* nxos_vpc:Fix idempotency issues with multiple attributes
Several attributes were causing idempotency problems on various platforms:
- `auto_recovery`
- This command can be disabled on certain platforms and will nvgen as `no auto-recovery`
- When enabled it has an additional optional-keyword for changing the `reload-delay` timer value
- This was addressed by adding a new attribute `auto_recovery_reload_delay` to handle setting the timer value
- This new attribute is mutually exclusive with `auto_recovery`
- `/show run vpc/show run vpc all/`
- Changed the command that gets state to `all` so that it could differentiate between `auto-recovery` and `auto-recovery reload-delay`
- This change resulted in also changing some attribute handling withing `get_vpc`, since some attributes like `peer_gw` relied on presence of the config to determine state true or false. With `all` the config is always there so these attrs must specifically check for `'no '` in the string.
- `delay_restore`
- This command has two additional, optional keywords that exist on some platforms and not others.
- New attrs:
- `delay_restore_interface_vlan`
- `delay_restore_orphan_port`
- Modified the `sanity` test to include the new attributes and to fix the platform issues.
- Bugfix Pull Request
`modules/network/nxos/nxos_vpc.py`
- Validated `nxos_vpc` `sanity` test on these platforms, all are now 100% Pass: N35, N3K, N3K-F, N6K, N7K, N9K, N9K-F
- TBD: Future work is needed to add support for `peer_gw_exclude_gw` timers. This could be addressed in the same way as the `auto_recovery_reload_delay` changes included here.
* lint fix
* Add 'version_added' tags for new options
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
* nxos_snmp_traps: fix 'group: all' for N35 platforms
- `group: all` attempts to enable traps for all features defined in the module's `feature_list`
- `N35` platforms do not support `snmp-server enable traps bfd`; so removing `bfd` from the `feature_list` for that platform
- Minor cleanup in `sanity.yaml` test file
* whitespace lint fix
The `nxos_vlan` module may raise with regex error `sre_constants.error: multiple repeat` in the non_structured codepath if the device has existing vlan names with certain regex control characters; e.g.
```
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Eth1/3
14 my-vlan-name-is-*** active
```
* `nxos_acl` may fail with `IndexError: list index out of range` while attempting to delete a non-existent ACL.
The failure occurs when the `acl` var is an empty list.
* nxos_acl: catch 501 'Structured output unsupported' when no ACLs present
With some older image versions, `show ip access-list | json` will raise a 501 error indicating `'Structured output unsupported'` when there are no access-lists configured. This change turns off the `check_rc` and then looks for the failure condition.
* Fix kwarg
* Fix lint issues
* Remove code but leave the metadata so that they can be listed as
removed in documentation.
* Remove removed modules from validate-modules ignore
* Remove unittests for the removed nodules
* Remove links to removed modules and add list of removed moduels to the
2.9 porting guide
* nxos_interface:DI: should only use delay when operation state check is requested
There is a 10 second delay that is added for every interface that is changed.
This delay should only occur when a task sets one of the `want` vars.
* /return/continue/
* Remove default use of paramiko connection plugin on macOS
This fix was originally to work around a bug that caused a kernel panic on macOS
that has since been fixed.
* Remove paramiko from requirements.txt
* Move paramiko checking to common place
* Drop the warnings obfiscation code
* Update pip installation instructions to reflect upstream instructions
* Fix tests on CentOS 6 (Python 2.6) that now show Python deprecation warnings
* Add changelog fragment
* Paramiko might not come standard everywhere
There is a platform where paramiko isn't shipped but a special version
of paramiko just for our use is shipped. This code imports paramiko
from that location.
* Add support for multiple IPv6 addresses in nxos_l3_interface module
Cisco support multiple IPv6 addresses on each interface but only the first
IPv6 is considered by this module. There is no impact on the configuration
but the module is not idempotent.
* Add internal support for IPv6 list
* Fix module idempotency
* Initialize tests for nxos_l3_interface
* Fix IPv4 removal idempotency
* Fix data extraction from nxos config
* Fix silently ignored interfaces in nxos_l3_interface
* Add warning when interface does not exist in nxos config
* nxos_interfaces_ospf: fix passive-interface states & check_mode
This fix addresses issues #41704 and #45343.
The crux of the problem is that `passive-interface` should have been treated as a tri-state value instead of a boolean.
The `no` form of the command disables the passive state on an interface (allows it to form adjacencies and send routing updates). It's essentially an override for `passive-interface default` which enables passive state on all OSPF interfaces.\*
This `no` config will be present in `running-config`.
\**See `router ospf` configuration.*
Since both enable and disable states are explicit configs, the proper way to remove either of these is with the `default` syntax.
Passive-interface config syntax:
```
ip ospf passive-interface # enable (nvgens)
no ip ospf passive-interface # disable (nvgens)
default ip ospf passive-interface # default (removes config, does not nvgen)
```
Code changes:
* `passive_interface` param changed from boolean to string, restricted to `true`,`false`,`default`.
* Several passive-interface specific checks were added because the existing module logic tends to test for true or false and doesn't handle the None case.
* Fixed `check_mode`.
Sanity verified on: N9K,N7K,N3K,N6K
* Fix doc header
* Unit tests for passive-interface
* doc fix#2
* Fix indent for SA
* Remove 'default' keyword, restore bool behavior
* remove changes to sanity
* * `reconcile_candidate()`
* old code searched the ip route configs for a given prefix+nexthop and then tried to remove the route based on prefix+nexthop only; this would fail when a static route was configured with `track` values.
* new code still looks for prefix+nexthop but uses the route config it finds on the device to remove it; e.g.
* search for: `ip route 192.168.20.64/24 192.0.2.3`
* find: `ip route 192.168.20.64/24 192.0.2.3 track 1 10`
* remove: `no ip route 192.168.20.64/24 192.0.2.3 track 1 10`
* logic cleanups:
* old code did a `show run` for every prefix. This can be a lot of data when there are large configs.
* new code uses filters to only return the static route configs.
* The filters now allow a common code path so no need for default vs vrf code paths
* `sanity` test: 100% Pass rate on N9K,N7K,N6K,N3K
- Bugfix Pull Request
`nxos_static_route`
* filter() does not return a list with python3
`filter()` was breaking pytest when it ran with python3, since it returns
an iterable instead of a list with python3.
Found that I didn't really need `filter()` anyway so just removed it
* restore var names /w/want/
* Fixed another problem where `group-timeout` was processed before `ip igmp snooping` was enabled
* `sanity` playbook:
* N6K: `show ip igmp snooping | json` succeeds on the device but doesn't return any data in body; added a skip to the sanity playbook to keep it out of CI
* Added a setup task to do initial cleanup on the device
* nxos_linkagg: `group` type mismatch causes idempotency failure
* `group` values need to be cast; e.g.
```
want = {'group': '20'}
have = {'group': 20}
```
* Found with N7K `sanity` test
* nxos_linkagg: change group param type to str
The `oif_ps` attr expects a list of dicts but it also supports keyword 'default'.
When the playbook specifies `oif_ps: default` the `nxos_igmp_interface` module fails:
```
"msg": "Elements value for option oif_ps is of type <type 'str'> and we were unable to convert to dict: dictionary requested, could not parse JSON or key=value"
```
This test used to work afaik so I believe `AnsibleModule` may have changed at some point to enforce strict type checking, causing this failure. I did not see another way to handle both list & str types for the same attr so I just set it to `raw`.
`nxos_igmp_interface/tests/common/sanity` now has 100% pass rate.
* nxos_igmp_snooping: group-timeout fails when igmp snooping disabled
group-timeout config will be rejected by the device if `ip igmp snooping` is disabled.
* raise a failure for this condition
* reorder the command list so that group-timeout is always last
* SA fixes
* SA fixes
* only call gt_dependency if gt
* nxos_vxlan_vtep: Add dependency checks
Some of the N9k-specific attrs are failing due to hardware/feature/resources.
* `global_suppress_arp`
- dependency on TCAM resources
* `global_mcast_group_L3`
- hardware dependency on specific chassis/linecards
- feature dependency on `ngmvpn`
* `global_ingress_replication_bgp`
- hardware dependency on specific chassis/linecards
Tested on N9k with/without TCAM resources, various N9k chassis, N7k, N6k. All 100% Pass.
* pylint
* nxos_hsrp: fix 'sh_preempt': <unknown enum:>
Some older nxos images fail to set this attr value. This fix checks for
unknown enum and issues a second (unstructured) call to the device to get
the data.
* add whitespace for pep8
* Fix 'defaults' option in the nxos_config module
Nxos get_config is allways called with the 'all' option.
* Fix flag's calculation
* Add tests
* nxos_config: the 'backup' option take into account the value of 'defaults' option
If 'defaults' option is true, the running-config backup is done with the all
keyword.
* added timestamps to nxos_command module
nxos_command module now returns timestamps field, which shows command execution time
* fixed unit test failure for /lib/ansible/module_utils/basic
* cosmetic changes to align with PEP 8
Rohit
Chris Van Heuveln
Mike Wiebe
Trishna Guha
Abhijeet Kasurde
Toshio Kuratomi
Sam Doran
Olivier BLIN
Dag Wieers
Matt Clay
Nilashish Chakraborty
Ganesh Nalawade
Nathaniel Case
QCU87Z
Albert Siersema
vaneuk