vkhavroniuk
commented
1 year ago I did fallback to ssh and performed some debug. Ansible module pushes incorrect set of commands to the switch:
task:
- name: Configure VNI under NVE
cisco.nxos.nxos_vxlan_vtep_vni:
interface: nve1
vni: "90099"
multicast_group: "239.0.0.1"ansible debug:
The full traceback is:
File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_fpu_f_j_/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/nxos.py", line 152, in load_config
resp = connection.edit_config(config, replace=replace)
File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_fpu_f_j_/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [10.x.x.2]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"assoc_vrf": null,
"ingress_replication": null,
"interface": "nve1",
"multicast_group": "239.0.0.1",
"multisite_ingress_replication": null,
"peer_list": null,
"state": "present",
"suppress_arp": null,
"suppress_arp_disable": null,
"vni": "90099"
}
},
"msg": "no mcast-group\r\r\nERROR: Validation failed for VNI 90099. Please remove Ingress-Replication before configuring multicast group.\r\n\r\n\rleaf-sw1(config-if-nve-vni)# "
}switch aaa debug:
Thu Dec 1 00:18:31 2022:type=update:id=x.x.x.x@pts/6:user=ansible:cmd=terminal length 0 (SUCCESS)
Thu Dec 1 00:18:32 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=terminal width 511 (SUCCESS)
Thu Dec 1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 (REDIRECT)
Thu Dec 1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 (SUCCESS)
Thu Dec 1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 (REDIRECT)
Thu Dec 1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 (SUCCESS)
Thu Dec 1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 ; no mcast-group (REDIRECT)
Thu Dec 1 00:18:35 2022:type=update:id= x.x.x.x@pts/6:user=ansible:cmd=configure terminal ; interface nve1 ; member vni 90099 ; no mcast-group (FAILURE)
config should be:
interface nve1
member vni 90099
mcast-group 239.0.0.1
NilashishC
SUMMARY
cisco.nxos.nxos_vxlan_vtep_vni module does not allow to configure multicast_group in case if "global ingress-replication protocol bgp" configured under NVE interface
global ingress-replication under nve1 allows to specify BUM replication by default. then every single VNI can have own config. empty group: inherit global multicast specified: multicast replication bgp ingress replication specifed: bgp ingress replication for BUM Please see: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/vxlan/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x_chapter_0101.html
ISSUE TYPE
COMPONENT NAME
cisco.nxos.nxos_vxlan_vtep_vni
ANSIBLE VERSION
ansible 2.9.6 config file = /etc/ansible/ansible.cfg ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
COLLECTION VERSION
cisco.nxos 4.0.0
CONFIGURATION
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False PERSISTENT_CONNECT_TIMEOUT(/etc/ansible/ansible.cfg) = 25
OS / ENVIRONMENT
Linux 5.4.0-121-generic #137-Ubuntu SMP Wed Jun 15 13:33:07 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux NXOS: version 9.3(9)
STEPS TO REPRODUCE
nexus switch configuration:
interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 global ingress-replication protocol bgp source-interface hold-down-time 60
task:
vars file: vlans_compute:
EXPECTED RESULTS
expected result: interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 global ingress-replication protocol bgp source-interface hold-down-time 60 member vni 90099 mcast-group 239.1.1.11
ACTUAL RESULTS
when multicast group configured manually validation passed for 10.X.X.1 : interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 global ingress-replication protocol bgp source-interface hold-down-time 60 member vni 90099 mcast-group 239.1.1.11
if none config fails (10.x.x.2):
PLAY RECAP **10.X.X.1 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.X.X.2 : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
The full traceback is: File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_oqd13p9o/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/nxos.py", line 321, in load_config resp = self.edit_config(commands, replace=replace) File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_oqd13p9o/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/nxos.py", line 352, in edit_config responses = self._connection.send_request(candidate, output="config") File "/tmp/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload_oqd13p9o/ansible_cisco.nxos.nxos_vxlan_vtep_vni_payload.zip/ansible/module_utils/connection.py", line 185, in rpc raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code) failed: [10.X.X.2] (item={'vlan_id': 99, 'vni_id': 90099, 'mcast_grp': '239.1.1.11'}) => { "ansible_loop_var": "item", "changed": false, "invocation": { "module_args": { "assoc_vrf": null, "ingress_replication": null, "interface": "nve1", "multicast_group": "239.1.1.11", "multisite_ingress_replication": null, "peer_list": null, "state": "present", "suppress_arp": null, "suppress_arp_disable": null, "vni": "90099" } }, "item": { "mcast_grp": "239.1.1.11", "vlan_id": 99, "vni_id": 90099 }, "msg": ": CLI execution error: ERROR: Validation failed for VNI 90099. Please remove Ingress-Replication before configuring multicast group.\n\n" }