'interface bridge vlan' change of .id in 'new_data' results in the deletion of existing bridge vlans

0xUnicorn commented 3 months ago

SUMMARY

The implementation of interface bridge vlan for some reason changes the .id on every execution. This causes the api_modify module to remove all of the existiing bridge vlans and creating new ones.

ISSUE TYPE

Bug Report

COMPONENT NAME

api_modify

ANSIBLE VERSION

ansible [core 2.12.10]
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
  jinja version = 2.11.3
  libyaml = True

COLLECTION VERSION

# /usr/lib/python3/dist-packages/ansible_collections
Collection        Version
----------------- -------
community.general 4.8.3

CONFIGURATION

ANSIBLE_NOCOWS = True
DEFAULT_HOST_LIST = hosts.yml
DEFAULT_STDOUT_CALLBACK = yaml
DEFAULT_VAULT_PASSWORD_FILE = REDACTED

OS / ENVIRONMENT

Linux REDACTED 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64 GNU/Linux Debian GNU/Linux 11 (bullseye)

STEPS TO REPRODUCE

- name: "Configure bridge vlans"
  community.routeros.api_modify:
    hostname: "hostname"
    username: "username"
    password: "password"
    path: "interface bridge vlan"
    data:
      - bridge: "bridge"
        tagged: "bridge, sfp-sfpplus1"
        vlan-ids: "100"
     - bridge: "bridge"
       tagged: "bridge, sfp-sfpplus2"
       vlan-ids: "200"
    handle_absent_entries: "remove"
    handle_entries_content: "remove_as_much_as_possible"

EXPECTED RESULTS

I would expect this task to be idempotent, and only remove rules that is an absent_entry.

new_data:

.id: '*67' bridge: bridge0 disabled: false tagged: bridge0,sfp-sfpplus2 untagged: '' vlan-ids: 100
.id: '*68' bridge: bridge0 disabled: false tagged: bridge0,sfp-sfpplus3 untagged: '' vlan-ids: 400 old_data:
.id: '*67' bridge: bridge0 disabled: false tagged: bridge0,sfp-sfpplus2 untagged: '' vlan-ids: 100
.id: '*68' bridge: bridge0 disabled: false tagged: bridge0,sfp-sfpplus3 untagged: '' vlan-ids: 200

ACTUAL RESULTS

When applying the handle_absent_entries the api_modify module removes all existing bridge vlans because it can't match the new data with the old data because of a change in the .id.

Looking at everything else i'm using, they all keep the same .id value:

interface vlan
ip service
bridge
ip vrf
ip address
ip route

  new_data:
  - .id: '*73'
    bridge: bridge0
    disabled: false
    tagged: bridge0,sfp-sfpplus2
    untagged: ''
    vlan-ids: 100
  - .id: '*74'
    bridge: bridge0
    disabled: false
    tagged: bridge0,sfp-sfpplus3
    untagged: ''
    vlan-ids: 400
  old_data:
  - .id: '*67'
    bridge: bridge0
    disabled: false
    tagged: bridge0,sfp-sfpplus2
    untagged: ''
    vlan-ids: 100
  - .id: '*68'
    bridge: bridge0
    disabled: false
    tagged: bridge0,sfp-sfpplus3
    untagged: ''
    vlan-ids: 200

derdeagle commented 2 months ago

I found two problems in your data while trying to reproduce your issue. Could you please try and

remove the spaces in the tagged key, so change tagged: "bridge, sfp-sfpplus1" to tagged: "bridge,sfp-sfpplus1"
make the key vlan-ids an int, so change vlan-ids: "100" to vlan-ids: 100

I hope that helps. I think the vlan-ids field is actually the problem here.

0xUnicorn commented 2 months ago

Thanks a lot, it seems like it resolves the issue. Looking at the debug with -vvvv the .id in new_data and old_data is the same now. I'll need to setup an OOB port on my router before deploying the config with remove absent entries. So I'll give an update next week.

0xUnicorn commented 2 months ago

This worked perfectly. Thanks @derdeagle

derdeagle commented 2 months ago

That's good news, I am glad I could help.

ansible-collections / community.routeros