dcnm_vrf: 500 error if Per VRF Per VTEP Loopback Auto-Provisioning is enabled #352
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Ansible Version and collection version
ansible [core 2.17.5]
config file = /Users/arobel/.ansible.cfg
configured module search path = ['/Users/arobel/repos/ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/arobel/repos/ndfc-python/.venv/lib/python3.12/site-packages/ansible
ansible collection location = /Users/arobel/repos/ansible/collections
executable location = /Users/arobel/repos/ndfc-python/.venv/bin/ansible
python version = 3.12.4 (main, Jun 6 2024, 18:26:44) [Clang 15.0.0 (clang-1500.3.9.4)] (/Users/arobel/repos/ndfc-python/.venv/bin/python)
jinja version = 3.1.4
libyaml = True
DCNM version
- V 3.6.0
Affected module(s)
- dcnm_vrf
Ansible Playbook
The error occurs during the merge VRF task.
The tasks following merge VRF are provided as a convenience for cleaning up.
---
- name: Minimum reproduce for 500 error when PER_VRF_LOOPBACK_AUTO_PROVISION is set
hosts: ndfc
vars:
FABRIC_NAME: FABRIC_1
FABRIC_BGP_AS: 65001
NETWORK_NAME: NETWORK_1
VRF_NAME: VRF_1
LEAF_IP4: 10.1.1.2
ATTACH_PORTS: ["Ethernet1/9"]
SWITCH_USERNAME: admin
SWITCH_PASSWORD: MySwitchPassword
tasks:
- name: Create fabric
cisco.dcnm.dcnm_fabric:
state: merged
config:
- FABRIC_NAME: "{{ FABRIC_NAME }}"
FABRIC_TYPE: VXLAN_EVPN
BGP_AS: "{{ FABRIC_BGP_AS }}"
PER_VRF_LOOPBACK_AUTO_PROVISION: true
- name: Add leaf
cisco.dcnm.dcnm_inventory:
fabric: "{{ FABRIC_NAME }}"
state: merged
config:
- seed_ip: "{{ LEAF_IP4 }}"
auth_proto: MD5
user_name: "{{ SWITCH_USERNAME }}"
password: "{{ SWITCH_PASSWORD }}"
max_hops: 0
role: leaf
preserve_config: False
register: result
- name: Wait for switch to fully reload
pause:
seconds: 180
when: result.changed
- name: deploy
cisco.dcnm.dcnm_rest:
method: POST
path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics/{{ FABRIC_NAME }}/config-deploy?forceShowRun=false"
when: result.changed
- name: Merge VRF
cisco.dcnm.dcnm_vrf:
fabric: "{{ FABRIC_NAME }}"
state: merged
config:
- vrf_name: "{{ VRF_NAME }}"
vrf_id: 50101
adv_default_routes: off
static_default_route: false
vrf_template: Default_VRF_Universal
vrf_extension_template: Default_VRF_Extension_Universal
vlan_id: 201
vrf_int_mtu: 9000
attach:
- ip_address: "{{ LEAF_IP4 }}"
deploy: on
register: result
- name: deploy
cisco.dcnm.dcnm_rest:
method: POST
path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics/{{ FABRIC_NAME }}/config-deploy?forceShowRun=false"
when: result.changed
- name: Merge Network
cisco.dcnm.dcnm_network:
fabric: '{{ FABRIC_NAME }}'
state: merged
config:
- net_name: "{{ NETWORK_NAME }}"
vrf_name: "{{ VRF_NAME }}"
net_id: 30101
net_template: Default_Network_Universal
net_extension_template: Default_Network_Extension_Universal
l3gw_on_border: true
vlan_id: 101
gw_ip_subnet: 172.16.14.1/24
attach:
- ip_address: "{{ LEAF_IP4 }}"
deploy: true
ports: "{{ ATTACH_PORTS }}"
deploy: on
multicast_group_address: 239.1.1.1
register: result
- name: deploy
cisco.dcnm.dcnm_rest:
method: POST
path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics/{{ FABRIC_NAME }}/config-deploy?forceShowRun=false"
when: result.changed
- name: Wait for network merge to deploy
pause:
seconds: 60
when: result.changed
- name: Delete network
cisco.dcnm.dcnm_network:
fabric: '{{ FABRIC_NAME }}'
state: deleted
config:
- net_name: "{{ NETWORK_NAME }}"
- name: Delete VRF
cisco.dcnm.dcnm_vrf:
fabric: '{{ FABRIC_NAME }}'
state: deleted
config:
- vrf_name: "{{ VRF_NAME }}"Debug Output
Expected Behavior
The error message returned by the controller is useful, but we should look into avoiding this error entirely by checking the status of PER_VRF_LOOPBACK_AUTO_PROVISION before trying to clear the loopback ID.
Actual Behavior
An Internal Server Error occurs.
fatal: [10.1.1.1]: FAILED! =>
{
"changed": false,
"msg":
{
"DATA": {
"Error": "Internal Server Error",
"message": "per vrf level loopback is enabled and hence not allowed to clear the loopback ID or IP",
"path": "/rest/top-down/fabrics/MSD/vrfs/attachments",
"status": "500",
"timestamp": "2024-11-28 01:35:15.164"},
"MESSAGE": "Internal Server Error",
"METHOD": "POST",
"REQUEST_PATH": "https://10.1.1.1:443/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/top-down/fabrics/MSD/vrfs/attachments",
"RETURN_CODE": 500
}
}
}
Steps to Reproduce
Run the attached playbook.
This creates a fabric with PER_VRF_LOOPBACK_AUTO_PROVISION set to True.