aoscx-ansible-collection
aoscx-ansible-collection copied to clipboard
Published
20 hours ago •
aruba
aruba
Fault in aoscx_acl module: error when updating existing acl
Fault in aoscx_acl module when trying to update an existing acl.
- The error occurs when setting state to "update".
- The same error occurs when setting the state to "create" on an existing acl.
- When using the same module on a non-existing acl, it works fine.
Switch: 6300M Firmware: 10.10.1060
running-config:
access-list ip test_acl
1 comment Deny the host
1 deny tcp 158.10.12.57/32 any count
Task in playbook. Note: we are planning to update the acl action from "deny" to "permit" and update the comment:
- name: Add ACL task 1 (AOSCX)
arubanetworks.aoscx.aoscx_acl:
name: test_acl
type: ipv4
state: update
acl_entries:
1:
comment: "Permit the host"
action: permit
count: true
src_ip: 158.10.12.57/32
protocol: tcp
Playbook output:
TASK [Add ACL task 1 (AOSCX)] *******************************************************************************************************************************
fatal: [aruba_6300m_10_10_1060]: FAILED! => changed=false
msg: '''PARAMETER ERROR: Invalid IP: None does not appear to be an IPv4 or IPv6 interface'''
Ansible collection:
Collection Version
------------------------- -------
ansible.netcommon 5.2.0
ansible.posix 1.5.4
ansible.utils 2.11.0
arubanetworks.aos_switch 1.7.0
arubanetworks.aoscx 4.3.0
community.general 7.4.0
Python modules:
poetry show
ansible-compat 4.1.10 Ansible compatibility goodies
ansible-core 2.15.0 Radically simple IT automation
ansible-lint 6.17.0 Checks playbooks for practices and behavior that could potentially be improved
ansible-pylibssh 1.1.0 Python bindings for libssh client specific to Ansible use case
attrs 23.1.0 Classes Without Boilerplate
bcrypt 4.0.1 Modern password hashing for your software and your servers
black 23.3.0 The uncompromising code formatter.
bracex 2.4 Bash style brace expander.
certifi 2023.5.7 Python package for providing Mozilla's CA Bundle.
cffi 1.15.1 Foreign Function Interface for Python calling C code.
charset-normalizer 3.1.0 The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
click 8.1.3 Composable command line interface toolkit
cryptography 40.0.2 cryptography is a package which provides cryptographic recipes and primitives to Python developers.
filelock 3.12.4 A platform independent file lock.
hvac 0.11.2 HashiCorp Vault API client
idna 3.4 Internationalized Domain Names in Applications (IDNA)
importlib-resources 5.0.7 Read resources from Python packages
jinja2 3.1.2 A very fast and expressive template engine.
jmespath 0.10.0 JSON Matching Expressions
jsonschema 4.19.0 An implementation of JSON Schema validation for Python
jsonschema-specifications 2023.7.1 The JSON Schema meta-schemas and vocabularies, exposed as a Registry
jxmlease 1.0.3 jxmlease converts between XML and intelligent Python data structures.
lxml 4.9.2 Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
markdown-it-py 3.0.0 Python port of markdown-it. Markdown parsing, done right!
markupsafe 2.1.2 Safely add untrusted strings to HTML/XML markup.
mdurl 0.1.2 Markdown URL utilities
mypy-extensions 1.0.0 Type system extensions for programs checked with the mypy type checker.
ncclient 0.6.13 Python library for NETCONF clients
netaddr 0.8.0 A network address manipulation library for Python
netifaces 0.11.0 Portable network interface information.
packaging 23.1 Core utilities for Python packages
paramiko 3.1.0 SSH2 protocol library
pathspec 0.11.1 Utility library for gitignore style pattern matching of file paths.
platformdirs 3.5.1 A small Python package for determining appropriate platform-specific dirs, e.g. a "user data dir".
ply 3.11 Python Lex & Yacc
pyaoscx 2.5.0 AOS-CX Python Modules
pyasn1 0.5.0 Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
pycparser 2.21 C parser in Python
pycryptodomex 3.18.0 Cryptographic library for Python
pycurl 7.45.2 PycURL -- A Python Interface To The cURL library
pygments 2.16.1 Pygments is a syntax highlighting package written in Python.
pynacl 1.5.0 Python binding to the Networking and Cryptography (NaCl) library
pynetbox 6.6.2 NetBox API client library
pyparsing 3.0.9 pyparsing module - Classes and methods to define and execute parsing grammars
pyserial 3.5 Python Serial Port Extension
pysmi 0.3.4 SNMP SMI/MIB Parser
pysnmp 4.4.12 SNMP library for Python
python-dotenv 0.19.2 Read key-value pairs from a .env file and set them as environment variables
pyyaml 6.0 YAML parser and emitter for Python
referencing 0.30.2 JSON Referencing + Python
requests 2.30.0 Python HTTP for Humans.
requests-toolbelt 1.0.0 A utility belt for advanced users of python-requests
resolvelib 1.0.1 Resolve abstract dependencies into concrete ones
rich 13.5.2 Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
rpds-py 0.10.3 Python bindings to Rust's persistent data structures (rpds)
ruamel-yaml 0.17.32 ruamel.yaml is a YAML parser/emitter that supports roundtrip preservation of comments, seq/map flow style, and map ke...
ruamel-yaml-clib 0.2.7 C version of reader, parser and emitter for ruamel.yaml derived from libyaml
scp 0.14.5 scp module for paramiko
setuptools 63.4.3 Easily download, build, install, upgrade, and uninstall Python packages
six 1.16.0 Python 2 and 3 compatibility utilities
subprocess-tee 0.4.1 subprocess-tee
thruk 0.0.6 Library providing functions to create and end a sheduled downtime in Thruk
tomli 2.0.1 A lil' TOML parser
transitions 0.9.0 A lightweight, object-oriented Python state machine implementation with many extensions.
typing-extensions 4.5.0 Backported and Experimental Type Hints for Python 3.7+
urllib3 2.0.2 HTTP library with thread-safe connection pooling, file post, and more.
wcmatch 8.5 Wildcard/glob file name matcher.
wheel 0.40.0 A built-package format for Python
yamllint 1.32.0 A linter for YAML files.
yamlordereddictloader 0.4.0 YAML loader and dump for PyYAML allowing to keep keys order.
I just ran into this today. If you enable debug logging, it throws a pyaoscx error, so it could be an issue with that package. I've only used it through ansible though, so I don't think I have enough info to create an issue in that project right now.
The full traceback is:
File "/tmp/ansible_arubanetworks.aoscx.aoscx_acl_payload_1ubsryud/ansible_arubanetworks.aoscx.aoscx_acl_payload.zip/ansible_collections/arubanetworks/aoscx/plugins/modules/aoscx_acl.py", line 614, in main
File "/home/user/ansible-venv/lib/python3.10/site-packages/pyaoscx/pyaoscx_module.py", line 40, in ensure_connected
return fnct(self, *args, **kwargs)
File "/home/user/ansible-venv/lib/python3.10/site-packages/pyaoscx/acl_entry.py", line 278, in apply
self._extract_missing_parameters_from(remote_ace)
File "/home/user/ansible-venv/lib/python3.10/site-packages/pyaoscx/pyaoscx_module.py", line 342, in _extract_missing_parameters_from
setattr(self, param_name, deepcopy(param))
File "/home/user/ansible-venv/lib/python3.10/site-packages/pyaoscx/acl_entry.py", line 651, in dst_ip
version = utils.get_ip_version(new_dst_ip)
File "/home/user/ansible-venv/lib/python3.10/site-packages/pyaoscx/utils/util.py", line 329, in get_ip_version
raise ParameterError(msg)
fatal: [wo033-cx6200-stack]: FAILED! => changed=false
invocation:
module_args:
acl_entries:
'10':
action: permit
comment: xxxxx
src_ip: 10.10.10.10/32
name: MGMT
state: create
type: ipv4
msg: '''PARAMETER ERROR: Invalid IP: None does not appear to be an IPv4 or IPv6 interface'''
Coming from https://github.com/aruba/pyaoscx/blob/aa91f087304859124f8a2fd91b7cbe1981c306a0/pyaoscx/utils/util.py#L328 i think
May be need to replace 10.10.10.10/32 to 10.10.10.10 ? (i known on this case the doc is wrong!
