Error Encountered During third party site to site VPN Peer Creation using version 2.18.0

[sallam-2021]

Hello all,
I encountered an error while executing a task to create VPN peers with IPsec policy and query the VPN using Ansible. Below is the error message:

TASK [site-to-site_vpn : Create VPN peerwith IPsec policy]
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
failed: [localhost] (item={'name': 'VPVUsingAsbile', 'privateSubnets': ['192.168.10.0/24'], 'secret': 'khjiugtiugigoiyoiytCSd', 'localId': '96.19.24.4', 'remoteId': '85.158.4.74', 'ikeVersion': '2', 'ipsecPolicies': {'ikeCipherAlgo': ['aes128'], 'ikeAuthAl... 86400, 'childCipherAlgo': ['aes128'], 'childAuthAlgo': ['sha256'], 'childPfsGroup': ['group14'], 'childLifetime': 3600}, 'networkTags': ['ccc_test_lab'], 'publicIp': '85.158.4.74'}) => {"ansible_loop_var": "item", ...  "msg": "Object does not exists, plugin only has update"}

Task:

- name: Create VPN peer  with IPsec policy  
  cisco.meraki.organizations_appliance_vpn_third_party_vpnpeers:
    meraki_api_key: "{{ auth_key }}"
    state: present
    organizationId: "{{ org_id }}"
    peers:
      - name: "{{ item.name }}"
        publicIp: "{{ item.publicIp }}" 
        localId:
        secret: "{{ item.secret }}"
        privateSubnets:
          - "{{ item.privateSubnets }}"
        ike_version: "2"
        networkTags:
          - "{{ item.networkTags }}"
        remoteId: "{{ item.remoteId }}"
        ipsecPoliciesPreset: default
        ipsec_policies:
          childLifetime: "{{ item.ipsecPolicies.childLifetime }}"
          ikeLifetime: "{{ item.ipsecPolicies.ikeLifetime }}"
          childAuthAlgo: "{{ item.ipsecPolicies.childAuthAlgo }}"
          childCipherAlgo: "{{ item.ipsecPolicies.childCipherAlgo }}"
          childPfsGroup: "{{ item.ipsecPolicies.childPfsGroup }}"
          ikeAuthAlgo: "{{ item.ipsecPolicies.ikeAuthAlgo }}"
          ikeCipherAlgo: "{{ item.ipsecPolicies.ikeCipherAlgo }}"
          ikeDiffieHellmanGroup: "{{ item.ipsecPolicies.ikeDiffieHellmanGroup }}"
          ikePrfAlgo: "{{ item.ipsecPolicies.ikePrfAlgo }}"
  loop: "{{ data.peers }}"
  loop_control:
    loop_var: item

Versions Used:

• Ansible: 2.16.5
• Python: 3.10.12
• Meraki Collection: 2.18.0
• Python meraki SDK version: 1.45

I'm relatively new to Ansible and couldn't identify the issue. Any help or guidance would be highly appreciated. Thank you in advance.

[fmunozmiranda]

Hi @sallam-2021 please try it with 2.18.1 version of dashboard-api-ansible.

[sallam-2021]

Hi @fmunozmiranda Thank you, but I still got this error:
TASK [Create VPN peer to the Clinomic Cloud with IPsec policy] *****************************************************************************************************
task path: /home/ansible/Ansible/playbooks/next_playbook.yml:13
The full traceback is:
NoneType: None
fatal: [localhost]: FAILED! => {
"changed": false,
"msg": "Object does not exists, plugin only has update"
}

MX68CW Appliance and firmware version: MX 18.208 used.

[sallam-2021]

Also got this error while using the org login module:
TASK [Config the Organization Login Security Settings] *************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Object does not exists, plugin only has update"}
And this is the task:

• name: Config the Organization Login Security Settings
  cisco.meraki.organizations_login_security:
  meraki_api_key: "{{ auth_key }}"
  organizationId: "{{ org_id }}"
  state: present
  accountLockoutAttempts: "{{ accountLockoutAttempts }}"
  apiAuthentication:
  ipRestrictionsForKeys:
  enabled: "{{ ipRestrictionsForKeys_enabled }}"
  ranges: []
  enforceAccountLockout: "{{ enforceAccountLockout }}"
  enforceDifferentPasswords: "{{ enforceDifferentPasswords }}"
  enforceIdleTimeout: "{{ enforceIdleTimeout }}"
  enforceLoginIpRanges: "{{ enforceLoginIpRanges }}"
  enforcePasswordExpiration: "{{ enforcePasswordExpiration }}"
  enforceStrongPasswords: "{{ enforceStrongPasswords }}"
  enforceTwoFactorAuth: "{{ enforceTwoFactorAuth }}"
  idleTimeoutMinutes: "{{ idleTimeoutMinutes }}"
  loginIpRanges: "{{ loginIpRanges }}"
  numDifferentPasswords: "{{ numDifferentPasswords }}"
  passwordExpirationDays: "{{ passwordExpirationDays }}"

FYI: it worked using version 2.17.2

[fmunozmiranda]

Hi @sallam-2021 could you please enable logs and pass me them?
meraki_suppress_logging: false

Thank you.

