From e59cfaecb28db08c27de91552f61bc785dcc29a8 Mon Sep 17 00:00:00 2001 From: Shivani-gslab Date: Tue, 6 Jan 2026 11:12:00 +0530 Subject: [PATCH 1/4] Refactor(eos_cli_config_gen): Rearrange eos_cli as per EOS 4.35.0F part 9 --- .../documentation/devices/host1.md | 49 ++++++++++--------- .../intended/configs/host1.cfg | 46 +++++++++-------- .../inventory/host_vars/host1/maintenance.yml | 3 ++ .../docs/tables/management-api-gnmi.md | 4 +- .../j2templates/eos/mac-security.j2 | 6 +-- .../j2templates/eos/maintenance.j2 | 8 +-- .../j2templates/eos/management-api-gnmi.j2 | 4 +- .../j2templates/eos/management-api-http.j2 | 16 +++--- .../_eos_cli_config_gen/schema/__init__.py | 9 +++- .../schema/eos_cli_config_gen.schema.yml | 4 +- .../management_api_gnmi.schema.yml | 4 +- 11 files changed, 87 insertions(+), 66 deletions(-) diff --git a/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md b/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md index ca742724f6d..b9cc5c89e03 100644 --- a/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md +++ b/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md @@ -959,19 +959,19 @@ Provider eos-native is configured. ```eos ! management api gnmi - transport grpc arFalse + transport grpc MGMT + ssl profile gnmi + vrf MGMT ip access-group acl1 notification timestamp send-time ! - transport grpc arTrue + transport grpc arFalse ip access-group acl1 - authorization requests notification timestamp send-time ! - transport grpc MGMT - ssl profile gnmi - vrf MGMT + transport grpc arTrue ip access-group acl1 + authorization requests notification timestamp send-time ! transport grpc mytransport @@ -1081,18 +1081,8 @@ management api http-commands protocol unix-socket default-services protocol https ssl profile SSL_PROFILE - no shutdown - ! - vrf default - no shutdown - ip access-group ACL-API - ipv6 access-group ACL-API6 - ! - vrf MGMT - no shutdown - ip access-group ACL-API protocol https certificate ------BEGIN CERTIFICATE----- + -----BEGIN CERTIFICATE----- MIIFNjCCAx4CCQCVGSFu9M4dNDANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJD QTELMAkGA1UECAwCQkMxEjAQBgNVBAcMCVZhbmNvdXZlcjEPMA0GA1UECgwGQXJp c3RhMQwwCgYDVQQLDANBVkQxDjAMBgNVBAMMBWhvc3QxMB4XDTI0MTExMzE3NTAw @@ -1122,8 +1112,8 @@ kc6u4R7x93bWtRedCtL8SroKgg3iSP+MNvjh7GRVrisKi1mHq37xBFbfcKWQ8Fux xak6B5u7Dkwio2KGtQAzUTw8GNrG8ix6wYbCxRTorl0qtxWKqB1sqPkxVmo73PkO sVbhuzXgHBzA4RNdl/qmwSKlL7pKfpQUm3jSzewJm224QTYODTF8KRpf -----END CERTIFICATE----- -EOF ------BEGIN PRIVATE KEY----- + EOF + -----BEGIN PRIVATE KEY----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCc9nlFQ/+Lvp5s 9AJOkCaj60EierKWbcZ34Eg9xExoVoFTvmle1G56QgLygfhuwV91hB5ds6YRRPju B4UQgYgxQfS12dn4ogSnD5hTLiQoS9ecC2mucj/fbazF98MUi2SBSlZg+ZMY7amT @@ -1175,7 +1165,17 @@ xEnBkzW4rhGpE+D72RC0Z4wOurE+pLxJpHnPu3lqVmD8m/AaxUzGdiRWPCLkx2G1 lRIvIpbuqzZ1QzAdWwCX/5mgBk/xoI88N3EcxvgEJJhiXihYwW/630KkKETqnu64 9ZBLoqoLmPhKxDHZuwO7re9GxVZ1HQ== -----END PRIVATE KEY----- -EOF + EOF + no shutdown + ! + vrf MGMT + no shutdown + ip access-group ACL-API + ! + vrf default + no shutdown + ip access-group ACL-API + ipv6 access-group ACL-API6 ``` ### Management API Models @@ -13337,8 +13337,8 @@ mac security mka session rekey-period 30 traffic unprotected allow sci - l2-protocol ethernet-flow-control bypass l2-protocol lldp bypass unauthorized + l2-protocol ethernet-flow-control bypass ! profile A2 key 1234b 7 @@ -14509,6 +14509,7 @@ Default maintenance unit profile: **UP1** | BGP profile | Initiator route-map | | ----------- | ------------------- | +| bgp2 | SystemGenerated | | BP1 | RM-MAINTENANCE | | BP2 | RM-MAINTENANCE2 | | BP3 | RM-MAINTENANCE3 | @@ -14527,7 +14528,7 @@ Default maintenance unit profile: **UP1** | Unit | Interface groups | BGP groups | Unit profile | Quiesce | | ---- | ---------------- | ---------- | ------------ | ------- | | System | - | - | UP1 | No | -| UNIT1 | INTERFACE_GROUP_1 | BGP_GROUP_1
BGP_GROUP_2 | UP1 | No | +| UNIT1 | inrerface_group
INTERFACE_GROUP_1 | bgp_group
BGP_GROUP_1
BGP_GROUP_2 | UP1 | No | #### Maintenance Device Configuration @@ -14542,6 +14543,8 @@ maintenance ! profile bgp BP3 initiator route-map RM-MAINTENANCE3 inout + ! + profile bgp bgp2 profile bgp BP1 default profile interface IP1 default profile unit UP1 default @@ -14562,7 +14565,9 @@ maintenance unit UNIT1 group bgp BGP_GROUP_1 group bgp BGP_GROUP_2 + group bgp bgp_group group interface INTERFACE_GROUP_1 + group interface inrerface_group profile unit UP1 ``` diff --git a/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg b/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg index 6ab16fff704..8d27ec9ee36 100644 --- a/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg +++ b/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg @@ -1590,18 +1590,8 @@ management api http-commands protocol unix-socket default-services protocol https ssl profile SSL_PROFILE - no shutdown - ! - vrf default - no shutdown - ip access-group ACL-API - ipv6 access-group ACL-API6 - ! - vrf MGMT - no shutdown - ip access-group ACL-API protocol https certificate ------BEGIN CERTIFICATE----- + -----BEGIN CERTIFICATE----- MIIFNjCCAx4CCQCVGSFu9M4dNDANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJD QTELMAkGA1UECAwCQkMxEjAQBgNVBAcMCVZhbmNvdXZlcjEPMA0GA1UECgwGQXJp c3RhMQwwCgYDVQQLDANBVkQxDjAMBgNVBAMMBWhvc3QxMB4XDTI0MTExMzE3NTAw @@ -1631,8 +1621,8 @@ kc6u4R7x93bWtRedCtL8SroKgg3iSP+MNvjh7GRVrisKi1mHq37xBFbfcKWQ8Fux xak6B5u7Dkwio2KGtQAzUTw8GNrG8ix6wYbCxRTorl0qtxWKqB1sqPkxVmo73PkO sVbhuzXgHBzA4RNdl/qmwSKlL7pKfpQUm3jSzewJm224QTYODTF8KRpf -----END CERTIFICATE----- -EOF ------BEGIN PRIVATE KEY----- + EOF + -----BEGIN PRIVATE KEY----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCc9nlFQ/+Lvp5s 9AJOkCaj60EierKWbcZ34Eg9xExoVoFTvmle1G56QgLygfhuwV91hB5ds6YRRPju B4UQgYgxQfS12dn4ogSnD5hTLiQoS9ecC2mucj/fbazF98MUi2SBSlZg+ZMY7amT @@ -1684,7 +1674,17 @@ xEnBkzW4rhGpE+D72RC0Z4wOurE+pLxJpHnPu3lqVmD8m/AaxUzGdiRWPCLkx2G1 lRIvIpbuqzZ1QzAdWwCX/5mgBk/xoI88N3EcxvgEJJhiXihYwW/630KkKETqnu64 9ZBLoqoLmPhKxDHZuwO7re9GxVZ1HQ== -----END PRIVATE KEY----- -EOF + EOF + no shutdown + ! + vrf MGMT + no shutdown + ip access-group ACL-API + ! + vrf default + no shutdown + ip access-group ACL-API + ipv6 access-group ACL-API6 ! management console idle-timeout 15 @@ -1701,19 +1701,19 @@ management defaults secret hash md5 ! management api gnmi - transport grpc arFalse + transport grpc MGMT + ssl profile gnmi + vrf MGMT ip access-group acl1 notification timestamp send-time ! - transport grpc arTrue + transport grpc arFalse ip access-group acl1 - authorization requests notification timestamp send-time ! - transport grpc MGMT - ssl profile gnmi - vrf MGMT + transport grpc arTrue ip access-group acl1 + authorization requests notification timestamp send-time ! transport grpc mytransport @@ -2086,8 +2086,8 @@ mac security mka session rekey-period 30 traffic unprotected allow sci - l2-protocol ethernet-flow-control bypass l2-protocol lldp bypass unauthorized + l2-protocol ethernet-flow-control bypass ! profile A2 key 1234b 7 12485744465E5A53 @@ -5088,6 +5088,8 @@ maintenance ! profile bgp BP3 initiator route-map RM-MAINTENANCE3 inout + ! + profile bgp bgp2 profile bgp BP1 default profile interface IP1 default profile unit UP1 default @@ -5108,7 +5110,9 @@ maintenance unit UNIT1 group bgp BGP_GROUP_1 group bgp BGP_GROUP_2 + group bgp bgp_group group interface INTERFACE_GROUP_1 + group interface inrerface_group profile unit UP1 ! monitor session myMonitoringSession1 source Ethernet1 ipv6 access-group ipv6ACL diff --git a/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/maintenance.yml b/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/maintenance.yml index 564913e2052..f503ca78856 100644 --- a/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/maintenance.yml +++ b/ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/maintenance.yml @@ -11,6 +11,7 @@ maintenance: shutdown: max_delay: 300 bgp_profiles: + - name: bgp2 - name: BP1 initiator: route_map_inout: RM-MAINTENANCE @@ -32,9 +33,11 @@ maintenance: profile: UP1 groups: bgp_groups: + - bgp_group - BGP_GROUP_1 - BGP_GROUP_2 interface_groups: + - inrerface_group - INTERFACE_GROUP_1 # Adding a unit with no profile for issue/2488 - name: System diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-api-gnmi.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-api-gnmi.md index 1fb7d8a7e85..b91dc7ef756 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-api-gnmi.md +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-api-gnmi.md @@ -15,7 +15,7 @@ | [        ssl_profile](## "management_api_gnmi.transport.grpc.[].ssl_profile") | String | | | | SSL profile name. | | [        vrf](## "management_api_gnmi.transport.grpc.[].vrf") | String | | | | VRF name is optional. | | [        notification_timestamp](## "management_api_gnmi.transport.grpc.[].notification_timestamp") | String | | | Valid Values:
- send-time
- last-change-time | Per the gNMI specification, the default timestamp field of a notification message is set to be
the time at which the value of the underlying data source changes or when the reported event takes place.
In order to facilitate integration in legacy environments oriented around polling style operations,
an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
| - | [        ip_access_group](## "management_api_gnmi.transport.grpc.[].ip_access_group") | String | | | | ACL name. | + | [        ip_access_group](## "management_api_gnmi.transport.grpc.[].ip_access_group") | String | | | | -> ACL name. Only one transport in the same VRF can be configured with a service ACL; all transports in the same VRF use the same service ACL. | | [        port](## "management_api_gnmi.transport.grpc.[].port") | Integer | | | | GNMI port.
Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
| | [        authorization_requests](## "management_api_gnmi.transport.grpc.[].authorization_requests") | Boolean | | | | Use per-RPC authorization. | | [    grpc_tunnels](## "management_api_gnmi.transport.grpc_tunnels") | List, items: Dictionary | | | | | @@ -58,7 +58,7 @@ # an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F. notification_timestamp: - # ACL name. + # -> ACL name. Only one transport in the same VRF can be configured with a service ACL; all transports in the same VRF use the same service ACL. ip_access_group: # GNMI port. diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 index 65994d53951..9040da1f4d4 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 @@ -42,12 +42,12 @@ mac security {% if profile.sci is arista.avd.defined(true) %} sci {% endif %} -{% if profile.l2_protocols.ethernet_flow_control.mode is arista.avd.defined %} - l2-protocol ethernet-flow-control {{ profile.l2_protocols.ethernet_flow_control.mode }} -{% endif %} {% if profile.l2_protocols.lldp.mode is arista.avd.defined %} l2-protocol lldp {{ profile.l2_protocols.lldp.mode }} {% endif %} +{% if profile.l2_protocols.ethernet_flow_control.mode is arista.avd.defined %} + l2-protocol ethernet-flow-control {{ profile.l2_protocols.ethernet_flow_control.mode }} +{% endif %} {% if profile.replay_protection.disabled is arista.avd.defined(true) %} replay protection disabled {% endif %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 index d11b6b1234d..abf96e807b5 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 @@ -8,7 +8,7 @@ {% if maintenance is arista.avd.defined %} ! maintenance -{% for bgp_profile in maintenance.bgp_profiles | arista.avd.natural_sort('name') %} +{% for bgp_profile in maintenance.bgp_profiles | arista.avd.natural_sort(sort_key='name', ignore_case=false) %} {% if loop.index0 > 0 %} ! {% endif %} @@ -46,7 +46,7 @@ maintenance shutdown max-delay {{ interface_profile.shutdown.max_delay }} {% endif %} {% endfor %} -{% for unit_profile in maintenance.unit_profiles | arista.avd.natural_sort('name') %} +{% for unit_profile in maintenance.unit_profiles | arista.avd.natural_sort(sort_key='name', ignore_case=false) %} {% if not first_line.flag %} ! {% endif %} @@ -62,10 +62,10 @@ maintenance {% endif %} {% set first_line = {'flag': False} %} unit {{ unit.name }} -{% for bgp_group in unit.groups.bgp_groups | arista.avd.natural_sort %} +{% for bgp_group in unit.groups.bgp_groups | arista.avd.natural_sort(ignore_case=false) %} group bgp {{ bgp_group }} {% endfor %} -{% for interface_group in unit.groups.interface_groups | arista.avd.natural_sort %} +{% for interface_group in unit.groups.interface_groups | arista.avd.natural_sort(ignore_case=false) %} group interface {{ interface_group }} {% endfor %} {% if unit.profile is arista.avd.defined %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-gnmi.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-gnmi.j2 index 9eb0f18904c..bd25ae83190 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-gnmi.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-gnmi.j2 @@ -11,7 +11,7 @@ management api gnmi {% if management_api_gnmi.transport is arista.avd.defined %} {% if management_api_gnmi.transport.grpc is arista.avd.defined %} {% set first_line = False %} -{% for transport in management_api_gnmi.transport.grpc | arista.avd.natural_sort(sort_key="name") %} +{% for transport in management_api_gnmi.transport.grpc | arista.avd.natural_sort(sort_key="name", ignore_case=false) %} {% if not loop.first %} ! {% endif %} @@ -40,7 +40,7 @@ management api gnmi {% if not first_line == True %} ! {% endif %} -{% for transport in management_api_gnmi.transport.grpc_tunnels | arista.avd.natural_sort(sort_key="name") %} +{% for transport in management_api_gnmi.transport.grpc_tunnels | arista.avd.natural_sort(sort_key="name", ignore_case=false) %} {% if not loop.first %} ! {% endif %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-http.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-http.j2 index 79b0fc50a8c..28284f0ac28 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-http.