FTD - DHCPRelayService

kscholz

Здравствуйте, через API-Explorer с put dhcprelayservices все работает нормально, но через ansible я получаю только первое значение, но не записи о сервере и агенте.
Код через API-Explorer работает: { "version": "m2l3jneotn6e4", "name": "NAME_DHCP-RELAY-SERVER", "ipv4RelayTimeout": 60, "ipv6RelayTimeout": 60, "servers": [ { "server": { "type": "networkobject", "name": "IPv4_DHCP1" }, "interface": { "type": "subinterface", "name": "Interfacename who the dhcp running" }, "type": "dhcprelayserver" }, { "server": { "type": "networkobject", "name": "IPv4_DHCP2" }, "interface": { "type": "subinterface", "name": "Interfacename who the dhcp running" }, "type": "dhcprelayserver" } ] "agents": [ { "enableIpv4Relay": true, "enableIpv6Relay": false, "setRoute": false, "interface": { "type": "subinterface", "name": "Interface-Name" }, "type": "dhcprelayagent" }, { "enableIpv4Relay": true, "enableIpv6Relay": false, "setRoute": false, "interface": { "type": "subinterface", "name": "Interface-Name" }, "type": "dhcprelayagent" } ] "type": "dhcprelayservice" }
} Код Ansible (все значения ID считываются до выполнения этого скрипта): ---

