Open TheRealBecks opened 8 months ago
Even worse: The SNMP user
functions are also broken:
Case 1: Create the SNMP user configuration as already defined in this ticket: ✅ That works
Case 2: Delete the whole SNMP configuraion with state: "deleted"
: ❌ It fails:
->
"module_stderr": "no snmp-server user monitoring use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl\r\r\nuser not found.\r\n\rsw-cisco-test1(config)# "
Due to these generated commands:
no snmp-server user monitoring
no snmp-server user monitoring use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
The first command gets generated here: https://github.com/ansible-collections/cisco.nxos/blob/c4373bba62b4d05d4caf7ac425e11cd3fc21eebc/plugins/module_utils/network/nxos/rm_templates/snmp_server.py#L1490
The second one here:
https://github.com/ansible-collections/cisco.nxos/blob/c4373bba62b4d05d4caf7ac425e11cd3fc21eebc/plugins/module_utils/network/nxos/rm_templates/snmp_server.py#L1523
(no specific delval
, so it's using the no <setval>
After the execution of the first command the whole user configuration gets wiped.
Case 3: Run the state: "replaced"
multiple times:
Run 1: ✅ That works
Generated and executed commands:
snmp-server location de-ber-rs-r22-i22
snmp-server user monitoring network-operator auth sha xxxxx priv aes-128 xxxxx
no snmp-server user admin
snmp-server user monitoring use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
snmp-server host 10.248.1.152 traps version 3 priv monitoring
snmp-server host 10.248.1.152 use-vrf management
snmp-server community testname1 group network-operator
snmp-server community testname1 use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
Results in the following configuration:
snmp-server location de-ber-rs-r22-i22
snmp-server user admin network-admin auth md5 xxxxx priv aes-128 xxxxx localizedV2key
snmp-server user monitoring network-operator auth sha xxxxx priv aes-128 xxxxx localizedV2key
snmp-server user monitoring use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
snmp-server host 10.248.1.152 traps version 3 priv monitoring
snmp-server host 10.248.1.152 use-vrf management
snmp-server community testname1 group network-operator
snmp-server community testname1 use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
Run 2: ❌ SNMP user monitoring
will be deleted
Generated and executed commands:
snmp-server user monitoring network-operator auth sha xxxxx priv aes-128 xxxxx
no snmp-server user admin
no snmp-server user monitoring
Results in the following configuration:
snmp-server location de-ber-rs-r22-i22
snmp-server user admin network-admin auth md5 xxxxx priv aes-128 xxxxx localizedV2key
snmp-server host 10.248.1.152 traps version 3 priv monitoring
snmp-server host 10.248.1.152 use-vrf management
snmp-server community testname1 group network-operator
snmp-server community testname1 use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
-> User monitoring
is missing
Run 3: ✅ SNMP user will be created once again
Generated and executed commands:
snmp-server user monitoring network-operator auth sha xxxxx priv aes-128 xxxxx
no snmp-server user admin
snmp-server user monitoring use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
monitoring
user will be deleted after the creation of the user, but I don't know why it's in the wrong order. The no snmp-server user monitoring
has to be inserted before the user gets created once again.no snmp-server user monitoring
leads into the missing snmp-server user monitoring use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
. The snmp-server user monitoring network-operator auth sha xxxxx priv aes-128 xxxxx
misses the second command snmp-server user monitoring use-ipv4acl snmp-ipv4-acl use-ipv6acl snmp-ipv6-acl
. In general it's questioning to delete the user as it's best to overwrite the existing configuration with snmp-server user monitoring network-operator auth sha xxxxx priv aes-128 xxxxx
when the username already exists.So we can see that the user.x
functions do not work as intended. ...and I copied these functions with the whole logic to get community
and host
working... There are now cases that let the community
and host
configuration fail with each execution of the playbook.
How do we fix the user
functions? Afterwards I can fix community
and host
@NilashishC Any idea how to proceed here? My PR #795 won't work due to the design problems in the user
functions.
SUMMARY
Two commands need to be split into two commands each, so four commands in total.
ISSUE TYPE
COMPONENT NAME
nxos_snmp_server
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Cisco NXOS 9.3(8)
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
-->