nmcli add wifi connection output behavior is not the same as normal nmcli command

dummys commented 2 years ago

Summary

When addind a connection wifi using nmcli module, the output said that it edit the actual connection, even if the connection didnt exist before. To control it: nmcli conn delete test_con my vars:

network:
    wireless:
      - name: test_con
        conn_name: test_con
        ssid: test_con
        keymgmt: wpa-psk
        psk: lol
        zone: home
        autoconnect: true

And my roles:

- name: Create the wifi connections
  community.general.nmcli:
    type: wifi
    conn_name: "{{ item.conn_name }}"
    ifname: "{{ hardware.wifi }}"
    ssid: "{{ item.ssid }}"
    zone: "{{ item.zone }}"
    wifi_sec:
      key-mgmt: "{{ item.keymgmt }}"
      psk: "{{ item.psk }}"
    autoconnect: "{{ item.autoconnect }}"
    state: present  
  # no_log: True add this when role is ready to hide password in clear
  loop: "{{ network.wireless }}"
  when: hardware.wifi is defined

and the output:

"state": "present",
    "stdout": "\n===| nmcli interactive connection editor |===\n\nEditing existing '802-11-wireless' connection: 'test_con'\n\nType 'help' or '?' for available commands.\nType 'print' to show all the connection properties.\nType 'describe [<setting>.<prop>]' for detailed property description.\n\nYou may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wifi-sec), 802-1x, ethtool, match, ipv4, ipv6, hostname, tc, proxy\nnmcli> set 802-11-wireless-security.psk ********\nnmcli> save\nConnection 'test_con' (aa1491ab-2cc5-48e8-8808-754f05713cd1) successfully updated.\nnmcli> quit\n",
    "stdout_lines": [
        "",
        "===| nmcli interactive connection editor |===",
        "",
        "Editing existing '802-11-wireless' connection: 'test_con'",
        "",
        "Type 'help' or '?' for available commands.",
        "Type 'print' to show all the connection properties.",
        "Type 'describe [<setting>.<prop>]' for detailed property description.",
        "",
        "You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wifi-sec), 802-1x, ethtool, match, ipv4, ipv6, hostname, tc, proxy",
        "nmcli> set 802-11-wireless-security.psk ********",
        "nmcli> save",
        "Connection 'test_con' (aa1491ab-2cc5-48e8-8808-754f05713cd1) successfully updated.",
        "nmcli> quit"
    ]
}

So my question is, why it said that the connection already exist even if I deleted it successfully before ? The module first add the connection and then modify it to add like psk or something ? PS: I tried with ethernet connection and it works correctly, the output is only one line with: "stdout_lines": [ "Connection 'test_con_eth' (dd165caf-6fb5-49a9-8e35-43637fd76476) successfully added."

When I use nmcli command to add it manually it works as expected: nmcli conn add type wifi conn_name test_con ssid test_con 802-11-wireless-security.key-mgmt wpa-psk 802-11-wireless-security.psk lol

Issue Type

Bug Report

Component Name

nmcli

Ansible Version

ansible [core 2.12.0]
  config file = /root/ansible11/ansible.cfg
  configured module search path = ['/root/ansible11/library']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.9 (main, Nov 20 2021, 21:30:06) [GCC 11.1.0]
  jinja version = 3.0.3
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
# /usr/lib/python3.9/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 4.0.2

Configuration

$ ansible-config dump --only-changed
DEFAULT_HOST_LIST(/root/ansible11/ansible.cfg) = ['/root/ansible11/hosts']
DEFAULT_LOG_PATH(/root/ansible11/ansible.cfg) = /root/ansible11/logs
DEFAULT_MODULE_PATH(/root/ansible11/ansible.cfg) = ['/root/ansible11/library']
HOST_KEY_CHECKING(/root/ansible11/ansible.cfg) = False

OS / Environment

Arch linux

Steps to Reproduce


- name: Create the wifi connections
  community.general.nmcli:
    type: wifi
    conn_name: "{{ item.conn_name }}"
    ifname: "{{ hardware.wifi }}"
    ssid: "{{ item.ssid }}"
    zone: "{{ item.zone }}"
    wifi_sec:
      key-mgmt: "{{ item.keymgmt }}"
      psk: "{{ item.psk }}"
    autoconnect: "{{ item.autoconnect }}"
    state: present  
  # no_log: True add this when role is ready to hide password in clear
  loop: "{{ network.wireless }}"
  when: hardware.wifi is defined

Expected Results

only one line with: "Connection 'test_con' (dd165caf-6fb5-49a9-8e35-43637fd76476) successfully added."

Actual Results

"state": "present",
    "stdout": "\n===| nmcli interactive connection editor |===\n\nEditing existing '802-11-wireless' connection: 'test_con'\n\nType 'help' or '?' for available commands.\nType 'print' to show all the connection properties.\nType 'describe [<setting>.<prop>]' for detailed property description.\n\nYou may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wifi-sec), 802-1x, ethtool, match, ipv4, ipv6, hostname, tc, proxy\nnmcli> set 802-11-wireless-security.psk ********\nnmcli> save\nConnection 'test_con' (aa1491ab-2cc5-48e8-8808-754f05713cd1) successfully updated.\nnmcli> quit\n",
    "stdout_lines": [
        "",
        "===| nmcli interactive connection editor |===",
        "",
        "Editing existing '802-11-wireless' connection: 'test_con'",
        "",
        "Type 'help' or '?' for available commands.",
        "Type 'print' to show all the connection properties.",
        "Type 'describe [<setting>.<prop>]' for detailed property description.",
        "",
        "You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wifi-sec), 802-1x, ethtool, match, ipv4, ipv6, hostname, tc, proxy",
        "nmcli> set 802-11-wireless-security.psk ********",
        "nmcli> save",
        "Connection 'test_con' (aa1491ab-2cc5-48e8-8808-754f05713cd1) successfully updated.",
        "nmcli> quit"
    ]
}

Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

ansibullbot commented 2 years ago

Files identified in the description:

plugins/modules/net_tools/nmcli.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 2 years ago

cc @alcamie101 click here for bot help

Ajpantuso commented 2 years ago

The module first add the connection and then modify it to add like psk or something ?

Exactly. This module originally created a WiFi connection and included all settings via the command line. Among those commands were secrets which could be leaked through the proc table. To fix this the connection is first added and then secrets are entered via stdin over the interactive edit prompt. See #3145 for more information.

dummys commented 2 years ago

ok so thats why we have such lots of output. And I can safely script something to only choose the 12th element and then split on space etc ? It will never change ?

Ajpantuso commented 2 years ago

No, the stdout will never be safe and is subject to change based on nmcli/NetworkManager version and local system settings. You change this issue into a request for stable return values from the module or if you are in a hurry:

 - name: Retrieve UUID from nmcli
   ansible.builtin.command:
     cmd: "nmcli -f 'connection.uuid' con show {{ item.conn_name }}"
   loop: "{{ network.wireless }}"

dummys commented 2 years ago

oh yeah ok will do this, thanks.

ansibullbot commented 2 years ago

Files identified in the description:

plugins/modules/nmcli.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansible-collections / community.general