Open TheMysteriousX opened 1 year ago
Now check your code on my lab. Get idempotent result.
I'm not sure I following what you mean - the first task in your screenshot Create VM portgroup (always causes a change)
is marked as changed in the log - which is the same behaviour I'm seeing.
Perhaps this is a more understandable test case, though less minimal as it includes a loop which isn't required to demonstrate the issue.
- name: Create VM portgroup (always causes a change)
community.vmware.vmware_dvs_portgroup:
portgroup_name: portgroup1
switch_name: dvswitch1
vlan_id: 999
port_binding: static
port_allocation: elastic
mac_learning:
allow_unicast_flooding: true
enabled: true
limit: 4096
limit_policy: allow
state: present
hostname: "{{ vcenter_url }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: false
with_sequence: count=5
- name: Create VM portgroup (no change)
community.vmware.vmware_dvs_portgroup:
portgroup_name: portgroup1
switch_name: dvswitch1
vlan_id: 999
port_binding: static
port_allocation: elastic
state: present
hostname: "{{ vcenter_url }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: false
with_sequence: count=5
@TheMysteriousX Now I run playbook again (portgroup1 was created yesterday) and both play get same result. Module is idempotent. What do you think is wrong?
I did some further testing and it looks like there's an additional element. I'd overlooked that in the task prior to setting mac_learning, we were setting network_policy.
It doesn't appear to matter if network_policy is set at the same time, or prior to setting mac_learning so I've adapted the test case to highlight both.
- name: Set network_policy then mac_learning, alternating - incorrect behaviour
community.vmware.vmware_dvs_portgroup:
portgroup_name: portgroup1
switch_name: dvswitch1
vlan_id: 999
port_binding: static
port_allocation: elastic
network_policy: "{{ network_policy_dict if ansible_loop.index0 is even else omit }}"
mac_learning: "{{ mac_learn_dict if ansible_loop.index0 is odd else omit }}"
state: present
hostname: "{{ vcenter_url }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: false
with_sequence: count=6
loop_control:
extended: true
vars:
mac_learn_dict:
allow_unicast_flooding: true
enabled: true
limit: 4096
limit_policy: allow
network_policy_dict:
inherited: true
- name: Always causes a change - incorrect behaviour
community.vmware.vmware_dvs_portgroup:
portgroup_name: portgroup1
switch_name: dvswitch1
vlan_id: 999
port_binding: static
port_allocation: elastic
mac_learning:
allow_unicast_flooding: true
enabled: true
limit: 4096
limit_policy: allow
network_policy:
inherited: true
state: present
hostname: "{{ vcenter_url }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: false
with_sequence: count=5
- name: Does not cause a change - correct behaviour
community.vmware.vmware_dvs_portgroup:
portgroup_name: portgroup1
switch_name: dvswitch1
vlan_id: 999
port_binding: static
port_allocation: elastic
network_policy:
inherited: true
state: present
hostname: "{{ vcenter_url }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: false
with_sequence: count=5
- name: Causes a change the first iteration - incorrect behaviour
community.vmware.vmware_dvs_portgroup:
portgroup_name: portgroup1
switch_name: dvswitch1
vlan_id: 999
port_binding: static
port_allocation: elastic
mac_learning:
allow_unicast_flooding: true
enabled: true
limit: 4096
limit_policy: allow
state: present
hostname: "{{ vcenter_url }}"
username: "{{ vsphere_username }}"
password: "{{ vsphere_password }}"
validate_certs: false
with_sequence: count=5
TASK [vsphere : Set network_policy then mac_learning, alternating - incorrect behaviour, mac_learning is not controlled by policy/inheritable] **********************************************************
changed: [host] => (item=1)
changed: [host] => (item=2)
changed: [host] => (item=3)
changed: [host] => (item=4)
changed: [host] => (item=5)
changed: [host] => (item=6)
TASK [vsphere : Always causes a change - incorrect behaviour] ******************************************************************************************************************************************
changed: [host] => (item=1)
changed: [host] => (item=2)
changed: [host] => (item=3)
changed: [host] => (item=4)
changed: [host] => (item=5)
TASK [vsphere : Does not cause a change - correct behaviour] ******************************************************************************************************************************************
ok: [host] => (item=1)
ok: [host] => (item=2)
ok: [host] => (item=3)
ok: [host] => (item=4)
ok: [host] => (item=5)
TASK [vsphere : Causes a change the first iteration - incorrect behaviour] *****************************************************************************************************************************
changed: [host] => (item=1)
ok: [host] => (item=2)
ok: [host] => (item=3)
ok: [host] => (item=4)
ok: [host] => (item=5)
I run your code in my lab and I see that every second reconfigure action change config.defaultPortConfig.securityPolicy.inherited
, config.defaultPortConfig.macManagementPolicy.inherited
and config.defaultPortConfig.macManagementPolicy.macLearningPolicy.*
config parts (from true to false or vice versa, and another changes in config.defaultPortConfig).
Need to dive more thoughtfully into the module code to understand why it behaves this way.
@mariolenz Mario, this module is terrible.
def update_port_group(self):
config = self.build_config()
config.configVersion = self.dvs_portgroup.config.configVersion
task = self.dvs_portgroup.ReconfigureDVPortgroup_Task(config)
changed, result = wait_for_task(task)
return changed, result
def create_port_group(self):
config = self.build_config()
task = self.dv_switch.AddDVPortgroup_Task([config])
changed, result = wait_for_task(task)
return changed, result
It no change any difference in current config and desired config. Just create new config (without some parts of config). This make module not idempotent. =(
SUMMARY
With the following values set in community.vmware.vmware_dvs_portgroup:
The task always appears to report a change has happened. Removing that attribute from the task makes it report 'OK'.
This is similar to the elastic/static issue, however I already had these parameters set.
ISSUE TYPE
COMPONENT NAME
vmware_dvs_portgroup
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
macOS 13.6
STEPS TO REPRODUCE
EXPECTED RESULTS
Task should report 'OK' after the initial run.
ACTUAL RESULTS