I had this below acl task in my playbook for over an year now, and it was working fine, i have not touched it, and I have also applied the acls to about 100 switches about an year back, all worked fine back then, recently when I had to update an IP, I ran the task again, but instead of adding the acl line by line, it applied first line and started to give error that says,
"Cannot update existing sequence of ACLs ssh_access_list with state merged. Please use state replaced or overridden.
and I lost access to the switch, because it was ssh access list, luckily I ran it only for single switch.
and regarding the error if I change the state to replaced or overridden, it will keep replacing or overriding the IPs one by one instead of adding sequence by sequence.
The reason why I am confident that it used to work fine and not anymore is because, all my ansible codes are in bitbucket, I checked the first version of the code, and it is same , no chnages yet.
my requirement is that, I need to be able to update the my var ip files, and when I run the below code, it should add the acl sequence by sequence, for eg, first IP will have sequence 10, and second will have 20, and so on.
below is the var files.
#Update the source_host to the users machine IP to allow the ssh access
acls:
- name: ssh_access_list
src_host:
- 10.x.x.71
- 10.x.x.99
- 10.x.x.172
- 10.x.x.95
- 10.x.x.96
- 10.x.x.51
- 10.x.x.134
- 10.x.x.135
- 10.x.x.13
- 10.x.x.151
below is the sample acl I ran on another switch using the same code an year back.
sh access-lists ssh_access_list
Extended IP access list ssh_access_list
10 permit ip host 10.x.x.71 any
20 permit ip host 10.x.x.99 any (430 matches)
30 permit ip host 10.x.x.172 any (6 matches)
40 permit ip host 10.x.x.95 any (28 matches)
50 permit ip host 10.x.x.96 any (2 matches)
60 permit ip host 10.x.x.51 any
70 permit ip host 10.x.x.134 any (8 matches)
80 permit ip host 10.x.x.135 any
90 permit ip host 10.x.x.13 any
100 deny ip any any
SUMMARY
I had this below acl task in my playbook for over an year now, and it was working fine, i have not touched it, and I have also applied the acls to about 100 switches about an year back, all worked fine back then, recently when I had to update an IP, I ran the task again, but instead of adding the acl line by line, it applied first line and started to give error that says,
and I lost access to the switch, because it was ssh access list, luckily I ran it only for single switch.
and regarding the error if I change the state to replaced or overridden, it will keep replacing or overriding the IPs one by one instead of adding sequence by sequence. The reason why I am confident that it used to work fine and not anymore is because, all my ansible codes are in bitbucket, I checked the first version of the code, and it is same , no chnages yet.
ISSUE TYPE
COMPONENT NAME
cisco.ios.ios_acls:
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
cisco switch version 15.2
STEPS TO REPRODUCE
use the below code, I also added the yaml dictionary.
https://github.com/ansible-collections/cisco.ios
EXPECTED RESULTS
ACTUAL RESULTS
my requirement is that, I need to be able to update the my var ip files, and when I run the below code, it should add the acl sequence by sequence, for eg, first IP will have sequence 10, and second will have 20, and so on.
below is the var files.
below is the sample acl I ran on another switch using the same code an year back.