dcnm_vrf: 500 error if Per VRF Per VTEP Loopback Auto-Provisioning is enabled

[allenrobel]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Ansible Version and collection version

ansible [core 2.17.5]
  config file = /Users/arobel/.ansible.cfg
  configured module search path = ['/Users/arobel/repos/ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/arobel/repos/ndfc-python/.venv/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/arobel/repos/ansible/collections
  executable location = /Users/arobel/repos/ndfc-python/.venv/bin/ansible
  python version = 3.12.4 (main, Jun  6 2024, 18:26:44) [Clang 15.0.0 (clang-1500.3.9.4)] (/Users/arobel/repos/ndfc-python/.venv/bin/python)
  jinja version = 3.1.4
  libyaml = True

DCNM version

• V 3.6.0

Affected module(s)

• dcnm_vrf

Ansible Playbook

The error occurs during the merge VRF task.

The tasks following merge VRF are provided as a convenience for cleaning up.

---
- name: Minimum reproduce for 500 error when PER_VRF_LOOPBACK_AUTO_PROVISION is set
  hosts: ndfc
  vars:
    FABRIC_NAME: FABRIC_1
    FABRIC_BGP_AS: 65001
    NETWORK_NAME: NETWORK_1
    VRF_NAME: VRF_1
    LEAF_IP4: 10.1.1.2
    ATTACH_PORTS: ["Ethernet1/9"]
    SWITCH_USERNAME: admin
    SWITCH_PASSWORD: MySwitchPassword

  tasks:
    - name: Create fabric
      cisco.dcnm.dcnm_fabric:
        state: merged
        config:
        - FABRIC_NAME: "{{ FABRIC_NAME }}"
          FABRIC_TYPE: VXLAN_EVPN
          BGP_AS: "{{ FABRIC_BGP_AS }}"
          PER_VRF_LOOPBACK_AUTO_PROVISION: true

    - name: Add leaf
      cisco.dcnm.dcnm_inventory:
        fabric: "{{ FABRIC_NAME }}"
        state: merged
        config:
        - seed_ip: "{{ LEAF_IP4 }}"
          auth_proto: MD5
          user_name: "{{ SWITCH_USERNAME }}"
          password: "{{ SWITCH_PASSWORD }}"
          max_hops: 0
          role: leaf
          preserve_config: False
      register: result

    - name: Wait for switch to fully reload
      pause:
        seconds: 180
      when: result.changed

    - name: deploy
      cisco.dcnm.dcnm_rest:
        method: POST
        path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics/{{ FABRIC_NAME }}/config-deploy?forceShowRun=false"
      when: result.changed

    - name: Merge VRF
      cisco.dcnm.dcnm_vrf:
        fabric: "{{ FABRIC_NAME }}"
        state: merged
        config:
        - vrf_name: "{{ VRF_NAME }}"
          vrf_id: 50101 
          adv_default_routes: off
          static_default_route: false
          vrf_template: Default_VRF_Universal
          vrf_extension_template: Default_VRF_Extension_Universal
          vlan_id: 201
          vrf_int_mtu: 9000
          attach:
          - ip_address: "{{ LEAF_IP4 }}"
            deploy: on
      register: result

    - name: deploy
      cisco.dcnm.dcnm_rest:
        method: POST
        path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics/{{ FABRIC_NAME }}/config-deploy?forceShowRun=false"
      when: result.changed

    - name: Merge Network
      cisco.dcnm.dcnm_network:
        fabric: '{{ FABRIC_NAME }}'
        state: merged
        config:
        - net_name: "{{ NETWORK_NAME }}"
          vrf_name: "{{ VRF_NAME }}"
          net_id: 30101
          net_template: Default_Network_Universal
          net_extension_template: Default_Network_Extension_Universal
          l3gw_on_border: true
          vlan_id: 101
          gw_ip_subnet: 172.16.14.1/24
          attach:
            - ip_address: "{{ LEAF_IP4 }}" 
              deploy: true
              ports: "{{ ATTACH_PORTS }}"
          deploy: on
          multicast_group_address: 239.1.1.1
      register: result

    - name: deploy
      cisco.dcnm.dcnm_rest:
        method: POST
        path: "/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics/{{ FABRIC_NAME }}/config-deploy?forceShowRun=false"
      when: result.changed

    - name: Wait for network merge to deploy
      pause:
        seconds: 60
      when: result.changed

    - name: Delete network
      cisco.dcnm.dcnm_network:
        fabric: '{{ FABRIC_NAME }}'
        state: deleted
        config:
        - net_name: "{{ NETWORK_NAME }}"

    - name: Delete VRF
      cisco.dcnm.dcnm_vrf:
        fabric: '{{ FABRIC_NAME }}'
        state: deleted
        config:
        - vrf_name: "{{ VRF_NAME }}"

Debug Output

Expected Behavior

The error message returned by the controller is useful, but we should look into avoiding this error entirely by checking the status of PER_VRF_LOOPBACK_AUTO_PROVISION before trying to clear the loopback ID.

Actual Behavior

An Internal Server Error occurs.

fatal: [10.1.1.1]: FAILED! =>
{
    "changed": false,
    "msg":
    {
     "DATA": {
        "Error": "Internal Server Error",
        "message": "per vrf level loopback is enabled and hence not allowed to clear the loopback ID  or IP",
        "path": "/rest/top-down/fabrics/MSD/vrfs/attachments",
        "status": "500",
        "timestamp": "2024-11-28 01:35:15.164"},
        "MESSAGE": "Internal Server Error",
        "METHOD": "POST",
        "REQUEST_PATH": "https://10.1.1.1:443/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/top-down/fabrics/MSD/vrfs/attachments",
        "RETURN_CODE": 500
       }
   }
}

Steps to Reproduce

Run the attached playbook.

This creates a fabric with PER_VRF_LOOPBACK_AUTO_PROVISION set to True.

References