name: Execute upsertDHCPRelayService operation M-NET HB ftd_configuration: operation: upsertDHCPRelayService data: version: "{{ dhcprelay.version }}" name: NAME_DHCP-RELAY-SERVER description: "NAME_DHCP-RELAY-SERVER" ipv4RelayTimeout: 60 ipv6RelayTimeout: 60 servers[0]: [ {"server": {"type": "networkobject","name": "IPv4_dhcpserver1"},"interface": {'type':'subinterface','id':'{{ subinterface_interfaceX.id }}' },"type": "dhcprelayserver"} ] servers[1]: [ {"server": {"type": "networkobject","name": "IPv4_dhcpserver2"},"interface": {'type':'subinterface','id':'{{ subinterface_interfaceX.id }}' },"type": "dhcprelayserver"} ] agents[0]: [ {"enableIpv4Relay": true,"enableIpv6Relay": false,"setRoute": false,"interface": {'type':'subinterface','id':'{{ subinterface_interfaceX.id }}' },"type": "dhcprelayagent"} ] agents[1]: [ {"enableIpv4Relay": true,"enableIpv6Relay": false,"setRoute": false,"interface": {'type':'subinterface','id':'{{ subinterface_interfaceX.id }}' },"type": "dhcprelayagent"} ] agents[2]: [ {"enableIpv4Relay": true,"enableIpv6Relay": false,"setRoute": false,"interface": {'type':'subinterface','id':'{{ subinterface_interfaceX.id }}' },"type": "dhcprelayagent"} ] agents[3]: [ {"enableIpv4Relay": true,"enableIpv6Relay": false,"setRoute": false,"interface": {'type':'subinterface','id':'{{ subinterface_interfaceX.id }}' },"type": "dhcprelayagent"} ] agents[4]: [ {"enableIpv4Relay": true,"enableIpv6Relay": false,"setRoute": false,"interface": {'type':'subinterface','id':'{{ subinterface_interfaceX_f.id }}' },"type": "dhcprelayagent"} ] type: dhcprelayservice Если я не использую номер сервера и агентов, то получаю следующую ошибку от ansible. "msg": { "Invalid data provided": { "required": [ "servers[0].server.id", "servers[1].server.id" Вывод Ansible: changed: [ftd-name] => { "ansible_facts": {}, "changed": true, "invocation": { "module_args": { "data": { "agents[0]": [ { "enableIpv4Relay": true, "enableIpv6Relay": false, "interface": { "id": "39f2769f-9062-11ee-8f5f-9fdadd220530", "type": "subinterface" }, "setRoute": false, "type": "dhcprelayagent" } ], "agents[1]": [ { "enableIpv4Relay": true, "enableIpv6Relay": false, "interface": { "id": "2f321ffb-9063-11ee-8f5f-0d83eeffbb9c", "type": "subinterface" }, "setRoute": false, "type": "dhcprelayagent" } ], "agents[2]": [ { "enableIpv4Relay": true, "enableIpv6Relay": false, "interface": { "id": "b2bd3384-9063-11ee-8f5f-cb99fc234435", "type": "subinterface" }, "setRoute": false, "type": "dhcprelayagent" } ], "agents[3]": [ { "enableIpv4Relay": true, "enableIpv6Relay": false, "interface": { "id": "b96eea77-9063-11ee-8f5f-81d10b4858ef", "type": "subinterface" }, "setRoute": false, "type": "dhcprelayagent" } ], "agents[4]": [ { "enableIpv4Relay": true, "enableIpv6Relay": false, "interface": { "id": "c01297aa-9063-11ee-8f5f-b5272134f9bc", "type": "subinterface" }, "setRoute": false, "type": "dhcprelayagent" } ], "description": "NAME_DHCP-RELAY-SERVER", "id": "c25e5737-9be2-11ed-8442-7f729e5d90b5", "ipv4RelayTimeout": 60, "ipv6RelayTimeout": 60, "name": "NAME_DHCP-RELAY-SERVER", "servers[0]": [ { "interface": { "id": "5318e182-9065-11ee-8f5f-39e51efbc113", "type": "subinterface" }, "server": { "name": "IPv4_name", "type": "networkobject" }, "type": "dhcprelayserver" } ], "servers[1]": [ { "interface": { "id": "5318e182-9065-11ee-8f5f-39e51efbc113", "type": "subinterface" }, "server": { "name": "IPv4_name", "type": "networkobject" }, "type": "dhcprelayserver" } ], "type": "dhcprelayservice", "version": "oodxtfoeskckb" }, "filters": { "name": "NAME_DHCP-RELAY-SERVER" }, "operation": "upsertDHCPRelayService", "path_params": { "objId": "c25e5737-9be2-11ed-8442-7f729e5d90b5" }, "query_params": null, "register_as": null } }, "response": {}
} Но значения для сервера и агента не установлены. Есть какие-нибудь идеи? Вывод Ansible из getDHCPRelayService : ok: [ftd-name] => {
"ansible_facts": {
"dhcprelay": {
"id": "c25e5737-9be2-11ed-8442-7f729e5d90b5",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"links": {
"self": "https://X.X.X.X/api/fdm/v6/devicesettings/default/dhcprelayservices/c25e5737-9be2-11ed-8442-7f729e5d90b5"
},
"name": "NAME_DHCP-RELAY-SERVER",
"type": "dhcprelayservice",
"version": "oodxtfoeskckb"
}
},
"changed": false,
"invocation": {
"module_args": {
"data": null,
"filters": null,
"operation": "getDHCPRelayService",
"path_params": {
"objId": "c25e5737-9be2-11ed-8442-7f729e5d90b5"
},
"query_params": null,
"register_as": "dhcprelay"
}
},
"response": {
"id": "c25e5737-9be2-11ed-8442-7f729e5d90b5",
"ipv4RelayTimeout": 60,
"ipv6RelayTimeout": 60,
"links": {
"self": "https://x.x.x.x/api/fdm/v6/devicesettings/default/dhcprelayservices/c25e5737-9be2-11ed-8442-7f729e5d90b5"
},
"name": "NAME_DHCP-RELAY-SERVER",
"type": "dhcprelayservice",
"version": "oodxtfoeskckb"
}
}

kscholz

Я сам нашел решение. Вот оно для всех, кто столкнулся с той же ошибкой.

