is responsible for providing and storing this secret; when it is required agents will be asked to retrieve it V(2) B(NOT_SAVED): This secret should not be saved, but should be requested from the user each time it is needed V(4) B(NOT_REQUIRED): In situations where it cannot be automatically determined that the secret is required (some VPNs and PPP providers do not require all secrets) this flag indicates that the specific secret is not required.' type: int choices: [0, 1, 2, 4] default: 0 pin: description: - If the SIM is locked with a PIN it must be unlocked before any other operations are requested. - Specify the PIN here to allow operation of the device. type: str pin-flags: description: - NMSettingSecretFlags indicating how to handle the O(gsm.pin) property. - See O(gsm.password-flags) for NMSettingSecretFlags choices. type: int choices: [0, 1, 2, 4] default: 0 sim-id: description: - The SIM card unique identifier (as given by the C(WWAN) management service) which this connection applies to. - If given, the connection will apply to any device also allowed by O(gsm.device-id) which contains a SIM card matching the given identifier. type: str sim-operator-id: description: - A MCC/MNC string like V(310260) or V(21601I) identifying the specific mobile network operator which this connection applies to. - If given, the connection will apply to any device also allowed by O(gsm.device-id) and O(gsm.sim-id) which contains a SIM card provisioned by the given operator. type: str username: description: - The username used to authenticate with the network, if required. - Many providers do not require a username, or accept any username. - But if a username is required, it is specified here. macvlan: description: - The configuration of the MAC VLAN connection. - Note the list of suboption attributes may vary depending on which version of NetworkManager/nmcli is installed on the host. - 'An up-to-date list of supported attributes can be found here: U(https://networkmanager.dev/docs/api/latest/settings-macvlan.html).' type: dict version_added: 6.6.0 suboptions: mode: description: - The macvlan mode, which specifies the communication mechanism between multiple macvlans on the same lower device. - 'Following choices are allowed: V(1) B(vepa), V(2) B(bridge), V(3) B(private), V(4) B(passthru) and V(5) B(source).' type: int choices: [1, 2, 3, 4, 5] required: true parent: description: - If given, specifies the parent interface name or parent connection UUID from which this MAC-VLAN interface should be created. If this property is not specified, the connection must contain an "802-3-ethernet" setting with a "mac-address" property. type: str required: true promiscuous: description: - Whether the interface should be put in promiscuous mode. type: bool tap: description: - Whether the interface should be a MACVTAP. type: bool wireguard: description: - The configuration of the Wireguard connection. - Note the list of suboption attributes may vary depending on which version of NetworkManager/nmcli is installed on the host. - 'An up-to-date list of supported attributes can be found here: U(https://networkmanager.dev/docs/api/latest/settings-wireguard.html).' - 'For instance to configure a listen port: V({listen-port: 12345}).' type: dict version_added: 4.3.0 suboptions: fwmark: description: - The 32-bit fwmark for outgoing packets. - The use of fwmark is optional and is by default off. Setting it to 0 disables it. - Note that O(wireguard.ip4-auto-default-route) or O(wireguard.ip6-auto-default-route) enabled, implies to automatically choose a fwmark. type: int ip4-auto-default-route: description: - Whether to enable special handling of the IPv4 default route. - If enabled, the IPv4 default route from O(wireguard.peer-routes) will be placed to a dedicated routing-table and two policy routing rules will be added. - The fwmark number is also used as routing-table for the default-route, and if fwmark is zero, an unused fwmark/table is chosen automatically. This corresponds to what wg-quick does with Table=auto and what WireGuard calls "Improved Rule-based Routing". type: bool ip6-auto-default-route: description: - Like O(wireguard.ip4-auto-default-route), but for the IPv6 default route. type: bool listen-port: description: The WireGuard connection listen-port. If not specified, the port will be chosen randomly when the interface comes up. type: int mtu: description: - If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple fragments. - If zero a default MTU is used. Note that contrary to wg-quick's MTU setting, this does not take into account the current routes at the time of activation. type: int peer-routes: description: - Whether to automatically add routes for the AllowedIPs ranges of the peers. - If V(true) (the default), NetworkManager will automatically add routes in the routing tables according to C(ipv4.route-table) and C(ipv6.route-table). Usually you want this automatism enabled. - If V(false), no such routes are added automatically. In this case, the user may want to configure static routes in C(ipv4.routes) and C(ipv6.routes), respectively. - Note that if the peer's AllowedIPs is V(0.0.0.0/0) or V(::/0) and the profile's C(ipv4.never-default) or C(ipv6.never-default) setting is enabled, the peer route for this peer will not be added automatically. type: bool private-key: description: The 256 bit private-key in base64 encoding. type: str private-key-flags: description: C(NMSettingSecretFlags) indicating how to handle the O(wireguard.private-key) property. type: int choices: [0, 1, 2] vpn: description: - Configuration of a VPN connection (PPTP and L2TP). - In order to use L2TP you need to be sure that C(network-manager-l2tp) - and C(network-manager-l2tp-gnome) if host has UI - are installed on the host. type: dict version_added: 5.1.0 suboptions: permissions: description: User that will have permission to use the connection. type: str required: true service-type: description: This defines the service type of connection. type: str required: true gateway: description: The gateway to connection. It can be an IP address (for example V(192.0.2.1)) or a FQDN address (for example V(vpn.example.com)). type: str required: true password-flags: description: - NMSettingSecretFlags indicating how to handle the C(vpn.password) property. - 'Following choices are allowed: V(0) B(NONE): The system is responsible for providing and storing this secret (default); V(1) B(AGENT_OWNED): A user secret agent is responsible for providing and storing this secret; when it is required agents will be asked to retrieve it; V(2) B(NOT_SAVED): This secret should not be saved, but should be requested from the user each time it is needed; V(4) B(NOT_REQUIRED): In situations where it cannot be automatically determined that the secret is required (some VPNs and PPP providers do not require all secrets) this flag indicates that the specific secret is not required.' type: int choices: [0, 1, 2, 4] default: 0 user: description: Username provided by VPN administrator. type: str required: true ipsec-enabled: description: - Enable or disable IPSec tunnel to L2TP host. - This option is need when O(vpn.service-type) is V(org.freedesktop.NetworkManager.l2tp). type: bool ipsec-psk: description: - The pre-shared key in base64 encoding. - "You can encode using this Ansible jinja2 expression: V(\"0s{{ '[YOUR PRE-SHARED KEY]' | ansible.builtin.b64encode }}\")." - This is only used when O(vpn.ipsec-enabled=true). type: str sriov: description: - Allow to configure SR-IOV settings. - 'An up-to-date list of supported attributes can be found here: U(https://networkmanager.pages.freedesktop.org/NetworkManager/NetworkManager/settings-sriov.html).' type: dict version_added: 10.1.0 suboptions: autoprobe-drivers: description: - Whether to autoprobe virtual functions by a compatible driver. type: int eswitch-encap-mode: description: - Select the eswitch encapsulation support. type: int eswitch-inline-mode: description: - Select the eswitch inline-mode of the device. type: int eswitch-mode: description: - Select the eswitch mode of the device. type: int total-vfs: description: Number of virtual functions to create. Consult your NIC documentation for the maximum number of VFs supported. type: int vfs: description: - 'Virtual function descriptors in the form: V(INDEX [ATTR=VALUE[ ATTR=VALUE]...]).' - Multiple VFs can be specified using a comma as separator, for example V(2 mac=00:11:22:33:44:55 spoof-check=true,3 vlans=100). type: str a2 # These examples are using the following inventory: # # ## Directory layout: # # |_/inventory/cloud-hosts # | /group_vars/openstack-stage.yml # | /host_vars/controller-01.openstack.host.com # | /host_vars/controller-02.openstack.host.com # |_/playbook/library/nmcli.py # | /playbook-add.yml # | /playbook-del.yml # ``` # # ## inventory examples # ### groups_vars # ```yml # --- # #devops_os_define_network # storage_gw: "192.0.2.254" # external_gw: "198.51.100.254" # tenant_gw: "203.0.113.254" # # #Team vars # nmcli_team: # - conn_name: tenant # ip4: '{{ tenant_ip }}' # gw4: '{{ tenant_gw }}' # - conn_name: external # ip4: '{{ external_ip }}' # gw4: '{{ external_gw }}' # - conn_name: storage # ip4: '{{ storage_ip }}' # gw4: '{{ storage_gw }}' # nmcli_team_slave: # - conn_name: em1 # ifname: em1 # master: tenant # - conn_name: em2 # ifname: em2 # master: tenant # - conn_name: p2p1 # ifname: p2p1 # master: storage # - conn_name: p2p2 # ifname: p2p2 # master: external # # #bond vars # nmcli_bond: # - conn_name: tenant # ip4: '{{ tenant_ip }}' # gw4: '' # mode: balance-rr # - conn_name: external # ip4: '{{ external_ip }}' # gw4: '' # mode: balance-rr # - conn_name: storage # ip4: '{{ storage_ip }}' # gw4: '{{ storage_gw }}' # mode: balance-rr # nmcli_bond_slave: # - conn_name: em1 # ifname: em1 # master: tenant # - conn_name: em2 # ifname: em2 # master: tenant # - conn_name: p2p1 # ifname: p2p1 # master: storage # - conn_name: p2p2 # ifname: p2p2 # master: external # # #ethernet vars # nmcli_ethernet: # - conn_name: em1 # ifname: em1 # ip4: # - '{{ tenant_ip }}' # - '{{ second_tenant_ip }}' # gw4: '{{ tenant_gw }}' # - conn_name: em2 # ifname: em2 # ip4: '{{ tenant_ip1 }}' # gw4: '{{ tenant_gw }}' # - conn_name: p2p1 # ifname: p2p1 # ip4: '{{ storage_ip }}' # gw4: '{{ storage_gw }}' # - conn_name: p2p2 # ifname: p2p2 # ip4: '{{ external_ip }}' # gw4: '{{ external_gw }}' # ``` # # ### host_vars # ```yml # --- # storage_ip: "192.0.2.91/23" # external_ip: "198.51.100.23/21" # tenant_ip: "203.0.113.77/23" # second_tenant_ip: "204.0.113.77/23" # ``` ## playbook-add.yml example - hosts: openstack-stage remote_user: root tasks: - name: Install needed network manager libs ansible.builtin.package: name: - NetworkManager-libnm - nm-connection-editor - libsemanage-python - policycoreutils-python state: present ##### Working with all cloud nodes - Teaming - name: Try nmcli add team - conn_name only & ip4 gw4 community.general.nmcli: type: team conn_name: '{{ item.conn_name }}' ip4: '{{ item.ip4 }}' gw4: '{{ item.gw4 }}' state: present with_items: - '{{ nmcli_team }}' - name: Try nmcli add teams-slave community.general.nmcli: type: team-slave conn_name: '{{ item.conn_name }}' ifname: '{{ item.ifname }}' master: '{{ item.master }}' state: present with_items: - '{{ nmcli_team_slave }}' ##### Working with all cloud nodes - Bonding - name: Try nmcli add bond - conn_name only & ip4 gw4 mode community.general.nmcli: type: bond conn_name: '{{ item.conn_name }}' ip4: '{{ item.ip4 }}' gw4: '{{ item.gw4 }}' mode: '{{ item.mode }}' state: present with_items: - '{{ nmcli_bond }}' - name: Try nmcli add bond-slave community.general.nmcli: type: bond-slave conn_name: '{{ item.conn_name }}' ifname: '{{ item.ifname }}' master: '{{ item.master }}' state: present with_items: - '{{ nmcli_bond_slave }}' ##### Working with all cloud nodes - Ethernet - name: Try nmcli add Ethernet - conn_name only & ip4 gw4 community.general.nmcli: type: ethernet conn_name: '{{ item.conn_name }}' ip4: '{{ item.ip4 }}' gw4: '{{ item.gw4 }}' state: present with_items: - '{{ nmcli_ethernet }}' ## playbook-del.yml example - hosts: openstack-stage remote_user: root tasks: - name: Try nmcli del team - multiple community.general.nmcli: conn_name: '{{ item.conn_name }}' state: absent with_items: - conn_name: em1 - conn_name: em2 - conn_name: p1p1 - conn_name: p1p2 - conn_name: p2p1 - conn_name: p2p2 - conn_name: tenant - conn_name: storage - conn_name: external - conn_name: team-em1 - conn_name: team-em2 - conn_name: team-p1p1 - conn_name: team-p1p2 - conn_name: team-p2p1 - conn_name: team-p2p2 - name: Add an Ethernet connection with static IP configuration community.general.nmcli: conn_name: my-eth1 ifname: eth1 type: ethernet ip4: 192.0.2.100/24 gw4: 192.0.2.1 state: present - name: Add an Team connection with static IP configuration community.general.nmcli: conn_name: my-team1 ifname: my-team1 type: team ip4: 192.0.2.100/24 gw4: 192.0.2.1 state: present autoconnect: true - name: Optionally, at the same time specify IPv6 addresses for the device community.general.nmcli: conn_name: my-eth1 ifname: eth1 type: ethernet ip4: 192.0.2.100/24 gw4: 192.0.2.1 ip6: 2001:db8::cafe gw6: 2001:db8::1 state: present - name: Add two IPv4 DNS server addresses community.general.nmcli: conn_name: my-eth1 type: ethernet dns4: - 192.0.2.53 - 198.51.100.53 state: present - name: Make a profile usable for all compatible Ethernet interfaces community.general.nmcli: ctype: ethernet name: my-eth1 ifname: '*' state: present - name: Change the property of a setting e.g. MTU community.general.nmcli: conn_name: my-eth1 mtu: 9000 type: ethernet state: present - name: Change the property of a setting e.g. MTU and reload connection community.general.nmcli: conn_name: my-eth1 mtu: 1500 type: ethernet state: present conn_reload: true - name: Disable connection community.general.nmcli: conn_name: my-eth1 state: down - name: Reload and enable connection community.general.nmcli: conn_name: my-eth1 state: up conn_reload: true - name: Add second ip4 address community.general.nmcli: conn_name: my-eth1 ifname: eth1 type: ethernet ip4: - 192.0.2.100/24 - 192.0.3.100/24 state: present - name: Add second ip6 address community.general.nmcli: conn_name: my-eth1 ifname: eth1 type: ethernet ip6: - 2001:db8::cafe - 2002:db8::cafe state: present - name: Add VxLan community.general.nmcli: type: vxlan conn_name: vxlan_test1 vxlan_id: 16 vxlan_local: 192.168.1.2 vxlan_remote: 192.168.1.5 - name: Add gre community.general.nmcli: type: gre conn_name: gre_test1 ip_tunnel_dev: eth0 ip_tunnel_local: 192.168.1.2 ip_tunnel_remote: 192.168.1.5 - name: Add ipip community.general.nmcli: type: ipip conn_name: ipip_test1 ip_tunnel_dev: eth0 ip_tunnel_local: 192.168.1.2 ip_tunnel_remote: 192.168.1.5 - name: Add sit community.general.nmcli: type: sit conn_name: sit_test1 ip_tunnel_dev: eth0 ip_tunnel_local: 192.168.1.2 ip_tunnel_remote: 192.168.1.5 - name: Add zone community.general.nmcli: type: ethernet conn_name: my-eth1 zone: external state: present # nmcli exits with status 0 if it succeeds and exits with a status greater # than zero when there is a failure. The following list of status codes may be # returned: # # - 0 Success - indicates the operation succeeded # - 1 Unknown or unspecified error # - 2 Invalid user input, wrong nmcli invocation # - 3 Timeout expired (see --wait option) # - 4 Connection activation failed # - 5 Connection deactivation failed # - 6 Disconnecting device failed # - 7 Connection deletion failed # - 8 NetworkManager is not running # - 9 nmcli and NetworkManager versions mismatch # - 10 Connection, device, or access point does not exist. - name: Create the wifi connection community.general.nmcli: type: wifi conn_name: Brittany ifname: wlp4s0 ssid: Brittany wifi_sec: key-mgmt: wpa-psk psk: my_password autoconnect: true state: present - name: Create a hidden AP mode wifi connection community.general.nmcli: type: wifi conn_name: ChocoMaster ifname: wlo1 ssid: ChocoMaster wifi: hidden: true mode: ap autoconnect: true state: present - name: Create a gsm connection community.general.nmcli: type: gsm conn_name: my-gsm-provider ifname: cdc-wdm0 gsm: apn: my.provider.apn username: my-provider-username password: my-provider-password pin: my-sim-pin autoconnect: true state: present - name: Create a macvlan connection community.general.nmcli: type: macvlan conn_name: my-macvlan-connection ifname: mymacvlan0 macvlan: mode: 2 parent: eth1 autoconnect: true state: present - name: Create a wireguard connection community.general.nmcli: type: wireguard conn_name: my-wg-provider ifname: mywg0 wireguard: listen-port: 51820 private-key: my-private-key autoconnect: true state: present - name: >- Create a VPN L2TP connection for ansible_user to connect on vpn.example.com authenticating with user 'brittany' and pre-shared key as 'Brittany123' community.general.nmcli: type: vpn conn_name: my-vpn-connection vpn: permissions: "{{ ansible_user }}" service-type: org.freedesktop.NetworkManager.l2tp gateway: vpn.example.com password-flags: 2 user: brittany ipsec-enabled: true ipsec-psk: "0s{{ 'Brittany123' | ansible.builtin.b64encode }}" autoconnect: false state: present ## Creating bond attached to bridge example - name: Create bond attached to bridge community.general.nmcli: type: bond conn_name: bond0 slave_type: bridge master: br0 state: present - name: Create master bridge community.general.nmcli: type: bridge conn_name: br0 method4: disabled method6: disabled state: present ## Creating vlan connection attached to bridge - name: Create master bridge community.general.nmcli: type: bridge conn_name: br0 state: present - name: Create VLAN 5 community.general.nmcli: type: vlan