Kevin Breit

Ansible 2.8 Meraki Modules and Beyond

May 25, 2019 in ANSIBLEMERAKI
ansible meraki release notes
4 min read

Ansible 2.8 was released and it sets the table for some big changes in future releases. Specific to the Meraki modules, there are quite a few changes worth understanding.

New Modules

Three new modules were added: meraki_content_filtering, meraki_static_routes, and meraki_syslog.

meraki_content_filtering allows for full configuration of the content filtering settings for MX appliances. I intended on releasing a facts module for it but that wasn’t merged in time for 2.8. Content filtering settings can be edited but not queried. Querying functionality will be included in 2.9.

meraki_static_route allows for full configuration and querying of static routes. Each route receives a unique ID and some actions require the ID so be sure to store it when creating or querying routes.

meraki_syslog, as it’s name indicates, is a module for setting syslog configurations within Meraki.

New Features

Notes about a device can now be set via meraki_device.

Bugfixes

During development of 2.8 modules I discovered some bugs related to unnecessary querying of networks when net_id is specified. Most of the bugs were fixed. In 2.8 and backported to 2.7. meraki_device has this performance problem but fixing the bug is more intensive in meraki_device than in other modules.

Plans for 2.9

2.9 is going to be a very large release for the Meraki modules. I am not committing to accomplishing all these goals but they’re all feasible with good progress.

  • Always return data - Before 2.9, no data is returned if no changes are made and no request is performed. In other words, the modules aren’t idempotent in 2.8. The pull request to fix this has been merged so it will be in 2.9.
  • Improve update requirement check - 2.9 will feature a new algorithm to see if any updates are needed. At worst this change shouldn’t be seen by end users and at best, offer some improved accuracy.
  • Check mode - Check mode will allow a user to see what changes would be made if the request went through but not make any changes. This is good for testing a task in a playbook or could even be used for compliance checks.
  • Diff support - When a change is made, a module will show not only the final result, but the before and after values of any changed configuration. Diff information will show in check mode and production.
  • Rewritten meraki_network module - As part of a bug I found, I came to the realization the logic of meraki_network is broke. To fix the bug, a significant amount of work is needed on meraki_network` so it will likely be rewritten for 2.9. This may be backported to the 2.8 releases.
  • Convert from camelCase to snake_case - Meraki returns their data structures as camelCase while Ansible uses snake_case for keys. Unfortunately, this means there has been a lack of consistency within the modules. 2.9 will convert any returned data to snake_case. This change will break existing playbooks which refer to the data structures. However, a mechanism will be available to allow data to be returned as camelCase for the next four releases. At that time, snake_case will be the only option.
  • Rate Limit Handling - Meraki returns a 429 error code when more than 5 API calls have been requested within a second. Ansible 2.9 will hopefully handle the rate limit error condition in an intelligent manner by backing off on the request and gradually increasing the back off until it eventually fails.
  • Enable VLAN support - meraki_network can now enable and disable VLANs on a network. Prior to this change, VLANs had to be enabled via the web interface.
  • Rewritten meraki_device - meraki_device has some confusing aspects to its code so I am going to rewrite it for more reliability. This may be backported to the 2.8 releases.
  • New modules - 2.9 should ship with quite a few new modules. My plan is to add these modules:
    • meraki_mx_uplink - Configure uplink bandwidth limits on MX appliances
    • meraki_mx_l7_firewall - Configure layer 7 firewall rules
    • meraki_intrusion_prevention - Configure IPS rules
    • meraki_malware - Configure settings for Advanced Malware Protection (AMP) on MX appliances
    • meraki_nat - Configure NAT
    • meraki_traffic_shaping - Configure traffic shaping preferences for different types of traffic
    • meraki_firewalled_services - Configure which services (ex. ICMP ping) a device responds to
    • meraki_group_policy - Create and configure group policies
    • meraki_webhooks - Configure which webhooks Meraki can call
    • meraki_nac - View network access control settings on a device/port
    • meraki_alert - Configure alert settings on a network
    • meraki_mr_radio - View and configure RF settings on an access point
    • meraki_client - Set preferences on clients connected to a network via Meraki network devices

Summary

Ansible 2.8 has some nice improvements for the Meraki modules. As you can tell though, 2.9 is going to bring further huge improvements.

iPad Air 2 Keyboard Reviews My Kubernetes Journey