Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

asa_og: Issue when using state:replace with Port: 80 in port-groups #70518

Closed
djedovica opened this issue Jul 8, 2020 · 3 comments
Closed

asa_og: Issue when using state:replace with Port: 80 in port-groups #70518

djedovica opened this issue Jul 8, 2020 · 3 comments
Labels
affects_2.8 This issue/PR affects Ansible v2.8 asa Cisco ASA community bug This issue/PR relates to a bug. cisco Cisco technologies collection:cisco.asa collection Related to Ansible Collections work module This issue/PR relates to a module. needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md networking Network category python3 support:community This issue/PR relates to code supported by the Ansible community.

Comments

@djedovica
Copy link

SUMMARY

I have a port 80 in the port group on the firewall. When I send a task with state:replace the port 80 will always be removed from this group. When I send once again the same task, the port 80 will be created in this port group. By next attempt it will be removed, and then created etc. I get no errors from ansible.

I have also tested with other ports and the same problem appears with port 67. Other ports that I have tested seem to work properly (of course, I haven’t tested all possible ports).

The same problem appears when using port range with port 90 (Example: port_range: 80 90).

ISSUE TYPE
  • Bug Report
COMPONENT NAME

asa_og

ANSIBLE VERSION
ansible 2.8.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.8 (default, Aug  7 2019, 17:28:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
CONFIGURATION
ANSIBLE_PIPELINING(/etc/ansible/ansible.cfg) = True
DEFAULT_HASH_BEHAVIOUR(/etc/ansible/ansible.cfg) = merge
DEFAULT_PRIVATE_KEY_FILE(/etc/ansible/ansible.cfg) = /root/.ssh/id_rsa
DEFAULT_PRIVATE_ROLE_VARS(/etc/ansible/ansible.cfg) = True
DEFAULT_VAULT_PASSWORD_FILE(/etc/ansible/ansible.cfg) = /root/.ansible/vault.key
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False
PARAMIKO_HOST_KEY_AUTO_ADD(/etc/ansible/ansible.cfg) = True
PERSISTENT_CONNECT_TIMEOUT(/etc/ansible/ansible.cfg) = 30
RETRY_FILES_ENABLED(/etc/ansible/ansible.cfg) = False
OS / ENVIRONMENT

Centos 7.7
Firewall: ASA 5515

STEPS TO REPRODUCE

I have two tasks: one for creating a port-group with state: present and second to edit a port-group with state: replace. The problem appears when I send a task with state:replace. This task is always going to delete port 80 from port-group.
For example:

First task:
- name: configure port-object object-group
  asa_og:
    name: port_group_test_7
    group_type: port-object
    state: present
    description: description
    protocol: tcp-udp
    port_eq:
      - "80"
      - "90"
    port_range:
  tags:
    - port_group1


Second Task:
- name: configure port-object object-group
  asa_og:
    name: port_group_test_7
    group_type: port-object
    state: replace
    description: description
    protocol: tcp-udp
    port_eq:
      - "80"
      - "91"
    port_range:
  tags:
    - port_group1

In this example, the difference is that I have replaced port 90 with port 91. After executing Task 1, on the firewall is created a port-group with ports: 80 and 90 (there is no problem). After executing Task 2, the group on the firewall will contain only the port 91, the port 80 is deleted.

EXPECTED RESULTS

I expect that port group contains ports: 80, 91

ACTUAL RESULTS

After first execution: port group contains only port 91
After second execution: port group contains ports 80, 91
After third execution: port group contains only port 91
etc.
@ansibot
Copy link
Contributor

ansibot commented Jul 8, 2020

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Jul 8, 2020

@djedovica, just so you are aware we have a dedicated Working Group for network.
You can find other people interested in this in #ansible-network on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

@ansibot ansibot added affects_2.8 This issue/PR affects Ansible v2.8 asa Cisco ASA community bug This issue/PR relates to a bug. cisco Cisco technologies collection Related to Ansible Collections work collection:cisco.asa module This issue/PR relates to a module. needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md needs_triage Needs a first human triage before being processed. networking Network category python3 support:community This issue/PR relates to code supported by the Ansible community. labels Jul 8, 2020
@Akasurde Akasurde mentioned this issue Jul 8, 2020
Open
@Akasurde
Copy link
Member

Akasurde commented Jul 8, 2020

Thank you very much for your interest in Ansible. This plugin/module is no longer maintained in this repository and has been migrated to https://github.com/ansible-collections/cisco.asa

Migrated this issue in the above repository - ansible-collections/cisco.asa#55.

If you have further questions please stop by IRC or the mailing list:

@Akasurde Akasurde closed this as completed Jul 8, 2020
@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Jul 14, 2020
@ansible ansible locked and limited conversation to collaborators Aug 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.8 This issue/PR affects Ansible v2.8 asa Cisco ASA community bug This issue/PR relates to a bug. cisco Cisco technologies collection:cisco.asa collection Related to Ansible Collections work module This issue/PR relates to a module. needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md networking Network category python3 support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sivel @Akasurde @ansibot @djedovica