ashwini-mhatre
commented
2 years ago @bodoati Could you also share ACL_CONFIG?
Closed bodoati closed 2 years ago
ashwini-mhatre
commented
2 years ago @bodoati Could you also share ACL_CONFIG?
bodoati
commented
2 years ago I suspect this issue could relates to cisco.iosxr.iosxr_facts module. If I set the module's parameters like below the collected acls contains the "(XX matches)" part in the line attribute. (see cisco.iosxr.iosxr_facts-ansible_facts.txt file uploaded)
The issue occurs with the following Ansible version too. ansible [core 2.12.1] config file = /home/attila.bodo/ansible/ansible.cfg configured module search path = ['/home/attila.bodo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/attila.bodo/ans2.11/lib/python3.8/site-packages/ansible ansible collection location = /home/attila.bodo/.ansible/collections:/usr/share/ansible/collections executable location = /home/attila.bodo/ans2.11/bin/ansible python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0] jinja version = 3.0.3 libyaml = True
Collection Version
amazon.aws 2.1.0
ansible.netcommon 2.5.0
ansible.posix 1.3.0
ansible.utils 2.4.3
ansible.windows 1.9.0
arista.eos 3.1.0
awx.awx 19.4.0
azure.azcollection 1.10.0
check_point.mgmt 2.2.0
chocolatey.chocolatey 1.1.0
cisco.aci 2.1.0
cisco.asa 2.1.0
cisco.intersight 1.0.18
cisco.ios 2.6.0
cisco.iosxr 2.6.0
ans2.11) attila.bodo@massachusetts:~/ansible$ ansible-config dump --only-changed DEFAULT_LOG_PATH(env: ANSIBLE_LOG_PATH) = /home/attila.bodo/ansible.log HOST_KEY_CHECKING(/home/attila.bodo/ansible/ansible.cfg) = False INJECT_FACTS_AS_VARS(/home/attila.bodo/ansible/ansible.cfg) = False INTERPRETER_PYTHON(/home/attila.bodo/ansible/ansible.cfg) = /usr/bin/python3
bodoati
commented
2 years ago I can confirm that both issues I've mentioned before are caused by the lines below from the ansible_collections/cisco/iosxr/plugins/module_utils/network/iosxr/facts/acls/acls.py
< def get_device_data(self, connection): < return connection.get("show access-lists afi-all")
I've applied the following workaround to the file in my installation and it works now:
def get_device_data(self, connection): return connection.get("show access-lists afi-all | utility cut -d '(' -f1")
SUMMARY
Trying to merge the same ACL config as the one in the device's config using the command below, ansible wants to send out some of the aces commands again with wrong syntax. This happens for the aces lines where the "show access-lists" output on device contains "(XX matches)" notes.
tasks:
output: , "changed": true, "commands": ["ipv4 access-list ACL_NAME", "5 permit ipv4 host x.x.x.x any (409 matches)", "30 permit ipv4 x.x.x.x 0.0.0.127 any (6 matches)", "70 permit ipv4 x.x.x.x 0.0.0.63 any (30 matches)", "80 permit ipv4 x.x.x.x 0.0.0.63 any (3250 matches)", "90 permit ipv4 x.x.x.x 0.0.0.255 any (174 matches)"]}
output on device:
show access-lists ACL_NAME
ipv4 access-list ACL_NAME 5 permit ipv4 host x.x.x.x any (409 matches) 10 permit ipv4 y.y.y.y 0.0.0.255 any 20 permit ipv4 y.y.y.y 0.0.0.63 any 30 permit ipv4 x.x.x.x 0.0.0.127 any (6 matches) 40 permit ipv4 y.y.y.y 0.0.0.15 any 50 permit ipv4 y.y.y.y 0.0.0.63 any 60 permit ipv4 y.y.y.y 0.0.0.31 any 70 permit ipv4 x.x.x.x 0.0.0.63 any (30 matches) 80 permit ipv4 x.x.x.x 0.0.0.63 any (3254 matches) 90 permit ipv4 x.x.x.x 0.0.0.255 any (174 matches) 100 deny ipv4 any any log
ISSUE TYPE
COMPONENT NAME
cisco.iosxr.iosxr_acls
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
show version
Tue Nov 23 10:32:00.629 MET
Cisco IOS XR Software, Version 6.1.4[Default] Copyright (c) 2017 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 10.57(c) 1994-2014 by Cisco Systems, Inc.
DEVICENAME uptime is 4 years, 18 weeks, 3 days, 11 hours, 24 minutes System image file is "disk0:asr9k-os-mbi-6.1.4/0x100305/mbiasr9k-rsp3.vm"
cisco ASR9K Series (Intel 686 F6M14S4) processor with 16777216K bytes of memory. Intel 686 F6M14S4 processor at 1899MHz, Revision 2.174 ASR 9006 4 Line Card Slot Chassis with V2 DC PEM
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS