2

You will see, I have a little problem with the execution of an Ansible task, since I am giving it the same command that I work with in the Mikrotik shell, but the result is a little different and I just don't understand why.

You will see, I am trying to write a few concrete subnets to make permissive passage with SSH from those subnets, a "Available From" of all life, to allow connection only from the subnets that I indicate.

The execution of the command from the Mikrotik shell is as follows:

/ip service set ssh address=10.0.0.0/8,172.16.0.0/12,19
2.168.0.0/16

And the result is the following:

enter image description here

- hosts: Mikrotik-Routers_TestSenseLlum
  remote_user: admin
  gather_facts: no
  connection: network_cli
  tasks:

    - name: Allow ssh only inside the private networks
      routeros_command:
        commands: /ip service set ssh address=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

The result is wrong, only enter the first subnet, 10, but the others, do not enter them.

enter image description here

I don't know exactly what the problem is, has something similar happened to someone?

Fabio Orefice Amez
  • 35
  • 5
  • Did you try to quote your entire command ? – Zeitounator Jun 13 '20 at 22:02
  • If what you mean is if I have launched the command through the Mikrotik shell instead of launching it with the Ansible routine, yes, I have poved it, it is just the problem I am raising, the same command in the MIkrotik shell It has a concrete effect on the configuration, and the command that I launch with the ansible task, which is exactly the same, gives me a different result, just add a subnet, not 3 or 4, which is what I'm trying to do. – Fabio Orefice Amez Jun 15 '20 at 13:43
  • 1
    No, what I mean is: did you try the following from ansible => `commands: "/ip service set ssh address=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"` or even `commands: /ip service set ssh address="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"` and even eventually `commands: '/ip service set ssh address="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"'`. I suspect your comma seperated ips are interpreted as an old style list asignation to an `address` option in the task... – Zeitounator Jun 15 '20 at 13:44
  • Aaah, now I understand, well no, the truth is that it did not occur to me to format the line in another way, basically because, from what I know, the execution of the command is basically the same, both from the Mikrotik shell and from Ansible Script, but I'll try it, it may work, thanks a lot for the idea !! – Fabio Orefice Amez Jun 16 '20 at 11:32

0 Answers0