cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors. #1071

JuanBH255 · 2024-05-10T13:01:03Z

SUMMARY

cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors.
The correct way this command should be applied is:
snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user

But every time I run the playbook it tries to run the command like this instead:
snmp-server host 10.1.1.1 version 3 priv vrf Mgmt-intf test_user
^
% Invalid input detected at '^' marker.

ISSUE TYPE

Bug Report

COMPONENT NAME

cisco.ios.ios_snmp_server

ANSIBLE VERSION

ansible [core 2.16.6]

COLLECTION VERSION

cisco.ios  5.3.0

CONFIGURATION

CONFIG_FILE() = /projects/dmz_configuration_automation/ansible.cfg
DEFAULT_GATHERING(/projects/dmz_configuration_automation/ansible.cfg) = explicit
DEFAULT_HOST_LIST(/projects/dmz_configuration_automation/ansible.cfg) = ['/projects/dmz_configuration_automation/inv.yml']
DEFAULT_STDOUT_CALLBACK(/projects/dmz_configuration_automation/ansible.cfg) = debug
DISPLAY_SKIPPED_HOSTS(/projects/dmz_configuration_automation/ansible.cfg) = False
HOST_KEY_CHECKING(/projects/dmz_configuration_automation/ansible.cfg) = False
RETRY_FILES_ENABLED(/projects/dmz_configuration_automation/ansible.cfg) = False

OS / ENVIRONMENT

Cisco C8500-12X
Cisco IOS XE Software, Version 17.03.04a

STEPS TO REPRODUCE

    - name: SNMP
      cisco.ios.ios_snmp_server:
        config:
          groups:
            - group: test_group_name
              version: v3
              version_option: auth
              read: v3read
              acl_v4: snmpv3-acl
            - group: test_group_name_two
              version: v3
              version_option: auth
              read: v3read
              write: v3write
              acl_v4: snmpv3-acl
          hosts:
            - host: 10.1.1.1
              version: 3
              vrf: Mgmt-intf
              version_option: priv
              community_string: test_user
          users:
            - group: test_group_name
              username: test_user
              version: v3
              authentication:
                algorithm: sha
                password: test_password
              encryption:
                priv: aes
                priv_option: 128
                password: test_password
        state: merged
      tags: snmp

EXPECTED RESULTS

Either No change:
ok=1 changed=0

Or a change:
ok=0 changed=1

ACTUAL RESULTS

TASK [SNMP] ***************************************************************************************************************************************************************************************************************************************************************************************************************************task path: /projects/dmz_configuration_automation/test/test.yml:26
fatal: [npdzart03]: FAILED! => {
    "changed": false
}

MSG:

MODULE FAILURE
See stdout/stderr for the exact error


MODULE_STDERR:

snmp-server host 10.1.1.1 version 3 priv vrf Mgmt-intf test_user
snmp-server host 10.1.1.1 version 3 priv vrf Mgmt-intf test_user
                                              ^
% Invalid input detected at '^' marker.

npdzart03(config)#

PLAY RECAP ****************************************************************************************************************************************************************************************************************************************************************************************************************************npdzart03                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
![2024-05-10_08-57-52](https://github.com/ansible-collections/cisco.ios/assets/90996024/86a54255-0432-48b6-9505-e4f9ba838df0)

The text was updated successfully, but these errors were encountered:

roverflow · 2024-05-14T09:40:01Z

@JuanBH255 The above issue is fixed in PR #1073, let me know if this fixes it at your end.

JuanBH255 · 2024-05-15T13:25:31Z

@roverflow has fixed been publish for me to test yet?
According to the below, the latest collection version is 8.0.0 which was last updated a month ago.
https://galaxy.ansible.com/ui/repo/published/cisco/ios/

roverflow · 2024-05-15T13:27:31Z

@roverflow has fixed been publish for me to test yet?
According to the below, the latest collection version is 8.0.0 which was last updated a month ago.
https://galaxy.ansible.com/ui/repo/published/cisco/ios/

Hey, yes it has been push upstream, it is not released on galaxy yet but the repo is updated with the fix, you could take a pull from the repo and test it out

JuanBH255 · 2024-05-15T15:51:45Z

Okay I installed it via the repo like this:
ansible-galaxy collection install git+https://github.com/ansible-collections/cisco.ios.git

I no longer get the error but it is also not idempotent and looks like a change every time I run the playbook.
snmp-server user is also not idempotent.
"changed": true,
"commands": [
"snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user",
"snmp-server user test_user test_group_name v3 auth sha ******** priv aes 128 ********"
],

JuanBH255 · 2024-05-15T15:53:05Z

@roverflow Below is the full output:

