alagoutte
commented
3 months ago Hi @chr00ted
Do you have look member_state and member_path parameter ?
Closed chr00ted closed 3 months ago
alagoutte
commented
3 months ago Hi @chr00ted
Do you have look member_state and member_path parameter ?
chr00ted
commented
3 months ago @alagoutte , I'm not sure on member_path as the documentation isn't really clear on that (at least to me). I'm member_state, but it doesnt seem to be working either. Do you have any examples or could you look over what I have below to see what I may be missing?
I get the following when I run the example below: Unsupported parameters for (fortinet.fortios.fortios_firewall_addrgrp) module: firewall_addrgrp.member_state. Supported parameters include: allow_routing, category, color, comment, exclude, exclude_member, fabric_object, member, name, tagging, type, uuid, visibility.
chr00ted
commented
3 months ago Looking further into it, please correct me if I'm wrong, It looks like member_state and member_path have to deal with member folders.
My main objective is to append a new group into an existing address group.
Say I have address group 1 which already contains groups A,B,C, & D. In my playbook I would be trying to append group E to group 1 while also keeping the existing group 1 members intact so ultimately group 1 would contain address groups: A,B,C,D,& E.
Some of these existing groups are large and I don't want to list all of the preexisting group members.
MaxxLiu22
commented
3 months ago Hi @chr00ted ,
Thank you for your question. Your understanding is correct. If we do not set the member operation, Ansible will send all configurations to the remote device and overwrite the existing configuration. The member operation will retain the existing sub-blocks and then perform the add or remove operation. Here is an example for your reference. We have a documentation regarding the member operation, as it can be confusing for first-time users.
tasks:
- name: add a member to firewall_addrgrp.member
fortios_firewall_addrgrp:
vdom: root
member_state: present # present for adding, absent for deleting
member_path: member:name # mkey to the block
state: present
firewall_addrgrp:
member:
- name: FIREWALL_AUTH_PORTAL_ADDRESS
name: addrgrpThanks, Maxx
chr00ted
commented
3 months ago Thanks again @MaxxLiu22,
Does that mean I cannot use ansible to append a group member? (IE: add a new group member while retaining the other existing group members)?
chr00ted
commented
3 months ago @MaxxLiu22, reading further in the documentation you linked, it looks like I can possibly append. I would just need to know the member path, how would I know the mkey for member_path to an existing group?
MaxxLiu22
commented
3 months ago Hi @chr00ted ,
For different blocks, there may be different mkeys (main keys), which you will need to refer to the resource documentation accordingly. These are generally marked as required: true, such as the "name" in the "member" of fortios_firewall_addrgrp
name - Address name. Source firewall.address.name firewall.addrgrp.name. type: str required: true@MaxxLiu22 & @alagoutte,
Thank you both for your help. I got it working with:
name: Add New ACT Location - Update ACT Group fortinet.fortios.fortios_firewall_addrgrp: vdom: "{{ vdom }}" state: "present" member_state: "present" member_path: "member:name" firewall_addrgrp: allow_routing: "enable" fabric_object: "enable" name: "ACT-GER-TEST" member:
Hello all, thank you developers for all of your Fortinet contributions! I have a question concerning fortinet.fortios.fortios_firewall_addrgrp. Say I have an existing firewall_addrgrp that has allot of members already. How can I append a new member while keeping the others? I don't see an option for that.
Here is an example from an existing playbook that is doing allot if other things:
Right now, the nname variable gets added to the group and all other members are lost. Basically I'm looking for a faster way to update allot of large groups via Ansible instead of cli. Thanks in advance!