nmcli: changing routes on an interface does not lead to active routes on a host

numericillustration commented 1 month ago

Summary

When I add additional routes to an existing interface using community.general.nmcli the routes are added to the connection profile but not made active on the machine.

I can see by running nmcli show connection <foo> | grep ipv4.routes: that the routes are updated in the connection configuration but not made active. If I run ip route show the routes from the nmcli profile are not in the system's routing table.

This seems to be due to https://github.com/ansible-collections/community.general/blob/main/plugins/modules/nmcli.py#L2629-L2652

where the module only runs modify when the interface already exists. For a new interface the interface is brought up which makes the routes active.

I've worked around this by writing a handler I can call to run nmcli connection up <foo> when changes happen.

Issue Type

Bug Report

Component Name

community.general.nmcli

Ansible Version

ansible [core 2.12.7]
  config file = /Users/michaelhicks/gits/joyent/spc-infra/ansible/ansible.cfg
  configured module search path = ['/Users/michaelhicks/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/michaelhicks/py-venv/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/michaelhicks/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/michaelhicks/py-venv/bin/ansible
  python version = 3.10.2 (v3.10.2:a58ebcc701, Jan 13 2022, 14:50:16) [Clang 13.0.0 (clang-1300.0.29.30)]
  jinja version = 3.1.2
  libyaml = True

Community.general Version

# /Users/michaelhicks/py-venv/lib/python3.10/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 4.8.3

# /Users/michaelhicks/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 5.4.0

Configuration

$ DEFAULT_BECOME_METHOD(/Users/michaelhicks/gits/joyent/spc-infra/ansible/ansible.cfg) = sudo
DEFAULT_FORKS(/Users/michaelhicks/gits/joyent/spc-infra/ansible/ansible.cfg) = 20
DEFAULT_REMOTE_USER(/Users/michaelhicks/gits/joyent/spc-infra/ansible/ansible.cfg) = centos
DEFAULT_VAULT_PASSWORD_FILE(/Users/michaelhicks/gits/joyent/spc-infra/ansible/ansible.cfg) = /Users/michaelhicks/gits/joyent/spc-infra/ansible/vault.txt
INTERPRETER_PYTHON(/Users/michaelhicks/gits/joyent/spc-infra/ansible/ansible.cfg) = auto_silent

OS / Environment

Rocky 9

Steps to Reproduce

- name: setup static routes for region_neptune things
  community.general.nmcli:
    type: ethernet
    conn_name: "System {{item.interface }}"
    state: present
    routes4: "{{ item.routes | join(',') }}"
  loop: "{{ managed_routes.v4_routes | list }}"
  register: nmcli_routes
  notify: apply_routes
  when:
    - ansible_distribution == "Rocky"
    - managed_routes
    - managed_routes.v4_routes

the register and notify are so I can nmcli up the connection to make the routes active

- name: nmcli apply routes
  ansible.builtin.shell: "nmcli connection up '{{ item }}'"
  loop: "{{ nmcli_routes.results | selectattr('changed', 'equalto', True) | map(attribute='conn_name') | list }}"
  when: ansible_distribution == "Rocky"
  listen: "apply_routes"

Expected Results

I expect ip route show to contain the routes that are also in nmcli connection show <foo> | grep 'ipv4.routes:'

Actual Results

routes are in the NetworkManager connection profile but not the system's routing table.

Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

ansibullbot commented 1 month ago

Files identified in the description:

plugins/modules/nmcli.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 month ago

cc @alcamie101 click here for bot help

ansible-collections / community.general