Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-74238

Ansible RHEL network system role issue with nmstate `route-rules`

XMLWordPrintable

    • Yes
    • Important
    • rhel-sst-system-roles
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      The `route-rules:` statement is not idempotent. Repeating the task is going to duplicate the rules.

      What is the impact of this issue to you?

      The duplicated routing rules are  added every time the playbook run.

      Please provide the package NVR for which the bug is seen:

      # rpm -qa | grep -e rhel-syste -e nmstate
rhel-system-roles-1.88.9-0.1.el9_5.noarch
nmstate-2.2.39-1.el9_5.x86_64
nmstate-libs-2.2.39-1.el9_5.x86_64
python3-libnmstate-2.2.39-1.el9_5.x86_64

      How reproducible is this bug?:

      - name: Configure routing rules
  hosts: localhost
  become: true
  gather_facts: false 
  vars:
    network_state:
      interfaces:
        - name: enp2s0
          type: ethernet
          state: up
          ipv4:
            enabled: true
            address:
              - ip: 192.0.2.251
                prefix-length: 24
            dhcp: false
      routes:
        config:
          - destination: 198.51.100.0/24
            metric: 150
            next-hop-address: 192.0.2.251
            next-hop-interface: enp2s0
            table-id: 254
          
          - destination: 172.10.100.0/24
            metric: 180
            next-hop-address: 192.0.2.251
            next-hop-interface: enp2s0
            table-id: 100
      route-rules:
        config:
          - ip-from: '198.51.100.10'
            route-table: 254
          - ip-from: '172.10.100.10'
            route-table: 100
      
  roles:
    - rhel-system-roles.network

      Steps to reproduce

      1. Run the playbook more than 1 time
      2. See the `changed` reported in `[PLAY RECAP]` for each execution
      3. Check the network connection profile in `/etc/NetworkManager/system-connections/[profile].nmconnection` see the `routing-rule` duplicated

      Expected results

      No routing rules duplicated. 

      Actual results:

      • Running the playbook the first time: 
        # ansible-playbook nmstate.yml 

PLAY [Configure routing rules] *******************************************************************************************************************************************************************

TASK [rhel-system-roles.network : Ensure ansible_facts used by role] *****************************************************************************************************************************
included: /usr/share/ansible/roles/rhel-system-roles.network/tasks/set_facts.yml for localhost

[...omitted for readability...]

TASK [rhel-system-roles.network : Re-test connectivity] ******************************************************************************************************************************************
ok: [localhost]

PLAY RECAP ***************************************************************************************************************************************************************************************
localhost                  : ok=14   changed=1    unreachable=0    failed=0    skipped=13   rescued=0    ignored=0   


# grep routin /etc/NetworkManager/system-connections/enp2s0.nmconnection 
routing-rule1=priority 30000 from 198.51.100.10 table 254
routing-rule2=priority 30001 from 172.10.100.10 table 100
      • Running the playbook second and third time:
      # ansible-playbook nmstate.yml PLAY [Configure routing rules] *******************************************************************************************************************************************************************TASK [rhel-system-roles.network : Ensure ansible_facts used by role] *****************************************************************************************************************************
included: /usr/share/ansible/roles/rhel-system-roles.network/tasks/set_facts.yml for localhost[...omitted for readability...]TASK [rhel-system-roles.network : Re-test connectivity] ******************************************************************************************************************************************
ok: [localhost]PLAY RECAP ***************************************************************************************************************************************************************************************
localhost                  : ok=14   changed=1    unreachable=0    failed=0    skipped=13   rescued=0    ignored=0   

# grep routin /etc/NetworkManager/system-connections/enp2s0.nmconnection 
routing-rule1=priority 30000 from 198.51.100.10 table 254
routing-rule2=priority 30001 from 172.10.100.10 table 100
routing-rule3=priority 30002 from 198.51.100.10 table 254
routing-rule4=priority 30003 from 172.10.100.10 table 100 

---
[omitted]TASK [rhel-system-roles.network : Re-test connectivity] ******************************************************************************************************************************************
ok: [localhost]PLAY RECAP ***************************************************************************************************************************************************************************************
localhost                  : ok=14   changed=1    unreachable=0    failed=0    skipped=13   rescued=0    ignored=0   

# grep routin /etc/NetworkManager/system-connections/enp2s0.nmconnection 
routing-rule1=priority 30000 from 198.51.100.10 table 254
routing-rule2=priority 30001 from 172.10.100.10 table 100
routing-rule3=priority 30002 from 198.51.100.10 table 254
routing-rule4=priority 30003 from 172.10.100.10 table 100
routing-rule5=priority 30004 from 198.51.100.10 table 254
routing-rule6=priority 30005 from 172.10.100.10 table 100

      The same behaviour is not observer with the `network_connection` module.

      I went thru the documentation and I noticed, these 2 parameters ( that actually works with `network_connections` ):

       # cat /usr/share/doc/rhel-system-roles/network/README.md |  grep 'route_append_only' -m1 -A17
- `route_append_only`

  The `route_append_only` option allows only to add new routes to the
  existing routes on the system.

  If the `route_append_only` boolean option is set to `true`, the specified routes are
  appended to the existing routes. If `route_append_only` is set to `false` (default),
  the current routes are replaced. Note that setting `route_append_only` to `true`
  without setting `route` has the effect of preserving the current static routes.

- `rule_append_only`

  The `rule_append_only` boolean option allows to preserve the current routing rules.

**Note:** When `route_append_only` or `rule_append_only` is not specified, the network
role deletes the current routes or routing rules.

      And it's explicit written that by default the role should delete routes and rules.

      So we could expect the `change` in the `PLAY RECAP` but the rules should be deleted and not duplicated.

      By the way, as additional information, I could not find anything about `rule_append_only` in nmstate.io https://nmstate.io/devel/yaml_api.html#route-rules , so I guess it is a specific parameter for the network_connection module.

       

      manu

              liangwen12year Wen Liang
              rhn-support-elaurett Emanuele Lauretta
              Richard Megginson Richard Megginson
              David Jez David Jez
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: