KB-perByte
commented
2 years ago Hey, @hyberdk can you please share the IOS version on the device you are working on? Note - the supported IOS version is v15+ for the platform. Regards
Closed hyberdk closed 2 years ago
KB-perByte
commented
2 years ago Hey, @hyberdk can you please share the IOS version on the device you are working on? Note - the supported IOS version is v15+ for the platform. Regards
hyberdk
commented
2 years ago Hi @KB-perByte,
thanks for the quick reply. The IOS version is 12.2(55).SE5
here is the print from "show version":
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
so I guess technically its not supported or?
But is there a work-around except using the ios_config module?
KB-perByte
commented
2 years ago Thanks for confirming, @hyberdk you can definitely use the config modules to push the data. As you are looking at IOS v12.x and the version has reached its EOL around 2013 it is not a supported version.
hyberdk
commented
2 years ago Thanks for the feedback @KB-perByte
Yeah I know the platform is old, really old.. we are finally migrating away from it, but with more than 1000 devices deployed, it takes a while and also the current chip shortage is not helping.
just to be absolutely sure, you are saying there is no way to alter the behavior in logging_global right? My only option is to use the ios_config module perhaps with a jinja template?
KB-perByte
commented
2 years ago Hey @hyberdk, looking at your use case, let me discuss it with my team internally and get back to you. Regards
KB-perByte
commented
2 years ago And in the meanwhile, as you have access to the device of that specific version, can you please share the output of
logging <some_ip> ? for me to check the suboptions available within the parent host attribute as per the present module behavior.
Regards
hyberdk
commented
2 years ago Hi @KB-perByte,
sorry about the late reply, I missed your last message..
hope this helps:
AUCOL-SW02(config)#logging ?
Hostname or A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
buginf Enable buginf logging for debugging
cns-events Set CNS Event logging level
console Set console logging parameters
count Count every log message and timestamp last occurance
delimiter Append delimiter to syslog messages
discriminator Create or modify a message discriminator
esm Set ESM filter restrictions
exception Limit size of exception flush output
facility Facility parameter for syslog messages
file Set logging file parameters
filter Specify logging filter
history Configure syslog history table
host Set syslog server IP address and parameters
message-counter Configure log message to include certain counter value
monitor Set terminal line (monitor) logging parameters
on Enable logging to all enabled destinations
origin-id Add origin ID to syslog messages
queue-limit Set logger message queue size
rate-limit Set messages per second limit
reload Set reload logging level
source-interface Specify interface for source address in logging transactions
trap Set syslog server logging level
AUCOL-SW02(config)#logging 1.1.1.1 ?
<cr>
AUCOL-SW02(config)#logging host 1.1.1.1 ?
discriminator Specify a message discriminator indentifier for this logging session
filtered Enable filtered logging
sequence-num-session Include session sequence number tag in syslog message
session-id Specify syslog message session ID tagging
transport Specify the transport protocol (default=UDP)
vrf Set VRF option
xml Enable logging in XML
<cr>and a "show run | inc logging" looks like this:
AUCOL-SW02#show run | inc logging
logging buffered 40000
logging trap debugging
logging origin-id hostname
logging source-interface Vlan100
logging 10.0.53.230
AUCOL-SW02#now the switch accepts the logging host 10.0.53.230, but its shown in the running-config as "logging 10.0.53.230" so I think if you can make the module look for either "logging host 10.0.53.230" OR "logging 10.0.53.230" it should work fine.
Hope that helps.
KB-perByte
commented
2 years ago Hey, @hyberdk the issue reported is being considered and I am gonna push a PR to fix the same, as the command mentioned is valid in the context of some versions of IOS v15. Regards
KB-perByte
commented
2 years ago hey @hyberdk,
Wanted to discuss the possible fix with you here, as the module supports IOS v15+ and a command like logging 10.0.1.1 and logging host 10.0.1.1 both are termed valid for the device, we can check for the version of the device running and fire the desired command in that scope. But as v12 specifically renders it like logging 10.0.1.1 it will not be considered in the facts and would impact idempotency in that version of IOS, on the other hand, v15+ renders it as logging host 10.0.1.1 even if the command fired is logging 10.0.1.1. So it will not cause any change for further supported versions.
Would that solve your issue?
Regards
hyberdk
commented
2 years ago Hi @KB-perByte,
Im not 100% sure if I understand you correctly. I agree that older devices render the command "logging 10.0.1.1" and newer devices (assuming 15+) as "logging host 10.0.1.1", Im not sure when Cisco did change the command and it could very well be on different versions on different models.
So from my point of view the best approach is to make the regex (I assume that is what you are using) match both something like ^logging\s(?:host\s)?[0-9\w\.]+
The problem of detecting the version is that 1. Cisco uses horrible versioning that includes parentheses and such which causes issues with the version() function on top of that they are not very structured in when they implement stuff especially in earlier versions (but I guess you already know that ;-)
I actually have a similar problem on #514 where the device is also reporting different than what the module expect.
Hope that clarifies it, else let me know.
KB-perByte
commented
2 years ago Hey @hyberdk, we are using regexes to convert the config data to structured data, but we are not using regexes for validations and there are specific reasons why we don't wanna use regex to validate the specific types of data and pick up accordingly
ref.
Having said that, for such reasons where the implementations are based on supported versions, we have pushed back making a change for the older version of IOS as they make the maintenance of the module extremely confusing. That's why I mentioned in the above comment we can still manage to push the host command as logging 10.0.1.1 as it is valid even for a few releases of IOS 15 but a change in regex would make it support an EOL version of IOS. That is not recommended.
There is a temporary way out, where I can help you with a changed copy of ref. to support your use case but that would require you to make a manual change.
Thanks.
hyberdk
commented
2 years ago Hi @KB-perByte,
thanks a lot for your help and your offer to help me in this matter. We internally have a philosophy that we should do all we can to use standard code and not "tweak" it with custom patches. So if your proposal cannot go into the official code, I would rather solve it like this:
- name: enable logging for IOS version >= 15.0 or (>3.3 and <4)
cisco.ios.ios_logging_global:
config:
console:
monitor:
buffered:
size: '{{ config_context.logging.buffer_size }}'
trap: '{{ config_context.logging.syslog.log_level }}'
source_interface:
- interface: '{{ config_context.logging.syslog.src_interface }}'
origin_id:
tag: '{{ config_context.logging.syslog.origin_id }}'
hosts:
- hostname: '{{ config_context.logging.syslog.host }}'
discriminator: []
state: overridden
when:
#when version more than 15 or between 3.3 and <4 (to catch older IOS-XE devices like 4500X)
ansible_facts.net_version is version('15.0', '>=') or (ansible_facts.net_version is version('3.3', '>=') and ansible_facts.net_version is version('4.0', '<'))
- name: configure logging command for IOS versions >12 and <15 (old devices)
cisco.ios.ios_config:
running_config: '{{ ansible_facts.net_config }}'
src: lagacy_ios_logging.j2
when:
ansible_facts.net_version is version('12.0', '>=') and ansible_facts.net_version is version('15.0', '<')and the jinja template is just:
logging trap {{ config_context.logging.syslog.log_level }}
logging origin-id {{ config_context.logging.syslog.origin_id }}
logging source-interface {{ config_context.logging.syslog.src_interface }}
logging {{ config_context.logging.syslog.host }}obviously for legacy devices it would not remove additional configuration, but it would be sure to include our syslog server in the correct way.. Not as good as the module, but okay for devices that we are replacing..
KB-perByte
commented
2 years ago Hey @hyberdk, that is definitely one way of doing stuff, but yes the resource modules are there for changing the experience for good. But for the sake of unsupported versions or EOL releases, we face a similar situation. Well, it was great discussing the issue. as per the conclusion, I am closing the reported issue. Thanks
SUMMARY
On Cisco 3560 switches, the command for logging to syslog hosts are "logging 10.0.53.230" and not "logging host 10.0.53.230" module ios_logging_global detects this incorrectly and tries to push "logging host 10.0.53.230"
I dont see an option to tell the module that its a different CLI command.
ISSUE TYPE
COMPONENT NAME
cisco.ios.ios_logging_global
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Ubuntu 21.04 LTS, in virtual environment.
STEPS TO REPRODUCE
use the following configuration on a 3560 series Cisco switch running version 12.2(55).SE5. Tested in a WS-C3560-24PS
EXPECTED RESULTS
expected result is that the ios_logging_global would detect the different CLI command on this older version switch and adapt to it.
ACTUAL RESULTS
the playbook does not see the "logging 10.0.53.230" command but executes the "logging host 10.0.53.230" every time. This command is accepted by the switch, but not shown in the configuration, hence on next run it will push it again.