cisco.ios.ios_acls crashed on some switches

SUMMARY

When I try to deplay an ACL configuration through ansible, it's work on many switches but seems failed with some switches. The type of switches that failed are:

C3750X
C2960X

But it's not failed on all switches of this type...

ISSUE TYPE

Bug Report

COMPONENT NAME

cisco.ios.ios_acls

ANSIBLE VERSION

[netdisco@server ~]$ ansible --version
ansible [core 2.11.4]
  config file = /opt/netdisco/.ansible.cfg
  configured module search path = ['/opt/netdisco/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/netdisco/.local/lib/python3.8/site-packages/ansible
  ansible collection location = /opt/netdisco/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/netdisco/.local/bin/ansible
  python version = 3.8.6 (default, Oct  7 2020, 14:58:56) [GCC 9.3.1 20200408 (Red Hat 9.3.1-2)]
  jinja version = 3.0.1
  libyaml = True

COLLECTION VERSION

# /opt/netdisco/.local/lib/python3.8/site-packages/ansible_collections                                                                                                                                                              [35/1793]
Collection                    Version
----------------------------- -------
amazon.aws                    1.5.0
ansible.netcommon             2.4.0
ansible.posix                 1.3.0
ansible.utils                 2.4.0
ansible.windows               1.7.2
arista.eos                    2.2.0
awx.awx                       19.2.2
azure.azcollection            1.9.0
check_point.mgmt              2.0.0
chocolatey.chocolatey         1.1.0
cisco.aci                     2.0.0
cisco.asa                     2.0.3
cisco.intersight              1.0.17
cisco.ios                     2.4.0
cisco.iosxr                   2.4.0
cisco.meraki                  2.4.2
cisco.mso                     1.2.0
cisco.nso                     1.0.3
cisco.nxos                    2.5.1
cisco.ucs                     1.6.0
cloudscale_ch.cloud           2.2.0
community.aws                 1.5.0
community.azure               1.0.0
community.crypto              1.9.2
community.digitalocean        1.9.0
community.docker              1.9.1
community.fortios             1.0.0
community.general             3.6.0
community.google              1.0.0
community.grafana             1.2.1
community.hashi_vault         1.3.2
community.hrobot              1.1.1
community.kubernetes          1.2.1
community.kubevirt            1.0.0
community.libvirt             1.0.2
community.mongodb             1.3.1
community.mysql               2.1.1
community.network             3.0.0
community.okd                 1.1.2
community.postgresql          1.4.0
community.proxysql            1.2.0
community.rabbitmq            1.1.0
community.routeros            1.2.0
community.skydive             1.0.0
community.sops                1.1.0
community.vmware              1.13.0
community.windows             1.6.0
community.zabbix              1.4.0
containers.podman             1.7.0
cyberark.conjur               1.1.0
cyberark.pas                  1.0.7
dellemc.enterprise_sonic      1.1.0
dellemc.openmanage            3.6.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.11.0
fortinet.fortimanager         2.1.3
fortinet.fortios              2.1.2
frr.frr                       1.0.3
gluster.gluster               1.0.1
google.cloud                  1.0.2
hetzner.hcloud                1.6.0
hpe.nimble                    1.1.3
ibm.qradar                    1.0.3
infinidat.infinibox           1.2.4
inspur.sm                     1.3.0
junipernetworks.junos         2.5.0
kubernetes.core               1.2.1
mellanox.onyx                 1.0.0
netapp.aws                    21.6.0
netapp.azure                  21.8.1
netapp.cloudmanager           21.9.0
netapp.elementsw              21.6.1
netapp.ontap                  21.10.0
netapp.um_info                21.7.0
netapp_eseries.santricity     1.2.13
netbox.netbox                 3.1.1
ngine_io.cloudstack           2.1.0
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.0
openstack.cloud               1.5.0
openvswitch.openvswitch       2.0.0
ovirt.ovirt                   1.6.2
purestorage.flasharray        1.10.0
purestorage.flashblade        1.6.0
sensu.sensu_go                1.12.0
servicenow.servicenow         1.0.6
splunk.es                     1.0.2
t_systems_mms.icinga_director 1.21.1
theforeman.foreman            2.2.0
vyos.vyos                     2.5.1
wti.remote                    1.0.1

# /opt/netdisco/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
ansible.netcommon 2.4.0
ansible.utils     2.4.0
cisco.ios         2.4.0
cisco.nxos        2.5.1

CONFIGURATION

[netdisco@server ~]$ ansible-config dump --only-changed
DEFAULT_HOST_LIST(/opt/netdisco/.ansible.cfg) = ['/opt/netdisco/.ansible/hosts']
HOST_KEY_CHECKING(/opt/netdisco/.ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/opt/netdisco/.ansible.cfg) = 30
PERSISTENT_CONNECT_TIMEOUT(/opt/netdisco/.ansible.cfg) = 30

OS / ENVIRONMENT

Server: RHEL7
Network device: Cisco WS-C3750X or WS-C2960X

STEPS TO REPRODUCE

Configure a playbook like bellow to update and replace ACL on switches

---

- name: Test IOS
  hosts: ios
  strategy: free
  tasks:
    - name: configure ACL
      cisco.ios.ios_acls:
        config:
        - afi: ipv4
          acls:
          - name: 1
            acl_type: standard
            aces:
            - grant: deny
              source:
                any: true
          - name: 10
            acl_type: standard
            aces:
            - grant: permit
              source:
                address: 10.12.100.18
            - grant: permit
              source:
                address: 10.176.10.218
            - grant: permit
              source:
                address: 10.195.100.18
          - name: ACL-SNMP-RO
            acl_type: standard
            aces:
            - grant: permit
              source:
                address: 10.12.100.0
                wildcard_bits: 0.0.0.255
            - grant: permit
              source:
                address: 10.23.241.0
                wildcard_bits: 0.0.0.255
            - grant: permit
              source:
                address: 10.18.104.0
                wildcard_bits: 0.0.0.31
            - grant: permit
              source:
                address: 10.195.100.210
            - grant: permit
              source:
                address: 10.176.10.212
            - grant: permit
              source:
                address: 10.144.10.210
            - grant: permit
              source:
                address: 10.48.15.212
        state: replaced

Execute the playbook to a failing switches

ansible-playbook -vvv -l 'host1' --check .ansible/ios_config_test.yml

EXPECTED RESULTS

On a working switch, I have the following output: https://gist.github.com/earendilfr/3952cd9b03e2656a1fe24f192f55e534

ACTUAL RESULTS

You can found the complete error here: https://gist.github.com/earendilfr/3952cd9b03e2656a1fe24f192f55e534 The error message is

TASK [configure ACL] ***********************************************************
task path: /opt/netdisco/.ansible/ios_config_test.yml:7
The full traceback is:
Traceback (most recent call last):
  File "/opt/netdisco/.ansible/tmp/ansible-local-135826tqibkgd/ansible-tmp-1632409454.9086308-13650-254965408630049/AnsiballZ_ios_acls.py", line 247, in <module>
    _ansiballz_main()
  File "/opt/netdisco/.ansible/tmp/ansible-local-135826tqibkgd/ansible-tmp-1632409454.9086308-13650-254965408630049/AnsiballZ_ios_acls.py", line 237, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/opt/netdisco/.ansible/tmp/ansible-local-135826tqibkgd/ansible-tmp-1632409454.9086308-13650-254965408630049/AnsiballZ_ios_acls.py", line 110, in invoke_module
    runpy.run_module(mod_name='ansible_collections.cisco.ios.plugins.modules.ios_acls', init_globals=dict(_module_fqn='ansible_collections.cisco.ios.plugins.modules.ios_acls', _modlib_path=modlib_path),
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py", line 207, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py", line 97, in _run_module_code
    _run_code(code, mod_globals, init_globals,
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/modules/ios_acls.py", line 1467, in <module>
  File "/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/modules/ios_acls.py", line 1462, in main
  File "/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/acls/acls.py", line 59, in execute_module
  File "/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/acls/acls.py", line 80, in gen_config
  File "/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/acls/acls.py", line 241, in update_sequence_in_want
KeyError: 'sequence'
fatal: [host_failed]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/opt/netdisco/.ansible/tmp/ansible-local-135826tqibkgd/ansible-tmp-1632409454.9086308-13650-254965408630049/AnsiballZ_ios_acls.py\", line 247, in <module>\n    _ansiballz_main()\n  File \"/opt/netdisco/.ansible/tmp/ansible-local-135826tqibkgd/ansible-tmp-1632409454.9086308-13650-254965408630049/AnsiballZ_ios_acls.py\", line 237, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/opt/netdisco/.ansible/tmp/ansible-local-135826tqibkgd/ansible-tmp-1632409454.9086308-13650-254965408630049/AnsiballZ_ios_acls.py\", line 110, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.cisco.ios.plugins.modules.ios_acls', init_globals=dict(_module_fqn='ansible_collections.cisco.ios.plugins.modules.ios_acls', _modlib_path=modlib_path),\n  File \"/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py\", line 207, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/opt/rh/rh-python38/root/usr/lib64/python3.8/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/modules/ios_acls.py\", line 1467, in <module>\n  File \"/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/modules/ios_acls.py\", line 1462, in main\n  File \"/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/acls/acls.py\", line 59, in execute_module\n  File \"/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/acls/acls.py\", line 80, in gen_config\n  File \"/tmp/ansible_cisco.ios.ios_acls_payload_hzbld551/ansible_cisco.ios.ios_acls_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/acls/acls.py\", line 241, in update_sequence_in_want\nKeyError: 'sequence'\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

ansible-collections / cisco.ios

cisco.ios.ios_acls crashed on some switches #429