Drift is identified if you modify the MD5 password through SLX, the CLI, or other management tool.
A reconcile operation pushes the intended configuration to SLX, thereby synchronizing the SLX configuration with XCO.
Note
A reconcile operation configures the MD5 password on the device back to its original value (pre-drift) but does not clear the session. Also, the state is not verified after the password is configured.Field | Identity Drift | Reconcile Configuration | Idempotency |
---|---|---|---|
md5-password |
Yes | Yes | Yes* |
* There are some caveats to idempotency. The fabric service does not store the plain
text password you provide after the fabric has been configured. It stores the
encrypted string of the user-provided password, matching with the encrypted string
available on the SLX device. So, setting the same original MD5 password after the
fabric is configured results in devices going into cfg-refreshed state. For the
operation to be idempotent, after the fabric is configured, the encrypted string
should be provided as the md5-password
and not the original plain text password.
Devices in the fabric are in cfg-refreshed state when the MD5 password has been updated but the fabric is not yet reconfigured. In such a scenario, the previous MD5 password is used for drift detection until the fabric is configured with the new password.