Broken idempotence ?

[JBaptisme]

Hello all,

I'm facing an idempotence issue when using the puppet module into my Nexus 3064PQ (I have not tested on another model)

Code on Master side to configure an interface :

 cisco_interface { $name:
        shutdown                      => false,
        description                   => $description,
        speed                            => $speed,
        switchport_trunk_allowed_vlan => $tagged_vlans,
        switchport_trunk_native_vlan  => $untagged_vlan,
      }

Manifest for an interface example:

'Ethernet 1/1':
                speed: 1g
                description: test--eth0
                untagged_vlan: 10
                tagged_vlans: 
                       - 10
                       - 200

Effects when running agent:

### [root@XXXXX ~]# puppet agent -t
Info: Using configured environment 'switchs'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Applying configuration version 'b6e20494944b0ffcb542ed72bd1c39d5338b16b8'
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/1]/Cisco_interface[Ethernet 1/1]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/1]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/2]/Cisco_interface[Ethernet 1/2]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/2]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/3]/Cisco_interface[Ethernet 1/3]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/3]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/4]/Cisco_interface[Ethernet 1/4]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/4]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/5]/Cisco_interface[Ethernet 1/5]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/5]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/6]/Cisco_interface[Ethernet 1/6]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/6]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/7]/Cisco_interface[Ethernet 1/7]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/7]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/8]/Cisco_interface[Ethernet 1/8]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/8]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/9]/Cisco_interface[Ethernet 1/9]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/9]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/11]/Cisco_interface[Ethernet 1/11]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/11]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/12]/Cisco_interface[Ethernet 1/12]/ensure: current_value absent, should be present (noop)
Notice: Links::Switchs::Interfaces[Ethernet 1/12]: Would have triggered 'refresh' from 1 events
Notice: Class[Profile::TEST::Interfaces]: Would have triggered 'refresh' from 31 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Applied catalog in 16.00 seconds

Each time I launch puppet agent, idempotence is not respected . Each time I always have change on my interfaces (same I don't make any modification)

Have I forgotten something to not have this issue ?

Thanks

[mikewiebe]

@JBaptisme Thank you for logging this issue. Our module manages physical interfaces the same way virtual interfaces are managed. The idea of present or absent means in order to bring interfaces under puppet management you need to include ensure -> present in your manifest.

Can you please add this and re-try?

cisco_interface { $name:
  ensure                           => present,
  shutdown                         => false,
  description                      => $description,
  speed                            => $speed,
  switchport_trunk_allowed_vlan    => $tagged_vlans,
  switchport_trunk_native_vlan     => $untagged_vlan,
}

If you use ensure => absent on a physical interface it will put the interface into a default state.

More info here: https://github.com/cisco/cisco-network-puppet-module#ensure-18

[JBaptisme]

@mikewiebe , thanks for you help.

I've added ensure line. Code is like you paste it Unfortunately, I keep have non-idempot manifest

Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/1]/Cisco_interface[Ethernet 1/1]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/2]/Cisco_interface[Ethernet 1/2]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/3]/Cisco_interface[Ethernet 1/3]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/4]/Cisco_interface[Ethernet 1/4]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/5]/Cisco_interface[Ethernet 1/5]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/6]/Cisco_interface[Ethernet 1/6]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/7]/Cisco_interface[Ethernet 1/7]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/8]/Cisco_interface[Ethernet 1/8]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/9]/Cisco_interface[Ethernet 1/9]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/11]/Cisco_interface[Ethernet 1/11]/ensure: created
Notice: /Stage[main]/Profile::TEST::Interfaces/Links::Switchs::Interfaces[Ethernet 1/12]/Cisco_interface[Ethernet 1/12]/ensure: created
Notice: Applied catalog in 23.27 seconds`

Do you have an idea ? thanks

[mikewiebe]

@JBaptisme What is your NX-OS image version and Cisco Puppet Module version?

[JBaptisme]

Hello,

Switch is 3064PQ. NX-OS is 7.0(3)I4(7). Puppet agent rpm version is 1.10.14-1.el7.x86_64 Cisco Puppet module version used is 1.8.0

mod 'puppetlabs-ciscopuppet', '1.8.0'

Regards,

[JBaptisme]

Hi,

I've tried with present between quote ensure => 'present',

Issue is the same, for each interface Interfaces[Ethernet 1/1]/Cisco_interface[Ethernet 1/1]/ensure: created Regards,

[mikewiebe]

@JBaptisme I am working to recreate the issue and get a root cause. I will respond on this thread when I have more information.

Thanks!

[saichint]

@JBaptisme Can you make sure that the name of interface does NOT have any white space in the middle? For ex. please provide the name as "ethernet1/1" instead of "ethernet 1/1" The puppet resource does not show the space even though configuration is possible using a space, and this could be the reason why you are having idempotent issues. Please try and let us know.

[JBaptisme]

Hello,

Thanks, without white space it work like a charm now... Thanks for support ! I'm facing same idempotence issue with the network_vlan provider (I will swap to the cisco provider) and will create another issue if i'm always in trouble for vlan. Another time, thanks for help, it will help me a lot :)

Bye,