cisco.asa
cisco.asa copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
asa_config module not switching context in loop
SUMMARY
When looping through different contexts to generate config backup, the context doesn't change from first connection.
ISSUE TYPE
- Bug Report
COMPONENT NAME
asa_config
ANSIBLE VERSION
ansible [core 2.13.4]
config file = /home/admin/batfish/ansible.cfg
configured module search path = ['/home/admin/batfish/library']
ansible python module location = /home/admin/venv/batfish/lib/python3.8/site-packages/ansible
ansible collection location = /home/admin/batfish/collections
executable location = /home/admin/venv/batfish/bin/ansible
python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
Collection Version
----------------- -------
ansible.netcommon 3.1.2
ansible.utils 2.6.1
cisco.asa 3.1.0
cisco.ios 3.3.2
cisco.nxos 3.1.2
CONFIGURATION
COLLECTIONS_PATHS(/home/admin/batfish/ansible.cfg) = ['/home/admin/batfish/collections']
DEFAULT_HOST_LIST(/home/admin/batfish/ansible.cfg) = ['/home/admin/batfish/inventories/inventory.ini']
DEFAULT_MODULE_PATH(/home/admin/batfish/ansible.cfg) = ['/home/admin/batfish/library']
HOST_KEY_CHECKING(/home/admin/batfish/ansible.cfg) = False
INTERPRETER_PYTHON(/home/admin/batfish/ansible.cfg) = /home/admin/venv/batfish/lib/python3.8
LOCALHOST_WARNING(/home/admin/batfish/ansible.cfg) = False
OS / ENVIRONMENT
Tested on the only two context firewalls we have. Both running Version 9.8(4)10. My dev machine used Python 3.8.10.
STEPS TO REPRODUCE
The below is not the exact code as I'm using host vars and conditions etc. But it should functionally be the same.
vars:
asa_contexts:
- Context1
- Context2
tasks:
- name: Save Config for Cisco ASA Multi Context Device
cisco.asa.asa_config:
context: "{{ item }}"
backup: yes
backup_options:
filename: "{{ inventory_hostname }}_{{item}}.cfg"
dir_path: "{{ output_directory }}"
loop: "{{ asa_contexts }}"
This is the exact task for reference
- name: Save Config for Cisco ASA Multi Context Device
cisco.asa.asa_config:
context: "{{ item }}"
backup: yes
backup_options:
filename: "{{ inventory_hostname }}_{{item}}.cfg"
dir_path: "{{ output_directory }}"
loop: "{{ asa_contexts }}"
when:
- ansible_network_os == "cisco.asa.asa"
- asa_contexts | length > 0
EXPECTED RESULTS
I would expect the task to output context details for context1 and then context2
ACTUAL RESULTS
The task runs as expected for Context1, but when processing Context2 it outputs Context1. It seems like the context is only evaluated once per device. So you can add a bad context name in list position 1 and the module will catch this. However if the bad context name is after the first context connection it is not picked up.
ansible-playbook [core 2.13.4]
config file = /home/admin/batfish/ansible.cfg
configured module search path = ['/home/admin/batfish/library']
ansible python module location = /home/admin/venv/batfish/lib/python3.8/site-packages/ansible
ansible collection location = /home/admin/batfish/collections
executable location = /home/admin/venv/batfish/bin/ansible-playbook
python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
jinja version = 3.1.2
libyaml = True
Using /home/admin/batfish/ansible.cfg as config file
host_list declined parsing /home/admin/batfish/inventories/inventory.ini as it did not pass its verify_file() method
script declined parsing /home/admin/batfish/inventories/inventory.ini as it did not pass its verify_file() method
auto declined parsing /home/admin/batfish/inventories/inventory.ini as it did not pass its verify_file() method
yaml declined parsing /home/admin/batfish/inventories/inventory.ini as it did not pass its verify_file() method
Parsed /home/admin/batfish/inventories/inventory.ini inventory source with ini plugin
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: config.yml *************************************************************************************************************************************************************************************************************************************************************************************
1 plays in config.yml
TASK [Save Config for Cisco ASA Multi Context Device] ****************************************************************************************************************************************************************************************************************************************************
task path: /home/admin/batfish/config.yml:8
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
changed: [172.29.12.173] => (item=S010130) => {
"ansible_loop_var": "item",
"backup_path": "snapshot/configs/172.29.12.173_S010130.cfg",
"changed": true,
"date": "2022-10-04",
"invocation": {
"module_args": {
"after": null,
"authorize": null,
"backup": true,
"backup_options": {
"dir_path": "snapshot/configs/",
"filename": "172.29.12.173_S010130.cfg"
},
"before": null,
"config": null,
"context": "S010130",
"defaults": false,
"lines": null,
"match": "line",
"parents": null,
"passwords": null,
"provider": null,
"replace": "line",
"save": false,
"save_when": "never",
"src": null
}
},
"item": "S010130",
"time": "12:58:41"
}
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
changed: [172.29.12.173] => (item=S010135) => {
"ansible_loop_var": "item",
"backup_path": "snapshot/configs/172.29.12.173_S010135.cfg",
"changed": true,
"date": "2022-10-04",
"invocation": {
"module_args": {
"after": null,
"authorize": null,
"backup": true,
"backup_options": {
"dir_path": "snapshot/configs/",
"filename": "172.29.12.173_S010135.cfg"
},
"before": null,
"config": null,
"context": "S010135",
"defaults": false,
"lines": null,
"match": "line",
"parents": null,
"passwords": null,
"provider": null,
"replace": "line",
"save": false,
"save_when": "never",
"src": null
}
},
"item": "S010135",
"time": "12:58:42"
}
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
changed: [172.29.12.173] => (item=admin) => {
"ansible_loop_var": "item",
"backup_path": "snapshot/configs/172.29.12.173_admin.cfg",
"changed": true,
"date": "2022-10-04",
"invocation": {
"module_args": {
"after": null,
"authorize": null,
"backup": true,
"backup_options": {
"dir_path": "snapshot/configs/",
"filename": "172.29.12.173_admin.cfg"
},
"before": null,
"config": null,
"context": "admin",
"defaults": false,
"lines": null,
"match": "line",
"parents": null,
"passwords": null,
"provider": null,
"replace": "line",
"save": false,
"save_when": "never",
"src": null
}
},
"item": "admin",
"time": "12:58:43"
}
From the ansible output it appears the context is being applied correctly. But all output files are same size and no difference. They all have the output from the first connected context.
