16:00:57 #startmeeting Ansible Network Working Group 16:00:57 Meeting started Wed Jul 18 16:00:57 2018 UTC. 16:00:57 This meeting is logged and archived in a public location. 16:00:57 The chair is gundalow. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:57 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:57 The meeting name has been set to 'ansible_network_working_group' 16:01:00 * gundalow waves 16:01:51 Hi 16:02:21 #chair Anil_ 16:02:21 Current chairs: Anil_ gundalow 16:02:46 * gundalow waits a few minutes for other to arrive 16:02:52 * Qalthos 🌊🌊 16:03:28 * dagrawal waves 16:03:41 * ganeshrn waves 16:05:11 * ikhan waves 16:05:26 #chair Qalthos dagrawal ganeshrn ikhan 16:05:26 Current chairs: Anil_ Qalthos dagrawal ganeshrn gundalow ikhan 16:05:31 #topic Team Update 16:05:37 #info Agenda https://github.com/ansible/community/labels/network 16:05:46 #info Ansible 2.6.1/2.5.6/2.4.6 are now available, which include security fixes, see https://groups.google.com/forum/#!topic/ansible-announce/4tUBKNcH5fU for more info 16:05:46 #info We suggest you subscribe to https://groups.google.com/forum/#!forum/ansible-announce to keep informed regarding releases 16:06:02 #info This week we've been working on the following: 16:06:02 #info * Zuul running VyOS integration tests on Ansible fork. Waiting for some upstream fixes in Zuul and Software Factory before work can proceed. 16:06:02 #info * Work continues on NIOS features 16:06:02 #info * working on ios_linkagg mode 16:06:02 #info * Added support for task basis command_timeout setting for network_cli and netconf connection, continue work on cliconf refactor 16:06:02 #info * Added support for commit label in iosxr_config. Working on Cisco FTD Ansible module 16:06:07 ... 16:06:12 Reviewing actions from previous meeting: 16:06:12 #info https://github.com/ansible/ansible/pull/41985 (ipmath filter) has been merged 16:06:12 #info https://github.com/ansible/ansible/pull/42500 (cnos_vlan) has been reviewed, awaiting updates 16:06:28 If you have any questions on the above feel free to ask us 16:06:58 #topic Add support for global IGMP configuration on onyx switches #42164 16:07:06 #link https://github.com/ansible/ansible/pull/42164 16:07:18 #info I've had a quick look over this and looks good. I'll merge 16:08:15 #topic Support setting persistent command timeout per task basis #42847 16:08:21 ganeshrn: :) 16:08:29 #info https://github.com/ansible/ansible/pull/42847 16:10:21 Anil_: itdependsnetwork: pffs caphrim007_ dag You may be interested in https://github.com/ansible/ansible/pull/42847 16:10:25 Qalthos: I have incorporated your review comments in code 16:10:54 ganeshrn: What's your plans for adding some tests as Qalthos suggested 16:11:03 Yes, I am interested in that 16:11:14 gundalow: yes i am working on that 16:11:25 nice 16:11:28 In my original code for cnos, I am using time out per command 16:11:37 #chair itdependsnetwork 16:11:37 Current chairs: Anil_ Qalthos dagrawal ganeshrn gundalow ikhan itdependsnetwork 16:11:37 I like it 16:11:43 #chair pffs 16:11:44 Current chairs: Anil_ Qalthos dagrawal ganeshrn gundalow ikhan itdependsnetwork pffs 16:11:51 itdependsnetwork: pffs Ace, thanks :) 16:12:15 gundalow: thx 16:12:15 Anil_: Will look through it after this meeting, thanks 16:12:45 I have done the changes for the comments of gundalow too. 16:12:52 #chair caphrim007_ 16:12:52 Current chairs: Anil_ Qalthos caphrim007_ dagrawal ganeshrn gundalow ikhan itdependsnetwork pffs 16:13:17 Take a look and merge if possible. I have 15 more modules to be refactored in this line 16:18:18 Anil_> In my original code for cnos, I am using time out per command 16:18:38 is this comment wrt to PR #42847 16:18:44 Anil_: ^^ 16:21:00 Ganesh: Yes. 16:21:40 Ganesh: I want it that way because if u execute config back up or restore we may need a better timeout 16:22:01 Image upload in some cases can go upto 2 minuteds 16:22:27 so for that type of task you can set timeout value in provider right? 