Thanks Clint!
I fixed this with:
vars:
asas:
asa1: 1.1.1.1
asa2: 2.2.2.2
- name: get hostname
asa_command:
commands:
- show hostname
register: hostname
- name: update acl
asa_config:
lines:
- access-list test1 remark test-test
- access-list test1 standard permit host {{asas[hostname.stdout[0]]}}
match: strict
On Wednesday, August 25, 2021 at 11:04:48 AM UTC-7 [email protected] wrote:
> Not sure if this would help, but maybe a different way of looking at it
> using with_subelements?
>
> I have one Task that creates some ACLs for OpenStack
>
> - name: Add Rules to the Security Groups
> tags: security_groups
> os_security_group_rule:
> security_group: "{{item.0.group}}"
> direction: "{{item.1.direction}}"
> protocol: "{{item.1.protocol}}"
> remote_ip_prefix: "{{item.1.remote_ip}}"
> ethertype: "{{ (item.1.remote_ip | search(':')) |
> ternary('IPv6','IPv4') }}"
> with_subelements:
> - "{{ security_groups }}"
> - rules
> run_once: true
>
> The Dictionary security_groups looks like this
>
> security_groups:
> - group: prod_traffic_plane
> rules:
> - { "direction":"ingress", "protocol": "tcp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"ingress", "protocol": "udp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"ingress", "protocol": "icmp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"ingress", "protocol": "tcp", "remote_ip": "::/0" }
> - { "direction":"ingress", "protocol": "udp", "remote_ip": "::/0" }
> - { "direction":"ingress", "protocol": "icmp", "remote_ip": "::/0" }
> - { "direction":"egress", "protocol": "tcp", "remote_ip": "0.0.0.0/0"
> }
> - { "direction":"egress", "protocol": "udp", "remote_ip": "0.0.0.0/0"
> }
> - { "direction":"egress", "protocol": "icmp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"egress", "protocol": "tcp", "remote_ip": "::/0" }
> - { "direction":"egress", "protocol": "udp", "remote_ip": "::/0" }
> - { "direction":"egress", "protocol": "icmp", "remote_ip": "::/0" }
> - group: dev_traffic_plane
> rules:
> - { "direction":"ingress", "protocol": "tcp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"ingress", "protocol": "udp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"ingress", "protocol": "icmp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"ingress", "protocol": "tcp", "remote_ip": "::/0" }
> - { "direction":"ingress", "protocol": "udp", "remote_ip": "::/0" }
> - { "direction":"ingress", "protocol": "icmp", "remote_ip": "::/0" }
> - { "direction":"egress", "protocol": "tcp", "remote_ip": "0.0.0.0/0"
> }
> - { "direction":"egress", "protocol": "udp", "remote_ip": "0.0.0.0/0"
> }
> - { "direction":"egress", "protocol": "icmp", "remote_ip": "
> 0.0.0.0/0" }
> - { "direction":"egress", "protocol": "tcp", "remote_ip": "::/0" }
> - { "direction":"egress", "protocol": "udp", "remote_ip": "::/0" }
> - { "direction":"egress", "protocol": "icmp", "remote_ip": "::/0" }
>
> On Mon, Aug 23, 2021 at 10:28 PM Josh Karki <[email protected]> wrote:
>
>> I have about 5 ASAs and they all have one common ACL name say for example
>> "allow_test"
>>
>> now I need to add one more entry in the list for all 5 ASAs but each with
>> different IP. Eg.
>>
>> access-list allow_test standard permit host 1.1.1.1 (for asa1)
>> access-list allow_test standard permit host 2.2.2.2 (for asa2 and so on)
>>
>> I tired it with_item loop and the variable set for hostname and then the
>> ip for acl, but it doesn't seem to work.
>>
>> Have you guys come across of similar situation and have addressed this
>> challenge? I would appreciate if you could share your solution with me.
>>
>> Thanks!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/9d147ace-ca67-409d-b33e-13eeec27e923n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/9d147ace-ca67-409d-b33e-13eeec27e923n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e91365e0-2e5e-40c8-b912-97964b627c36n%40googlegroups.com.
