nx-feature module uses incorrect feature name for "port-security"

[ghost]

ISSUE TYPE

• Bug Report

COMPONENT NAME

nx-feature

ANSIBLE VERSION

ansible 2.3.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

STEPS TO REPRODUCE

  tasks:
  - name: Disable Port Security
    nxos_feature:
      feature: port-security
      state: disabled
      transport: cli

EXPECTED RESULTS

I expected to get something similar to below, confirming that the settings was completed successfully. Example below is for "sftp-server" feature.

ACTUAL RESULTS

Received a failed message along with a list of available features that can be enabled/disabled on the device. "port-security" is listed as one of the features, and it can be enabled/disabled on the device via command line. Error indicates that the features is interpreted and sent as "eth_port_sec" instead of "port-security".

Looking at /usr/lib/python2.7/dist-packages/ansible/modules/network/nxos/nxos_feature.py, it looks like "port-security" gets mapped to "eth_port_sec" for some reason. This may have changed names in nx-os, but it should be literally interpreted as "port-security".

open_shell() returned 0 ok
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/network/nxos/nxos_feature.py
<IP> ESTABLISH LOCAL CONNECTION FOR USER: <user>
<IP> EXEC /bin/sh -c 'echo ~ && sleep 0'
<IP> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/<user>/.ansible/tmp/ansible-tmp-1497281535.61-130722979343259 `" && echo ansible-tmp-1497281535.61-1307229793432
59="` echo /home/<user>/.ansible/tmp/ansible-tmp-1497281535.61-130722979343259 `" ) && sleep 0'
<IP> PUT /tmp/tmplqA8oS TO /home/<user>/.ansible/tmp/ansible-tmp-1497281535.61-130722979343259/nxos_feature.py
<IP> EXEC /bin/sh -c 'chmod u+x /home/<user>/.ansible/tmp/ansible-tmp-1497281535.61-130722979343259/ /home/<user>/.ansible/tmp/ansible-tmp-1497281535.61-130722979343259/n
xos_feature.py && sleep 0'
<IP> EXEC /bin/sh -c '/usr/bin/python /home/<user>/.ansible/tmp/ansible-tmp-1497281535.61-130722979343259/nxos_feature.py; rm -rf "/home/<user>/.ansible/tmp/ansible-tmp-1
497281535.61-130722979343259/" > /dev/null 2>&1 && sleep 0'
fatal: [<hostename]: FAILED! => {
    "changed": false,
    "failed": true,
    "features_currently_supported": {
        "bulkstat": "disabled",
        "cimserver": "disabled",
        "cluster": "disabled",
        "congestion-isolation": "disabled",
        "dpvm": "disabled",
        "elo": "disabled",
        "evmed": "disabled",
        "fabric-access": "disabled",
        "fabric-binding": "disabled",
        "fcsp": "disabled",
        "fport-channel-trunk": "enabled",
        "http-server": "enabled",
        "isapi": "disabled",
        "ivr": "disabled",
        "ldap": "disabled",
        "license-smart": "disabled",
        "npiv": "enabled",
        "npv": "disabled",
        "nxapi": "enabled",
        "onep": "disabled",
        "poap": "disabled",
        "port-security": "disabled",
        "port_track": "disabled",
        "privilege": "disabled",
        "qos-manager": "disabled",
        "scheduler": "disabled",
        "scpServer": "disabled",
        "sdv": "disabled",
        "sfm": "disabled",
        "sftpServer": "enabled",
        "sshServer": "enabled",
        "tacacs": "disabled",
        "telnetServer": "disabled",
        "tpc": "disabled"
    },
    "invalid_feature": "eth_port_sec",
    "invocation": {
        "module_args": {
            "config": null,
            "feature": "port-security",
            "host": null,
            "include_defaults": null,
            "password": null,
            "port": null,
            "provider": null,
            "save": null,
            "ssh_keyfile": null,
            "state": "disabled",
            "timeout": null,
            "transport": "cli",
            "use_ssl": null,
            "username": null,
            "validate_certs": null
        }
    },
    "msg": "Invalid feature name."

[ghost]

Verified this behavior by commenting out 2 lines with "eth_port_sec" in them in file /usr/lib/python2.7/dist-packages/ansible/modules/network/nxos/nxos_feature.py and re-running playbook, which completes successfully.

[ghost]

other option is to switch the order of the mapping so both "eth_port_sec" and "port-security" both get mapped to "port-security" when the command is actually sent to the device. That may have been the original intent.

[trishnaguha]

@patbdti I am unable to reproduce the issue.

[ghost]

@trishnaguha - I have verified the issue this morning using a Cisco MDS9148S switch running NX-OS 8.1(1) and ansible 2.3.1.0. If I try to enable feature "port-security" using the nxos_feature module, ansible tries to enable the "eth_port_sec" feature, which doesn't exist on the switch. I don't know if that feature exists on other nx-os devices, but if definitely does not on my switches.

[ansibot]

cc @risaacson
click here for bot help

[trishnaguha]

@patbdti
On the version(7K) of NX-OS port-security is mapped to eth_port_sec.
Removing port-security mapping would make feature port-security an invalid command.

nxos01(config)# show feature | i port
eth_port_sec         1        disabled
nxos01(config)# feature port-security
nxos01(config)# show feature | i port
eth_port_sec         1        enabled

Maybe the Documentation needs to updated in this case.

[trishnaguha]

Target Date: 02/01/2018

[trishnaguha]

resolved_by_pr #34020