16:00:24 #startmeeting Network Working Group 16:00:24 Meeting started Wed Nov 23 16:00:24 2016 UTC. The chair is gundalow. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:24 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:24 The meeting name has been set to 'network_working_group' 16:00:35 Hi ericchou1 16:00:46 Hi 16:01:17 Agenda as always is https://github.com/ansible/community/issues/110 16:03:06 ack, ready to discuss my ansible/ansible#18104 if needed 16:03:17 #topic ansible/ansible#18104 16:03:51 https://github.com/ansible/ansible/pull/18104 16:03:52 #link https://github.com/ansible/ansible/pull/18104 16:04:10 so in AXAPIv2 there were some instances where the body is not JSon, such as when uploading aFlex scripts 16:04:11 though I think I'd need chair for that to stick in the minutes 16:04:26 #chair Qalthos 16:04:26 Current chairs: Qalthos gundalow 16:05:08 I need to verify with developer, but there might be some instance that needs to be outside of JSon as well. So I figure I will just take that part out. 16:07:01 and make it explicit 16:07:57 ganeshnalawade: Hi :) 16:08:03 gundalow, hi 16:09:41 ericchou1: so are you advocating waiting on some additional change (or verification) for this PR? 16:10:12 Qalthos: No, I am just providing ground on why I am making this change. 16:10:35 So I think we are good to merge it then 16:10:41 Oh, okay, I was completely misunderstanding then 16:10:48 yup 16:10:56 Thanks guys :) 16:11:02 done 16:11:19 woohoo! 16:11:29 sorry i joined late 16:11:32 ericchou1: on https://github.com/ansible/ansible-modules-extras/pull/3239/files I'm confused 16:11:54 ganeshnalawade: Not at issue, glad you an make it. We are just looking at some a10 modules 16:11:57 sure, which part? I am new so it is probably me. 16:12:23 ooooooooooooh 16:12:51 gundalow, thanks... i had couple of issues and a PR to discuss 16:12:54 I was getting confused as to ahy a10_server.py is listed as a new file (hence the discussion about version_added) I think the file is in the wrong dir 16:13:09 oh, is it? 16:13:23 my apology, which directory should it be in? 16:13:50 network/a10/ 16:14:04 That's why GitHub is showing it as a new file 16:14:09 ericchou1: looks like some are in network/a10, and some are in the root of the repository 16:14:16 that is where I put it, I think 16:14:26 all the a10 modules should be in network/a10/ 16:14:36 right 16:14:50 https://github.com/ansible/ansible-modules-extras/pull/3239/files "297 a10_server.py" 16:15:05 ericchou1: your PR has 2 each of a10_server.py, a10_service_group, and a10_virtual_server 16:15:06 let me check 16:15:51 sorry my connections seems a bit flaky this morning 16:16:05 no problem, we didn't say anything after you said "let me check" 16:16:24 ok, so I have two of the same files 16:16:51 I guess you made a backup and that accidently got added to the commit, which is easily done 16:17:19 phil-dileo: Hi :) 16:17:24 Hey! 16:17:32 Sorry I’m late 16:17:46 got it 16:17:50 phil-dileo: No problem, not got to your stuff yet. Just looking at some a10 bits first 16:18:32 ericchou1: Cool. Once you get the PRs updated I'll have another look. Appologies for not spoting the issue sooner and giving you confusing advice 16:18:37 sorry, I only see 1 file in my local directory 16:19:02 I will try to figure out, but if you can provide any pointers on how to correct this I'd appreciate it 16:19:20 ericchou1: What we generally suggest is to create a branch, rather than working directly on `devel` 16:19:25 maybe we can take it offline 16:19:33 right, ok 16:20:10 git checkout deve ; git checkout -b a10_server_axapi3 ; $EDITOR network/a10/a10_server.py ; git commit ; git push origin a10_server_axapi3 16:20:32 ok got it 16:20:33 Feel free to jump into #ansible-devel later and ask for pointers 16:20:33 thank you 16:20:40 appreciate that 16:20:50 No problem, it's a PITA at first 16:20:56 then a pain in other places later 16:21:05 #topic phil-dileo's questions on eos 16:21:06 :) 16:21:39 Banner: Yes 16:21:39 Hey, not sure if you want me to list them again? 