Can't add route to a bond with nmcli module

[sjpb]

Summary

Adding a route to a bonded interface fails.

Issue Type

Bug Report

Component Name

nmcli

Ansible Version

$ ansible --version
ansible [core 2.13.7]
  config file = /home/rocky/flexihpc-slurm/environments/dev/ansible.cfg
  configured module search path = ['/home/rocky/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/rocky/flexihpc-slurm/venv/lib64/python3.8/site-packages/ansible
  ansible collection location = /home/rocky/flexihpc-slurm/ansible/collections
  executable location = /home/rocky/flexihpc-slurm/venv/bin/ansible
  python version = 3.8.13 (default, Nov  8 2022, 17:19:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15)]
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
# /home/rocky/flexihpc-slurm/venv/lib/python3.8/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 5.0.2  

# /home/rocky/flexihpc-slurm/venv/lib64/python3.8/site-packages/ansible_collections
Collection        Version

Configuration

$ ansible-config dump --only-changed
ANY_ERRORS_FATAL(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = True
COLLECTIONS_PATHS(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = ['/home/rocky/flexihpc-slurm/ansible/collections']
DEFAULT_FILTER_PLUGIN_PATH(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = ['/home/rocky/flexihpc-slurm/ansible/filter_plugins']
DEFAULT_FORKS(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = 30
DEFAULT_GATHERING(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = smart
DEFAULT_HOST_LIST(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = ['/home/rocky/flexihpc-slurm/environments/common/inventory', '/home/rocky/flexihpc-slurm/environments/flexihpc/invent>
DEFAULT_ROLES_PATH(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = ['/home/rocky/flexihpc-slurm/ansible/roles']
DEFAULT_STDOUT_CALLBACK(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = debug
DEFAULT_VAULT_PASSWORD_FILE(env: ANSIBLE_VAULT_PASSWORD_FILE) = /home/rocky/flexihpc-slurm/vault-password.txt
HOST_KEY_CHECKING(/home/rocky/flexihpc-slurm/environments/dev/ansible.cfg) = False

OS / Environment

RockyLinux 8.7

Steps to Reproduce

community.general.nmcli:
        conn_name: "Bond bond0"
        type: "bond"
        routes4: '10.29.113.0/24 10.1.112.254'
        state: present

Expected Results

Route to get added

Actual Results

fatal: [compute-3]: FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "invocation": {
        "module_args": {
            "addr_gen_mode6": null,
            "ageingtime": 300,
            "arp_interval": null,
            "arp_ip_target": null,
            "autoconnect": true,
            "conn_name": "Bond bond0",
            "dhcp_client_id": null,
            "dns4": null,
            "dns4_ignore_auto": false,
            "dns4_search": null,
            "dns6": null,
            "dns6_ignore_auto": false,
            "dns6_search": null,
            "downdelay": null,
            "egress": null,
            "flags": null,
            "forwarddelay": 15,
            "gsm": null,
            "gw4": null,
            "gw4_ignore_auto": false,
            "gw6": null,
            "gw6_ignore_auto": false,
            "hairpin": null,
            "hellotime": 2,
            "ifname": null,
            "ignore_unsupported_suboptions": true,
            "ingress": null,
            "ip4": null,
            "ip6": null,
            "ip_privacy6": null,
            "ip_tunnel_dev": null,
            "ip_tunnel_input_key": null,
            "ip_tunnel_local": null,
            "ip_tunnel_output_key": null,
            "ip_tunnel_remote": null,
            "mac": null,
            "master": null,
            "maxage": 20,
            "may_fail4": true,
            "method4": null,
            "method6": null,
            "miimon": null,
            "mode": "balance-rr",
            "mtu": null,
            "never_default4": false,
            "path_cost": 100,
            "primary": null,
            "priority": 128,
            "route_metric4": null,
            "route_metric6": null,
            "routes4": [
                "10.29.113.0/24 10.1.112.254"
            ],
            "routes4_extended": null,
            "routes6": null,
            "routes6_extended": null,
            "routing_rules4": null,
            "runner": "roundrobin",
            "runner_hwaddr_policy": null,
            "slavepriority": 32,
            "ssid": null,
            "state": "present",
            "stp": true,
            "type": "bond",
            "updelay": null,
            "vlandev": null,
            "vlanid": null,
            "vxlan_id": null,
            "vxlan_local": null,
            "vxlan_remote": null,
            "wifi": null,
            "wifi_sec": null,
            "wireguard": null,
            "zone": null
        }
    },
    "name": "Bond bond0",
    "rc": 1
}

MSG:

Error: Failed to modify connection 'Bond bond0': bond.options: 'lacp_rate' option is only valid with mode '802.3ad'

Note that doing this manually works (and better, doesn't require me to specify the connection type):

[cloud-user@compute-0 ~]$ sudo nmcli connection modify 'Bond bond0' +ipv4.routes '10.29.113.0/24 10.1.112.254'
[cloud-user@compute-0 ~]$ sudo nmcli connection up 'Bond bond0'
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[cloud-user@compute-0 ~]$ ip r
<snip>
10.29.113.0/24 via 10.1.112.254 dev bond0 proto static metric 300 
<snip>

Code of Conduct

• [X] I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/nmcli.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @alcamie101 click here for bot help

[SmithKeith]

I'm also seeing this issue using ansible [core 2.13.3] with community.general version 7.5.0 on RHEL 8.7

A work around seems to be to set the mode from it's default value of "balance-rr" to the correct mode of the interface using an ansible fact as below:

community.general.nmcli:
        conn_name: "bond0"
        mode: "{{ ansible_facts['bond0']['mode'] }}"
        routes4: '10.0.0.1/32 10.0.0.254'
        state: present

Is there a better fix for this issue?

[SmithKeith]

Looking at plugins/modules/nmcli.py it would appear the issue is caused by the default value of "mode". In Nmcli.connection_options() if the connection type is "bond" then "mode" will always be added as a command line argument. So if mode is not included when calling the module and the actual mode of the bond is not "balance-rr" it will cause an error. A simple solution would be not to have a default for mode but this will break any playbook expecting the default value!

[felixfontein]

Yes, simply removing the default would be a breaking change. Removing it needs a longer deprecation period where not specifying a default will keep the current behavior, but emit a deprecation warning.

[SmithKeith]

A deprecation period sounds like the simplest plan of action. In the mean time I have removed the default setting in plugins/modules/nmcli.py of my local copy:

mode=dict(type='str', default='balance-rr',
                      choices=['802.3ad', 'active-backup', 'balance-alb', 'balance-rr', 'balance-tlb', 'balance-xor', 'broadcast']),

to

mode=dict(type='str',
                      choices=['802.3ad', 'active-backup', 'balance-alb', 'balance-rr', 'balance-tlb', 'balance-xor', 'broadcast']),

What sort of timescale is usually acceptable for the deprecation period?

[felixfontein]

For such changes I would use ~2 major versions, so that users have ~one year to adjust.

[SmithKeith]

This works for me. :) So we are looking at a fix to be implimented at the end of 2024?

[felixfontein]

Someone would have to start implementing the deprecation first, otherwise nothing will change anytime soon.

Also it would be good that the deprecation already includes the code to switch to, potentially allowing to enable it with a switch (a new option).