16:22:30 yeah, that was my original reason for wanting it as well. Mostly the config save 16:22:39 I think 30 seconds is the present default timeout 16:23:04 which is inadequate 16:23:32 Anil_: if i get it correctly you are setting the timeout value in cnos module code? 16:24:28 yes, but the code is old and is in the process of changing it into persistence connection. I was using direct paramiko there and it has a timeout set up 16:25:01 ah ok got it 16:25:24 so after you move to persistent connection you don't have to set the timeout in module 16:25:28 When I change the paramiko code to persistence connection, I need timeout as a configurable item 16:26:11 yup that' the reason for PR #42847 16:26:32 Suppose my image upload take 2 minutes, say in case my switch is in San Jose and scp server in bangalore 16:27:09 Ganesh : Thats y I told I support that feature 16:28:33 yup i got it....i am saying when you move to persistent connection you don't need to set timeout in module 16:28:50 it can be deprecated from module code 16:29:08 to be in sync with other platforms that support persistent connection 16:29:49 Ok. Will look into that 16:33:01 Alright, does anyone have anything else to say about per-task timeouts? 16:33:44 Nothing apart from +1 from me 16:34:10 #topic Open Floor 16:34:13 Anything else? 16:34:49 Anil_: your changes looked good, so I merged cnos_vlan 16:35:33 Hopefully that process will make the rest of the modules quicker 16:39:23 Qalthos: I have seen that. Thanks. 16:41:30 Anyone got anything else? 16:43:22 Nothing from me 16:44:05 I'm currently working on two new ASA modules asa_facts and asa_user. 16:44:31 Since its my first contribution, I might need some help. 16:45:14 nxos_file_copy docs say it checks file md5 and im not convinced thats true 16:45:15 sts: Excellent, feel free to ask here at anypoint 16:45:28 jrosser: Has an issue been created for that? 16:46:06 not yet, i will if needed 16:46:18 wasnt sure if it should or if the dics are just wrong 16:46:40 it doesnt enev seem to check if the source/existing files are the same size 16:46:56 *even 16:47:53 Also while working on Ansible scripted Cisco ASA upgrades, I found that during a cluster failover, which results in a disconnect from the Cisco ASA side, and fires ansible.module_utils.connection.ConnectionError: Socket is closed, I'm unable to get Ansible to reconnect to the host to perform further operations. 16:48:39 `ignore_errors: yes` seems to be ignored and meta:clear_host_errors or meta:reset_connection don't seem to work with network_cli 16:49:18 jrosser: Not sure, would need to look. Either way it's a bug (in docs or missing functionality) 16:49:24 The exception comes from https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/connection.py#L149 16:49:33 ok, i will create an issue 16:49:48 #chair sts jrosser 16:49:48 Current chairs: Anil_ Qalthos caphrim007_ dagrawal ganeshrn gundalow ikhan itdependsnetwork jrosser pffs sts 16:50:04 #action jrosser to raise issue for nxos_file_copy docs say it checks file md5 16:50:07 Thanks 16:50:11 this is off the back of trying to upload nxos firmware, which it turns out is horribly difficult atm 16:50:23 @jrosser you can also try platform independant module net_get/net_put 16:50:38 jrosser: Yup, I think there has been some discussion with the NXOS team at Cisco about that 16:50:49 it does check for md5 of existing/src file 16:51:34 ok, well if the upload fails and you get half a file, rerunning doesnt try again 16:52:48 anyway, i'll stick this all in an issue 16:53:47 jrosser: Thanks. I'll speak to Cisco to see if they have a good route for firmware update. What platform is this? 16:54:05 n9k 16:55:36 cisco firmware updates are pretty painful in general. I ended up using netmiko instead of ansible for regular IOS 16:56:08 i have something working now 16:56:21 but its parsing dir bootflash: 16:56:33 and using expect module and scp 16:57:01 parse the flash, check md5, purge old bin files if they aren't needed, etc 16:57:04 trishnag: FYI ^, maybe something we can discus with MikeW tomorrow 16:57:39 We also typically host our IOS images on a remote server because SCP is abysmally slow on IOS, so we can pull via http or ftp 16:57:40 can you get the md5 from the cli? 16:57:46 on IOS you can 16:57:54 not sure on nxos, but I think it's similar 16:58:03 IOS is verify /md5 file 17:00:23 the semantics of nxos_reboot are very strange too 17:00:41 as in it always fails 17:01:29 yeah, IOS I have to do a reload in 1 so that it gives it enough time to get the prompt back and properly exit out instead of the device dying 17:01:35 I would guess nxos is similar 17:03:01 would be handy if nxos_reboot had an option for scheduling to get around that. I don't think I have a nexus switch handy any more, but should be similar syntax 17:04:16 @pffs does it also end the run with an ansible.module_utils.connection.ConnectionError? Same issue as with cisco asa after a `no failover active`? 17:05:16 sts: that would be something for jrosser. I could test if a reload via ios_command does the same, which is probably yes 17:05:37 #endmeeting