How can I get Ansible to execute multiple commands using with_items?

Question

I want to configure UFW to allow connections to port 80 from a list of IP addresses, using Ansible:

tasks:
    - name: Allow port 80 HTTP
      action: shell ufw allow from {{item}} to any 80/tcp
      with_items: allowed_ips

The list of IP addresses is stored as a hash in a YAML file, in my playbook's vars/ directory:

---
allowed_ips:
  xxx.xxx.xxx.xxx
  xxx.xxx.xxx.xxx

I'm using with_items to pull the IP addresses into the command but when Ansible runs the playbook it concatenates the IP addresses, inserting a space between each IP:

ufw allow from xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx to any 80/tcp

ufw doesn't accept this syntax, so I'd like to run ufw once for each IP address. How can I do that?

Answer 1

Ansible behaves correctly as currently allowed_ips is not a list but a single variable. Make the variable a YAML list:

---
allowed_ips:
  - xxx.xxx.xxx.xxx
  - xxx.xxx.xxx.xxx

Now the action is executed as many times as there is items in the allowed_ips list.

Answer 2

Ansible 1.6 has a module to manage ufw. http://docs.ansible.com/ufw_module.html It supports lists you are trying to achieve.

ufw: rule=allow src={{ item }} port=80 proto=tcp
with_items:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16

Alternatively, you can try https://galaxy.ansible.com which has a couple of ready to use roles for ufw, some of those also support lists of IPs.