nmcli - Task always changed : Connections do exist so we are modifying them

[bendermIBM]

Summary

When utilizing community.general.nmcli to create a bridge interface I noticed that it was always returning as "changed" even though nothing was happening before it to modify. I proceeded to slim down the playbook to only have that step and I was able to reproduce the same behavior.

Some idempotency is broken in the module, possibly surrounding a bridge interface.

Similar Issues

• nmcli reports changed status even if nothing needs to change #481 (comment)

Issue Type

Bug Report

Component Name

nmcli

community.general : 3.5.0

Ansible Version

ansible 2.9.22
  config file = /Users/benderm/github/kvm-ansible-roles/ansible.cfg
  configured module search path = ['/home/rundeck/kvm-ansible-roles/library', '/home/rundeck/.local/lib/python3.6/site-packages']
  ansible python module location = /Users/benderm/.pyenv/versions/3.8.5/envs/ansible/lib/python3.8/site-packages/ansible
  executable location = /Users/benderm/.pyenv/versions/ansible/bin/ansible
  python version = 3.8.5 (default, Jun  9 2021, 02:59:39) [Clang 12.0.5 (clang-1205.0.22.9)]

Configuration

ANSIBLE_SSH_ARGS(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = -C -o ControlMaster=auto -o ControlPersist=60s
DEFAULT_FORKS(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = 150
DEFAULT_HOST_LIST(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = ['/Users/benderm/github/ansible-inventory']
DEFAULT_INVENTORY_PLUGIN_PATH(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = ['/home/rundeck/.ansible/plugins/inventory']
DEFAULT_MODULE_PATH(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = ['/home/rundeck/kvm-ansible-roles/library', '/home/rundeck/.local/lib/python3.6/site-packages']
DEFAULT_ROLES_PATH(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = ['/var/lib/rundeck/.ansible/roles', '/home/rundeck/kvm-ansible-roles/roles', '/home/ahaider/kvm-ansible-roles/roles', '/home/bsteen/kvm-ansible-roles/roles', '/home/bender/kvm-ansible-roles/roles', '/home/safron/kvm-ansible-roles/roles', '/Users/benderm/github/kvm-ansible-roles/roles']
DEFAULT_STDOUT_CALLBACK(env: ANSIBLE_STDOUT_CALLBACK) = debug
DEFAULT_STRATEGY(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = mitogen_linear
DEFAULT_STRATEGY_PLUGIN_PATH(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = ['/home/rundeck/mitogen-master/ansible_mitogen/plugins/strategy', '/Users/benderm/.ansible/mitogen-0.2.9/ansible_mitogen/plugins/strategy']
DEFAULT_TIMEOUT(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = 10
DISPLAY_SKIPPED_HOSTS(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = False
HOST_KEY_CHECKING(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = False
INVENTORY_ENABLED(/Users/benderm/github/kvm-ansible-roles/ansible.cfg) = ['ini', 'script', 'libvirt', 'yaml']

OS / Environment

Controller Node : MacOSX
Target Node : RHEL 8.3

Steps to Reproduce

- name: initate bridge0
  community.general.nmcli:
    type: bridge
    conn_name: bridge0
    method4: disabled
    method6: ignore
    stp: no
    state: present
  register: bridge_output

Expected Results

I expect after running this more than once that this step returns "OK" and not "changed"

Actual Results

Result always returns as "changed"

changed: [kd] => {
    "Exists": "Connections do exist so we are modifying them",
    "changed": true,
    "conn_name": "bridge0",
    "invocation": {
        "module_args": {
            "ageingtime": 300,
            "arp_interval": null,
            "arp_ip_target": null,
            "autoconnect": true,
            "conn_name": "bridge0",
            "dhcp_client_id": null,
            "dns4": null,
            "dns4_ignore_auto": false,
            "dns4_search": null,
            "dns6": null,
            "dns6_ignore_auto": false,
            "dns6_search": null,
            "downdelay": null,
            "egress": null,
            "flags": null,
            "forwarddelay": 15,
            "gw4": null,
            "gw4_ignore_auto": false,
            "gw6": null,
            "gw6_ignore_auto": false,
            "hairpin": true,
            "hellotime": 2,
            "ifname": null,
            "ingress": null,
            "ip4": null,
            "ip6": null,
            "ip_tunnel_dev": null,
            "ip_tunnel_local": null,
            "ip_tunnel_remote": null,
            "mac": null,
            "master": null,
            "maxage": 20,
            "may_fail4": true,
            "method4": "disabled",
            "method6": "ignore",
            "miimon": null,
            "mode": "balance-rr",
            "mtu": null,
            "never_default4": false,
            "path_cost": 100,
            "primary": null,
            "priority": 128,
            "route_metric4": null,
            "routes4": null,
            "routing_rules4": null,
            "runner": "roundrobin",
            "runner_hwaddr_policy": null,
            "slavepriority": 32,
            "ssid": null,
            "state": "present",
            "stp": false,
            "type": "bridge",
            "updelay": null,
            "vlandev": null,
            "vlanid": null,
            "vxlan_id": null,
            "vxlan_local": null,
            "vxlan_remote": null,
            "wifi": null,
            "wifi_sec": null,
            "zone": null
        }
    },
    "state": "present"
}

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/net_tools/nmcli.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @alcamie101
click here for bot help

[thinkdoggie]

Please run the playbook with --check and --diff to show the details.

I guess there're some implicit connection parameter values that are not considered in the code.

[nbw74]

community.general 5.4.0, AlmaLinux release 8.6, always changed status:

TASK [southbridge.core.bridge : Network bridge configured] ********************************
--- before
+++ after
@@ -1,8 +1,8 @@
-bridge.ageing-time: '300'
-bridge.forward-delay: '15'
-bridge.hello-time: '2'
-bridge.max-age: '20'
-bridge.priority: '32768'
+bridge.ageing-time: 300
+bridge.forward-delay: 15
+bridge.hello-time: 2
+bridge.max-age: 20
+bridge.priority: 128
 bridge.stp: 'no'
 connection.autoconnect: 'yes'
 connection.interface-name: br0

- name: Network bridge configured
  community.general.nmcli:
    conn_name: br0
    ifname: br0
    type: bridge
    method4: auto
    method6: disabled
    stp: false
    state: present

- name: Bridge ports configured
  community.general.nmcli:
    conn_name: enp1s0
    ifname: enp1s0
    type: bridge-slave
    master: br0
    hairpin: false
    state: present

[ansibullbot]

Files identified in the description:

• plugins/modules/nmcli.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[vr-jack]

There are several bugs on this, but didn't see comment reporting the cause. Priority is hardset on some systems (confirmed several versions of Rocky8) to 32768 and cannot be changed. Setting the priority to that in the playbook resolved the change issue.