search

aruba / aoscx-ansible-collection

Ansible collections for AOS-CX switches 
48 stars 23 forks source link

idempotence and delete (vlan, vrf, interface) #63

Closed alagoutte closed 1 year ago

alagoutte commented 1 year ago

When you the following yaml

- hosts: all
  collections:
    - arubanetworks.aoscx
  vars:
  gather_facts: False
  tasks:
  - name: Remove vlan
    aoscx_vlan:
      state: delete
      vlan_id: 23

and if you launch multiple time, we get always changed status

alagoutte@ALG-Ansible:~$ansible-playbook -i cx1.yml cx_remove_vlan23.yaml 

PLAY [all] **********************************************************************************************************************************************************************

TASK [Remove vlan] **************************************************************************************************************************************************************
changed: [aoscx_1]

PLAY RECAP **********************************************************************************************************************************************************************
aoscx_1                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

alagoutte@ALG-Ansible:~$ ansible-playbook -i cx1.yml cx_remove_vlan23.yaml 

PLAY [all] **********************************************************************************************************************************************************************

TASK [Remove vlan] **************************************************************************************************************************************************************
changed: [aoscx_1]

PLAY RECAP **********************************************************************************************************************************************************************
aoscx_1                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

if you look the nginx log of switch (via start-shell)

unix: - - [22/Feb/2023:20:14:14 +0000] "POST /rest/login HTTP/1.1" 200 0 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "POST /rest/v10.04/login HTTP/1.1" 200 0 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "GET /rest/firmware HTTP/1.1" 200 121 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/firmware HTTP/1.1" 200 121 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23?depth=1&selector=writable HTTP/1.1" 404 1 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23?depth=1&selector=writable HTTP/1.1" 404 1 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "POST /rest/v10.04/system/vlans HTTP/1.1" 201 0 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "POST /rest/v10.04/system/vlans HTTP/1.1" 201 0 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23?depth=1&selector=writable HTTP/1.1" 200 1094 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23?depth=1&selector=writable HTTP/1.1" 200 1094 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23/macs HTTP/1.1" 200 2 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23/macs HTTP/1.1" 200 2 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23/static_macs HTTP/1.1" 200 2 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "GET /rest/v10.04/system/vlans/23/static_macs HTTP/1.1" 200 2 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "DELETE /rest/v10.04/system/vlans/23 HTTP/1.1" 204 0 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "DELETE /rest/v10.04/system/vlans/23 HTTP/1.1" 204 0 "-" "python-requests/2.27.1"
unix: - - [22/Feb/2023:20:14:14 +0000] "POST /rest/logout HTTP/1.1" 200 0 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [22/Feb/2023:20:14:14 +0000] "POST /rest/v10.04/logout HTTP/1.1" 200 0 "-" "python-requests/2.27.1"

You see the POST with create the vlan

the issue coming from https://github.com/aruba/aoscx-ansible-collection/blob/master/plugins/modules/aoscx_vlan.py#L136 (Create the vlan if don't exist... and delete after)

same issue with vrf and interface (and may be some other module...)

alagoutte commented 1 year ago

Look fixed with 4.5.0 (for vlan), not yet try with vrf and interface ! (should be nice to have network integration test !)

alagoutte commented 1 year ago

Confirm, it is fixed with vlan :

:ffff:10.200.11.146 - - [20/Nov/2023:09:14:34 +0000] "/rest/v10.04/login" 200 0 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:14:34 +0000] "POST /rest/login HTTP/1.1" "/rest/login" 200 0 "-" "python-requests/2.27.1" -
unix: - - [20/Nov/2023:09:14:34 +0000] "GET /rest/v10.04/system/vlans/23?depth=1&selector=writable HTTP/1.1" "/rest/v10.04/system/vlans/23?depth=1&selector=writable" 404 1 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:14:34 +0000] "/rest/v10.04/system/vlans/23?depth=1&selector=writable" 404 1 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [20/Nov/2023:09:14:34 +0000] "/rest/v10.04/logout" 200 0 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:14:34 +0000] "POST /rest/logout HTTP/1.1" "/rest/logout" 200 0 "-" "python-requests/2.27.1" -

also for vrf with this yaml

- hosts: all
  collections:
    - arubanetworks.aoscx
  gather_facts: False
  tasks:
  - name: Remove VRF
    aoscx_vrf:
      name: test1
      state: delete

the switch nginx log : 