The problem is the same, regardless if specified with /32 mask or without.
Please note, that the running config shown below was successfully created via ansible-playbook:
access-list ip test_acl
1 comment Deny the host
1 deny tcp 158.10.12.57/32 any count
Running below task leads to the error:
- name: Add ACL task 1 (AOSCX)
arubanetworks.aoscx.aoscx_acl:
name: test_acl
type: ipv4
state: update
acl_entries:
1:
comment: "Deny the host"
action: permit
count: true
src_ip: 158.10.12.57
protocol: tcp
leads as well to the same error. The full traceback is:
File "/tmp/ansible_arubanetworks.aoscx.aoscx_acl_payload_x1z50ukn/ansible_arubanetworks.aoscx.aoscx_acl_payload.zip/ansible_collections/arubanetworks/aoscx/plugins/modules/aoscx_acl.py", line 614, in main
File "/home/user/proj/network-automation/.venv/lib/python3.9/site-packages/pyaoscx/pyaoscx_module.py", line 40, in ensure_connected
return fnct(self, *args, **kwargs)
File "/home/user/proj/network-automation/.venv/lib/python3.9/site-packages/pyaoscx/acl_entry.py", line 278, in apply
self._extract_missing_parameters_from(remote_ace)
File "/home/user/proj/network-automation/.venv/lib/python3.9/site-packages/pyaoscx/pyaoscx_module.py", line 342, in _extract_missing_parameters_from
setattr(self, param_name, deepcopy(param))
File "/home/user/proj/network-automation/.venv/lib/python3.9/site-packages/pyaoscx/acl_entry.py", line 651, in dst_ip
version = utils.get_ip_version(new_dst_ip)
File "/home/user/proj/network-automation/.venv/lib/python3.9/site-packages/pyaoscx/utils/util.py", line 329, in get_ip_version
raise ParameterError(msg)
fatal: [switch]: FAILED! => changed=false
invocation:
module_args:
acl_entries:
'1':
action: permit
comment: Deny the host
count: true
protocol: 6
src_ip: 158.10.12.57
name: test_acl
state: update
type: ipv4
msg: '''PARAMETER ERROR: Invalid IP: None does not appear to be an IPv4 or IPv6 interface'''
i think, it is a bug on pyaoscx (coming from this change https://github.com/aruba/pyaoscx/commit/225d937186d0bb6686ed2426c8e7c8e3c69b77e3#diff-246653dbf6112e85b21c32b5243dbe2ece1d77308690ca19d820176d6e465765R325
@tchiapuziowong @rajani-abraham
@git4m @alagoutte thank you for bringing this to our attention, we're investigating and developing a fix for this and will update the issue once the patch is published
Any update on this one? - I'm also hitting the same error.
TASK [allow AWX in mgmt acl] ***************************************************
fatal: [test6100]: FAILED! => {"changed": false, "msg": "'PARAMETER ERROR: Invalid IP: None does not appear to be an IPv4 or IPv6 interface'"}
- name: allow AWX in mgmt acl
aoscx_acl:
name: acl_test
type: ipv4
acl_entries:
28:
comment: test line
action: permit
src_ip: 10.0.0.1/32
protocol: tcp
dst_l4_port: 22
Same error if I try without the mask.
Any update on this one? - I'm also hitting the same error.
TASK [allow AWX in mgmt acl] *************************************************** fatal: [test6100]: FAILED! => {"changed": false, "msg": "'PARAMETER ERROR: Invalid IP: None does not appear to be an IPv4 or IPv6 interface'"}- name: allow AWX in mgmt acl aoscx_acl: name: acl_test type: ipv4 acl_entries: 28: comment: test line action: permit src_ip: 10.0.0.1/32 protocol: tcp dst_l4_port: 22Same error if I try without the mask.
can you try v4.4.0 ? (and don't forget to upgrade also pyaoscx!)
Hi @tchiapuziowong
Thank you for providing the v 4.4.0 fix. It has fixed above issue.
I found another issues with aoscx_acl and icmp-type, going to create a new issue.