with_items - Githubissues

Nordeus / ansible_iptables_raw

iptables module for Ansible which keeps state

MIT License

127 stars 43 forks source link

with_items #15

Closed usergoodvery closed 7 years ago

usergoodvery commented 7 years ago

hi is this syntax supported, specifically the use of 'with_items'? It seems only one rule is saved per invocation.

name: "..." iptables_raw: name: my_rule state: '{{ db_port | ternary("present", "absent") }}' rules: -A INPUT -p tcp -s {{ hostvars[item].ansible_ssh_host }}/32 --dport {{ db_port }} -j ACCEPT with_items: "{{ myhosts }}"

usergoodvery commented 7 years ago

OK I think the problem above is with "name: my_rule", as that needs to be made unique for every invocation of the loop eg "name: myrule{{ item }}"

kustodian commented 7 years ago

You are correct. Name needs to be unique if you want to add multiple rules.

What you can do is something like this:

- set_fact:
    myhosts_ips: '{{ groups[myhosts] | map("extract", hostvars, ["ansible_ssh_host"]) | list }}'

- name: "..."
    iptables_raw:
      name: my_rule
      state: '{{ db_port | ternary("present", "absent") }}'
      rules: -A INPUT -p tcp -s {{ myhosts_ips | join(",") }} --dport {{ db_port }} -j ACCEPT

But myhosts needs to be a group of hosts in the Ansible inventory.

usergoodvery commented 7 years ago

nice one.. thanks