search

ansible-collections / cisco.ios

Ansible Network Collection for Cisco IOS
GNU General Public License v3.0
277 stars 169 forks source link

Can't configure 'switchport mode access' in a loop on each interface #1094

Closed comete-geek closed 13 hours ago

comete-geek commented 1 month ago
SUMMARY
ISSUE TYPE
COMPONENT NAME

cisco.ios.ios_config

ANSIBLE VERSION
ansible [core 2.17.1]
  config file = ~/git/network/ansible.cfg
  configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = ~/git/ansible-venv/lib/python3.11/site-packages/ansible
  ansible collection location = ~/.ansible/collections:/usr/share/ansible/collections
  executable location = ~/git/ansible-venv/bin/ansible
  python version = 3.11.2 (main, May  2 2024, 11:59:08) [GCC 12.2.0] (~/git/ansible-venv/bin/python3)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
# ~/git/ansible-venv/lib/python3.11/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 9.1.0
CONFIGURATION
CONFIG_FILE() = ~/git/network/ansible.cfg
DEFAULT_HOST_LIST(~/git/network/ansible.cfg) = ['~/git/network/inventory']
DEFAULT_LOG_PATH(~/git/network/ansible.cfg) = ~/git/network/ansible.log
DEFAULT_ROLES_PATH(~/git/network/ansible.cfg) = ['~/git/network/roles']
DEFAULT_STRATEGY(~/git/network/ansible.cfg) = linear
EDITOR(env: EDITOR) = vim
HOST_KEY_CHECKING(~/git/network/ansible.cfg) = False
RETRY_FILES_ENABLED(~/git/network/ansible.cfg) = False

