evianzhow · January 6, 2025 03:24
diff --git a/ansible-update-snat-source-address.yml b/ansible-update-snat-source-address.yml
 ---
 - name: Check and update NAT rule source address
  hosts: all
  gather_facts: false
  vars:
    nat_rule_id: "1"  # NAT rule to check
    cidr_suffix: "/24"  # CIDR suffix

  tasks:
    - name: Get the current external IP of the EdgeRouter
      delegate_to: localhost
      ansible.builtin.shell: curl -s https://api.ipify.org
      register: current_ip
      changed_when: false

    - name: Query NAT rule source address
      community.network.edgeos_command:
        commands:
          - "configure"
          - "show service nat rule {{ nat_rule_id }} source address"
      register: nat_rule_output

    - name: Extract IP from NAT rule output
      ansible.builtin.set_fact:
        nat_rule_ip: "{{ nat_rule_output.stdout | regex_search('address\\s(\\S+?)\\/24', '\\1') }}"

    - name: Compare and update NAT rule source address if needed
      community.network.edgeos_command:
        commands:
          - "configure"
          - "set service nat rule {{ nat_rule_id }} source address {{ current_ip.stdout }}{{ cidr_suffix }}"
          - "commit"
          - "save"
      when: nat_rule_ip != current_ip.stdout

    - name: Display NAT update status
      ansible.builtin.debug:
        msg: >
          NAT rule source address updated to {{ current_ip.stdout }}{{ cidr_suffix }}
          if it was previously {{ nat_rule_ip }}. No update needed if they matched.
	---
	- name: Check and update NAT rule source address
	hosts: all
	gather_facts: false
	vars:
	nat_rule_id: "1" # NAT rule to check
	cidr_suffix: "/24" # CIDR suffix

	tasks:
	- name: Get the current external IP of the EdgeRouter
	delegate_to: localhost
	ansible.builtin.shell: curl -s https://api.ipify.org
	register: current_ip
	changed_when: false

	- name: Query NAT rule source address
	community.network.edgeos_command:
	commands:
	- "configure"
	- "show service nat rule {{ nat_rule_id }} source address"
	register: nat_rule_output

	- name: Extract IP from NAT rule output
	ansible.builtin.set_fact:
	nat_rule_ip: "{{ nat_rule_output.stdout \| regex_search('address\\s(\\S+?)\\/24', '\\1') }}"

	- name: Compare and update NAT rule source address if needed
	community.network.edgeos_command:
	commands:
	- "configure"
	- "set service nat rule {{ nat_rule_id }} source address {{ current_ip.stdout }}{{ cidr_suffix }}"
	- "commit"
	- "save"
	when: nat_rule_ip != current_ip.stdout

	- name: Display NAT update status
	ansible.builtin.debug:
	msg: >
	NAT rule source address updated to {{ current_ip.stdout }}{{ cidr_suffix }}
	if it was previously {{ nat_rule_ip }}. No update needed if they matched.