MaxxLiu22
commented
1 year ago Hi @Snickers1337 ,
Thank you for raising this valuable issue, I can reproduce this problem. The argument "udp-portrange" can't be set to "null" alone is an Ansible issue, "tcp-portrange" and "udp-portrange" can both be set to "null" is a conflict between CLI and API operations. I have reported them to corresponding development team. I will let you know if there is any update. Thank you again for your information.
Thanks, Maxx
Snickers1337
There is an bug in this module when you try to remove UDP/TCP Ports. If there is a Single UDP Port set on a service and you try to remove the UDP Port Ansible tells you there is nothing to do.
Example1: You have a Service Object like this: config firewall service custom edit "Test2" set category "Test" set tcp-portrange 1234 set udp-portrange 1234 next end
or like this:
config firewall service custom edit "Test2" set category "Test" set tcp-portrange 1234 set udp-portrange 1234-4567 next end
If you try to remove the UDP Ports with ansible --> Ansible tells you that there is nothing to change. If you try to remove the UDP and TCP ports with ansible --> Everything is ok and Ansible removes all Ports from the Object.
Example2: You have a Service Object like this: config firewall service custom edit "Test2" set category "Test" set tcp-portrange 1234 set udp-portrange 1234 4567 next end
or like this:
config firewall service custom edit "Test2" set category "Test" set tcp-portrange 1234 set udp-portrange 1235-1238 4567 next end
If you remove the single UDP Port "4567" with ansible --> Everything is ok and Ansible only removes UDP-Port "4567" If you remove both UDP Ports/Portrange with ansible --> Everything is ok and Ansible removes all UDP Ports
Note: At TCP Ports you only get trouble if you try to remove the last TCP Port object at a service which looks like this: config firewall service custom edit "Test2" set category "Test" set tcp-portrange 1234 next end
But if you try to do this on cli (unset tcp-portrange) you also get an error --> This makes sense because if there is no port on the object you dont need the object
Example3: But also a strange bahvior is if you had an object like this: config firewall service custom edit "Test2" set category "Test" set tcp-portrange 1234 4567-4600 set udp-portrange 1234-4567 4569 next end
If you remove all TCP and UDP ports everything works fine --> no error and the result is a empty object. Result: config firewall service custom edit "Test2" set category "Test" next end
Environment pip list Package Version
ansible 7.2.0 ansible-core 2.14.2 anyio 3.6.2 certifi 2022.12.7 cffi 1.15.1 charset-normalizer 3.0.1 click 8.1.3 cryptography 39.0.0 fastapi 0.88.0 flake8 6.0.0 greenlet 2.0.2 h11 0.14.0 idna 3.4 Jinja2 3.1.2 MarkupSafe 2.1.2 mccabe 0.7.0 netaddr 0.8.0 packaging 23.0 passlib 1.7.4 pip 23.0 pycodestyle 2.10.0 pycparser 2.21 pydantic 1.10.4 pyflakes 3.0.1 pyvmomi 7.0.3 PyYAML 6.0 requests 2.28.2 resolvelib 0.8.1 setuptools 67.1.0 six 1.16.0 sniffio 1.3.0 SQLAlchemy 1.4.46 starlette 0.22.0 typing_extensions 4.4.0 urllib3 1.26.14 uvicorn 0.20.0
ansible --version ansible [core 2.14.2] config file = None configured module search path = ['/home/ms/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/ms/avamation/.venv/lib/python3.10/site-packages/ansible ansible collection location = /home/ms/.ansible/collections:/usr/share/ansible/collections executable location = /home/ms/avamation/.venv/bin/ansible python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/home/ms/avamation/.venv/bin/python) jinja version = 3.1.2 libyaml = True
ansible-galaxy collection list
/home/ms/avamation/.venv/lib/python3.10/site-packages/ansible_collections
Collection Version
amazon.aws 5.2.0
ansible.netcommon 4.1.0
ansible.posix 1.5.1
ansible.utils 2.9.0
ansible.windows 1.13.0 arista.eos 6.0.0
awx.awx 21.11.0 azure.azcollection 1.14.0 check_point.mgmt 4.0.0
chocolatey.chocolatey 1.4.0
cisco.aci 2.3.0
cisco.asa 4.0.0
cisco.dnac 6.6.3
cisco.intersight 1.0.23 cisco.ios 4.3.1
cisco.iosxr 4.1.0
cisco.ise 2.5.12 cisco.meraki 2.15.0 cisco.mso 2.2.1
cisco.nso 1.0.3
cisco.nxos 4.0.1
cisco.ucs 1.8.0
cloud.common 2.1.2
cloudscale_ch.cloud 2.2.4
community.aws 5.2.0
community.azure 2.0.0
community.ciscosmb 1.0.5
community.crypto 2.10.0 community.digitalocean 1.23.0 community.dns 2.5.0
community.docker 3.4.0
community.fortios 1.0.0
community.general 6.3.0
community.google 1.0.0
community.grafana 1.5.3
community.hashi_vault 4.1.0
community.hrobot 1.7.0
community.libvirt 1.2.0
community.mongodb 1.4.2
community.mysql 3.5.1
community.network 5.0.0
community.okd 2.2.0
community.postgresql 2.3.2
community.proxysql 1.5.1
community.rabbitmq 1.2.3
community.routeros 2.7.0
community.sap 1.0.0
community.sap_libs 1.4.0
community.skydive 1.0.0
community.sops 1.6.0
community.vmware 3.3.0
community.windows 1.12.0 community.zabbix 1.9.1
containers.podman 1.10.1 cyberark.conjur 1.2.0
cyberark.pas 1.0.17 dellemc.enterprise_sonic 2.0.0
dellemc.openmanage 6.3.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
dellemc.powerflex 1.5.0
dellemc.unity 1.5.0
f5networks.f5_modules 1.22.0 fortinet.fortimanager 2.1.7
fortinet.fortios 2.2.2
frr.frr 2.0.0
gluster.gluster 1.0.2
google.cloud 1.1.2
grafana.grafana 1.1.0
hetzner.hcloud 1.9.1
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 1.11.0 infinidat.infinibox 1.3.12 infoblox.nios_modules 1.4.1
inspur.ispim 1.2.0
inspur.sm 2.3.0
junipernetworks.junos 4.1.0
kubernetes.core 2.3.2
lowlydba.sqlserver 1.3.1
mellanox.onyx 1.0.0
netapp.aws 21.7.0 netapp.azure 21.10.0 netapp.cloudmanager 21.22.0 netapp.elementsw 21.7.0 netapp.ontap 22.2.0 netapp.storagegrid 21.11.1 netapp.um_info 21.8.0 netapp_eseries.santricity 1.4.0
netbox.netbox 3.10.0 ngine_io.cloudstack 2.3.0
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.3
openstack.cloud 1.10.0 openvswitch.openvswitch 2.1.0
ovirt.ovirt 2.4.1
purestorage.flasharray 1.16.2 purestorage.flashblade 1.10.0 purestorage.fusion 1.3.0
sensu.sensu_go 1.13.2 splunk.es 2.1.0
t_systems_mms.icinga_director 1.32.0 theforeman.foreman 3.8.0
vmware.vmware_rest 2.2.0
vultr.cloud 1.7.0
vyos.vyos 4.0.0
wti.remote 1.0.4