16:22:03 Banner in 2.3? 16:22:48 I believe so 16:23:05 though I'm relaying privateip's comments, I'm not 100% sure on context 16:23:43 I’ve looked through the code and there’s no mention of it today, so hopefully 2.3 16:23:49 phil-dileo: This is the functionality required for https://github.com/ansible/test-network-modules/pull/56 ? 16:24:25 Right, banner was the first issue, but it also applies to ssl keys, etc. 16:26:10 phil-dileo: Could you please raise a feature request issue so we don't forget it 16:26:19 np 16:26:19 and mention https://github.com/ansible/test-network-modules/pull/56 16:26:21 Thanks 16:26:43 timeouts I'll talk about in a bit 16:27:10 And ‘updates’ when using src? 16:29:34 Yup, that can be added. Could you please raise a feature request issue (or PR :P) 16:30:04 It isn’t a bug? :-) 16:30:17 It makes me sad 16:30:20 oh yes, sorrym, that';s a bug 16:30:28 ergh, as my typing is 16:30:34 #topic Timeouts 16:30:39 Good news everybody! 16:31:15 As a number of you have spotted, across the different network platforms we occasionally trigger timeouts when performing various opperations 16:32:14 In Anisble 2.3 we will be changeing to using a persistent connection manager (think along the lines of SSH's ControlPersist) which should resolve those issues 16:32:47 We realise however that this is causing you all issues with 2.2. Therefor we will put in a different fix for 2.2 16:36:31 #topic ganeshnalawade Junos fixes 16:36:34 ganeshnalawade: you there? 16:36:39 gundalow, yes 16:36:55 Timeout: Fix #4281 Add timeout param to junos_config module https://github.com/ansible/ansible-modules-core/pull/5679 16:37:11 Timeout param support added in this PR is related to netconf transport. 16:37:11 Since there are two transports (Netconf and CLI) should the 16:37:25 parameter 16:37:25 name be renamed to "netconf_timeout" to me more specific 16:37:25 or current name "timeout" is fine? 16:38:32 Hum, that's a good question 16:39:02 Qalthos: What do you think? 16:39:12 I'm leaning towards netconf_timeout 16:40:59 ganeshnalawade: yup, please change to netconf_timeout 16:41:19 gundalow, ok thanks will make that change 16:41:59 junos_config broken configurations and idempotency https://github.com/ansible/ansible-modules-core/issues/5483 16:42:15 Interface given in format 'ae11.0' expand to 'ae11 unit 0' on device 16:42:15 which cause issues while taking diff in junos_config. 16:42:19 gundalow: I think it should probably be implemented at the module_utils level, as Shell's timeout is 16:42:41 unless I misunderstand the situation 16:42:51 Qalthos: hum, good point. I wonder if privateip's existing plans will fix that 16:43:30 at which point it could reasonably inherit the timeout parameter, with no issues as they shouldn't be interchangeable 16:43:38 allanice001: Welcome. https://github.com/ansible/community/issues/110 is the agenda. We've been through the a10 topics. Currently going through the junos items. The /topic gets updated with the topic 16:43:56 thnx gundalow 16:43:58 Qalthos, it is a Netconf session timeout 16:44:00 taking a look 16:44:31 Qalthos, need to have a active nectonf connection handle to set timeout for a particular session 16:45:15 ganeshnalawade: right, and you're setting it against module_utils.junos.Netconf.device, can't that be handled in the connect() method of module_utils.junos.Netconf? 16:46:05 gundalow: is this for #4103 #4104 #4715 ? 16:46:11 that's what creates the jnpr.junos.Device() 16:46:56 Qalthos, yes 16:47:22 again, I could be completely wrong here, but if it gets set in module_utils, it gets added for free in all other junos modules 16:47:48 allanice001: We are going through https://github.com/ansible/community/issues/110#issuecomment-262233203 "ganeshnalawade commented a day ago • edited" 16:48:11 gotcha, thnx 16:48:56 Qalthos, ok will explore this and check if it can be implemented in module_utlis 16:49:27 ganeshnalawade: Cool. Could you just add that as a note on the PR please, so if someone else looks at it we have a record 16:49:41 gundalow, sure 16:50:14 Next: https://github.com/ansible/ansible-modules-core/issues/5636 16:50:38 JUNOS get_config does not support 'set' format so to support 'set' 16:50:38 format in junos_facts module we can get 16:50:38 the config in text format and convert it to set format inside 16:50:38 junos_facts module and render it in output. 16:50:40 So I believe the fix for this was https://github.com/ansible/ansible-modules-core/commit/f5658f4e5048ae6f2cf1d8eb434be3602fc6bb3a which I merged ysterday 16:50:49 If support for 'set' format is required, I can create a new issue and work on it. 16:51:44 gundalow, new 16:52:22 I don't know if we need Set format. From reading the issue it seemed like a documentation issue 16:54:00 gundalow, ok...but going through code i think it possible to support set format as well 16:54:27 ganeshnalawade: ah, got you. In that case a Feature Request PR would be welcome if you think it's something that others would find useful 16:55:38 gundalow, ok sure 16:55:40 gundalow, 16:55:54 gundalow, will raise a feature request PR 16:55:59 gundalow, thanks 16:56:00 Thanks 16:56:12 ganeshnalawade: Any other Junos questions? 16:56:22 gundalow, nopes 16:57:13 hum, ismc was here but has left 16:57:45 The last there are GGabrieles 16:57:48 #topic Open Floor 16:58:04 allanice001: phil-dileo ganeshnalawade Qalthos Anything else? 16:58:14 yes 16:58:16 * Qalthos looks 16:58:20 nope, just lurking 16:58:53 What looks like a paramiko bug led to https://github.com/ansible/ansible-modules-core/issues/5308 16:59:25 ie, paramiko overwriting known_hosts before finishing the last one, leading to corrupted host keys 17:00:27 if anyone has experiences this or wants to try to see if they can replicate, a larger number of hosts will make the bug show up more frequently 17:00:34 is this in any way using py3 ? 17:00:40 (but as with race conditions, it's random) 17:00:41 the paramikto bug? 17:01:01 allanice001: we don't so I doubt it 17:01:10 ack 17:01:24 any work going into ansible py3? 17:01:35 constant 17:01:37 https://github.com/ansible/ansible/pull/18238 fixes the issue, but is technically a security regression, though it is the same behavior as 2.1 17:02:17 basically, I won't push it if it doesn't fix someone's problem, and I have no idea if it even does or not 17:02:26 actual fix is to add locking as we do in ssh 17:02:43 bcoca: right, and that's coming with 2.3^TM 17:03:41 If anyone has the issue and can verify the fix, we can move this along, otherwise it's back to low priority 17:03:44 that's all 17:04:17 Cool 17:04:32 Related to paramiko, has anyone tested transport: cli with encrypted keys? 17:04:33 Thanks as always. Good meeting today, nice to get through a set of PRs 17:05:15 (not urgent, we can discuss next time) 17:05:51 phil-dileo: the only wat 17:05:58 phil-dileo: not to my knowledge 17:05:59 ..way is to 17:06:09 unlock the keys beforehand 17:06:36 i store them in ssh-agent 17:07:14 k, thanks. I recently heard someone mention an issue where they were trying to use encrypted keys with ‘ssh_keyfile’ 17:08:26 problem is parsing the encrypted part of the key 17:11:06 standard key ||| -----BEGIN RSA PRIVATE KEY----- 17:11:07 MIIEowIBAAKCAQEArXwsOTVE13t3ZY69FRxyiu1Nhh77r8S/PfloV+4e9IIBqE/g 17:11:28 encrypted key ||| -----BEGIN RSA PRIVATE KEY----- 17:11:29 Proc-Type: 4,ENCRYPTED 17:11:30 DEK-Info: AES-128-CBC,FC362CD318C3B43A1B3D310E96EDE263 17:11:31 QfLkOsI4NU3ClJs/G6ZukfYvhcqsYiD/4bee+Cxffwy+y4Pkrdtljsq668fsVhxN 17:11:55 Right, I was thinking perhaps we could pass the private key + keyphrase into the provider and have paramiko decrypt 17:12:48 it needs to get handled with the aes encryption cipher 17:13:42 and i dont think youd want to pass the keyphrase over the wire - technically in clear 17:14:18 It isn’t over the wire since it’s connection: local. and the module sanitizes sensitive info 17:14:47 Anyway, not a critical topic 17:18:32 Cool 17:18:59 As always, feel free to add items onto the agenda https://github.com/ansible/community/issues/110 17:19:02 Thanks all 17:19:05 #endmeeting