cisco.ios
cisco.ios copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
'merged' does not work when using cisco.ios.ios_route_maps
SUMMARY
I have a route-map called TEST_TRANSIT_OUT with only one entry, and I am trying to add another entry without replacing it. The route-map configuration is:
route-map TEST_TRANSIT_OUT deny 10 description test deny match tag 999
After applying the change, I want it to look like:
route-map TEST_TRANSIT_OUT deny 10 description test deny match tag 999 route-map TEST_TRANSIT_OUT permit 65 description Allow prefixes from Versa SD-WAN EAF and MEA match community VERSA-BRANCHES-EAF-MEA set as-path prepend 72 72 set community none
using merged, to no avail.
ISSUE TYPE
- Bug Report
COMPONENT NAME
cisco.ios.ios_route_maps
ANSIBLE VERSION
ansible --version
ansible [core 2.13.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/gbloise/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/gbloise/.local/lib/python3.8/site-packages/ansible
ansible collection location = /home/gbloise/.ansible/collections
executable location = /home/gbloise/.local/bin/ansible
python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
ansible-galaxy collection list cisco.ios
# /home/gbloise/.ansible/collections/ansible_collections
Collection Version
---------- -------
cisco.ios 3.3.0
# /usr/local/lib/python3.8/dist-packages/ansible_collections
Collection Version
---------- -------
cisco.ios 3.3.0
# /home/gbloise/.local/lib/python3.8/site-packages/ansible_collections
Collection Version
---------- -------
cisco.ios 3.3.0
CONFIGURATION
ansible-config dump --only-changed
COLLECTIONS_PATHS(/etc/ansible/ansible.cfg) = ['/home/gbloise/.ansible/collections']
DEPRECATION_WARNINGS(/etc/ansible/ansible.cfg) = True
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = True
PARAMIKO_HOST_KEY_AUTO_ADD(/etc/ansible/ansible.cfg) = True
PARAMIKO_LOOK_FOR_KEYS(/etc/ansible/ansible.cfg) = True
RETRY_FILES_ENABLED(/etc/ansible/ansible.cfg) = False
TASK_TIMEOUT(/etc/ansible/ansible.cfg) = 0
OS / ENVIRONMENT
us1895-dallas2-dc-cs(config)#do sh ver
Cisco IOS XE Software, Version 17.06.03a
Cisco IOS Software [Bengaluru], ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.6.3a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2022 by Cisco Systems, Inc.
Compiled Fri 08-Apr-22 04:50 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2022 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: 16.9(4r)
us1895-dallas2-dc-cs uptime is 4 weeks, 22 hours, 55 minutes
Uptime for this control processor is 4 weeks, 22 hours, 58 minutes
System returned to ROM by Reload Command at 22:05:41 GMT Mon Jul 18 2022
System restarted at 22:10:02 GMT Mon Jul 18 2022
System image file is "bootflash:asr1000-universalk9.17.06.03a.SPA.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Type: Smart License is permanent
License Level: adventerprise
Next reload license Level: adventerprise
The current crypto throughput level is 8000000 kbps
Smart Licensing Status: Registration Not Applicable/Not Applicable
cisco ASR1002-HX (2KH) processor (revision 2KH) with 6814322K/6147K bytes of memory.
Processor board ID FXS2402Q1VB
Router operating mode: Autonomous
Crypto Hardware Module present
8 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
27762687K bytes of eUSB flash at bootflash:.
Configuration register is 0x2102
STEPS TO REPRODUCE
---
- name: Route Map Check - US1895 DC Routers
hosts:
- us1895d
gather_facts: False
vars:
route_maps_us1895_2:
- parent: 'route-map TEST_TRANSIT_OUT permit 65'
lines:
- 'description Allow prefixes from Versa SD-WAN EAF and MEA'
- 'match community VERSA-BRANCHES-EAF-MEA'
- 'set as-path prepend 72 72'
- 'set community none'
tasks:
- name: Applying Advertisement in Route Maps - US1895_2
when: inventory_hostname == 'us1895-dallas2-dc-cs.mgmt.slb.net'
cisco.ios.ios_route_maps:
config:
- route_map: TEST_TRANSIT_OUT
entries:
- sequence: 65
action: permit
description: Allow prefixes from Versa SD-WAN EAF and MEA
match:
community:
name: VERSA-BRANCHES-EAF-MEA
set:
as_path:
prepend:
as_number:
- 72
- 72
community:
none: true
EXPECTED RESULTS
route-map TEST_TRANSIT_OUT deny 10
description test deny
match tag 999
route-map TEST_TRANSIT_OUT permit 65
description Allow prefixes from Versa SD-WAN EAF and MEA
match community VERSA-BRANCHES-EAF-MEA
set as-path prepend 72 72
set community none
ACTUAL RESULTS
gbloise@SLB-3PNZTT2:/mnt/c/Users/GBloise/Repositories/SINet%20Cloud%20Infrastructure/playbooks$ ansible-playbook us1895-test2.yml -k -vvvv
ansible-playbook [core 2.13.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/gbloise/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/gbloise/.local/lib/python3.8/site-packages/ansible
ansible collection location = /home/gbloise/.ansible/collections
executable location = /home/gbloise/.local/bin/ansible-playbook
python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
jinja version = 3.1.2
libyaml = True
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with yaml plugin
Loading collection cisco.ios from /home/gbloise/.ansible/collections/ansible_collections/cisco/ios
redirecting (type: action) cisco.ios.ios_route_maps to cisco.ios.ios
Loading callback plugin default of type stdout, v2.0 from /home/gbloise/.local/lib/python3.8/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: us1895-test2.yml **********************************************************************************************************************************************************************************************************************************Positional arguments: us1895-test2.yml
verbosity: 4
connection: smart
timeout: 10
ask_pass: True
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 5
1 plays in us1895-test2.yml
PLAY [Route Map Check - US1895 DC Routers] ******************************************************************************************************************************************************************************************************************META: ran handlers
redirecting (type: action) cisco.ios.ios_route_maps to cisco.ios.ios
Loading collection ansible.netcommon from /home/gbloise/.ansible/collections/ansible_collections/ansible/netcommon
TASK [Applying Advertisement in Route Maps - US1895_2] ******************************************************************************************************************************************************************************************************task path: /mnt/c/Users/GBloise/Repositories/SINet%20Cloud%20Infrastructure/playbooks/us1895-test2.yml:16
redirecting (type: action) cisco.ios.ios_route_maps to cisco.ios.ios
skipping: [us1895-dallas1-dc-cs.mgmt.slb.net] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
redirecting (type: terminal) ansible.builtin.ios to cisco.ios.ios
redirecting (type: cliconf) ansible.builtin.ios to cisco.ios.ios
<us1895-dallas2-dc-cs.mgmt.slb.net> attempting to start connection
<us1895-dallas2-dc-cs.mgmt.slb.net> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /home/gbloise/.local/bin/ansible-connection
<us1895-dallas2-dc-cs.mgmt.slb.net> local domain socket does not exist, starting it
<us1895-dallas2-dc-cs.mgmt.slb.net> control socket path is /home/gbloise/.ansible/pc/5d37493492
<us1895-dallas2-dc-cs.mgmt.slb.net> Loading collection ansible.netcommon from /home/gbloise/.ansible/collections/ansible_collections/ansible/netcommon
<us1895-dallas2-dc-cs.mgmt.slb.net> redirecting (type: terminal) ansible.builtin.ios to cisco.ios.ios
<us1895-dallas2-dc-cs.mgmt.slb.net> Loading collection cisco.ios from /home/gbloise/.ansible/collections/ansible_collections/cisco/ios
<us1895-dallas2-dc-cs.mgmt.slb.net> redirecting (type: cliconf) ansible.builtin.ios to cisco.ios.ios
<us1895-dallas2-dc-cs.mgmt.slb.net> local domain socket listeners started successfully
<us1895-dallas2-dc-cs.mgmt.slb.net> loaded cliconf plugin ansible_collections.cisco.ios.plugins.cliconf.ios from path /home/gbloise/.ansible/collections/ansible_collections/cisco/ios/plugins/cliconf/ios.py for network_os ios
<us1895-dallas2-dc-cs.mgmt.slb.net> ssh type is set to auto
<us1895-dallas2-dc-cs.mgmt.slb.net> autodetecting ssh_type
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
<us1895-dallas2-dc-cs.mgmt.slb.net> ssh type is now set to paramiko
<us1895-dallas2-dc-cs.mgmt.slb.net>
<us1895-dallas2-dc-cs.mgmt.slb.net> local domain socket path is /home/gbloise/.ansible/pc/5d37493492
redirecting (type: action) cisco.ios.ios_route_maps to cisco.ios.ios
redirecting (type: action) cisco.ios.ios_route_maps to cisco.ios.ios
<us1895-dallas2-dc-cs.mgmt.slb.net> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<us1895-dallas2-dc-cs.mgmt.slb.net> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.ios.ios_route_maps at /home/gbloise/.ansible/collections/ansible_collections/cisco/ios/plugins/modules/ios_route_maps.py
<us1895-dallas2-dc-cs.mgmt.slb.net> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.ios.ios_route_maps
<us1895-dallas2-dc-cs.mgmt.slb.net> ANSIBLE_NETWORK_IMPORT_MODULES: complete
ok: [us1895-dallas2-dc-cs.mgmt.slb.net] => {
"before": [
{
"entries": [
{
"action": "permit",
"description": "Allow DC stretched VLAN subnets",
"match": {
"ip": {
"address": {
"prefix_lists": [
"CONNECTED-STRETCHED"
]
}
}
},
"sequence": 10,
"set": {
"community": {
"number": "10118:21895"
}
}
},
{
"action": "permit",
"description": "Allow DC non-stretched VLAN subnets",
"match": {
"ip": {
"address": {
"prefix_lists": [
"CONNECTED-NON-STRETCHED"
]
}
}
},
"sequence": 20,
"set": {
"community": {
"number": "10118:11895"
}
}
}
],
"route_map": "CONNECTED-TO-BGP"
},
{
"entries": [
{
"action": "deny",
"description": "Deny Everything",
"sequence": 10
}
],
"route_map": "DENY_ALL"
},
{
"entries": [
{
"action": "deny",
"description": "deny all traffic",
"sequence": 10
}
],
"route_map": "Deny-any"
},
{
"entries": [
{
"action": "deny",
"description": "Deny Default Route",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB-DEFAULT-ROUTE"
]
}
}
},
"sequence": 10
},
{
"action": "permit",
"description": "Allow Secondary Regional Summaries",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_ASA_SUMMARY_ROUTES",
"SLB_EAF_SUMMARY_ROUTES",
"SLB_MEA_SUMMARY_ROUTES",
"SLB_RCA_SUMMARY_ROUTES"
]
}
}
},
"sequence": 20,
"set": {
"local_preference": 100
}
},
{
"action": "permit",
"description": "Allow all other prefixes",
"sequence": 100
}
],
"route_map": "FROM_TELEFONICA_TRANSIT_IN"
},
{
"entries": [
{
"action": "deny",
"description": "Deny routes with 999 set as the tag",
"match": {
"tag": {
"value": [
"999"
]
}
},
"sequence": 10
},
{
"action": "permit",
"description": "Allow default route without conditioning",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB-DEFAULT-ROUTE"
]
}
}
},
"sequence": 20
},
{
"action": "permit",
"description": "Allow DC stretched VLAN subnets",
"match": {
"tag": {
"value": [
"1001"
]
}
},
"sequence": 30,
"set": {
"community": {
"number": "10118:21895"
}
}
},
{
"action": "permit",
"description": "Allow DC non-stretched VLAN subnets",
"match": {
"tag": {
"value": [
"1002"
]
}
},
"sequence": 40,
"set": {
"community": {
"number": "10118:11895"
}
}
},
{
"action": "permit",
"description": "Allow Secondary Regional Summaries",
"match": {
"tag": {
"value": [
"333"
]
}
},
"sequence": 50,
"set": {
"local_preference": 90,
"weight": 0
}
},
{
"action": "permit",
"description": "Allow all other routes",
"sequence": 100
}
],
"route_map": "STATIC-TO-BGP"
},
{
"entries": [
{
"action": "permit",
"description": "Allow default route",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB-DEFAULT-ROUTE"
]
}
}
},
"sequence": 10
},
{
"action": "permit",
"description": "Allow Anycast Routes",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB-ANYCAST-DNS-SUMMARIES"
]
}
}
},
"sequence": 20
},
{
"action": "permit",
"description": "Allow Cloud IaaS Summary Routes and Cloud PA FW Mgmt Subnets",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_Cloud_Summary_Routes",
"SLB_Cloud_PaloAlto_MGMT_Subnets"
]
}
}
},
"sequence": 30
},
{
"action": "permit",
"description": "Allow Primary Regional Summaries",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_SAM_SUMMARY_ROUTES",
"SLB_NAM_SUMMARY_ROUTES"
]
}
}
},
"sequence": 50
},
{
"action": "permit",
"description": "Allow Secondary Regional Summaries",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_EAF_SUMMARY_ROUTES",
"SLB_MEA_SUMMARY_ROUTES"
]
}
}
},
"sequence": 60
},
{
"action": "permit",
"description": "Allow local stretched DC subnets VLAN",
"match": {
"community": {
"name": [
"11"
]
}
},
"sequence": 70
},
{
"action": "permit",