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-api-http.j2 @@ -29,9 +29,16 @@ management api http-commands {% endif %} {% if management_api_http.https_ssl_profile is arista.avd.defined %} protocol https ssl profile {{ management_api_http.https_ssl_profile }} +{% endif %} +{% if management_api_http.protocol_https_certificate is arista.avd.defined %} + protocol https certificate + {{ management_api_http.protocol_https_certificate.certificate }} + EOF + {{ management_api_http.protocol_https_certificate.private_key }} + EOF {% endif %} no shutdown -{% for vrf in management_api_http.enable_vrfs | arista.avd.natural_sort('name') %} +{% for vrf in management_api_http.enable_vrfs | arista.avd.natural_sort(sort_key='name', ignore_case=false) %} ! vrf {{ vrf.name }} no shutdown @@ -42,11 +49,4 @@ management api http-commands ipv6 access-group {{ vrf.ipv6_access_group }} {% endif %} {% endfor %} -{% if management_api_http.protocol_https_certificate is arista.avd.defined %} - protocol https certificate -{{ management_api_http.protocol_https_certificate.certificate }} -EOF -{{ management_api_http.protocol_https_certificate.private_key }} -EOF -{% endif %} {% endif %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/__init__.py b/python-avd/pyavd/_eos_cli_config_gen/schema/__init__.py index b33c0c676b6..08f29160e00 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/__init__.py +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/__init__.py @@ -21152,7 +21152,10 @@ class GrpcItem(AvdModel): EOS 4.27.0F. """ ip_access_group: str | None - """ACL name.""" + """ + -> ACL name. Only one transport in the same VRF can be configured with a service ACL; all transports + in the same VRF use the same service ACL. + """ port: int | None """ GNMI port. @@ -21194,7 +21197,9 @@ def __init__( operations, an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F. - ip_access_group: ACL name. + ip_access_group: + -> ACL name. Only one transport in the same VRF can be configured with a service ACL; all transports + in the same VRF use the same service ACL. port: GNMI port. Make sure to update the control-plane ACL accordingly in order for the service to be diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml index 8e616847b43..d3afebc2fbf 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml @@ -8390,7 +8390,9 @@ keys: ' ip_access_group: type: str - description: ACL name. + description: -> ACL name. Only one transport in the same VRF can + be configured with a service ACL; all transports in the same VRF + use the same service ACL. port: type: int description: 'GNMI port. diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/management_api_gnmi.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/management_api_gnmi.schema.yml index c6fff8bb7bc..e61fde0a989 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/management_api_gnmi.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/management_api_gnmi.schema.yml @@ -42,7 +42,9 @@ keys: an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F. ip_access_group: type: str - description: ACL name. + description: -> + ACL name. + Only one transport in the same VRF can be configured with a service ACL; all transports in the same VRF use the same service ACL. port: type: int description: | From 1cd24530ce8a2aaa1d7d920fa272292e485476c5 Mon Sep 17 00:00:00 2001 From: Shivani-gslab Date: Tue, 6 Jan 2026 14:42:19 +0530 Subject: [PATCH 2/4] molecule run --- .../documentation/devices/digital-twin-enforce-eapi-2.md | 4 ++-- .../intended/configs/digital-twin-enforce-eapi-2.cfg | 4 ++-- .../intended/configs/management-eapi-vrfs.cfg | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/documentation/devices/digital-twin-enforce-eapi-2.md b/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/documentation/devices/digital-twin-enforce-eapi-2.md index ee2f4b23748..68888da70af 100644 --- a/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/documentation/devices/digital-twin-enforce-eapi-2.md +++ b/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/documentation/devices/digital-twin-enforce-eapi-2.md @@ -72,10 +72,10 @@ management api http-commands protocol https no shutdown ! - vrf default + vrf MGMT no shutdown ! - vrf MGMT + vrf default no shutdown ``` diff --git a/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/intended/configs/digital-twin-enforce-eapi-2.cfg b/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/intended/configs/digital-twin-enforce-eapi-2.cfg index 51b7b4d41fc..fdd574fad19 100644 --- a/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/intended/configs/digital-twin-enforce-eapi-2.cfg +++ b/ansible_collections/arista/avd/extensions/molecule/digital_twin/digital_twin/intended/configs/digital-twin-enforce-eapi-2.cfg @@ -16,10 +16,10 @@ management api http-commands protocol https no shutdown ! - vrf default + vrf MGMT no shutdown ! - vrf MGMT + vrf default no shutdown ! interface Management1 diff --git a/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/management-eapi-vrfs.cfg