Closed meandus closed 6 years ago
It looks like I should add more validation to structure, from what I can tell from the playbook, your group syntax is invalid. Should be in this format:
- network:
name: networka
ipv4_network: 3.3.3.0/24
ipv6_network: fc00::/7
comment: created by dlepage
- group:
name: mygroup
members:
- host:
name: hosta
- group:
name: newgroupa
members:
- host:
name: newhostb
address: 1.1.1.1
The group definition does not look correct. Here is the dict format:
{'elements': [
{'network': {'comment': 'created by dlepage',
'ipv4_network': '3.3.3.0/24',
'ipv6_network': 'fc00::/7',
'name': 'networka'}},
{'group': {'members': [{'host': {'name': 'hosta'}}],
'name': 'mygroup'}},
{'group': {'members': [{'host': {'address': '1.1.1.1',
'name': 'newhostb'}}],
'name': 'newgroupa'}}]
Yes I know the error (because of /32 foe a network) but i prefer to show you an unmanaged case and error ;)
RÉMY POUCHAIN
Le 5 avril 2018 21:23:45 GMT+02:00, David LePage notifications@github.com a écrit :
It looks like I should add more validation to structure, from what I can tell from the playbook, your group syntax is invalid. Should be in this format:
- network: name: networka ipv4_network: 3.3.3.0/24 ipv6_network: fc00::/7 comment: created by dlepage - group: name: mygroup members: - host: name: hosta - group: name: newgroupa members: - host: name: newhostb address: 1.1.1.1
The group definition does not look correct. Here is the dict format:
{'elements': [ {'network': {'comment': 'created by dlepage', 'ipv4_network': '3.3.3.0/24', 'ipv6_network': 'fc00::/7', 'name': 'networka'}}, {'group': {'members': [{'host': {'name': 'hosta'}}], 'name': 'mygroup'}}, {'group': {'members': [{'host': {'address': '1.1.1.1', 'name': 'newhostb'}}], 'name': 'newgroupa'}}]
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379048832
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
One additional thing to note is the second group syntax supports creating the element within the group rather than as a second operation. If it's a simpler model, I'm not opposed to modifying the format to expect the group elements be created and use a syntax like this:
- group:
name: foogroup
members:
host:
- hosta
- hostb
which appears to be the syntax you are using.
Right now ,im using two task ti create object and another to add member to group.
It could be interesting but not mandatory to allow creation of empty group (allowed in SMC)
Le 5 avril 2018 21:45:11 GMT+02:00, David LePage notifications@github.com a écrit :
One additional thing to note is the second group syntax supports creating the element within the group rather than as a second operation. If it's a simpler model, I'm not opposed to modifying the format to expect the group elements be created and use a syntax like this:
- group: name: foogroup members: host: - hosta - hostb
which appears to be the syntax you are using.
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379054602
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Add a flag to add member or remove member ;)
Le 5 avril 2018 21:45:11 GMT+02:00, David LePage notifications@github.com a écrit :
One additional thing to note is the second group syntax supports creating the element within the group rather than as a second operation. If it's a simpler model, I'm not opposed to modifying the format to expect the group elements be created and use a syntax like this:
- group: name: foogroup members: host: - hosta - hostb
which appears to be the syntax you are using.
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379054602
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Thanks for the feedback 👍 I will add a check in place here to catch that invalid format (and any others). I like the idea of empty group and flag to add/remove. Will incorporate.
Hi Remy, Quick question. Does it seem reasonable if I implement this for groups:
- group:
name: foogroup
members:
host:
- hosta
- hostb
This is a deviation from the current where members could be created in the nested group definition. I will then also add an option to remove member/s also.
If you add also - network object ;)
Le 6 avril 2018 18:54:32 GMT+02:00, David LePage notifications@github.com a écrit :
Hi Remy, Quick question. Does it seem reasonable if I implement this for groups:
- group: name: foogroup members: host: - hosta - hostb
This is a deviation from the current where members could be created in the nested group definition. I will then also add an option to remove member/s also.
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379312776
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Hi Remy, yes for sure. Any network_elements will be supported as group members.
Hi Remy, I have posted a new version that supports modify/remove of group members based on this type of syntax:
- group:
name: foogroup
#remove_members: true
#append_lists: true
members:
host:
- hosta
- hostb
network:
- networka
It is also possible to add a netlink element now as well. Please see the example network_element playbook:
https://github.com/gabstopper/ansible-stonesoft/blob/master/playbooks/network_element.yml
The new engine library also allows you to assign the netlink to the specified interfaces.
Thanks a lot !
Le 25 avril 2018 05:50:22 GMT+02:00, David LePage notifications@github.com a écrit :
Hi Remy, I have posted a new version that supports modify/remove of group members based on this type of syntax:
- group: name: foogroup #remove_members: true #append_lists: true members: host: - hosta - hostb network: - networka
It is also possible to add a netlink element now as well. Please see the example network_element playbook:
https://github.com/gabstopper/ansible-stonesoft/blob/master/playbooks/network_element.yml
The new engine library also allows you to assign the netlink to the specified interfaces.
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-384152643
-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Will close this as implemented. Note that you can also add an empty group in the format:
- group:
name: emptyregulargrp
members:
vars:
NETWORKS: NET1: name: BU1 range: 1.1.1.1/32
task:
error: