aci_access_port_to_interface_policy_leaf_profile adding full tDn path in place of just group policy name
hsabale opened this issue ยท 4 comments
Community Note
- Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
When creating an Access Port Selector that is a port channel, with interaface_type as a PC, the policy_group appears to be putting the full tDn path instead of just the policy name
Affected Module Name(s):
aci_access_port_to_interface_policy_leaf_profile
APIC version and APIC Platform
APIC Version: 5.2.(6g) - on-prem and 6.0(2h) - Sandbox
Collection versions
- cisco.aci 2.3.0
Output/ Error message
- The fault F1011 gets generated with below message:
Failed to form relation to MO uni/infra/funcprof/accportgrp-PC_TEST_IPG of class infraAccBaseGrp
Expected Behavior
just the following should have been placed in the Access Port Selector Policy Group Field:
PC_TEST_IPG
Actual Behavior
- The full tDN path, is being inserted into the field as below
uni/infra/funcprof/accbundle-PC_TEST_IPG
Playbook tasks to Reproduce
[root@myserver]# cat hosts
all:
hosts:
apic:
apic_host: "sandboxapicdc.cisco.com"
apic_password: '!v3G@!4@Y'
apic_username: admin
vars:
apic_use_proxy: yes
apic_validate_certs: no
[root@myserver]# cat main.yml
- name: Network Automation
hosts: apic
gather_facts: no
roles:- Server_IP_Config
[root@myserver]# cat roles/Server_IP_Config/tasks/main.yml
-
name: Configure ACI
vars:
aci_login: &aci_login
hostname: '{{ apic_host }}'
username: '{{ apic_username }}'
password: '{{ apic_password }}'
use_proxy: '{{ apic_use_proxy }}'
validate_certs: '{{ apic_validate_certs }}'
delegate_to: localhostblock:
-
name: Create a Port Channel (PC) Interface Policy Group
cisco.aci.aci_interface_policy_leaf_policy_group:
<<: *aci_login
lag_type: link
policy_group: PC_TEST_IPG
description: PC_TEST_IPG
link_level_policy: LLP-10G
cdp_policy: CDP-DISBALE
lldp_policy: LLDP-ENABLE
port_channel_policy: PC-LACP-ACTIVE
state: present -
name: Associate an Interface Access Port Selector to an Interface Policy Leaf Profile with a Policy Group
cisco.aci.aci_access_port_to_interface_policy_leaf_profile:
<<: *aci_login
interface_profile: LEAF_101_IPF
access_port_selector: 1_11_IPS
port_blk: 1_11_IPS
from_port: '11'
to_port: '11'
policy_group: PC_TEST_IPG
state: present
-
[root@myserver]# cat roles/Server_IP_Config/var/main.yml
connectivity:
Access_Port:
aep: "HMS-L3OUT-AEP"
link_level_policy: "LLP-10G"
cdp_policy: "CDP-DISABLE"
lldp_policy: "LLDP-DISABLE"
mcp_policy: "MCP_On"
stp_interface_policy: "Enable_STP"
Port_Channel:
aep: "HMS-L3OUT-AEP"
link_level_policy: "LLP-10G"
cdp_policy: "CDP-DISABLE"
lldp_policy: "LLDP-DISABLE"
mcp_policy: "MCP_On"
stp_interface_policy: "Enable_STP"
port_channel_policy: "LACP_ACTIVE"
Virtual_Port_Channel:
aep: "HMS-L3OUT-AEP"
link_level_policy: "LLP-10G"
cdp_policy: "CDP-DISABLE"
lldp_policy: "LLDP-DISABLE"
mcp_policy: "MCP_On"
port_channel_policy: "LACP_ACTIVE"
stp_interface_policy: "Enable_STP"
MappingData:
tenant: "11_HMS"
Segement1:
name: "1.1.1.0/24"
ap: "FEED-ANP"
*
Important Factoids
LEAF_101_IPF & Interface policy used in playbook should be present before executing it.
Directory Tree Structure:
aci :
- roles - >
Server_IP_Config -->
a. defaults
b. tasks --> main.yml
c. templates
d. vars --> main.yml - hosts
- main.yml
References
- #0000
Hi @hsabale,
From your configuration it seems that you are not specifying interface_type into the task. Is this assumption correct?
If this is the case, please try providing interface_type into the task:
interface_type:
description:
- The type of interface for the static EPG deployment.
- The interface_type fex_profile can not be configured with a profile of type fex.
type: str
choices: [ breakout, fex, port_channel, switch_port, vpc, fex_port_channel, fex_vpc , fex_profile]
default: switch_port
The type determines the tDn. See code below from https://github.com/CiscoDevNet/ansible-aci/blob/master/plugins/modules/aci_access_port_to_interface_policy_leaf_profile.py#L337:
port_channels_dn = "uni/infra/funcprof/accbundle-{0}"
INTERFACE_TYPE_MAPPING = dict(
breakout="uni/infra/funcprof/brkoutportgrp-{0}",
fex="uni/infra/funcprof/accportgrp-{0}",
fex_profile="uni/infra/fexprof-{0}/fexbundle-{1}",
port_channel=port_channels_dn,
switch_port="uni/infra/funcprof/accportgrp-{0}",
vpc=port_channels_dn,
fex_port_channel=port_channels_dn,
fex_vpc=port_channels_dn,
)
I didn't see example for configuring IPS with PC/VPC so not used.
https://docs.ansible.com/ansible/latest/collections/cisco/aci/aci_access_port_to_interface_policy_leaf_profile_module.html#ansible-collections-cisco-aci-aci-access-port-to-interface-policy-leaf-profile-module
After setting interface_type as port_channel in playbook, its working fine.
Good to hear your issue is resolved.
Correct there is no example for PC/VPC currently there, is this something that you think should be added? I am asking this because in the documentation https://docs.ansible.com/ansible/latest/collections/cisco/aci/aci_access_port_to_interface_policy_leaf_profile_module.html#parameter-interface_type it defines default behaviour of this parameter. I assume upon usage of a module default behaviour is something you would like to know.