b/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/management-eapi-vrfs.cfg index 1c320ac5e67..640022f1602 100644 --- a/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/management-eapi-vrfs.cfg +++ b/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/management-eapi-vrfs.cfg @@ -16,10 +16,6 @@ management api http-commands protocol https no shutdown ! - vrf inband_mgmt_1 - no shutdown - ip access-group ACL_EAPI_IPv4_3 - ! vrf MGMT no shutdown ip access-group ACL_EAPI_IPv4_4 @@ -40,6 +36,10 @@ management api http-commands vrf VRF_Enable_3 no shutdown ipv6 access-group ACL_EAPI_IPv6_1 + ! + vrf inband_mgmt_1 + no shutdown + ip access-group ACL_EAPI_IPv4_3 ! interface Loopback0 description ROUTER_ID From 551c3e800d20fa4bb00f84edc77822e3bd168697 Mon Sep 17 00:00:00 2001 From: Shivani-gslab Date: Tue, 6 Jan 2026 15:33:45 +0530 Subject: [PATCH 3/4] update management cvx --- .../intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.cfg | 2 +- .../intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.cfg | 2 +- .../pyavd/_eos_cli_config_gen/j2templates/eos/management-cvx.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.cfg b/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.cfg index 737e293670f..02d9c0a3ca2 100644 --- a/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.cfg +++ b/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF1.cfg @@ -25,9 +25,9 @@ vrf instance TEST ! management cvx no shutdown - server host 192.168.254.253 server host 192.168.254.254 server host 192.168.254.255 + server host 192.168.254.253 source-interface Loopback0 ! interface Loopback0 diff --git a/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.cfg b/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.cfg index 8eea3bc3372..ee3a4c043fb 100644 --- a/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.cfg +++ b/ansible_collections/arista/avd/extensions/molecule/eos_designs_unit_tests/intended/configs/OVERLAY_ROUTING_PROTOCOL_CVX_L3LEAF2.cfg @@ -25,9 +25,9 @@ vrf instance TEST ! management cvx no shutdown - server host 192.168.254.253 server host 192.168.254.254 server host 192.168.254.255 + server host 192.168.254.253 source-interface Loopback0 ! interface Loopback0 diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-cvx.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-cvx.j2 index e031c1ace92..46e573d2ded 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-cvx.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/management-cvx.j2 @@ -12,7 +12,7 @@ management cvx {% elif management_cvx.shutdown is arista.avd.defined(false) %} no shutdown {% endif %} -{% for server_host in management_cvx.server_hosts | arista.avd.natural_sort %} +{% for server_host in management_cvx.server_hosts | arista.avd.default([]) %} server host {{ server_host }} {% endfor %} {% if management_cvx.source_interface is arista.avd.defined %} From 923f16c34116334f9db998a0a91112cf058c715f Mon Sep 17 00:00:00 2001 From: Shivani-gslab Date: Fri, 9 Jan 2026 16:05:36 +0530 Subject: [PATCH 4/4] addressing comments --- .../pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 | 2 +- .../pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 index 9040da1f4d4..bad5d0f8deb 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/mac-security.j2 @@ -13,7 +13,7 @@ mac security {% if mac_security.fips_restrictions is arista.avd.defined(true) %} fips restrictions {% endif %} -{% for profile in mac_security.profiles | arista.avd.natural_sort(sort_key='name') %} +{% for profile in mac_security.profiles | arista.avd.natural_sort(sort_key='name', ignore_case=false) %} ! profile {{ profile.name }} {% if profile.cipher is arista.avd.defined %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 index abf96e807b5..68ce8428963 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/maintenance.j2 @@ -30,7 +30,7 @@ maintenance {% set first_line = {'flag': False} %} profile unit {{ maintenance.default_unit_profile }} default {% endif %} -{% for interface_profile in maintenance.interface_profiles | arista.avd.natural_sort('name') %} +{% for interface_profile in maintenance.interface_profiles | arista.avd.natural_sort(sort_key='name', ignore_case=false) %} {% if not first_line.flag %} ! {% endif %} @@ -56,7 +56,7 @@ maintenance on-boot duration {{ unit_profile.on_boot.duration }} {% endif %} {% endfor %} -{% for unit in maintenance.units | arista.avd.natural_sort('name') %} +{% for unit in maintenance.units | arista.avd.natural_sort(sort_key='name', ignore_case=false) %} {% if not first_line.flag %} ! {% endif %}