ansible-aci icon indicating copy to clipboard operation
ansible-aci copied to clipboard

Published 20 hours ago verified publisher icon CiscoDevNet

Can not remove a leaf/spine switch with the aci_fabric_node module (DCNE-423)

Open mic-ansible opened this issue 6 months ago • 5 comments

Description

The module: cisco.aci.aci_fabric_node module – Manage Fabric Node Members (fabric:NodeIdentP):

https://docs.ansible.com/ansible/latest/collections/cisco/aci/aci_fabric_node_module.html#cisco-aci-aci-fabric-node-module-manage-fabric-node-members-fabric-nodeidentp

here the TASK:

Does not work any more !!!

APIC refuses to delete node and wants it to be decommisioned instead !!!

TASK [TASK 24 - Delete fabric nodes spine or leaf] ***********************************************************************************************************************************************

failed: [apic1] (item={'change': 'GBS-51667', 'state': 'absent', 'prefix': 'l', 'podid': '2', 'nodeid': '2244', 'serial': 'FDO25432E0V', 'role': 'leaf'}) => {"ansible_loop_var": "item", "changed": false, "error": {"code": "107", "text": "Can't remove node identity policy - Node FDO25432E0V is already discovered. Please decommission first."}, "item": {"change": "GBS-51667", "nodeid": "2244", "podid": "2", "prefix": "l", "role": "leaf", "serial": "FDO25432E0V", "state": "absent"}, "msg": "APIC Error 107: Can't remove node identity policy - Node FDO25432E0V is already discovered. Please decommission first."}

failed: [apic1] (item={'change': 'GBS-51667', 'state': 'absent', 'prefix': 'l', 'podid': '2', 'nodeid': '2243', 'serial': 'FDO25432DXL', 'role': 'leaf'}) => {"ansible_loop_var": "item", "changed": false, "error": {"code": "107", "text": "Can't remove node identity policy - Node FDO25432DXL is already discovered. Please decommission first."}, "item": {"change": "GBS-51667", "nodeid": "2243", "podid": "2", "prefix": "l", "role": "leaf", "serial": "FDO25432DXL", "state": "absent"}, "msg": "APIC Error 107: Can't remove node identity policy - Node FDO25432DXL is already discovered. Please decommission first."}

  • name: TASK 24 - Delete fabric nodes spine or leaf cisco.aci.aci_fabric_node: <<: *aci_login serial: "{{ item.serial }}" pod_id: "{{ item.podid }}" node_id: "{{ item.nodeid }}" switch: "{{ item.prefix }}{{ item.nodeid }}" role: "{{ item.role }}" state: "absent" loop: "{{ aci_fabric_node }}" when:
  • item.state == "absent" tags: [ never, delete ]

Affected Module Name(s):

aci_fabric_node module

APIC version and APIC Platform

Information from the ansible server:

[xxxxxxx@vl195-ans001 ansible]$ ansible-playbook --version ansible-playbook [core 2.14.17] config file = /home/lcrittner/.ansible.cfg configured module search path = ['/home/lcrittner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /usr/share/ansible/collections executable location = /usr/bin/ansible-playbook python version = 3.9.21 (main, Dec 5 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True

/usr/share/ansible/collections/ansible_collections

Collection Version

ansible.netcommon 6.1.3 ansible.utils 4.1.0 cisco.aci 2.9.0 cisco.asa 5.0.1 cisco.ios 8.0.0 cisco.ise 2.9.1 cisco.nxos 8.1.0 community.general 9.1.0

Output/ Error message

"APIC Error 107: Can't remove node identity policy - Node FDO25432E0V is already discovered. Please decommission first."} ---> *

Expected Behavior

the switch should be remove without decommission. Becuase I get no information that I must decommission this switch before I remove it.

Actual Behavior

I have create aci-rest module for this, so the switch will be remove from the apic controller

Playbook tasks to Reproduce

  • name: TASK 24 - Delete fabric nodes spine or leaf cisco.aci.aci_fabric_node: <<: *aci_login serial: "{{ item.serial }}" pod_id: "{{ item.podid }}" node_id: "{{ item.nodeid }}" switch: "{{ item.prefix }}{{ item.nodeid }}" role: "{{ item.role }}" state: "absent" loop: "{{ aci_fabric_node }}" when:
  • item.state == "absent" tags: [ never, delete ]

How can we fix this problem. I want used the module for decommission a fabric switch.

Best regards Michael

mic-ansible avatar May 14 '25 14:05 mic-ansible

APIC Version: 6.0.5h Switch Version 16.0.5h

mic-ansible avatar May 14 '25 14:05 mic-ansible

Same issue in 4.2 and 5.2 versions

mic-ansible avatar May 14 '25 15:05 mic-ansible

@mic-ansible Thank you for opening the issue. We'll have a discussion and get back to you here. For now I have added it to our to-do list.

shrsr avatar May 14 '25 16:05 shrsr

@mic-ansible this is because of the change in API after 4.2 version, this issue has been put on our to-do and will be resolved soon.

anvitha-jain avatar May 28 '25 17:05 anvitha-jain

In case anyone ends up here and is looking for a workaround, this works to kick off the decomissioning and waits for there to be no active decommission tasks.

- name: Decommission nodes
  cisco.aci.aci_rest:
    method: post
    path: /api/node/mo/uni/fabric/outofsvc.json
    content:
      fabricRsDecommissionNode:
        attributes:
          tDn: "topology/pod-{{ item['podId'] }}/node-{{ item['nodeId'] }}"
          status: created,modified
          removeFromController: "true"
        children: []
  loop:
    - nodeId: 101
      podId: 1
    - nodeId: 102
      podId: 1

- name: Query and wait for Node decomm to finish
  cisco.aci.aci_rest:
    method: get
    path: /api/node/class/fabricRsDecommissionNode.json
  register: decomm_state
  until: decomm_state['totalCount'] == 0
  retries: 40
  delay: 30

netgirard avatar Jun 11 '25 19:06 netgirard

PR #790 added a new module named aci_fabric_node_decommission to support this use case and it will be available in the next release.

lhercot avatar Aug 02 '25 05:08 lhercot