conn_name: eth0.5 slave_type: bridge master: br0 vlandev: eth0 vlanid: 5 state: present ## Creating VRF and adding VLAN interface to it - name: Create VRF community.general.nmcli: type: vrf ifname: vrf10 table: 10 state: present conn_name: vrf10 method4: disabled method6: disabled - name: Create VLAN interface inside VRF community.general.nmcli: conn_name: "eth0.124" type: vlan vlanid: "124" vlandev: "eth0" master: "vrf10" slave_type: vrf state: "present" ip4: '192.168.124.50' gw4: '192.168.124.1' ## Defining ip rules while setting a static IP ## table 'production' is set with id 200 in this example. - name: Set Static ips for interface with ip rules and routes community.general.nmcli: type: ethernet conn_name: 'eth0' ip4: '192.168.1.50' gw4: '192.168.1.1' state: present routes4_extended: - ip: "0.0.0.0/0" next_hop: "192.168.1.1" table: "production" routing_rules4: - "priority 0 from 192.168.1.50 table 200" ## Creating an OVS bridge and attaching a port - name: Create OVS Bridge community.general.nmcli: conn_name: ovs-br-conn ifname: ovs-br type: ovs-bridge state: present - name: Create OVS Port for OVS Bridge Interface community.general.nmcli: conn_name: ovs-br-interface-port-conn ifname: ovs-br-interface-port master: ovs-br type: ovs-port state: present ## Adding an ethernet interface to an OVS bridge port - name: Add Ethernet Interface to OVS Port community.general.nmcli: conn_name: eno1 ifname: eno1 master: ovs-br-interface-port slave_type: ovs-port type: ethernet state: present z# ) AnsibleModuleto_textNc eZdZy)NmcliModuleErrorN)__name__ __module__ __qualname__k/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/nmcli.pyr r srr ceZdZdZdZdZdZdZdZd*dZ dZ d+d Z e d Z e d Ze d Ze d ZedZedZe dZe dZedZedZdZedZedZedZedZdZdZdZdZ dZ!dZ"dZ#d Z$e d!Z%d"Z&d#Z'd$Z(d%Z)d&Z*d'Z+d(Z,d)Z-y),Nmclia This is the generic nmcli manipulation class that is subclassed based on platform. A subclass may wish to override the following action methods:- - create_connection() - delete_connection() - edit_connection() - modify_connection() - show_connection() - up_connection() - down_connection() All subclasses MUST define platform and distribution (which may be None). GenericN)z&802-11-wireless-security.leap-passwordz802-11-wireless-security.pskz!802-11-wireless-security.wep-key0z!802-11-wireless-security.wep-key1z!802-11-wireless-security.wep-key2z!802-11-wireless-security.wep-key3cT||_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_ |jd |_ |jd |_ |jd |_ |jd |_ |jd |_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_ |jd |_!|jd!|_"|jd"|_#|jd#|_$|jd$|_%|jd%|_&|jd&|_'|jd'|_(|jd(|_)|jd)|_*|jd*|_+|jd+|_,|jd,|_-|jd-|_.|jd.|_/|jd/|_0|jd0|_1|jd1|_2|jd2|_3|jd3|_4|jd4|_5|jd5|_6|jd6|_7|jd7|_8|jd8|_9|jd9|_:|jd:|_;|jd;|_<|jd<|_=|jd=|_>|jd>|_?|jd?|_@|jd@|_A|jdA|_B|jdB|_C|jdC|_D|jdD|_E|jdE|_F|jdF|_G|jdG|_H|jdH|_I|jjdIdJ|_K|jdK|_L|jdL|_M|jdM|_N|jdN|_O|jdO|_P|jdP|_Q|jdQ|_R|jdR|_S|jdS|_T|jdT|_U|jdU|_V|jdV|_W|j.r|j.|_Xn=|jdWvr|jsdX|_Xn|jrdY|_Xnd|_X|jFr|jF|_Yn=|jdWvr|j2sdX|_Yn|j2rdY|_Ynd|_Y|jdZk(r|jd[|_Zg|_[|jy)\Nstateignore_unsupported_suboptions autoconnect conn_name conn_reload slave_typemasterifnametypeip4gw4gw4_ignore_autoroutes4routes4_extended route_metric4routing_rules4never_default4dns4 dns4_search dns4_optionsdns4_ignore_automethod4 may_fail4ip6gw6gw6_ignore_autoroutes6routes6_extended route_metric6dns6 dns6_search dns6_optionsdns6_ignore_automethod6 ip_privacy6addr_gen_mode6mtustpprioritymodemiimonprimary downdelayupdelayxmit_hash_policy fail_over_mac arp_interval arp_ip_target slavepriority forwarddelay hellotimemaxage ageingtimehairpin path_costmacrunnerrunner_hwaddr_policyrunner_fast_ratevlanidvlandevflagsingressegressvxlan_id vxlan_local vxlan_remote ip_tunnel_devip_tunnel_localip_tunnel_remoteip_tunnel_input_keyip_tunnel_output_keynmcliTdhcp_client_idzonessidwifiwifi_secgsmmacvlan wireguardvpntransport_modeinfiniband_macsriov)dummyrdredisabledmanualvrftable)]moduleparamsrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8r9r:r;r<r=r>r?r@rArBrCrDrErFrGrHrIrJrKrLrMrNrOrPrQrRrSrTrUrVrWrXrYrZr[r\ get_bin_path nmcli_binr^r_r`rarbrcrdrerfrgrhri ipv4_method ipv6_methodrn edit_commandsextra_options_validation)selfros r__init__zNmcli.__init__sT ]]7+ -3]];Z-[*!==7{3!==7 -- 5mmH- mmH- MM&) =='=='%}}->?}}Y/ & .@ A#]]?;$mm,<=$mm,<=MM&) !==7"MM.9 & .@ A}}Y/ {3=='=='%}}->?}}Y/ & .@ A#]]?;MM&) !==7"MM.9 & .@ A}}Y/ !==7$mm,<==='==' j1 MM&) mmH- }}Y/ {3}}Y/ & .