On Thursday, March 8, 2018 at 1:43:44 PM UTC-8, Mark Tovey wrote:
>
>
> I am experimenting with the networking modules in Ansible to try to
> understand how we can use Ansible to manage our network devices. To that
> end, I have written a simple playbook to apply an ACL to a router. It
> works well, except I notice that each time the playbook is run, the change
> is applied. It does not appear to be idempotent.
> My playbook looks like the following:
>
> tasks:
> - name: ACL before create
> ios_command:
> provider: "{{provider}}"
> commands:
> - show access-list TEST
> register: acl_before
>
> - debug: var=acl_before.stdout_lines
>
> - name: Create access list
> ios_config:
> provider: "{{ provider }}"
> authorize: yes
> parents: ['ip access-list extended TEST']
> lines:
> - 10 permit ip host 1.1.1.1 any
> - 20 deny ip any any
> before: ['no ip access-list extended TEST']
> match: exact
> backup: yes
>
> - name: ACL after create
> ios_command:
> provider: "{{ provider }}"
> commands:
> - show access-list TEST
> register: acl_after
>
> - debug: var=acl_after.stdout_lines
>
> The first time the playbook is run, the ACL is applied properly as
> expected. But the next time the playbook is run, the ACL is again applied
> even though it is clearly already present:
>
> PLAY [R1]
> **********************************************************************
>
> TASK [ACL before create]
> *******************************************************
> ok: [10.48.94.50]
>
> TASK [debug]
> *******************************************************************
> ok: [10.48.94.50] => {
> "acl_before.stdout_lines": [
> [
> "Extended IP access list TEST",
> " 10 permit ip host 1.1.1.1 any",
> " 20 deny ip any any"
> ]
> ]
> }
>
> TASK [Create access list]
> ******************************************************
> changed: [10.48.94.50]
>
> TASK [ACL after create]
> ********************************************************
> ok: [10.48.94.50]
>
> TASK [debug]
> *******************************************************************
> ok: [10.48.94.50] => {
> "acl_after.stdout_lines": [
> [
> "Extended IP access list TEST",
> " 10 permit ip host 1.1.1.1 any",
> " 20 deny ip any any"
> ]
> ]
> }
>
> PLAY RECAP
> *********************************************************************
> 10.48.94.50 : ok=5 changed=1 unreachable=0
> failed=0
>
> So what do I need to add to the playbook to ensure that it is
> idempotent?
>
> I should mention that we are using Ansible version 2.3.1 on RHEL 7.
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/9001b2d8-d5b7-4cfa-8bf5-4fe59aa02cad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
