[Bug]: adc.server - Ansible keeps modifing object regardless of no changes are defined

Question

[Bug]: adc.server - Ansible keeps modifing object regardless of no changes are defined

pkodzis opened this issue 9 months ago · 5 comments

Summary

every time you apply playbook with server definition, Ansible reports the server objet was changed regardless of NO changes have been made.

Issue Type

Bug Report

Component Name

adc.server

Python Version

$ python --version # or python3 --version
3.9

Ansible Version

$ ansible --version
ansible [core 2.15.6]
  config file = None
  configured module search path = ['/home/pkodzis/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/pkodzis/.local/lib/python3.9/site-packages/ansible
  ansible collection location = /home/pkodzis/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/pkodzis/.local/bin/ansible
  python version = 3.9.5 (default, Nov 18 2021, 16:00:48) [GCC 10.3.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Ansible Configuration

$ ansible-config dump --only-changed

netscaler.adc Collection Version

$ ansible-galaxy collection list netscaler.adc
2.0.3

Target NetScaler Version

> show ns version

Equivalent NetScaler CLI Command

Steps to Reproduce

apply below multiple times

- domain: test.ap-southeast-1.example.com
  name: test.ap-southeast-1.example.com
  state: present

Expected Results

first time - object created - this works.
next times - object exists, no changes - this fails, Ansible reports change

Actual Results

FIRST (OK):

TASK [Process servers] ******************************************************************************************************************************************************************************************
--- before
+++ after
@@ -1 +1,8 @@
-{}
+{
+    "domain": "test.ap-southeast-1.example.com",
+    "domainresolveretry": 5,
+    "graceful": "NO",
+    "ipv6address": "NO",
+    "name": "test.ap-southeast-1.example.com",
+    "querytype": "A"
+}

changed: [froo -> localhost] => (item={'data': {'domain': 'test.ap-southeast-1.example.com', 'name': 'test.ap-southeast-1.example.com', 'state': 'present', 'nsip': '10.10.10.10', 'nitro_protocol': 'https', 'validate_certs': False, 'nitro_auth_token': '##'}, 'destination_device': 'froo'})

FOLLOWING (BAD):

TASK [Process servers] ******************************************************************************************************************************************************************************************
--- before
+++ after
@@ -1,6 +1,7 @@
 {
     "domain": "test.ap-southeast-1.example.com",
     "domainresolveretry": 5,
+    "graceful": "NO",
     "ipv6address": "NO",
     "name": "test.ap-southeast-1.example.com",
     "querytype": "A"

changed: [froo -> localhost] => (item={'data': {'domain': 'test.ap-southeast-1.example.com', 'name': 'test.ap-southeast-1.example.com', 'state': 'present', 'nsip': '10.10.10.10', 'nitro_protocol': 'https', 'validate_certs': False, 'nitro_auth_token': '##'}, 'destination_device': 'froo'})

Additioinal Notes

No response

Answer 1 · 2023-12-12T14:32:50.000Z

@pkodzis The collection is missing some logic related to default parameters for many modules and for particularly this one. The parameter "graceful" should be used when changing the state to DISABLE. Instead ,as in many cases, it is being added automatically to every operation. Therefore when the ModuleExecutor checks the status of the resource, the NITRO API doesn't return the "graceful" parameter and in the end the "idempotency" checks decides that the resource need to be changed.

Hopefully the devs will rework how it works, as this issue completely waste its potential and force people to use different methods of interacting with netscales

Answer 2 · 2023-12-12T15:19:12.000Z

I strongly agree with @alankuras: The server module is not the only module that sends too many or wrong default parameters to the NITRO API. At least the server and nsip6 modules do not work for us. We had to replace the netscaler.adc collection with the ansible.builtin.uri module and are now POSTing directly to the NITRO API. We would like to use the netscaler.adc collection again.

I suspect that certain default values are always (unconditionally) sent to the NITRO API. These seem to be defined in plugins/module_utils/nitro_resource_map.py. As per https://github.com/netscaler/ansible-collection-netscaleradc/blob/6912cf34cc1b2026ad8261ae1fd25f88a2ed4d67/plugins/module_utils/nitro_resource_map.py#L38078C1-L38109C11 the following JSON keys and values are always sent to the NITRO API for server objects:

domainresolveretry: 5
graceful: "NO"
ipv6address: "NO"
querytype: "A"

Example: Because querytype is always set to "A" (if we did not set it to something different), this prevents us from creating server entries with an IP address instead of an domain name. NITRO returns errorcode': 1093, 'message': 'Argument pre-requisite missing [queryType, domain]' when we try to create such an object via netscaler.adc.server.

Answer 3 · 2023-12-15T13:23:51.000Z

@alankuras, @lankenau-dp: Thank you for your replies. We have noticed similar defaults going with the payload despite not provided in the playbook.
We have removed the default values in nitro_resource_map.py.
Please wait for the next release.

Answer 4 · 2023-12-17T17:28:31.000Z

This issue is fixed in the latest release 2.1.0. Please check and update the issue accordingly.

Answer 5 · 2023-12-19T11:49:53.000Z

ack - solved in 2.1.0 - thank you so much! :)