TASK [SNMP] ************************************************************************************************************************************task path: /projects/dmz_configuration_automation/test/test.yml:37
changed: [npdzart03] => {
    "after": {
        "groups": [
            {
                "acl_v4": "snmpv3-acl",
                "group": "test_group_name",
                "read": "v3read",
                "version": "v3",
                "version_option": "auth"
            },
            {
                "group": "test_group_name",
                "version": "v3",
                "version_option": "priv"
            },
            {
                "acl_v4": "snmpv3-acl",
                "group": "test_group_name_two",
                "read": "v3read",
                "version": "v3",
                "version_option": "auth",
                "write": "v3write"
            },
            {
                "group": "test_user",
                "version": "v3",
                "version_option": "priv"
            }
        ],
        "hosts": [
            {
                "community_string": "version",
                "host": "10.1.1.1",
                "traps": [
                    "3",
                    "priv",
                    "test_user"
                ],
                "vrf": "Mgmt-intf"
            }
        ],
        "users": [
            {
                "authentication": {
                    "algorithm": "sha"
                },
                "encryption": {
                    "priv": "aes",
                    "priv_option": "128"
                },
                "group": "test_group_name",
                "username": "test_user",
                "version": "v3"
            }
        ]
    },
    "before": {
        "groups": [
            {
                "acl_v4": "snmpv3-acl",
                "group": "test_group_name",
                "read": "v3read",
                "version": "v3",
                "version_option": "auth"
            },
            {
                "group": "test_group_name",
                "version": "v3",
                "version_option": "priv"
            },
            {
                "acl_v4": "snmpv3-acl",
                "group": "test_group_name_two",
                "read": "v3read",
                "version": "v3",
                "version_option": "auth",
                "write": "v3write"
            },
            {
                "group": "test_user",
                "version": "v3",
                "version_option": "priv"
            }
        ],
        "hosts": [
            {
                "community_string": "version",
                "host": "10.1.1.1",
                "traps": [
                    "3",
                    "priv",
                    "test_user"
                ],
                "vrf": "Mgmt-intf"
            }
        ],
        "users": [
            {
                "authentication": {
                    "algorithm": "sha"
                },
                "encryption": {
                    "priv": "aes",
                    "priv_option": "128"
                },
                "group": "test_group_name",
                "username": "test_user",
                "version": "v3"
            }
        ]
    },
    "changed": true,
    "commands": [
        "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user",
        "snmp-server user test_user test_group_name v3 auth sha ******** priv aes 128 ********"
    ],
    "invocation": {
        "module_args": {
            "config": {
                "accounting": null,
                "cache": null,
                "chassis_id": null,
                "communities": null,
                "contact": null,
                "context": null,
                "drop": null,
                "engine_id": null,
                "file_transfer": null,
                "groups": [
                    {
                        "acl_v4": "snmpv3-acl",
                        "acl_v6": null,
                        "context": null,
                        "group": "test_group_name",
                        "match": null,
                        "notify": null,
                        "read": "v3read",
                        "version": "v3",
                        "version_option": "auth",
                        "write": null
                    },
                    {
                        "acl_v4": "snmpv3-acl",
                        "acl_v6": null,
                        "context": null,
                        "group": "test_group_name_two",
                        "match": null,
                        "notify": null,
                        "read": "v3read",
                        "version": "v3",
                        "version_option": "auth",
                        "write": "v3write"
                    }
                ],
                "hosts": [
                    {
                        "community_string": "test_user",
                        "host": "10.1.1.1",
                        "informs": null,
                        "traps": null,
                        "version": "3",
                        "version_option": "priv",
                        "vrf": "Mgmt-intf"
                    }
                ],
                "if_index": null,
                "inform": null,
                "ip": null,
                "location": null,
                "manager": null,
                "packet_size": null,
                "password_policy": null,
                "queue_length": null,
                "source_interface": null,
                "system_shutdown": null,
                "trap_source": null,
                "trap_timeout": null,
                "traps": null,
                "users": [
                    {
                        "acl_v4": null,
                        "acl_v6": null,
                        "authentication": {
                            "algorithm": "sha",
                            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "encryption": {
                            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "priv": "aes",
                            "priv_option": "128"
                        },
                        "group": "test_group_name",
                        "remote": null,
                        "udp_port": null,
                        "username": "test_user",
                        "version": "v3",
                        "version_option": null,
                        "vrf": null
                    }
                ],
                "views": null
            },
            "running_config": null,
            "state": "merged"
        }
    }
}
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'

PLAY RECAP *************************************************************************************************************************************npdzart03                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0```

roverflow · 2024-05-15T15:59:16Z

@JuanBH255 The play will not be idempotent as there are secrets or passwords involved in the playbook with snmp-user. It effects idempotency of module as configuration applied is not reflected in running-config for authentication. You can refer docs here for more info

JuanBH255 · 2024-05-15T16:19:11Z

@roverflow I do not like that. A module should be able to detect if the config already exists or is required to make a change. If it's not idempotent than this will look like a change is being made every time.

This was not an issue for me on collection version 5.3.0
Why is it that snmp user is idempotent in this version but not in the latest?

