shutdown option for false does not enable the neighbor after the true option disables the neighbor targeted
digitalfiend64 opened this issue · 4 comments
digitalfiend64 commented
SUMMARY
When using the ios_bgp_global module (cisco.ios.ios_bgp_global) the option for shutdown (set: false) of the neighbor is not ‘enabling’ the neighbor on the device. If I use shutdown (set: true) it will ‘administratively shutdown’ the neighbor or ‘disable’ but the (set: false) option is not ‘enabling’
ISSUE TYPE
- Bug Report
COMPONENT NAME
ios_bgp_global module (cisco.ios.ios_bgp_global)
ANSIBLE VERSION
ansible [core 2.13.10]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/<REDACTED>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/<REDACTED>/ansible213_venv/lib64/python3.8/site-packages/ansible
ansible collection location = /home/<REDACTED>/.ansible/collections:/usr/share/ansible/collections
executable location = /home/<REDACTED>/ansible213_venv/bin/ansible
python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /home/<REDACTED>/ansible213_venv/lib/python3.8/site-packages/ansible_collections
Collection Version
---------- -------
cisco.ios 3.3.1
# /home/<REDACTED>/ansible213_venv/lib64/python3.8/site-packages/ansible_collections
Collection Version
---------- -------
cisco.ios 3.3.1
# /home/<REDACTED>/.ansible/collections/ansible_collections
Collection Version
---------- -------
cisco.ios 5.1.0
CONFIGURATION
INTERPRETER_PYTHON(/etc/ansible/ansible.cfg) = auto
OS / ENVIRONMENT
Cisco IOS XE Software, Version 03.16.05.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVIPSERVICESK9-M), Version 15.5(3)S5, RELEASE SOFTWARE (fc2)
STEPS TO REPRODUCE
- name: Enable/Disable BGP Neighbor
cisco.ios.ios_bgp_global:
config: "{{ network_service_config['bgp_global'] }}"
state: "{{ network_service_config['state'] }}"
register: bgp_global_config
Structure:
- configs:
- bgp_global:
as_number: 65138
neighbors:
- neighbor_address: <REDACTED>
description: NS_BGP_Neighbor_Shutdown - {{ lookup('ansible.builtin.pipe','date +%s') }} - CR{{ CR_number }}
shutdown:
set: falseEXPECTED RESULTS
I expect the neighbor to no longer be ‘administratively disabled’
ASR1K-03#sh bgp * all neighbors
For address family: IPv4 Unicast
BGP neighbor is , remote AS 65138, internal link
Description: CREHER12
Fall over configured for session
BFD is configured.
BGP version 4, remote router ID 0.0.0.0
BGP state = Idle
ACTUAL RESULTS
TASK [yeti.network_services.bgp : Enable/Disable BGP Neighbor] *****************
task path: /home/<REDACTED>/.ansible/collections/ansible_collections/yeti/network_services/roles/bgp/tasks/cisco.ios.ios/bgp_global.yml:13
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Loading collection ansible.utils from /home/<REDACTED>/.ansible/collections/ansible_collections/ansible/utils
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
<192.168.1.135> attempting to start connection
<192.168.1.135> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /home/<REDACTED>/ansible213_venv/bin/ansible-connection
<192.168.1.135> found existing local domain socket, using it!
<192.168.1.135> updating play_context for connection
<192.168.1.135>
<192.168.1.135> local domain socket path is /home/<REDACTED>/.ansible/pc/8a7fbbf07e
redirecting (type: action) cisco.ios.ios_bgp_global to cisco.ios.ios
redirecting (type: action) cisco.ios.ios_bgp_global to cisco.ios.ios
<192.168.1.135> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<192.168.1.135> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.ios.ios_bgp_global at /home/<REDACTED>/.ansible/collections/ansible_collections/cisco/ios/plugins/modules/ios_bgp_global.py
<192.168.1.135> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.ios.ios_bgp_global
<192.168.1.135> ANSIBLE_NETWORK_IMPORT_MODULES: complete
changed: [ASR1K-03] =>
{
"after": {
"as_number": "65138",
"bgp": {
"log_neighbor_changes": true
},
"neighbors": [
{
"description": "NS_BGP_Neighbor_Shutdown - 1704299845 - CR000000018",
"fall_over": {
"bfd": {
"set": true
}
},
"neighbor_address": "<REDACTED>",
"remote_as": "65138",
"shutdown": {
"set": true
}
},
{
"description": "BRXPLR02",
"fall_over": {
"bfd": {
"set": true
}
},
"neighbor_address": "FD0D:1:2:100::1",
"remote_as": "65137"
},
{
"description": "CREHER12",
"fall_over": {
"bfd": {
"set": true
}
},
"neighbor_address": "FD0D:1:2:102::2",
"remote_as": "65138"
}
]
},
"before": {
"as_number": "65138",
"bgp": {
"log_neighbor_changes": true
},
"neighbors": [
{
"description": "NS_BGP_Neighbor_Shutdown - 1704299624 - CR000000018",
"fall_over": {
"bfd": {
"set": true
}
},
"neighbor_address": "<REDACTED>",
"remote_as": "65138",
"shutdown": {
"set": true
}
},
{
"description": "BRXPLR02",
"fall_over": {
"bfd": {
"set": true
}
},
"neighbor_address": "FD0D:1:2:100::1",
"remote_as": "65137"
},
{
"description": "CREHER12",
"fall_over": {
"bfd": {
"set": true
}
},
"neighbor_address": "FD0D:1:2:102::2",
"remote_as": "65138"
}
]
},
"changed": true,
"commands": [
"router bgp 65138",
"neighbor <REDACTED> description NS_BGP_Neighbor_Shutdown - 1704299845 - CR000000018",
"neighbor <REDACTED> shutdown"
],
"invocation": {
"module_args": {
"config": {
"aggregate_address": null,
"aggregate_addresses": null,
"as_number": "65138",
"auto_summary": null,
"bgp": null,
"bmp": null,
"default_information": null,
"default_metric": null,
"distance": null,
"distribute_list": null,
"distributes": null,
"maximum_paths": null,
"maximum_secondary_paths": null,
"neighbors": [
{
"activate": null,
"additional_paths": null,
"address": null,
"advertise": null,
"advertise_map": null,
"advertisement_interval": null,
"aigp": null,
"allow_policy": null,
"allowas_in": null,
"as_override": null,
"bmp_activate": null,
"capability": null,
"cluster_id": null,
"default_originate": null,
"description": "NS_BGP_Neighbor_Shutdown - 1704299845 - CR000000018",
"disable_connected_check": null,
"distribute_list": null,
"dmzlink_bw": null,
"ebgp_multihop": null,
"fall_over": null,
"filter_list": null,
"ha_mode": null,
"inherit": null,
"ipv6_adddress": null,
"local_as": null,
"log_neighbor_changes": null,
"maximum_prefix": null,
"neighbor_address": "<REDACTED>",
"next_hop_self": null,
"next_hop_unchanged": null,
"password": null,
"password_options": null,
"path_attribute": null,
"peer_group": null,
"remote_as": null,
"remove_private_as": null,
"route_map": null,
"route_maps": null,
"route_reflector_client": null,
"route_server_client": null,
"send_community": null,
"send_label": null,
"shutdown": {
"community": null,
"graceful": null,
"local_preference": null,
"set": false
},
"slow_peer": null,
"soft_reconfiguration": null,
"tag": null,
"timers": null,
"translate_update": null,
"transport": null,
"ttl_security": null,
"unsuppress_map": null,
"update_source": null,
"version": null,
"weight": null
}
],
"networks": null,
"redistribute": null,
"route_server_context": null,
"scope": null,
"synchronization": null,
"table_map": null,
"template": null,
"timers": null
},
"running_config": null,
"state": "merged"
}
}
}
Read vars_file 'vars/project_standards.yml'
TASK [yeti.network_services.bgp : debug bgp_global_config] *********************
task path: /home/<REDACTED>/.ansible/collections/ansible_collections/yeti/network_services/roles/bgp/tasks/cisco.ios.ios/bgp_global.yml:19
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Loading collection ansible.utils from /home/<REDACTED>/.ansible/collections/ansible_collections/ansible/utils
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
Trying secret FileVaultSecret(filename='/home/<REDACTED>/vault_pass.txt') for vault_id=default
<192.168.1.135> attempting to start connection
<192.168.1.135> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /home/<REDACTED>/ansible213_venv/bin/ansible-connection
<192.168.1.135> found existing local domain socket, using it!
<192.168.1.135> updating play_context for connection
<192.168.1.135>
<192.168.1.135> local domain socket path is /home/<REDACTED>/.ansible/pc/8a7fbbf07e
ok: [ASR1K-03] => {
"msg": "output from bgp_global_config is: {'commands': ['router bgp 65138', 'neighbor <REDACTED> description NS_BGP_Neighbor_Shutdown - 1704299845 - CR000000018', 'neighbor <REDACTED> shutdown'], 'before': {'as_number': '65138', 'bgp': {'log_neighbor_changes': True}, 'neighbors': [{'remote_as': '65138', 'neighbor_address': '<REDACTED>', 'description': 'NS_BGP_Neighbor_Shutdown - 1704299624 - CR000000018', 'shutdown': {'set': True}, 'fall_over': {'bfd': {'set': True}}}, {'remote_as': '65137', 'neighbor_address': 'FD0D:1:2:100::1', 'description': 'BRXPLR02', 'fall_over': {'bfd': {'set': True}}}, {'remote_as': '65138', 'neighbor_address': 'FD0D:1:2:102::2', 'description': 'CREHER12', 'fall_over': {'bfd': {'set': True}}}]}, 'after': {'as_number': '65138', 'bgp': {'log_neighbor_changes': True}, 'neighbors': [{'remote_as': '65138', 'neighbor_address': '<REDACTED>', 'description': 'NS_BGP_Neighbor_Shutdown - 1704299845 - CR000000018', 'shutdown': {'set': True}, 'fall_over': {'bfd': {'set': True}}}, {'remote_as': '65137', 'neighbor_address': 'FD0D:1:2:100::1', 'description': 'BRXPLR02', 'fall_over': {'bfd': {'set': True}}}, {'remote_as': '65138', 'neighbor_address': 'FD0D:1:2:102::2', 'description': 'CREHER12', 'fall_over': {'bfd': {'set': True}}}]}, 'changed': True, 'failed': False}"
}
Read vars_file 'vars/project_standards.yml'
KB-perByte commented
Hey @digitalfiend64, as stated the shutdown attribute.
sets the configuration for the neighbor <neighbor_address> shutdown
To enable the neighbor, activate can be used, to configure neighbor <neighbor_address> activate.
Let me know if this is the expected configuration,
If not can you help us with the expected configuration?
Regards.
digitalfiend64 commented
expect the neighbor to no longer be ‘administratively disabled’
The expected outcome was that the neighbor to no longer be ‘administratively disabled’. Is the following excerpt from the example playbook supposed to accmplish that?
neighbors:
- neighbor_address: <REDACTED>
description: NS_BGP_Neighbor_Shutdown - {{ lookup('ansible.builtin.pipe','date +%s') }} - CR{{ CR_number }}
shutdown:
set: false
rmerrill-jax commented
I am also having the same issue. The expected behavior is that when shutdown: set: true is set the command "neighbor {{ IP address }} shutdown" is issued to the device and if the shutdown set: false is set "no neighbor {{ IP address }} shutdown" is issued
KB-perByte commented
Hey, @digitalfiend64 and @rmerrill-jax I understand the confusion here, the merged state is specifically not supposed to push any negating configuration to the appliance, considering your playbook as the source of truth. We can never render -
shutdown:
set: false
from the onbox configuration, once negated, the configuration goes out, not contacting any defaults.
That is why we have other action states like replaced or overridden which specifically deals with adding surplus configuration and negating any unwanted configuration from the appliance.
Considering this the running config :
dev#sh running-config | section bgp
router bgp 6500
no bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor <REDACTED> remote-as 100
neighbor <REDACTED> description Test description
neighbor <REDACTED> shutdown
having a replaced task removing the shutdown attribute, ensures the configuration in the appliance looks the same.
- name: Replaces device configuration
cisco.ios.ios_bgp_global:
config:
as_number: 6500
bgp:
default:
ipv4_unicast: false
route_target:
filter: false
neighbors:
- neighbor_address: <REDACTED>
description: Test description
remote_as: 100
state: replaced
This above task would fire
commands:
- router bgp 6500
- no neighbor <REDACTED> shutdown
making the on-box configuration
dev#sh running-config | section bgp
router bgp 6500
no bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor <REDACTED> remote-as 100
neighbor <REDACTED> description Test description
I hope that answers the questions.
I'll close off this issue.
Regards.