networking not idempotent

Archives Ansible Project
1

I am experimenting with the networking modules in Ansible to try to understand how we can use Ansible to manage our network devices. To that end, I have written a simple playbook to apply an ACL to a router. It works well, except I notice that each time the playbook is run, the change is applied. It does not appear to be idempotent.
My playbook looks like the following:

tasks:

  • name: ACL before create
    ios_command:
    provider: “{{provider}}”
    commands:

  • show access-list TEST
    register: acl_before

  • debug: var=acl_before.stdout_lines

  • name: Create access list
    ios_config:
    provider: “{{ provider }}”
    authorize: yes
    parents: [‘ip access-list extended TEST’]
    lines:

  • 10 permit ip host 1.1.1.1 any

  • 20 deny ip any any
    before: [‘no ip access-list extended TEST’]
    match: exact
    backup: yes

  • name: ACL after create
    ios_command:
    provider: “{{ provider }}”
    commands:

  • show access-list TEST
    register: acl_after

  • debug: var=acl_after.stdout_lines

The first time the playbook is run, the ACL is applied properly as expected. But the next time the playbook is run, the ACL is again applied even though it is clearly already present:

PLAY [R1] **********************************************************************

TASK [ACL before create] *******************************************************
ok: [10.48.94.50]

TASK [debug] *******************************************************************
ok: [10.48.94.50] => {
“acl_before.stdout_lines”: [
[
“Extended IP access list TEST”,
" 10 permit ip host 1.1.1.1 any",
" 20 deny ip any any"
]
]
}

TASK [Create access list] ******************************************************
changed: [10.48.94.50]

TASK [ACL after create] ********************************************************
ok: [10.48.94.50]

TASK [debug] *******************************************************************
ok: [10.48.94.50] => {
“acl_after.stdout_lines”: [
[
“Extended IP access list TEST”,
" 10 permit ip host 1.1.1.1 any",
" 20 deny ip any any"
]
]
}

PLAY RECAP *********************************************************************
10.48.94.50 : ok=5 changed=1 unreachable=0 failed=0

So what do I need to add to the playbook to ensure that it is idempotent?