I am experimenting with the networking modules in Ansible to try to understand how we can use Ansible to manage our network devices. To that end, I have written a simple playbook to apply an ACL to a router. It works well, except I notice that each time the playbook is run, the change is applied. It does not appear to be idempotent. My playbook looks like the following:
tasks: - name: ACL before create ios_command: provider: "{{provider}}" commands: - show access-list TEST register: acl_before - debug: var=acl_before.stdout_lines - name: Create access list ios_config: provider: "{{ provider }}" authorize: yes parents: ['ip access-list extended TEST'] lines: - 10 permit ip host 1.1.1.1 any - 20 deny ip any any before: ['no ip access-list extended TEST'] match: exact backup: yes - name: ACL after create ios_command: provider: "{{ provider }}" commands: - show access-list TEST register: acl_after - debug: var=acl_after.stdout_lines The first time the playbook is run, the ACL is applied properly as expected. But the next time the playbook is run, the ACL is again applied even though it is clearly already present: PLAY [R1] ********************************************************************** TASK [ACL before create] ******************************************************* ok: [10.48.94.50] TASK [debug] ******************************************************************* ok: [10.48.94.50] => { "acl_before.stdout_lines": [ [ "Extended IP access list TEST", " 10 permit ip host 1.1.1.1 any", " 20 deny ip any any" ] ] } TASK [Create access list] ****************************************************** changed: [10.48.94.50] TASK [ACL after create] ******************************************************** ok: [10.48.94.50] TASK [debug] ******************************************************************* ok: [10.48.94.50] => { "acl_after.stdout_lines": [ [ "Extended IP access list TEST", " 10 permit ip host 1.1.1.1 any", " 20 deny ip any any" ] ] } PLAY RECAP ********************************************************************* 10.48.94.50 : ok=5 changed=1 unreachable=0 failed=0 So what do I need to add to the playbook to ensure that it is idempotent? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8493e275-9317-4b71-acf9-8ea63a7b36b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.