EPG Import Caused DVS Switch Uplink Port Modification (DCNE-244)

[Alexpf20210007]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.5

APIC version and APIC Platform

5.2.8

Affected Resource(s)

aci_epg_to_domain

Terraform Configuration Files

main.tf variables.tf tfvars.tfvars

Main Config
#import {
#  to = aci_application_epg.test["TESTEPG1"]
#  id = "uni/tn-test/ap-test_anp/epg-TESTEPG1"
#}
resource "aci_application_epg" "test" { 
  for_each = try(var.endpoint_groups, {})  
  application_profile_dn = try(each.value["application_network_profiles"], null)  
  name = try(each.key, null)  
  relation_fv_rs_bd = try(each.value["bridge_domain"], null)
  description = "EPG Created Using Terraform"  
}
TFVARS Config
    "TESTEPG1": {
        "application_network_profiles": "uni/test_prod/ap-test_anp",
        "bridge_domain": "uni/test_prod/BD-test_bd"
    },

Debug Output

Some info in event was modified due: EventId: 882693 EventTS: 173148224 Type: 2007 Message: dvPort group EPG1 in DC1 was reconfigured. Modified: config.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort: ("LAG") -> ("uplink1", "uplink2", "uplink3", "uplink4", "uplink5", "uplink6", "uplink7", "uplink8"); config.description: -> "Created By Terraform"; Added: Deleted: VMM Controller: VMWARE VMWARE.myoffice.com received event

Panic Output

Expected Behavior

Terraform should have imported the EPG and updated the description.

Actual Behavior

Terraform imported the EPG and re-connected DVS switchports in VMWare connection with wrong ports. I was not expecting an EPG import or description change to also make this change. The terraform plan did not show that it was going to make this change. It only showed an import and description change. Message: dvPort group TESTEPG1 in TESTDC was reconfigured. Modified: config.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort: ("LAG") -> ("uplink1", "uplink2", "uplink3", "uplink4", "uplink5", "uplink6", "uplink7", "uplink8"); config.description: -> "Created By Terraform"; Added: Deleted: VMM Controller: VMWARE VMWARE.myoffice.com received event

Steps to Reproduce

Imported a new EPG and updated description.
terrafrom plan

  # aci_application_epg.amfam["TESTEPG1"] will be updated in-place
  # (imported from "uni/tn-test/ap-test_anp/epg-TESTEPG1")
  ~ resource "aci_application_epg" "amfam" {
        application_profile_dn       = "uni/tn-test/ap-test_anp"
      + description                  = "EPG Created Using Terraform"
        flood_on_encap               = "disabled"
        fwd_ctrl                     = "none"
        has_mcast_source             = "no"
        id                           = "uni/tn-test/ap-test_anp/epg-TESTEPG1"
        is_attr_based_epg            = "no"
        match_t                      = "AtleastOne"
        name                         = "TESTEPG1"
        pc_enf_pref                  = "unenforced"
        pref_gr_memb                 = "exclude"
        prio                         = "level3"
        relation_fv_rs_bd            = "uni/tn-test/BD-TESTBD"
        relation_fv_rs_cons          = []
        relation_fv_rs_cons_if       = []
        relation_fv_rs_cust_qos_pol  = "uni/tn-common/qoscustom-default"
        relation_fv_rs_fc_path_att   = []
        relation_fv_rs_intra_epg     = []
        relation_fv_rs_path_att      = []
        relation_fv_rs_prot_by       = []
        relation_fv_rs_prov          = []
        relation_fv_rs_prov_def      = []
        relation_fv_rs_sec_inherited = []
        shutdown                     = "no"
    }

1. terraform apply aci_application_epg.amfam["TESTEPG1"]: Modifications complete after 10s [id=uni/tn-test/ap-test/epg-TESTTEPG1]

Important Factoids

Nothing special.

References

• 0000

[akinross]

Hi @Alexpf20210007,

Could you add the logs that contain the payload that is being send by aci_application_epg?

You mention affected resource "aci_epg_to_domain" but I do not see any configuration of this provided. Could you also provide that configuration and log?

Just a heads up the EPG resource and it's children be changed. These changes have already been merged into master but are not yet released ( I do not know the exact release date for this ). See https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/docs/resources/application_epg.md for more details. I suspect that the behaviour you are experiencing might be fixed by this change.

There is also a rename for the "aci_epg_to_domain", this will be named "aci_relation_to_domain", see details: https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/docs/resources/relation_to_domain.md. The legacy "aci_epg_to_domain" will remain in the provider for now.

From your output it seems you are doing tests in a test environment, is this correct? You could build the master branch locally to test this behaviour. Let me know if you require any assistance with this.

