I am experimenting with the networking modules in Ansible to try to
understand how we can use Ansible to manage our network devices. To that
end, I have written a simple playbook to apply an ACL to a router. It
works well, except I notice that each time the playbook is run, the change
is applied. It does not appear to be idempotent.
My playbook looks like the following:
tasks:
- name: ACL before create
ios_command:
provider: "{{provider}}"
commands:
- show access-list TEST
register: acl_before
- debug: var=acl_before.stdout_lines
- name: Create access list
ios_config:
provider: "{{ provider }}"
authorize: yes
parents: ['ip access-list extended TEST']
lines:
- 10 permit ip host 1.1.1.1 any
- 20 deny ip any any
before: ['no ip access-list extended TEST']
match: exact
backup: yes
- name: ACL after create
ios_command:
provider: "{{ provider }}"
commands:
- show access-list TEST
register: acl_after
- debug: var=acl_after.stdout_lines
The first time the playbook is run, the ACL is applied properly as
expected. But the next time the playbook is run, the ACL is again applied
even though it is clearly already present:
PLAY [R1]
**********************************************************************
TASK [ACL before create]
*******************************************************
ok: [10.48.94.50]
TASK [debug]
*******************************************************************
ok: [10.48.94.50] => {
"acl_before.stdout_lines": [
[
"Extended IP access list TEST",
" 10 permit ip host 1.1.1.1 any",
" 20 deny ip any any"
]
]
}
TASK [Create access list]
******************************************************
changed: [10.48.94.50]
TASK [ACL after create]
********************************************************
ok: [10.48.94.50]
TASK [debug]
*******************************************************************
ok: [10.48.94.50] => {
"acl_after.stdout_lines": [
[
"Extended IP access list TEST",
" 10 permit ip host 1.1.1.1 any",
" 20 deny ip any any"
]
]
}
PLAY RECAP
*********************************************************************
10.48.94.50 : ok=5 changed=1 unreachable=0 failed=0
So what do I need to add to the playbook to ensure that it is
idempotent?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8493e275-9317-4b71-acf9-8ea63a7b36b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
