Closed sc68cal closed 8 months ago
HI @sc68cal,
I will verify the configuration and let you know.
meanwhile pls can you provide the Ansible play book which you have created/executed
HI @sc68cal, I have created playbook and able to push the configuration without any error/issue. Pls find the playbook and execution log:
root@UBUNTU18-VM-38-024:~/os10_collections# cat os10_acl_Issue-125.yaml
---
- hosts: spine100
connection: network_cli
collections:
- dellemc.os10
roles:
- os10_acl
root@UBUNTU18-VM-38-024:~/os10_collections#
root@UBUNTU18-VM-38-024:~/os10_collections/host_vars# cat spine100.yaml
---
hostname: datacenter
ansible_become: false
ansible_ssh_user: admin
ansible_ssh_pass: admin
ansible_network_os: dellemc.os10.os10
ansible_connection: network_cli
os10_cfg_generate: True
build_dir: "/root/os10_collections"
os10_acl:
- name: ssh
type: ipv6
description: ipv6acl
remark:
- description: 1
number: 3
state: present
entries:
- number: 14
permit: true
protocol: tcp
source: any
src_condition: neq 6
destination: any
dest_condition: eq 4
other_options: count
state: present
stage_ingress:
- name: ethernet 1/1/4
state: present
- name: ethernet 1/1/5
state: present
stage_egress:
- name: ethernet 1/1/6
state: present
lineterminal:
state: present
state: present
root@UBUNTU18-VM-38-024:~/os10_collections/host_vars#
root@UBUNTU18-VM-38-024:~/os10_collections# cat inventory.yaml
spine100 ansible_host=100.104.40.188 ansible_user=admin ansible_password=admin ansible_network_os=dellemc.os10.os10 ansible_connection=network_cli
[spineleaf]
spine100
[datacenter:children]
spineleaf
root@UBUNTU18-VM-38-024:~/os10_collections#
###################### Execution log ##################
root@UBUNTU18-VM-38-024:~/os10_collections#
root@UBUNTU18-VM-38-024:~/os10_collections# ansible-playbook -i inventory.yaml os10_acl_Issue-125.yaml -vvv
ansible-playbook 2.9.26
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.17 (default, Feb 27 2021, 15:10:58) [GCC 7.5.0]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /root/os10_collections/inventory.yaml as it did not pass its verify_file() method
script declined parsing /root/os10_collections/inventory.yaml as it did not pass its verify_file() method
Parsed /root/os10_collections/inventory.yaml inventory source with ini plugin
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
PLAYBOOK: os10_acl_Issue-125.yaml ***********************************************************************************************************************************************************
1 plays in os10_acl_Issue-125.yaml
PLAY [spine100] *****************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
task path: /root/os10_collections/os10_acl_Issue-125.yaml:2
Sunday 27 November 2022 22:06:12 +0530 (0:00:00.055) 0:00:00.055 *******
<100.104.40.188> ESTABLISH LOCAL CONNECTION FOR USER: root
<100.104.40.188> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669566973.0-9363-136949891701174 `" && echo ansible-tmp-1669566973.0-9363-136949891701174="` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669566973.0-9363-136949891701174 `" ) && sleep 0'
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
<100.104.40.188> PUT /root/.ansible/tmp/ansible-local-9356TRa0Gs/tmpUW_ilQ TO /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669566973.0-9363-136949891701174/AnsiballZ_setup.py
<100.104.40.188> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669566973.0-9363-136949891701174/ /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669566973.0-9363-136949891701174/AnsiballZ_setup.py && sleep 0'
<100.104.40.188> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669566973.0-9363-136949891701174/AnsiballZ_setup.py && sleep 0'
<100.104.40.188> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669566973.0-9363-136949891701174/ > /dev/null 2>&1 && sleep 0'
ok: [spine100]
META: ran handlers
TASK [dellemc.os10.os10_acl : Generating ACL configuration for os10] ************************************************************************************************************************
task path: /root/.ansible/collections/ansible_collections/dellemc/os10/roles/os10_acl/tasks/main.yml:3
Sunday 27 November 2022 22:06:44 +0530 (0:00:31.924) 0:00:31.980 *******
<100.104.40.188> ESTABLISH LOCAL CONNECTION FOR USER: root
<100.104.40.188> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633 `" && echo ansible-tmp-1669567005.02-9441-83499762354633="` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633 `" ) && sleep 0'
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/files/stat.py
