Re: Why is commit no-deploy + redeploy reconcile != commit no-networking + redeploy reconcile?

JimBoucher · ‎08-27-2020

Hi, I have just finished getting bit by a this problem and I found a solution, but I don't understand what was wrong with my original approach. Can somebody explain this to me:

Step 1: Run a custom brownfield import routine(action) to build up out custom Loadbalancer service. It was doing a an apply transaction with no-deploy set as I figured it was more efficient not calling the Create Callback.

String returnStr = lb_import(ncsroot, slfroot, maapi, th, readDeviceKey, writeDeviceString, pairDeviceString);

// we need to apply the transaction before sync from our added
// devices the action is always towards the running.
CommitParams cmtparams = new CommitParams();
//cmtparams.setNoNetworking();
cmtparams.setNoDeploy();
ApplyResult ar = maapi.applyTransParams(th, false,cmtparams);
maapi.finishTrans(th);
//Not Needed since this is ReadOnly
//imaapi.applyTrans(ith, false);
imaapi.finishTrans(ith);

Step 2: Do a re-deploy reconcile no-networking operation to get the RefCounts and RefLinks setup.

services loadbalancers loadbalancer * re-deploy reconcile { discard-non-service-config } no-networking

The problem was that when the operator deleted any part of the service, it was removed in NSO but nothing went to the device:

admin@ncs(config)# no services loadbalancers loadbalancer 10.10.10.10 pools pool myCustomPoolName10 pool-members pool-member poolMember10B 9106
admin@ncs(config)# commit dry-run
cli {
local-node {
data services {
loadbalancers {
loadbalancer 10.10.10.10 {
pools {
pool myCustomPoolName10 {
pool-members {
- pool-member poolMember10B 9106 {
- ip 10.10.10.6;
- member-state disabled;
- node-state disabled;
- }
}}}}}}}}

The fix was to use cmtparams.setNoNetworking(); instead. What I don't get is why. Shouldn't the redeploy reconcile have run the Create Callback for the Service and recreated the RefCount and RefLinks? Actually I see these in the CDB but the problem was still happening so perhaps there is some other part of the CDB that was not getting initialized. Anyone able to explain this? Thanks in advance,

Jim

JimBoucher · ‎08-28-2020

BTW, I am using NSO 5.3.2.3 and 5.2.0.3. Both show the same thing. I am only aware of this issue related to no-deploy but I don't think they are related as I am seeing this through the CLI as well.

- json-rpc: The validate_commit JSONRPC call will now take an optional

'flags' parameter to handle commit flags that might have an effect

during the validate phase of a commit, e.g 'no-deploy'.

(ENG-23530, RT:41389, RT:41800, PS-36459, PS-36894)

The change was/will be included in below and later versions:

* nso-5.1.5 (25-Aug-2020)

* nso-5.2.4 (15-Oct-2020)

* nso-5.3.3

* nso-5.4 (25-Jun-2020)

JimBoucher · ‎08-28-2020

Just to close the loop, when using the NoDeploy() method on import, the Refcount values were 2 which is indicative of the problem.

admin@ncs# show running-config devices device (host) config bigip:ltm virtual | display service-meta-data
devices device (host)
config
! Refcount: 2 (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='192.168.68.29'] ] (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
bigip:ltm virtual (virtual server name) vs-index 2
! Refcount: 2
! Originalvalue: 192.168.68.29:443
! Refcount: 2 (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='192.168.68.29'] ] (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
bigip:ltm virtual (virtual server name) destination 192.168.68.29:443
! Refcount: 2
! Originalvalue: tcp
! Refcount: 2 (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='192.168.68.29'] ] (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})

After updating to setNoNetworking() on import and following this process:

1. Remove all misconfigured services with the commit no-networking flag.

2. Do a sync-from the relevant devices

3. Call your custom service import action (now using setNoNetworking())

admin@ncs# devices device (host1) import_loadbalancers read-device (host1) pair-device (host2)
success true
message Matched: 20 Virtual Servers: 16 Pools: 54 Nodes

4. Redeploy Reconcile no-networking to get the Refcounts set.

admin@ncs# services loadbalancers loadbalancer * re-deploy reconcile { discard-non-service-config } no-networking

5. Now you can inspect your Refcounts and see they are set to 1.

admin@ncs# show running-config devices device (host) config ltm virtual | display service-meta-data
devices device (host)
config
! Refcount: 1
! Refcount: 1 (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) description ":Test Load Balancer 11"
! Refcount: 1
! Refcount: 1 (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) destination 11.11.11.11:443
! Refcount: 1
! Refcount: 1 (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host)}/config/bigip:ltm/virtual{(virtual server name)})

I am still hoping to get an explanation for why this is the case.

vleijon · ‎08-28-2020

So, I am looking at the question in the title more than in the text here, but I think it gets to the question in the text too.

If you do no-networking you still write the changes to CDB, including the device tree, even though you never send them to the device itself. This means that if your service overwrites certain parts of the config that first no-networking will do that overwrite, without reconciling it. And then the later reconcile will actually act on that modified configuration.

If you want you can try doing a sync-from in between your no-networking and your reconcile and you should get a result that is very similar to that in the no-deploy case.

JimBoucher · ‎09-04-2020

Hi, I am seeing something odd at a more detailed level. With keep-non-service-config, I get Refcount errors but with discard-non-service-config things are fine. Please avoid the obvious joke about the doctor that ends in "then don't do that" :-)

admin@ncs(config)# services loadbalancers loadbalancer * re-deploy reconcile { keep-non-service-config } no-networking
admin@ncs(config)#
System message at 2020-09-04 09:46:59...
Commit performed by admin via ssh using cli.
admin@ncs(config)# exit
admin@ncs# show running-config devices device (host) config ltm virtual | display service-meta-data
devices device (host)
config
! Refcount: 2 (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) vs-index 2
! Refcount: 1
! Refcount: 2 (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) description ":Test Load Balancer 11"
! Refcount: 1
! Refcount: 2 (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) destination 11.11.11.11:443

admin@ncs(config)# services loadbalancers loadbalancer * re-deploy reconcile { discard-non-service-config } no-networking
admin@ncs(config)#
System message at 2020-09-04 09:51:32...
Commit performed by admin via ssh using cli.
admin@ncs(config)# exit
admin@ncs# show running-config devices device (host) config ltm virtual | display service-meta-data
devices device (host)
config
! Refcount: 1
! Refcount: 1 (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) description ":Test Load Balancer 11"
! Refcount: 1
! Refcount: 1 (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) destination 11.11.11.11:443
! Refcount: 1
! Refcount: 1 (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) ip-protocol tcp
! Refcount: 1
! Refcount: 1 (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
! Backpointer: [ /ncs:services/loadbalancers:loadbalancers/loadbalancers:loadbalancer[loadbalancers:name='11.11.11.11'] ] (/devices/device{(host) }/config/bigip:ltm/virtual{(virtual server name)})
ltm virtual (virtual server name) mask 255.255.255.255