Cant Create Peer Zones with brocade.fos.brocade_zoning_zone Module

[samuellay]

I can't create peer zones. The plugin is supposed to recognize "principal_members" and create a peer zone. When I use normal members at zone creation, it works:

zones:
  - name: mypeerzone
    members:
      - secondtolaststhost
      - lasthost

When I use principal members, I get an error saying I'm using duplicate names.

- name: mypeerzone
    principal_members:
      - firsthost
      - nexthost

Msg:
"error-message": "Error: Duplicate members exist in the member list of \"mypeerzone\". To avoid unexpected behavior please create peer zones without duplicate members.",

Here's the information:

Requirements.txt:

alabaster==0.7.12
ansible==4.5.0
ansible-core==2.11.12
Babel==2.10.1
bcrypt==3.2.2
certifi==2022.5.18.1
cffi==1.15.0
chardet==3.0.4
colorconsole==0.7.2
cryptography==37.0.2
docutils==0.18.1
et-xmlfile==1.1.0
idna==2.10
imagesize==1.3.0
jdcal==1.4.1
Jinja2==3.1.2
jsondiff==1.2.0
MarkupSafe==1.1.0
openpyxl==2.6.3
packaging==21.3
paramiko==2.7.1
pycparser==2.21
pyfos==2.0.0
Pygments==2.12.0
PyNaCl==1.5.0
pyparsing==3.0.9
pytz==2022.1
PyYAML==6.0
requests==2.23.0
resolvelib==0.5.4
six==1.14.0
snowballstemmer==2.2.0
Sphinx==1.7.2
sphinxcontrib-serializinghtml==1.1.5
sphinxcontrib-websupport==1.2.4
urllib3==1.25.11
xlrd==1.2.0
xmltodict==0.11.0

Playbook:

---
- name: brocade_create_zone
  hosts: all
  connection: local
  collections:
  - brocade.fos
  gather_facts: no
  roles:
    - role: brocade_create_zone

---

Role:

---
- name: Create zones
  brocade.fos.brocade_zoning_zone:
    credential: "{{credential}}"
    vfid: -1
    zones: "{{zones}}"
    members_add_only: True

---

Inventory:

---
all:
brocadeswitches:
  vars:
    brocade_user_name: ansibleuser
    brocade_password: "a-mystery"
  hosts:
    syn14b01fc001:
      credential:
        fos_ip_addr: 100.64.14.131
        fos_user_name: "{{ brocade_user_name }}"
        fos_password: "{{ brocade_password }}"
        https: self
    syn14b01fc002:
      credential:
        fos_ip_addr: 100.64.14.133
        fos_user_name: "{{ brocde_user_name }}"
        fos_password: "{{ brocade_password }}"
        https: self
    syn15b01fc001:
      credential:
        fos_ip_addr: 100.72.14.131
        fos_user_name: "{{ user_name }}"
        fos_password: "{{ brocade_password }}"
        https: self
    syn15b01fc002:
      credential:
        fos_ip_addr: 100.72.14.133
        fos_user_name: "{{ user_name }}"
        fos_password: "{{ brocade_password }}"
        https: self

Parameter files:

zones.yml
zones:
  - name: mypeerzone
    principal_members:
      - firsthost
      - nexthost

  - 

zones2.yml

zones:
  - name: mypeerzone
    members:
      - secondtolaststhost
      - lasthost

---

Run with principalmembers:

