Not sure if this would help, but maybe a different way of looking at it
using with_subelements?
I have one Task that creates some ACLs for OpenStack
- name: Add Rules to the Security Groups
tags: security_groups
os_security_group_rule:
security_group: "{{item.0.group}}"
direction: "{{item.1.direction}}"
protocol: "{{item.1.protocol}}"
remote_ip_prefix: "{{item.1.remote_ip}}"
ethertype: "{{ (item.1.remote_ip | search(':')) |
ternary('IPv6','IPv4') }}"
with_subelements:
- "{{ security_groups }}"
- rules
run_once: true
The Dictionary security_groups looks like this
security_groups:
- group: prod_traffic_plane
rules:
- { "direction":"ingress", "protocol": "tcp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"ingress", "protocol": "udp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"ingress", "protocol": "icmp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"ingress", "protocol": "tcp", "remote_ip": "::/0" }
- { "direction":"ingress", "protocol": "udp", "remote_ip": "::/0" }
- { "direction":"ingress", "protocol": "icmp", "remote_ip": "::/0" }
- { "direction":"egress", "protocol": "tcp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"egress", "protocol": "udp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"egress", "protocol": "icmp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"egress", "protocol": "tcp", "remote_ip": "::/0" }
- { "direction":"egress", "protocol": "udp", "remote_ip": "::/0" }
- { "direction":"egress", "protocol": "icmp", "remote_ip": "::/0" }
- group: dev_traffic_plane
rules:
- { "direction":"ingress", "protocol": "tcp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"ingress", "protocol": "udp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"ingress", "protocol": "icmp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"ingress", "protocol": "tcp", "remote_ip": "::/0" }
- { "direction":"ingress", "protocol": "udp", "remote_ip": "::/0" }
- { "direction":"ingress", "protocol": "icmp", "remote_ip": "::/0" }
- { "direction":"egress", "protocol": "tcp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"egress", "protocol": "udp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"egress", "protocol": "icmp", "remote_ip": "0.0.0.0/0"
}
- { "direction":"egress", "protocol": "tcp", "remote_ip": "::/0" }
- { "direction":"egress", "protocol": "udp", "remote_ip": "::/0" }
- { "direction":"egress", "protocol": "icmp", "remote_ip": "::/0" }
On Mon, Aug 23, 2021 at 10:28 PM Josh Karki <[email protected]> wrote:
> I have about 5 ASAs and they all have one common ACL name say for example
> "allow_test"
>
> now I need to add one more entry in the list for all 5 ASAs but each with
> different IP. Eg.
>
> access-list allow_test standard permit host 1.1.1.1 (for asa1)
> access-list allow_test standard permit host 2.2.2.2 (for asa2 and so on)
>
> I tired it with_item loop and the variable set for hostname and then the
> ip for acl, but it doesn't seem to work.
>
> Have you guys come across of similar situation and have addressed this
> challenge? I would appreciate if you could share your solution with me.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9d147ace-ca67-409d-b33e-13eeec27e923n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/9d147ace-ca67-409d-b33e-13eeec27e923n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAA92%3DYMJoyqRwX2wb8avB8k7Vyv%2BCGKhTeOBRZeBGdD7bE7a3Q%40mail.gmail.com.
