3.1 Backwards Compatibility (#524)

* split msd vrf child fabric templates for 3.1 support

* pass nd version

* updates for 3.1

* networks for 3.1

* networks for 3.1

* networks for 3.1

* networks for 3.1

* check package import in filter

* remove packaging step

* Update manage_child_fabric_networks.py

* Update manage_child_fabric_vrfs.py

* Update manage_child_fabric_networks.py

* Update manage_child_fabric_vrfs.py

* review comments

* Remove unused vars_common_isn.changes_detected_fabric_links

---------

Co-authored-by: mwiebe <[email protected]>

Author: mtarking

.github/workflows/main.yml

@@ -25,7 +25,7 @@ jobs:
     steps:
     - name: Check out code
       uses: actions/checkout@v4
-    
+
     - name: Set up Python 3.10.14
       uses: actions/setup-python@v5
       with:

plugins/action/dtc/manage_child_fabric_networks.py

@@ -28,14 +28,26 @@
 from ansible.plugins.action import ActionBase
 from ansible.template import Templar
 from ansible.errors import AnsibleFileNotFound
+from ansible_collections.cisco.nac_dc_vxlan.plugins.filter import version_compare
 
 
+import re
 import json
 
 display = Display()
 
 # Path to Jinja template files relative to create role
-MSD_CHILD_FABRIC_NETWORK_TEMPLATE = "/../common/templates/ndfc_networks/msd_fabric/child_fabric/msd_child_fabric_network.j2"
+MSD_CHILD_FABRIC_NETWORK_TEMPLATE_PATH = "/../common/templates/ndfc_networks/msd_fabric/child_fabric/"
+MSD_CHILD_FABRIC_NETWORK_TEMPLATE = "/msd_child_fabric_network.j2"
+
+# Currently supported Network template config keys and their mapping to data model keys
+NETWORK_TEMPLATE_CONFIG_MAP = {
+    'loopbackId': {'dm_key': 'dhcp_loopback_id', 'default': ''},
+    'ENABLE_NETFLOW': {'dm_key': 'netflow_enable', 'default': False},
+    'VLAN_NETFLOW_MONITOR': {'dm_key': 'vlan_netflow_monitor', 'default': ''},
+    'trmEnabled': {'dm_key': 'trm_enable', 'default': False},
+    'mcastGroup': {'dm_key': 'multicast_group_address', 'default': ''},
+}
 
 
 class ActionModule(ActionBase):
@@ -46,8 +58,21 @@ def run(self, tmp=None, task_vars=None):
         results['failed'] = False
         results['child_fabrics_changed'] = []
 
+        nd_version = self._task.args["nd_version"]
         msite_data = self._task.args["msite_data"]
 
+        # Extract major, minor, patch and patch letter from nd_version
+        # that is set in nac_dc_vxlan.dtc.connectivity_check role
+        # Example nd_version: "3.1.1l" or "3.2.2m"
+        # where 3.1.1/3.2.2 are major.minor.patch respectively
+        # and l/m are the patch letter respectively
+        nd_major_minor_patch = None
+        nd_patch_letter = None
+        match = re.match(r'^(\d+\.\d+\.\d+)([a-z])?$', nd_version)
+        if match:
+            nd_major_minor_patch = match.group(1)
+            nd_patch_letter = match.group(2)
+
         networks = msite_data['overlay_attach_groups']['networks']
         network_attach_groups_dict = msite_data['overlay_attach_groups']['network_attach_groups']
 
@@ -95,6 +120,7 @@ def run(self, tmp=None, task_vars=None):
                             network_child_fabric = network_child_fabric[0]
 
                         # Need to clean these up and make them more dynamic
+                        # Check if fabric settings are properly enabled
                         if network_child_fabric.get('netflow_enable'):
                             if child_fabric_attributes['ENABLE_NETFLOW'] == 'false':
                                 error_msg = (
@@ -145,13 +171,21 @@ def run(self, tmp=None, task_vars=None):
                         # Check for differences between the data model and the template config from NDFC for the
                         # attributes that are configurable by the user in a child fabric.
                         # Note: This excludes IPv6 related attributes at this time as they are not yet supported fully in the data model.
-                        if (
-                            (ndfc_net_template_config['loopbackId'] != network_child_fabric.get('dhcp_loopback_id', "")) or
-                            (ndfc_net_template_config['ENABLE_NETFLOW'] != str(network_child_fabric.get('netflow_enable', False)).lower()) or
-                            (ndfc_net_template_config['VLAN_NETFLOW_MONITOR'] != network_child_fabric.get('vlan_netflow_monitor', "")) or
-                            (ndfc_net_template_config['trmEnabled'] != str(network_child_fabric.get('trm_enable', False)).lower()) or
-                            (ndfc_net_template_config['mcastGroup'] != network_child_fabric.get('multicast_group_address'))
-                        ):
+                        diff_found = False
+                        for template_key, map_info in NETWORK_TEMPLATE_CONFIG_MAP.items():
+                            dm_key = map_info['dm_key']
+                            default = map_info['default']
+                            template_value = ndfc_net_template_config.get(template_key, default)
+                            dm_value = network_child_fabric.get(dm_key, default)
+                            # Normalize boolean/string values for comparison
+                            if isinstance(default, bool):
+                                template_value = str(template_value).lower()
+                                dm_value = str(dm_value).lower()
+                            if template_value != dm_value:
+                                diff_found = True
+                                break
+
+                        if diff_found:
                             results['child_fabrics_changed'].append(child_fabric)
 
                             # Combine task_vars with local_vars for template rendering
@@ -165,10 +199,13 @@ def run(self, tmp=None, task_vars=None):
                                 },
                             )
 
+                            # Attempt to find and read the template file
                             role_path = task_vars.get('role_path')
-                            template_path = role_path + MSD_CHILD_FABRIC_NETWORK_TEMPLATE
+                            version = '3.2'
+                            if version_compare.version_compare(nd_major_minor_patch, '3.1.1', '<='):
+                                version = '3.1'
+                            template_path = f"{role_path}{MSD_CHILD_FABRIC_NETWORK_TEMPLATE_PATH}{version}{MSD_CHILD_FABRIC_NETWORK_TEMPLATE}"
 
-                            # Attempt to find and read the template file
                             try:
                                 template_full_path = self._find_needle('templates', template_path)
                                 with open(template_full_path, 'r') as template_file:

plugins/action/dtc/manage_child_fabric_vrfs.py

@@ -28,14 +28,37 @@
 from ansible.plugins.action import ActionBase
 from ansible.template import Templar
 from ansible.errors import AnsibleFileNotFound
+from ansible_collections.cisco.nac_dc_vxlan.plugins.filter import version_compare
 
 
+import re
 import json
 
 display = Display()
 
 # Path to Jinja template files relative to create role
-MSD_CHILD_FABRIC_VRF_TEMPLATE = "/../common/templates/ndfc_vrfs/msd_fabric/child_fabric/msd_child_fabric_vrf.j2"
+MSD_CHILD_FABRIC_VRF_TEMPLATE_PATH = "/../common/templates/ndfc_vrfs/msd_fabric/child_fabric/"
+MSD_CHILD_FABRIC_VRF_TEMPLATE = "/msd_child_fabric_vrf.j2"
+
+# Currently supported VRF template config keys and their mapping to data model keys
+VRF_TEMPLATE_CONFIG_MAP = {
+    'advertiseHostRouteFlag': {'dm_key': 'adv_host_routes', 'default': ''},
+    'advertiseDefaultRouteFlag': {'dm_key': 'adv_default_routes', 'default': ''},
+    'configureStaticDefaultRouteFlag': {'dm_key': 'config_static_default_route', 'default': ''},
+    'bgpPassword': {'dm_key': 'bgp_password', 'default': ''},
+    'bgpPasswordKeyType': {'dm_key': 'bgp_password_key_type', 'default': ''},
+    'ENABLE_NETFLOW': {'dm_key': 'netflow_enable', 'default': False},
+    'NETFLOW_MONITOR': {'dm_key': 'netflow_monitor', 'default': ''},
+    'trmEnabled': {'dm_key': 'trm_enable', 'default': False},
+    'loopbackNumber': {'dm_key': 'rp_loopback_id', 'default': ''},
+    'rpAddress': {'dm_key': 'rp_address', 'default': ''},
+    'isRPAbsent': {'dm_key': 'no_rp', 'default': False},
+    'isRPExternal': {'dm_key': 'rp_external', 'default': False},
+    'L3VniMcastGroup': {'dm_key': 'underlay_mcast_ip', 'default': ''},
+    'multicastGroup': {'dm_key': 'overlay_multicast_group', 'default': ''},
+    'routeTargetImportMvpn': {'dm_key': 'import_mvpn_rt', 'default': ''},
+    'routeTargetExportMvpn': {'dm_key': 'export_mvpn_rt', 'default': ''}
+}
 
