cisco_burstyhi_acl_update.yml

---
- name: STANDARDIZING QOS ACL TO CLASSIFY BURSTY-HI TRAFFIC ON CISCO ROUTERS
  hosts: {{ tower_inventory }}
  connection: network_cli
  gather_facts: no

  tasks:
    - name: ENSURE THAT THERE IS A BACKUP OF CURRENT RUNNING-CONFIG BEFORE MAKING CHANGES
      ios_config:
        backup: true

    - name: VERIFY IF THE ACL EXISTS ON THE ROUTER
      ios_command:
        commands:
          - show ip access-lists | include BURSTY-HI
      register: check_acl
    
    - name: ENSURE THAT THE ACL IS CONFIGURED CORRECTLY AS PER STANDARD ONLY ON ROUTERS WHICH HAVE THIS ACL
      ios_config:
        parents: ip access-list extended BURSTY-HI
        lines:
          - remark maintenance protocols
          - permit tcp any any eq bgp
          - permit tcp any eq bgp any
          - permit eigrp any any
          - permit ip any host 10.188.172.11
          - permit ip any 10.188.60.76 0.0.0.1
          - permit ip any host 10.188.60.78
          - permit ip any 10.188.60.86 0.0.0.1
          - permit ip any 10.188.60.88 0.0.0.1
          
        match: exact
        replace: block
        before: no ip access-list extended BURSTY-HI
      when: "'BURSTY-HI' in check_acl.stdout[0]"

    - name: MAKE CERTAIN THAT THE RUNNING-CONFIG IS SAVED WHEN IT IS MODIFIED
      ios_config:
        save_when: modified
...