100%
cisco.meraki_rm module meraki_appliance_vpn

meraki_appliance_vpn

module
Manage Meraki appliance site-to-site VPN
Added in version 0.1.0
Synopsis Parameters Sample Task Examples Return Values

Synopsis

  • Manage Meraki appliance site-to-site VPN for a network.
  • Singleton per network (update only, no create/delete).
  • Supports merged, replaced, and gathered states.

Author

Cisco Meraki

Parameters

config (list/dict)

VPN configuration (singleton).

as_number (int)

BGP autonomous system number.

enabled (bool)

Whether VPN is enabled.

hubs (list/dict)

List of VPN hubs, in order of preference.

ibgp_hold_timer (int)

iBGP hold time in seconds.

mode (str)
nonespokehub

Site-to-site VPN mode.

neighbors (list/dict)

List of eBGP neighbor configurations.

subnet (dict)

Configuration of subnet features.

subnets (list/dict)

List of subnets and their VPN presence.

network_id (str) required

The network ID.

state (str)
mergedreplacedgathered

The state of the resource.

Sample Task

A template task showing all available parameters with their defaults or example values. 

- name: Meraki Appliance Vpn task
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "192.168.1.0/24"
    config:
      - as_number: 0
        enabled: true
        hubs:
          - {}
        ibgp_hold_timer: 0
        mode: none
        neighbors:
          - {}
        subnet: {}
        subnets:
          - {}
    state: merged
- name: Meraki Appliance Vpn task
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "192.168.1.0/24"
    config:  # optional
      - as_number: 0  # optional
        enabled: true  # optional
        hubs:  # optional
          - {}
        ibgp_hold_timer: 0  # optional
        mode: none  # optional
        neighbors:  # optional
          - {}
        subnet: {}  # optional
        subnets:  # optional
          - {}
    state: merged  # optional
- name: Meraki Appliance Vpn task
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "192.168.1.0/24"  # (str, required) The network ID.
    config:  # (list, optional) VPN configuration (singleton).
      - as_number: 0  # (int, optional) BGP autonomous system number.
        enabled: true  # (bool, optional) Whether VPN is enabled.
        hubs:  # (list, optional) List of VPN hubs, in order of preference.
          - {}
        ibgp_hold_timer: 0  # (int, optional) iBGP hold time in seconds.
        mode: none  # (str, optional) Site-to-site VPN mode.
        neighbors:  # (list, optional) List of eBGP neighbor configurations.
          - {}
        subnet: {}  # (dict, optional) Configuration of subnet features.
        subnets:  # (list, optional) List of subnets and their VPN presence.
          - {}
    state: merged  # (str, optional) The state of the resource.

Examples

Define Expected Configuration 
- name: Define expected configuration
  ansible.builtin.set_fact:
    expected_config:
      mode: none
      subnet: 192.168.128.0/24
      enabled: true
      as_number: 1
      ibgp_hold_timer: 1
Create Appliance_vpn With Merged State 
- name: Create appliance_vpn with merged state
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "N_123456789012345678"
    state: merged
    config:
      - "{{ expected_config }}"
  register: merge_result
Assert Resource Was Created 
- name: Assert resource was created
  ansible.builtin.assert:
    that:
      - merge_result is changed
      - merge_result.config | length == 1
Compare Expected Paths To Result (subset Check) 
- name: Compare expected paths to result (subset check)
  ansible.builtin.set_fact:
    path_check: "{{ expected_paths | cisco.meraki_rm.path_contained_in(result_paths) }}"
  vars:
    expected_paths: "{{ expected_config | ansible.utils.to_paths }}"
    result_paths: "{{ merge_result.config[0] | ansible.utils.to_paths }}"
Assert All Expected Fields Are Present And Match 
- name: Assert all expected fields are present and match
  ansible.builtin.assert:
    that: path_check.contained | bool
    success_msg: "{{ success_msg }}"
    fail_msg: "{{ fail_msg }}"
  vars:
    success_msg: "All expected fields match. Extras: {{ path_check.extras }}"
    fail_msg: "Missing or mismatch: {{ path_check.missing }}. Extras: {{ path_check.extras }}"
Task Output:
# Manage Meraki appliance site-to-site VPN — full resource replacement
Define Replacement Configuration 
- name: Define replacement configuration
  ansible.builtin.set_fact:
    expected_config:
      mode: spoke
      subnet: 10.20.0.0/24
      enabled: false
      as_number: 1
      ibgp_hold_timer: 1
Replace Appliance_vpn Configuration 
- name: Replace appliance_vpn configuration
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "N_123456789012345678"
    state: replaced
    config:
      - "{{ expected_config }}"
  register: replace_result
Assert Resource Was Replaced 
- name: Assert resource was replaced
  ansible.builtin.assert:
    that:
      - replace_result is changed
      - replace_result.config | length == 1
Compare Expected Paths To Result (subset Check) 
- name: Compare expected paths to result (subset check)
  ansible.builtin.set_fact:
    path_check: "{{ expected_paths | cisco.meraki_rm.path_contained_in(result_paths) }}"
  vars:
    expected_paths: "{{ expected_config | ansible.utils.to_paths }}"
    result_paths: "{{ replace_result.config[0] | ansible.utils.to_paths }}"
Assert All Expected Fields Are Present And Match 
- name: Assert all expected fields are present and match
  ansible.builtin.assert:
    that: path_check.contained | bool
    success_msg: "{{ success_msg }}"
    fail_msg: "{{ fail_msg }}"
  vars:
    success_msg: "All expected fields match. Extras: {{ path_check.extras }}"
    fail_msg: "Missing or mismatch: {{ path_check.missing }}. Extras: {{ path_check.extras }}"
Task Output:
# Manage Meraki appliance site-to-site VPN — gather current configuration
Gather Current Appliance_vpn Configuration 
- name: Gather current appliance_vpn configuration
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "N_123456789012345678"
    state: gathered
  register: gathered
Assert Gathered Config Is Not Empty 
- name: Assert gathered config is not empty
  ansible.builtin.assert:
    that:
      - gathered.config is defined
      - gathered.config | length > 0
    fail_msg: "Gathered config is empty — expected at least one resource"
Display Gathered Configuration 
- name: Display gathered configuration
  ansible.builtin.debug:
    var: gathered.config
---
# Manage Meraki appliance site-to-site VPN — create or update

- name: Define expected configuration
  ansible.builtin.set_fact:
    expected_config:
      mode: none
      subnet: 192.168.128.0/24
      enabled: true
      as_number: 1
      ibgp_hold_timer: 1

- name: Create appliance_vpn with merged state
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "N_123456789012345678"
    state: merged
    config:
      - "{{ expected_config }}"
  register: merge_result

- name: Assert resource was created
  ansible.builtin.assert:
    that:
      - merge_result is changed
      - merge_result.config | length == 1

- name: Compare expected paths to result (subset check)
  ansible.builtin.set_fact:
    path_check: "{{ expected_paths | cisco.meraki_rm.path_contained_in(result_paths) }}"
  vars:
    expected_paths: "{{ expected_config | ansible.utils.to_paths }}"
    result_paths: "{{ merge_result.config[0] | ansible.utils.to_paths }}"

- name: Assert all expected fields are present and match
  ansible.builtin.assert:
    that: path_check.contained | bool
    success_msg: "{{ success_msg }}"
    fail_msg: "{{ fail_msg }}"
  vars:
    success_msg: "All expected fields match. Extras: {{ path_check.extras }}"
    fail_msg: "Missing or mismatch: {{ path_check.missing }}. Extras: {{ path_check.extras }}"

# Manage Meraki appliance site-to-site VPN — full resource replacement

- name: Define replacement configuration
  ansible.builtin.set_fact:
    expected_config:
      mode: spoke
      subnet: 10.20.0.0/24
      enabled: false
      as_number: 1
      ibgp_hold_timer: 1

- name: Replace appliance_vpn configuration
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "N_123456789012345678"
    state: replaced
    config:
      - "{{ expected_config }}"
  register: replace_result

- name: Assert resource was replaced
  ansible.builtin.assert:
    that:
      - replace_result is changed
      - replace_result.config | length == 1

- name: Compare expected paths to result (subset check)
  ansible.builtin.set_fact:
    path_check: "{{ expected_paths | cisco.meraki_rm.path_contained_in(result_paths) }}"
  vars:
    expected_paths: "{{ expected_config | ansible.utils.to_paths }}"
    result_paths: "{{ replace_result.config[0] | ansible.utils.to_paths }}"

- name: Assert all expected fields are present and match
  ansible.builtin.assert:
    that: path_check.contained | bool
    success_msg: "{{ success_msg }}"
    fail_msg: "{{ fail_msg }}"
  vars:
    success_msg: "All expected fields match. Extras: {{ path_check.extras }}"
    fail_msg: "Missing or mismatch: {{ path_check.missing }}. Extras: {{ path_check.extras }}"

# Manage Meraki appliance site-to-site VPN — gather current configuration

- name: Gather current appliance_vpn configuration
  cisco.meraki_rm.meraki_appliance_vpn:
    network_id: "N_123456789012345678"
    state: gathered
  register: gathered

- name: Assert gathered config is not empty
  ansible.builtin.assert:
    that:
      - gathered.config is defined
      - gathered.config | length > 0
    fail_msg: "Gathered config is empty — expected at least one resource"

- name: Display gathered configuration
  ansible.builtin.debug:
    var: gathered.config

Return Values

config
list — returned: always
The resulting resource configuration.