 
 class ActionModule(ActionBase):
@@ -46,8 +69,21 @@ def run(self, tmp=None, task_vars=None):
         results['failed'] = False
         results['child_fabrics_changed'] = []
 
+        nd_version = self._task.args["nd_version"]
         msite_data = self._task.args["msite_data"]
 
+        # Extract major, minor, patch and patch letter from nd_version
+        # that is set in nac_dc_vxlan.dtc.connectivity_check role
+        # Example nd_version: "3.1.1l" or "3.2.2m"
+        # where 3.1.1/3.2.2 are major.minor.patch respectively
+        # and l/m are the patch letter respectively
+        nd_major_minor_patch = None
+        nd_patch_letter = None
+        match = re.match(r'^(\d+\.\d+\.\d+)([a-z])?$', nd_version)
+        if match:
+            nd_major_minor_patch = match.group(1)
+            nd_patch_letter = match.group(2)
+
         vrfs = msite_data['overlay_attach_groups']['vrfs']
         vrf_attach_groups_dict = msite_data['overlay_attach_groups']['vrf_attach_groups']
 
@@ -95,6 +131,7 @@ def run(self, tmp=None, task_vars=None):
                             vrf_child_fabric = vrf_child_fabric[0]
 
                         # Need to clean these up and make them more dynamic
+                        # Check if fabric settings are properly enabled
                         if vrf_child_fabric.get('netflow_enable'):
                             if child_fabric_attributes['ENABLE_NETFLOW'] == 'false':
                                 error_msg = (
@@ -145,24 +182,21 @@ def run(self, tmp=None, task_vars=None):
                         # Check for differences between the data model and the template config from NDFC for the
                         # attributes that are configurable by the user in a child fabric.
                         # Note: This excludes IPv6 related attributes at this time as they are not yet supported fully in the data model.
-                        if (
-                            (ndfc_vrf_template_config['advertiseHostRouteFlag'] != str(vrf_child_fabric.get('adv_host_routes', '')).lower()) or
-                            (ndfc_vrf_template_config['advertiseDefaultRouteFlag'] != str(vrf_child_fabric.get('adv_default_routes', '')).lower()) or
-                            (ndfc_vrf_template_config['configureStaticDefaultRouteFlag'] != str(vrf_child_fabric.get('config_static_default_route', '')).lower()) or     # noqa: E501
-                            (ndfc_vrf_template_config['bgpPassword'] != vrf_child_fabric.get('bgp_password', '')) or
-                            (ndfc_vrf_template_config.get('bgpPasswordKeyType', '') != vrf_child_fabric.get('bgp_password_key_type', '')) or
-                            (ndfc_vrf_template_config['ENABLE_NETFLOW'] != str(vrf_child_fabric.get('netflow_enable', False)).lower()) or
-                            (ndfc_vrf_template_config['NETFLOW_MONITOR'] != vrf_child_fabric.get('netflow_monitor', '')) or
-                            (ndfc_vrf_template_config['trmEnabled'] != str(vrf_child_fabric.get('trm_enable', False)).lower()) or
-                            (ndfc_vrf_template_config.get('loopbackNumber', '') != vrf_child_fabric.get('rp_loopback_id', '')) or
-                            (ndfc_vrf_template_config.get('rpAddress', '') != vrf_child_fabric.get('rp_address', '')) or
-                            (ndfc_vrf_template_config['isRPAbsent'] != str(vrf_child_fabric.get('no_rp', False)).lower()) or
-                            (ndfc_vrf_template_config['isRPExternal'] != str(vrf_child_fabric.get('rp_external', False)).lower()) or
-                            (ndfc_vrf_template_config.get('L3VniMcastGroup', '') != vrf_child_fabric.get('underlay_mcast_ip', '')) or
-                            (ndfc_vrf_template_config['multicastGroup'] != vrf_child_fabric.get('overlay_multicast_group', '')) or
-                            (ndfc_vrf_template_config.get('routeTargetImportMvpn', '') != vrf_child_fabric.get('import_mvpn_rt', '')) or
-                            (ndfc_vrf_template_config.get('routeTargetExportMvpn', '') != vrf_child_fabric.get('export_mvpn_rt', ''))
-                        ):
+                        diff_found = False
+                        for template_key, map_info in VRF_TEMPLATE_CONFIG_MAP.items():
+                            dm_key = map_info['dm_key']
+                            default = map_info['default']
+                            template_value = ndfc_vrf_template_config.get(template_key, default)
+                            dm_value = vrf_child_fabric.get(dm_key, default)
+                            # Normalize boolean/string values for comparison
+                            if isinstance(default, bool):
+                                template_value = str(template_value).lower()
+                                dm_value = str(dm_value).lower()
+                            if template_value != dm_value:
+                                diff_found = True
+                                break
+
+                        if diff_found:
                             results['child_fabrics_changed'].append(child_fabric)
 
                             # Combine task_vars with local_vars for template rendering
@@ -179,7 +213,11 @@ def run(self, tmp=None, task_vars=None):
 
                             # Attempt to find and read the template file
                             role_path = task_vars.get('role_path')
-                            template_path = role_path + MSD_CHILD_FABRIC_VRF_TEMPLATE
+                            version = '3.2'
+                            if version_compare.version_compare(nd_major_minor_patch, '3.1.1', '<='):
+                                version = '3.1'
+                            template_path = f"{role_path}{MSD_CHILD_FABRIC_VRF_TEMPLATE_PATH}{version}{MSD_CHILD_FABRIC_VRF_TEMPLATE}"
+
                             try:
                                 template_full_path = self._find_needle('templates', template_path)
                                 with open(template_full_path, 'r') as template_file:

plugins/filter/version_compare.py

@@ -65,17 +65,38 @@
 from jinja2.runtime import Undefined
 from jinja2.exceptions import UndefinedError
 
-from packaging.version import Version
+try:
+    from packaging.version import Version
+except ImportError as imp_exc:
+    PACKAGING_LIBRARY_IMPORT_ERROR = imp_exc
+else:
+    PACKAGING_LIBRARY_IMPORT_ERROR = None
 
 from ansible.module_utils.six import string_types
-from ansible.errors import AnsibleFilterError, AnsibleFilterTypeError
+from ansible.errors import AnsibleError, AnsibleFilterError, AnsibleFilterTypeError
 from ansible.module_utils.common.text.converters import to_native
 
 
 SUPPORTED_COMPARISON_OPERATORS = ['==', '!=', '>', '>=', '<', '<=']
 
 
 def version_compare(version1, version2, op):
+    """
+    Compare two version strings using the specified operator.
+    Args:
+        version1 (str): The first version string to compare.
+        version2 (str): The second version string to compare.
+        op (str): The comparison operator as a string. Supported: '==', '!=', '>', '>=', '<', '<='.
+    Returns:
+        bool: The result of the comparison.
+    Raises:
+        AnsibleError: If the 'packaging' library is not installed.
+        AnsibleFilterTypeError: If the version arguments are not strings.
+        AnsibleFilterError: If the operator is unsupported or version parsing fails.
+    """
+    if PACKAGING_LIBRARY_IMPORT_ERROR:
+        raise AnsibleError('packaging must be installed to use this filter plugin') from PACKAGING_LIBRARY_IMPORT_ERROR
+
     if not isinstance(version1, (string_types, Undefined)):
         raise AnsibleFilterTypeError(f"Can only check string versions, however version1 is: {type(version1)}")
 

