nxos_snmp_server throws error '<' between 'int' and 'str'

[nleiva]

SUMMARY

When trying to apply the following config with cisco.nxos.nxos_snmp_server:

  location: Virtual
  communities:
    - name: Durham
      rw: true
    - name: ChapelHill
      rw: true

I get this error message:

fatal: [sandbox-nxos-1.cisco.com]: FAILED! => {"changed": false, "msg": "'<' not supported between instances of 'int' and 'str'"}

ISSUE TYPE

• Bug Report

COMPONENT NAME

cisco.nxos.nxos_snmp_server

ANSIBLE VERSION

COLLECTION VERSION

2.9.1

CONFIGURATION

OS / ENVIRONMENT

STEPS TO REPRODUCE

Config:

cfg:
  location: Virtual
  communities:
    - name: Durham
      rw: true
    - name: ChapelHill
      rw: true

Task:

    - name: Use SNMP resource module [Cisco NX-OS]
      cisco.nxos.nxos_snmp_server:
        state: merged
        config: "{{ cfg }}"
      when: ansible_network_os == 'nxos'

EXPECTED RESULTS

Configure the SNMP community on the target Cisco NX-OS device

ACTUAL RESULTS

TASK [Use SNMP resource module [Cisco NX-OS]] ***********************************************************************************************************************************************
task path: /home/nleiva/Ansible/ansible-network-demo/snmp.yml:13
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
redirecting (type: httpapi) ansible.builtin.nxos to cisco.nxos.nxos
<sandbox-nxos-1.cisco.com> attempting to start connection
<sandbox-nxos-1.cisco.com> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<sandbox-nxos-1.cisco.com> local domain socket does not exist, starting it
<sandbox-nxos-1.cisco.com> control socket path is /home/runner/.ansible/pc/7f27b30385
<sandbox-nxos-1.cisco.com> redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<sandbox-nxos-1.cisco.com> Loading collection ansible.netcommon from /usr/share/ansible/collections/ansible_collections/ansible/netcommon
<sandbox-nxos-1.cisco.com> redirecting (type: httpapi) ansible.builtin.nxos to cisco.nxos.nxos
<sandbox-nxos-1.cisco.com> Loading collection cisco.nxos from /usr/share/ansible/collections/ansible_collections/cisco/nxos
<sandbox-nxos-1.cisco.com> local domain socket listeners started successfully
<sandbox-nxos-1.cisco.com> loaded API plugin ansible_collections.cisco.nxos.plugins.httpapi.nxos from path /usr/share/ansible/collections/ansible_collections/cisco/nxos/plugins/httpapi/nxos.py for platform type nxos
<sandbox-nxos-1.cisco.com> 
<sandbox-nxos-1.cisco.com> local domain socket path is /home/runner/.ansible/pc/7f27b30385
redirecting (type: action) cisco.nxos.nxos_snmp_server to cisco.nxos.nxos
redirecting (type: action) cisco.nxos.nxos_snmp_server to cisco.nxos.nxos
<sandbox-nxos-1.cisco.com> ANSIBLE_NETWORK_IMPORT_MODULES: disabled
<sandbox-nxos-1.cisco.com> ANSIBLE_NETWORK_IMPORT_MODULES: module execution time may be extended
<sandbox-nxos-1.cisco.com> ESTABLISH LOCAL CONNECTION FOR USER: nleiva
<sandbox-nxos-1.cisco.com> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/runner/.ansible/tmp/ansible-local-25jd7r6geo `"&& mkdir "` echo /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/ansible-tmp-1648820189.7893653-32-20813008340683 `" && echo ansible-tmp-1648820189.7893653-32-20813008340683="` echo /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/ansible-tmp-1648820189.7893653-32-20813008340683 `" ) && sleep 0'
Using module file /usr/share/ansible/collections/ansible_collections/cisco/nxos/plugins/modules/nxos_snmp_server.py
<sandbox-nxos-1.cisco.com> PUT /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/tmpepjri3n3 TO /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/ansible-tmp-1648820189.7893653-32-20813008340683/AnsiballZ_nxos_snmp_server.py
<sandbox-nxos-1.cisco.com> EXEC /bin/sh -c 'chmod u+x /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/ansible-tmp-1648820189.7893653-32-20813008340683/ /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/ansible-tmp-1648820189.7893653-32-20813008340683/AnsiballZ_nxos_snmp_server.py && sleep 0'
<sandbox-nxos-1.cisco.com> EXEC /bin/sh -c '/usr/bin/python3.8 /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/ansible-tmp-1648820189.7893653-32-20813008340683/AnsiballZ_nxos_snmp_server.py && sleep 0'
<sandbox-nxos-1.cisco.com> EXEC /bin/sh -c 'rm -f -r /home/runner/.ansible/tmp/ansible-local-25jd7r6geo/ansible-tmp-1648820189.7893653-32-20813008340683/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_cisco.nxos.nxos_snmp_server_payload_lboklc_l/ansible_cisco.nxos.nxos_snmp_server_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/facts/facts.py", line 133, in get_network_resources_facts
    inst.populate_facts(
  File "/tmp/ansible_cisco.nxos.nxos_snmp_server_payload_lboklc_l/ansible_cisco.nxos.nxos_snmp_server_payload.zip/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/facts/snmp_server/snmp_server.py", line 71, in populate_facts
    objs["users"]["auth"] = sorted(
fatal: [sandbox-nxos-1.cisco.com]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "config": {
                "aaa_user": null,
                "communities": [
                    {
                        "group": null,
                        "name": "Durham",
                        "ro": null,
                        "rw": true,
                        "use_ipv4acl": null,
                        "use_ipv6acl": null
                    },
                    {
                        "group": null,
                        "name": "ChapelHill",
                        "ro": null,
                        "rw": true,
                        "use_ipv4acl": null,
                        "use_ipv6acl": null
                    }
                ],
                "contact": null,
                "context": null,
                "counter": null,
                "drop": null,
                "engine_id": null,
                "global_enforce_priv": null,
                "hosts": null,
                "location": "Virtual",
                "mib": null,
                "packetsize": null,
                "protocol": null,
                "source_interface": null,
                "system_shutdown": null,
                "tcp_session": null,
                "traps": null,
                "users": null
            },
            "running_config": null,
            "state": "merged"
        }
    },
    "msg": "'<' not supported between instances of 'int' and 'str'"
}