##### OS / ENVIRONMENT                                                                                                                                         

Debian Bookworm 12.5

Cisco Catalyst C9200L-48T-4X-E
IOS version 17.9

##### STEPS TO REPRODUCE

```yaml
- name: Enable switchport mode access on each interface
  become: true
  become_method: enable
  connection: ansible.netcommon.network_cli
  cisco.ios.ios_config:
    lines:
      - switchport mode access
      - no cdp enable
    parents: "interface {{ item }}"
  loop: '{{ ansible_net_interfaces.keys() }}'
  delegate_to: '{{ new_switch }}'
  vars:
    ansible_network_os: cisco.ios.ios
EXPECTED RESULTS

Should enable 'switchport mode access' on each interface.

ACTUAL RESULTS
...
failed: [localhost -> switch-test] (item=TenGigabitEthernet1/1/4) => {"ansible_loop_var": "item", "changed": false, "item": "TenGigabitEthernet1/1/4", "module_
stderr": "configure terminal\r\nconfigure terminal\r\n ^\r\n% Invalid input detected at '^' marker.\r\n\r\nswitch-test.uni(config-if)#", "module_stdout": 
"", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}

I get this on every interface when trying to enable 'switchport mode access'. If I remove it and let only 'no cdp enable', it works. If I let only 'switchport mode access', it fails too.

Thanks

cardosocristian commented 1 month ago

Hi friend For this configuration it is possible to use the L2 module from the collection : https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_l2_interfaces_module.html#ansible-collections-cisco-ios-ios-l2-interfaces-module

  tasks:
  - name: Change to access mode
    cisco.ios.ios_l2_interfaces:
      config:
        - name: "{{ item }}"
          mode: access
          access:
             vlan: 10
    loop:
      - GigabitEthernet1/0/3
      - GigabitEthernet1/0/4
      - GigabitEthernet1/0/5

I didn't find any reference commands for CDP in any interface module.

Hope this helps

comete-geek commented 1 month ago

Hi @cardosocristian ! thanks for your suggestion but it doesn't work either:

failed: [localhost -> switch-test] (item=TenGigabitEthernet3/1/1) => {"ansible_loop_var": "item", "changed": false, "item": "TenGigabitEthernet3/1/1", "msg": "show running-config | section ^interface\r\nshow running-config | section ^interface\r\n  ^\r\n% Invalid input detected at '^' marker.\r\n\r\nswitch-test(config-if)#"}
failed: [localhost -> switch-test] (item=TenGigabitEthernet3/1/2) => {"ansible_loop_var": "item", "changed": false, "item": "TenGigabitEthernet3/1/2", "msg": "show running-config | section ^interface\r\nshow running-config | section ^interface\r\n  ^\r\n% Invalid input detected at '^' marker.\r\n\r\nswitch-test(config-if)#"}
failed: [localhost -> switch-test] (item=TenGigabitEthernet3/1/3) => {"ansible_loop_var": "item", "changed": false, "item": "TenGigabitEthernet3/1/3", "msg": "show running-config | section ^interface\r\nshow running-config | section ^interface\r\n  ^\r\n% Invalid input detected at '^' marker.\r\n\r\nswitch-test(config-if)#"}
failed: [localhost -> switch-test] (item=TenGigabitEthernet3/1/4) => {"ansible_loop_var": "item", "changed": false, "item": "TenGigabitEthernet3/1/4", "msg": "show running-config | section ^interface\r\nshow running-config | section ^interface\r\n  ^\r\n% Invalid input detected at '^' marker.\r\n\r\nswitch-test(config-if)#"}

with this code:

- name: Enable switchport mode access on each interface                                                                                                        
  become: true                                                                                                                                                 
  become_method: enable                                                                                                                                        
  connection: ansible.netcommon.network_cli                                                                                                                    
  cisco.ios.ios_l2_interfaces:                                                                                                                                 
    config:                                                                                                                                                    
      - name: '{{ item }}'                                                                                                                                     
        mode: access                                                                                                                                           
        access:                                                                                                                                                
          vlan: 1                                                                                                                                              
  loop: '{{ ansible_net_interfaces.keys() }}'                                                                                                                  
  vars:                                                                                                                                                        
    ansible_network_os: cisco.ios.ios
cardosocristian commented 1 month ago

Hi @comete-geek How is your key file used in the loop configured?

comete-geek commented 1 month ago

Hello, I get it directly from facts with:

- name: Facts                                                                                                                            
  connection: ansible.netcommon.network_cli                                                                                                                    
  cisco.ios.ios_facts:                                                                                                                                         
        gather_subset:                                                                                                                                         
          - min                                                                                                                                                
          - interfaces                                                                                                                                                                                                                                                               
  vars:                                                                                                                                                        
    ansible_network_os: cisco.ios.ios

I get this

ok: [switch-test] => {                                                                                                                        
    "ansible_net_interfaces": {                                                                                                                                
        "GigabitEthernet0/0": {                                                                                                                                
            "bandwidth": 1000000,                                                                                                                              
            "description": null,                                                                                                                               
            "duplex": "Full",                                                                                                                                  
            "ipv4": [],                                                                                                                                        
            "lineprotocol": "down",                                                                                                                            
            "macaddress": "dc0b.073b.0c60",                                                                                                                    
            "mediatype": "RJ45",                                                                                                                               
            "mtu": 1500,                                                                                                                                       
            "operstatus": "administratively down",                                                                                                             
            "type": "RP management port"                                                                                                                       
        },                                                                                                                                                     
        "GigabitEthernet1/0/1": {                                                                                                                              
            "bandwidth": 1000000,                                                                                                                              
            "description": null,                                                                                                                               
            "duplex": null,                                                                                                                                    
            "ipv4": [],                                                                                                                                        
            "lineprotocol": "up",                                                                                                                              
            "macaddress": "cc33.cffd.a601",                                                                                                                    
            "mediatype": "10/100/1000BaseTX",                                                                                                                  
            "mtu": 1500,                                                                                                                                       
            "operstatus": "up",                                                                                                                                
            "type": "Gigabit Ethernet"                                                                                                                         
        },                                                                                                                                                     
        "GigabitEthernet1/0/10": {                                                                                                                             
            "bandwidth": 1000000,                                                                                                                              
            "description": null,                                                                                                                               
            "duplex": null,                                                                                                                                    
            "ipv4": [],                                                                                                                                        
            "lineprotocol": "down",                                                                                                                            
            "macaddress": "cc33.cffd.a60a",                                                                                                                    
            "mediatype": "10/100/1000BaseTX",                                                                                                                  
            "mtu": 1500,                                                                                                                                       
            "operstatus": "administratively down",                                                                                                             
            "type": "Gigabit Ethernet"                                                                                                                         
        },
...
comete-geek commented 15 hours ago

Hello, Do you need more information to help on this problem ?

Thank you.

comete-geek commented 13 hours ago

I've found why it doesn't work. You can't pass a 'switchport mode access' command to an interface of types: 'RP management port' or 'Ethernet SVI' but the variable {{ ansible_net_interfaces.keys() }} returns all the interfaces of all types, so the solution is:

    - name: Disable cdp and enable mode access on each interface  
      become: true                                                                                                                                                 
      become_method: enable                                                                                                                                        
      connection: ansible.netcommon.network_cli                                 
      cisco.ios.ios_config:                                                                                                                                   
         lines:                                                                                                                                                
           - 'no cdp enable'                                                                                                                                   
           - 'switchport mode access'                                                                                                                          
         parents: "interface {{ item.key }}"                                                                                                                   
      with_dict: '{{ ansible_net_interfaces }}'                                                                                                               
      when: item.value.type is not in ['Ethernet SVI','RP management port']
      delegate_to: '{{ new_switch }}'
      vars:
           ansible_network_os: cisco.ios.ios

Sorry for the noise.