meraki_mx_vlan idempotency issues

Question

meraki_mx_vlan idempotency issues

mystery-rabbit opened this issue 2 years ago · 10 comments

Two parameters of meraki_mx_vlan command have idempotency issues:

specifying dhcp_handelling causes:
"HTTP error 400 - https://api.meraki.com/api/v1/networks/L_690176642894537554/appliance/vlans/1 - 'dhcpHandling' must be a string"
specifying dhcp_relay_server_ips as an empty string ( for the second time) causes:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: 'NoneType' object is not subscriptable

the following can be used to reproduce the first issue and with commenting, the second.:

---
- name: "Demo idempotency issue with VLAN"
  vars:
    site_cidr: 10.11.0.0/16
    vlans:
      - name: default
        vlan_id: 1
        subnet: "{{ site_cidr | ansible.utils.ipsubnet(24, 0) }}"
        appliance_ip: "{{ site_cidr | ansible.utils.ipsubnet(24, 0) | ansible.utils.nthhost(1) }}"
        vpn_nat_subnet: ""
        dns_nameservers: "upstream_dns"
        dhcp_handling: "Run a DHCP server"
        dhcp_relay_server_ips: ""
        dhcp_lease_time: "1 day"
        dhcp_boot_options_enabled: false
        dhcp_boot_next_server: ""
        dhcp_boot_filename: ""
        dhcp_options: []
        fixed_ip_assignments: []
        reserved_ip_range: []
  hosts: all
  tasks:

    - name: Delete VLANs
      cisco.meraki.meraki_mx_vlan:
        org_name: "{{ meraki_organisation.name }}"
        net_name: "{{ inventory_hostname }}"
        state: "absent"
        vlan_id: "{{ item.vlan_id }}"
      loop: "{{ vlans }}"

    - name: Create VLANs 1st time
      cisco.meraki.meraki_mx_vlan:
        org_name: "{{ meraki_organisation.name }}"
        net_name: "{{ inventory_hostname }}"
        state: "present"
        name: "{{ item.name }}"
        vlan_id: "{{ item.vlan_id }}"
        subnet: "{{ item.subnet }}"
        appliance_ip: "{{ item.appliance_ip }}"
        vpn_nat_subnet: "{{ item.vpn_nat_subnet }}"

        dns_nameservers: "{{ item.dns_nameservers }}"

        dhcp_handling: "{{ item.dhcp_handling }}"
        dhcp_relay_server_ips: "{{ item.dhcp_relay_server_ips }}"
        dhcp_lease_time: "{{ item.dhcp_lease_time }}"
        dhcp_boot_options_enabled: "{{ item.dhcp_boot_options_enabled }}"
        dhcp_boot_next_server: "{{ item.dhcp_boot_next_server }}"
        dhcp_boot_filename: "{{ item.dhcp_boot_filename }}"
        dhcp_options: "{{ item.dhcp_options }}"

        fixed_ip_assignments: "{{ item.fixed_ip_assignments }}"
        reserved_ip_range: "{{ item.reserved_ip_range }}"
      loop: "{{ vlans }}"

   ## Issue:: this is not idempotent; cannot be used to configure/reconfigure a VLAN.
    - name: Create VLANs 2nd time
      cisco.meraki.meraki_mx_vlan:
        org_name: "{{ meraki_organisation.name }}"
        net_name: "{{ inventory_hostname }}"
        state: "present"
        name: "{{ item.name }}"
        vlan_id: "{{ item.vlan_id }}"
        subnet: "{{ item.subnet }}"
        appliance_ip: "{{ item.appliance_ip }}"
        vpn_nat_subnet: "{{ item.vpn_nat_subnet }}"

        dns_nameservers: "{{ item.dns_nameservers }}"

        dhcp_handling: "{{ item.dhcp_handling }}"
        ## Issue ^^ idempotency issue.
        dhcp_relay_server_ips: "{{ item.dhcp_relay_server_ips }}"
        ## Issue ^^ NoneType object is not subscriptable
        dhcp_lease_time: "{{ item.dhcp_lease_time }}"
        dhcp_boot_options_enabled: "{{ item.dhcp_boot_options_enabled }}"
        dhcp_boot_next_server: "{{ item.dhcp_boot_next_server }}"
        dhcp_boot_filename: "{{ item.dhcp_boot_filename }}"
        dhcp_options: "{{ item.dhcp_options }}"

        fixed_ip_assignments: "{{ item.fixed_ip_assignments }}"
        reserved_ip_range: "{{ item.reserved_ip_range }}"
      loop: "{{ vlans }}"

example run:

(.venv) vagrant@terra01:~/meraki-as-code/ansible$ ansible-playbook demo_mx_vlan_bug.yml -i inv_xxx.yml -l "Mock*Branch*2"

PLAY [Demo idempotency issue with VLAN] ********************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************************************************************************
ok: [Mock Branch 2]

TASK [Delete VLANs] ****************************************************************************************************************************************************************************************************************************************************
changed: [Mock Branch 2] => (item={'name': 'default', 'vlan_id': 1, 'subnet': '10.11.0.0/24', 'appliance_ip': '10.11.0.1', 'vpn_nat_subnet': '', 'dns_nameservers': 'upstream_dns', 'dhcp_handling': 'Run a DHCP server', 'dhcp_relay_server_ips': '', 'dhcp_lease_time': '1 day', 'dhcp_boot_options_enabled': False, 'dhcp_boot_next_server': '', 'dhcp_boot_filename': '', 'dhcp_options': [], 'fixed_ip_assignments': [], 'reserved_ip_range': []})

TASK [Create VLANs 1st time] *******************************************************************************************************************************************************************************************************************************************
changed: [Mock Branch 2] => (item={'name': 'default', 'vlan_id': 1, 'subnet': '10.11.0.0/24', 'appliance_ip': '10.11.0.1', 'vpn_nat_subnet': '', 'dns_nameservers': 'upstream_dns', 'dhcp_handling': 'Run a DHCP server', 'dhcp_relay_server_ips': '', 'dhcp_lease_time': '1 day', 'dhcp_boot_options_enabled': False, 'dhcp_boot_next_server': '', 'dhcp_boot_filename': '', 'dhcp_options': [], 'fixed_ip_assignments': [], 'reserved_ip_range': []})

TASK [Create VLANs 2nd time] *******************************************************************************************************************************************************************************************************************************************
failed: [Mock Branch 2] (item={'name': 'default', 'vlan_id': 1, 'subnet': '10.11.0.0/24', 'appliance_ip': '10.11.0.1', 'vpn_nat_subnet': '', 'dns_nameservers': 'upstream_dns', 'dhcp_handling': 'Run a DHCP server', 'dhcp_relay_server_ips': '', 'dhcp_lease_time': '1 day', 'dhcp_boot_options_enabled': False, 'dhcp_boot_next_server': '', 'dhcp_boot_filename': '', 'dhcp_options': [], 'fixed_ip_assignments': [], 'reserved_ip_range': []}) => {"ansible_loop_var": "item", "changed": false, "item": {"appliance_ip": "10.11.0.1", "dhcp_boot_filename": "", "dhcp_boot_next_server": "", "dhcp_boot_options_enabled": false, "dhcp_handling": "Run a DHCP server", "dhcp_lease_time": "1 day", "dhcp_options": [], "dhcp_relay_server_ips": "", "dns_nameservers": "upstream_dns", "fixed_ip_assignments": [], "name": "default", "reserved_ip_range": [], "subnet": "10.11.0.0/24", "vlan_id": 1, "vpn_nat_subnet": ""}, "msg": "HTTP error 400 - https://api.meraki.com/api/v1/networks/L_690176642894537554/appliance/vlans/1 - 'dhcpHandling' must be a string", "response": "OK (unknown bytes)", "status": 400}

PLAY RECAP *************************************************************************************************************************************************************************************************************************************************************
Mock Branch 2              : ok=3    changed=2    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Answer 1 · 2023-01-25T16:31:56.000Z

Version of module:

# /home/vagrant/meraki-as-code/ansible/roles/community/ansible_collections
Collection   Version
------------ -------
cisco.meraki 2.15.0

Answer 2 · 2023-01-27T12:56:51.000Z

Thank you for reporting this. I'm looking into it now.

Answer 3 · 2023-01-27T13:15:19.000Z

Update. I've found the bug responsible for the first error. 1 line fix.

Answer 4 · 2023-01-27T13:44:49.000Z

Regarding the second one, this one is harder. I think this error comes from dhcp_relay_server_ips and dhcp_handling == "Run a DHCP server" my (perceived) fact that they don't make a lot of sense to run together. If a network is running a DHCP server, it won't have to have a DHCP relay setup. Meraki isn't including dhcp_relay_server_ips in the response so the diff comparison breaks and that's I think why it's not idempotent.

Do you have a use case where you need to specify both?

Answer 5 · 2023-01-27T13:49:44.000Z

I agree with your analysis - i only stumbled across it trying to work out which attribute was throwing the original error. As for use case, no - nothing that couldn't be solved with some playbook logic - multiple calls and some "when x is defined" sort of thing.

Answer 6 · 2023-01-27T13:55:45.000Z

I think I could also have it strip that from the payload since it's incompatible. Would that create any problems you could imagine?

Answer 7 · 2023-01-27T14:11:29.000Z

No, it wouldn't, they are mutually exclusive in application. Is that compatible with the general approach and philosophy used in the rest of the project? are the modules in general acting as idempotent interfaces to the API - thus allowing me to malform a request should i wish to - or is including that sanity check part of the overall philosophy of the project? if it doesn't clash with your approach, that would make sense (and it should be set when dhcp_handling: "Relay DHCP to another server". )