[sallam-2021]

Hi @fmunozmiranda,

2024-05-06 10:02:31,854 p=22360 u=ansible n=ansible | ansible-playbook [core 2.16.5]
  config file = /home/ansible/Ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True
2024-05-06 10:02:32,023 p=22360 u=ansible n=ansible | PLAY [localhost] ***************************************************************************************************************************************************
2024-05-06 10:02:32,028 p=22360 u=ansible n=ansible | Read vars_file '{{ inventory_dir }}/group_vars/all.yml'
2024-05-06 10:02:32,030 p=22360 u=ansible n=ansible | Read vars_file '{{ inventory_dir }}/host_vars/{{ network_name }}.yml'
2024-05-06 10:02:32,032 p=22360 u=ansible n=ansible | Read vars_file '{{ inventory_dir }}/group_vars/all.yml'
2024-05-06 10:02:32,033 p=22360 u=ansible n=ansible | Read vars_file '{{ inventory_dir }}/host_vars/{{ network_name }}.yml'
2024-05-06 10:02:32,035 p=22360 u=ansible n=ansible | Read vars_file '{{ inventory_dir }}/group_vars/all.yml'
2024-05-06 10:02:32,037 p=22360 u=ansible n=ansible | Read vars_file '{{ inventory_dir }}/host_vars/{{ network_name }}.yml'
2024-05-06 10:02:32,061 p=22363 u=ansible n=meraki | Meraki dashboard API session initialized with these parameters: {'version': '1.45.0', 'api_key': '************************************2gr9', 'base_url': 'https://api.meraki.com/api/v1', 'single_request_timeout': 60, 'certificate_path': '', 'requests_proxy': '', 'wait_on_rate_limit': True, 'nginx_429_retry_wait_time': 60, 'action_batch_retry_wait_time': 60, 'network_delete_retry_wait_time': 240, 'retry_4xx_error': False, 'retry_4xx_error_wait_time': 60, 'maximum_retries': 2, 'simulate': False, 'be_geo_id': None, 'caller': 'MerakiAnsibleCollection/1.0.0 Cisco', 'use_iterator_for_get_pages': False}
2024-05-06 10:02:32,064 p=22360 u=ansible n=ansible | TASK [Config the Organization Login Security Settings] *************************************************************************************************************
2024-05-06 10:02:32,064 p=22360 u=ansible n=ansible | The full traceback is:
NoneType: None

2024-05-06 10:02:32,064 p=22360 u=ansible n=ansible | fatal: [localhost]: FAILED! => {
    "changed": false,
    "msg": "Object does not exists, plugin only has update"
}
2024-05-06 10:02:32,065 p=22360 u=ansible n=ansible | PLAY RECAP *********************************************************************************************************************************************************
2024-05-06 10:02:32,065 p=22360 u=ansible n=ansible | localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

2024-05-06 10:23:45,074 p=22447 u=ansible n=ansible | # /home/ansible/.ansible/collections/ansible_collections
Collection                               Version
---------------------------------------- -------

2024-05-06 10:23:45,074 p=22447 u=ansible n=ansible | cisco.meraki                             2.18.1 
2024-05-06 10:23:45,074 p=22447 u=ansible n=ansible | # /usr/lib/python3/dist-packages/ansible_collections
Collection                               Version
---------------------------------------- -------

