You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The initial run completes successfully, and the ACLs are deployed. Unfortunately, if I rerun the playbook, the access lists get broken.
As you can see on the below output, the "before" and "after" do not match, and a change is made. The entry in "SSH-ACCESS" gets deleted. This is not the expected behavior since no changes are desired and Ansible should identify that.
My assumption is that during the check for differences before/after the names of the two ACLs are not compared but only their entries (in my case the two ACLs have seq 10). If I change the sequence number in the second access list from 10 to 20 the issue is not observed. Another evidence for this theory is that if I create another playbook and include an access list with different name but same entries, Ansible reports that no changes need to be done, and the new ACL is not configured.
On the second run (and every next one), no changes have to me made on the end device.
ACTUAL RESULTS
On the second run, Ansible does not properly identify the differences before/after (there aren't any) and make changes on the first ACL in the playbook:
"commands": [
"ip access-list SSH-ACCESS",
"no 10"
]
The text was updated successfully, but these errors were encountered:
SUMMARY
I'm trying to deploy simple access-lists to an Arista switch:
For which I'm using the following playbook:
The initial run completes successfully, and the ACLs are deployed. Unfortunately, if I rerun the playbook, the access lists get broken.
As you can see on the below output, the "before" and "after" do not match, and a change is made. The entry in "SSH-ACCESS" gets deleted. This is not the expected behavior since no changes are desired and Ansible should identify that.
If I rerun it one more time the issue get fixed but in a weird way - check the applied by Ansible commands - there is one unnecessary "no 10":
Another run repeats the same behavior.
My assumption is that during the check for differences before/after the names of the two ACLs are not compared but only their entries (in my case the two ACLs have seq 10). If I change the sequence number in the second access list from 10 to 20 the issue is not observed. Another evidence for this theory is that if I create another playbook and include an access list with different name but same entries, Ansible reports that no changes need to be done, and the new ACL is not configured.
ISSUE TYPE
COMPONENT NAME
arista.eos.eos_acls
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
Run the following play book 2-3 times:
EXPECTED RESULTS
On the second run (and every next one), no changes have to me made on the end device.
ACTUAL RESULTS
On the second run, Ansible does not properly identify the differences before/after (there aren't any) and make changes on the first ACL in the playbook:
The text was updated successfully, but these errors were encountered: