nxos_vlan: idempotency bug with mode

[chrisvanheuveln]

SUMMARY

nxos_vlan is not idempotent when mode is specified in a playbook (N5K/N7K). The problem is that map_config_to_obj does a show vlan brief | json to get state from the device but that command does not include any mode values; thus the result is always:

 have = [{'mode': None}]
 want = [{'mode': 'ce'}]

The only way to get the mode state with json is to use the full show vlan | json command; e.g.

n7k# show vlan | json
{
  "TABLE_vlanbrief": {
    "ROW_vlanbrief": [
      {
        "vlanshowbr-vlanid": 1,
        "vlanshowbr-vlanid-utf": 1,
        "vlanshowbr-vlanname": "default",
        "vlanshowbr-vlanstate": "active",
        "vlanshowbr-shutstate": "noshutdown"
      },
      {
        "vlanshowbr-vlanid": 33,
        "vlanshowbr-vlanid-utf": 33,
        "vlanshowbr-vlanname": "VLAN0033",
        "vlanshowbr-vlanstate": "active",
        "vlanshowbr-shutstate": "noshutdown"
      }
    ]
  },
  "TABLE_mtuinfo": {
    "ROW_mtuinfo": [
      {
        "vlanshowinfo-vlanid": 1,
        "vlanshowinfo-media-type": "enet",
        "vlanshowinfo-vlanmode": "ce-vlan"  <-----------------<<
      },
      {
        "vlanshowinfo-vlanid": 33,
        "vlanshowinfo-media-type": "enet",
        "vlanshowinfo-vlanmode": "fabricpath-vlan"  <-----------------<<
      }
    ]
  }
}

ISSUE TYPE

• Bug Report

COMPONENT NAME

nxos_vlan

ANSIBLE VERSION

ansible 2.8.0.dev0
  config file = None
  configured module search path = [u'/Users/cvanheuv/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/cvanheuv/git/ansible/lib/ansible
  executable location = /Users/cvanheuv/git/ansible/bin/ansible
  python version = 2.7.15 (default, Oct  2 2018, 11:47:18) [GCC 4.2.1 Compatible Apple LLVM 10.0.0 (clang-1000.11.45.2)]

CONFIGURATION

> ansible-config dump --only-changed
>

OS / ENVIRONMENT

Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor Module-2")Running ansible from
Software
system: version 8.3(2)

Ansible running from OSX

STEPS TO REPRODUCE

Run sanity test. Fails at 166:

TASK [nxos_vlan : assert] ******************************************************
 task path: /root/agents-ci/ansible/test/integration/targets/nxos_vlan/tests/common/sanity.yaml:166
 <n7k-j> attempting to start connection
 <n7k-j> using connection plugin network_cli
 <n7k-j> found existing local domain socket, using it!
 <n7k-j> updating play_context for connection
 <n7k-j>
 <n7k-j> local domain socket path is /root/.ansible/pc/c60686b719
 fatal: [n7k-j]: FAILED! => {
     "assertion": "result.changed == false",
     "changed": false,
     "evaluated_to": false,
     "msg": "Assertion failed"
 }

[ansibot]

Files identified in the description:

• lib/ansible/modules/network/nxos/nxos_vlan.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibot]

cc @jedelman8 @mikewiebe @rahushen @rcarrillocruz @trishnaguha
click here for bot help

[trishnaguha]

@chrisvanheuveln what does show running-config all | section ^vlan return?

[chrisvanheuveln]

@trishnaguha

Note the different display on N7K vs N9K.

• N7K will display all configs for a given vlan even if they are default.
• N9K will will only display all settings for the vlan if it has at least one non-default setting. The failure to display is likely a bug but you should be able to infer from the missing configs that the vlan is set to defaults.

N7K

n7k-99(config)# vl 33
n7k-99(config-vlan)# name my_test_vlan_for_ansible
n7k-99(config-vlan)# mode fabricpath
n7k-99(config-vlan)# vl 34
n7k-99(config-vlan)# exit
n7k-99(config)# show running-config all | section ^vlan
vlan dot1Q tag native fabricpath
vlan 1,33-34
vlan 1
  mode ce
  state active
  no shutdown
  name default
vlan 33
  mode fabricpath
  state active
  no shutdown
  name my_test_vlan_for_ansible
vlan 34     <-----------------<< displays sub-configs even though all settings are default
  mode ce
  state active
  no shutdown
  name VLAN0034

N9K

n9k-108(config)# vl 33
n9k-108(config-vlan)#   name my_test_vlan_for_ansible
n9k-108(config-vlan)# vl 34
n9k-108(config-vlan)# exit
n9k-108(config)# show running-config all | section ^vlan
vlan 1,33-34   <-------------<< vlan 34 is configured but doesn't have any sub-configs displayed
vlan 33
  mode ce
  state active
  no shutdown
  name my_test_vlan_for_ansible
  vn-segment 0
n9k-108(config)#

[trishnaguha]

@chrisvanheuveln can you please make sure if mode ce is default value for vlans?

[chrisvanheuveln]

@trishnaguha Yes, mode ce is the default mode for vlans.

Ref: (see Step 3. in the configuration details table)
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/fabricpath/configuration/guide/b-Cisco-Nexus-7000-Series-NX-OS-FP-Configuration-Guide-6x/b-Cisco-Nexus-7000-Series-NX-OS-FP-Configuration-Guide-6x_chapter_0101.html#task_9BF2CF01054B4050BBF12D0F56C380DF

[trishnaguha]

@chrisvanheuveln Will you please try this fix #55144?

[chrisvanheuveln]

@trishnaguha Your patch causes an idempotency problem on 7K when purge is specified. I debugged it and have a suggested patch for your patch here: chrisvanheuveln#3

edit: My patch breaks N9K. I'll take another look and update.

[chrisvanheuveln]

@trishnaguha Please see updated code at chrisvanheuveln#3. My changes have been validated on N9K/N7K/N6K.

[chrisvanheuveln]

@trishnaguha Hi Trishna, any update on this issue? Thanks