unix: - - [20/Nov/2023:09:17:16 +0000] "POST /rest/login HTTP/1.1" "/rest/login" 200 0 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:17:16 +0000] "/rest/v10.04/login" 200 0 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:17:16 +0000] "GET /rest/v10.04/system/vrfs/test1?depth=1&selector=writable HTTP/1.1" "/rest/v10.04/system/vrfs/test1?depth=1&selector=writable" 404 1 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:17:16 +0000] "/rest/v10.04/system/vrfs/test1?depth=1&selector=writable" 404 1 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:17:16 +0000] "POST /rest/logout HTTP/1.1" "/rest/logout" 200 0 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:17:16 +0000] "/rest/v10.04/logout" 200 0 "-" "python-requests/2.27.1"

but for interface vlan, there is always the issue :

with the following ansible play book 

cheops@ALG-Ansible:~$ more cx_remove_svi.yml
- hosts: all
  collections:
    - arubanetworks.aoscx
  gather_facts: False
  tasks:
    - name: Create VLAN 44
      aoscx_vlan:
        vlan_id: 444
        description: UPLINK_VLAN
    - name: Create VLAN Interface 44
      aoscx_vlan_interface:
        vlan_id: 444
        description: UPLINK_VLAN
        state: delete
unix: - - [20/Nov/2023:09:37:15 +0000] "POST /rest/login HTTP/1.1" "/rest/login" 200 0 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:15 +0000] "/rest/v10.04/login" 200 0 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:16 +0000] "/rest/v10.04/system/vlans/444?depth=1&selector=writable" 200 1062 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:16 +0000] "GET /rest/v10.04/system/vlans/444?depth=1&selector=writable HTTP/1.1" "/rest/v10.04/system/vlans/444?depth=1&selector=writable" 200 1062 "-" "python-requests/2.27.1" -
unix: - - [20/Nov/2023:09:37:16 +0000] "GET /rest/firmware HTTP/1.1" "/rest/firmware" 200 121 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:16 +0000] "/rest/v10.04/firmware" 200 121 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:16 +0000] "/rest/v10.04/system?attributes=boot_time,q_profile_default,admin_password_set,aruba_central,other_config,platform_name,software_info,lldp_mgmt_neighbor_info,capabilities,mgmt_intf_status,domain_name,software_images,qos_defaults,qos_default,qos_config,software_version,hostname,capacities&depth=1" 200 18504 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:16 +0000] "GET /rest/v10.04/system?attributes=boot_time,q_profile_default,admin_password_set,aruba_central,other_config,platform_name,software_info,lldp_mgmt_neighbor_info,capabilities,mgmt_intf_status,domain_name,software_images,qos_defaults,qos_default,qos_config,software_version,hostname,capacities&depth=1 HTTP/1.1" "/rest/v10.04/system?attributes=boot_time,q_profile_default,admin_password_set,aruba_central,other_config,platform_name,software_info,lldp_mgmt_neighbor_info,capabilities,mgmt_intf_status,domain_name,software_images,qos_defaults,qos_default,qos_config,software_version,hostname,capacities&depth=1" 200 18504 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:16 +0000] "/rest/v10.04/system/vlans/444/macs?depth=2" 200 2 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:16 +0000] "GET /rest/v10.04/system/vlans/444/macs?depth=2 HTTP/1.1" "/rest/v10.04/system/vlans/444/macs?depth=2" 200 2 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:16 +0000] "/rest/v10.04/system/vlans/444/static_macs" 200 2 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:16 +0000] "GET /rest/v10.04/system/vlans/444/static_macs HTTP/1.1" "/rest/v10.04/system/vlans/444/static_macs" 200 2 "-" "python-requests/2.27.1" -
unix: - - [20/Nov/2023:09:37:16 +0000] "PUT /rest/v10.04/system/vlans/444 HTTP/1.1" "/rest/v10.04/system/vlans/444" 200 0 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:16 +0000] "/rest/v10.04/system/vlans/444" 200 0 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:17 +0000] "/rest/v10.04/firmware" 200 121 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:17 +0000] "GET /rest/firmware HTTP/1.1" "/rest/firmware" 200 121 "-" "python-requests/2.27.1" -
unix: - - [20/Nov/2023:09:37:17 +0000] "POST /rest/v10.04/system/interfaces HTTP/1.1" "/rest/v10.04/system/interfaces" 201 0 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:17 +0000] "/rest/v10.04/system/interfaces" 201 0 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:17 +0000] "GET /rest/v10.04/system/interfaces/vlan444?depth=1&selector=writable HTTP/1.1" "/rest/v10.04/system/interfaces/vlan444?depth=1&selector=writable" 200 7690 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:17 +0000] "/rest/v10.04/system/interfaces/vlan444?depth=1&selector=writable" 200 7690 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:17 +0000] "GET /rest/v10.04/system/interfaces/vlan444/ip6_addresses HTTP/1.1" "/rest/v10.04/system/interfaces/vlan444/ip6_addresses" 200 2 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:17 +0000] "/rest/v10.04/system/interfaces/vlan444/ip6_addresses" 200 2 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:17 +0000] "DELETE /rest/v10.04/system/interfaces/vlan444 HTTP/1.1" "/rest/v10.04/system/interfaces/vlan444" 204 0 "-" "python-requests/2.27.1" -
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:17 +0000] "/rest/v10.04/system/interfaces/vlan444" 204 0 "-" "python-requests/2.27.1"
::ffff:10.200.11.146 - - [20/Nov/2023:09:37:17 +0000] "/rest/v10.04/logout" 200 0 "-" "python-requests/2.27.1"
unix: - - [20/Nov/2023:09:37:17 +0000] "POST /rest/logout HTTP/1.1" "/rest/logout" 200 0 "-" "python-requests/2.27.1

