Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
0
Replies

Failed Configuration Rollback

DanDan
Level 1
Level 1

‎06-19-2023 11:07 AM - edited ‎06-19-2023 12:34 PM

Hello ACI Community!

I encountered an unusual issue recently.

Before making a change to the fabric, I took a snapshot as a precautionary measure. The change itself was quite simple: I removed several unused policies from the interfaces to reduce the fault count. However, shortly after making the change, I realized that these policies should have remained in place.

Instead of re-configuring the policies, I decided to rollback the change quickly. Unfortunately, the rollback failed, and although I don't recall the exact error message as it happened a couple of weeks ago, this was the first time I encountered such an issue.

The fabric is currently running on version 4.2(5n), with the "Import Policy" set to "Replace."

This incident raised concerns for us, although we were fortunate that reconfiguring the policies was easy, and I had noted down the changes I made. However, I wanted to understand why the rollback failed and how to prevent such occurrences in the future.

With my research I was not able to find much, so I opened a TAC case.

Even after working with the friendly TAC engineer, I still have unanswered questions:

1. Findings

As per the fault description, there was a change after the last backup was taken in the some of Managed Objects (MO’s) and when you tried to import it again there was a configuration issue because the APIC wasn’t able to identify the path for those MO’s. This means that this object was created with certain attributes in the system but in the backup file the same object has different properties and in some of these objects, the attributes can’t be changed after the creation of the object and the APIC can’t overwrite the attributes.

-- How is it possible that the object is created with certain attributes in the system, but the backup file with the same object has different properties? Also in my opinion it was a simple vPC policy group.

2. Findings

Hence, if we have such objects, then we need to manually delete the existing objects and create new ones with the desired/new parameters and since you are using the “replace” as an import type you will always need to remove the unused configuration as we must make sure that all the values are correct.

-- How would I know in the future, that I am dealing with "such an object" ( the one that has different properties in my configuration snapshot). I did not experience ever an issue with the "replace" import type. I am not sure I understand this point.

The recommendation I received was to change the import type to "Merge" with "Best Effort." However, I am hesitant to go with this option. My concern is that if a complex change is made and the rollback fails, using "Merge" and "Best Effort" may result in a failed rollback without clear information on what was successfully created and what was not. I may be mistaken, but I don't believe the fault will indicate what exactly failed to be re-created.

I just may be missing a point here , or two.

I appreciate any insights or thoughts.

Thank you!

Dan.

 

 

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License