(brocade_env) slay@syn14v01ev714:~/learn-brocade$ ansible-playbook -vvvv -l syn14b01fc001 -i inventorypt.yml -e "@zones.yml" _brocade_create_zone.yml
/home/slay/brocade_env/lib/python3.8/site-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated
  "class": algorithms.Blowfish,
ansible-playbook [core 2.11.12]
  config file = /home/slay/learn-brocade/ansible.cfg
  configured module search path = ['/home/slay/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/slay/brocade_env/lib/python3.8/site-packages/ansible
  ansible collection location = /home/slay/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/slay/brocade_env/bin/ansible-playbook
  python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True
Using /home/slay/learn-brocade/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/slay/learn-brocade/inventorypt.yml as it did not pass its verify_file() method
script declined parsing /home/slay/learn-brocade/inventorypt.yml as it did not pass its verify_file() method
Parsed /home/slay/learn-brocade/inventorypt.yml inventory source with yaml plugin
Loading collection brocade.fos from /home/slay/.ansible/collections/ansible_collections/brocade/fos
Loading callback plugin default of type stdout, v2.0 from /home/slay/brocade_env/lib/python3.8/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: _brocade_create_zone.yml *************************************************************
Positional arguments: _brocade_create_zone.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/slay/learn-brocade/inventorypt.yml',)
subset: syn14b01fc001
extra_vars: ('@/home/slay/learn-brocade/zones.yml',)
forks: 5
1 plays in _brocade_create_zone.yml

PLAY [brocade_create_zone] *********************************************************************
META: ran handlers

TASK [brocade_create_zone : Create zones] ******************************************************
task path: /home/slay/learn-brocade/roles/brocade_create_zone/tasks/main.yml:2
<syn14b01fc001> ESTABLISH LOCAL CONNECTION FOR USER: slay
<syn14b01fc001> EXEC /bin/sh -c 'echo ~slay && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/slay/.ansible/tmp `"&& mkdir "` echo /home/slay/.ansible/tmp/ansible-tmp-1655481418.239548-436939-73383288589838 `" && echo ansible-tmp-1655481418.239548-436939-73383288589838="` echo /home/slay/.ansible/tmp/ansible-tmp-1655481418.239548-436939-73383288589838 `" ) && sleep 0'
<syn14b01fc001> Attempting python interpreter discovery
<syn14b01fc001> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c '/usr/bin/python3.8 && sleep 0'
Using module file /home/slay/.ansible/collections/ansible_collections/brocade/fos/plugins/modules/brocade_zoning_zone.py
<syn14b01fc001> PUT /home/slay/.ansible/tmp/ansible-local-4369345ynehq0g/tmprwn_3xcx TO /home/slay/.ansible/tmp/ansible-tmp-1655481418.239548-436939-73383288589838/AnsiballZ_brocade_zoning_zone.py
<syn14b01fc001> EXEC /bin/sh -c 'chmod u+x /home/slay/.ansible/tmp/ansible-tmp-1655481418.239548-436939-73383288589838/ /home/slay/.ansible/tmp/ansible-tmp-1655481418.239548-436939-73383288589838/AnsiballZ_brocade_zoning_zone.py && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c '/usr/bin/python3 /home/slay/.ansible/tmp/ansible-tmp-1655481418.239548-436939-73383288589838/AnsiballZ_brocade_zoning_zone.py && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c 'rm -f -r /home/slay/.ansible/tmp/ansible-tmp-1655481418.239548-436939-73383288589838/ > /dev/null 2>&1 && sleep 0'
fatal: [syn14b01fc001]: FAILED! => {
    "GET_url": "https://********/rest/running/zoning/defined-configuration/zone",
    "PATCH_url": "https://********/rest/running/zoning/effective-configuration",
    "POST_resp_code": 400,
    "POST_resp_data": {
        "errors": {
            "@xmlns": "urn:ietf:params:xml:ns:yang:ietf-restconf",
            "error": {
                "error-app-tag": "Error",
                "error-info": {
                    "error-code": "-502",
                    "error-module": "zone"
                },
                "error-message": "Error: Duplicate members exist in the member list of \"mypeerzone\". To avoid unexpected behavior please create peer zones without duplicate members.",
                "error-path": "/zone/zone-name/mypeerzone/",
                "error-tag": "Operation-failed",
                "error-type": "protocol"
            }
        }
    },
    "POST_resp_reason": "Bad Request",
    "POST_url": "https://********/rest/logout",
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "common_list": [],
    "invocation": {
        "module_args": {
            "credential": {
                "fos_ip_addr": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "fos_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "fos_user_name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "https": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
            },
            "members_add_only": true,
            "members_remove_only": null,
            "throttle": null,
            "timeout": null,
            "vfid": -1,
            "zones": [
                {
                    "name": "mypeerzone",
                    "principal_members": [
                        "firsthost",
                        "nexthost"
                    ]
                }
            ],
            "zones_to_delete": null
        }
    },
    "msg": "HTTP POST failed",
    "patch_resp_data": "",
    "post_list": [
        {
            "name": "mypeerzone",
            "principal_members": [
                "firsthost",
                "nexthost"
            ]
        }
    ],
    "remove_list": [],
    "zone_str": "<defined-configuration><zone><zone-name>mypeerzone</zone-name><zone-type>1</zone-type><member-entry><principal-entry-name>firsthost</principal-entry-name><principal-entry-name>nexthost</principal-entry-name></member-entry></zone></defined-configuration>"
}

PLAY RECAP *************************************************************************************
syn14b01fc001              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

**It fails with principal members above Look for

"error-message": "Error: Duplicate members exist in the member list of \"mypeerzone\". To avoid unexpected behavior please create peer zones without duplicate members.",**

Now try with initiators:

(brocade_env) slay@syn14v01ev714:~/learn-brocade$ ansible-playbook -vvvv -l syn14b01fc001 -i inventorypt.yml -e "@zones2.yml" _brocade_create_zone.yml
/home/slay/brocade_env/lib/python3.8/site-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated
  "class": algorithms.Blowfish,
ansible-playbook [core 2.11.12]
  config file = /home/slay/learn-brocade/ansible.cfg
  configured module search path = ['/home/slay/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/slay/brocade_env/lib/python3.8/site-packages/ansible
  ansible collection location = /home/slay/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/slay/brocade_env/bin/ansible-playbook
  python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True
Using /home/slay/learn-brocade/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/slay/learn-brocade/inventorypt.yml as it did not pass its verify_file() method
script declined parsing /home/slay/learn-brocade/inventorypt.yml as it did not pass its verify_file() method
Parsed /home/slay/learn-brocade/inventorypt.yml inventory source with yaml plugin
Loading collection brocade.fos from /home/slay/.ansible/collections/ansible_collections/brocade/fos
Loading callback plugin default of type stdout, v2.0 from /home/slay/brocade_env/lib/python3.8/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: _brocade_create_zone.yml *************************************************************
Positional arguments: _brocade_create_zone.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/slay/learn-brocade/inventorypt.yml',)
subset: syn14b01fc001
extra_vars: ('@/home/slay/learn-brocade/zones2.yml',)
forks: 5
1 plays in _brocade_create_zone.yml

PLAY [brocade_create_zone] *********************************************************************
META: ran handlers

