nautobot / nautobot-app-golden-config

Golden Configuration App for Nautobot.
https://docs.nautobot.com/projects/golden-config/en/latest/
Other
100 stars 57 forks source link

Compliance Status does not refresh #800

Closed damn42 closed 1 month ago

damn42 commented 2 months ago

Environment

General description

A feature that is compliant does not go into "Non-Compliant" state when the configuration on the device changes.

CleanShot 2024-08-26 at 19 00 46@2x

The screenshot shows the issue. A line of extra configuration is found but does not change the feature to "Non-Compliant". The same happens if I restore a compliant state, the Feature stays non-compliant.

If I delete the Compliance Rule a recreate it exactly as it was and run the jobs again, it works correctly again (for one time only).

The Remediation part of a Rule also behaves incorrectly, please let me know if I should provide more details on that side.

Steps to Reproduce

  1. Make a fresh install of Nautobot and the Golden Config App
  2. Take all necessary steps to be able to use the Golden Config App (in my case, custom Napalm driver, Git Repos, etc.)
  3. Create a template (for simplicity a 1:1 copy of the running config) and generate an intended config
  4. Create a backup of the device
  5. Create a Feature and a Rule, run the compliance job => Feature is compliant
  6. Add an extra line on the device
  7. Run all Golden Config jobs on the device
  8. Feature is still compliant but extra line is (rightly) shown (as per screenshot)
itdependsnetworks commented 2 months ago

Can you show the compliance detail view, by hitting the "NTP" link in your screen shot? As an example: https://demo.nautobot.com/plugins/golden-config/config-compliance/66c18f78-cd3e-4c1b-a6c7-e237daa800bf/?tab=main

damn42 commented 2 months ago

Sure: CleanShot 2024-08-26 at 19 42 29@2x

It's not in the same state as the screenshot above, does that matter for you?

itdependsnetworks commented 2 months ago

Yes, it does.

damn42 commented 2 months ago

Ok, fair enough. I'll get back to you with that screenshot tomorrow, I can't access the environment until then, sorry.

But what I can tell you now: whenever I delete the Compliance Rule, recreate it and rerun all jobs, the Feature on the device is correct, no matter if the current state is compliant or not. Then, say it's compliant and I add an unwanted line and rerun all jobs, the state stays Compliant (which is incorrect) but the extra line is shown. When I delete and recreate the Rule an rerun all jobs it's good again (in this case non-compliant with the extra line).

Hope this helps for now and I'll get you the screenshot and whatever else you need tomorrow.

Thanks for your help!

damn42 commented 2 months ago

Here's the screenshot with the state I described in the beginning. CleanShot 2024-08-27 at 18 49 02@2x What I just noticed now, "Ordered" is activated. It is not in the rule though: CleanShot 2024-08-27 at 18 50 20@2x Do you need anything else?

itdependsnetworks commented 2 months ago

I think that should be good, I think you likely hit the point that matters with ordered.

baldy2811 commented 2 months ago

It seems i hitted the same issue:

image

itdependsnetworks commented 2 months ago

The issue is likely from: https://docs.djangoproject.com/en/5.1/releases/4.2/#setting-update-fields-in-model-save-may-now-be-required will get something out soon.

itdependsnetworks commented 2 months ago

Fix should be here: https://github.com/nautobot/nautobot-app-golden-config/pull/798/commits/8e6ed07836c911c41b77da51b6f00af6a9404aad

baldy2811 commented 2 months ago

@itdependsnetworks Issue is fixed with that updates. Thank you!

damn42 commented 2 months ago

Looking good.. do you want me to do something with the GitHub issue or is that something you do on your side? Sorry, this is the first issue I created.. :)