2024-05-06 10:23:45,074 p=22447 u=ansible n=ansible | amazon.aws                               7.5.0  
2024-05-06 10:23:45,074 p=22447 u=ansible n=ansible | ansible.netcommon                        5.3.0  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | ansible.posix                            1.5.4  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | ansible.utils                            2.12.0 
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | ansible.windows                          2.3.0  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | arista.eos                               6.2.2  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | awx.awx                                  23.9.0 
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | azure.azcollection                       1.19.0 
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | check_point.mgmt                         5.2.3  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | chocolatey.chocolatey                    1.5.1  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.aci                                2.9.0  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.asa                                4.0.3  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.dnac                               6.13.3 
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.intersight                         2.0.8  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.ios                                5.3.0  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.iosxr                              6.1.1  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.ise                                2.8.1  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.meraki                             2.18.1 
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.mso                                2.6.0  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.nxos                               5.3.0  
2024-05-06 10:23:45,075 p=22447 u=ansible n=ansible | cisco.ucs                                1.10.0 
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | cloud.common                             2.1.4  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | cloudscale_ch.cloud                      2.3.1  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.aws                            7.2.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.azure                          2.0.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.ciscosmb                       1.0.7  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.crypto                         2.19.0 
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.digitalocean                   1.26.0 
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.dns                            2.9.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.docker                         3.9.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.general                        8.6.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.grafana                        1.8.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.hashi_vault                    6.2.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.hrobot                         1.9.2  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.library_inventory_filtering_v1 1.0.1  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.libvirt                        1.3.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.mongodb                        1.7.3  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.mysql                          3.9.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.network                        5.0.2  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.okd                            2.3.0  
2024-05-06 10:23:45,076 p=22447 u=ansible n=ansible | community.postgresql                     3.4.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.proxysql                       1.5.1  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.rabbitmq                       1.3.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.routeros                       2.15.0 
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.sap                            2.0.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.sap_libs                       1.4.2  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.sops                           1.6.7  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.vmware                         4.3.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.windows                        2.2.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | community.zabbix                         2.3.1  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | containers.podman                        1.13.0 
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | cyberark.conjur                          1.2.2  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | cyberark.pas                             1.0.25 
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | dellemc.enterprise_sonic                 2.4.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | dellemc.openmanage                       8.7.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | dellemc.powerflex                        2.3.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | dellemc.unity                            1.7.1  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | f5networks.f5_modules                    1.28.0 
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | fortinet.fortimanager                    2.4.0  
2024-05-06 10:23:45,077 p=22447 u=ansible n=ansible | fortinet.fortios                         2.3.6  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | frr.frr                                  2.0.2  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | gluster.gluster                          1.0.2  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | google.cloud                             1.3.0  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | grafana.grafana                          2.2.5  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | hetzner.hcloud                           2.5.0  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | hpe.nimble                               1.1.4  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | ibm.qradar                               2.1.0  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | ibm.spectrum_virtualize                  2.0.0  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | ibm.storage_virtualize                   2.3.1  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | infinidat.infinibox                      1.4.5  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | infoblox.nios_modules                    1.6.1  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | inspur.ispim                             2.2.0  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | inspur.sm                                2.3.0  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | junipernetworks.junos                    5.3.1  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | kubernetes.core                          2.4.2  
2024-05-06 10:23:45,078 p=22447 u=ansible n=ansible | lowlydba.sqlserver                       2.3.2  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | microsoft.ad                             1.5.0  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp.aws                               21.7.1 
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp.azure                             21.10.1
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp.cloudmanager                      21.22.1
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp.elementsw                         21.7.0 
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp.ontap                             22.11.0
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp.storagegrid                       21.12.0
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp.um_info                           21.8.1 
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netapp_eseries.santricity                1.4.0  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | netbox.netbox                            3.17.0 
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | ngine_io.cloudstack                      2.3.0  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | ngine_io.exoscale                        1.1.0  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | openstack.cloud                          2.2.0  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | openvswitch.openvswitch                  2.1.1  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | ovirt.ovirt                              3.2.0  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | purestorage.flasharray                   1.27.0 
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | purestorage.flashblade                   1.17.0 
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | purestorage.fusion                       1.6.1  
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | sensu.sensu_go                           1.14.0 
2024-05-06 10:23:45,079 p=22447 u=ansible n=ansible | splunk.es                                2.1.2  
2024-05-06 10:23:45,080 p=22447 u=ansible n=ansible | t_systems_mms.icinga_director            2.0.1  
2024-05-06 10:23:45,080 p=22447 u=ansible n=ansible | telekom_mms.icinga_director              1.35.0 
2024-05-06 10:23:45,080 p=22447 u=ansible n=ansible | theforeman.foreman                       3.15.0 
2024-05-06 10:23:45,080 p=22447 u=ansible n=ansible | vmware.vmware_rest                       2.3.1  
2024-05-06 10:23:45,080 p=22447 u=ansible n=ansible | vultr.cloud                              1.12.1 
2024-05-06 10:23:45,080 p=22447 u=ansible n=ansible | vyos.vyos                                4.1.0  
2024-05-06 10:23:45,080 p=22447 u=ansible n=ansible | wti.remote                               1.0.5  

Please if you need for info, let me know, thank you!

[archersalim]

Hi there!

Any update on this? The old module has been deprecated, promising that the new module will have extra functionality , bit it looks like only update is available , no create and no delete :(

[obrigg]

Hi @archersalim,
The way the OrganizationApplianceVpnThirdPartyVPNPeers API operation works is that you have an object called "peers".
If you have no 3rd party VPNs, the object will be an empty list.
If you have 3rd party VPNs, it will be a list of peers.
The "peers" object cannot be deleted or created. Our Ansible collection inherits the behavior from our APIs.

Does this help clarify how to use it?