@ A#]]?;"MM.9#]]?;#]]?;"MM.9{3mmH-  -- 5}}Y/ {3=='mmH- $*MM2H$I! & .@ AmmH- }}Y/ ]]7+ }}Y/ mmH-  j1 !==7"MM.9#]]?;%}}->? & .@ A#)==1F#G $*MM2H$I!11'4@$mm,<=MM&) MM&) MM&)  j1 =='}}Y/ {3=='$mm,<=$mm,<=]]7+ <<#||D  YY; ;DHH)D  XX'D #D  <<#||D  YY; ;DHH)D  XX'D #D  99 w/DJ %%'rc|jdvr7|j*|j|jj dyyyy)zh Additional validation of options set passed to module that cannot be implemented in module's argspecs. ) bridge-slave team-slave bond-slaveNz;'master' option is required when 'slave_type' is specified.msg)rrrro fail_jsonrws rrvzNmcli.extra_options_validationsG 99H H{{"t'B %%*g%h(C" Irct|tr|Dcgc] }t|}}n t|}|jj |||Scc}w)N)use_unsafe_shelldata) isinstancelistrro run_command)rwcmdrritems rexecute_commandzNmcli.execute_command%sO c4 -01T74=1C1#,C{{&&s=MTX&YY2sAcz|xsg}|jddg|z}dj|}|j||S)Nconedit )r)rrjoinr)rwcommands argumentsrrs rexecute_edit_commandszNmcli.execute_edit_commands,sDO ~~uf- 9yy"##Cd#33rc |j|jd}|jr|jr|jdk(s|j dk(r|j id|j|jd|jd|jd|jd|jd |jd |jd |jd |j!|j"|j$d |j&d|j(d|j*d|j,d|j.d|j1|j2d|j4d|j6|j8|j:|j<|j>|j!|j@|jB|jD|jF|jH|jJd |j,r,|j,dk7r|j d|j.i|jLr'|j |jN|jLi|jPr'|j |jR|jTi|jVr(|j |j|jd|j dk(rw|j |jX|jZ|j\|j^|j`|jb|jd|jf|jhd n|j dk(r|jrS|jdk7rD|jjjmd|j d|jd|j d|js|jjjod |j d!din|j d"k(r|j |jp|jr|jt|jv|jx|jzd#|jzrp|j d$|jxinQ|j d%k(rT|j |j||j~d&|j |j d'|jin|j d(k(r|jrS|jd"k7rD|jjjmd|j d|jd|j d)|js.|jjjod*|j d!d"i|jjjod+|j |j|j|jd,n|j d-k(r|jrS|jd%k7rD|jjjmd|j d|jd|j d.|js{|jjjod/|j d!d%inK|jrx|j |j|j |j|jd0|j d1k(r|j |j|jd2n|j d3k(rK|j |j|j|j|j|jd4nm|j d5k(r5|j |j|j|jd6n)|j d7k(r|j |j|jr|jdn |jndd8|jr8|jjD]\}}|j d9|z|i|jr|jjD]\}}|j d:|z|inK|j d;k(rG|jr/|jjD]\}}|j d<|z|in|j d=k(ra|jr:|jjD]\}}|j d>|z|in|jd?k(rtd@|j dAk(rG|jri|jjD]\}}|j dB|z|in/|j dCk(r|jrdD}|jjD]\}}|dEk(r|j dF|inN|dGk(r|j dH|in5|dDk7r|dIz }t|tr|j|}||dJ|z }|j dK|int|j dLk(r9|j dM|ji|jr<|j|dN<n,|j dk(r|j dO|ji|j dPk(rD|jr8|jjD]\}}|j dQ|z|i|jD]\}}|j|}d}|tur |j}|r9|dRvrt}nB||jRk(r |j}n&|dSk(r!|j}n|tur |j}t|s||||<|S)TN)connection.autoconnectzconnection.zonerm ovs-interfaceipv4.addresseszipv4.dhcp-client-idipv4.dnsipv4.dns-searchipv4.dns-optionsipv4.ignore-auto-dnsz ipv4.gatewayipv4.ignore-auto-routes ipv4.routeszipv4.route-metricipv4.routing-rulesipv4.never-defaultz ipv4.method ipv4.may-failipv6.addressesipv6.dnsipv6.dns-search) ipv6.dns-optionsipv6.ignore-auto-dnsz ipv6.gatewayipv6.ignore-auto-routes ipv6.routeszipv6.route-metricz ipv6.methodipv6.ip6-privacyzipv6.addr-gen-moderk)zconnection.masterconnection.slave-typebond) z arp-intervalz arp-ip-targetr?r=r<r>r@rArBr|zConnection type 'z' cannot be combined with 'z&' slave-type. Allowed slave-type for 'z ' is 'bond'.r}zkConnection 'slave-type' property automatically set to 'bond' because of using 'bond-slave' connection type.rbridge)zbridge.ageing-timezbridge.forward-delayzbridge.hello-timezbridge.max-agebridge.priority bridge.stprteam)z team.runnerzteam.runner-hwaddr-policyteam.runner-fast-raterzz' is 'bridge'.zoConnection 'slave-type' property automatically set to 'bridge' because of using 'bridge-slave' connection type.zConnection type as 'bridge-slave' implies 'ethernet' connection with 'bridge' slave-type. Consider using slave_type='bridge' with necessary type.)zbridge-port.path-costbridge-port.hairpin-modezbridge-port.priorityr{z ' is 'team'.zkConnection 'slave-type' property automatically set to 'team' because of using 'team-slave' connection type.)zip-tunnel.localzip-tunnel.modezip-tunnel.parentzip-tunnel.remotegre)zip-tunnel.input-keyzip-tunnel.output-keyvlan)vlan.idz vlan.parentz vlan.flagsz vlan.ingressz vlan.egressvxlan)vxlan.idz vxlan.localz vxlan.remotera)z802-11-wireless.ssidrz802-11-wireless.%sz802-11-wireless-security.%srczgsm.%srdz macvlan.%spresentz=type is macvlan but all of the following are missing: macvlanrez wireguard.%srfz service-typezvpn.service-type permissionszconnection.permissionsz, =vpn.data infinibandzinfiniband.transport-modezinfiniband.mac-addressrnethernetzsriov.%s)rrr)jrr_ ip_conn_typerrrupdateenforce_ipv4_cidr_notationrr^r&r'r(r)rr enforce_routes_formatr!r"r#r$r%rsr+enforce_ipv6_cidr_notationr,r2r3r4r5r-r.r/r0r1rtr7r8rL mac_setting mtu_conn_type mtu_settingr9slave_conn_typerCrDr?r=r<r>r@rArBrorwarnrIrFrGrHr;r:rMrNrOrKrJrEtunnel_conn_typerYrXrZr[r\rPrQrRrSrTrUrVrWr`raitemsrbrcrdrr rerfrboolbool_to_stringrgrhrnri settings_typer mtu_to_stringip6_privacy_to_numrlist_to_stringcallable) rw detect_changeoptionsnamevaluevpn_data_valuessetting setting_type convert_funcs rconnection_optionszNmcli.connection_options2s '+&6&6#yy    t{{doo6NTXT]T]apTp NN $"A"A$(("K%t':':DII"4#3#3  #D$5$5  '(=(= *4+?