roles/dtc/common/templates/ndfc_networks/msd_fabric/child_fabric/3.1/.gitkeep

@@ -0,0 +1,47 @@
+{# Auto-generated NDFC VXLAN EVPN MSD Child Fabric Network config data structure for fabric {{ fabric_name }} #}
+{
+    "fabric": "{{ fabric_name }}",
+    "networkName": "{{ network_name }}",
+    "displayName": "{{ network_name }}",
+    "networkId": "{{ ndfc.segmentId }}",
+    "networkTemplate": "Default_Network_Universal",
+    "networkExtensionTemplate": "Default_Network_Extension_Universal",
+    "networkTemplateConfig": "{{ {
+      "vrfName": ndfc.vrfName,
+      "vlanId": ndfc.vlanId,
+      "vlanName": ndfc.vlanName,
+      "segmentId": ndfc.segmentId,
+      "intfDescription": ndfc.intfDescription,
+      "gatewayIpAddress": ndfc.gatewayIpAddress,
+      "gatewayIpV6Address": ndfc.gatewayIpV6Address,
+      "mtu": ndfc.mtu,
+      "isLayer2Only": ndfc.isLayer2Only,
+      "suppressArp": ndfc.suppressArp,
+      "mcastGroup": dm.multicast_group_address | default(ndfc.mcastGroup),
+      "tag": ndfc.tag,
+      "secondaryGW1": ndfc.secondaryGW1,
+      "secondaryGW2": ndfc.secondaryGW2,
+      "secondaryGW3": ndfc.secondaryGW3,
+      "secondaryGW4": ndfc.secondaryGW4,
+      "loopbackId": dm.dhcp_loopback_id | default(ndfc.loopbackId),
+      "dhcpServerAddr1": dm['dhcp_servers'][0]['ip_address'] if dm['dhcp_servers'][0]['ip_address'] is defined else "",
+      "vrfDhcp": dm['dhcp_servers'][0]['vrf'] if dm['dhcp_servers'][0]['ip_address'] is defined else ndfc.vrfDhcp,
+      "dhcpServerAddr2": dm['dhcp_servers'][1]['ip_address'] if dm['dhcp_servers'][1]['ip_address'] is defined else ndfc.dhcpServerAddr2,
+      "vrfDhcp2": dm['dhcp_servers'][1]['vrf'] if dm['dhcp_servers'][1]['ip_address'] is defined else "",
+      "dhcpServerAddr3": dm['dhcp_servers'][2]['ip_address'] if dm['dhcp_servers'][2]['ip_address'] is defined else ndfc.dhcpServerAddr3,
+      "vrfDhcp3": dm['dhcp_servers'][2]['vrf'] if dm['dhcp_servers'][2]['vrf'] is defined else "",
+      "ENABLE_NETFLOW": dm.netflow_enable if dm.netflow_enable is defined else ndfc.ENABLE_NETFLOW,
+      "SVI_NETFLOW_MONITOR": ndfc.SVI_NETFLOW_MONITOR,
+      "VLAN_NETFLOW_MONITOR": dm.vlan_netflow_monitor if (dm.netflow_enable is defined and dm.netflow_enable) else ndfc.VLAN_NETFLOW_MONITOR,
+      "enableIR": ndfc.enableIR,
+      "trmEnabled": dm.trm_enable if dm.trm_enable is defined else ndfc.trmEnabled,
+      "igmpVersion": ndfc.igmpVersion,
+      "rtBothAuto": ndfc.rtBothAuto,
+      "enableL3OnBorder": ndfc.enableL3OnBorder,
+      "nveId": ndfc.nveId,
+      "type": "Normal",
+    } }}",
+    "vrf": "{{ ndfc.vrfName }}",
+    "type": "Normal",
+    "hierarchicalKey": "{{ fabric_name }}"
+}