[Alexpf20210007]

I would like to understand how an EPG import and description update caused ACI to change the DVS ports on a VMWARE controller? I did no try to make any change to the physical or virtual domain. I provided the terraform plan output and it did not mention anything about changing the ports below. It just shows the description change.

dvPort group TESTEPG1 in TESTDC was reconfigured. Modified: config.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort: ("LAG") -> ("uplink1", "uplink2", "uplink3", "uplink4", "uplink5", "uplink6", "uplink7", "uplink8"); config.description: -> "Created By Terraform"; Added: Deleted: VMM Controller: VMWARE VMWARE.myoffice.com received event

[akinross]

Hi @Alexpf20210007,

Currently I see snippets of your plan and configuration not full files, so everything I would say would be based on assumptions without knowing what is actually being executed/send. In order to provide you more answers I would need to see some more information, thus I requested you to provide me additional logs and config. Could you please provide these?

[Alexpf20210007]

Is it possible that I could upload the requested files to a Cisco TAC?

[akinross]

Hi @Alexpf20210007,

If you want to upload via TAC then please raise a TAC case through the normal process.

You can also email me (akinross@cisco.com) directly, which would be faster route for this issue. Please make sure to remove any sensitive information that is not intended for me.

[Alexpf20210007]

I sent two emails to your cisco email address. Please let me know if you need more information.

Thank you,

@.*** Alex Pfeil, Lead Engineer Enterprise Networking Squad 6000 American Parkway | Madison, WI 53783| view maphttps://www.google.com/maps/search/?api=1&query=6000%20American%20Parkway%20%20Madison%20WI%2053783 Office Phone: 6089404045| Mobile: 937-602-9546

From: Akini Ross @.> Sent: Thursday, November 14, 2024 10:36 AM To: CiscoDevNet/terraform-provider-aci @.> Cc: Pfeil, Alex L @.>; Mention @.> Subject: Re: [CiscoDevNet/terraform-provider-aci] EPG Import Caused DVS Switch Uplink Port Modification (Issue #1300)

Hi @Alexpf20210007, If you want to upload via TAC then please raise a TAC case through the normal process. You can also email me (akinross@ cisco. com) directly, which would be faster route for this issue. Please make sure to remove any sensitive

Hi @Alexpf20210007https://urldefense.com/v3/__https:/github.com/Alexpf20210007__;!!NH_hVA4!60aS5bagbKIdqDPf0DYAdDoyuYbsHd1kLqIzvRZgaHaCxu3IRV-fJT1oxB3EpGr02113Mwxsr4MHh9oLaELL5g$,

If you want to upload via TAC then please raise a TAC case through the normal process.

You can also email me @.**@.>) directly, which would be faster route for this issue. Please make sure to remove any sensitive information that is not intended for me.

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/CiscoDevNet/terraform-provider-aci/issues/1300*issuecomment-2476729724__;Iw!!NH_hVA4!60aS5bagbKIdqDPf0DYAdDoyuYbsHd1kLqIzvRZgaHaCxu3IRV-fJT1oxB3EpGr02113Mwxsr4MHh9pQu80fww$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AZTPQOJQI7ZTZJUKXLYF42T2AS7PLAVCNFSM6AAAAABRXQ2LA2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINZWG4ZDSNZSGQ__;!!NH_hVA4!60aS5bagbKIdqDPf0DYAdDoyuYbsHd1kLqIzvRZgaHaCxu3IRV-fJT1oxB3EpGr02113Mwxsr4MHh9qtHvl_WQ$. You are receiving this because you were mentioned.Message ID: @.**@.>>

---

American Family Mutual Insurance Company, S.I. | American Family Insurance Company | American Family Life Insurance Company | American Standard Insurance Company of Ohio | American Standard Insurance Company of Wisconsin | Midvale Indemnity Company | Home Office - 6000 American Parkway Madison, WI 53783Permanent General Assurance Corporation | Permanent General Assurance Corporation of Ohio | The General Automobile Insurance Company, Inc. DBA The General® Home Office - 2636 Elm Hill Pike Nashville, TN 37214 wholly owned subsidiaries of American Family Mutual Insurance Company, S.I.*If you are not the intended recipient, please contact the sender and delete this e-mail, any attachments and all copies..

[akinross]

Hi @Alexpf20210007,

I received the emails and will try to have a look tomorrow. Will keep you updated.

[akinross]

Hi @Alexpf20210007,

Could you clarify and provide me a few more logs:

• Would it be possible for you to isolate the issue to only a single EPG import and apply ( manually in a local terraform setup ) and capture the logs from there? If possible, could you in that case also provide me the EPG config with it's full child tree?

• The logs that contain the payload send with terraform: https://developer.hashicorp.com/terraform/internals/debugging. You can set the TF_LOG=DEBUG and TF_LOG_PATH=[dir] for this.

• I am confused regarding the dvPort group TESTEPG1 in TESTDC error message, because this config.description: -> "Created By Terraform" I do not see anywhere in your configuration as a description. Did you adjust this message manually? Could you provide me the logs of this message when you run with the above environment logging variables set?

• Are you experiencing the behaviour for every EPG, or is it only for some EPGs? You mention in the title it is on import, but to me this seems the behaviour you are describing is happening on change of description ( thus update apply operation ). Do you experience the same behaviour when doing a update of description after the first update apply of configuration? Are you experiencing the same when executing the update of description on the UI for that EPG?