I have the following tasks in a block, which I've modified to use the new
'loop' structure:
- name: process ipv6 rules if they exist
block:
- name: create all ipv6 firewall log statements from 'firewall' variable
iptables:
ip_version: ipv6
comment: "{{ item.0.comment|default(omit) }}"
destination: "{{ item.0.destination|default(omit) }}"
destination_port: "{{ item.0.destination_port|default(omit) }}"
source: "{{ item.1 }}"
source_port: "{{ item.0.source_port|default(omit) }}"
protocol: "{{ item.0.protocol|default(omit) }}"
jump: "LOG"
chain: "{{ item.0.chain|default('INPUT') }}"
ctstate: "{{ item.0.state|default('NEW') }}"
in_interface: "{{ item.0.in_interface|default(omit) }}"
out_interface: "{{ item.0.out_interface|default(omit) }}"
limit: "3/minute"
limit_burst: 10
# log_prefix: "[ FIREWALL ] " # ( will be added in ansible 2.5 )
state: present
when: item.0.log is defined and item.0.log == 'yes'
loop: "{{ firewall6.rules|subelements('source') }}"
notify:
- save ip6tables
- name: apply ipv6 rules using 'firewall' variable defined in inventory
vars
iptables:
ip_version: ipv6
comment: "{{ item.0.comment|default(omit) }}"
destination: "{{ item.0.destination|default(omit) }}"
destination_port: "{{ item.0.destination_port|default(omit) }}"
source: "{{ item.1 }}"
source_port: "{{ item.0.source_port|default(omit) }}"
protocol: "{{ item.0.protocol|default(omit) }}"
jump: "{{ item.0.rule|default('ACCEPT') }}"
chain: "{{ item.0.chain|default('INPUT') }}"
ctstate: "{{ item.0.state|default(omit) }}"
in_interface: "{{ item.0.in_interface|default(omit) }}"
out_interface: "{{ item.0.out_interface|default(omit) }}"
state: present
loop: "{{ firewall6.rules|subelements('source') }}"
notify:
- save ip6tables
when: firewall6 is defined and firewall6.rules is defined
When I run this I get the following error:
TASK [firewall : create all ipv6 firewall log statements from 'firewall'
variable] *************************************
fatal: [172.20.0.88]: FAILED! => {"msg": "obj must be a list of dicts or a
nested dict"}
fatal: [172.20.0.77]: FAILED! => {"msg": "obj must be a list of dicts or a
nested dict"}
fatal: [172.20.0.55]: FAILED! => {"msg": "obj must be a list of dicts or a
nested dict"}
I changed the first task to use 'with_subelements' as follows:
- name: create all ipv6 firewall log statements from 'firewall' variable
iptables:
ip_version: ipv6
comment: "{{ item.0.comment|default(omit) }}"
destination: "{{ item.0.destination|default(omit) }}"
destination_port: "{{ item.0.destination_port|default(omit) }}"
source: "{{ item.1 }}"
source_port: "{{ item.0.source_port|default(omit) }}"
protocol: "{{ item.0.protocol|default(omit) }}"
jump: "LOG"
chain: "{{ item.0.chain|default('INPUT') }}"
ctstate: "{{ item.0.state|default('NEW') }}"
in_interface: "{{ item.0.in_interface|default(omit) }}"
out_interface: "{{ item.0.out_interface|default(omit) }}"
limit: "3/minute"
limit_burst: 10
# log_prefix: "[ FIREWALL ] " # ( will be added in ansible 2.5 )
state: present
when: item.0.log is defined and item.0.log == 'yes'
with_subelements:
- "{{ firewall6.rules }}"
- source
notify:
- save ip6tables
When I re-run the playbook it now skips the task, as intended:
TASK [firewall : create all ipv6 firewall log statements from 'firewall'
variable] *************************************
skipping: [172.20.0.88]
skipping: [172.20.0.77]
skipping: [172.20.0.55]
Can anyone tell me why this is happening?
Thanks,
Guy
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4f9c055e-3711-467e-8379-b74b7d602ec5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
