bug: invalid configuration not showing failure

Question

bug: invalid configuration not showing failure

ryanmerolle opened this issue 9 months ago · 3 comments

SUMMARY

invalid commands do not error with the following task:

- name Perform Check Mode Running Config
   cisco.nxos.nxos_config:
     diff_against: intended
     intended_config: "{{ lookup('file', intended_config_path }}"
  register: running_diff
  check_mode: true
  diff: true

I have a configuration that is the exact same config on the host BUT I changed the line hostname test to hostvar test. The error would show on console if I connect to the device manually and apply. I also recall it shows for other provider/collections like arista.eos, but it does not here. Instead it shows a output in the std diff presented by ansible of:

-hostname test
+hostvar test

ISSUE TYPE

Bug Report

COMPONENT NAME

cisco.nxos.nxos_config

ANSIBLE VERSION

ansible [core 2.16.0]
  config file = None
  configured module search path = ['/Users/rmerolle/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/lib/python3.11/site-packages/ansible
  ansible collection location = /Users/rmerolle/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.11.6 (main, Oct  2 2023, 13:45:54) [Clang 15.0.0 (clang-1500.0.40.1)] (/opt/homebrew/opt/python@3.11/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION

# /home/vscode/.ansible/collections/ansible_collections
Collections Version
----------- -------
cisco.nxos 5.2.1

CONFIGURATION

OS / ENVIRONMENT

Cisco NXOS 10.2(6)

STEPS TO REPRODUCE

See summary

EXPECTED RESULTS

Task failure pointing out the line with issues similar to arista.eos collection or manually doing this on the cli.

ACTUAL RESULTS

See summary

Answer 1 · 2024-01-05T06:31:42.000Z

@ryanmerolle I'm not sure if I fully understand the issue here. The task you mentioned, does not seem to run the diff commands on the device (it merely calculates the diff). As such, the error reported by CLI (on execution of the erroneous command) won't be known to Ansible and it won't fail.

Can you please elaborate on what you think is not working here? Thanks.

Answer 2 · 2024-01-05T07:43:57.000Z

I thought the nxos config role uses config sessions to apply the config and revert it, given the check_mode being set, like the equivalent eos role does. If it did do that, I would imagine the error message would be available to ansible. At least that’s how it works when I manually test this process on the remote host by using config sessions and applying the config, then canceling the config session.

Answer 3 · 2024-01-10T12:43:15.000Z

@ryanmerolle The nxos_config module does not use on-box session based diff capabilities for this. It relies on standard AnsibleModule class diffing logic (which uses difflib). As far as I understand, the config session capabilities on NX-OS are limited even on the 10.3.x train. Can you share the steps you're performing manually on the CLI for this? Thanks!