azure_rm_loadbalancer doesn't append rules, it overwrites

[rnsc]

SUMMARY

I want to update the "load balancing rules" of a basic Azure Load Balancer. In Ansible 2.8, that module was updated for idempotency and it can be used to updated an existing LB object. However, it doesn't append the new rules to existing rules in a LB, it just overwrites all the rules. I was expecting the module to just "append" rules to the current set.

ISSUE TYPE

• Bug Report

COMPONENT NAME

azure_rm_loadbalancer

ANSIBLE VERSION

ansible 2.8.1
  config file = [redacted]/ansible.cfg
  configured module search path = [u'[redacted]/library', u'[redacted]/ara/plugins/modules']
  ansible python module location = [redacted]/local/lib/python2.7/site-packages/ansible
  executable location = [redacted]/bin/ansible
  python version = 2.7.15rc1 (default, Nov 12 2018, 14:31:15) [GCC 7.3.0]

CONFIGURATION

ANSIBLE_NOCOWS([redacted]/ansible.cfg) = True
ANSIBLE_PIPELINING([redacted]/ansible.cfg) = True
ANSIBLE_SSH_ARGS([redacted]/ansible.cfg) = -o ControlMaster=auto -o ControlPersist=600s -o StrictHostKeyChecking=no
ANSIBLE_SSH_RETRIES([redacted]/ansible.cfg) = 3
CACHE_PLUGIN([redacted]/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION([redacted]/ansible.cfg) = ~/.ansible/facts.cachedir
CACHE_PLUGIN_TIMEOUT([redacted]/ansible.cfg) = 300
DEFAULT_ACTION_PLUGIN_PATH([redacted]/ansible.cfg) = [u'[redacted]/ara/plugins/actions']
DEFAULT_CALLBACK_PLUGIN_PATH([redacted]/ansible.cfg) = [u'[redacted]/ara/plugins/callbacks']
DEFAULT_CALLBACK_WHITELIST([redacted]/ansible.cfg) = [u'profile_roles', u'profile_tasks', u'timer', u'junit']
DEFAULT_FORKS([redacted]/ansible.cfg) = 100
DEFAULT_GATHERING([redacted]/ansible.cfg) = smart
DEFAULT_HOST_LIST([redacted]/ansible.cfg) = [u'[redacted]/slinventory.sh']
DEFAULT_LOG_PATH([redacted]/ansible.cfg) = /home/renaud/.ansible/SLAnsible.log
DEFAULT_LOOKUP_PLUGIN_PATH([redacted]/ansible.cfg) = [u'[redacted]/plugins/lookup']
DEFAULT_MODULE_PATH([redacted]/ansible.cfg) = [u'[redacted]/library', u'[redacted]/ara/plugins/modules'
DEFAULT_REMOTE_USER([redacted]/ansible.cfg) = stylelabs
DEFAULT_ROLES_PATH([redacted]/ansible.cfg) = [u'[redacted]/roles_galaxy', u'[redacted]/roles_mansible']
DEFAULT_STDOUT_CALLBACK([redacted]/ansible.cfg) = yaml
DEFAULT_STRATEGY([redacted]/ansible.cfg) = mitogen_linear
DEFAULT_STRATEGY_PLUGIN_PATH([redacted]/ansible.cfg) = [u'[redacted]/mitogen/ansible_mitogen/plugins/strategy']
DEFAULT_TIMEOUT([redacted]/ansible.cfg) = 20
HOST_KEY_CHECKING([redacted]/ansible.cfg) = False
RETRY_FILES_ENABLED([redacted]/ansible.cfg) = False

OS / ENVIRONMENT

Running on localhost.

STEPS TO REPRODUCE

Create a basic load balancer on Azure with a Frontend config and BackendPool. Add a Load balancing rule manually with a health probe on port 80. Execute Ansible task to add a new rule.

- name: "azure_rm_loadbalancer | add LB rule and probe"
  azure_rm_loadbalancer:
    auth_source: cli
    subscription_id: "REDACTED"
    name: "elbtest"
    resource_group: "elb-test"
    load_balancing_rules:
      - backend_address_pool: "backend"
        backend_port: "1024"
        frontend_ip_configuration: LoadBalancerFrontEnd
        frontend_port: "1024"
        name: "1024-rule"
        probe: "1024-probe"
        protocol: Tcp
    probes:
      - name: "1024-probe"
        port: "1024"
        protocol: Tcp

EXPECTED RESULTS

I'm expecting just my rule to be added, unless I specifically say I want to purge everything.

ACTUAL RESULTS

The rules and probes that are not part of the current Ansible task are deleted.

This issue was created following the migration to azure collections. Original ticket: https://github.com/ansible/ansible/issues/58069

[Fred-sun]

@rnsc Glad you raised this question, we will investigate and check this feature. Thank you!

[hdiass]

hello, i'm afraid we need this feature to feed a list into the probes with "with_items" option. If not, how can we use a list to create multiple load_balancing_rules ?

Thanks

[Fred-sun]

hello, i'm afraid we need this feature to feed a list into the probes with "with_items" option. If not, how can we use a list to create multiple load_balancing_rules ?

Thanks

We are investigating this feature and will make improvements as soon as possible!

[tfmark]

Is anyone looking into this issue? The other Azure Ansible modules I've used are additive and only upsert data if the key (e.g. name) is the same (for example the NSG rules)...

That said, the following playbook works around the issue by creating the list of loadbalancer rules first (via set_fact + loop) and then feeds this into azure_rm_loadbalancer. @hdiass I guess you found your own workaround, but for others:

---
- name: Load Balancer Example 
  hosts: localhost
  vars:
    clients:
    - name: client1
      number: 10
    - name: client2
      number: 20
    - name: client3
      number: 30

  tasks:
    # workaround dumb module behaviour
  - set_fact:
      load_balancing_rules: "{{ load_balancing_rules | default([]) + [load_balancing_rule] }}"
    loop: "{{ clients }}"
    loop_control:
      label: "{{ item.name }} ({{ item.number }})"
    vars:
      load_balancing_rule:
        name: "{{ item.name }}"
        backend_port: "{{ 20000 + (item.number * 10) | int}}"
        protocol: Tcp
        frontend_port: "{{ 10000 + (item.number * 10) | int}}"
        frontend_ip_configuration: "my-frontend-ip"
        backend_address_pool : "my-backend-address-pool"
        probe: my-health-probe
        # disable_outbound_snat: true  

  - debug: var=load_balancing_rules

  - name: Add Load Balancer rules
    azure.azcollection.azure_rm_loadbalancer:
      profile: prod
      resource_group: load-balancer-rg
      name: dummy-load-balancer
      load_balancing_rules: "{{ load_balancing_rules }}"