ansible / ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
https://www.ansible.com/
GNU General Public License v3.0
62.98k stars 23.91k forks source link

nxos_config SVI (Interface VLAN) idempotency issues #36801

Closed johncapobianco closed 6 years ago

johncapobianco commented 6 years ago
ISSUE TYPE
COMPONENT NAME

nxos_config

ANSIBLE VERSION
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/capobj/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
CONFIGURATION

ACCELERATE_CONNECT_TIMEOUT(default) = 1.0 ACCELERATE_DAEMON_TIMEOUT(default) = 30 ACCELERATE_KEYS_DIR(default) = ~/.fireball.keys ACCELERATE_KEYS_DIR_PERMS(default) = 700 ACCELERATE_KEYS_FILE_PERMS(default) = 600 ACCELERATE_MULTI_KEY(default) = False ACCELERATE_PORT(default) = 5099 ACCELERATE_TIMEOUT(default) = 30 ALLOW_WORLD_READABLE_TMPFILES(default) = False ANSIBLE_COW_SELECTION(default) = default ANSIBLE_COW_WHITELIST(default) = ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant', 'eyes', 'hellokitty', 'kitty', 'luke-koala', 'meow', 'milk', 'moofasa', 'moos ANSIBLE_FORCE_COLOR(default) = False ANSIBLE_NOCOLOR(default) = False ANSIBLE_NOCOWS(default) = False ANSIBLE_PIPELINING(default) = False ANSIBLE_SSH_ARGS(default) = -C -o ControlMaster=auto -o ControlPersist=60s ANSIBLE_SSH_CONTROL_PATH(default) = None ANSIBLE_SSH_CONTROL_PATH_DIR(default) = ~/.ansible/cp ANSIBLE_SSH_EXECUTABLE(default) = ssh ANSIBLE_SSH_RETRIES(default) = 0 ANY_ERRORS_FATAL(default) = False BECOME_ALLOW_SAME_USER(default) = False CACHE_PLUGIN(default) = memory CACHE_PLUGIN_CONNECTION(default) = None CACHE_PLUGIN_PREFIX(default) = ansible_facts CACHE_PLUGIN_TIMEOUT(default) = 86400 COLOR_CHANGED(default) = yellow COLOR_DEBUG(default) = dark gray COLOR_DEPRECATE(default) = purple COLOR_DIFF_ADD(default) = green COLOR_DIFF_LINES(default) = cyan COLOR_DIFF_REMOVE(default) = red COLOR_ERROR(default) = red COLOR_HIGHLIGHT(default) = white COLOR_OK(default) = green COLOR_SKIP(default) = cyan COLOR_UNREACHABLE(default) = bright red COLOR_VERBOSE(default) = blue COLOR_WARN(default) = bright purple COMMAND_WARNINGS(default) = True DEFAULT_ACTION_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/action', u'/usr/share/ansible/plugins/action'] DEFAULT_ALLOW_UNSAFE_LOOKUPS(default) = False DEFAULT_ASK_PASS(default) = False DEFAULT_ASK_SUDO_PASS(default) = False DEFAULT_ASK_SU_PASS(default) = False DEFAULT_ASK_VAULT_PASS(default) = False DEFAULT_BECOME(default) = False DEFAULT_BECOME_ASK_PASS(default) = False DEFAULT_BECOME_EXE(default) = None DEFAULT_BECOME_FLAGS(default) = DEFAULT_BECOME_METHOD(default) = sudo DEFAULT_BECOME_USER(default) = root DEFAULT_CACHE_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/cache', u'/usr/share/ansible/plugins/cache'] DEFAULT_CALLABLE_WHITELIST(default) = [] DEFAULT_CALLBACK_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/callback', u'/usr/share/ansible/plugins/callback'] DEFAULT_CALLBACK_WHITELIST(default) = [] DEFAULT_CONNECTION_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/connection', u'/usr/share/ansible/plugins/connection'] DEFAULT_DEBUG(default) = False DEFAULT_EXECUTABLE(default) = /bin/sh DEFAULT_FACT_PATH(default) = None DEFAULT_FILTER_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/filter', u'/usr/share/ansible/plugins/filter'] DEFAULT_FORCE_HANDLERS(default) = False DEFAULT_FORKS(default) = 5 DEFAULT_GATHERING(default) = implicit DEFAULT_GATHER_SUBSET(default) = all DEFAULT_GATHER_TIMEOUT(default) = 10 DEFAULT_HANDLER_INCLUDES_STATIC(default) = False DEFAULT_HASH_BEHAVIOUR(default) = replace DEFAULT_HOST_LIST(default) = [u'/etc/ansible/hosts'] DEFAULT_INTERNAL_POLL_INTERVAL(default) = 0.001 DEFAULT_INVENTORY_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/inventory', u'/usr/share/ansible/plugins/inventory'] DEFAULT_JINJA2_EXTENSIONS(default) = [] DEFAULT_KEEP_REMOTE_FILES(default) = False DEFAULT_LIBVIRT_LXC_NOSECLABEL(default) = False DEFAULT_LOAD_CALLBACK_PLUGINS(default) = False DEFAULT_LOCAL_TMP(default) = /home/capobj/.ansible/tmp/ansible-local-27488NYPcf4 DEFAULT_LOG_PATH(default) = DEFAULT_LOOKUP_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/lookup', u'/usr/share/ansible/plugins/lookup'] DEFAULT_MANAGED_STR(default) = Ansible managed DEFAULT_MODULE_ARGS(default) = DEFAULT_MODULE_COMPRESSION(default) = ZIP_DEFLATED DEFAULT_MODULE_LANG(default) = {{CONTROLER_LANG}} DEFAULT_MODULE_NAME(default) = command DEFAULT_MODULE_PATH(default) = [u'/home/capobj/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] DEFAULT_MODULE_SET_LOCALE(default) = False DEFAULT_MODULE_UTILS_PATH(default) = [u'/home/capobj/.ansible/plugins/module_utils', u'/usr/share/ansible/plugins/module_utils'] DEFAULT_NO_LOG(default) = False DEFAULT_NO_TARGET_SYSLOG(default) = False DEFAULT_NULL_REPRESENTATION(default) = None DEFAULT_POLL_INTERVAL(default) = 15 DEFAULT_PRIVATE_KEY_FILE(default) = None DEFAULT_PRIVATE_ROLE_VARS(default) = False DEFAULT_REMOTE_PORT(default) = None DEFAULT_REMOTE_TMP(default) = ~/.ansible/tmp DEFAULT_REMOTE_USER(default) = None DEFAULT_ROLES_PATH(/etc/ansible/ansible.cfg) = [u'/etc/ansible/roles', u'/usr/share/ansible/roles'] DEFAULT_SCP_IF_SSH(default) = smart DEFAULT_SELINUX_SPECIAL_FS(default) = ['fuse', 'nfs', 'vboxsf', 'ramfs', '9p'] DEFAULT_SFTP_BATCH_MODE(default) = True DEFAULT_SQUASH_ACTIONS(default) = ['apk', 'apt', 'dnf', 'homebrew', 'openbsd_pkg', 'pacman', 'pkgng', 'yum', 'zypper'] DEFAULT_SSH_TRANSFER_METHOD(default) = None DEFAULT_STDOUT_CALLBACK(default) = default DEFAULT_STRATEGY(default) = linear DEFAULT_STRATEGY_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/strategy', u'/usr/share/ansible/plugins/strategy'] DEFAULT_SU(default) = False DEFAULT_SUDO(default) = False DEFAULT_SUDO_EXE(default) = sudo DEFAULT_SUDO_FLAGS(default) = -H -S -n DEFAULT_SUDO_USER(default) = None DEFAULT_SU_EXE(default) = su DEFAULT_SU_FLAGS(default) = DEFAULT_SU_USER(default) = None DEFAULT_SYSLOG_FACILITY(default) = LOG_USER DEFAULT_TASK_INCLUDES_STATIC(default) = False DEFAULT_TEST_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/test', u'/usr/share/ansible/plugins/test'] DEFAULT_TIMEOUT(default) = 10 DEFAULT_TRANSPORT(default) = smart DEFAULT_UNDEFINED_VAR_BEHAVIOR(default) = True DEFAULT_VARS_PLUGIN_PATH(default) = [u'/home/capobj/.ansible/plugins/vars', u'/usr/share/ansible/plugins/vars'] DEFAULT_VAULT_IDENTITY(default) = default DEFAULT_VAULT_IDENTITY_LIST(default) = [] DEFAULT_VAULT_ID_MATCH(default) = False DEFAULT_VAULT_PASSWORD_FILE(default) = None DEFAULT_VERBOSITY(default) = 0 DEPRECATION_WARNINGS(default) = True DIFF_ALWAYS(default) = False DIFF_CONTEXT(default) = 3 DISPLAY_ARGS_TO_STDOUT(default) = False DISPLAY_SKIPPED_HOSTS(default) = True ERROR_ON_MISSING_HANDLER(default) = True GALAXY_IGNORE_CERTS(default) = False GALAXY_ROLE_SKELETON(default) = None GALAXY_ROLE_SKELETON_IGNORE(default) = ['^.git$', '^.*/.git_keep$'] GALAXY_SERVER(default) = https://galaxy.ansible.com HOST_KEY_CHECKING(default) = True INVENTORY_ENABLED(default) = ['host_list', 'script', 'yaml', 'ini'] INVENTORY_IGNORE_EXTS(default) = {{(BLACKLIST_EXTS + ( '~', '.orig', '.ini', '.cfg', '.retry'))}} INVENTORY_IGNORE_PATTERNS(default) = [] INVENTORY_UNPARSED_IS_FAILED(default) = False MAX_FILE_SIZE_FOR_DIFF(default) = 104448 MERGE_MULTIPLE_CLI_TAGS(default) = True NETWORK_GROUP_MODULES(default) = ['eos', 'nxos', 'ios', 'iosxr', 'junos', 'ce', 'vyos', 'sros', 'dellos9', 'dellos10', 'dellos6', 'asa', 'aruba', 'aireos'] PARAMIKO_HOST_KEY_AUTO_ADD(default) = False PARAMIKO_LOOK_FOR_KEYS(default) = True PARAMIKO_PROXY_COMMAND(default) = None PARAMIKO_PTY(default) = True PARAMIKO_RECORD_HOST_KEYS(default) = True PERSISTENT_COMMAND_TIMEOUT(default) = 10 PERSISTENT_CONNECT_RETRY_TIMEOUT(default) = 15 PERSISTENT_CONNECT_TIMEOUT(default) = 30 PERSISTENT_CONTROL_PATH_DIR(default) = /home/capobj/.ansible/pc PLAYBOOK_VARS_ROOT(default) = top RETRY_FILES_ENABLED(default) = True RETRY_FILES_SAVE_PATH(default) = None SHOW_CUSTOM_STATS(default) = False STRING_TYPE_FILTERS(default) = ['string', 'to_json', 'to_nice_json', 'to_yaml', 'ppretty', 'json'] SYSTEM_WARNINGS(default) = True USE_PERSISTENT_CONNECTIONS(default) = False VARIABLE_PRECEDENCE(default) = ['all_inventory', 'groups_inventory', 'all_plugins_inventory', 'all_plugins_play', 'groups_plugins_inventory', 'groups_plugins_play'] YAML_FILENAME_EXTENSIONS(default) = ['.yml', '.yaml', '.json']