this line unix: - - [20/Nov/2023:09:37:17 +0000] "POST /rest/v10.04/system/interfaces HTTP/1.1" "/rest/v10.04/system/interfaces" 201 0 "-" "python-requests/2.27.1" -

We see also on the log switch : 

2023-11-20T09:37:17.720802+00:00 switch hpe-restd[2036]: Event|4657|LOG_INFO|AMM|-|User admin logged out of REST session from 10.200.11.146
2023-11-20T09:37:17.719685+00:00 switch hpe-restd[2036]: Event|4608|LOG_INFO|AMM|-|Authorization allowed for user admin, for resource SessionMgmt, with action POST
2023-11-20T09:37:17.651222+00:00 switch hpe-rdiscd[578]: Event|3910|LOG_INFO|AMM|1/1|Interface: vlan444 is deleted from router discovery
2023-11-20T09:37:17.642567+00:00 switch hpe-restd[2036]: Event|4618|LOG_INFO|AMM|-|admin deleted /interfaces/vlan444
2023-11-20T09:37:17.604265+00:00 switch hpe-restd[2036]: Event|4607|LOG_INFO|AMM|-|Authorization succeeded for user admin, for resource RoleDefault, with action DELETE
2023-11-20T09:37:17.598255+00:00 switch hpe-rdiscd[578]: Event|3919|LOG_INFO|AMM|1/1|DNSSL is deleted on interface: vlan444
2023-11-20T09:37:17.598207+00:00 switch hpe-rdiscd[578]: Event|3917|LOG_INFO|AMM|1/1|RDNSS is deleted on interface: vlan444
2023-11-20T09:37:17.592262+00:00 switch hpe-rdiscd[578]: Event|3502|LOG_INFO|AMM|1/1|IRDP disabled on interface vlan444
2023-11-20T09:37:17.592195+00:00 switch hpe-rdiscd[578]: Event|3909|LOG_INFO|AMM|1/1|Interface: vlan444 is added to router discovery
2023-11-20T09:37:17.529949+00:00 switch intfd[561]: Event|401|LOG_INFO|AMM|1/1|Interface port_admin set to up for vlan444 interface
2023-11-20T09:37:17.517137+00:00 switch hpe-restd[2036]: Event|4617|LOG_INFO|AMM|-|admin created
2023-11-20T09:37:17.509466+00:00 switch hpe-restd[2036]: Event|4607|LOG_INFO|AMM|-|Authorization succeeded for user admin, for resource RoleDefault, with action POST
2023-11-20T09:37:16.072677+00:00 switch hpe-restd[2036]: Event|4619|LOG_INFO|AMM|-|admin modified /vlans/444
2023-11-20T09:37:16.063248+00:00 switch hpe-restd[2036]: Event|4607|LOG_INFO|AMM|-|Authorization succeeded for user admin, for resource RoleDefault, with action PUT
2023-11-20T09:37:15.946403+00:00 switch hpe-restd[2036]: Event|4655|LOG_INFO|AMM|-|User admin logged in from 10.200.11.146 through REST session
2023-11-20T09:37:15.946229+00:00 switch hpe-restd[2036]: Event|4602|LOG_INFO|AMM|-|Authentication succeeded for user admin in session d3v72cHRN94FLttkvGgTDA==

the idempotence is good on all case but the ansible don't create an interface for remove...

alagoutte commented 1 year ago

@tchiapuziowong need to kept this case open, there is always the issue with interface (i can recreate an issue if needed/better...)