01-20-2022 04:46 AM
Has anyone used Ansible's flag --diff with any ACI module? I have not observed any difference in the printouts when either using or not using the specific flag.
thanks a lot
01-20-2022 07:39 PM
Hi
Yes and it works.
Running a playbook to create a tenant not existing yet on ACI:
TASK [Create ACI Tenant] ***************************************************************************************************************************************************************************************** changed: [APIC1] => {"changed": true, "current": [{"fvTenant": {"attributes": {"annotation": "orchestrator:ansible", "descr": "", "dn": "uni/tn-TEST_TENANT", "name": "TEST_TENANT", "nameAlias": "", "ownerKey": "", "ownerTag": "", "userdom": ":all:common:"}}}], "mo": {"fvTenant": {"attributes": {"annotation": "orchestrator:ansible", "dn": "uni/tn-TEST_TENANT", "name": "TEST_TENANT"}}}}
Run same command after the tenant exists:
TASK [Create ACI Tenant] ***************************************************************************************************************************************************************************************** ok: [APIC1] => {"changed": false, "current": [{"fvTenant": {"attributes": {"annotation": "orchestrator:ansible", "descr": "", "dn": "uni/tn-TEST_TENANT", "name": "TEST_TENANT", "nameAlias": "", "ownerKey": "", "ownerTag": "", "userdom": ":all:common:"}}}], "mo": {"fvTenant": {"attributes": {"annotation": "orchestrator:ansible", "dn": "uni/tn-TEST_TENANT", "name": "TEST_TENANT"}}}}
command ran:
ansible-playbook -i hosts tmp2.yml --diff -v
01-21-2022 01:16 AM
Hi Francesco,
thanks a lot for your reply. I think that what you mention is "Idempotence", which is not implemented in ansible by definition, but from the modules themselves. So the configuration is not reapplied in case it already exists however this is true with or without the --diff flag.
The --diff flag, at least to my understanding from documentation, would only highlight the additions/deletions on the configuration. I believe that the output you have shared is produced by the -v flag.
thanks
iordanis
01-25-2022 08:46 AM
The diff won't give you the specific parameter value that will be changed.
However, if you do a check diff you can see what was before and what is being applied.
Example:
I have a tenant TEST_TENANT with description TEST_TENANT. I changed the description to TEST_TENANT_2 in my playbook and run the command ansible-playbook -i hosts tmp2.yml --check --diff -v
The output is: You can see the current and what will be pushed.
TASK [Create ACI Tenant] ********************************************************************************************************************************************************************************************************** changed: [APIC1] => {"changed": true, "current": [{"fvTenant": {"attributes": {"annotation": "orchestrator:ansible", "descr": "TEST_TENANT", "dn": "uni/tn-TEST_TENANT", "name": "TEST_TENANT", "nameAlias": "", "ownerKey": "", "ownerTag": "", "userdom": ":all:common:"}}}], "mo": {"fvTenant": {"attributes": {"annotation": "orchestrator:ansible", "descr": "TEST_TENANT_2", "dn": "uni/tn-TEST_TENANT", "name": "TEST_TENANT"}}}} PLAY RECAP ************************************************************************************************************************************************************************************************************************ APIC1 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
If I run the same command but I remove the tenant TEST_TENANT, my output shows my current value empty.
TASK [Create ACI Tenant] ********************************************************************************************************************************************************************************************************** changed: [APIC1] => {"changed": true, "current": [], "mo": {"fvTenant": {"attributes": {"annotation": "orchestrator:ansible", "descr": "TEST_TENANT_2", "dn": "uni/tn-TEST_TENANT", "name": "TEST_TENANT"}}}}
It is related to idempotence but You can get the info about what could you playbook change.
You won't get get the exact field value change like you got when playing with other librairies.
02-08-2022 02:09 AM
Thanks a lot Francesco for your reply and apologies for my late reply.
What I am trying to state here is that in essence the --diff flag has no meaning for the ACI libraries. I repeated your example and I still believe that the different output has to do with -v as below
without -v
(Venv) xxx@xxx-lap:/mnt/c/Users/xxx/PycharmProjects/AnsibleACI$ ansible-playbook ./output/playbook.yml -i inventory --check --diff
PLAY [ENSURE APPLICATION CONFIGURATION EXISTS] **********************************************************************************************************************************************************************************************
TASK [TASK 1 - ENSURE APPLICATIONS TENANT EXISTS] *******************************************************************************************************************************************************************************************
changed: [x.x.x.x]
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
x.x.x.x : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
with -v
(Venv) xxx@xxx-lap:/mnt/c/Users/xxx/PycharmProjects/AnsibleACI$ ansible-playbook ./output/playbook.yml -i inventory --check --diff -v
Using /etc/ansible/ansible.cfg as config file
PLAY [ENSURE APPLICATION CONFIGURATION EXISTS] **********************************************************************************************************************************************************************************************
TASK [TASK 1 - ENSURE APPLICATIONS TENANT EXISTS] *******************************************************************************************************************************************************************************************
changed: [x.x.x.x] => {"changed": true, "current": [{"fvTenant": {"attributes": {"annotation": "", "descr": "TEST_TN", "dn": "uni/tn-Ansible_TEST_TN", "name": "Ansible_TEST_TN", "nameAlias": "", "ownerKey": "", "ownerTag": ""}}}], "mo": {"fvTenant": {"attributes": {"descr": "TEST_TN2", "dn": "uni/tn-Ansible_TEST_TN", "name": "Ansible_TEST_TN"}}}}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
x.x.x.x : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
without --diff
(Venv) xxx@xxx-lap:/mnt/c/Users/xxx/PycharmProjects/AnsibleACI$ ansible-playbook ./output/playbook.yml -i inventory --check -v
Using /etc/ansible/ansible.cfg as config file
PLAY [ENSURE APPLICATION CONFIGURATION EXISTS] **********************************************************************************************************************************************************************************************
TASK [TASK 1 - ENSURE APPLICATIONS TENANT EXISTS] *******************************************************************************************************************************************************************************************
changed: [x.x.x.x] => {"changed": true, "current": [{"fvTenant": {"attributes": {"annotation": "", "descr": "TEST_TN", "dn": "uni/tn-Ansible_TEST_TN", "name": "Ansible_TEST_TN", "nameAlias": "", "ownerKey": "", "ownerTag": ""}}}], "mo": {"fvTenant": {"attributes": {"descr": "TEST_TN2", "dn": "uni/tn-Ansible_TEST_TN", "name": "Ansible_TEST_TN"}}}}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
x.x.x.x : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
as you can see the last two outputs are exactly the same, even though --diff is missing in the last one.
This test makes me think that the --diff parameter in not at all implemented on the ACI libraries.
Thanks
iordanis
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide