The cisco.nxos.nxos_vrf module does not support sub-interfaces for the "interfaces" parameter.
dwebr opened this issue · 0 comments
SUMMARY
We are trying to use the cisco.nxos.nxos_vrf module along with the aggregate parameter and a list of interfaces for each VRF to assign the interfaces to the appropriate VRF.
The module works fine as long as the interface is not a sub-interface, for example Ethernet1/1.3901. When a sub-interface is listed in the aggregate.interfaces list, the module attempts to issue "no switchport" which is invalid on a sub-interface.
ISSUE TYPE
- Bug Report
COMPONENT NAME
cisco.nxos.nxos_vrf module using the aggregate parameter along with a list of interfaces.
ANSIBLE VERSION
ansible [core 2.14.0]
config file = /opt/netadmin/ansible/ansible.cfg
configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/netadmin/ve/ansible7/lib/python3.9/site-packages/ansible
ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/netadmin/ve/ansible7/bin/ansible
python version = 3.9.15 (main, Oct 22 2022, 11:54:42) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] (/opt/netadmin/ve/ansible7/bin/python)
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
ansible-galaxy collection list cisco.nxos
# /home/user/.ansible/collections/ansible_collections
Collection Version
---------- -------
cisco.nxos 6.0.0
# /opt/netadmin/ve/ansible7/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
cisco.nxos 4.0.0
CONFIGURATION
COLOR_ERROR(/opt/netadmin/ansible/ansible.cfg) = bright red
COLOR_VERBOSE(/opt/netadmin/ansible/ansible.cfg) = bright blue
CONFIG_FILE() = /opt/netadmin/ansible/ansible.cfg
DEFAULT_HOST_LIST(/opt/netadmin/ansible/ansible.cfg) = ['/opt/netadmin/ansible/inventory']
DEFAULT_TIMEOUT(/opt/netadmin/ansible/ansible.cfg) = 5
DISPLAY_SKIPPED_HOSTS(/opt/netadmin/ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/opt/netadmin/ansible/ansible.cfg) = False
RETRY_FILES_ENABLED(/opt/netadmin/ansible/ansible.cfg) = False
OS / ENVIRONMENT
Switch
Software
BIOS: version 07.69
NXOS: version 10.2(6) [Maintenance Release]
BIOS compile time: 04/07/2021
NXOS image file is: bootflash:///nxos64-cs.10.2.6.M.bin
NXOS compile time: 8/31/2023 12:00:00 [08/29/2023 21:07:36]
Hardware
cisco Nexus9000 C93180YC-EX chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 24617888 kB of memory.
Processor Board ID FDO23210NB1
Device name: SIM-ACI
bootflash: 11906048 kB
Control Node
Red Hat Enterprise Linux Server release 7.9 (Maipo)
STEPS TO REPRODUCE
host_vars
vrfs: "{{ pair_vrfs }}"
pair_vrfs:
- name: PK8
description: PK8_VRF
admin_state: up
- name: PRD
description: PRD_VRF
admin_state: up
- name: SHS
description: SHS_VRF
admin_state: up
pair_vrf_interfaces:
- name: SHS
interfaces:
- Ethernet1/1.3901
- Ethernet1/2.3901
- name: PRD
interfaces:
- Ethernet1/1.3902
- Ethernet1/2.3902role tasks
- name: NXOS (vrf)
block:
- name: Config Block
block:
- name: NXOS - Assign Interfaces to VRFs
cisco.nxos.nxos_vrf:
aggregate: "{{ vrf_interface_list }}"
register: vrf_resultsEXPECTED RESULTS
I would expect each interface (physical, logical) that has sub-interfaces to be properly configured with a vrf member statement. For example:
interface Ethernet1/1.3901
description SHS VRF v3901
encapsulation dot1q 3901
vrf member SHS
ip address 10.92.130.61/30
no shutdown
It appears that there is no distinction given between a standard Ethernet1/x interface and a sub-interface. This is likely to be a problem with sub-interfaces that have a parent of a port-channel interface.
If appears that line 332 (among others) of the source file https://github.com/ansible-collections/cisco.nxos/blob/main/plugins/modules/nxos_vrf.py
does a check to see if the interface is of type ethernet or port-channel and then appends the command "no switchport" if true.
if get_interface_type(i) in (
"ethernet",
"portchannel",
):
commands.append("no switchport")
It does not look like the module utility get_interface_type() distinguishes between the physical interface and the sub-interface. A possible solution to this specific issue, might be to add an additional check to see if the Ethernet or Port-channel interface is a sub-interface by checking the length of the interface after splitting on a period '.'
if get_interface_type(i) in (
"ethernet",
"portchannel",
) **and len(i.split('.')) < 2** :
commands.append("no switchport")
ACTUAL RESULTS
TASK [interfaces : NXOS - Assign Interfaces to VRFs] ****************************************************************************************************************************************************************************************
task path: /home/user/repos/eveng-labs/roles/interfaces/tasks/nxos_interfaces.yml:43
The full traceback is:
File "/home/user/.ansible/collections/ansible_collections/cisco/nxos/plugins/module_utils/network/nxos/nxos.py", line 143, in load_config
resp = connection.edit_config(config, replace=replace)
File "/opt/netadmin/ve/ansible7/lib/python3.9/site-packages/ansible/module_utils/connection.py", line 200, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [SIM-ACI]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"admin_state": "up",
"aggregate": [
{
"admin_state": "up",
"associated_interfaces": null,
"delay": 10,
"description": null,
"interfaces": [
"Ethernet1/1.3901",
"Ethernet1/2.3901"
],
"name": "SHS",
"rd": null,
"state": "present",
"vni": null
},
{
"admin_state": "up",
"associated_interfaces": null,
"delay": 10,
"description": null,
"interfaces": [
"Ethernet1/1.3902",
"Ethernet1/2.3902"
],
"name": "PRD",
"rd": null,
"state": "present",
"vni": null
}
],
"associated_interfaces": null,
"delay": 10,
"description": null,
"interfaces": null,
"name": null,
"purge": false,
"rd": null,
"state": "present",
"vni": null
}
},
"msg": "no switchport\r\r\n ^\r\n% Invalid command at '^' marker.\r\n\rSIM-ACI(config-subif)# "
}