Closed gusmb closed 4 months ago
I see that the whole config validation is based on an iterative process, looping through the list of configlets (as dictionary items, probably ordering here is not guaranteed), and running this cvprac API call:
resp = self.__cv_client.api.validate_config_for_device(
device_mac=system_mac,
config=config)
That is OK if the configlet has the full device config or at least config without dependencies, but since it is validated as a standalone configlet, it might fail in certain cases. IMO the solution here would be to combine the config of all device configlets into a single config text in the right order, and then do a single device-level validation, instead of validating each configlet individually
Thanks for filing the issue! The main uses case for this module was to use it in tangent with arista-avd in CI pipelines, where you'd have one true single configlet (with full target config) generated by AVD per device and you'd validate the multiline string before the configlet was even uploaded to CloudVision, thus saving a lot of time at scale compared to previously where if there was an error, the user would only find out after the configlet was uploaded and then assigned to the device. This module validates each configlet individually just as the UI does on the Configlets page, where you can validate an individual configlet and doesn't use the validateAndCompareConfiglets.do API that is used on "Manage->Configlets->Validate" page in Network Provisioning
With that said, we could take a look at what would it mean to add a knob to concatenate all the strings, ideally users should create configlets that are independent of each other as that may cause issues, especially if they are not ordered correctly
Thanks for filing the issue! The main uses case for this module was to use it in tangent with arista-avd in CI pipelines, where you'd have one true single configlet (with full target config) generated by AVD per device and you'd validate the multiline string before the configlet was even uploaded to CloudVision, thus saving a lot of time at scale compared to previously where if there was an error, the user would only find out after the configlet was uploaded and then assigned to the device. This module validates each configlet individually just as the UI does on the Configlets page, where you can validate an individual configlet and doesn't use the validateAndCompareConfiglets.do API that is used on "Manage->Configlets->Validate" page in Network Provisioning
With that said, we could take a look at what would it mean to add a knob to concatenate all the strings, ideally users should create configlets that are independent of each other as that may cause issues, especially if they are not ordered correctly
Thanks for the explanation. I think limiting the use case is confusing. On one side the data structure exposed to the user allows specifying different configlets, but on the other side you only expect a single configlet. I run CI pipelines powered by AVD, but it is typical to have additional configlets mapped to devices for certain use cases, like add-on user temp configs, or a dedicated configlet for another service that runs on top, etc. Usually as users we are interested in the overall config for the device, rather than an individual configlet. I have solved this locally for now by concatenating the config strings on input, but I think this would be better to handle within the module.
To honor the configlet order, I would suggest updating the data structure to a list of dicts instead of a dict of dicts. And probably interesting to expand the module functionality to do device level validation (taking into account all configlets in the order provided), or individual configlet validation. I would think device level should be the default as this is usually what customers are looking for when running manual operations on CVP
Thanks for the feedback! Definitely it's better to handle it in the module, we'll have to see if this can be done in a non-breaking manner for customers who are using this already, in which case we could do it in one of the next feature releases, otherwise it would be only in the next major release(4.0.0)
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 15 days
Has there been any progress on this? Issue is still relevant and should not be closed automatically.
We do not plan to address this in arista.cvp. Your workaround with concatenating the configlets before running the module will have to hold a bit longer, until you can move to the new arista.avd.deploy_to_cv
role.
Issue Summary
cv_validate_v3
does not validate configlets for a device as ONE config, but each configlet individually. This causes false positives when a configlet contains dependencies to other configlets that are applied to the device before in the list.Which component(s) of AVD impacted
other
How do you run AVD ?
Ansible CLI (with virtual-env or native python)
Input variables
Steps to reproduce
Relevant log output
vrf instance TEST was defined on
device1.cfg
anddevice2.cfg
respectivelyCode of Conduct