[T2] add-topo failing at adding ceos config due to PR 8585

[vperumal]

Description

@deepak-singhal0408 - add-topo for T2 profile is failing due to PR #8585 - Reverting this PR fixes the issue

Tuesday 04 July 2023 02:05:31 +0000 (0:00:10.026) 0:30:56.944 ** fatal: [VM0100 -> 1.75.44.201]: FAILED! => {"changed": false, "msg": "AnsibleError: template error while templating string: expected token '=', got '.'. String: {% set host = configuration[hostname] %}\n{% set mgmt_ip = ansible_host %}\n{% if vm_type is defined and vm_type == \"ceos\" %}\n{% set mgmt_if_index = 0 %}\n{% else %}\n{% set mgmt_if_index = 1 %}\n{% endif %}\nno schedule tech-support\n!\n{% if vm_type is defined and vm_type == \"ceos\" %}\nagent LicenseManager shutdown\nagent PowerFuse shutdown\nagent PowerManager shutdown\nagent Thermostat shutdown\nagent LedPolicy shutdown\nagent StandbyCpld shutdown\nagent Bfd shutdown\n{% endif %}\n!\nhostname {{ hostname }}\n!\nvrf definition MGMT\n rd 1:1\n!\nspanning-tree mode mstp\n!\naaa root secret 0 123456\n!\nusername admin privilege 15 role network-admin secret 0 123456\n!\nclock timezone UTC\n!\nlldp run\nlldp management-address Management{{ mgmt_if_index }}\nlldp management-address vrf MGMT\n!\nsnmp-server community {{ snmp_rocommunity }} ro\nsnmp-server vrf MGMT\n!\nip routing\nip routing vrf MGMT\nipv6 unicast-routing\n!\n{% if vm_mgmt_gw is defined %}\nip route vrf MGMT 0.0.0.0/0 {{ vm_mgmt_gw }}\n{% else %}\nip route vrf MGMT 0.0.0.0/0 {{ mgmt_gw }}\n{% endif %}\n!\ninterface Management {{ mgmt_if_index }}\n description TO LAB MGMT SWITCH\n{% if vm_type is defined and vm_type == \"ceos\" %}\n vrf MGMT\n{% else %}\n vrf forwarding MGMT\n{% endif %}\n ip address {{ mgmt_ip }}/{{ mgmt_prefixlen }}\n no shutdown\n!\n{% set ns = namespace(po_mbr_cnt=0) %}\n{% for name, iface in host['interfaces'].items() %}\n{% if name.startswith('Ethernet') %}\n{% set ns.po_mbr_cnt = ns.po_mbr_cnt + 1 %}\n{% endif %}\n{% endfor %}\n\n{% for name, iface in host['interfaces'].items() %}\ninterface {{ name }}\n{% if name.startswith('Loopback') %}\n description LOOPBACK\n{% else %}\n mtu 9214\n no switchport\n{% endif %}\n{% if name.startswith('Port-Channel') %}\n{% set min_links = (ns.po_mbr_cnt * 0.75) | round(0, 'ceil') | int %}\n port-channel min-links {{ min_links }}\n{% endif %}\n{% if iface['lacp'] is defined %}\n channel-group {{ iface['lacp'] }} mode active\n lacp rate normal\n{% endif %}\n{% if iface['ipv4'] is defined %}\n ip address {{ iface['ipv4'] }}\n{% endif %}\n{% if iface['ipv6'] is defined %}\n ipv6 enable\n ipv6 address {{ iface['ipv6'] }}\n ipv6 nd ra suppress\n{% endif %}\n no shutdown\n!\n{% endfor %}\n!\ninterface {{ bp_ifname }}\n description backplane\n no switchport\n{% if host['bp_interface']['ipv4'] is defined %}\n ip address {{ host['bp_interface']['ipv4'] }}\n{% endif %}\n{% if host['bp_interface']['ipv6'] is defined %}\n ipv6 enable\n ipv6 address {{ host['bp_interface']['ipv6'] }}\n ipv6 nd ra suppress\n{% endif %}\n no shutdown\n!\nrouter bgp {{ host['bgp']['asn'] }}\n router-id {{ host['interfaces']['Loopback0']['ipv4'] | ipaddr('address') }}\n !\n{% for asn, remote_ips in host['bgp']['peers'].items() %}\n{% for remote_ip in remote_ips %}\n neighbor {{ remote_ip }} remote-as {{ asn }}\n neighbor {{ remote_ip }} maximum-routes 0\n neighbor {{ remote_ip }} description {{ asn }}\n{% if remote_ip | ipv6 %}\n address-family ipv6\n neighbor {{ remote_ip }} activate\n exit\n{% endif %}\n{% endfor %}\n{% endfor %}\n neighbor {{ props.nhipv4 }} remote-as {{ host['bgp']['asn'] }}\n neighbor {{ props.nhipv4 }} maximum-routes 0\n neighbor {{ props.nhipv4 }} description exabgp_v4\n neighbor {{ props.nhipv6 }} remote-as {{ host['bgp']['asn'] }}\n neighbor {{ props.nhipv6 }} maximum-routes 0\n neighbor {{ props.nhipv6 }} description exabgp_v6\n address-family ipv6\n neighbor {{ props.nhipv6 }} activate\n exit\n !\n{% for name, iface in host['interfaces'].items() if name.startswith('Loopback') %}\n{% if iface['ipv4'] is defined %}\n network {{ iface['ipv4'] }}\n{% endif %}\n{% if iface['ipv6'] is defined %}\n network {{ iface['ipv6'] }}\n{% endif %}\n{% endfor %}\n!\nmanagement api http-commands\n no protocol https\n protocol http\n no shutdown\n!\nend\n"}

[vperumal]

FYI @abdosi

[deepak-singhal0408]

Hi @vperumal, can you check ansible version in your sonic-mgmt container?

deepsinghal@vswitch:/var/src/sonic-mgmt/docs/ansible$ ansible --version /usr/local/lib/python2.7/dist-packages/ansible/parsing/vault/init.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release. from cryptography.exceptions import InvalidSignature ansible 2.8.12 config file = None configured module search path = [u'/home/deepsinghal/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible executable location = /usr/local/bin/ansible python version = 2.7.18 (default, Jul 1 2022, 12:27:04) [GCC 9.4.0]

I have created a t2-vswitch using sonic-mgmt container, which deploys 2 t2-core neighbors, and 2 t2-leaf nbrs, and dont see this problem..

[vperumal]

Hi @deepak-singhal0408 ,

ansible --version /usr/local/lib/python2.7/dist-packages/ansible/parsing/vault/init.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release. from cryptography.exceptions import InvalidSignature ansible 2.8.12 config file = None configured module search path = [u'/home/sonic/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible executable location = /usr/local/bin/ansible python version = 2.7.18 (default, Jul 1 2022, 12:27:04) [GCC 9.4.0]

I have always bought up the full T2 profile with 72 VMs, Once I revert back the PR's changes it is working fine for me. My neighbors are ceos.

[rraghav-cisco]

Is there a solution to this problem? we are still running our tests with PR:8585 backed out.

[deepak-singhal0408]

@abdosi to follow up with Cisco.. We are not seeing any issue after this change. None of the other vendors observed this issue.. Could be related to environment.

[abdosi]

@vperumal : Please check back this again ?