search

Juniper / ansible-junos-stdlib

Junos modules for Ansible
Apache License 2.0
302 stars 156 forks source link

Random diff on juniper SRX device #637

Closed vishnubraj closed 7 months ago

vishnubraj commented 8 months ago

Issue Type

Module Name

config module juniper.device collection and Python libraries version 
junos-eznc            2.6.8
junipernetworks.junos         5.3.0

OS / Environment

Juniper SRX JUNOS 20.2R3.9

Summary

I am managing Juniper SRX device configuration using Ansible. using the Juniper developed juniper.device module. I generated the config template using the txt format and replaced the config on the device. I am only managing the radius config on the device, But when I run the diff, it shows diff for the VPN config also, but there is no actual change to the VPN config. it just started showing up after the first config push to the device using Ansible. 

18:24:19  ok: [10.108.4.1] => {
18:24:19      "response": {
18:24:19          "changed": true,
18:24:19          "diff": {
18:24:19              "prepared": "\n[edit security ike gateway gw-vpn-0b1824d-1]\n-    address 1.1.1.1;\n+    address 1.1.1.1;\n[edit security ike gateway gw-vpn-0b1824d-2]\n-    address 4.4.4.4;\n+    address 4.4.4.4;\n"
18:24:19          },
18:24:19          "diff_lines": [
18:24:19              "",
18:24:19              "[edit security ike gateway gw-vpn-0b1824d-1]",
18:24:19              "-    address 1.1.1.1;",
18:24:19              "+    address 1.1.1.1;",
18:24:19              "[edit security ike gateway gw-vpn-0b1824d-2]",
18:24:19              "-    address 4.4.4.4;",
18:24:19              "+    address 4.4.4.4;"
18:24:19          ],
18:24:19          "failed": false,
18:24:19          "file": "/tmp/push_config/configs/generated_config/fw1.ap-south-1c",
18:24:19          "msg": "Configuration has been: opened, loaded, diffed, closed."
18:24:19      }
18:24:19  }

if I reconfigure the radius server using set commands on the cli,the device is accepting the second radius server also, even though they don't have any difference. please check the output below. 

radius-server {
    10.64.95.2 {
        port 1812;
        secret "$9$9XXXX"; ## SECRET-DATA
        timeout 10;
        retry 2;
        source-address 10.108.0.1;
    }
    10.64.95.2 {
        port 1812;
        secret "$9$9XXXX"; ## SECRET-DATA
        timeout 10;
        retry 2;
        source-address 10.108.0.1;
    }
}

Steps to reproduce


 - name: Pushing the config
      config:
        host: "{{ inventory_hostname }}"
        user: "{{ ansible_user }}"
        passwd: "{{ ansible_password }}"
        ssh_private_key_file: none
        config_mode: "private"
        load: 'replace'
        format: 'text'
        src: "/tmp/push_config/configs/generated_config/{{ device_name }}"
        diff: true
        dest_dir: "/tmp/"
        check: false
        commit: "{{ commit }}"
        ignore_warning: true
        timeout: 120
      vars:
        ansible_command_timeout: 120
      register: response
      tags:
        - config_push

Expected results

no diff expected

Actual results

it is showing a random diff, which is actually not a actual diff, as both the lines are same
vishnubraj commented 7 months ago

This was fixed after using config_mode: "exclusive" in the playbook