docker_network with multiple subnets always changes

[g00nix]

SUMMARY

When using docker_network to create a network with multiple subnets, the task will delete/create the network even if it already exists with the correct subnets. Ansible fails to judge if the existing subnets are correct, probably because of the way the arrays of subnets are compared in python.

ISSUE TYPE

• Bug Report

COMPONENT NAME

docker_network

ANSIBLE VERSION

ansible 2.9.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/gunix/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.0 (default, Oct 23 2019, 18:51:26) [GCC 9.2.0]

CONFIGURATION

ANSIBLE_PIPELINING(/etc/ansible/ansible.cfg) = True
DEFAULT_LOG_PATH(/etc/ansible/ansible.cfg) = /var/log/ansible/ansible.log
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = True
INTERPRETER_PYTHON(/etc/ansible/ansible.cfg) = /usr/bin/python3

OS / ENVIRONMENT

Both systems are running ArchLinux.

STEPS TO REPRODUCE

- name: "deploy network namespace that can hold all IPs"
  docker_network:
    name: "macvlan1"
    driver: "macvlan"
    internal: false
    driver_options:
      parent: "{{ ansible_default_ipv4.alias }}"
    ipam_config: "{{ macvlan_subnets }}"

also vars:

macvlan_subnets:
- gateway: 10.162.208.1
  subnet: 10.162.208.0/24
- gateway: 10.162.223.1
  subnet: 10.162.223.0/24
- gateway: 10.162.210.1
  subnet: 10.162.210.0/24

EXPECTED RESULTS

I was expecting to run the play 10 times and get Changed only on the first run and OK on the other 9 runs.

ACTUAL RESULTS

The docker network ALWAYS changes, even if the subnets are correct on the server, causing all docker containers on the network to disconnect. This will cause downtime for all the services that run on the node.

TASK [gen4 : deploy network namespace that can hold all IPs] ****************************************************************
--- before
+++ after
@@ -1,19 +1,19 @@
 {
-    "connected.10.162.208.129": false,
-    "connected.10.162.210.161": false,
-    "connected.10.162.210.169": false,
-    "connected.10.162.210.170": false,
-    "connected.10.162.210.171": false,
-    "connected.10.162.210.172": false,
-    "connected.10.162.210.173": false,
-    "connected.10.162.223.72": false,
-    "connected.10.162.223.73": false,
-    "connected.10.162.223.74": false,
-    "connected.10.162.223.75": false,
-    "connected.10.162.223.76": false,
+    "connected.10.162.208.129": true,
+    "connected.10.162.210.161": true,
+    "connected.10.162.210.169": true,
+    "connected.10.162.210.170": true,
+    "connected.10.162.210.171": true,
+    "connected.10.162.210.172": true,
+    "connected.10.162.210.173": true,
+    "connected.10.162.223.72": true,
+    "connected.10.162.223.73": true,
+    "connected.10.162.223.74": true,
+    "connected.10.162.223.75": true,
+    "connected.10.162.223.76": true,
     "exists": true,
-    "ipam_config[0].gateway": "10.162.210.1",
-    "ipam_config[0].subnet": "10.162.210.0/24",
-    "ipam_config[1].gateway": "10.162.210.1",
-    "ipam_config[1].subnet": "10.162.210.0/24"
+    "ipam_config[0].gateway": "10.162.208.1",
+    "ipam_config[0].subnet": "10.162.208.0/24",
+    "ipam_config[1].gateway": "10.162.223.1",
+    "ipam_config[1].subnet": "10.162.223.0/24"
 }

changed: [server1337.gun1x]

[ansibot]

Files identified in the description:

• lib/ansible/modules/cloud/docker/docker_network.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibot]

cc @DBendit @WojciechowskiPiotr @akshay196 @chouseknecht @danihodovic @dariko @felixfontein @jwitko @kassiansun @keitwb @olsaki @tbouvet
click here for bot help

[felixfontein]

Looking at the code, this is no surpise: the code assumes that ipam_config can contain at most one IPv4 and one IPv6 config. (The default bridge network driver can't handle multiple subnets of the same IP version.)

[felixfontein]

resolved_by_pr #65839