"description": "Allow local non-stretched DC subnets VLAN",
"match": {
"community": {
"name": [
"12"
]
}
},
"sequence": 80
},
{
"action": "permit",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_GLOBAL_SUMMARY_ROUTES"
]
}
}
},
"sequence": 90
},
{
"action": "deny",
"description": "Deny all other prefixes",
"sequence": 200
}
],
"route_map": "TELEFONICA_TRANSIT_OUT"
},
{
"entries": [
{
"action": "deny",
"description": "test deny",
"match": {
"tag": {
"value": [
"999"
]
}
},
"sequence": 10
}
],
"route_map": "TEST_TRANSIT_OUT"
},
{
"entries": [
{
"action": "deny",
"description": "Deny the default route to the CSPs",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB-DEFAULT-ROUTE"
]
}
}
},
"sequence": 10
},
{
"action": "permit",
"description": "Match SLB NAM Summary routes",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_NAM_SUMMARY_ROUTES",
"USA-Colocation-Subnets"
]
}
}
},
"sequence": 20
},
{
"action": "permit",
"description": "Match SLB SAM Summary routes",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_SAM_SUMMARY_ROUTES"
]
}
}
},
"sequence": 21
},
{
"action": "permit",
"description": "Match SLB ASA Summary routes and set AS_PATH x 4",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_ASA_SUMMARY_ROUTES"
]
}
}
},
"sequence": 30,
"set": {
"as_path": {
"prepend": {
"last_as": 4
}
}
}
},
{
"action": "permit",
"description": "Match SLB EAF Summary routes and set AS_PATH x 4",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_EAF_SUMMARY_ROUTES"
]
}
}
},
"sequence": 31,
"set": {
"as_path": {
"prepend": {
"last_as": 4
}
}
}
},
{
"action": "permit",
"description": "Match SLB MEA Summary routes and set AS_PATH x 4",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_MEA_SUMMARY_ROUTES"
]
}
}
},
"sequence": 32,
"set": {
"as_path": {
"prepend": {
"last_as": 4
}
}
}
},
{
"action": "permit",
"description": "Match SLB RCA Summary routes and set AS_PATH x 4",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_RCA_SUMMARY_ROUTES"
]
}
}
},
"sequence": 33,
"set": {
"as_path": {
"prepend": {
"last_as": 4
}
}
}
},
{
"action": "permit",
"description": "Match SLB Anycast and General SINet Summaries",
"match": {
"ip": {
"address": {
"prefix_lists": [
"SLB_GLOBAL_SUMMARY_ROUTES",
"SLB-ANYCAST-DNS-SUMMARIES"
]
}
}
},
"sequence": 50
},
{
"action": "deny",
"description": "Deny any non-previous matching traffic",
"sequence": 100
}
],
"route_map": "TO-TRANSIT-CLOUD-US1895"
},
{
"entries": [
{
"action": "permit",
"description": "Allow Network Management subnets",
"match": {
"ip": {
"address": {
"acls": [
"management-subnets"
]
}
}
},
"sequence": 10
},
{
"action": "deny",
"description": "Block all other prefixes",
"sequence": 20
}
],
"route_map": "to-telefonica-temporary"
}
],
"changed": false,
"commands": [],
"invocation": {
"module_args": {
"config": [
{
"entries": [
{
"action": "permit",
"continue_entry": null,
"description": "Allow prefixes from Versa SD-WAN EAF and MEA",
"match": {
"additional_paths": null,
"as_path": null,
"clns": null,
"community": {
"exact_match": null,
"name": [
"VERSA-BRANCHES-EAF-MEA"
]
},
"extcommunity": null,
"interfaces": null,
"ip": null,
"ipv6": null,
"length": null,
"local_preference": null,
"mdt_group": null,
"metric": null,
"mpls_label": null,
"policy_lists": null,
"route_type": null,
"rpki": null,
"security_group": null,
"source_protocol": null,
"tag": null,
"track": null
},
"sequence": 65,
"set": {
"aigp_metric": null,
"as_path": {
"prepend": {
"as_number": [
"72",
"72"
],
"last_as": null
},
"tag": null
},
"automatic_tag": null,
"clns": null,
"comm_list": null,
"community": {
"additive": null,
"gshut": null,
"internet": null,
"local_as": null,
"no_advertise": null,
"no_export": null,
"none": true,
"number": null
},
"dampening": null,
"default": null,
"extcomm_list": null,
"extcommunity": null,
"global_route": null,
"interfaces": null,
"ip": null,
"ipv6": null,
"level": null,
"lisp": null,
"local_preference": null,
"metric": null,
"metric_type": null,
"mpls_label": null,
"origin": null,
"tag": null,
"traffic_index": null,
"vrf": null,
"weight": null
}
}
],
"route_map": "TEST_TRANSIT_OUT"
}
],
"running_config": null,
"state": "merged"
}
}
}
META: ran handlers
META: ran handlers
PLAY RECAP **************************************************************************************************************************************************************************************************************************************************us1895-dallas1-dc-cs.mgmt.slb.net : ok=0 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
us1895-dallas2-dc-cs.mgmt.slb.net : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
