nmcli: does not respect DNS server and DNS search order

[PD202010]

Summary

We have two datacenters that are located in different countries and each datacenter has its own DNS server and DNS search-suffix. As we would like to have the servers primarily use their local DNS server and search but have the other DNS server and suffix as backup, the order in which they set matter. We need the settings in /etc/resolv.conf be in the correct order.

However, the nmcli module appears to ignore the order in which the DNS settings are set.

Issue Type

Bug Report

Component Name

nmcli

Ansible Version

ansible [core 2.15.11]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /etc/ansible/"/etc/ansible/collections"
  executable location = /usr/bin/ansible
  python version = 3.9.18 (main, Jan 24 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)
  jinja version = 3.1.4
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

# /etc/ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 9.2.0

Configuration

$ ansible-config dump --only-changed
COLLECTIONS_PATHS(/etc/ansible/ansible.cfg) = ['/etc/ansible/"/etc/ansible/collections"']
CONFIG_FILE() = /etc/ansible/ansible.cfg
DEFAULT_PRIVATE_KEY_FILE(/etc/ansible/ansible.cfg) = /etc/ansible/ansible.key

OS / Environment

Ansible server:

# cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="9.4 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.4"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.4 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.4
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.4"
Red Hat Enterprise Linux release 9.4 (Plow)
Red Hat Enterprise Linux release 9.4 (Plow)

On client:

# cat /etc/*release
Oracle Linux Server release 7.9
NAME="Oracle Linux Server"
VERSION="7.9"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Oracle Linux Server 7.9"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:9:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"

ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.9
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.9
Red Hat Enterprise Linux Server release 7.9 (Maipo)
Oracle Linux Server release 7.9

# nmcli --version
nmcli tool, version 1.18.8-2.0.1.el7_9

# rpm -qa | grep NetworkManager
NetworkManager-1.18.8-2.0.1.el7_9.x86_64
NetworkManager-libnm-1.18.8-2.0.1.el7_9.x86_64
NetworkManager-tui-1.18.8-2.0.1.el7_9.x86_64
NetworkManager-config-server-1.18.8-2.0.1.el7_9.noarch
NetworkManager-team-1.18.8-2.0.1.el7_9.x86_64

Steps to Reproduce

To test we have set the following variables in the /etc/ansible/global_vars/all/main.yml file:

  search: 
    - dc1.somewhere.here
    - dc2.somewhere.here
   servers:
    - 8.8.8.8
    - 8.8.4.4

The variables are not overridden anywhere.
The main.yml consists of:

- name: Configure DNS on {{ ansible_default_ipv4.interface }}
  community.general.nmcli:
    conn_name: "{{ ansible_default_ipv4.interface }}"
    type: ethernet
    dns4: "{{ dns.servers }}"
    dns4_search: "{{ dns.search }}"
    state: present
- name: Put resolv.conf file in place
  ansible.builtin.template:
    src: resolv.conf.j2
    dest: /etc/resolv-template.conf
    owner: root
    group: root
    mode: '0640'

And last not least, the resolv.conf.j2 template:

{% for item in dns.servers %}
nameserver {{ item }}
{% endfor %}

When applied to a server with entirely different settings, the order of the DNS-servers and search-suffixes is respected, both in nmcli as in the template-file.
On a second run with the same settings, nothing is changed on both steps. But when you change the order of the DNS-servers and/or the DNS-suffixes in the group_vars, the change only reflects on the template. The nmcli module simply reports an 'OK' state and does not update the order.

Expected Results

When I change the order of the variables, I expect the order to change on the client as well.

Actual Results

ansible-playbook -i linuxhosts -t dns main.yml

PLAY [all] *******************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************
[WARNING]: Platform linux on host ams-san-mgt2.nl.aswatson.net is using the discovered Python interpreter at /usr/bin/python3.6, but future installation of another Python interpreter could change the meaning
of that path. See https://docs.ansible.com/ansible-core/2.15/reference_appendices/interpreter_discovery.html for more information.
ok: [server1.local.domain]

TASK [newserver : Configure DNS] *********************************************************************************************************************************************************************************
included: /var/lib/awx/projects/testproject/roles/newserver/tasks/dns.yml for server1.local.domain

TASK [newserver : Configure DNS on eth0] *************************************************************************************************************************************************************************
ok: [server1.local.domain]

TASK [newserver : Put resolv.conf file in place] *****************************************************************************************************************************************************************
changed: [server1.local.domain]

PLAY RECAP *******************************************************************************************************************************************************************************************************
server1.local.domain : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/nmcli.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @alcamie101
click here for bot help