fix: Ask user's consent to restart NM due to wireless or team interfaces

If updates for network packages are available and wireless or team
connections are specified, NetworkManager must be restarted, the role
requires user's consent to restart NetworkManager. Otherwise, there
might be property conflicts between NetworkManager daemon and plugin, or
NetworkManager plugin is not taking effect.

`update_cache` is enabled in the module tasks to check if updates for
network packages are available due to wireless or team interfaces, in
that case, NetworkManager needs user's explicit consent to be restarted
after the network package updates. And using `state: latest` for
checking the network package updates because we have to guarantee that
NetworkManager and its plugin have the same and most recent version for
configuring the network connections settings in the backend. It is
worthwhile to mention that we have both tasks using dnf and yum module
for checking available updates for network packages. Because checking
package cache update is not supported in Ansible package module, Fedora
and RHEL8+ use DNF package manager by default, RHEL7 uses yum package
manager by default.

This commit will address the situation that users forget to explicitly
specify `network_allow_restart: true` when specifying wireless or team
connections.

Signed-off-by: Wen Liang <[email protected]>

tasks/main.yml

@@ -24,6 +24,53 @@
   when:
     - network_state is defined
     - ansible_distribution_major_version | int < 8
+
+- name: Check if updates for network packages are available through the DNF
+    package manager due to wireless or team interfaces
+  dnf:
+    update_cache: true
+    name: "{{ network_packages }}"
+    state: latest  # noqa package-latest
+  register: dnf_package_update_info
+  check_mode: true
+  when:
+    - ansible_distribution == 'Fedora' or
+      ansible_distribution_major_version | int > 7
+    - __network_wireless_connections_defined
+      or __network_team_connections_defined
+    - not __network_is_ostree
+
+- name: Check if updates for network packages are available through the YUM
+    package manager due to wireless or team interfaces
+  yum:
+    update_cache: true
+    name: "{{ network_packages }}"  # noqa package-latest
+    state: latest
+  register: yum_package_update_info
+  check_mode: true
+  when:
+    - ansible_distribution_major_version | int < 8
+    - __network_wireless_connections_defined
+      or __network_team_connections_defined
+    - not __network_is_ostree
+
+- name: Ask user's consent to restart NetworkManager due to wireless or team
+    interfaces
+  fail:
+    msg: NetworkManager needs to be restarted to be able to proceed
+      because wireless and team interfaces are defined. This might
+      disturb the connectivity of the managed system. Please set
+      `network_allow_restart` to `true` if you are prepared for this.
+      Notice that the necessary action is to install NetworkManager-wifi or
+      NetworkManager-team plugin and to restart NetworkManager.
+  register: __network_service_restart_requested
+  when:
+    - __network_wireless_connections_defined
+       or __network_team_connections_defined
+    - network_provider == "nm"
+    - not network_allow_restart
+    - dnf_package_update_info is changed or yum_package_update_info is changed
+
 # Depending on the plugins, checking installed packages might be slow
 # for example subscription manager might slow this down
 # Therefore install packages only when rpm does not find them
@@ -70,7 +117,8 @@
       ansible_distribution_major_version | int > 8
 
 # If network packages changed and wireless or team connections are specified,
-# NetworkManager must be restarted
+# NetworkManager must be restarted, and the user needs to explicitly consent
+# to restart NetworkManager by setting `network_allow_restart` to `true`
 - name: Restart NetworkManager due to wireless or team interfaces
   service:
     name: NetworkManager

tests/ensure_provider_tests.py

@@ -108,6 +108,7 @@
     "playbooks/tests_wireless.yml": {
         EXTRA_RUN_CONDITION: "ansible_distribution_major_version == '7'",
     },
+    "playbooks/tests_wireless_and_network_restart.yml": {},
     "playbooks/tests_wireless_plugin_installation.yml": {},
     "playbooks/tests_wireless_wpa3_owe.yml": {
         "comment": "# OWE has not been supported by NetworkManager 1.18.8 on \

