Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dcnm_vrf: TOP_DOWN_VRF_VLAN resources are leaked #356

Open
allenrobel opened this issue Dec 12, 2024 · 0 comments · May be fixed by #354
Open

dcnm_vrf: TOP_DOWN_VRF_VLAN resources are leaked #356

allenrobel opened this issue Dec 12, 2024 · 0 comments · May be fixed by #354
Assignees
@allenrobel

Comments

@allenrobel
Copy link
Collaborator

allenrobel commented Dec 12, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

dcnm_vrf is leaking the following resource: TOP_DOWN_VRF_VLAN when a VRF is created and then deleted.

This appears to happen ONLY when the fabric contains switches to which the created VRF was NOT attached.

For example, it the attached playbook is run, and if the ONLY switch in the fabric is 10.1.1.2, the issue is not seen.

If we add a second switch, say 10.1.1.3, which is not in the playbook's attach list, and then run the playbook, a TOP_DOWN_VRF_VLAN resource associated with switch 10.1.1.3 remains after the VRF is deleted.

Adding a sleep in the playbook, and then monitoring in the NDFC GUI, the stale resource is created during the VRF deleted task.

Ansible Version and collection version

(.venv) AROBEL-M-G793% ansible --version
ansible [core 2.17.5]
  config file = /Users/arobel/.ansible.cfg
  configured module search path = ['/Users/arobel/repos/ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/arobel/repos/ndfc-python/.venv/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/arobel/repos/ansible/collections
  executable location = /Users/arobel/repos/ndfc-python/.venv/bin/ansible
  python version = 3.12.4 (main, Jun  6 2024, 18:26:44) [Clang 15.0.0 (clang-1500.3.9.4)] (/Users/arobel/repos/ndfc-python/.venv/bin/python)
  jinja version = 3.1.4
  libyaml = True
(.venv) AROBEL-M-G793%

DCNM version

  • V x3.6.0

ND/NDFC version

3.2.1e / 12.2.2.238

Affected module(s)

  • dcnm_vrf

Ansible Playbook

- name: Minimum reproduce for TOP_DOWN_VRF_VLAN resource leak
  hosts: ndfc
  vars:
    FABRIC_NAME: FABRIC_1
    VRF_NAME: VRF_1
    SWITCH_IP4: 10.1.1.2
    ATTACH_PORTS: ["Ethernet1/9"]

  tasks:
    - name: Merge VRF
      cisco.dcnm.dcnm_vrf:
        fabric: "{{ FABRIC_NAME }}"
        state: merged
        config:
        - vrf_name: "{{ VRF_NAME }}"
          vrf_id: 50101 
          adv_default_routes: off
          static_default_route: false
          vrf_template: Default_VRF_Universal
          vrf_extension_template: Default_VRF_Extension_Universal
          vlan_id: 201
          vrf_int_mtu: 9000
          attach:
          - ip_address: "{{ SWITCH_IP4 }}"
            deploy: on
      register: result

    - name: Sleep 60 seconds
      ansible.builtin.pause:
        seconds: 60

    - name: Delete VRF
      cisco.dcnm.dcnm_vrf:
        fabric: '{{ FABRIC_NAME }}'
        state: deleted
        config:
        - vrf_name: "{{ VRF_NAME }}"

Debug Output

Expected Behavior

When deleting a VRF, all associated resources should be released.

Actual Behavior

When deleting a VRF, a TOP_DOWN_VRF_VLAN resource (one per VRF per switch X present in the fabric -- where switch X is NOT in the attach list for the VRF merged task) remains after the VRF is deleted. In the NDFC GUI, these resources are displayed as being Allocated to its associated (and now deleted) VRF (Fabric Detail -> Resources, filter on Resource Type == TOP_DOWN_VRF_VLAN).

Steps to Reproduce

Run the attached playbook with two or more switches in the fabric. A TOP_DOWN_VRF_VLAN resource will remain for every switch in the fabric that is not in the playbook's attach list.

References
@allenrobel allenrobel self-assigned this Dec 13, 2024
@allenrobel allenrobel linked a pull request Dec 13, 2024 that will close this issue
dcnm_vrf fix issues #351, #356, #357 #354
Open
@allenrobel allenrobel linked a pull request Dec 13, 2024 that will close this issue
Open
allenrobel added a commit that referenced this issue Dec 15, 2024
@allenrobel
dcnm_vrf: fix for #356, and for an undeploy case, simplify, more...
41a8fd7 
1. Fix case where previous commit in this PR broke undeploy.

2. Fix for issue #356

2. Update unit tests to align with changes in this commit

3. Some simplifications, including

- Add a method send_to_controller() to aggregate POST, PUT, DELETE verb handling.  This method calls dcnm_send() and then calls the response handler, etc.  This removes duplicated code throughout the module.

- Refactor vrf_lite handlng out of update_attach_params() and into new method update_attach_params_extension_values()

- Never noticed this, but it appears we don't have to use inspect() with the new logging system, except in cases where fail_json() is called.  Removed inspect() from all methods that do not call fail_json()

- New method is_border_switch() to remove this code from push_diff_attach() and for future consolidation into a shared library.

- Move dcnm_vrf_paths dictionary out of the class.  These endpoints will later be moved to common/api/ep/.

- in __init__(), add self.sn_ip, built from self.ip_sn.  There were several case where the module wanted a serial_number given an ip_address.  Added two methods that leverage self.sn_ip and self.ip_sn:

- self.serial_number_to_ip()
- self.ip_to_serial_number()

Replaced all instances where duplicated code was performing these functions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@allenrobel allenrobel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

dcnm_vrf fix issues #351, #356, #357 CiscoDevNet/ansible-dcnm
1 participant
@allenrobel