Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EPG Import Caused DVS Switch Uplink Port Modification (DCNE-244) #1300

Closed
Alexpf20210007 opened this issue Nov 13, 2024 · 10 comments
Closed

EPG Import Caused DVS Switch Uplink Port Modification (DCNE-244) #1300

Alexpf20210007 opened this issue Nov 13, 2024 · 10 comments
Labels
jira-sync Sync this issue to Jira

Comments

@Alexpf20210007
Copy link

Alexpf20210007 commented Nov 13, 2024
edited by akinross
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.5

APIC version and APIC Platform

5.2.8

Affected Resource(s)

aci_epg_to_domain

Terraform Configuration Files

main.tf
variables.tf
tfvars.tfvars

Main Config
#import {
#  to = aci_application_epg.test["TESTEPG1"]
#  id = "uni/tn-test/ap-test_anp/epg-TESTEPG1"
#}
resource "aci_application_epg" "test" { 
  for_each = try(var.endpoint_groups, {})  
  application_profile_dn = try(each.value["application_network_profiles"], null)  
  name = try(each.key, null)  
  relation_fv_rs_bd = try(each.value["bridge_domain"], null)
  description = "EPG Created Using Terraform"  
}
TFVARS Config
    "TESTEPG1": {
        "application_network_profiles": "uni/test_prod/ap-test_anp",
        "bridge_domain": "uni/test_prod/BD-test_bd"
    },

Debug Output

Some info in event was modified due:
EventId: 882693 EventTS: 173148224 Type: 2007 Message: dvPort group EPG1 in DC1 was reconfigured. Modified: config.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort: ("LAG") -> ("uplink1", "uplink2", "uplink3", "uplink4", "uplink5", "uplink6", "uplink7", "uplink8"); config.description: -> "Created By Terraform"; Added: Deleted: VMM Controller: VMWARE VMWARE.myoffice.com received event

Panic Output

Expected Behavior

Terraform should have imported the EPG and updated the description.

Actual Behavior

Terraform imported the EPG and re-connected DVS switchports in VMWare connection with wrong ports. I was not expecting an EPG import or description change to also make this change. The terraform plan did not show that it was going to make this change. It only showed an import and description change.
Message: dvPort group TESTEPG1 in TESTDC was reconfigured. Modified: config.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort: ("LAG") -> ("uplink1", "uplink2", "uplink3", "uplink4", "uplink5", "uplink6", "uplink7", "uplink8"); config.description: -> "Created By Terraform"; Added: Deleted: VMM Controller: VMWARE VMWARE.myoffice.com received event

Steps to Reproduce

Imported a new EPG and updated description.
terrafrom plan

  # aci_application_epg.amfam["TESTEPG1"] will be updated in-place
  # (imported from "uni/tn-test/ap-test_anp/epg-TESTEPG1")
  ~ resource "aci_application_epg" "amfam" {
        application_profile_dn       = "uni/tn-test/ap-test_anp"
      + description                  = "EPG Created Using Terraform"
        flood_on_encap               = "disabled"
        fwd_ctrl                     = "none"
        has_mcast_source             = "no"
        id                           = "uni/tn-test/ap-test_anp/epg-TESTEPG1"
        is_attr_based_epg            = "no"
        match_t                      = "AtleastOne"
        name                         = "TESTEPG1"
        pc_enf_pref                  = "unenforced"
        pref_gr_memb                 = "exclude"
        prio                         = "level3"
        relation_fv_rs_bd            = "uni/tn-test/BD-TESTBD"
        relation_fv_rs_cons          = []
        relation_fv_rs_cons_if       = []
        relation_fv_rs_cust_qos_pol  = "uni/tn-common/qoscustom-default"
        relation_fv_rs_fc_path_att   = []
        relation_fv_rs_intra_epg     = []
        relation_fv_rs_path_att      = []
        relation_fv_rs_prot_by       = []
        relation_fv_rs_prov          = []
        relation_fv_rs_prov_def      = []
        relation_fv_rs_sec_inherited = []
        shutdown                     = "no"
    }
  1. terraform apply
    aci_application_epg.amfam["TESTEPG1"]: Modifications complete after 10s [id=uni/tn-test/ap-test/epg-TESTTEPG1]

Important Factoids

Nothing special.