[NilashishC]

@nleiva Looking from where the traceback originated, this might be happening because of something unexpected in the existing on-box config. Could you please share the output of show running-config | section '^snmp-server' from the appliance?

[NilashishC]

@nleiva Are you hitting this traceback if you run a task with just state: gathered on this appliance?

[nleiva]

You are correct, looks like an issue in general. It fails with only state: gathered.

Host:

[nxos]
sandbox-nxos-1.cisco.com

[nxos:vars]
ansible_user=admin
ansible_password=Admin_1234!
ansible_network_os=nxos
ansible_port=443
ansible_connection=httpapi
ansible_httpapi_use_ssl=yes
ansible_httpapi_validate_certs=no

This is the current config of the device, the last line looks like the smoking gun:

LEAF1# sh run section snmp
show running-config | section snmp
logging level snmpd 1
logging level snmpmib_proc 1
object-group ip address snmp-Interface
ip access-list dccor-copp-acl-snmp
  10 permit udp any any eq snmp
  20 permit udp any any eq snmptrap
  30 permit tcp any any eq 161
  40 permit tcp any any eq 162
ipv6 access-list dccor-copp-acl-snmp6
  10 permit udp any any eq snmp
  20 permit udp any any eq snmptrap
  30 permit tcp any any eq 161
  40 permit tcp any any eq 162
  match access-group name dccor-copp-acl-snmp
  match access-group name dccor-copp-acl-snmp6
snmp-server contact admin@example.com
snmp-server location Paris, France
snmp-server source-interface traps mgmt0
snmp-server user ddd network-operator auth md5 0x726582c4cc84b39596362c98b1126c6d priv 0x726582c4cc84b39596362c98b1126c6d localizedkey
snmp-server user poc network-admin auth md5 0x3937f7ded2c737185defcc6ed7013e6e priv 0x3937f7ded2c737185defcc6ed7013e6e localizedkey
snmp-server user 1234 network-admin auth md5 0x7d425fbf09417c44bca69e1d9e9ce889 priv 0x7d425fbf09417c44bca69e1d9e9ce889 localizedkey
snmp-server user yang network-admin auth md5 0xb8d6e2df22475ad9efb32f6617a23c95 priv 0xb8d6e2df22475ad9efb32f6617a23c95 localizedkey
snmp-server user user1 network-operator auth sha 0x8b37a6c534651237b92e1734b08510757a777886 priv aes-128 0xd6b14265fb58dea293fc8f64d81
fa5dacf145670 localizedkey
snmp-server user user2 network-operator auth sha 0x38036a0c7f9da594b483fd55be63bec667c09180 priv aes-128 0xde809c8328af63d875b4d02957f
584d069fbdcaf localizedkey
snmp-server user user3 network-operator auth sha 0x9ec41d7d7791db197bb6e069276ab615bc7eb49e priv aes-128 0x1464cba27fe4f9e72447a1bc419
e099fbd103534 localizedkey
snmp-server user abc123 network-admin auth md5 0x862a1192e9614cb71583e0f78b8a5b5f priv 0x862a1192e9614cb71583e0f78b8a5b5f localizedkey
snmp-server user test10 Test-Role auth md5 0x874c4ed91893feb3de5016e0b822e857 priv 0x874c4ed91893feb3de5016e0b822e857 localizedkey
snmp-server user Netmiko123 network-admin auth md5 0x2c3b6abca733b8f7f68c80a81421f436 priv 0x2c3b6abca733b8f7f68c80a81421f436 localize
dkey
snmp-server user admin auth md5 0xe296d8d231ffa9be6276fd4c513b40a8 priv 0xe296d8d231ffa9be6276fd4c513b40a8 localizedkey engineID 128:0
:0:9:3:0:187:44:252:27:1
snmp-server host 192.168.0.102 traps version 2c NXAPI2
snmp-server host 192.168.0.101 traps version 2c NXAPI2
snmp-server host 3.4.3.56 traps version 2c teststring
snmp-server enable traps callhome event-notify
snmp-server enable traps callhome smtp-send-fail
snmp-server enable traps cfs state-change-notif
snmp-server enable traps cfs merge-failure
snmp-server enable traps aaa server-state-change
snmp-server enable traps hsrp state-change
snmp-server enable traps feature-control FeatureOpStatusChange
snmp-server enable traps sysmgr cseFailSwCoreNotifyExtended
snmp-server enable traps config ccmCLIRunningConfigChanged
snmp-server enable traps snmp authentication
snmp-server enable traps link cisco-xcvr-mon-status-chg
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server enable traps bridge topologychange
snmp-server enable traps stpx inconsistency
snmp-server enable traps stpx root-inconsistency
snmp-server enable traps stpx loop-inconsistency
snmp-server enable traps system Clock-change-notification
snmp-server enable traps feature-control ciscoFeatOpStatusChange
snmp-server enable traps mmode cseNormalModeChangeNotify
snmp-server enable traps mmode cseMaintModeChangeNotify
snmp-server enable traps syslog message-generated
snmp-server community IEBSEC group network-admin
snmp-server community DevNetSandboxReadSNMP group network-operator
snmp-server community NXAPI2 group network-operator
snmp-server community DevNetSandboxWriteSNMP group network-admin
snmp-server community NXAPI2 use-acl gnoc_ro
  action 1.0 snmp-trap strdata "Configuration change�"

[NilashishC]

@nleiva So the module works only with the data returned by |section '^snmp-server'. The last line and some of the initial few lines wouldn't actually be read by the module because of the "starts with snmp-server" filter that is used. The issue however, is because one of the usernames in the list is 1234. :-) Before rendering facts, the code sorts all list of dictionaries based on a key (or set of keys) so that the facts are always displayed in a consistent manner. This was triggering the traceback because the sorting logic was trying to compare an integer (1234) with other string type usernames. I'll open a PR in some time to fix this edge case. Thank you for reporting it!

[nleiva]

Oh.. I see. Yeah, looks like a corner case. Thanks for checking and getting to the root cause, great job!