nmcli: avoid changed status for most cases with VPN connections

[yan12125]

SUMMARY

Follow-up #4746

• nmcli connection show includes vpn.service-type but not vpn-type.
  Switching to vpn.service-type removes unneeded diffs while keeping
  the same functionality, as vpn-type is an alias of vpn.service-type
  per nm-settings-nmcli(1).

  NetworkManager also adds org.freedesktop.NetworkManager. prefix for
  known VPN types [1]. The logic is non-trivial so I didn't implement it
  in this commit. If a user specifies service-type: l2tp, changed will
  be always be True:

-    "vpn.service-type": "org.freedesktop.NetworkManager.l2tp"
+    "vpn.service-type": "l2tp"

• The vpn.data field from nmcli connection show is sorted by keys and
  there are spaces around equal signs. I added codes for parsing such
  data.

Tests are also updated to match outputs of nmcli commands.

[1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.38.4/src/libnm-core-impl/nm-vpn-plugin-info.c#L619

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

nmcli

ADDITIONAL INFORMATION

N/A

[ansibullbot]

cc @alcamie101
click here for bot help

[github-actions]

Docs Build 📝

Thank you for contribution!✨

This PR has been merged and your docs changes will be incorporated when they are next published.

[felixfontein]

CC @jremerich who implemented this originally.

[felixfontein]

Are vpn-type and vpn.service-type always exchangeable?

[yan12125]

Looks like vpn-type is an alias of vpn.service-type since NetworkManager 1.4 [1] (released in Aug 2016). How old NetworkManager should this collection support?

[1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/c3422e917d75b48bcfde9036caec61bf97d6c312

[felixfontein]

Well, that's a very good question, and one I think next to impossible to answer. It seems that the module does not say which versions of nmcli it supports, and never mentioned that in the past. So the answer would be: "every version that the module supported in the past and that it didn't explicitly drop support for (which is probably none)".

[yan12125]

Apparently current nmcli.py does not work with very old NetworkManager, anyway. With NetworkManager 1.2.6 on Ubuntu 16.04, I got:

$ ansible some_old_machine -m nmcli -a "conn_name=foo state=present type=ethernet ifname=foo" --become
some_old_machine | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "msg": "Error: mandatory 'ifname' not seen before 'ipv6.ignore-auto-dns'.\n",
    "name": "foo",
    "rc": 2
}

The used command is:

/usr/bin/nmcli con add type ethernet con-name foo ipv6.ignore-auto-dns no ipv4.ignore-auto-routes no connection.interface-name foo connection.autoconnect yes ipv4.never-default no ipv4.ignore-auto-dns no ipv6.ignore-auto-routes no ipv4.may-fail yes

ifname is specified via connection.interface-name, while older nmcli insists using ifname. On the other hand, the same command works fine with NetworkManager 1.22.10 on Ubuntu 20.04.

As a side note, ifname is required before NetworkManager 1.22 [1]. I don't have a machine with NetworkManager between 1.4 and 1.22 for testing, though.

[1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/02e5a8d10a39f0f401b72f3a0a39619770fe51de

[felixfontein]

Well, I guess let's try this out :)

[yan12125]

Thank you very much for detailed review and kind suggestions! I fixed some, while others need more time for investigation.

[jremerich]

Hi!

I took a look at the changes and didn't see anything I can contribute.

Thanks for your contribution, @yan12125 !

[patchback]

Backport to stable-5: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-5/6ff594b524a9180a66a5d98b465f2de1d75086a8/pr-5126

Backported as #5220

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[felixfontein]

@yan12125 thanks for improving this module!
@jremerich thanks for reviewing!