<100.104.40.188> PUT /root/.ansible/tmp/ansible-local-9356TRa0Gs/tmpSaknr0 TO /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/AnsiballZ_stat.py
<100.104.40.188> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/ /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/AnsiballZ_stat.py && sleep 0'
<100.104.40.188> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/AnsiballZ_stat.py && sleep 0'
<100.104.40.188> PUT /root/.ansible/tmp/ansible-local-9356TRa0Gs/tmplqhDiF/os10_acl.j2 TO /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/source
<100.104.40.188> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/ /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/source && sleep 0'
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/files/copy.py
<100.104.40.188> PUT /root/.ansible/tmp/ansible-local-9356TRa0Gs/tmpvWECGZ TO /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/AnsiballZ_copy.py
<100.104.40.188> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/ /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/AnsiballZ_copy.py && sleep 0'
<100.104.40.188> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/AnsiballZ_copy.py && sleep 0'
<100.104.40.188> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/ > /dev/null 2>&1 && sleep 0'
changed: [spine100] => {
"changed": true,
"checksum": "926a272596b3458bdea69f03c08b303e973bc99e",
"dest": "/root/os10_collections/acl10_datacenter.conf.part",
"diff": [],
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"_original_basename": "os10_acl.j2",
"attributes": null,
"backup": false,
"checksum": "926a272596b3458bdea69f03c08b303e973bc99e",
"content": null,
"delimiter": null,
"dest": "/root/os10_collections/acl10_datacenter.conf.part",
"directory_mode": null,
"follow": false,
"force": true,
"group": null,
"local_follow": null,
"mode": null,
"owner": null,
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": "/root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/source",
"unsafe_writes": false,
"validate": null
}
},
"md5sum": "fc28b1182eb7ee15ab139284aaf1726f",
"mode": "0644",
"owner": "root",
"size": 307,
"src": "/root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567005.02-9441-83499762354633/source",
"state": "file",
"uid": 0
}
TASK [dellemc.os10.os10_acl : Provisioning ACL configuration for os10] **********************************************************************************************************************
task path: /root/.ansible/collections/ansible_collections/dellemc/os10/roles/os10_acl/tasks/main.yml:11
Sunday 27 November 2022 22:06:46 +0530 (0:00:02.358) 0:00:34.338 *******
<100.104.40.188> ESTABLISH LOCAL CONNECTION FOR USER: root
<100.104.40.188> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567011.04-9488-67239067477654 `" && echo ansible-tmp-1669567011.04-9488-67239067477654="` echo /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567011.04-9488-67239067477654 `" ) && sleep 0'
Using module file /root/.ansible/collections/ansible_collections/dellemc/os10/plugins/modules/os10_config.py
<100.104.40.188> PUT /root/.ansible/tmp/ansible-local-9356TRa0Gs/tmpgMPrhx TO /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567011.04-9488-67239067477654/AnsiballZ_os10_config.py
<100.104.40.188> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567011.04-9488-67239067477654/ /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567011.04-9488-67239067477654/AnsiballZ_os10_config.py && sleep 0'
<100.104.40.188> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567011.04-9488-67239067477654/AnsiballZ_os10_config.py && sleep 0'
<100.104.40.188> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-9356TRa0Gs/ansible-tmp-1669567011.04-9488-67239067477654/ > /dev/null 2>&1 && sleep 0'
changed: [spine100] => {
"changed": true,
"commands": [
"interface ethernet 1/1/4",
"ipv6 access-group ssh in",
"interface ethernet 1/1/5",
"ipv6 access-group ssh in",
"interface ethernet 1/1/6",
"ipv6 access-group ssh out",
"commit"
],
"invocation": {
"module_args": {
"after": null,
"backup": false,
"backup_options": null,
"before": null,
"config": null,
"lines": null,
"match": "line",
"parents": null,
"provider": null,
"replace": "line",
"save": false,
"src": "ipv6 access-list ssh\n description \"ipv6acl\"\n \n seq 3 remark \"1\"\n \n seq 14 permit tcp any neq 6 any eq 4 count\n\nline vty\n ipv6 access-class ssh \n\ninterface ethernet 1/1/4\n ipv6 access-group ssh in\ninterface ethernet 1/1/5\n ipv6 access-group ssh in\n\ninterface ethernet 1/1/6\n ipv6 access-group ssh out\n",
"update": "merge"
}
},
"saved": false,
"updates": [
"interface ethernet 1/1/4",
"ipv6 access-group ssh in",
"interface ethernet 1/1/5",
