vmware_dvs_portgroup is not idempotent

liamwh commented 3 years ago

SUMMARY

vmware_dvs_portgroup is not idempotent and ansible is trigging a reconfigure task in vCenter.

ISSUE TYPE

Bug Report

COMPONENT NAME

community.vmware.vmware_dvs_portgroup

ANSIBLE VERSION

ansible [core 2.11.5]
  config file = /mnt/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
  ansible collection location = /mnt/ansible/collections/ansible_collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 3.0.1
  libyaml = True

COLLECTION VERSION

# /mnt/ansible/collections/ansible_collections
Collection       Version
---------------- -------
community.vmware 1.15.0

# /usr/local/lib/python3.8/site-packages/ansible_collections
Collection       Version
---------------- -------
community.vmware 1.13.0

CONFIGURATION

COLLECTIONS_PATHS(/mnt/ansible/ansible.cfg) = ['/mnt/ansible/collections/ansible_collections', '/usr/share/ansible/collections']
DEFAULT_HOST_LIST(/mnt/ansible/ansible.cfg) = ['/mnt/ansible/inventory.yaml']
DEFAULT_LOG_PATH(/mnt/ansible/ansible.cfg) = /mnt/ansible/logs/ansible.log
INTERPRETER_PYTHON(/mnt/ansible/ansible.cfg) = python3
LOCALHOST_WARNING(/mnt/ansible/ansible.cfg) = False

OS / ENVIRONMENT

Running Ansible from rhel8

vSphere Client version 7.0.2.00500

STEPS TO REPRODUCE

community.vmware.vmware_dvs_portgroup:
    hostname: "{{ vcenter.name }}"
    username: "{{ vcuser }}@{{ vcenter.auth_login_domain }}"
    password: "{{ vcpass }}"
    validate_certs: "{{ vcenter.validate_certs }}"
    portgroup_name: "{{ portgroup.value.name }}"
    switch_name: "{{ switch.value.name }}"
    port_binding: "{{ switch.value.port_binding | default('static') }}"
    vlan_trunk: "{{ portgroup.value.vlan_trunk | default(false) }}"
    vlan_id: "{{ portgroup.value.vlan_id }}"
    state: present

EXPECTED RESULTS

changed should be false and no task should be run on the vCenter if the portgroup configuration is already correct.

ACTUAL RESULTS

Status was changed, a task on vCenter was performed, but the state was already correct and no action needed to be taken.

"ansible_loop_var": "portgroup",
    "changed": true,
    "invocation": {
        "module_args": {
            "hostname": "vcenter_hostname",
            "mac_learning": null,
            "network_policy": {
                "forged_transmits": false,
                "mac_changes": false,
                "promiscuous": false
            },
            "num_ports": null,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "port_allocation": null,
            "port_binding": "static",
            "port_policy": {
                "block_override": true,
                "ipfix_override": false,
                "live_port_move": false,
                "network_rp_override": false,
                "port_config_reset_at_disconnect": true,
                "security_override": false,
                "shaping_override": false,
                "traffic_filter_override": false,
                "uplink_teaming_override": false,
                "vendor_config_override": false,
                "vlan_override": false
            },
            "portgroup_name": "dpg-212-vmotion",
            "portgroup_type": null,
            "proxy_host": null,
            "proxy_port": null,
            "state": "present",
            "switch_name": "correct_switch_name",
            "teaming_policy": {
                "active_uplinks": null,
                "inbound_policy": null,
                "load_balance_policy": "loadbalance_srcid",
                "notify_switches": true,
                "rolling_order": false,
                "standby_uplinks": null
            },
            "username": "username@auth_login_domain",
            "validate_certs": false,
            "vlan_id": "212",
            "vlan_private": false,
            "vlan_trunk": false
        }
    },
    "portgroup": {
        "key": "vmotion",
        "value": {
            "name": "dpg-212-vmotion",
            "subnet": "x.x.x.x/x",
            "vlan_id": "xxx"
        }
    },
    "result": "None"

ansibullbot commented 3 years ago

Files identified in the description: None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

mariolenz commented 3 years ago

Since you say you've seen a reconfigure task in vCenter, I guess you didn't run ansible in check mode, correct? What happens if you run this a second (and maybe even a third) time? Do you still see changes?

liamwh commented 3 years ago

Since you say you've seen a reconfigure task in vCenter, I guess you didn't run ansible in check mode, correct? What happens if you run this a second (and maybe even a third) time? Do you still see changes?

Yes, that is my exact point. The portgroup configuration is configured exactly as defined, however each playbook run, a reconfigure task is created in vCenter, as well as Ansible returning a changed state. Indeed, check mode is not being used here.

mariolenz commented 3 years ago

Could you please define the port_allocation ("elastic" in you case) and try again? I think this happens when it's undefined but I'm not sure.

edit: https://github.com/ansible-collections/community.vmware/blob/47f2907b333cc9dc1c0564cdc91ec5cf38baae84/plugins/modules/vmware_dvs_portgroup.py#L604-L607

mariolenz commented 3 years ago

Could you please define the port_allocation ("elastic" in you case) and try again? I think this happens when it's undefined but I'm not sure.

@liamwh Did you find the time yet to test port_allocation: elastic? Your answer might help me a lot to fix this.

lingfish commented 3 years ago

Hi, I had this issue too, and explicitly specifying port_allocation: elastic resolved it.

lingfish commented 3 years ago

By the way, the exact same thing happens when specifying network_policy.

liamwh commented 2 years ago

@mariolenz apologies for the delay! Indeed specifying port_allocation: elastic solved the issue.

mariolenz commented 2 years ago

I'm trying to fix this. Would it be possible for you to test PR #1150?

mariolenz commented 2 years ago

@mariolenz apologies for the delay! Indeed specifying port_allocation: elastic solved the issue.

Closing as per above comment. Should be fixed in 2.x (I hope).

ansible-collections / community.vmware