community.routeros
community.routeros copied to clipboard
ansible-collections
api_modify for path: interface wireguard peers - allowed-address= format?
SUMMARY
api_modify task failed when more than one allowed-address defined.
ISSUE TYPE
- name: Mod wireguard peers
ignore_errors: true
community.routeros.api_modify:
path: "interface wireguard peers"
data: 'allowed-address={{ wg_allowed_addrs }} endpoint-address={{ item.wg_peer_ep_addr }} endpoint-port={{ item.wg_peer_ep_port }} interface=wg-{{ item.name }} name=dn42-{{ item.name }} public-key="{{ item.wg_peer_pubkey }}"'
loop: "{{ dn42_peers }}"
runs fine with single entry
wg_allowed_addrs: '172.20.0.0/14'
part of play run output:
"data": [
{
"allowed-address": "172.20.0.0/14",
"endpoint-address": "1.1.1.1",
"endpoint-port": "1111",
"interface": "wg-peer1",
"name": "dn42-peer1",
"public-key": "ru3pyG6xyNnLPfNwozDJ8UnNGBqmIIC3pgKUSbB3OxM="
}
],
but failed with multiple enties (identical with "/interface wireguard peers export" output
wg_allowed_addrs: '172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8,fe80::/64'
parts of play run output:
"data": [
{
"allowed-address": "172.20.0.0/14"
}
],
"msg": "Elements value for option 'data' is of type <class 'str'> and we were unable to convert to dict: dictionary requested, could not parse JSON or key=value"
COMPONENT NAME
community.routeros.api_modify
ANSIBLE VERSION
ansible [core 2.18.1]
config file = /root/.ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /root/.local/lib/python3.11/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /root/.local/bin/ansible
python version = 3.11.2 (main, Sep 14 2024, 03:00:30) [GCC 12.2.0] (/usr/bin/python3)
jinja version = 3.1.4
libyaml = True
COLLECTION VERSION
# /root/.ansible/collections/ansible_collections
Collection Version
------------------ -------
community.routeros 3.1.0
# /root/.local/lib/python3.11/site-packages/ansible_collections
Collection Version
------------------ -------
community.routeros 3.1.0
CONFIGURATION
CONFIG_FILE() = /root/.ansible.cfg
INTERPRETER_PYTHON(/root/.ansible.cfg) = auto_silent
GALAXY_SERVERS:
OS / ENVIRONMENT
Debian 12, RouterOS 7.16.1, 7.17rc3
STEPS TO REPRODUCE
- name: Mod wireguard peers
ignore_errors: true
community.routeros.api_modify:
path: "interface wireguard peers"
data: 'allowed-address={{ wg_allowed_addrs }} endpoint-address={{ item.wg_peer_ep_addr }} endpoint-port={{ item.wg_peer_ep_port }} interface=wg-{{ item.name }} name=dn42-{{ item.name }} public-key="{{ item.wg_peer_pubkey }}"'
loop: "{{ dn42_peers }}"
wg_priv_key: "xxxxx"
wg_allowed_addrs: '172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8,fe80::/64'
dn42_ipv4: 172.23.32.100
dn42_ipv6_ll: fe80::1732
dn42_peers:
- { name: 'peer1', wg_comment: 'peer1', wg_iface_port: '1111', wg_peer_ep_addr: '1.1.1.1', wg_peer_ep_port: '1111', wg_peer_pubkey: 'ru3pyG6xyNnLPfNwozDJ8UnNGBqmIIC3pgKUSbB3OxM=',
peer_asn: '42424211', peer_iso: '123', peer_ll: 'fe80::1111', peer_com1: '64511:34', peer_com2: '64511:24', peer_com3: '64511:1' }
- { name: 'peer2', wg_comment: 'peer2', wg_iface_port: '2222', wg_peer_ep_addr: '2.2.2.2', wg_peer_ep_port: '2222', wg_peer_pubkey: '5r1ljcVjX59zEaZY3rxUCRytOas6uP5ufaGRN7ZvRig=',
peer_asn: '42424222', peer_iso: '456', peer_ll: 'fe80::2222', peer_com1: '64511:35', peer_com2: '64511:25', peer_com3: '64511:2' }
- { name: 'peer3', wg_comment: 'peer3', wg_iface_port: '3333', wg_peer_ep_addr: '3.3.3.3', wg_peer_ep_port: '3333', wg_peer_pubkey: 'kELMB89iH1TUZhNWL7sLEfI1mX+B2SKhY+knUn3bchU=',
peer_asn: '42424233', peer_iso: '789', peer_ll: 'fe80::3333', peer_com1: '64511:36', peer_com2: '64511:26', peer_com3: '64511:3' }
EXPECTED RESULTS
"data": [
{
"allowed-address": "172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8,fe80::/64",
"endpoint-address": "1.1.1.1",
"endpoint-port": "1111",
"interface": "wg-peer1",
"name": "dn42-peer1",
"public-key": "ru3pyG6xyNnLPfNwozDJ8UnNGBqmIIC3pgKUSbB3OxM="
}
],
ACTUAL RESULTS
failed: [mikrotik] (item={'name': 'peer1', 'wg_comment': 'peer1', 'wg_iface_port': '1111', 'wg_peer_ep_addr': '1.1.1.1', 'wg_peer_ep_port': '1111', 'wg_peer_pubkey': 'ru3pyG6xyNnLPfNwozDJ8UnNGBqmIIC3pgKUSbB3OxM=', 'peer_asn': '42424211', 'peer_iso': '123', 'peer_ll': 'fe80::1111', 'peer_com1': '64511:34', 'peer_com2': '64511:24', 'peer_com3': '64511:1'}) => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3.11"
},
"ansible_loop_var": "item",
"changed": false,
"invocation": {
"module_args": {
"ca_path": null,
"data": [
{
"allowed-address": "172.20.0.0/14"
}
],
"encoding": "ASCII",
"ensure_order": false,
"force_no_cert": false,
"handle_absent_entries": "ignore",
"handle_entries_content": "ignore",
"handle_read_only": "error",
"handle_write_only": "create_only",
"hostname": "mikrotik",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "interface wireguard peers",
"port": null,
"restrict": null,
"timeout": 10,
"tls": true,
"username": "api",
"validate_cert_hostname": false,
"validate_certs": false
}
},
"item": {
"name": "peer1",
"peer_asn": "42424211",
"peer_com1": "64511:34",
"peer_com2": "64511:24",
"peer_com3": "64511:1",
"peer_iso": "123",
"peer_ll": "fe80::1111",
"wg_comment": "peer1",
"wg_iface_port": "1111",
"wg_peer_ep_addr": "1.1.1.1",
"wg_peer_ep_port": "1111",
"wg_peer_pubkey": "ru3pyG6xyNnLPfNwozDJ8UnNGBqmIIC3pgKUSbB3OxM="
},
"msg": "Elements value for option 'data' is of type <class 'str'> and we were unable to convert to dict: dictionary requested, could not parse JSON or key=value"
}
You are passing a string, not a list of dictionaries. Pass a list of YAML dictionary, like this:
- name: Mod wireguard peers
ignore_errors: true
community.routeros.api_modify:
path: "interface wireguard peers"
data:
- allowed-address: '{{ wg_allowed_addrs }}'
endpoint-address: '{{ item.wg_peer_ep_addr }}'
endpoint-port: '{{ item.wg_peer_ep_port }}'
interface: 'wg-{{ item.name }}'
name: 'dn42-{{ item.name }}'
public-key: '{{ item.wg_peer_pubkey }}'
loop: "{{ dn42_peers }}"