tests/playbooks/tests_wireless_and_network_restart.yml

@@ -0,0 +1,80 @@
+# SPDX-License-Identifier: BSD-3-Clause
+---
+- name: Play for testing wifi and network restart
+  hosts: all
+  vars:
+    interface: wlan0
+    profile: "{{ interface }}"
+    package: NetworkManager-wifi
+    wifi_restart_network: false
+    network_connections_result_error:
+      NetworkManager needs to be restarted to be able to proceed
+      because wireless and team interfaces are defined. This might
+      disturb the connectivity of the managed system. Please set
+      `network_allow_restart` to `true` if you are prepared for this.
+      Notice that the necessary action is to install NetworkManager-wifi or
+      NetworkManager-team plugin and to restart NetworkManager.
+    lsr_fail_debug:
+      - __network_connections_result
+  tasks:
+    - name: Show playbook name
+      debug:
+        msg: "this is: playbooks/tests_wireless_and_network_restart.yml"
+      tags:
+        - always
+
+    - name: Cannot test ostree systems because the package can not be removed
+        or installed - 'NetworkManager-wifi'
+      meta: end_host
+      when: __network_is_ostree | d(false)
+
+    - name: Test the wifi connection without NetworkManager restarted
+      tags:
+        - tests::wifi:create
+      block:
+        - name: Include the task 'run_test.yml'
+          include_tasks: tasks/run_test.yml
+          vars:
+            lsr_description:
+              Given a system with '{{ package }}' package removed,
+              when creating a wifi connection without NetworkManager restarted,
+              then the role should fail with the error specified in
+              `network_connections_result_error`.
+            lsr_setup:
+              - tasks/delete_interface.yml
+              - tasks/assert_device_absent.yml
+              - tasks/remove_package.yml
+            lsr_test:
+              - tasks/create_wireless_profile_restart_network.yml
+            lsr_assert:
+              - tasks/assert_network_connections_failed.yml
+            lsr_cleanup:
+              - tasks/check_network_dns.yml
+
+    - name: "Reset testing variables"
+      set_fact:
+        wifi_restart_network: true
+
+    - name: Test the wifi connection with NetworkManager restarted
+      tags:
+        - tests::wifi:restart
+      block:
+        - name: Include the task 'run_test.yml'
+          include_tasks: tasks/run_test.yml
+          vars:
+            lsr_description:
+              Given a system with '{{ package }}' package removed,
+              when creating a wifi connection with NetworkManager restarted,
+              then the wifi device and profile are present and
+              the '{{ package }}' package is installed in the system.
+            lsr_setup:
+              - tasks/delete_interface.yml
+              - tasks/assert_device_absent.yml
+              - tasks/remove_package.yml
+            lsr_test:
+              - tasks/create_wireless_profile_restart_network.yml
+            lsr_assert:
+              - tasks/assert_package_installed.yml
+            lsr_cleanup:
+              - tasks/cleanup_profile+device.yml
+              - tasks/check_network_dns.yml

tests/tasks/assert_network_connections_failed.yml

@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: BSD-3-Clause
+---
+- name: Assert that configuring network connections failed
+  assert:
+    that:
+      - __network_service_restart_requested is failed
+      - __network_service_restart_requested is search(
+        network_connections_result_error)
+    msg: Configuring network connections is not failed with the error
+      "{{ network_connections_result_error }}"

tests/tasks/assert_package_installed.yml

@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: BSD-3-Clause
+---
+- name: "Get the rpm package facts"
+  package_facts:
+    manager: "auto"
+
+- name: "Assert installed package '{{ package }}'"
+  assert:
+    that:
+      - package in ansible_facts.packages
+    msg: "'{{ package }}' is not installed"

tests/tasks/create_wireless_profile_restart_network.yml

@@ -0,0 +1,21 @@
+# SPDX-License-Identifier: BSD-3-Clause
+---
+- name: Create wireless connection with rescue
+  block:
+    - name: Import network role
+      import_role:
+        name: linux-system-roles.network
+      vars:
+        network_allow_restart: '{{ wifi_restart_network }}'
+        network_connections:
+          - name: "{{ interface }}"
+            type: wireless
+            wireless:
+              ssid: "My WPA2-PSK Network"
+              key_mgmt: "wpa-psk"
+              password: "p@55w0rD"
+
+  rescue:
+    - name: Show rescue result
+      debug:
+        var: __network_service_restart_requested

tests/tasks/remove_package.yml

@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: BSD-3-Clause
+---
+- name: "Remove the package '{{ package }}'"
+  package:
+    name: "{{ package }}"
+    state: absent

tests/tests_wireless_and_network_restart_nm.yml

@@ -0,0 +1,24 @@
+# SPDX-License-Identifier: BSD-3-Clause
+# This file was generated by ensure_provider_tests.py
+---
+# set network provider and gather facts
+# yamllint disable rule:line-length
+- name: Run playbook 'playbooks/tests_wireless_and_network_restart.yml' with nm as provider
+  hosts: all
+  tasks:
+    - name: Include the task 'el_repo_setup.yml'
+      include_tasks: tasks/el_repo_setup.yml
+    - name: Set network provider to 'nm'
+      set_fact:
+        network_provider: nm
+      tags:
+        - always
+
+
+# The test requires or should run with NetworkManager, therefore it cannot run
+# on RHEL/CentOS 6
+- name: Import the playbook 'playbooks/tests_wireless_and_network_restart.yml'
+  import_playbook: playbooks/tests_wireless_and_network_restart.yml
+  when:
+    - ansible_distribution_major_version != '6'
+    - ansible_distribution != 'Fedora'