16:00:10 #startmeeting Network Working Group 16:00:10 Meeting started Wed Nov 22 16:00:10 2017 UTC. The chair is gundalow. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:10 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:10 The meeting name has been set to 'network_working_group' 16:00:50 #chair itdependsnetwork st8less jmcgill298 privateip 16:00:50 Current chairs: gundalow itdependsnetwork jmcgill298 privateip st8less 16:02:34 o/ 16:02:45 #chair skg-net caphrim007_ 16:02:45 Current chairs: caphrim007_ gundalow itdependsnetwork jmcgill298 privateip skg-net st8less 16:02:49 Hello hello! 16:03:08 i needed to re-adjust my calendar after daylight savings 16:03:18 i've been an hour late the last couple weeks :p 16:03:25 caphrim007_: You should be able to just add by URL the ics 16:04:08 https://raw.githubusercontent.com/ansible/community/master/meetings/ical/network.ics 16:04:21 oh goodie. thanks! 16:04:28 #info Agenda https://github.com/ansible/community/labels/network 16:04:46 Add by URL, if you download & add you will not get updates 16:05:19 #chair Anil 16:05:19 Current chairs: Anil caphrim007_ gundalow itdependsnetwork jmcgill298 privateip skg-net st8less 16:05:27 #topic nmap Dynamic inventory 16:05:50 #info nmap dynamic inventory https://github.com/ansible/ansible/pull/32857 16:06:02 #info Maybe of useful to some of you, reviews welcome 16:07:17 #topic Persistent Connection changes in 2.5 16:08:05 #info Now that https://github.com/ansible/ansible/pull/32825 is merged the Persistent Connection socket will be closed at the end of every play. Previously the socket would be left open for $TIMEOUT seconds after an ansible-playbook run 16:09:26 #info We are looking at including the PID of the main ansible process as part of the socket hash. 16:09:51 #info connection: network_cli is in devel, this is a big change, we welcome testing 16:09:56 Any questions on this? 16:10:19 #info We are putting together some draft developer docs on `connection: network_cli` 16:10:42 I am testing it already...it works fine 16:10:50 Anil: Excellent 16:11:50 off late I got some Authentication (publickey) failed.. any idea on that? 16:12:05 while connecting switch 16:12:19 I did export ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD=True 16:12:56 hum, I don't believe that should have changed 16:13:10 Anil: did you notice that you get better error messages rather than `unable to open shell` 16:13:11 will that include how non core modules can access ansible_username and password? 16:13:39 yes.. unable to open shell is no more there 16:13:55 itdependsnetwork: How do you mean? 16:14:11 oh the dev docs? 16:14:15 yes, sorry 16:14:16 SO the developer docs will 16:14:25 thanks 16:14:28 * Explain at a high level what network_cli is 16:15:48 * Include an example of a platform that only supports network_cli (the end goal is to not have top-level nor `provider:` at all) <-- From 2.6 this will be the prefered(/required?) way that new *platforms* must be developed 16:16:14 * Include details on extending provider (connection: local) to also support connection: network_cli 16:17:11 itdependsnetwork: Does that give you what you need? 16:17:26 Obviously difficult to tell to you see the words :) 16:18:15 Plan for this is we will use the wiki to quickly get some docs together, and between us improve it when ever there are question. Once it's in a reasonable shape we will turn it into a formal doc RST under dev_guide in the main repo 16:19:03 I'm going to guess that will be enough 16:19:05 Any other questions on that? 16:19:31 gundalow: that will help.. can it have migration steps for other platforms which is supported by community 16:19:32 Still a little abstract for me, but I think this will be the place to document it one way or anther 16:19:43 skg-net: Yup 16:19:49 itdependsnetwork: Yup, I agree 16:21:53 #topic Open Floor 16:21:58 #chair 16:21:58 Current chairs: Anil caphrim007_ gundalow itdependsnetwork jmcgill298 privateip skg-net st8less 16:22:03 Anyone got anything else? 16:22:12 Can I get recommendation for naming on this: https://github.com/ansible/ansible/pull/28446 16:22:28 #info Holiday in USA Thu & Friday, so limited response over the next two days 16:22:47 #topic Type manipulation #28446 16:22:56 #info https://github.com/ansible/ansible/pull/28446 16:23:50 itdependsnetwork: did you have any thoughts? 