ansible-aci
ansible-aci copied to clipboard
CiscoDevNet
aci_rest: change not detected
ISSUE TYPE Bug Report maybe Enhancement request?
COMPONENT NAME aci_rest
ANSIBLE VERSION
ansible 2.4.2.0
config file = None
configured module search path = [u'/home/dhamann/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]
CONFIGURATION DEFAULT_DEBUG(env: ANSIBLE_DEBUG) = False DEFAULT_STRATEGY(env: ANSIBLE_STRATEGY) = linear
OS / ENVIRONMENT N/A
SUMMARY aci_rest module does not always detect changed config, but reports it as unchanged ("ok:")
STEPS TO REPRODUCE Depending on how you push the config to APIC the aci_rest module detects it as changed or not:
This example will always report as unchanged:
- name: Create CDP Policies
tags:
- create
- network
aci_rest:
host: "{{ apic_hostname }}"
username: "{{ apic_username }}"
password: "{{ apic_password }}"
validate_certs: false
method: post
path: "api/node/mo/uni/infra.xml?rsp-subtree=modified"
content: |
<infraInfra>
<cdpIfPol adminSt="{{item.state}}" name="{{item.name}}" descr="CDP set to {{item.state}}"/>
</infraInfra>
with_items:
- "{{cdp_policies}}"
This playbook works as expected ("ok:" if nothing has changed and "changed:" otherwise)
- name: Create CDP Policies
tags:
- create
- network
aci_rest:
host: "{{ apic_hostname }}"
username: "{{ apic_username }}"
password: "{{ apic_password }}"
validate_certs: false
method: post
path: "api/node/mo/uni/infra/.xml?rsp-subtree=modified"
content: |
<cdpIfPol adminSt="{{item.state}}" name="{{item.name}}" descr="CDP set to {{item.state}}"/>
with_items:
- "{{cdp_policies}}"
Note the difference in path: parameter (infra.xml vs. infra/.xml) as well as adjusted content.
EXPECTED RESULTS In both cases changes to actual APIC config should result in "changed:" status
ACTUAL RESULTS The reason why the first playbook does not behave as expected is that APIC does not populate the "status=" parameter as expected by the aci_rest module (it will only report change if this parameter is set to either of 'created', 'modified', 'deleted') (see https://github.com/datacenter/aci-ansible/blob/e87db8f15e34ea7dc2e1b30fd445a4c59561bbc9/library/aci_rest.py#L270-L284)
ok: [localhost] => (item={u'state': u'enabled', u'name': u'cdp_on2'}) => {
"changed": false,
"error_code": 0,
"error_text": "Success",
"imdata": [
{
"infraInfra": {
"attributes": {
"childAction": "deleteNonPresent",
"dn": "uni/infra",
"lcOwn": "local",
"modTs": "2017-08-17T01:40:52.471+01:00",
"monPolDn": "uni/fabric/monfab-default",
"name": "infra",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"rn": "",
"status": "",
"uid": "0"
},
"children": [
{
"cdpIfPol": {
"attributes": {
"adminSt": "enabled",
"childAction": "deleteNonPresent",
"descr": "",
"extMngdBy": "",
"lcOwn": "local",
"modTs": "2018-01-17T09:45:05.902+01:00",
"monPolDn": "",
"name": "cdp_on2",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"rn": "cdpIfP-cdp_on2",
"status": "",
"uid": "17805"
}
}
}
]
}
}
],
"invocation": {
"module_args": {
"content": "<infraInfra>\n <cdpIfPol adminSt=\"enabled\" name=\"cdp_on2\" />\n</infraInfra>\n",
"host": "apic.ddsdnlab.at",
"hostname": "apic.ddsdnlab.at",
"method": "post",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "api/node/mo/uni/infra.xml?rsp-subtree=modified",
"protocol": "https",
"src": null,
"timeout": 30,
"use_proxy": true,
"use_ssl": true,
"username": "ansible",
"validate_certs": false
}
},
"item": {
"name": "cdp_on2",
"state": "enabled"
},
"response": "OK (544 bytes)",
"status": 200,
"totalCount": "1",
"url": "https://apic.ddsdnlab.at/api/node/mo/uni/infra.xml?rsp-subtree=modified"
}
On the other hand the second playbook runs as expected as returned data from APIC contains (status='modified'):
changed: [localhost] => (item={u'state': u'enabled', u'name': u'cdp_on'}) => {
"changed": true,
"error_code": 0,
"error_text": "Success",
"imdata": [
{
"cdpIfPol": {
"attributes": {
"adminSt": "enabled",
"childAction": "deleteNonPresent",
"descr": "CDP set to enabled",
"dn": "uni/infra/cdpIfP-cdp_on",
"extMngdBy": "",
"lcOwn": "local",
"modTs": "2018-01-18T05:26:34.072+01:00",
"monPolDn": "uni/fabric/monfab-default",
"name": "cdp_on",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"rn": "",
"status": "modified",
"uid": "15374"
}
}
}
],
"invocation": {
"module_args": {
"content": "<cdpIfPol adminSt=\"enabled\" name=\"cdp_on\" descr=\"CDP set to enabled\"/>\n",
"host": "apic.ddsdnlab.at",
"hostname": "apic.ddsdnlab.at",
"method": "post",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"path": "api/node/mo/uni/infra/.xml?rsp-subtree=modified",
"protocol": "https",
"src": null,
"timeout": 30,
"use_proxy": true,
"use_ssl": true,
"username": "ansible",
"validate_certs": false
}
},
"item": {
"name": "cdp_on",
"state": "enabled"
},
"response": "OK (375 bytes)",
"status": 200,
"totalCount": "1",
"url": "https://apic.ddsdnlab.at/api/node/mo/uni/infra/.xml?rsp-subtree=modified"
}
Given this (weired?) behavior of APIC (I confirmed this behavior is the same on APIC versions 3.0, 3.1 and 2.1), I think the current implementation of aci_changed() might be insufficient.
