Skip to content
This repository has been archived by the owner on May 1, 2021. It is now read-only.

Error when updating a route table entry with the same dest and network_entity_id #52

Closed
joshmullis opened this issue May 17, 2019 · 6 comments
Closed

Error when updating a route table entry with the same dest and network_entity_id #52

joshmullis opened this issue May 17, 2019 · 6 comments

Comments

@joshmullis
Copy link

Issue Report

We are receiving an error when running a playbook that adds a route table entry. Usually the route table module is idempotent and sees that we are requesting the same entry that already exists. However, sometimes we run into this where the route table entry has the same destination and network_entity_id as we are passing in the playbook, yet it gives an error.

Expected behavior

As usual, the route table module should be idempotent and see that the route is already present and skip the update.

Environment

  • OS version: OEL 7.5

  • Ansible version:

ansible 2.7.9
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/jmullis/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 17:41:36) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28.0.1)]

  • OCI Python SDK version:

2.2.7

  • OCI Ansible Modules version:

1.8.0

Ansible playbook to reproduce the issue

Since this is public, I've redacted the CIDR and real OCIDs.

- hosts: localhost
  connection: local
  gather_facts: no

  environment:
    OCI_IDENTITY_DO_NOT_REDIRECT_TO_HOME_REGION: "1"
    OCI_ANSIBLE_AUTH_TYPE: "instance_principal"
    OCI_TENANCY: "{{ tenancy_ocid }}"
    OCI_REGION: "{{ region }}"

  tasks:

    - name: Update VCN Route Table
      oci_route_table:
        rt_id: "ocid1.routetable.oc1.iad.foo"
        route_rules:
          - destination: "10.10.10.0/23"
            network_entity_id: "ocid1.localpeeringgateway.oc1.iad.foo"
        purge_route_rules: 'no'
        state: 'present'

Snippet from output of: oci network route-table get --rt-id ocid1.routetable.oc1.iad.foo

      {
        "cidr-block": null,
        "destination": "10.10.10.0/23",
        "destination-type": "CIDR_BLOCK",
        "network-entity-id": "ocid1.localpeeringgateway.oc1.iad.foo"
      }

FULL ERROR MESSAGE:

{
    "_ansible_parsed": true,
    "changed": false,
    "_ansible_no_log": false,
    "_ansible_item_result": true,
    "item": "my-route-table1",
    "_ansible_item_label": "my-route-table1",
    "invocation": {
        "module_args": {
            "auth_type": "api_key",
            "config_profile_name": null,
            "config_file_location": null,
            "display_name": null,
            "compartment_id": null,
            "route_rules": [
                {
                    "destination": "10.10.10.0/23",
                    "network_entity_id": "ocid1.localpeeringgateway.oc1.iad.foo"
                }
            ],
            "defined_tags": null,
            "freeform_tags": null,
            "state": "present",
            "key_by": null,
            "vcn_id": null,
            "force_create": false,
            "delete_route_rules": false,
            "tenancy": null,
            "api_user_key_file": null,
            "wait": true,
            "api_user_key_pass_phrase": null,
            "api_user": null,
            "rt_id": "ocid1.routetable.oc1.iad.foo",
            "region": null,
            "wait_until": null,
            "purge_route_rules": false,
            "wait_timeout": 1200,
            "api_user_fingerprint": null
        }
    },
    "_ansible_ignore_errors": null,
    "msg": "{'status': 400, 'message': u'The requested destination 10.10.10.0/23 is invalid: Cannot add multiple rules with the same destination.', 'code': u'InvalidParameter', 'opc-request-id': '666BE51B3F174DA58F02761AADD46AC0/C2775B58E94DEEFCBAAF26FC14E3249D/936398617F1246E093BCD0737CD6E749'}"
}
@manojmeda
Copy link
Member

@joshmullis The ansible module wrongly assumes that the deprecated cidr_block value is filled out by the API when the route rules are created using the destination parameter. So the ansible module is filling out the missing cidr_block value and then comparing with the existing value which is causing the mismatch. Unfortunately I don't think there is a workaround for this. We will fix it in the next release.

nalsaber added a commit that referenced this issue May 31, 2019
@nalsaber @manojmeda @mross22
New release v1.9.0 of OCI Ansible Modules
7ce37ad 
Added
- Added the following features in existing modules:
    - Added `iscsi_attach_commands` and `iscsi_detach_commands` return values to `oci_volume_attachment` and `oci_volume_attachment_facts` modules.

Fixed
- Fix installation script for Ansible 2.8.0 [issue](#53)
- Fix idempotency when updating a route table entry [issue](#52)
- Fix invalid options error for FQDN generation in inventory script [issue](#49)
- Fix error updating cross connects on a virtual circuit

Co-authored-by: Manoj Meda <[email protected]>
Co-authored-by: Nabeel Al Saber <[email protected]>
Co-authored-by: Mike Ross <[email protected]>
@nalsaber nalsaber mentioned this issue May 31, 2019
Merged
@vburamdo
Copy link

vburamdo commented Jun 5, 2019

#manojmeda I have used new Release v1.9.0 OCI Ansible Modules, We are receiving an error when running a playbook that adds a route table entry.

Full Error Message:

fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_user": null,
"api_user_fingerprint": null,
"api_user_key_file": null,
"api_user_key_pass_phrase": null,
"auth_type": "api_key",
"compartment_id": "xxxxxxxxx",
"config_file_location": "xxxxxxxx",
"config_profile_name": "xxxxx",
"defined_tags": null,
"delete_route_rules": false,
"display_name": null,
"force_create": false,
"freeform_tags": null,
"key_by": null,
"purge_route_rules": false,
"region": null,
"route_rules": [
{
"cidr_block": "xxxxxx",
"network_entity_id": "xxxxxxxxxxxxx"
},
{
"cidr_block": "xxxxxxx",
"network_entity_id": "xxxxxxxxxxxxx"
}
],
"rt_id": "xxxxxxxxx",
"state": "present",
"tenancy": null,
"vcn_id": "xxxxxxxx",
"wait": true,
"wait_timeout": 1200,
"wait_until": null
}
},
"msg": "{'status': 400, 'message': u'The requested destination x.x.x.x/x is invalid: Cannot add multiple rules with the same destination.', 'code': u'InvalidParameter', 'opc-request-id': 'xxxxxx/xxxxxxx'}"
}

@manojmeda
Copy link
Member

@joshmulliscidr_block is actually a deprecated parameter. can you please try using destination instead?

@joshmullis
Copy link
Author

joshmullis commented Jun 5, 2019
edited
Loading

I've noticed that if the route table already has the "cidr_block" populated with a CIDR, the code does not work.

I have to manually go into the route table via the OCI Web Portal and update a route.
This will reset all the routes in that table to have a null "cidr_block".

After that, the tasks will show as "ok".

Very strange and makes me wonder if we're going to run into further issues in the near future with these route tables.

@manojmeda
Copy link
Member

We face issues in the scenario where cidr_block is used to create a route table entry and then later use destination to update it. The OCI API populates destination when cidr_block is used but not the reverse. So the ansible module also assumes cidr_block to be null when destination is used and it fails if the route rule was initially created using cidr_block. But if we use only destination to create/update route rules, the ansible module should work fine. Also it is recommended as cidr_block is deprecated.

@nalsaber
Copy link
Member

This issue was resolved in release v1.9.0

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@manojmeda @nalsaber @joshmullis @vburamdo