16:24:02 list_to_dict :) 16:24:06 hum, i though there were some ideas suggested before, though I don't see them 16:24:16 intent_dict I think was one 16:25:00 cast_list_to_dict 16:25:02 I'm trademarking "intent"! :P 16:25:25 I like the cast name. 16:25:55 If two people here can agree on a name then I'll merge it 16:26:06 +1 from me too :) 16:26:28 As we know naming things (Declaritive Intent, Aggregates/Collections) is really difficult 16:26:46 The second hardest problem in CS! 16:26:56 what is the hardest? 16:27:03 2) counting 16:27:11 +1 16:27:12 0) out by one errors 16:27:22 (aka zero index) 16:28:13 itdependsnetwork: cool update and ping me on IRC and I'll merge it 16:28:21 thank you sir 16:28:32 nah, thank you 16:28:39 #topic Open Floor 16:28:44 Any more for anymore? 16:29:01 There was one more 16:29:05 Sure 16:29:28 legacy facts 16:29:50 #topic Legacy Facts 16:30:07 itdependsnetwork: Is that related to https://github.com/ansible/ansible/pull/31783 16:30:46 don't think so, vlans was moved to legacy, trying to understand what the direction of facts is 16:32:12 https://meetbot.fedoraproject.org/ansible-network/2017-11-01/network_working_group.2017-11-01-16.00.html 16:32:23 is the goal to use gather_facts: yes for network modules? 16:32:23 part 5 on that ^^ 16:33:13 hum, looks like that gundalow fellow isn't doing his actions 16:33:21 lol 16:33:25 next week? 16:34:01 itdependsnetwork: right, it's on the Internal Network agenda 16:34:22 thanks 16:34:35 #chair rcarrillocruz 16:34:35 Current chairs: Anil caphrim007_ gundalow itdependsnetwork jmcgill298 privateip rcarrillocruz skg-net st8less 16:36:08 1) is the goal to use gather_facts: yes for network modules? 16:36:18 What other things would you like me to find out? 16:37:11 me? 16:37:27 me=gundalow 16:37:48 lol, is question directed to itdependsnetwork 16:37:54 yes 16:38:02 It's been a long day 16:38:16 https://meetbot.fedoraproject.org/ansible-network/2017-11-01/network_working_group.2017-11-01-16.00.log.html 16:38:47 same as there, 16:26 -> 16:37 16:39:37 but short of it, seemed like facts were actively being pulled out, but when I suggested a get method, was told to use facts 16:39:37 https://github.com/ansible/ansible/commit/751eab187f51cdc58a4c112abcb4265b7112ef1b#diff-83a6bf7294d0c5ac59ee458de130f795R355 16:39:48 these two seem in contrast with each other 16:40:33 but again, that is my interpretation of what legacy means 16:42:14 itdependsnetwork: That's great. want to make sure I ask the right questions 16:42:42 good deal 16:42:44 skg-net: Ah, good link, thanks 16:42:50 Anything else on facts? 16:44:02 Hi, I made a pull request, and it seems to be failing on docker exec 16:44:10 can anyone help me with it? 16:44:40 https://github.com/ansible/ansible/pull/33121 16:45:03 samerd_: Hi welcome. This channel is about using Ansible to configure network devices. Could I direct you to #ansible-devel they will be able to help 16:45:08 #topic Open Floor 16:45:12 #chair 16:45:12 Current chairs: Anil caphrim007_ gundalow itdependsnetwork jmcgill298 privateip rcarrillocruz skg-net st8less 16:45:25 Anyone got anything else? 16:45:25 gundalow: it's a networking PR 16:45:32 jtanner: oh 16:45:37 samerd_: appologies 16:45:42 mellanox switch config 16:46:04 samerd_: sorry, I though it was a docker PR I can help you with that 16:46:46 "2017-11-21 09:26:58 ERROR: Timeout waiting for vyos/1.1.0 instance 3aef8a0a-915f-44bc-baa5-9b49d817b093." 