search

CiscoDevNet / terraform-provider-nxos

Terraform Cisco NX-OS Provider
https://registry.terraform.io/providers/netascode/nxos
Mozilla Public License 2.0
9 stars 10 forks source link

After removing resource cdp/lldp config left on interface #268

Open krzysztofmaciejewskiit opened 1 month ago

krzysztofmaciejewskiit commented 1 month ago

When I delete a part of the code in e.g. part two, responsible for cdp or lldp it says it is destroyed, but it stays on the Nexus configuration and I don't know why all other things get deleted and those 3 lines of code (seen on the switch) stay, even though the terraform logs clearly say "destroyed". My removal is to simply remove the part of the code responsible for adding cdp and lldp to the second interface, that is, everything from that tag down: //============================================== part-2 ==============================================

image image image

Code from terraform: main.tf

terraform {
  required_providers {
    nxos = {
      source  = "CiscoDevNet/nxos"
      version = "0.5.3"
    }
  }
}

provider "nxos" {
  username = var.nxos_username
  password = var.nxos_password
  url      = var.nxos_url
}

/*============================================ common ============================================*/

resource "nxos_feature_lldp" "lldp" {
  admin_state = "enabled"
}

/*=====================================*/

resource "nxos_rest" "cdpEntity" {
  dn         = "sys/cdp"
  class_name = "cdpEntity"
}

//============================================== part-1 ==============================================
//============================================== part-1 ==============================================
//============================================== part-1 ==============================================

/*============================================ description & L3 ============================================*/

resource "nxos_physical_interface" "desc-L3" {
  interface_id = "eth1/5"
  description  = "desc1"
  layer = "Layer3"
  admin_state  = "up"
  user_configured_flags = "admin_state"
}

/*============================================ lldp ============================================*/

resource "nxos_rest" "lldpInst" {
  depends_on = [nxos_feature_lldp.lldp]
  dn         = "sys/lldp/inst"
  class_name = "lldpInst"
  children = [
    {
      rn         = "if-[eth1/5]"
      class_name = "lldpIf"
      content = {
        adminRxSt = "disabled",
        adminTxSt = "disabled",
        id        = "eth1/5"
      }
    }
  ]
}

/*============================================ cdp ============================================*/

resource "nxos_rest" "cdpInst" {
  depends_on = [nxos_rest.cdpEntity]
  dn         = "sys/cdp/inst"
  class_name = "cdpInst"
  children = [
    {
      rn         = "if-[eth1/5]"
      class_name = "cdpIf"
      content = {
        adminSt = "disabled",
        id        = "eth1/5"
      }
    }
  ]
}

//============================================== part-2 ==============================================
//============================================== part-2 ==============================================
//============================================== part-2 ==============================================

/*============================================ description & L3 ============================================*/

resource "nxos_physical_interface" "desc-L3v2" {
  interface_id = "eth1/6"
  description = "desc2"
  layer = "Layer3"
  admin_state  = "up"
  user_configured_flags = "admin_state"
}

/*============================================ lldp ============================================*/

resource "nxos_rest" "lldpInstv2" {
  depends_on = [nxos_feature_lldp.lldp]
  dn         = "sys/lldp/inst"
  class_name = "lldpInst"
  children = [
    {
      rn         = "if-[eth1/6]"
      class_name = "lldpIf"
      content = {
        adminRxSt = "disabled",
        adminTxSt = "disabled",
        id        = "eth1/6"
      }
    }
  ]
}

/*============================================ cdp ============================================*/

resource "nxos_rest" "cdpInstv2" {
  depends_on = [nxos_rest.cdpEntity]
  dn         = "sys/cdp/inst"
  class_name = "cdpInst"
  children = [
    {
      rn         = "if-[eth1/6]"
      class_name = "cdpIf"
      content = {
        adminSt = "disabled",
        id        = "eth1/6"
      }
    }
  ]
}

Link to Cisco Community discussion: https://community.cisco.com/t5/devnet-general-discussions/terraform-after-removing-resource-cdp-lldp-config-left-on/td-p/5157851

danischm commented 3 days ago

There is no need to manage the "sys/lldp/inst" and "sys/cdp/inst" objects using Terraform. These are system level objects that already exist and therefore there is no need to manage them using Terraform. What happens here is, TF attempts to delete those system objects (which would implicitly also delete the child objects), but it fails as those types of objects cannot be deleted and therefore the child objects remain in place as well. The "nxos_rest" resource silently suppresses this error, because it is a generic resource and in some cases this is expected. The resources should therefore be defined like this:

resource "nxos_rest" "lldpIf" {
  depends_on = [nxos_feature_lldp.lldp]
  dn         = "sys/lldp/inst/if-[eth1/5]"
  class_name = "lldpIf"
  content = {
    adminRxSt = "disabled"
    adminTxSt = "disabled"
    id        = "eth1/5"
  }
}

resource "nxos_rest" "cdpIf" {
  depends_on = [nxos_rest.cdpEntity]
  dn         = "sys/cdp/inst/if-[eth1/5]"
  class_name = "cdpIf"
  content = {
    adminSt = "disabled"
    id        = "eth1/5"
  }
}