for loop in a playbook task
31 views
Skip to first unread message
Eric Marquez
Mar 23, 2017, 9:30:56 AM3/23/17
to ansible-project (ansible-project@googlegroups.com)
Is it possible to create a for loop in a task? I have a switch Access-Control list I need to build. In my host_vars file I have a YAML object that contains all the source and destination addresses in an array. This way I can also control the sequence number without having to explicitly document an index number. In Galaxy the OEM has a ACL module I can reference but it looks like I would need to breakdown all the items in the array within the task.yml file. Is there a simpler way were I can call an for loop in the task to loop through all the LINE's I have in my variable file?
This would then allow me to generate the dellos_system seqlist without having to explicitly set every ACL entry. I have a very large set of ACL's to build and using the Galaxy example would be very inefficient, and cause lots of maintenance if I needed to change my ACL setup or modify it in the future. I'm looking for a more modular way to do this.
Galaxy module: https://galaxy.ansible.com/Dell-Networking/dellos-acl/
Here's an example of a very small ACL.
---
ACL:
"Stor_Clst1_IN":
TYPE: VLAN
ID: "107"
DIRECTION: in
LINE:
- PERMIT: True
DESC: Permit Stor_Clst1 to Stor_Clst1
PROTOCOL: ip
SOURCE:
ADDRESS: "10.11.128.0"
CIDR: "25"
MASK: "255.255.255.128"
DEST:
ADDRESS: "10.11.128.0"
CIDR: "25"
MASK: "255.255.255.128"
- PERMIT: False
PROTOCOL: ip
SOURCE:
ADDRESS: any
CIDR:
MASK:
DEST:
ADDRESS: any
CIDR:
MASK:
Sample from Galaxy:
dellos_system:
leaf1:
- type: ipv4
name: ssh-only
description: ipv4acl
isextended: true
seqlist:
- number: 5
ispermit: true
protocol: tcp
source: any
src_condition: ack
destination: any
dest_condition: eq 22
state: present
ingress_intf:
- name: fortyGigE 1/28
state: present
egress_intf:
- name: fortyGigE 1/28
state: present
lineterminal:
- line: vty 1
state: present
- line: vty 2
state: absent
state: present
This would then allow me to generate the dellos_system seqlist without having to explicitly set every ACL entry. I have a very large set of ACL's to build and using the Galaxy example would be very inefficient, and cause lots of maintenance if I needed to change my ACL setup or modify it in the future. I'm looking for a more modular way to do this.
Galaxy module: https://galaxy.ansible.com/Dell-Networking/dellos-acl/
Here's an example of a very small ACL.
---
ACL:
"Stor_Clst1_IN":
TYPE: VLAN
ID: "107"
DIRECTION: in
LINE:
- PERMIT: True
DESC: Permit Stor_Clst1 to Stor_Clst1
PROTOCOL: ip
SOURCE:
ADDRESS: "10.11.128.0"
CIDR: "25"
MASK: "255.255.255.128"
DEST:
ADDRESS: "10.11.128.0"
CIDR: "25"
MASK: "255.255.255.128"
- PERMIT: False
PROTOCOL: ip
SOURCE:
ADDRESS: any
CIDR:
MASK:
DEST:
ADDRESS: any
CIDR:
MASK:
Sample from Galaxy:
dellos_system:
leaf1:
- type: ipv4
name: ssh-only
description: ipv4acl
isextended: true
seqlist:
- number: 5
ispermit: true
protocol: tcp
source: any
src_condition: ack
destination: any
dest_condition: eq 22
state: present
ingress_intf:
- name: fortyGigE 1/28
state: present
egress_intf:
- name: fortyGigE 1/28
state: present
lineterminal:
- line: vty 1
state: present
- line: vty 2
state: absent
state: present
Brian Coca
Mar 23, 2017, 9:34:43 AM3/23/17
to Ansible Project
with_ <= is basically a for loop, the task runs 'for item in
with_<lookup>: parameters', with_ always returns a list, which the
task iterates over and the 'loop variable' is 'item'.
you can use loop_control to change the loop variable.
----------
Brian Coca
with_<lookup>: parameters', with_ always returns a list, which the
task iterates over and the 'loop variable' is 'item'.
you can use loop_control to change the loop variable.
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages