aci_interface_policy_port_security timeout parameter not working

[rukiaEnix]

SUMMARY

I was trying to use the aci_interface_policy_port_security module and I noticed that the timeout parameter is not working, I pass values different than 60 but the policy is always created with a timeout value of 60.

ISSUE TYPE

• Bug Report

COMPONENT NAME

aci_interface_policy_port_security

ANSIBLE VERSION

ansible 2.7.5

CONFIGURATION

DEFAULT_BECOME(/etc/ansible/ansible.cfg) = True
DEFAULT_BECOME_ASK_PASS(/etc/ansible/ansible.cfg) = False
DEFAULT_BECOME_METHOD(/etc/ansible/ansible.cfg) = sudo
DEFAULT_BECOME_USER(/etc/ansible/ansible.cfg) = root
DEFAULT_ROLES_PATH(/etc/ansible/ansible.cfg) = [u'/opt/working/roles']
DEFAULT_VAULT_PASSWORD_FILE(/etc/ansible/ansible.cfg) = /opt/working/.ansible_vault

OS / ENVIRONMENT

CentOS Linux release 7.6.1810 (Core) Target device: CISCO Application Policy Infrastructure Controller Version: 2.3(1f) The playbook is launched with ansible-playbook command from a Rundeck job.

STEPS TO REPRODUCE

---

- hosts: localhost
  gather_facts: no
  vars_files:
   - vars/aci.yml 
   - vars/policy.yml"

  tasks:
   - name: DEBUG
     debug:
      msg: "{{ ps_timeout }}"

   - name: CREATE PORT SECURITY INTERFACE POLICY
     aci_interface_policy_port_security:
      hostname: "{{ aci_host }}"
      username: "{{ aci_user }}"
      password: "{{ aci_password }}"
      validate_certs: False
      port_security: "{{ ps_pol_name }}"
      timeout: "{{ ps_timeout }}"
      max_end_points: "{{ ps_max_end_points }}"
      description: "{{ ps_description }}"
      state: present

Contents of aci.yml is only the hostname, username and password for connection to the ACI device. The contents of policy.yml are:

ps_pol_name: ansible_ps05
ps_timeout: 80
ps_max_end_points: 3
ps_description: test policy

EXPECTED RESULTS

To create an ACI interface port security policy with a timeout of 80 or any other value different than 60.

ACTUAL RESULTS

The ACI interface port security policy is always created with a timeout of 60, regardless of the value you choose/pass as parameter.

ansible-playbook 2.7.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/var/lib/rundeck/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible-playbook
  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
/etc/ansible/hosts did not meet host_list requirements, check plugin documentation if this is unexpected
/etc/ansible/hosts did not meet script requirements, check plugin documentation if this is unexpected
Parsed /etc/ansible/hosts inventory source with ini plugin
Read vars_file 'vars/aci.yml'
Read vars_file 'vars/policy.yml'

PLAYBOOK: aci_create_intf_policy_ps.yml ****************************************
1 plays in /opt/working/roles/aci/playbooks/aci_create_intf_policy_ps.yml
Read vars_file 'vars/aci.yml'
Read vars_file 'vars/policy.yml'
Read vars_file 'vars/aci.yml'
Read vars_file 'vars/policy.yml'

PLAY [localhost] ***************************************************************
META: ran handlers
Read vars_file 'vars/aci.yml'
Read vars_file 'vars/policy.yml'

TASK [DEBUG] *******************************************************************
task path: /opt/working/roles/aci/playbooks/aci_create_intf_policy_ps.yml:11
ok: [localhost] => {
    "msg": 80
}
Read vars_file 'vars/aci.yml'
Read vars_file 'vars/policyyml'

TASK [CREATE PORT SECURITY INTERFACE POLICY] ***********************************
task path: /opt/working/roles/aci/playbooks/aci_create_intf_policy_ps.yml:15
<localhost> ESTABLISH SSH CONNECTION FOR USER: None
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/rundeck/.ansible/cp/8a5a4c6a60 localhost '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<localhost> (0, '/var/lib/rundeck\n', '')
<localhost> ESTABLISH SSH CONNECTION FOR USER: None
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/rundeck/.ansible/cp/8a5a4c6a60 localhost '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602 `" && echo ansible-tmp-1548782932.26-63215767615602="` echo /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602 `" ) && sleep 0'"'"''
<localhost> (0, 'ansible-tmp-1548782932.26-63215767615602=/var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602\n', '')
Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/aci/_aci_intf_policy_port_security.py
<localhost> PUT /var/lib/rundeck/.ansible/tmp/ansible-local-62668WFQnHO/tmp0xX5ic TO /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602/AnsiballZ__aci_intf_policy_port_security.py
<localhost> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/rundeck/.ansible/cp/8a5a4c6a60 '[localhost]'
<localhost> (0, 'sftp> put /var/lib/rundeck/.ansible/tmp/ansible-local-62668WFQnHO/tmp0xX5ic /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602/AnsiballZ__aci_intf_policy_port_security.py\n', '')
<localhost> ESTABLISH SSH CONNECTION FOR USER: None
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/rundeck/.ansible/cp/8a5a4c6a60 localhost '/bin/sh -c '"'"'chmod u+x /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602/ /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602/AnsiballZ__aci_intf_policy_port_security.py && sleep 0'"'"''
<localhost> (0, '', '')
<localhost> ESTABLISH SSH CONNECTION FOR USER: None
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/rundeck/.ansible/cp/8a5a4c6a60 -tt localhost '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-copwlrdecthkuqtlfgtnfhhxkequmwjh; /usr/bin/python /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602/AnsiballZ__aci_intf_policy_port_security.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<localhost> (0, '\r\n{"current": [{"l2PortSecurityPol": {"attributes": {"dn": "uni/infra/portsecurityP-ansible_ps05", "ownerKey": "", "name": "ansible_ps05", "descr": "test policy", "nameAlias": "", "violation": "protect", "maximum": "3", "timeout": "60", "ownerTag": ""}}}], "invocation": {"module_args": {"username": "ansible", "max_end_points": 3, "private_key": null, "protocol": "https", "use_proxy": true, "certificate_name": null, "hostname": "*****", "host": "*****", "output_level": "normal", "state": "present", "port_security": "ansible_ps05", "timeout": 80, "use_ssl": true, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "validate_certs": false, "port": null, "description": "test policy"}}, "changed": true}\r\n', 'Shared connection to localhost closed.\r\n')
<localhost> ESTABLISH SSH CONNECTION FOR USER: None
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/rundeck/.ansible/cp/8a5a4c6a60 localhost '/bin/sh -c '"'"'rm -f -r /var/lib/rundeck/.ansible/tmp/ansible-tmp-1548782932.26-63215767615602/ > /dev/null 2>&1 && sleep 0'"'"''
<localhost> (0, '', '')
changed: [localhost] => {
    "changed": true,
    "current": [
        {
            "l2PortSecurityPol": {
                "attributes": {
                    "descr": "test policy",
                    "dn": "uni/infra/portsecurityP-ansible_ps05",
                    "maximum": "3",
                    "name": "ansible_ps05",
                    "nameAlias": "",
                    "ownerKey": "",
                    "ownerTag": "",
                    "timeout": "60",
                    "violation": "protect"
                }
            }
        }
    ],
    "invocation": {
        "module_args": {
            "certificate_name": null,
            "description": "test policy",
            "host": "*****",
            "hostname": "*****",
            "max_end_points": 3,
            "output_level": "normal",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": null,
            "port_security": "ansible_ps05",
            "private_key": null,
            "protocol": "https",
            "state": "present",
            "timeout": 80,
            "use_proxy": true,
            "use_ssl": true,
            "username": "ansible",
            "validate_certs": false
        }
    }
}
META: ran handlers
META: ran handlers

PLAY RECAP *********************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=0

[ansibot]

Files identified in the description:

• lib/ansible/modules/network/aci/aci_interface_policy_port_security.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibot]

cc @brunocalogero @dagwieers @jmcgill298 @schunduri click here for bot help

[ansibot]

@rukiaEnix, just so you are aware we have a dedicated Working Group for network. You can find other people interested in this in #ansible-network on Freenode IRC For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

[dagwieers]

@rukiaEnix The timeout parameter you are using is related to the HTTPS connectivity, and not related to the ACI object you are managing. https://docs.ansible.com/ansible/latest/modules/aci_interface_policy_port_security_module.html

The functionality you are looking for appears not to be implemented.

[dagwieers]

So this is not a bug report, but rather a feature request.

[rukiaEnix]

Thanks fot the quick answers, so the feature for timeout on the policy is something that could come in the future?

[dagwieers]

Yes, we can add it. You can also try to add it yourself, it's not that hard to do actually.

[ansibot]

@rukiaEnix: Greetings! Thanks for taking the time to open this issue. In order for the community to handle your issue effectively, we need a bit more information.

Here are the items we could not find in your description:

• issue type
• ansible version
• component name

Please set the description of this issue with this template: https://raw.githubusercontent.com/ansible/ansible/devel/.github/ISSUE_TEMPLATE.md

click here for bot help

[ansibot]

cc @mtorelli @rsmeyers @smnmtzgr click here for bot help

[ansibot]

cc @koladiya click here for bot help

[ansibot]

cc @devarshishah3 @fadallar click here for bot help

[ansibot]

cc @aciguru click here for bot help

[aciguru]

Moved to

https://github.com/CiscoDevNet/ansible-aci/issues/19

[dagwieers]

@gundalow Can you close this ticket? Thanks!