Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

junos_config not showing diff for chassis changes #534

Open
ryeleo opened this issue Aug 28, 2024 · 1 comment
Open

junos_config not showing diff for chassis changes #534

ryeleo opened this issue Aug 28, 2024 · 1 comment

Comments

@ryeleo
Copy link

ryeleo commented Aug 28, 2024
edited
Loading

SUMMARY

We have a couple of qfx5120-48y-8c devices that for some reason is not showing any diff results.

This device also seems to show a warning for protocols changes, as indicated in GitHub issue: "[WARNING]: mgd: statement has no contents; ignored" for protocols changes #535

ISSUE TYPE
  • Bug Report
COMPONENT NAME
  • junipernetworks.junos.junos_config
ANSIBLE VERSION
$ ansible --version
ansible [core 2.17.3]
  config file = None
  configured module search path = ['/home/rleonar7/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/rleonar7/.local/pipx/venvs/ansible/lib/python3.10/site-packages/ansible
  ansible collection location = /home/rleonar7/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/rleonar7/.local/bin/ansible
  python version = 3.10.12 (main, Jul 29 2024, 16:56:48) [GCC 11.4.0] (/home/rleonar7/.local/pipx/venvs/ansible/bin/python)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
$ ansible-galaxy collection list junipernetworks.junos

# /home/rleonar7/.ansible/collections/ansible_collections
Collection            Version
--------------------- -------
junipernetworks.junos 9.1.0
CONFIGURATION
$ ansible-config dump --only-changed
CONFIG_FILE() = None
OS / ENVIRONMENT

Target System Information

> show system information 
Model: qfx5120-48y-8c
Family: junos-qfx
Junos: 22.2R3-S2.8
Hostname: test-router

Target System Software

> show system software
localre:
--------------------------------------------------------------------------
chef-11.10.4_3.0_x86-32  --  chef
dsa-x86-64-22.2R3-S2.8  --  dsa
jail-runtime-x86-32-20230531.cf35cdf_builder_stable_12_222  --  jail runtime
jdocs-x86-32-20230902.110149_builder_junos_222_r3_s2  --  jdocs
jfirmware-x86-32-22.2R3-S1.7  --  jfirmware
jinsight-x86-32-22.2R3-S2.8  --  jinsight
jmrt-base-x86-64-20230902.110149_builder_junos_222_r3_s2  --  jmrt base
jpfe-common-x86-32-20230902.110149_builder_junos_222_r3_s2  --  jpfe common
jpfe-qfx-x86-32-x86-32-20230902.110149_builder_junos_222_r3_s2  --  jpfe qfx x86 32
jphone-home-x86-32-20230902.110149_builder_junos_222_r3_s2  --  jphone home
jsd-x86-32-22.2R3-S2.8-jet-1  --  jsd jet 1
jsdn-x86-32-22.2R3-S2.8  --  jsdn
junos-daemons-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos daemons
junos-daemons-qfx-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos daemons qfx
junos-dp-crypto-support-qfx-x86-32-20230902.110149_builder_junos_222_r3_s2  --  junos dp crypto support qfx
junos-l2-rsi-20230902.110149_builder_junos_222_r3_s2  --  junos l2 rsi
junos-libs-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos libs
junos-libs-compat32-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos libs compat32
junos-modules-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos modules
junos-net-dcp-prd-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos net dcp prd
junos-openconfig-x86-32-22.2R3-S2.8  --  junos openconfig
junos-platform-x86-32-20230902.110149_builder_junos_222_r3_s2  --  junos platform
junos-platform-qfx-x86-32-20230902.110149_builder_junos_222_r3_s2  --  junos platform qfx
junos-probe-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos probe
junos-routing-aggregated-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos routing aggregated
junos-routing-compat32-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos routing compat32
junos-routing-controller-external-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos routing controller external
junos-routing-controller-internal-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos routing controller internal
junos-routing-lsys-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos routing lsys
junos-routing-mpls-oam-advanced-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos routing mpls oam advanced
junos-routing-mpls-oam-basic-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos routing mpls oam basic
junos-routing-protocol-services-x86-64-22.2R3-S2.8  --  junos routing protocol services
junos-runtime-x86-32-20230902.110149_builder_junos_222_r3_s2  --  junos runtime
junos-runtime-qfx-x86-32-20230902.110149_builder_junos_222_r3_s2  --  junos runtime qfx
junos-modules-qfx-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos modules qfx
jweb-ex-x86-32-20230902.110149_builder_junos_222_r3_s2  --  jweb ex
na-telemetry-x86-32-22.2R3-S2.8  --  na telemetry
junos-net-prd-x86-64-20230902.110149_builder_junos_222_r3_s2  --  junos net prd
os-boot-junos-ve-x86-32-20230531.cf35cdf_builder_stable_12_222  --  os boot junos ve
os-compat32-x86-64-20230531.cf35cdf_builder_stable_12_222  --  os compat32
os-crypto-x86-64-20230531.cf35cdf_builder_stable_12_222  --  os crypto
os-kernel-flex-x86-64-20230531.cf35cdf_builder_stable_12_222  --  os kernel flex
os-libs-12-x86-64-20230531.cf35cdf_builder_stable_12_222  --  os libs
os-libs-compat32-12-x86-64-20230531.cf35cdf_builder_stable_12_222  --  os libs compat32
os-runtime-x86-64-20230531.cf35cdf_builder_stable_12_222  --  os runtime
os-vmguest-x86-64-20230531.cf35cdf_builder_stable_12_222  --  os vmguest
py-base-x86-32-20230902.110149_builder_junos_222_r3_s2  --  py base
py-extensions-x86-32-20230902.110149_builder_junos_222_r3_s2  --  py extensions
os-zoneinfo-20230531.cf35cdf_builder_stable_12_222  --  os zoneinfo
STEPS TO REPRODUCE
  1. Create the following "test.yml" playbook:
-
  hosts: test-router
  gather_facts: false
  tasks:
  -
    name: Deploy configuration
    connection: netconf
    diff: yes
    junipernetworks.junos.junos_config:
      update: replace
      src_format: text
      src: ./test-chassis.config
  1. Create the "test-chassis.config" file that contains the following:

replace:
chassis {
    maximum-ecmp 16;
    pem {
        minimum 2;
    }
    alarm {
        management-ethernet {
            link-down yellow;
        }
    }
    fpc 1 {
        pic 0 {
            tunnel-services {
                bandwidth 10g;
            }
        }
    }
    fpc 2 {
        pic 0 {
            port 55 {
                channel-speed disable-auto-speed-detection;
            }
        }
        inline-services {
            flow-table-size {
                ipv4-flow-table-size 5;
                ipv6-flow-table-size 5;
            }
        }
    }
}
  1. Run the playbook with --diff --check (and also with all required inventory and auth args):
$ ansible-playbook --check --diff project/test.yml    --private-key env/ssh_key --vault-password-file env/vault_password --inventory inventory/
EXPECTED RESULTS

Should see lots of differences, since the config is massively changed.

ACTUAL RESULTS
$ ansible-playbook --check --diff --private-key env/ssh_key --vault-password-file env/vault_password project/test.yml --inventory inventory/ -vvvv
ansible-playbook [core 2.17.3]
  config file = None
  configured module search path = ['/home/rleonar7/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/rleonar7/.local/pipx/venvs/ansible/lib/python3.10/site-packages/ansible
  ansible collection location = /home/rleonar7/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/rleonar7/.local/bin/ansible-playbook
  python version = 3.10.12 (main, Jul 29 2024, 16:56:48) [GCC 11.4.0] (/home/rleonar7/.local/pipx/venvs/ansible/bin/python)
  jinja version = 3.1.4
  libyaml = True
No config file found; using defaults
setting up inventory plugins
Loading collection ansible.builtin from 
host_list declined parsing /home/rleonar7/git-repos/junos_ansible/ansible/inventory/hosts as it did not pass its verify_file() method
script declined parsing /home/rleonar7/git-repos/junos_ansible/ansible/inventory/hosts as it did not pass its verify_file() method
auto declined parsing /home/rleonar7/git-repos/junos_ansible/ansible/inventory/hosts as it did not pass its verify_file() method
Parsed /home/rleonar7/git-repos/junos_ansible/ansible/inventory/hosts inventory source with ini plugin
Loading collection junipernetworks.junos from /home/rleonar7/.ansible/collections/ansible_collections/junipernetworks/junos
Loading callback plugin default of type stdout, v2.0 from /home/rleonar7/.local/pipx/venvs/ansible/lib/python3.10/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test.yml *************************************************************
Positional arguments: project/test.yml
verbosity: 4
private_key_file: /home/rleonar7/git-repos/junos_ansible/ansible/env/ssh_key
connection: ssh
become_method: sudo
tags: ('all',)
check: True
diff: True
inventory: ('/home/rleonar7/git-repos/junos_ansible/ansible/inventory',)
vault_password_files: ('/home/rleonar7/git-repos/junos_ansible/ansible/env/vault_password',)
forks: 5
1 plays in project/test.yml

PLAY [test-router] ****************************************
Trying secret FileVaultSecret(filename='/home/rleonar7/git-repos/junos_ansible/ansible/env/vault_password') for vault_id=default

TASK [Deploy configuration] ****************************************************
task path: /home/rleonar7/git-repos/junos_ansible/ansible/project/test.yml:8
redirecting (type: connection) ansible.builtin.netconf to ansible.netcommon.netconf
Loading collection ansible.netcommon from /home/rleonar7/.ansible/collections/ansible_collections/ansible/netcommon
Loading collection ansible.utils from /home/rleonar7/.ansible/collections/ansible_collections/ansible/utils
redirecting (type: netconf) ansible.builtin.junos to junipernetworks.junos.junos
<test-router> Using network group action junipernetworks.junos.junos for junipernetworks.junos.junos_config
<test-router> attempting to start connection
<test-router> using connection plugin ansible.netcommon.netconf
Found ansible-connection at path /home/rleonar7/.local/bin/ansible-connection
<test-router> local domain socket does not exist, starting it
<test-router> control socket path is /home/rleonar7/.ansible/pc/ec4dbeaaab
<test-router> Loading collection ansible.builtin from 
<test-router> redirecting (type: connection) ansible.builtin.netconf to ansible.netcommon.netconf
<test-router> Loading collection ansible.netcommon from /home/rleonar7/.ansible/collections/ansible_collections/ansible/netcommon
<test-router> Loading collection ansible.utils from /home/rleonar7/.ansible/collections/ansible_collections/ansible/utils
<test-router> redirecting (type: netconf) ansible.builtin.junos to junipernetworks.junos.junos
<test-router> Loading collection junipernetworks.junos from /home/rleonar7/.ansible/collections/ansible_collections/junipernetworks/junos
<test-router> local domain socket listeners started successfully
<test-router> loaded netconf plugin ansible_collections.junipernetworks.junos.plugins.netconf.junos from path /home/rleonar7/.ansible/collections/ansible_collections/junipernetworks/junos/plugins/netconf/junos.py for network_os junos
<test-router> Loading collection ansible.builtin from 
<test-router> local domain socket path is /home/rleonar7/.ansible/pc/ec4dbeaaab
<test-router> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<test-router> ANSIBLE_NETWORK_IMPORT_MODULES: found junipernetworks.junos.junos_config  at /home/rleonar7/.ansible/collections/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py
<test-router> ANSIBLE_NETWORK_IMPORT_MODULES: running junipernetworks.junos.junos_config
<test-router> ANSIBLE_NETWORK_IMPORT_MODULES: complete
ok: [test-router] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "backup": false,
            "backup_options": null,
            "check_commit": false,
            "comment": "configured by junos_config",
            "confirm": 0,
            "confirm_commit": false,
            "lines": null,
            "replace": null,
            "rollback": null,
            "src": "\nreplace:\nchassis {\n    maximum-ecmp 16;\n    pem {\n        minimum 2;\n    }\n    alarm {\n        management-ethernet {\n            link-down yellow;\n        }\n    }\n    fpc 1 {\n        pic 0 {\n            tunnel-services {\n                bandwidth 10g;\n            }\n        }\n    }\n    fpc 2 {\n        pic 0 {\n            port 55 {\n                channel-speed disable-auto-speed-detection;\n            }\n        }\n        inline-services {\n            flow-table-size {\n                ipv4-flow-table-size 5;\n                ipv6-flow-table-size 5;\n            }\n        }\n    }\n}\n",
            "src_format": "text",
            "update": "replace",
            "zeroize": false
        }
    }
}

PLAY RECAP *********************************************************************
test-router : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
Additional Info

As some additional info, I spent a long time bisecting the config to pinpoint this issue along with junos_config "[WARNING]: mgd: statement has no contents; ignored" for protocols changes #535

So, here is the full "test.yml" playbook I was using, with code comments to annotate the results in each case:

-
  hosts: test-router
  gather_facts: false
  tasks:
  -
    name: Deploy configuration
    connection: netconf
    diff: yes
    junipernetworks.junos.junos_config:
      update: replace
      src_format: text
      #
      # One config piece at a time Testing
      #
      # src: ./test-chassis.config  # NO diff: https://github.com/ansible-collections/junipernetworks.junos/issues/534
      # src: ./test-firewall.config  # Works
      # src: ./test-interfaces.config  # Works
      # src: ./test-forwarding-options.config  # Works
      # src: ./test-policy-options.config  # Works
      # src: ./test-protocols.config  # WARNING, but also DOES SHOW DIFF
      # src: ./test-routing-options.config  # Works
      # src: ./test-snmp.config  # Works
      # src: ./test-system.config  # Works
      # src: ./test-vlans.config  # Works
      
      #
      # Groups of config Testing
      #
      # src: ./test-only-chassis-and-protocols.config  # WARNING, and also NO diff
      # src: ./test-all-except-chassis-and-protocols.config  # Works
      # src: ./test-all.config  # WARNING, and also NO diff
      # src: ./test-all-except-chassis.config  # WARNING, but also DOES SHOW DIFF

      #
      # Testing that resulted in ONLY WARNING (but still DOES SHOW DIFF)
      #
      src: ./test-protocols.config  # WARNING, but also DOES SHOW DIFF

      #
      # Testing that resulted in NO diff (but also *DOES NOT PRODUCE WARNING*)
      #
      # src: ./test-chassis.config  # NO diff: https://github.com/ansible-collections/junipernetworks.junos/issues/534

      #
      # Testing that resulted in WARNING and also NO diff
      #
      # src: ./test-only-chassis-and-protocols.config  # WARNING, and also NO diff
      # src: ./test-all.config  # WARNING, and also NO diff
@ryeleo ryeleo mentioned this issue Aug 29, 2024
Open
@ryeleo
Copy link
Author

ryeleo commented Sep 11, 2024
edited
Loading

I found a workaround!

  • Use the juniper.device.config Ansible module (instead of the junipernetworks.junos.junos_config Ansible Module.)

That Ansible Module does not seem to encounter the "not showing diff" issue at all! (I will report back here if I do see the same issue in that Ansible Module in the future.)

See a bit more discussion of this workaround, including a code example, in a comment on issue #535

That juniper.device.config Ansible Module does require using the "ignore_warnings" option to workaround this issue. Our Ansible Task now looks something like the following:

-
  name: Deploy configuration
  connection: local
  juniper.device.config:
    src: "{{ config_path }}"
    load: replace
    ignore_warnings:
      - 'mgd: statement has no contents'
    format: text

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ryeleo