"ipv6 access-group ssh in",
"interface ethernet 1/1/6",
"ipv6 access-group ssh out",
"commit"
]
}
META: ran handlers
META: ran handlers
PLAY RECAP **********************************************************************************************************************************************************************************
spine100 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Sunday 27 November 2022 22:06:57 +0530 (0:00:10.490) 0:00:44.828 *******
===============================================================================
Gathering Facts --------------------------------------------------------------------------------------------------------------------------------------------------------------------- 31.92s
/root/os10_collections/os10_acl_Issue-125.yaml:2 -------------------------------------------------------------------------------------------------------------------------------------------
dellemc.os10.os10_acl : Provisioning ACL configuration for os10 --------------------------------------------------------------------------------------------------------------------- 10.49s
/root/.ansible/collections/ansible_collections/dellemc/os10/roles/os10_acl/tasks/main.yml:11 -----------------------------------------------------------------------------------------------
dellemc.os10.os10_acl : Generating ACL configuration for os10 ------------------------------------------------------------------------------------------------------------------------ 2.36s
/root/.ansible/collections/ansible_collections/dellemc/os10/roles/os10_acl/tasks/main.yml:3 ------------------------------------------------------------------------------------------------
root@UBUNTU18-VM-38-024:~/os10_collections#
root@UBUNTU18-VM-38-024:~/os10_collections#
root@UBUNTU18-VM-38-024:~/os10_collections#
root@UBUNTU18-VM-38-024:~/os10_collections# ansible-playbook -i inventory.yaml os10_acl_Issue-125.yaml -vvv
############ OS10 Device configuration ################
spine100#
spine100# show running-configuration interface ethernet 1/1/4
!
interface ethernet1/1/4
no shutdown
switchport access vlan 1
flowcontrol receive off
ipv6 access-group ssh in
spine100#
spine100# show running-configuration interface ethernet 1/1/5
!
interface ethernet1/1/5
no shutdown
switchport access vlan 1
flowcontrol receive off
ipv6 access-group ssh in
spine100#
spine100# show running-configuration interface ethernet 1/1/6
!
interface ethernet1/1/6
no shutdown
switchport access vlan 1
flowcontrol receive off
ipv6 access-group ssh out
spine100#
spine100#
spine100# show running-configuration access-list
!
ipv6 access-list ssh
description "ipv6acl"
seq 3 remark "1"
seq 14 permit tcp any neq 6 any eq 4 count
spine100#
spine100# show running-configuration line
!
line vty
ipv6 access-class ssh
spine100#
HI @sc68cal, As provided the logs above, its working fine for me. Pls can you share your complete playbook to figure out what is the issue.
Creating a single rule and associating with a small set of interfaces will not manifest this issue. It only occurs with large rulesets associated with lots of interfaces. I am not able to publicly disclose our rulesets due to security policy
I’ve spent some time attempting to reproduce the error in our environment, and have been unable to do so. We do run a newer version of the dell module (dellemc.os10 1.2.3) and ansible.netcommon (6.0.0) from when the issue was reported, so perhaps something has changed in one of those since then. I have not recreated an environment with the older versions of those. I’ve tried running our full ACL and full configuration playbook on a lab switch running 10.5.1.9, and the acl playbook on switches running 10.5.3.6p2 and our latest 10.5.3.9p1, and all tests ran flawlessly and did not fail on any ACL config tasks. At this point we are OK to close this issue as resolved as we are unable to repro.
Hi @mv945, thanks for your time for reproducing the issue and update on the verification. As per your inputs, am closing this issue.
We have a playbook that defines an ACL on a S5232-ON, and when we get to the step where we add the ACL to an interface, it appears to fail. Running the role again, the role succeeds in adding the ACL to the interfaces.
I have manually defined the ACL via the CLI, and done
show
commands to show the ACL, and there appears to be a delay between defining the ACL, and having it show up in therunning-configuration
. So I assume there is some ASIC programming being done that takes time to complete, and until it is complete it does not get reflected in therunning-configuration
and does not work in the CLI.