Open aciguru opened 4 years ago
ISSUE TYPE Bug Report maybe Enhancement request?
COMPONENT NAME aci_rest
ANSIBLE VERSION
ansible 2.4.2.0 config file = None configured module search path = [u'/home/dhamann/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible executable location = /usr/local/bin/ansible python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]
CONFIGURATION DEFAULT_DEBUG(env: ANSIBLE_DEBUG) = False DEFAULT_STRATEGY(env: ANSIBLE_STRATEGY) = linear
OS / ENVIRONMENT N/A
SUMMARY aci_rest module does not always detect changed config, but reports it as unchanged ("ok:")
STEPS TO REPRODUCE Depending on how you push the config to APIC the aci_rest module detects it as changed or not:
This example will always report as unchanged:
- name: Create CDP Policies tags: - create - network aci_rest: host: "{{ apic_hostname }}" username: "{{ apic_username }}" password: "{{ apic_password }}" validate_certs: false method: post path: "api/node/mo/uni/infra.xml?rsp-subtree=modified" content: | <infraInfra> <cdpIfPol adminSt="{{item.state}}" name="{{item.name}}" descr="CDP set to {{item.state}}"/> </infraInfra> with_items: - "{{cdp_policies}}"
This playbook works as expected ("ok:" if nothing has changed and "changed:" otherwise)
- name: Create CDP Policies tags: - create - network aci_rest: host: "{{ apic_hostname }}" username: "{{ apic_username }}" password: "{{ apic_password }}" validate_certs: false method: post path: "api/node/mo/uni/infra/.xml?rsp-subtree=modified" content: | <cdpIfPol adminSt="{{item.state}}" name="{{item.name}}" descr="CDP set to {{item.state}}"/> with_items: - "{{cdp_policies}}"
Note the difference in path: parameter (infra.xml vs. infra/.xml) as well as adjusted content.
EXPECTED RESULTS In both cases changes to actual APIC config should result in "changed:" status
ACTUAL RESULTS The reason why the first playbook does not behave as expected is that APIC does not populate the "status=" parameter as expected by the aci_rest module (it will only report change if this parameter is set to either of 'created', 'modified', 'deleted') (see https://github.com/datacenter/aci-ansible/blob/e87db8f15e34ea7dc2e1b30fd445a4c59561bbc9/library/aci_rest.py#L270-L284)
ok: [localhost] => (item={u'state': u'enabled', u'name': u'cdp_on2'}) => { "changed": false, "error_code": 0, "error_text": "Success", "imdata": [ { "infraInfra": { "attributes": { "childAction": "deleteNonPresent", "dn": "uni/infra", "lcOwn": "local", "modTs": "2017-08-17T01:40:52.471+01:00", "monPolDn": "uni/fabric/monfab-default", "name": "infra", "nameAlias": "", "ownerKey": "", "ownerTag": "", "rn": "", "status": "", "uid": "0" }, "children": [ { "cdpIfPol": { "attributes": { "adminSt": "enabled", "childAction": "deleteNonPresent", "descr": "", "extMngdBy": "", "lcOwn": "local", "modTs": "2018-01-17T09:45:05.902+01:00", "monPolDn": "", "name": "cdp_on2", "nameAlias": "", "ownerKey": "", "ownerTag": "", "rn": "cdpIfP-cdp_on2", "status": "", "uid": "17805" } } } ] } } ], "invocation": { "module_args": { "content": "<infraInfra>\n <cdpIfPol adminSt=\"enabled\" name=\"cdp_on2\" />\n</infraInfra>\n", "host": "apic.ddsdnlab.at", "hostname": "apic.ddsdnlab.at", "method": "post", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "path": "api/node/mo/uni/infra.xml?rsp-subtree=modified", "protocol": "https", "src": null, "timeout": 30, "use_proxy": true, "use_ssl": true, "username": "ansible", "validate_certs": false } }, "item": { "name": "cdp_on2", "state": "enabled" }, "response": "OK (544 bytes)", "status": 200, "totalCount": "1", "url": "https://apic.ddsdnlab.at/api/node/mo/uni/infra.xml?rsp-subtree=modified" }
On the other hand the second playbook runs as expected as returned data from APIC contains (status='modified'):
changed: [localhost] => (item={u'state': u'enabled', u'name': u'cdp_on'}) => { "changed": true, "error_code": 0, "error_text": "Success", "imdata": [ { "cdpIfPol": { "attributes": { "adminSt": "enabled", "childAction": "deleteNonPresent", "descr": "CDP set to enabled", "dn": "uni/infra/cdpIfP-cdp_on", "extMngdBy": "", "lcOwn": "local", "modTs": "2018-01-18T05:26:34.072+01:00", "monPolDn": "uni/fabric/monfab-default", "name": "cdp_on", "nameAlias": "", "ownerKey": "", "ownerTag": "", "rn": "", "status": "modified", "uid": "15374" } } } ], "invocation": { "module_args": { "content": "<cdpIfPol adminSt=\"enabled\" name=\"cdp_on\" descr=\"CDP set to enabled\"/>\n", "host": "apic.ddsdnlab.at", "hostname": "apic.ddsdnlab.at", "method": "post", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "path": "api/node/mo/uni/infra/.xml?rsp-subtree=modified", "protocol": "https", "src": null, "timeout": 30, "use_proxy": true, "use_ssl": true, "username": "ansible", "validate_certs": false } }, "item": { "name": "cdp_on", "state": "enabled" }, "response": "OK (375 bytes)", "status": 200, "totalCount": "1", "url": "https://apic.ddsdnlab.at/api/node/mo/uni/infra/.xml?rsp-subtree=modified" }
Given this (weired?) behavior of APIC (I confirmed this behavior is the same on APIC versions 3.0, 3.1 and 2.1), I think the current implementation of aci_changed() might be insufficient.
https://github.com/ansible/ansible/issues/35041
Is this still an open issue?
ISSUE TYPE Bug Report maybe Enhancement request?
COMPONENT NAME aci_rest
ANSIBLE VERSION
CONFIGURATION DEFAULT_DEBUG(env: ANSIBLE_DEBUG) = False DEFAULT_STRATEGY(env: ANSIBLE_STRATEGY) = linear
OS / ENVIRONMENT N/A
SUMMARY aci_rest module does not always detect changed config, but reports it as unchanged ("ok:")
STEPS TO REPRODUCE Depending on how you push the config to APIC the aci_rest module detects it as changed or not:
This example will always report as unchanged:
This playbook works as expected ("ok:" if nothing has changed and "changed:" otherwise)
Note the difference in path: parameter (infra.xml vs. infra/.xml) as well as adjusted content.
EXPECTED RESULTS In both cases changes to actual APIC config should result in "changed:" status
ACTUAL RESULTS The reason why the first playbook does not behave as expected is that APIC does not populate the "status=" parameter as expected by the aci_rest module (it will only report change if this parameter is set to either of 'created', 'modified', 'deleted') (see https://github.com/datacenter/aci-ansible/blob/e87db8f15e34ea7dc2e1b30fd445a4c59561bbc9/library/aci_rest.py#L270-L284)
On the other hand the second playbook runs as expected as returned data from APIC contains (status='modified'):
Given this (weired?) behavior of APIC (I confirmed this behavior is the same on APIC versions 3.0, 3.1 and 2.1), I think the current implementation of aci_changed() might be insufficient.