Maintask:
Примечание:
get_DHCPRelayService.yml | необходимо для получения версии {каждое изменение создает новую версию.id}
get_Subinterfaces.yml | все клиентские интерфейсы, а также интерфейс, на котором работает dhcpserver
get_Networkobject_Hosts.yml | Networkobject-Host для всех Dhcp-серверов
create_upsertDHCPRelayService.yml | Объединяет все и создает DHCPRelayService ## dhcprelay
include_tasks: dhcprelay/get_DHCPRelayService.yml
include_tasks: dhcprelay/get_Subinterfaces.yml
include_tasks: dhcprelay/get_Networkobject_Hosts.yml
include_tasks: dhcprelay/create_upsertDHCPRelayService.yml - get_DHCPRelayService.yml
(получить objId из API-Explorer
«devicesettings/default/dhcprelayservices») - name: Execute getDHCPRelayService operation ftd_configuration: operation: getDHCPRelayService path_params: objId: "c25e5737-9be2-11ed-8442-7f729e5d90b5" register_as: dhcprelay - get_subinterfaces.yml
(parentID = etherchannelinterfaces.id | objectId = subinterface.id | /devices/default/etherchannelinterfaces/{parentId}/subinterfaces/{objId} ) - name: Execute 'getEtherChannelSubInterface' operation for subinterface_dhcpserver ftd_configuration: operation: getEtherChannelSubInterface path_params: parentId: "3e566c4c-893f-11ee-affa-0f8b24bd1413" objId: "39f2769f-9062-11ee-8f5f-9fdadd220530" register_as: subinterface_running_dhcpserver
name: Execute 'getEtherChannelSubInterface' operation ftd_configuration: operation: getEtherChannelSubInterface path_params: parentId: "3e566c4c-893f-11ee-affa-0f8b24bd1413" objId: "4b2a27c7-9063-11ee-8f5f-e509fc162e52" register_as: subinterface_for_dhcp_client_x - get_networkobject_hosts.yml
(objectId = dhcpserver.id | object/networks) ---
name: Get network object DHCPSRV01 ftd_configuration: operation: getNetworkObject path_params: objId: "a7229958-69ba-11ee-ac26-77f58cb87786" register_as: networkobject_ipv4_dhcpsrv01
name: Get network object DHCPSRV02 ftd_configuration: operation: getNetworkObject path_params: objId: "a7f7758b-69ba-11ee-ac26-0199d25e7228" register_as: networkobject_ipv4_dhcpsrv02 - create_upsertDHCPRelayService.yml ---
name: Execute upsertDHCPRelayService operation ftd_configuration: operation: upsertDHCPRelayService data: version: "{{ dhcprelay.version }}" name: NAME_DHCP-RELAY-SERVER description: "NAME_DHCP-RELAY-SERVER" ipv4RelayTimeout: 60 ipv6RelayTimeout: 60 servers: [ {"interface": {"id": " {{ subinterface_running_dhcpserver.id }} ", "type": "subinterface"}, "server": {"id": " {{ networkobject_ipv4_dhcpsrv01.id }} ", "type": "networkobject"}, "type": "dhcprelayserver"}, {"interface": {"id": " {{ subinterface_running_dhcpserver.id }} ", "type": "subinterface"}, "server": {"id": " {{ networkobject_ipv4_dhcpsrv02.id }} ", "type": "networkobject"}, "type": "dhcprelayserver"} ] agents: [ {"enableIpv4Relay": true, "enableIpv6Relay": false, "interface": {"id": " {{ subinterface_for_dhcp_client_x.id }} ", "type": "subinterface"}, "setRoute": false, "type": "dhcprelayagent"}, {"enableIpv4Relay": true, "enableIpv6Relay": false, "interface": {"id": " {{ subinterface_for_dhcp_client_x.id }} ", "type": "subinterface"}, "setRoute": false, "type": "dhcprelayagent"} ] type: dhcprelayservice

MHM Cisco World

Почему вы используете API? Эта опция доступна в FMC и, по-моему, в FDM (я проверю версию. Поддерживает). MHM

kscholz

У нас есть только FTD версии «7.0.1-84», нет FMC и доступа к обновлениям.
Мы используем ansible для всех задач на брандмауэре (FTD).

Marcel Zehnder

Привет Я никогда не работал с модулями FTD, но в качестве обходного пути вы можете переключиться на модуль uri и публиковать контент в сыром формате/JSON (как в API explorer):
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/uri_module.html

kscholz

Здравствуйте,
спасибо, я попробую.

Networks Engineering

FTD - DHCPRelayService