Hi,
I have this playbook:
---
- hosts: localhost
connection: local
gather_facts: False
vars_files:
- nsxanswer.yml
- "firewall-rules.yml"
tasks:
- name: Add multiple firewall rules
nsx_edge_firewall:
nsxmanager_spec: "{{ nsxmanager_spec }}"
mode: "create"
edge_id: '{{ edge_id }}'
global_config:
tcpPickOngoingConnections: true
dropInvalidTraffic: false
tcpTimeoutEstablished: 3600
enableSynFloodProtection: true
default_action: reject
rules: '{{ fwRules }}'
Also this is a my firewall-rules file:
fwRules:
-
name: "Allow windows updates"
ruleType: user
enabled: true
loggingEnabled: false
action: accept
source:
vnicGroupId: internal
destination:
groupingObjectId: "{{ lookup(vars,'mysource') }}"
service:
-
protocol: tcp
dstPort: 135
srcPort: any
-
protocol: udp
dstPort: "137-138"
srcPort: any
-
protocol: tcp
dstPort: 139
srcPort: any
-
protocol: tcp
dstPort: 445
srcPort: any
But i can't get this working as i get this error:
TASK [Add multiple firewall rules]
**************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred
while templating '[{u'ruleType': u'user', u'name': u'Allow windows
updates', u'service': [{u'protocol': u'tcp', u'dstPort': 135, u'srcPort':
u'any'}, {u'protocol': u'udp', u'dstPort': u'137-138', u'srcPort': u'any'},
{u'protocol': u'tcp', u'dstPort': 139, u'srcPort': u'any'}, {u'protocol':
u'tcp', u'dstPort': 445, u'srcPort': u'any'}], u'loggingEnabled': False,
u'destination': {u'groupingObjectId': u\"{{ lookup(vars,'mysource') }}\"},
u'enabled': True, u'source': {u'vnicGroupId': u'internal'}, u'action':
u'accept'}]'. Error was a <type 'exceptions.AttributeError'>, original
message: 'dict' object has no attribute 'lower'"}
to retry, use: --limit @/etc/ansible/vcd/edg-fw.retry
What i need to do is lookup to go and find mysource variable form another
file but it doesn't work
Can anyone see what is the problem here/T
Thanks
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bab0c6ed-e7d2-47d1-b069-bc7a0cf1b036%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