References

  • #0000
@akinross
Copy link
Collaborator

Hi @Alexpf20210007,

Could you add the logs that contain the payload that is being send by aci_application_epg?

You mention affected resource "aci_epg_to_domain" but I do not see any configuration of this provided. Could you also provide that configuration and log?

Just a heads up the EPG resource and it's children be changed. These changes have already been merged into master but are not yet released ( I do not know the exact release date for this ). See https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/docs/resources/application_epg.md for more details. I suspect that the behaviour you are experiencing might be fixed by this change.

There is also a rename for the "aci_epg_to_domain", this will be named "aci_relation_to_domain", see details: https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/docs/resources/relation_to_domain.md. The legacy "aci_epg_to_domain" will remain in the provider for now.

From your output it seems you are doing tests in a test environment, is this correct? You could build the master branch locally to test this behaviour. Let me know if you require any assistance with this.

@Alexpf20210007
Copy link
Author

I would like to understand how an EPG import and description update caused ACI to change the DVS ports on a VMWARE controller? I did no try to make any change to the physical or virtual domain. I provided the terraform plan output and it did not mention anything about changing the ports below. It just shows the description change.

dvPort group TESTEPG1 in TESTDC was reconfigured. Modified: config.defaultPortConfig.uplinkTeamingPolicy.uplinkPortOrder.activeUplinkPort: ("LAG") -> ("uplink1", "uplink2", "uplink3", "uplink4", "uplink5", "uplink6", "uplink7", "uplink8"); config.description: -> "Created By Terraform"; Added: Deleted: VMM Controller: VMWARE VMWARE.myoffice.com received event

@akinross
Copy link
Collaborator

Hi @Alexpf20210007,

Currently I see snippets of your plan and configuration not full files, so everything I would say would be based on assumptions without knowing what is actually being executed/send. In order to provide you more answers I would need to see some more information, thus I requested you to provide me additional logs and config. Could you please provide these?

@Alexpf20210007
Copy link
Author

Is it possible that I could upload the requested files to a Cisco TAC?

@akinross
Copy link
Collaborator

Hi @Alexpf20210007,

If you want to upload via TAC then please raise a TAC case through the normal process.

You can also email me ([email protected]) directly, which would be faster route for this issue. Please make sure to remove any sensitive information that is not intended for me.

@Alexpf20210007
Copy link
Author

Alexpf20210007 commented Nov 14, 2024 via email

@akinross
Copy link
Collaborator

akinross commented Nov 14, 2024
edited
Loading

Hi @Alexpf20210007,

I received the emails and will try to have a look tomorrow. Will keep you updated.

@akinross
Copy link
Collaborator

akinross commented Nov 15, 2024
edited
Loading

Hi @Alexpf20210007,

Could you clarify and provide me a few more logs:

  • Would it be possible for you to isolate the issue to only a single EPG import and apply ( manually in a local terraform setup ) and capture the logs from there? If possible, could you in that case also provide me the EPG config with it's full child tree?

  • The logs that contain the payload send with terraform: https://developer.hashicorp.com/terraform/internals/debugging. You can set the TF_LOG=DEBUG and TF_LOG_PATH=[dir] for this.

  • I am confused regarding the dvPort group TESTEPG1 in TESTDC error message, because this config.description: -> "Created By Terraform" I do not see anywhere in your configuration as a description. Did you adjust this message manually? Could you provide me the logs of this message when you run with the above environment logging variables set?

  • Are you experiencing the behaviour for every EPG, or is it only for some EPGs? You mention in the title it is on import, but to me this seems the behaviour you are describing is happening on change of description ( thus update apply operation ). Do you experience the same behaviour when doing a update of description after the first update apply of configuration? Are you experiencing the same when executing the update of description on the UI for that EPG?

@akinross akinross added the jira-sync Sync this issue to Jira label Nov 15, 2024
@github-actions github-actions bot changed the title EPG Import Caused DVS Switch Uplink Port Modification EPG Import Caused DVS Switch Uplink Port Modification (DCNE-244) Nov 15, 2024
@akinross
Copy link
Collaborator

akinross commented Nov 28, 2024
edited
Loading

Hi @Alexpf20210007, are you ok to close this issue?

@Alexpf20210007
Copy link
Author

Alexpf20210007 commented Dec 2, 2024 via email

@akinross akinross closed this as completed Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
jira-sync Sync this issue to Jira
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akinross @Alexpf20210007