OS / ENVIRONMENT

CentOS Linux release 7.4.1708 (Core) NXOS 6.2(16) Nexus 7K

SUMMARY

The NXOS_CONFIG module does not appear to be idempotent for Interface VLAN / SVI configurations

STEPS TO REPRODUCE

Running-configuration interface Vlan1301 vrf member BLUE no ip redirects ip address 10.144.0.2/24 ip router ospf 100 area 0.0.0.130 hsrp version 2 hsrp 1301 authentication md5 key-chain hsrp-md5-key preempt delay minimum 120 reload 300 priority 255 ip 10.144.0.1 ip dhcp relay address 10.167.128.127 ip dhcp relay address 10.167.128.128 description BLUE no shutdown

My generated output for the same interface:

interface Vlan1301 vrf member BLUE no ip redirects ip router ospf 100 area 0.0.0.130 hsrp version 2 hsrp 1301 authentication md5 key-chain hsrp-md5-key preempt delay minimum 120 reload 300 priority 255 ip 10.144.0.1 ip dhcp relay address 10.167.128.127 ip dhcp relay address 10.167.128.128 description BLUE no shutdown ip address 10.144.0.2/24

When I run in check mode the following comes back as CHANGES:

["interface Vlan1301", "hsrp version 2", "hsrp 1301", "authentication md5 key-chain hsrp-md5-key", "priority 254", "ip 10.144.0.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description BLUE", "no shutdown",

Not all of it is idempotent

- hosts: LAB-DC-N7K-AGG

  tasks:
    - import_tasks: ../../tasks/configurations/nxos/configure_nxos_vlan_interface.yml

- name: Create NXOS SVI configuration 
  nxos_config: 
    src: ../../templates/configurations/nxos/05_nxos_vlan_interface.j2
    provider: "{{ nxoscli }}" 
  tags: vlan 
  register: svi_config_results 
EXPECTED RESULTS

Based on my comparisons my SVI should be fully idempotent

ACTUAL RESULTS

Idempotency is showing a lot of changes however doing side by side comparisons all the syntax, spacing, commands should not be showing any changes

 {"changed": true, "commands": ["interface Vlan1301", "hsrp version 2", "hsrp 1301", "authentication md5 key-chain hsrp-md5-key", "priority 254", "ip 10.144.0.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description BLUE", "no shutdown",
ansibot commented 6 years ago

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibot commented 6 years ago

cc @kedarX @mikewiebe @privateip @rahushen @rcarrillocruz @trishnaguha click here for bot help

trishnaguha commented 6 years ago

@johncapobianco please share your src file if possible.

johncapobianco commented 6 years ago

Here are the relevant files I have converted them to .txt files so I could upload but you could rename to .yml or .j2

Please let me know if this is what you needed

Thanks for your help

LAB-DC-N7K-AGG_yml.txt LAB-N7K-1-MG06TSZKG-DC-AGG.running_config.txt LAB-N7K-1-MG06TSZKG-DC-AGG.txt 06_nxos_interface_j2.txt config-dc_yml.txt configure_nxos_vlan_interface_yml.txt

johncapobianco commented 6 years ago

Please note the following is idempotent under the SVI configurations:

interface Vlan1301 vrf member LoP_OPZone no ip redirects ip router ospf 100 area 0.0.0.130 ip address 10.144.0.2/24

the following lines are not idempotent:

interface Vlan1301 hsrp version 2 hsrp 1301 authentication md5 key-chain hsrp-md5-key preempt delay minimum 120 reload 300 priority 255 ip 10.144.0.1 ip dhcp relay address 10.167.128.127 ip dhcp relay address 10.167.128.128 description LoP_OPZone no shutdown

Hope this helps

John

trishnaguha commented 6 years ago

Related issue: https://github.com/ansible/ansible/issues/36499. hsrp 1301. The group 1301 was not created, show running-config only shows upto hsrp version 2.

The device returns error when hsrp sub commands are executed after hsrp 1301 stating: ERROR: Group 1301 is not created. So this isn't module/idempotence issue. nxos terminal plugin fails to catch the error, hence returning changed:true.

trishnaguha commented 6 years ago

With the PR https://github.com/ansible/ansible/pull/37237, the actual error is caught, instead of silently ignoring the error and returing changed: true.

The full traceback is:
  File "/tmp/ansible_ebpU1k/ansible_modlib.zip/ansible/module_utils/network/nxos/nxos.py", line 195, in load_config
    responses = connection.edit_config(config)
  File "/tmp/ansible_ebpU1k/ansible_modlib.zip/ansible/module_utils/connection.py", line 146, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)

fatal: [nxos9k-01]: FAILED! => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "after": null, 
            "backup": false, 
            "before": null, 
            "defaults": false, 
            "diff_against": null, 
            "diff_ignore_lines": null, 
            "force": false, 
            "host": null, 
            "intended_config": null, 
            "lines": null, 
            "match": "line", 
            "parents": null, 
            "password": null, 
            "port": null, 
            "provider": null, 
            "replace": "line", 
            "replace_src": null, 
            "running_config": null, 
            "save": false, 
            "save_when": "never", 
            "src": "interface Vlan1301\n  description BLUE\n  no shutdown\n  vrf member BLUE\n  no ip redirects\n  ip address 10.144.0.2/24\n  ip router ospf 100 area 0.0.0.130\n  hsrp version 2\n  ip dhcp relay address 10.167.128.127 \n  ip dhcp relay address 10.167.128.128\n  hsrp 1301\n    authentication md5 key-chain hsrp-md5-key\n    preempt delay minimum 120 reload 300\n    priority 255\n    ip 10.144.0.1\n", 
            "ssh_keyfile": null, 
            "timeout": null, 
            "transport": null, 
            "use_ssl": null, 
            "username": null, 
            "validate_certs": null
        }
    }, 
    "msg": "authentication md5 key-chain hsrp-md5-key\r\r\nERROR: Group 1301 is not created\r\n\r\n\ran-nxos9k-01(config-if-hsrp)# "
}
johncapobianco commented 6 years ago

Do you have feature HSRP enabled in your global config?

feature hsrp

Because my SVIs all have the HSRP configured - see the attache / sample:

interface Vlan1301 vrf member LoP_OPZone no ip redirects ip address 10.144.0.2/24 ip router ospf 100 area 0.0.0.130 hsrp version 2 hsrp 1301 authentication md5 key-chain hsrp-md5-key preempt delay minimum 120 reload 300 priority 255 ip 10.144.0.1 ip dhcp relay address 10.167.128.127 ip dhcp relay address 10.167.128.128 description LoP_OPZone no shutdown

Every SVI has an hsrp followed by the lines:

authentication md5 key-chain hsrp-md5-key
preempt delay minimum 120 reload 300 
priority 255
ip <ip> 
trishnaguha commented 6 years ago

@johncallender yes I have hsrp enabled. Is this your output for show run | section interface.Vlan1301?

johncapobianco commented 6 years ago

LAB-N7K-1-MG06TSZKG-DC-AGG# sh run | section interface.Vlan1301 interface Vlan1301 vrf member LoP_OPZone no ip redirects ip address 10.144.0.2/24 ip router ospf 100 area 0.0.0.130 hsrp version 2 hsrp 1301 authentication md5 key-chain hsrp-md5-key preempt delay minimum 120 reload 300 priority 255 ip 10.144.0.1 ip dhcp relay address 10.167.128.127 ip dhcp relay address 10.167.128.128 description LoP_OPZone no shutdown

johncapobianco commented 6 years ago

Here is the full out put in verbose mode

TASK [Create NXOS SVI configuration] **** task path: /home/capobj/DC/Lab-Infrastructure/tasks/configurations/nxos/configure_nxos_platform_vlan_interface.yml:3

connection transport is cli using connection plugin network_cli socket_path: /root/.ansible/pc/0e175152f6 Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/nxos/nxos_config.py ESTABLISH LOCAL CONNECTION FOR USER: root EXEC /bin/sh -c 'echo ~ && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1520607215.06-54615843946370 `" && echo ansible-tmp-1520607215.06-54615843946370="` echo /root/.ansible/tmp/ansible-tmp-1520607215.06-54615843946370 `" ) && sleep 0' PUT /tmp/tmp4IXwbG TO /root/.ansible/tmp/ansible-tmp-1520607215.06-54615843946370/nxos_config.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1520607215.06-54615843946370/ /root/.ansible/tmp/ansible-tmp-1520607215.06-54615843946370/nxos_config.py && sleep 0' EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1520607215.06-54615843946370/nxos_config.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1520607215.06-54615843946370/" > /dev/null 2>&1 && sleep 0' changed: [LAB-N7K-1-MG06TSZKG-DC-AGG] => { "changed": true, "commands": [ "interface Vlan1", "description unused", "interface Vlan1301", "hsrp version 2", "hsrp 1301", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.144.0.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description LoP_OPZone", "no shutdown", "interface Vlan2200", "hsrp version 2", "hsrp 2200", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.64.1", "description LOP Egress SVi - id: to L2-ASA-DC", "no shutdown", "mac-address 0025.b5f1.0400", "interface Vlan2511", "hsrp version 2", "hsrp 2511", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.26.128.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description EISS_HOC_Prod01", "no shutdown", "interface Vlan2521", "hsrp version 2", "hsrp 2521", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.26.129.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description EISS_HOC_PTest01", "no shutdown", "interface Vlan2531", "hsrp version 2", "hsrp 2531", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.26.130.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description EISS_HOC_Training01", "no shutdown", "interface Vlan3000", "hsrp version 2", "hsrp 3000", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.20.171.241", "description FM_SVC_Transit", "no shutdown", "interface Vlan3001", "hsrp version 2", "hsrp 3001", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.2.1", "description HoC_LAB_Web-Front", "no shutdown", "interface Vlan3003", "hsrp version 2", "hsrp 3003", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.6.1", "description HoC_LAB_VOICE", "no shutdown", "interface Vlan3010", "hsrp version 2", "hsrp 3010", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.138.16.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description 181_Queen", "no shutdown", "interface Vlan3016", "hsrp version 2", "hsrp 3016", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.131.1", "description FM_Services_01", "no shutdown", "interface Vlan3024", "hsrp version 2", "hsrp 3024", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.132.1", "description FM_HV_MGMT_01", "no shutdown", "interface Vlan3028", "hsrp version 2", "hsrp 3028", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.136.1", "description FM_Backup_01", "no shutdown", "interface Vlan3032", "hsrp version 2", "hsrp 3032", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.140.1", "description FM_Compute_MGMT_01", "no shutdown", "interface Vlan3036", "hsrp version 2", "hsrp 3036", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.144.1", "description FM_Storage_MGMT_01", "no shutdown", "interface Vlan3059", "hsrp version 2", "hsrp 3059", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 192.168.17.1", "description LAB_VMMGT_LEGACY", "no shutdown", "interface Vlan3060", "hsrp version 2", "hsrp 3060", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 192.168.18.1", "description LAB_VMOTION_LEGACY", "no shutdown", "interface Vlan3200", "hsrp version 2", "hsrp 3200", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.64.5", "description LOP Ingress SVi - id: to L2-ASA-DC", "no shutdown", "mac-address 0025.b5f1.0402", "interface Vlan3203", "hsrp version 2", "hsrp 3203", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.68.1", "description LoP_DCZone", "no shutdown", "interface Vlan3401", "hsrp version 2", "hsrp 3401", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.252.254.1", "ip dhcp relay address 10.252.32.96", "ip dhcp relay address 10.252.32.97", "description HOC-DEV_OPZone_VM_INT", "no shutdown", "interface Vlan3402", "hsrp version 2", "hsrp 3402", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.252.255.1", "ip dhcp relay address 10.252.32.96", "ip dhcp relay address 10.252.32.97", "description HOC-DEV_OPZone_VM_NoINT", "no shutdown", "interface Vlan600", "hsrp version 2", "hsrp 600", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description JB_MGMT", "no shutdown", "interface Vlan601", "hsrp version 2", "hsrp 601", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.65", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description NSS_MGMT", "no shutdown", "interface Vlan602", "hsrp version 2", "hsrp 602", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.129", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description AMSO-AIM_MGMT", "no shutdown", "interface Vlan603", "hsrp version 2", "hsrp 603", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.193", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description ITSEC_MGMT", "no shutdown", "interface Vlan604", "hsrp version 2", "hsrp 604", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description NS_MGMT", "no shutdown", "interface Vlan605", "hsrp version 2", "hsrp 605", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.65", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description DPO_SCCS_MGMT", "no shutdown", "interface Vlan606", "hsrp version 2", "hsrp 606", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.129", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description NMAD_MGMT", "no shutdown", "interface Vlan607", "hsrp version 2", "hsrp 607", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.193", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description Senate_MGMT", "no shutdown", "interface Vlan608", "hsrp version 2", "hsrp 608", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.225", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description LoP_MGMT", "no shutdown", "interface Vlan800", "hsrp version 2", "hsrp 800", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.167.135.254", "description HoC_LAB_DC_LEGACY", "no shutdown", "bandwidth 40000000" ], "invocation": { "module_args": { "after": null, "backup": false, "before": null, "defaults": false, "diff_against": null, "diff_ignore_lines": null, "force": false, "host": "LAB-N7K-1-MG06TSZKG-DC-AGG", "intended_config": null, "lines": null, "match": "line", "parents": null, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": null, "provider": { "host": "LAB-N7K-1-MG06TSZKG-DC-AGG", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": null, "ssh_keyfile": null, "timeout": null, "transport": "cli", "use_ssl": null, "username": "admin", "validate_certs": null }, "replace": "line", "running_config": null, "save": false, "save_when": "never", "src": "interface Vlan1\n no ip redirects\n description unused\ninterface Vlan1301\n vrf member LoP_OPZone\n no ip redirects\n ip address 10.144.0.2/24\n ip router ospf 100 area 0.0.0.130\n hsrp version 2\n hsrp 1301 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.144.0.1\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description LoP_OPZone\n no shutdown\ninterface Vlan2200\n vrf member LoP_OPZone\n no ip redirects\n ip address 10.170.64.2/28\n ip router ospf 100 area 0.0.0.130\n hsrp version 2\n hsrp 2200 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.170.64.1\n description LOP Egress SVi - id: to L2-ASA-DC\n no shutdown\n mac-address 0025.b5f1.0400\ninterface Vlan2511\n vrf member EISS\n no ip redirects\n ip address 172.26.128.2/24\n ip router ospf 100 area 0.0.0.140\n hsrp version 2\n hsrp 2511 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.26.128.1\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description EISS_HOC_Prod01\n no shutdown\ninterface Vlan2521\n vrf member EISS\n no ip redirects\n ip address 172.26.129.2/24\n ip router ospf 100 area 0.0.0.140\n hsrp version 2\n hsrp 2521 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.26.129.1\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description EISS_HOC_PTest01\n no shutdown\ninterface Vlan2531\n vrf member EISS\n no ip redirects\n ip address 172.26.130.2/24\n ip router ospf 100 area 0.0.0.140\n hsrp version 2\n hsrp 2531 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.26.130.1\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description EISS_HOC_Training01\n no shutdown\ninterface Vlan3000\n vrf member FM_SVC\n no ip redirects\n ip address 172.20.171.242/28\n ip router ospf 100 area 0.0.0.255\n hsrp version 2\n hsrp 3000 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.20.171.241\n description FM_SVC_Transit\n no shutdown\ninterface Vlan3001\n vrf member HoC_OPZone\n no ip redirects\n ip address 10.170.2.2/23\n ip router ospf 100 area 0.0.0.110\n hsrp version 2\n hsrp 3001 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.170.2.1\n description HoC_LAB_Web-Front\n no shutdown\ninterface Vlan3003\n vrf member HoC_OPZone\n no ip redirects\n ip address 10.170.6.2/24\n ip router ospf 100 area 0.0.0.110\n hsrp version 2\n hsrp 3003 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.170.6.1\n description HoC_LAB_VOICE\n no shutdown\ninterface Vlan3010\n vrf member HoC_OPZone\n no ip redirects\n ip address 10.138.16.2/20\n ip router ospf 100 area 0.0.0.110\n hsrp version 2\n hsrp 3010 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.138.16.1\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description 181_Queen\n no shutdown\ninterface Vlan3016\n vrf member FM_SVC\n no ip redirects\n ip address 172.24.131.2/24\n ip router ospf 100 area 0.0.0.255\n hsrp version 2\n hsrp 3016 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.24.131.1\n description FM_Services_01\n no shutdown\ninterface Vlan3024\n vrf member FM_SVC\n no ip redirects\n ip address 172.24.132.2/24\n ip router ospf 100 area 0.0.0.255\n hsrp version 2\n hsrp 3024 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.24.132.1\n description FM_HV_MGMT_01\n no shutdown\ninterface Vlan3028\n vrf member FM_SVC\n no ip redirects\n ip address 172.24.136.2/24\n ip router ospf 100 area 0.0.0.255\n hsrp version 2\n hsrp 3028 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.24.136.1\n description FM_Backup_01\n no shutdown\ninterface Vlan3032\n vrf member FM_SVC\n no ip redirects\n ip address 172.24.140.2/24\n ip router ospf 100 area 0.0.0.255\n hsrp version 2\n hsrp 3032 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.24.140.1\n description FM_Compute_MGMT_01\n no shutdown\ninterface Vlan3036\n vrf member FM_SVC\n no ip redirects\n ip address 172.24.144.2/24\n ip router ospf 100 area 0.0.0.255\n hsrp version 2\n hsrp 3036 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 172.24.144.1\n description FM_Storage_MGMT_01\n no shutdown\ninterface Vlan3059\n vrf member HoC_OPZone\n no ip redirects\n ip address 192.168.17.2/24\n ip router ospf 100 area 0.0.0.110\n hsrp version 2\n hsrp 3059 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 192.168.17.1\n description LAB_VMMGT_LEGACY\n no shutdown\ninterface Vlan3060\n vrf member HoC_OPZone\n no ip redirects\n ip address 192.168.18.2/24\n ip router ospf 100 area 0.0.0.110\n hsrp version 2\n hsrp 3060 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 192.168.18.1\n description LAB_VMOTION_LEGACY\n no shutdown\ninterface Vlan3200\n vrf member LoP_DCZone\n no ip redirects\n ip address 10.170.64.6/28\n ip router ospf 100 area 0.0.0.130\n hsrp version 2\n hsrp 3200 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.170.64.5\n description LOP Ingress SVi - id: to L2-ASA-DC\n no shutdown\n mac-address 0025.b5f1.0402\ninterface Vlan3203\n vrf member LoP_DCZone\n no ip redirects\n ip address 10.170.68.2/24\n ip router ospf 100 area 0.0.0.130\n hsrp version 2\n hsrp 3203 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.170.68.1\n description LoP_DCZone\n no shutdown\ninterface Vlan3401\n vrf member HoC-DEV_OPZone\n no ip redirects\n ip address 10.252.254.2/24\n ip router ospf 100 area 0.0.0.0\n hsrp version 2\n hsrp 3401 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.252.254.1\n ip dhcp relay address 10.252.32.96 \n ip dhcp relay address 10.252.32.97 \n description HOC-DEV_OPZone_VM_INT\n no shutdown\ninterface Vlan3402\n vrf member HoC-DEV_OPZone\n no ip redirects\n ip address 10.252.255.2/24\n ip router ospf 100 area 0.0.0.0\n hsrp version 2\n hsrp 3402 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.252.255.1\n ip dhcp relay address 10.252.32.96 \n ip dhcp relay address 10.252.32.97 \n description HOC-DEV_OPZone_VM_NoINT\n no shutdown\ninterface Vlan600\n vrf member OAM\n no ip redirects\n ip address 10.150.254.2/26\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 600 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.254.1\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description JB_MGMT\n no shutdown\ninterface Vlan601\n vrf member OAM\n no ip redirects\n ip address 10.150.254.66/26\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 601 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.254.65\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description NSS_MGMT\n no shutdown\ninterface Vlan602\n vrf member OAM\n no ip redirects\n ip address 10.150.254.130/26\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 602 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.254.129\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description AMSO-AIM_MGMT\n no shutdown\ninterface Vlan603\n vrf member OAM\n no ip redirects\n ip address 10.150.254.194/26\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 603 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.254.193\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description ITSEC_MGMT\n no shutdown\ninterface Vlan604\n vrf member OAM\n no ip redirects\n ip address 10.150.255.2/26\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 604 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.255.1\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description NS_MGMT\n no shutdown\ninterface Vlan605\n vrf member OAM\n no ip redirects\n ip address 10.150.255.66/26\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 605 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.255.65\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description DPO_SCCS_MGMT\n no shutdown\ninterface Vlan606\n vrf member OAM\n no ip redirects\n ip address 10.150.255.130/26\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 606 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.255.129\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description NMAD_MGMT\n no shutdown\ninterface Vlan607\n vrf member OAM\n no ip redirects\n ip address 10.150.255.194/27\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 607 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.255.193\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description Senate_MGMT\n no shutdown\ninterface Vlan608\n vrf member OAM\n no ip redirects\n ip address 10.150.255.226/27\n ip router ospf 100 area 0.0.0.150\n hsrp version 2\n hsrp 608 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.150.255.225\n ip dhcp relay address 10.167.128.127 \n ip dhcp relay address 10.167.128.128 \n description LoP_MGMT\n no shutdown\ninterface Vlan800\n vrf member HoC_OPZone\n no ip redirects\n ip address 10.167.135.252/16\n ip router ospf 100 area 0.0.0.0\n hsrp version 2\n hsrp 800 \n authentication md5 key-chain hsrp-md5-key\n preempt delay minimum 120 reload 300 \n priority 255\n ip 10.167.135.254\n description HoC_LAB_DC_LEGACY\n no shutdown\n bandwidth 40000000\n \n", "ssh_keyfile": null, "timeout": null, "transport": "cli", "use_ssl": null, "username": "admin", "validate_certs": null } }, "updates": [ "interface Vlan1", "description unused", "interface Vlan1301", "hsrp version 2", "hsrp 1301", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.144.0.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description LoP_OPZone", "no shutdown", "interface Vlan2200", "hsrp version 2", "hsrp 2200", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.64.1", "description LOP Egress SVi - id: to L2-ASA-DC", "no shutdown", "mac-address 0025.b5f1.0400", "interface Vlan2511", "hsrp version 2", "hsrp 2511", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.26.128.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description EISS_HOC_Prod01", "no shutdown", "interface Vlan2521", "hsrp version 2", "hsrp 2521", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.26.129.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description EISS_HOC_PTest01", "no shutdown", "interface Vlan2531", "hsrp version 2", "hsrp 2531", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.26.130.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description EISS_HOC_Training01", "no shutdown", "interface Vlan3000", "hsrp version 2", "hsrp 3000", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.20.171.241", "description FM_SVC_Transit", "no shutdown", "interface Vlan3001", "hsrp version 2", "hsrp 3001", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.2.1", "description HoC_LAB_Web-Front", "no shutdown", "interface Vlan3003", "hsrp version 2", "hsrp 3003", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.6.1", "description HoC_LAB_VOICE", "no shutdown", "interface Vlan3010", "hsrp version 2", "hsrp 3010", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.138.16.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description 181_Queen", "no shutdown", "interface Vlan3016", "hsrp version 2", "hsrp 3016", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.131.1", "description FM_Services_01", "no shutdown", "interface Vlan3024", "hsrp version 2", "hsrp 3024", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.132.1", "description FM_HV_MGMT_01", "no shutdown", "interface Vlan3028", "hsrp version 2", "hsrp 3028", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.136.1", "description FM_Backup_01", "no shutdown", "interface Vlan3032", "hsrp version 2", "hsrp 3032", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.140.1", "description FM_Compute_MGMT_01", "no shutdown", "interface Vlan3036", "hsrp version 2", "hsrp 3036", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 172.24.144.1", "description FM_Storage_MGMT_01", "no shutdown", "interface Vlan3059", "hsrp version 2", "hsrp 3059", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 192.168.17.1", "description LAB_VMMGT_LEGACY", "no shutdown", "interface Vlan3060", "hsrp version 2", "hsrp 3060", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 192.168.18.1", "description LAB_VMOTION_LEGACY", "no shutdown", "interface Vlan3200", "hsrp version 2", "hsrp 3200", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.64.5", "description LOP Ingress SVi - id: to L2-ASA-DC", "no shutdown", "mac-address 0025.b5f1.0402", "interface Vlan3203", "hsrp version 2", "hsrp 3203", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.170.68.1", "description LoP_DCZone", "no shutdown", "interface Vlan3401", "hsrp version 2", "hsrp 3401", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.252.254.1", "ip dhcp relay address 10.252.32.96", "ip dhcp relay address 10.252.32.97", "description HOC-DEV_OPZone_VM_INT", "no shutdown", "interface Vlan3402", "hsrp version 2", "hsrp 3402", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.252.255.1", "ip dhcp relay address 10.252.32.96", "ip dhcp relay address 10.252.32.97", "description HOC-DEV_OPZone_VM_NoINT", "no shutdown", "interface Vlan600", "hsrp version 2", "hsrp 600", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description JB_MGMT", "no shutdown", "interface Vlan601", "hsrp version 2", "hsrp 601", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.65", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description NSS_MGMT", "no shutdown", "interface Vlan602", "hsrp version 2", "hsrp 602", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.129", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description AMSO-AIM_MGMT", "no shutdown", "interface Vlan603", "hsrp version 2", "hsrp 603", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.254.193", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description ITSEC_MGMT", "no shutdown", "interface Vlan604", "hsrp version 2", "hsrp 604", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.1", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description NS_MGMT", "no shutdown", "interface Vlan605", "hsrp version 2", "hsrp 605", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.65", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description DPO_SCCS_MGMT", "no shutdown", "interface Vlan606", "hsrp version 2", "hsrp 606", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.129", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description NMAD_MGMT", "no shutdown", "interface Vlan607", "hsrp version 2", "hsrp 607", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.193", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description Senate_MGMT", "no shutdown", "interface Vlan608", "hsrp version 2", "hsrp 608", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.150.255.225", "ip dhcp relay address 10.167.128.127", "ip dhcp relay address 10.167.128.128", "description LoP_MGMT", "no shutdown", "interface Vlan800", "hsrp version 2", "hsrp 800", "authentication md5 key-chain hsrp-md5-key", "preempt delay minimum 120 reload 300", "priority 255", "ip 10.167.135.254", "description HoC_LAB_DC_LEGACY", "no shutdown", "bandwidth 40000000" ] } META: ran handlers META: ran handlers Hope this helps I do not get the error you are getting - is there another command I can run to get the full traceback?
trishnaguha commented 6 years ago

As discussed with the team, we do not guarantee idempotence with nxos_config when using src, you need to make sure that you are using the exact spaces indentation that the device uses. I am going to close this issue since we won't fix it. Thanks for taking time to look into this.

aaronbanks1 commented 6 years ago

The issue comes from your source file not having proper spacing. NX-OS uses two spaces to indent, not one like IOS. Change that and it should work. I just sorted out this issue with my config. Now idempotency is no problem when using "src" with nxos_config module.

ajsiersema commented 5 years ago

_[ edit: using only --check I was too careful testing this workaround, adding 'no hsrp bfd' to your Jinja works in ansible_checkmode, but like John observed, fails when actually sending the configuration. As a workaround one can however ignore the 'no hsrp bfd' line. Good to know Cisco acknowledged and fixed the bug ]

Hope this saves some other people from digging through the sources and inserting debug statements :) Until a Cisco NX-OS version with this issue fixed is deployed, the following workaround can be used.

Using the right indentation is important, but at least for NX-OS 7.1 on a 7K over CLI there's another gotcha: Ansible uses show run all and a non-indented 'no hsrp bfd' line will be inserted which throws off the diff. By inserting this line into your Jinja2, By ignoring this line, idempotency will be restored for the HSRP section. Like this:

interface Vlan{{ vlan_id }}
  description {{ svi_description | default(vlan_name) }}
  no shutdown
  no ip redirects
  ip address {{ svi_ipv4 }}
  no ip arp gratuitous hsrp duplicate
  hsrp version 2
  hsrp {{ vlan_id }}
    ip {{ svi_vip }}
  ip dhcp relay address 1.2.3.4
- name: "Configure SVI {{ svi_name }}"
   nxos_config:
     src: "svi_config.j2"
     diff_ignore_lines:
       - "no hsrp bfd"
johncapobianco commented 5 years ago

Yes but that too doesn’t work as it is a parent nested command and will move you out of the nest

Cisco confirms this is a BUG and fixed in the latest release !!!

Thanks

Get Outlook for iOShttps://aka.ms/o0ukef


From: Albert Siersema notifications@github.com Sent: Monday, March 11, 2019 6:54 AM To: ansible/ansible Cc: johncapobianco; Mention Subject: Re: [ansible/ansible] nxos_config SVI (Interface VLAN) idempotency issues (#36801)

Hope this saves some other people from digging through the sources and inserting debug statements :)

Using the right indentation is important, but at least for NX-OS 7.1 on a 7K over CLI there's another gotcha: Ansible uses show run all and a non-indented 'no hsrp bfd' line will be inserted which throws off the diff. By inserting this line into your Jinja2, idempotency will be restored for the HSRP section. Like this:

interface Vlan{{ vlan_id }} description {{ svi_description | default(vlan_name) }} no shutdown no ip redirects ip address {{ svi_ipv4 }} no ip arp gratuitous hsrp duplicate no hsrp bfd hsrp version 2 hsrp {{ vlan_id }} ip {{ svi_vip }} ip dhcp relay address 1.2.3.4

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ansible/ansible/issues/36801#issuecomment-471492782, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AjMQOSb4pIiQqD4S_oss7vJcQszH8B8_ks5vVjXngaJpZM4SVoVB.