+?t99$,,H]H]^$T%7%7%d&9&9%d&9&9t// !$"A"A$(("K DII!""4#3#3#$%)$5$5(,(=(= $+/+?+?#99$,,H]H]^%)%7%7#//$($4$4&*&9&95 <D$4$4 $B@A 88 NND,,dhh7 8    NND,,dhh7 8    NN%)[[)-  99  NN $ 1 1!%!3!3!^^++ <<<<$($9$9!%!3!3  YY, &4??f#< %%-1YY+T%(??   "RS+V YY( " NN&*oo(,(9(9%)^^"&++#'=="hh  xx 14==AB YY& NN#{{-1-F-F $$0+T-B-B YY. (4??h#> %%-1YY+T%(??   "TU 7BC KK  J  NN)-,0LL(,(:(:  YY, &4??f#< %%-1YY+T%(??   "RS+V  " " NN#'#7#7"&))$($6$6$($9$9   yyE!+/+C+C,0,E,E YY& NN;;#||"jj $ #{{  YY' ! NN MM#// $ 1 1  YY& NN(, eiepepDOO4K&QUQ`Q`vz yy#'99??#4KD%NN,t3U$}}#'==#6#6#8KD%NN5>#3KD%NN 4$YY) #||#'<<#5#5#7KD%NN$t+U$y(&'fgg YY+ %~~#'>>#7#7#9KD%NN&-u$YY% xx"$#'88>>#3KD%~-.(.4e(+b0+t3O%eT2$($7$7$>E'dE+BBNN"O$#(YY, & NN+T-@-@ ""484G4G01 YY%  NN  99 "zz#'::#3#3#5KD%NN"T)5$ &mmo 7NGU--g6LLt##22 55#*L 0 00#'#5#5L 22#'#:#:L%#22  %#/#6 ) 7,rc|jdvS)N)rrrjrz802-3-ethernetgenericrripipsitrrra802-11-wirelessrcrdrerfloopbackrrmrrs rrzNmcli.ip_conn_type9syy   rc$|jdk(ryy)Nrzbridge.mac-addressz!802-3-ethernet.cloned-mac-addressrrs rrzNmcli.mac_settingSs 99 '6rc|jdvS)N)rr|rjrrr{rrrs rrzNmcli.mtu_conn_typeZsyy   rc$|jdk(ryy)Nrzinfiniband.mtuz802-3-ethernet.mturrs rrzNmcli.mtu_settingfs 99 $#'rc|syt|S)Nautor)r9s rrzNmcli.mtu_to_stringms3< rc^ddddd}|y||vrtdj|||S)N0z1 (enabled, prefer public IP)z 2 (enabled, prefer temporary IP)z-1rkzprefer-public-addrzprefer-temp-addrunknownz'{privacy} is invalid ip_privacy6 option)privacy)AssertionErrorformat)rip6_privacy_valuess rrzNmcli.ip6_privacy_to_numtsQ"A B   ? , , !J!Q!QZa!Q!bc c!'**rc|jdvS)N) rrrrrrar|rzr{rarovs-portrrrs rrzNmcli.slave_conn_typesyy   rc|jdvS)N)rrrrrs rrzNmcli.tunnel_conn_typesyy   rcD|y|Dcgc] }d|vr|n|dzc}Scc}w)N/z/32r) ip4_addressesaddresss rrz Nmcli.enforce_ipv4_cidr_notations.  N[\73'>w>\\\cD|y|Dcgc] }d|vr|n|dzc}Scc}w)Nrz/128r) ip6_addressesrs rrz Nmcli.enforce_ipv6_cidr_notations/  O\]G3'>w/??]]]rcX||S||Dcgc]}|j|c}Sycc}wN)route_to_string)rwroutesroutes_extendedroutes rrzNmcli.enforce_routes_formats8  M  (=LMED((/M MNs'cFd}||dz }|jd |d|dzz }|jd|dt|dzz }t|jD]9\}}|dvs ||dj |t|j z };|S)Nripnext_hop metric)rrrz {0}={1})getstrsortedrrlower)r result_str attributers rrzNmcli.route_to_strings eDk! 99Z , #j 11 1J 99X  * #E(O 44 4J &u{{} 5 O Iu <<ARj// 3u:;K;K;MNN  Orc |ryy)Nyesnor)booleans rrzNmcli.bool_to_strings rc*|ydj|S)N,)r)lsts rrzNmcli.list_to_strings ;88C= rc6|dvrtS|dvrtStS)N) rrrrrrrrrz802-11-wireless.hiddenr)rrrrrrrrrrrz802-11-wireless-security.groupz,802-11-wireless-security.leap-password-flagsz!802-11-wireless-security.pairwisez802-11-wireless-security.protoz"802-11-wireless-security.psk-flagsz&802-11-wireless-security.wep-key-flagsz%802-11-wireless.mac-address-blacklist)rrr)rs rrzNmcli.settings_types1  0 0K BB$K rcg}|D]N}i}tjd|D] \}}|dk(r||d<|dk(r||d<|||<"|j|P|Dcgc]}|j|c}Scc}w)Nz([\w-]*)\s?=\s?([^\s,}]*)nhrmtr)refindallappendr)rw raw_values routes_params raw_value route_params parameterrs rget_route_paramszNmcli.get_route_paramss # /IL$&JJ/KY$W 4 5$/4L,$&-2L*.3L+  4   . /HUU|$$\2UUUsA5c|jdddddg}|j|\}}}|dk7r t||jS)Nz--fieldsrz--tersershowr)rrrr splitlines)rwrrcouterrs rlist_connection_infozNmcli.list_connection_info sM~~z69eVL--c2S# 7"3' '~~rc:|j|jvSr)rr rs rconnection_existszNmcli.connection_exists s~~!:!:!<<>5%8C$$ ;' 499% JJz " h &>>5(3C KK ! !&> ! ? 4>>" H $)<^^F[[F (  99 $++"534t..01"--/ )JC $---&&#u+E*FF&,,JJ1F1NOP/)JJ1Ce1KLM C<( )##C((rc|jd}|ddk(r|jr|j}|jr|j }|S)Nr/r)r8ruedit_connectioncreate_connection_upr*rwstatuss rcreate_connectionzNmcli.create_connectionE sO''1 !9>d00))+F  $ $'')F rc|jdvr&|j|j |jyy|jdk(r|j |jyy)N)rrjrrraTrF)rr9r&r2rs rr;zNmcli.create_connection_upM sZ 99K K$$))*?TYYEZYY&  %499+@rcX|jdd|jg}|j|S)Nrdelr%r&s rremove_connectionzNmcli.remove_connectionW s)~~ueT^^<##C((rcp|jd}|ddk(r|jr|j}|S)Nr1r)r8rur:r<s rmodify_connectionzNmcli.modify_connection\ s8''1 !9>d00))+F rc`|jddgz}|j||jgS)Nsavequitr)rurr)rwrs rr:zNmcli.edit_connectionb s4%%(88))(t~~>N)OOrc|jddd|jg}|j|\}}}|dk7r t|t j d}t }|jD]b}|jdd}|dj} |j| } | s=t|dkDsL|dj} | dk(r| tk(rg|| <sd|| <y| d k(rI| jd } | D]2} | jd d}t|dkDs$|d}|d}|||<4| d vr1| jd Dcgc]}|jc}|| <| tk(r2| jd Dcgc]}|jc}|| <7|j| }||jd}n| }||| <e|Scc}wcc}w)Nz--show-secretsrrrz^([-]?\d+) \((\w+)\)$:z--z bond.optionsr rrr;)rrrrr rcompiledictrsplitstriprlenlstriprmatchgroup)rwrrrr p_enum_value conn_infolinepairr7key_typeroptsopt alias_pair alias_key alias_valuesm_enumrs rshow_connectionzNmcli.show_connectionf s~~/O--c2S# 7"3' 'zz":; F NN$ +D::c1%Dq'--/C))#.Hs4y1} GNN, $4')+ #)- #N*$??3/D#?%(YYsA%6 z?Q.(21 I*4Q-K3>Ii0 ? ::9B9M%NAaggi%NIcN%9B9M%NAaggi%NIcN)// :F) & Q )%*IcN= +@&O%Ns GGcg}|dk(rd}d}d|d|d|g}ng}|d|zdd gz }|j|d |jg \}}}|d k7r t||jD]_} d |z} | j | s| j dd} | d j j| d} |j| a|S)N802-11-wireless-securitypsk FAKEVALUEr3.rzprint %srGrrrHrz%s.rJrKr) rrr r startswithrPrQreplacer) rwr properties set_property set_valuerrrrrXprefixrYpropertys rget_supported_propertieszNmcli.get_supported_properties s 0 0 L#I*1<KLHHZ')659933HQUQZQZH[3\S# 7"3' 'NN$ ,DW_F'zz#q)7==?2262>!!(+  ,rc|dk(rd}n |dk(rd}n|}|j|}g}t||jD]\}}||vs |j||rxg}|D]}|j|d|ddj |z}|j r|j j||S|j j||S) Nrrardrbrgz&Invalid or unsupported option(s): "%s"z", "r}) rogetattrrrrrrorr) rwr setting_keysupported_propertiesunsupported_propertiesrnr msg_optionsr~s r check_for_unsupported_propertiesz&Nmcli.check_for_unsupported_properties s ' ' K 2 2$K!K#<|z-Nmcli._compare_conn_params.. s0/Dbfrvvj#tzz|[\/]/]/Ds13r c3<K|]}|jywr)rQr}s rrz-Nmcli._compare_conn_params.. s"MD4::<"Ms)rrrrrrrjrT)beforeafter)rOrrrTrintrUrrupperrQrr9rrPrrallrr) rwrWrchanged diff_before diff_afterr7r current_valuerTdiffs r_compare_conn_paramszNmcli._compare_conn_params s:f V !--/6 $JCQG#Ei )# 88]=VHH%7GE(+C A,C(D 88]=V$($9$9-$HM$***!KKME$(5(;(;(= )#%(5(;(;C(@ $***txx/? DH*$$(./Djwj}j}BkC/D)D ""MEKKr;rBrDr:rbrorvrrrrrrrs HLNo(bi Z4 EN  277     ((   ++   "  ]] ^^    !!   D V =))),)\)  P+Z4&8AFJrrcttdidtdddtdddtddgd  d tdd d tdddtddtdgddtddtdgddtdddtddtdddtdddtddttdd tdtdtdtdtdtdtd d!tdd"tddd#tddd$tddd%tddd&tddd'tddd(tdgd)d*tddd+tdd,tddd-tdd.tddd/tddd0tddd1tddd2tddd3tddd4tddttdd tdtdtdtdtdtd5 d6tdd7tdgd8d9tdgd:d;tdgd<d=tdd>gd?@dAtddBtddCtddDtddEtdgdFdGtddHtddItddJtddKtddLtddMtdddNtddOdPtddQdRtddSdTtddUdVtddWdXtddYdZtddd[tdd\d]tdd^gd_@d`tdgdadbtddctdddtddetddftddgtddhtdditddjtddktddltddmtddntddodptddodqtddrtddstddodttddutdttdgdvdwtdd tdtdxydztdd{tdd|tdd}tdd~tdddgdtdd#dgddgd4d3ggddrdqgfgd}tdddd|_t|}d\}}}|j|j d}|j|j jd|jdk(rn|jr+|jdk(s|j jd|j+|jdk7r|j jd|jdk(s|jdk(rj|j)|j jd|jz|j)|j jd|jz|jdrk(ri}|jr@dq|jvr|j!d|jdq=|j#d|dr<|j$r|j#d|ds<|j&r.|r,|j)D]\}}|D]} t+||| = |j dk(r|j-r|j.r|j1d|j3\}}}|j5\}}}|dk7r|jd|jz||n|j dk(rB|j-r|j7\} } |j8r| |d<| rZd|d<|j.r|j0dddi||j;\}}}|j<r:|j?\}}}n%d|d<|j.r|j0dddi||j-sTd|jd|jd|d<|j.r|j0dddi||jA\}}}|V|dk7rP|j|j||n0|j dk(r|j-r|j.r|j1d|j<r|j?\}}}|jC\}}}|dk7r|jd|jz||n|j dk(r|j-rx|j.r|j1d|j<r|j?\}}}|j3\}}}|dk7r!|jd|jz|||d|d<nd|d<|r||d<|r||d<|j0di|y#tD$r0} |j|jtG| Yd} ~ bd} ~ wwxYw)NrrF)rdefaultrTrr)absentrr)r$)rrequiredchoicesr)rrrrrr)rrrrrm)rrrr)rr|rrzrjrrrrrrrr{rrrarcrdrerfrrz ovs-bridgerrmrr)relementsrr r!r"rOr)rrrrntoscwndr9onlink)rrrr#r$r%r&r'r(r)r*)r link-localrlsharedrkr+r^r,r-r.r2r3r4r5r/r0)rrrrnrr9rr1r6)ignorerdhcprrlrrkr7rr8)rzdefault-or-eui64eui64zstable-privacyr< balance-rr)z802.3adz active-backupz balance-albrz balance-tlbz balance-xor broadcast)rrrr=r?r@rArB)noneactivefollowrCrDr>r9rLr_r:r;rE rFrGrHrIi,rJrKdrM roundrobin)rr activebackup loadbalancelacprN)same_all by_active only_activerOrPrQrRrSrTrUrVrWrXrYrZr[)rno_logr\r`rarbrcrd)rKr)rrr)r<parent promiscuoustap)rrrerfrirnrgdatagram connectedrh) argument_specmutually_exclusive required_ifsupports_check_modeC)LANGLC_ALL LC_MESSAGESLC_CTYPE)Nrr)rrz(Please specify a name for the connectionr}rrzr*r r) ror]rrrresultrtrrrjrnrres rmainr s Y *.FE*JY &$7Y ED:]^Y 5 Y &%8 Y U# Y 0]^Y U#Y 5Y J&51KY L% MY N!fe +$ %SY jE*kY l Ve+$ %OY dE*eY fe-uvgY h%1rsiY j U4nokY n5,CDoY rU#sY t&uY ve$wY x"u-yY zE3OP{Y |5)}Y ~E*Y @e$AY D% EY F% GY H5!IY L&$/MY Nuc2OY PE26QY R5"5SY Tq1UY VUB/WY X4YY Zfe4[Y \s3]Y `UL%giaY f"&5:b!cgY j"v.kY nU#oY pe$qY rE"sY te$uY vU#wY zu%{Y |%(}Y ~5)Y BE*CY D!e,EY F"u-GY J!%% =KY L"&5!>MY P5!QY R6"SY Tvd3UY V&!WY Xfd#'UOVZ#[%)ut%D*.F*;"&F"3 /56YY b'cY d&!eY fF#gY hE"iY l UZ4MNmY n U+oY t.u5/;/;=fj12 `FB)-#cs]`(aF% &ME#NRc ??U[[ AF  #MN zzV  % %elln.L LL " "'e " f  ! ! -%,,&2H LL " "'Y " Z zz\!U%5%5%? <<  LL " "']`e`j`j'j " k <<  LL " "'lotoyoy'y " z zzV!# ::# bcJJv&-2-S-STe-f "6 * >>161W1WXr1s ": .  . .3I+A+G+G+I >' Z *>H{3H=> >:; ;;( "&&($$$$T$2!&!6!6!8S#!&!8!8!:S#7$$+JU__+\cfkm$n [[I %&&( % ; ; = <<%)F6N(WF8$(((((@@@%*%<%<%>NRc(().)@)@)BS#'VF8$(((((AA&A**,UZUdUdfkfpfp(q|$$$$F$$NRc!&!4!4!6S#7$$+JU__+\cfkm$n [[F "&&($$$$T$2$$%*%<%<%>NRc!&!6!6!8S#7$$+JU__+\cfkm$n  z!y y x xFv ;eoo3q6::;sLl m!&m  m__main__) __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNansible.module_utils.basicr+ansible.module_utils.common.text.convertersrr Exceptionr objectrrr rrrrsoA@ l \#L \ 5?  y IJFIJXL^ zFr