Cisco ACL in Ansible

djay_nsw · November 21, 2023, 6:56am

**Hi all I am trying to create new ACL on 1000 cisco routers and Ansible version is
2.9.

- my code!
---
- name: Create ACL
  hosts: routers  
  gather_facts: false
  connection: local

  vars:
    cli:
      username: "{{ hdn_user_rw }}"
      password: "{{ hdn_pass_rw }}"
         
  tasks:
      
     - name: Push config     
       ios_config:
        provider: "{{ cli }}"
        authorize: yes     
        lines:
          - permit 10.253.68.64 0.0.0.62        
        Parents: ip access-list standard TEST 
        before: no ip access-list standard TEST
        match: none
I am getting the errors below...

Unsupported parameters for (ios_config) module: Parents Supported parameters include: after,auth_pass,authorize,backup,before,defaults,diff_against,diff_ignore_lines,force,host,intended_config,lines,match,multiline_delimiter,parents,password,port,provider,replace,running_config,save,save_when,src,ssh_keyfile,timeout,username
        to retry, use: --limit @/opt/ansible/dev/Dheeraj/Splunk3.retry

PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************
WAGGJLC-NRT001             : ok=0    changed=0    unreachable=0    failed=1   

No sure what wrong am I doing, its showing me unsupported parameters
again and again, thanks for you help

Set at least one tag (the experts follow the tags, so the right people will find you if you tag)

ptn · November 21, 2023, 8:34am

Hi,

Unsupported parameters for (ios_config) module: Parents

Not sure if module parameters are case sensitive, but this one is not recognized. Try setting it in lowercase, see if it works.

djay_nsw · November 21, 2023, 9:06am

@ptn it worked, it was a capital letter causing issues.
do you know by any chance if I could update an ACL without touching the existing enteries, expected end result is only new lines should be added ( A Merge)

ptn · November 21, 2023, 11:47am

@ptn it worked, it was a capital letter causing issues.

Glad it works !

do you know by any chance if I could update an ACL without touching the existing enteries, expected end result is only new lines should be added ( A Merge)

I don’t think that’s possible with this module, sadly. lines parameter states that:

The commands must be the exact same commands as found in the device running-config to ensure idempotency and correct diff.

What I understand is that either you know an inherently idempotent command you could run on your device, or let this task reissue the commands on each run. I might be wrong.

Anyways, what about this module instead ? though be mindful:

Module behavior is not idempotent when sequence for aces are not mentioned