TASK Manage fabric <name> in NDFC fails for IPv6 Underlay

[marehler]

Ansible Version

ansible [core 2.17.0]

Ansible Collection Versions

Collection                               Version
---------------------------------------- -------
ansible.netcommon                        5.3.0  
ansible.posix                            1.5.4  
ansible.utils                            2.11.0 
cisco.dcnm                               3.5.0  
cisco.nac_dc_vxlan                       0.3.0  
cisco.nxos                               5.3.0  
community.general                        8.5.0

Cisco NDFC Version

12.2.2

Cisco NX-OS Version

10.3(6)

Which role is this issue related to?

cisco.nac_dc_vxlan.dtc.create

Which section of the data model is this issue related to?

vxlan.underlay

Expected Behavior

Fabric with IPv6 underlay is created in NDFC.

Actual Behavior

ansible-playbook -i inventory.yaml deploy.yaml     

PLAY [marehler_vnd3] ********************************************************************************************************************************

<...>

TASK [cisco.nac_dc_vxlan.create : Role Entry Point - [cisco.nac_dc_vxlan.dtc.create]] *************************************************
ok: [marehler_vnd3] => {
    "msg": [
        "----------------------------------------------------------------",
        "+     Calling Role - [cisco.nac_dc_vxlan.dtc.create]           +",
        "----------------------------------------------------------------"
    ]
}

TASK [cisco.nac_dc_vxlan.create : ansible.builtin.debug] ******************************************************************************
ok: [marehler_vnd3] => {
    "msg": "Configuring NXOS Devices using NDFC (Direct to Controller)"
}

TASK [cisco.nac_dc_vxlan.create : Manage Fabric Entry Point] **************************************************************************
ok: [marehler_vnd3] => {
    "msg": [
        "----------------------------------------------------------------",
        "+     Manage Fabric VXLAN-FABRIC-2",
        "----------------------------------------------------------------"
    ]
}

TASK [cisco.nac_dc_vxlan.create : Manage fabric VXLAN-FABRIC-2 in NDFC] ***************************************************************
fatal: [marehler_vnd3]: FAILED! => {"changed": false, "msg": "The following parameter(value) combination(s) are invalid and need to be reviewed: Fabric: VXLAN-FABRIC-2, ENABLE_SGT(False) requires UNDERLAY_IS_V6 != True, UNDERLAY_IS_V6 valid values: [False, True]. ENABLE_NETFLOW(False) requires UNDERLAY_IS_V6 != True. UNDERLAY_IS_V6 valid values: [False, True]. ", "response": [{}], "result": [{}]}

Ansible Playbook

---
# This is the main entry point playbook for calling the various roles in this collection.
- hosts: marehler_vnd3
  any_errors_fatal: true
  gather_facts: no

  roles:
    # -----------------------
    # DataCenter Roles
    #   Role: cisco.netascode_dc_vxlan.dtc manages NDFC workflows
    #
    - role: cisco.nac_dc_vxlan.dtc.create
    - role: cisco.nac_dc_vxlan.dtc.deploy
    - role: cisco.nac_dc_vxlan.dtc.remove

Steps to Reproduce

Please see Actual Behavior output above.

Relevant Debug Output

No response

[mtarking]

@marehler can you bump the dcnm/ndfc collection to 3.6.0 and retest?

[marehler]

Upgraded cisco.dcnm to 3.6.0:

Collection                               Version
---------------------------------------- -------
ansible.netcommon                        7.1.0  
ansible.posix                            1.5.4  
ansible.utils                            5.1.2  
cisco.dcnm                               3.6.0  
cisco.nac_dc_vxlan                       0.3.0  
cisco.nxos                               5.3.0  
community.general                        8.5.0 

Same issue:

TASK [cisco.nac_dc_vxlan.create : Manage fabric VXLAN-FABRIC-2 in NDFC] *****************************************************************************
fatal: [marehler_vnd3]: FAILED! => {"changed": false, "msg": "The following parameter(value) combination(s) are invalid and need to be reviewed: Fabric: VXLAN-FABRIC-2, ENABLE_SGT(False) requires UNDERLAY_IS_V6 != True, UNDERLAY_IS_V6 valid values: [False, True]. ENABLE_NETFLOW(False) requires UNDERLAY_IS_V6 != True. UNDERLAY_IS_V6 valid values: [False, True]. ", "response": [{}], "result": [{}]}

[marehler]

Underlay configuration data to reproduce:

---
vxlan:
  underlay:
    general:
      enable_ipv6_underlay: true
      routing_protocol: ospf
      replication_mode: ingress
      underlay_routing_loopback_id: 0
      underlay_vtep_loopback_id: 1
      underlay_routing_protocol_tag: UNDERLAY
      intra_fabric_interface_mtu: 9216
      layer2_host_interfacde_mtu: 9216
      unshut_host_interfaces: False
    ipv6:
      enable_ipv6_link_local_address: true
      underlay_subnet_mask: 64
    ospf:
      area_id: 0.0.0.0
      authentication_enable: false

[marehler]

The error message is misleading. The above combination of features is valid and works fine when applied via API manually. The error message is created by the cisco.dcnm.dcnm_fabric module. It tries to validate the parameters using verify_playbook_params.py.

As a workaround you can disable the parameter verification in the fabric.yaml task by setting 'skip_validation' to true:

- name: Manage fabric {{ MD.vxlan.global.name }} in NDFC
  cisco.dcnm.dcnm_fabric:
    state: merged
    config: "{{ fabric_config }}"
    skip_validation: true

[mtarking]

Thanks for reporting @marehler. I don't think we want to skip the validation as the underlying Ansible module basis its params actually off the template from NDFC, depending on the module, but good to know that works as a workaround. In double-clicking into your #262 issue, I debugged this some more and this seems to have come to light with ND 3.2 where the Security tab was introduced and that namely needed to be handled differently now. I've tied the fixes for this into the same PR as issue #262.