netscaler
[BUG] netscaler.adc.snmptrap is failing
Describe the bug Task using netscaler.adc.snmptrap is failing if there is already snmp trap bind command configured for the same below parameters:
-
trapdestination
-
trapclass
Example: If there is already in config: add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv
Task using netscaler.adc.snmptrap is failing in such scenario with bellow error: "msg": "ERROR: Found more than one resource with the same primary key generic and get arguments {'trapdestination': '5.5.5.5', 'version': 'V3'}"}
If there is no snmp trap bind command configured for the same trapdestination and trapclass, then task using netscaler.adc.snmptrap works as expected:
- is adding snmp trap if it is not configured (task key "changed " is true)
- is doing nothing if snmp trap is already configured for the same trapdestination and trapclass
To Reproduce Steps to reproduce the behaviour:
- My ansible-playbook is...
Note: You need to configure snmp group and snmp user before using this playbook:
tasks:
- name: V2 | Sample Task | login
delegate_to: localhost
register: login_result
netscaler.adc.login:
nsip: "{{ ansible_host }}"
validate_certs: no
username: "{{ nitro_user }}"
password: "{{ nitro_pass }}"
- name: Sample Task | snmptrap
delegate_to: localhost
netscaler.adc.snmptrap:
nitro_auth_token: "{{ login_result.sessionid }}"
validate_certs: no
nsip: "{{ ansible_host }}"
state: present
trapclass: generic
trapdestination: 5.5.5.5
version: V3
allpartitions: ENABLED
- name: Sample Task | snmptrap_snmpuser_binding
delegate_to: localhost
netscaler.adc.snmptrap_snmpuser_binding:
nitro_auth_token: "{{ login_result.sessionid }}"
validate_certs: no
nsip: "{{ ansible_host }}"
state: present
username: xxx_user
securitylevel : authPriv
trapclass: generic
trapdestination: 5.5.5.5
version: V3
- name: V2 | Sample Task | logout
delegate_to: localhost
netscaler.adc.logout:
nitro_auth_token: "{{ login_result.sessionid }}"
nsip: "{{ ansible_host }}"
validate_certs: no
In first iteration playbook finishes with success as snmp trap is being added and binded to the snmp user. Tasks using modules netscaler.adc.snmptrap and netscaler.adc.snmptrap_snmpuser_binding have response key "changed " as true:
PLAY [baseline] ************************************************************************************************************************
TASK [V2 | Sample Task | login] ******************************************************************************************************** changed: [test_LB -> localhost]
TASK [Sample Task | snmptrap] ********************************************************************************************************** changed: [test_LB -> localhost]
TASK [Sample Task | snmptrap_snmpuser_binding] ***************************************************************************************** changed: [test_LB -> localhost]
TASK [V2 | Sample Task | logout] ******************************************************************************************************* changed: [test_LB -> localhost]
PLAY RECAP ***************************************************************************************************************************** test_LB : ok=4 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
In cli configured commands are seen:
show ns runningConfig | grep trap add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv
But during next playbook execution playbook if failing on task "Sample Task | snmptrap": PLAY [baseline] ************************************************************************************************************************
TASK [V2 | Sample Task | login] ******************************************************************************************************** changed: [test_LB -> localhost]
TASK [Sample Task | snmptrap] ********************************************************************************************************** fatal: [test_LB -> localhost]: FAILED! => {"changed": false, "loglines": ["DEBUG: Initializing ModuleExecutor for resource snmptrap", "TRACE: ENTRY: get_valid_desired_states() called with ('snmptrap',), {}", "TRACE: EXIT: get_valid_desired_states() returned {'absent', 'present'}", "TRACE: ENTRY: get_netscaler_version() called with (<ansible_collections.netscaler.adc.plugins.module_utils.client.NitroAPIClient object at 0x7f83eedfefd0>,), {}", "TRACE: ENTRY: get_resource() called with (<ansible_collections.netscaler.adc.plugins.module_utils.client.NitroAPIClient object at 0x7f83eedfefd0>, 'nsversion'), {}", "TRACE: ENTRY: send() called with (<ansible_collections.netscaler.adc.plugins.module_utils.client.NitroAPIClient object at 0x7f83eedfefd0>,......................................................... ................................................................................................................ "msg": "ERROR: Found more than one resource with the same primary key generic and get arguments {'trapdestination': '5.5.5.5', 'version': 'V3'}"}
PLAY RECAP ***************************************************************************************************************************** test_LB : ok=1 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
But if below command is removed from configuration: bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv
show ns runningConfig | grep trap add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv unbind snmp trap generic 5.5.5.5 -userName xxx_user Done show ns runningConfig | grep trap add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED
then playbook will finish with success and task "Sample Task | snmptrap" that is using module netscaler.adc.snmptrap has response key "changed " as false because there is already snmp trap configured with the same trapclass and trapdestination:
PLAY [baseline] ************************************************************************************************************************
TASK [V2 | Sample Task | login] ******************************************************************************************************** changed: [test_LB -> localhost]
TASK [Sample Task | snmptrap] ********************************************************************************************************** ok: [test_LB -> localhost]
TASK [Sample Task | snmptrap_snmpuser_binding] ***************************************************************************************** changed: [test_LB -> localhost]
TASK [V2 | Sample Task | logout] ******************************************************************************************************* changed: [test_LB -> localhost]
PLAY RECAP ***************************************************************************************************************************** test_LB : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
In cli again will be seen config with snmp bind command:
show ns runningConfig | grep trap add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv
And if playbook would be executed again, it would fail again with below error: "msg": "ERROR: Found more than one resource with the same primary key generic and get arguments {'trapdestination': '5.5.5.5', 'version': 'V3'}"}
The ansible-playbook command I executed is... ansible-playbook --limit test_LB baseline.yml
The ansible-playbook logs are... PLAY [baseline] ************************************************************************************************************************
TASK [V2 | Sample Task | login] ******************************************************************************************************** changed: [test_LB -> localhost]
TASK [Sample Task | snmptrap] ********************************************************************************************************** fatal: [test_LB -> localhost]: FAILED! => {"changed": false, "loglines": ["DEBUG: Initializing ModuleExecutor for resource snmptrap", "TRACE: ENTRY: get_valid_desired_states() called with ('snmptrap',), {}", "TRACE: EXIT: get_valid_desired_states() returned {'absent', 'present'}", "TRACE: ENTRY: get_netscaler_version() called with (<ansible_collections.netscaler.adc.plugins.module_utils.client.NitroAPIClient object at 0x7f83eedfefd0>,), {}", "TRACE: ENTRY: get_resource() called with (<ansible_collections.netscaler.adc.plugins.module_utils.client.NitroAPIClient object at 0x7f83eedfefd0>, 'nsversion'), {}", "TRACE: ENTRY: send() called with (<ansible_collections.netscaler.adc.plugins.module_utils.client.NitroAPIClient object at 0x7f83eedfefd0>,......................................................... ................................................................................................................ "msg": "ERROR: Found more than one resource with the same primary key generic and get arguments {'trapdestination': '5.5.5.5', 'version': 'V3'}"}
PLAY RECAP ***************************************************************************************************************************** test_LB : ok=1 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I am seeing the below error... "msg": "ERROR: Found more than one resource with the same primary key generic and get arguments {'trapdestination': '5.5.5.5', 'version': 'V3'}"}
Please specify the equivalent NSCLI command, if you were to manually configure via CLI add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv
Expected behaviour I expect that task "Sample Task | snmptrap" that is using module netscaler.adc.snmptrap will finish with success with response key "changed " as false if there is already snmp trap configured with the same trapclass and trapdestination. I expect below ansible logs: PLAY [baseline] ************************************************************************************************************************
TASK [V2 | Sample Task | login] ******************************************************************************************************** changed: [test_LB -> localhost]
TASK [Sample Task | snmptrap] ********************************************************************************************************** ok: [test_LB -> localhost]
TASK [Sample Task | snmptrap_snmpuser_binding] ***************************************************************************************** ok: [test_LB -> localhost]
TASK [V2 | Sample Task | logout] ******************************************************************************************************* changed: [test_LB -> localhost]
PLAY RECAP ***************************************************************************************************************************** test_LB : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Environment (please complete the following information):
- Python version
python --versionoutput Python 3.6.8 - Ansible version
ansible --versionoutput ansible [core 2.11.12] - NetScaler version
show ns versionoutput NetScaler NS13.1: Build 42.47.nc, Date: Feb 22 2023, 08:08:13 (64-bit)
Additional context There is as well problem with module "netscaler.adc.snmptrap_snmpuser_binding" as I have tested execution of only one task with that module and it is always giving response with key "changed" as true, even if command is already in configuration and there was no modification. Below is example:
CLI config:
show ns runningConfig | grep trap add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv
Playbook yaml:
tasks:
- name: V2 | Sample Task | login
delegate_to: localhost
register: login_result
netscaler.adc.login:
nsip: "{{ ansible_host }}"
validate_certs: no
username: "{{ nitro_user }}"
password: "{{ nitro_pass }}"
# - name: Sample Task | snmptrap
# delegate_to: localhost
# netscaler.adc.snmptrap:
# nitro_auth_token: "{{ login_result.sessionid }}"
# validate_certs: no
# nsip: "{{ ansible_host }}"
# state: present
# trapclass: generic
# trapdestination: 5.5.5.5
# version: V3
# allpartitions: ENABLED
- name: Sample Task | snmptrap_snmpuser_binding
delegate_to: localhost
netscaler.adc.snmptrap_snmpuser_binding:
nitro_auth_token: "{{ login_result.sessionid }}"
validate_certs: no
nsip: "{{ ansible_host }}"
state: present
username: xxx_user
securitylevel : authPriv
trapclass: generic
trapdestination: 5.5.5.5
version: V3
- name: V2 | Sample Task | logout
delegate_to: localhost
netscaler.adc.logout:
nitro_auth_token: "{{ login_result.sessionid }}"
nsip: "{{ ansible_host }}"
validate_certs: no
Playbook output: PLAY [baseline] ************************************************************************************************************************
TASK [V2 | Sample Task | login] ******************************************************************************************************** changed: [test_LB -> localhost]
TASK [Sample Task | snmptrap_snmpuser_binding] ***************************************************************************************** changed: [test_LB -> localhost]
TASK [V2 | Sample Task | logout] ******************************************************************************************************* changed: [test_LB -> localhost]
PLAY RECAP ***************************************************************************************************************************** test_LB : ok=3 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
So there was no config modification, but task "Sample Task | snmptrap_snmpuser_binding" is seen as "changed":
show ns runningConfig | grep trap add snmp trap generic 5.5.5.5 -version V3 -allPartitions ENABLED bind snmp trap generic 5.5.5.5 -userName xxx_user -securityLevel authPriv
The NITRO API is responding with two objects in the GET response for the same resource. I am checking with the internal NITRO team on this.
