Closed bile0026 closed 3 years ago
@bile0026 can u plz check and update if the commands being applied in each run is exactly the same as applied in running-config. As otherwise if it's not exactly the same ios_config
would try to apply the config in each play run.
Hi @bile0026, given the config lines you provided I believe this might be a spacing issue. First, the ACL entry lines should be indented with 1 space, so ios_config modules knows those are part of the ACL section (or children of the ip access-list ...
parent). Second, if you look at the device config, you will see that between the ACE sequence number and action, there might be more than 1 space. Try copying the full ACL config section from your device and then re-push it via Ansible. You always need to make sure that the templated config is exactly the same as seen in running-config. Hope this helps.
@bile0026 can u plz check and update if the commands being applied in each run is exactly the same as applied in running-config. As otherwise if it's not exactly the same
ios_config
would try to apply the config in each play run.
The command are what's listed in that last section of the report. Those are the ones that run each time, even though the config is present.
Hi @bile0026, given the config lines you provided I believe this might be a spacing issue. First, the ACL entry lines should be indented with 1 space, so ios_config modules knows those are part of the ACL section (or children of the
ip access-list ...
parent). Second, if you look at the device config, you will see that between the ACE sequence number and action, there might be more than 1 space. Try copying the full ACL config section from your device and then re-push it via Ansible. You always need to make sure that the templated config is exactly the same as seen in running-config. Hope this helps.
Yes, I will try this and provide and update.
Hi @bile0026, given the config lines you provided I believe this might be a spacing issue. First, the ACL entry lines should be indented with 1 space, so ios_config modules knows those are part of the ACL section (or children of the
ip access-list ...
parent). Second, if you look at the device config, you will see that between the ACE sequence number and action, there might be more than 1 space. Try copying the full ACL config section from your device and then re-push it via Ansible. You always need to make sure that the templated config is exactly the same as seen in running-config. Hope this helps.Yes, I will try this and provide and update.
Spacing did seem to be the issue. Thank you for the pointers.
SUMMARY
ios_config seems to be wrongly identifying lines that need to be changed when using a config template with ios_config module.
ISSUE TYPE
COMPONENT NAME
ios_config
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Linux NetworkAutomation-1 5.3.0-51-generic #44~18.04.2-Ubuntu SMP Thu Apr 23 14:27:18 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
STEPS TO REPRODUCE
Run playbook twice in a row.
Full playbook at https://github.com/bile0026/cisco_compliance
EXPECTED RESULTS
Expect that on the second run, the changes should be remediated by the first run and there should be no required changes,
ACTUAL RESULTS
Several of the lines of config re-apply each time no matter how many times you run the job. Changes are present on the device as they should be after the first run.