Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't change value of nat using api_find_and_modify #168

Closed
ZamanOof opened this issue May 18, 2023 · 1 comment
Closed

can't change value of nat using api_find_and_modify #168

ZamanOof opened this issue May 18, 2023 · 1 comment

Comments

@ZamanOof
Copy link

SUMMARY

when try to use api_find_and_modify can't get what i want by find based on input then change the value and i get the result ok (success) when remove require_matches_min: 1 but there is no change of values: so try to change it to get what i want but no luck

failed: [any -> localhost] (item=[443, 'hello.com']) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_no_matches": false,
            "ca_path": "keys/trust.test.ca.crt",
            "encoding": "ASCII",
            "find": {
                "action": "masquerade",
                "chain": "srcnat",
                "disabled": "yes",
                "dst-address-list": "hello.com",
                "dst-port": "443",
                "protocol": "tcp",
                "src-address": "192.168.14.16"
            },
            "force_no_cert": false,
            "hostname": "gpsm.test",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "path": "ip firewall nat",
            "port": null,
            "require_matches_max": null,
            "require_matches_min": 1,
            "timeout": 10,
            "tls": false,
            "username": "admin",
            "validate_cert_hostname": false,
            "validate_certs": true,
            "values": {
                "disabled": "no"
            }
        }
    },
    "item": [
        443,
        "hello.com"
    ],
    "msg": "Found no entries, but allow_no_matches=false"
}
failed: [any -> localhost] (item=[80, 'hello.com']) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_no_matches": false,
            "ca_path": "keys/trust.test.ca.crt",
            "encoding": "ASCII",
            "find": {
                "action": "masquerade",
                "chain": "srcnat",
                "disabled": "yes",
                "dst-address-list": "hello.com",
                "dst-port": "80",
                "protocol": "tcp",
                "src-address": "192.168.14.16"
            },
            "force_no_cert": false,
            "hostname": "gpsm.test",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "path": "ip firewall nat",
            "port": null,
            "require_matches_max": null,
            "require_matches_min": 1,
            "timeout": 10,
            "tls": false,
            "username": "admin",
            "validate_cert_hostname": false,
            "validate_certs": true,
            "values": {
                "disabled": "no"
            }
        }
    },
    "item": [
        80,
        "hello.com"
    ],
    "msg": "Found no entries, but allow_no_matches=false"
}
failed: [any -> localhost] (item=[80, 'google.com']) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_no_matches": false,
            "ca_path": "keys/trust.test.ca.crt",
            "encoding": "ASCII",
            "find": {
                "action": "masquerade",
                "chain": "srcnat",
                "disabled": "yes",
                "dst-address-list": "google.com",
                "dst-port": "80",
                "protocol": "tcp",
                "src-address": "192.168.14.16"
            },
            "force_no_cert": false,
            "hostname": "gpsm.test",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "path": "ip firewall nat",
            "port": null,
            "require_matches_max": null,
            "require_matches_min": 1,
            "timeout": 10,
            "tls": false,
            "username": "admin",
            "validate_cert_hostname": false,
            "validate_certs": true,
            "values": {
                "disabled": "no"
            }
        }
    },
    "item": [
        80,
        "google.com"
    ],
    "msg": "Found no entries, but allow_no_matches=false"
}
failed: [any -> localhost] (item=[443, 'google.com']) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_no_matches": false,
            "ca_path": "keys/trust.test.ca.crt",
            "encoding": "ASCII",
            "find": {
                "action": "masquerade",
                "chain": "srcnat",
                "disabled": "yes",
                "dst-address-list": "google.com",
                "dst-port": "443",
                "protocol": "tcp",
                "src-address": "192.168.14.16"
            },
            "force_no_cert": false,
            "hostname": "gpsm.test",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "path": "ip firewall nat",
            "port": null,
            "require_matches_max": null,
            "require_matches_min": 1,
            "timeout": 10,
            "tls": false,
            "username": "admin",
            "validate_cert_hostname": false,
            "validate_certs": true,
            "values": {
                "disabled": "no"
            }
        }
    },
    "item": [
        443,
        "google.com"
    ],
    "msg": "Found no entries, but allow_no_matches=false"
}

Sure

ISSUE TYPE
  • Your Report
    not sure if it's bug or need more info
COMPONENT NAME
montip: 192.168.14.16
montport: [443,80] #443/80
montproto: tcp #tcp/udp
user: root
websites: ['hello.com','google.com']
- name: Adjust NAT
community.routeros.api_find_and_modify:
  hostname: "{{ hostname }}"
  password: "{{ password }}"
  username: "{{ username }}"
  ca_path: "{{ ca_path }}"
  path: ip firewall nat
  find: >-
   src-address={{ montip }}
   protocol={{ montproto }}
   dst-address-list={{ item.1 }}
   dst-port={{ item.0 }}
   chain={{ natchain }}
   action={{ nataction }}
   out-interface-list={{ interfacelist }}
   disabled={{ natstatus }}
  values: 
    disabled: "no"
  require_matches_min: 1
  # allow_no_matches=true
  # require_matches_max: 1
delegate_to: localhost
register:   QueryNatOut
with_nested:  
  - "{{ montport }}"
  - "{{ websites }}"
ANSIBLE VERSION
ansible [core 2.13.3]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.16 (main, Dec 21 2022, 10:57:18) [GCC 8.5.0 20210514 (Red Hat 8.5.0-17)]
  jinja version = 3.1.2
  libyaml = True

Thanks
@felixfontein
Copy link
Collaborator

Duplicate of #169.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@felixfontein @ZamanOof