docker_swarm_service continuously attempts to update Swarm services which use host network

[pa-yourserveradmin-com]

SUMMARY

The problem is docker_swarm_service module works incorrectly with Swarm services which use host network(s) and continuously attempts to update such services due to wrong processing of host networks.

Sample patch which also may help to solve the issue can be found in f43219827dbabf33f43af2114838ee20.

ISSUE TYPE

• Bug Report

COMPONENT NAME

docker_swarm_service

ANSIBLE VERSION

ansible 2.9.12
  config file = /home/pa/PycharmProjects/ansible/ansible.cfg
  configured module search path = ['/home/pa/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/pa/PycharmProjects/ansible/venv/lib64/python3.8/site-packages/ansible
  executable location = /home/pa/PycharmProjects/ansible/venv/bin/ansible
  python version = 3.8.5 (default, Aug 12 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)]

CONFIGURATION

ANSIBLE_PIPELINING(/home/pa/PycharmProjects/ansible/ansible.cfg) = True
DEFAULT_CALLBACK_WHITELIST(/home/pa/PycharmProjects/ansible/ansible.cfg) = ['profile_tasks']
DISPLAY_SKIPPED_HOSTS(env: ANSIBLE_DISPLAY_SKIPPED_HOSTS) = False
HOST_KEY_CHECKING(env: ANSIBLE_HOST_KEY_CHECKING) = False

OS / ENVIRONMENT

Docker server and API information:

Server: Docker Engine - Community
 Engine:
  Version:          19.03.11
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       42e35e61f3
  Built:            Mon Jun  1 09:12:26 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Python docker module version:

Name: docker
Version: 4.3.0
Summary: A Python library for the Docker Engine API.
Home-page: https://github.com/docker/docker-py
Author: None
Author-email: None
License: Apache License 2.0
Location: /usr/lib/python3.6/site-packages
Requires: six, websocket-client, requests

STEPS TO REPRODUCE

Before all you will need Docker Swarm cluster to deploy service using example playbook provided below.

Example playbook which will deploy Nginx containers to Swarm using host network (please customize it according to local testing environment):

---
- hosts: all

  tasks:

    - docker_swarm_service:
        image: nginx:latest
        mode: global
        name: nginx
        networks:
          - host

Once playbook is applied - run it once again with --check --diff options to see planned changes.

Run playbook once again and it will report changes in Swarm service configuration while service configuration actually not changed (i.e. no downtime actually happen what significantly reduces impact of this issue).

EXPECTED RESULTS

No changes reported in dry-run and run modes when nothing really changed in service configuration.

ACTUAL RESULTS

Either in dry-run or run mode Ansible updates Swarm service with wrong network ID:

--- before
+++ after
@@ -1,7 +1,7 @@
 {
     "networks": [
         {
-            "id": "exvfwyotuxat3z1bt38s3rork"
+            "id": "71d4bd2cf80870bf68df480c876e01ea02183d8fc33d292658c49f323e5c795a"
         }
     ]
 }

Correct network exvfwyotuxat3z1bt38s3rork has swarm scope and inspect returns the next information:

$ docker network inspect exvfwyotuxat3z1bt38s3rork
[
    {
        "Name": "host",
        "Id": "exvfwyotuxat3z1bt38s3rork",
        "Created": "2020-07-01T17:26:48.708139127Z",
        "Scope": "swarm",
        "Driver": "host",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": null,
        "Options": null,
        "Labels": {
            "com.docker.swarm.predefined": "true"
        }
    }
]

Wrong network 71d4bd2cf80870bf68df480c876e01ea02183d8fc33d292658c49f323e5c795a has local scope and inspect returns the next information:

$ docker network inspect 71d4bd2cf80870bf68df480c876e01ea02183d8fc33d292658c49f323e5c795a
[
    {
        "Name": "host",
        "Id": "71d4bd2cf80870bf68df480c876e01ea02183d8fc33d292658c49f323e5c795a",
        "Created": "2020-06-26T14:09:30.161137267Z",
        "Scope": "local",
        "Driver": "host",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

[pa-yourserveradmin-com]

Originally posted in ansible/ansible#71386.

[ansibullbot]

cc @DBendit @WojciechowskiPiotr @akshay196 @chouseknecht @danihodovic @dariko @felixfontein @hannseman @jwitko @kassiansun @tbouvet
click here for bot help

[pa-yourserveradmin-com]

Hey, guys. Do you need any additional details about this issue?

[felixfontein]

@dariko @jwitko @hannseman can you take a look at this?

[felixfontein]

Ping @dariko @jwitko @hannseman