TASK [brocade_create_zone : Create zones] ******************************************************
task path: /home/slay/learn-brocade/roles/brocade_create_zone/tasks/main.yml:2
<syn14b01fc001> ESTABLISH LOCAL CONNECTION FOR USER: slay
<syn14b01fc001> EXEC /bin/sh -c 'echo ~slay && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/slay/.ansible/tmp `"&& mkdir "` echo /home/slay/.ansible/tmp/ansible-tmp-1655481439.7945511-436992-26703065078813 `" && echo ansible-tmp-1655481439.7945511-436992-26703065078813="` echo /home/slay/.ansible/tmp/ansible-tmp-1655481439.7945511-436992-26703065078813 `" ) && sleep 0'
<syn14b01fc001> Attempting python interpreter discovery
<syn14b01fc001> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c '/usr/bin/python3.8 && sleep 0'
Using module file /home/slay/.ansible/collections/ansible_collections/brocade/fos/plugins/modules/brocade_zoning_zone.py
<syn14b01fc001> PUT /home/slay/.ansible/tmp/ansible-local-436985k_k26yxq/tmphnd67c0v TO /home/slay/.ansible/tmp/ansible-tmp-1655481439.7945511-436992-26703065078813/AnsiballZ_brocade_zoning_zone.py
<syn14b01fc001> EXEC /bin/sh -c 'chmod u+x /home/slay/.ansible/tmp/ansible-tmp-1655481439.7945511-436992-26703065078813/ /home/slay/.ansible/tmp/ansible-tmp-1655481439.7945511-436992-26703065078813/AnsiballZ_brocade_zoning_zone.py && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c '/usr/bin/python3 /home/slay/.ansible/tmp/ansible-tmp-1655481439.7945511-436992-26703065078813/AnsiballZ_brocade_zoning_zone.py && sleep 0'
<syn14b01fc001> EXEC /bin/sh -c 'rm -f -r /home/slay/.ansible/tmp/ansible-tmp-1655481439.7945511-436992-26703065078813/ > /dev/null 2>&1 && sleep 0'
changed: [syn14b01fc001] => {
    "GET_url": "https://********/rest/running/zoning/defined-configuration/zone",
    "PATCH_url": "https://********/rest/running/zoning/effective-configuration",
    "POST_url": "https://********/rest/logout",
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": true,
    "common_list": [],
    "invocation": {
        "module_args": {
            "credential": {
                "fos_ip_addr": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "fos_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "fos_user_name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "https": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
            },
            "members_add_only": true,
            "members_remove_only": null,
            "throttle": null,
            "timeout": null,
            "vfid": -1,
            "zones": [
                {
                    "members": [
                        "secondtolaststhost",
                        "lasthost"
                    ],
                    "name": "mypeerzone"
                }
            ],
            "zones_to_delete": null
        }
    },
    "patch_resp_data": "",
    "post_list": [
        {
            "members": [
                "secondtolaststhost",
                "lasthost"
            ],
            "name": "mypeerzone"
        }
    ],
    "remove_list": [],
    "zone_str": "<defined-configuration><zone><zone-name>mypeerzone</zone-name><member-entry><entry-name>secondtolaststhost</entry-name><entry-name>lasthost</entry-name></member-entry></zone></defined-configuration>"
}
META: role_complete for syn14b01fc001
META: ran handlers
META: ran handlers

Works for initators, but not principal members

PLAY RECAP ***** syn14b01fc001 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[prasad-valmeti-broadcom]

Hi Samuellay, To understand better on this issue, “error-message": "Error: Duplicate members exist in the member list of \"mypeerzone\". To avoid unexpected behavior please create peer zones without duplicate members.", need some more details as mentioned below:

As per the zone module owners, we need the membership details of the aliases the user has specified as Peer Zone members:

"The fcaliases, (secondtolaststhost, lasthost) were previously created exclusively for this test."

Could you please send these details to understand why it shows issue? As per the understanding these alias members are already exist that's why it shows that message. Regards, Prasad

[samuellay]

The principal members did not exist prior to running the command. Even it they were, the correct ansible behavior would be to run successfully w/ 0 changes.

[prasad-valmeti-broadcom]

Hi Samuellay, Ansible sends the config request to the switch, the response is directly coming from the switch. No membership validation is performed on Ansible side.

 As per the zone module owner,  secondtolaststhost, and lasthost alias members already exist on the switch that is attempting to create 
 peer zone. In those scenarios only, the "Error: Duplicate members exist in the member list of \"peerzone003\". To avoid unexpected behavior please create peer zones without duplicate members."  appears.

  Could you please confirm if there are alias members exist on the switch before running the test?
  If they do exist, what does the membership of these aliases look like? 

 Could you please provide these details that will help to make progress on this issue?

Regards, Prasad

[samuellay]

Yes, I was misinterpreting the error message. I thought it meant duplicates in the current argument set. I finally realized that this was because those wwpns were already zoned to those targets with different fcaliases. I had failed to clean up adequately after some previous testing.

Thank you for the follow-up, Sam