16:47:10 + yum issue, I've hit rerun 16:47:54 #info There is an issue with VyOS 1.1.7 AWS image causing Shippable TEST=network issues to fail with a ssh key error. This is an AWS/VyOS bug. Fix is in flight 16:49:14 gundalow: so the tests will be re-run again now? 16:49:29 yup 16:49:54 Thanks, will track it and see 16:50:38 Actually this is my first PR in ansible, could you let me know about the process of the PR? 16:51:15 I mean after the test passes 16:55:17 samerd_: We will review and once happy merge. Just as a heads up we are part way though changing the connection framework in 2.5 so we are discussing internally about how new modules should work moving forward, so we may be in touch with some other details 16:55:35 Though if we do, we will guide you through that process 16:56:30 gundalow: I know a lot of modules use ssh, but I wanna make sure any differences in http is also included 16:56:54 Good question, let me go into some more detail 16:57:03 #topic 2.5 connection: network_cli 16:57:22 #info Right now in 2.5 you can do `connection: network_cli` for the Core maintained network modules 16:58:42 so no planned changes for http connections at this point? 16:58:57 #info HTP(s) transports such as EAPI and NXAPI have not changed *yet*. It's likely that in 2.5 that they will not change, so you will still need `provider:\n transport: eapi` 16:59:23 ya, I was thinking about ACI, but same deal :) 16:59:35 #info The aim is in 2.6 to add support for `connection: network_eapi` `connection: network_nxapi` 16:59:39 etc 17:00:08 hmm, is there enough difference for connection handlers to not have network_http? 17:00:19 #info when using `connection: network_cli` you must use `become:` & `become_method` 17:00:44 jmcgill298: oh, and the module does the switching, interesting idea 17:00:53 s/module/connection plugin/ 17:01:08 just seems to make it simpler to use for the end users 17:01:22 Aye, that's a good idea, not though of that 17:02:32 We haven't fully designed the HTTP interfaces yet, for example, we are not sure how validate_certs would be specified 17:03:37 #info User facing docs for network_cli are in https://github.com/ansible/ansible/pull/31807 which also details `become` 17:03:55 how are other groups dealing with it? seems like that should be part of inventory like ansible_host 17:04:17 "other groups"? 17:04:38 windows, cloud, etc. 17:05:52 Well for cloud you are always talking to a valid https server 17:06:08 ya, I guess only network peeps are insecure 17:06:32 well, some clouds you can make it with self-signed 17:06:41 openstack modules there's a validate_certs no param 17:06:50 jmcgill298: slow steps away from telnet 17:07:08 rcarrillocruz: ah, good point. I wasn't thinking about on-prem cloud 17:07:37 sorry i got pull away 17:07:45 yes the idea is to have a single network connection for api 17:07:48 openstack is not just on-prem, but yeah, i don't think there's any openstack public cloud out there that is not serious enough to have self-signed certs 17:08:12 most likely that will be a post 2.5 implementation 17:08:31 privateip: Have we thought about how validate_certs would be specified? 17:08:46 with the new config stuff we will be able to add that as a property 17:09:56 was there anything else i missed? 17:10:07 #topic Legacy Role 17:10:11 itdependsnetwork: You still there 17:10:18 privateip: will paste some lines in 17:10:33 what is the status on facts? Based on this: https://github.com/ansible/ansible/commit/751eab187f51cdc58a4c112abcb4265b7112ef1b#diff-83a6bf7294d0c5ac59ee458de130f795R355 17:10:41 Is the goal to use gather-facts: yes for network modules? 17:10:51 seemed like facts were actively being pulled out, but when I suggested a get method, was told to use facts 17:10:57 these two seem in contrast with each other 17:11:06 but again, that is my interpretation of what legacy means 17:11:10 we are re-writing the entire facts system for network devices 17:11:11 ^ From ken 17:11:24 that will be a 2.6 project 17:11:31 parts are going into 2.5 though 17:11:45 the underpinnings is getting the module_utils work done 17:12:17 but to answer the question, yes the goal is to support gather_facts: yes for network modules 17:16:31 itdependsnetwork: jmcgill298 Nor sure if you are still around, though hopefully the above answers your questions 17:21:43 Ok, will end now 17:21:48 Thanks everybody 17:21:51 #endmeeting