-1 
remote_address_phase2:
  - 192.168.88.0/24
  - 192.168.1.0/24

任务:

i have to create a firewall group 

  - name: "addrgrp"
    fortios_firewall_addrgrp:
      vdom:  "{{ vdom }}"
      state: "present"
      firewall_addrgrp:
        allow_routing: "disable"
        #category: "default"
        color: "21"
        comment: "try"
        exclude: "disable"
        fabric_object: "disable"
        member:
          - name: "NET-{{ item}}"
      
        name: "try"

        type: "default"

    with_items:  "{{  remote_address_phase2 }}"

如果我进行此活动,我有 2 个不同的任务,但最后一个操作会覆盖第一个

任何想法?

4

1 回答 1

0

按照模块文档中的示例,该参数似乎member:采用了一个字典列表。

模块文档中的示例:

        member:
         -
            name: "default_name_7 (source firewall.address.name firewall.addrgrp.name)"

还没有测试过,但是我们可以在"addrgrp"任务之前创建一个类似的结构set_fact并使用新创建的变量。

    - set_fact:
        fw_members: "{{ fw_members | default([]) + [{'name': 'NET-' ~ item}] }}"
      loop: "{{ remote_address_phase2 }}"

这给出了:

    "fw_members": [
        {
            "name": "NET-192.168.88.0/24"
        },
        {
            "name": "NET-192.168.1.0/24"
        }
    ]

然后应该可以将此变量作为值传递给member:参数。例子:

  - set_fact:
      fw_members: "{{ fw_members | default([]) + [{'name': 'NET-' ~ item}] }}"
    loop: "{{ remote_address_phase2 }}"

  - name: "addrgrp"
    fortios_firewall_addrgrp:
      vdom:  "{{ vdom }}"
      state: "present"
      firewall_addrgrp:
        allow_routing: "disable"
        #category: "default"
        color: "21"
        comment: "try"
        exclude: "disable"
        fabric_object: "disable"
        member: "{{ fw_members }}"
        name: "try"
        type: "default"
于 2021-10-12T18:18:55.463 回答