Solved: [Terraform] After removing resource cdp/lldp config left on interface - Page 2

krzysztofmaciejewskiit · ‎08-08-2024

When I delete a part of the code in e.g. part two, responsible for cdp or lldp it says it is destroyed, but it stays on the Nexus configuration and I don't know why all other things get deleted and those 3 lines of code (seen on the switch) stay, even though the terraform logs clearly say "destroyed". My removal is to simply remove the part of the code responsible for adding cdp and lldp to the second interface, that is, everything from that tag down:
//============================================== part-2 ==============================================

Code from terraform: main.tf

terraform {
  required_providers {
    nxos = {
      source  = "CiscoDevNet/nxos"
      version = "0.5.3"
    }
  }
}

provider "nxos" {
  username = var.nxos_username
  password = var.nxos_password
  url      = var.nxos_url
}

/*============================================ common ============================================*/

resource "nxos_feature_lldp" "lldp" {
  admin_state = "enabled"
}

/*=====================================*/

resource "nxos_rest" "cdpEntity" {
  dn         = "sys/cdp"
  class_name = "cdpEntity"
}

//============================================== part-1 ==============================================
//============================================== part-1 ==============================================
//============================================== part-1 ==============================================

/*============================================ description & L3 ============================================*/

resource "nxos_physical_interface" "desc-L3" {
  interface_id = "eth1/5"
  description  = "desc1"
  layer = "Layer3"
  admin_state  = "up"
  user_configured_flags = "admin_state"
}

/*============================================ lldp ============================================*/

resource "nxos_rest" "lldpInst" {
  depends_on = [nxos_feature_lldp.lldp]
  dn         = "sys/lldp/inst"
  class_name = "lldpInst"
  children = [
    {
      rn         = "if-[eth1/5]"
      class_name = "lldpIf"
      content = {
        adminRxSt = "disabled",
        adminTxSt = "disabled",
        id        = "eth1/5"
      }
    }
  ]
}

/*============================================ cdp ============================================*/

resource "nxos_rest" "cdpInst" {
  depends_on = [nxos_rest.cdpEntity]
  dn         = "sys/cdp/inst"
  class_name = "cdpInst"
  children = [
    {
      rn         = "if-[eth1/5]"
      class_name = "cdpIf"
      content = {
        adminSt = "disabled",
        id        = "eth1/5"
      }
    }
  ]
}

//============================================== part-2 ==============================================
//============================================== part-2 ==============================================
//============================================== part-2 ==============================================

/*============================================ description & L3 ============================================*/

resource "nxos_physical_interface" "desc-L3v2" {
  interface_id = "eth1/6"
  description = "desc2"
  layer = "Layer3"
  admin_state  = "up"
  user_configured_flags = "admin_state"
}

/*============================================ lldp ============================================*/

resource "nxos_rest" "lldpInstv2" {
  depends_on = [nxos_feature_lldp.lldp]
  dn         = "sys/lldp/inst"
  class_name = "lldpInst"
  children = [
    {
      rn         = "if-[eth1/6]"
      class_name = "lldpIf"
      content = {
        adminRxSt = "disabled",
        adminTxSt = "disabled",
        id        = "eth1/6"
      }
    }
  ]
}

/*============================================ cdp ============================================*/

resource "nxos_rest" "cdpInstv2" {
  depends_on = [nxos_rest.cdpEntity]
  dn         = "sys/cdp/inst"
  class_name = "cdpInst"
  children = [
    {
      rn         = "if-[eth1/6]"
      class_name = "cdpIf"
      content = {
        adminSt = "disabled",
        id        = "eth1/6"
      }
    }
  ]
}

I also added another thread where I measure the problem, such that when I add the configuration for the second interface it adds all the config except the "no shutdown" command (without any errors), but in the end the interface does not show the "no shutdown" command, and in the logs it clearly shows that adminSt="up".
https://community.cisco.com/t5/devnet-general-discussions/problem-with-adding-quot-no-shutdown-quot-to-existing/td-p/5157845

danischm · ‎11-26-2024

There is no need to manage the "sys/lldp/inst" and "sys/cdp/inst" objects using Terraform. These are system level objects that already exist and therefore there is no need to manage them using Terraform. What happens here is, TF attempts to delete those system objects (which would implicitly also delete the child objects), but it fails as those types of objects cannot be deleted and therefore the child objects remain in place as well. The "nxos_rest" resource silently suppresses this error, because it is a generic resource and in some cases this is expected. The resources should therefore be defined like this:

resource "nxos_rest" "lldpIf" {
  depends_on = [nxos_feature_lldp.lldp]
  dn         = "sys/lldp/inst/if-[eth1/5]"
  class_name = "lldpIf"
  content = {
    adminRxSt = "disabled"
    adminTxSt = "disabled"
    id        = "eth1/5"
  }
}

resource "nxos_rest" "cdpIf" {
  depends_on = [nxos_rest.cdpEntity]
  dn         = "sys/cdp/inst/if-[eth1/5]"
  class_name = "cdpIf"
  content = {
    adminSt = "disabled"
    id        = "eth1/5"
  }
}

krzysztofmaciejewskiit · ‎12-03-2024

This does not solve the problem. Described in full detail on github.
https://github.com/CiscoDevNet/terraform-provider-nxos/issues/268