I'm new to Ansible. I'm trying to write a playbook to configure UFW. My task reads as such:
- name: Allow SSH in UFW
ufw:
rule: allow
port: 22
proto: tcp
from_ip:
- "{{ item }}"
with_items:
- 192.168.0.0/24
- 10.200.3.0/24
- 10.200.2.0/24
The result that I get back when running the playbook is:
failed: [192.168.255.20] (item=192.168.0.0/24) => {"changed": false, "item": "192.168.0.0/24", "msg": "ERROR: Bad source address\n"}
failed: [192.168.255.20] (item=10.200.3.0/24) => {"changed": false, "item": "10.200.3.0/24", "msg": "ERROR: Bad source address\n"}
failed: [192.168.255.20] (item=10.200.2.0/24) => {"changed": false, "item": "10.200.2.0/24", "msg": "ERROR: Bad source address\n"}
I can't find anything in the Ansible UFW documentation, or in UFW itself, that would stop this from working. If I remove the 'with_items' loop and enter each IP subnet separately they all work, but that could make for some really long playbooks down the road. Can anyone tell me what I've done wrong?
The documentation I was working from is here: https://docs.ansible.com/ansible/latest/modules/ufw_module.html?highlight=ufw
Edit: Including text from running in verbose mode:
failed: [192.168.255.20] (item=10.200.2.0/24) => {
"changed": false,
"invocation": {
"module_args": {
"app": null,
"comment": null,
"default": null,
"delete": false,
"direction": null,
"from_ip": "['10.200.2.0/24']",
"from_port": null,
"insert": null,
"interface": null,
"log": false,
"logging": null,
"port": 22,
"proto": "tcp",
"route": false,
"rule": "allow",
"state": null,
"to_ip": "any",
"to_port": "22"
}
},
"item": "10.200.2.0/24",
"msg": "ERROR: Bad source address\n"
The issue is you are passing a list/array to from_ip, when it is expecting a string. Try this instead:
- name: Allow SSH in UFW
ufw:
rule: allow
port: 22
proto: tcp
from_ip: "{{ item }}"
with_items:
- 192.168.0.0/24
- 10.200.3.0/24
- 10.200.2.0/24