TASK [SNMP] *******************************************************************************************************************ok: [npdzart03] => {
    "before": {
        "groups": [
            {
                "acl_v4": "snmpv3-acl",
                "group": "test_group_name",
                "read": "v3read",
                "version": "v3",
                "version_option": "auth"
            },
            {
                "group": "test_group_name",
                "version": "v3",
                "version_option": "priv"
            },
            {
                "acl_v4": "snmpv3-acl",
                "group": "test_group_name_two",
                "read": "v3read",
                "version": "v3",
                "version_option": "auth",
                "write": "v3write"
            },
            {
                "group": "test_user",
                "version": "v3",
                "version_option": "priv"
            }
        ],
        "hosts": [
            {
                "community_string": "version",
                "host": "10.1.1.1",
                "traps": [
                    "3",
                    "priv",
                    "test_user"
                ],
                "vrf": "Mgmt-intf"
            }
        ],
        "users": [
            {
                "authentication": {
                    "algorithm": "sha"
                },
                "encryption": {
                    "priv": "aes",
                    "priv_option": "128"
                },
                "group": "test_group_name",
                "username": "test_user",
                "version": "v3"
            }
        ]
    },
    "changed": false,
    "commands": []
}

PLAY RECAP ********************************************************************************************************************npdzart03                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

roverflow · 2024-05-15T16:30:38Z

@JuanBH255 Yes, Unfortunately the above behavior of it being idempotent is actually a bug and was fixed in this pr here. Hence it is not idempotent

roverflow · 2024-05-15T17:15:57Z

@JuanBH255 i will be closing off the issue as the above issue is resolved, please feel free to open another issue if you face any.

Thanks!

JuanBH255 · 2024-05-15T17:18:08Z

"snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user"

@roverflow What about the "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user" command? Why is this not idempotent? this isnt using passwords/secrets in the command so should match exact running config.

JuanBH255 · 2024-05-15T17:26:41Z

@roverflow Can you reopen the issue? "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user" works now but isnt idempotent when it should be as this isnt using passwords/secrets in the command

roverflow · 2024-05-15T17:36:26Z

@roverflow Can you reopen the issue? "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user" works now but isnt idempotent when it should be as this isnt using passwords/secrets in the command

@JuanBH255 Taking a look at that! Thanks for noticing that, will get back to you on that issue!

roverflow · 2024-05-20T12:59:50Z

@JuanBH255 Could you check with the latest changes and let me know if that fixes your issue.

roverflow · 2024-05-21T15:48:11Z

@JuanBH255 I would be closing this issue as the latest pr merged fixed the above issue, please feel free to open another issue if you face any.

JuanBH255 changed the title ~~cisco.ios.ios_snmp_server module is NOT idempotent, so isn't behaving correctly~~ cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors. May 10, 2024

roverflow self-assigned this May 13, 2024

roverflow mentioned this issue May 13, 2024

Fix snmp host syntax #1073

Merged

roverflow closed this as completed May 15, 2024

roverflow reopened this May 15, 2024

roverflow closed this as completed May 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors. #1071

cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors. #1071

JuanBH255 commented May 10, 2024 •

edited

roverflow commented May 14, 2024

JuanBH255 commented May 15, 2024

roverflow commented May 15, 2024

JuanBH255 commented May 15, 2024

JuanBH255 commented May 15, 2024 •

edited by roverflow

roverflow commented May 15, 2024

JuanBH255 commented May 15, 2024 •

edited by roverflow

roverflow commented May 15, 2024 •

edited

roverflow commented May 15, 2024

JuanBH255 commented May 15, 2024 •

edited

JuanBH255 commented May 15, 2024

roverflow commented May 15, 2024

roverflow commented May 20, 2024

roverflow commented May 21, 2024

cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors. #1071

cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors. #1071

Comments

JuanBH255 commented May 10, 2024 • edited

SUMMARY

ISSUE TYPE

COMPONENT NAME

ANSIBLE VERSION

COLLECTION VERSION

CONFIGURATION

OS / ENVIRONMENT

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

roverflow commented May 14, 2024

JuanBH255 commented May 15, 2024

roverflow commented May 15, 2024

JuanBH255 commented May 15, 2024

JuanBH255 commented May 15, 2024 • edited by roverflow

roverflow commented May 15, 2024

JuanBH255 commented May 15, 2024 • edited by roverflow

roverflow commented May 15, 2024 • edited

roverflow commented May 15, 2024

JuanBH255 commented May 15, 2024 • edited

JuanBH255 commented May 15, 2024

roverflow commented May 15, 2024

roverflow commented May 20, 2024

roverflow commented May 21, 2024

JuanBH255 commented May 10, 2024 •

edited

JuanBH255 commented May 15, 2024 •

edited by roverflow

JuanBH255 commented May 15, 2024 •

edited by roverflow

roverflow commented May 15, 2024 •

edited

JuanBH255 commented May 15, 2024 •

edited