`sysctl` module replaces symlink with a real file #111

eengstrom · 2020-11-13T20:57:29Z

SUMMARY

When the destination file for the sysctl module is a symlink, the module will replace that symlink with a real file. All other content in the file is carried forward, as expected. However, but I would have expected the symlink to be left and destination of the symlink instead be modified.

Alternatively, if the module included the follow: true parameter (as does the copy module), then the behavior would be clear and expected.

FWIW, this sounds VERY similar to ansible/ansible#49809.

ISSUE TYPE

Bug Report

COMPONENT NAME

Compnent: ansible.posix.sysctl

ANSIBLE VERSION

ansible 2.9.12
  config file = /Users/me/Projects/sysops/ansible/ansible.cfg
  configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/me/Projects/sysops/ansible/.venv/lib/python3.8/site-packages/ansible
  executable location = /Users/me/Projects/sysops/ansible/.venv/bin/ansible
  python version = 3.8.6 (default, Oct  8 2020, 14:06:32) [Clang 12.0.0 (clang-1200.0.32.2)]

CONFIGURATION

<none>

OS / ENVIRONMENT

Ansible node:

$ uname -a
Darwin myhost 19.6.0 Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 x86_64 i386 MacBookPro16,1 Darwin

Target machine:

$ uname -a
Linux testhost.example.com 4.15.0-111-generic #112-Ubuntu SMP Thu Jul 9 20:32:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/issue
Ubuntu 18.04.5 LTS \n \l

STEPS TO REPRODUCE

Run the following playbook:

- hosts: all
  become: True
  tags:
    - sysctl_bug

  vars:
     sysctl_var: 'kernel.randomize_va_space'
     sysctl_val: '1'
     sysctl_file: /tmp/ansible_sysctl_test.conf
     sysctl_link: /tmp/ansible_sysctl_test_symlink.conf

  tasks:
    - command:
        cmd: "sysctl {{ sysctl_var }}"
      register: sysctl_current_value
      changed_when: false

    - debug:
        var: sysctl_current_value.stdout

    - copy:
        content: |
          # Testing Ansible Sysctl module bug
          {{ sysctl_current_value.stdout }}
        dest: "{{ sysctl_file }}"

    - file:
        src: "{{ sysctl_file }}"
        dest: "{{ sysctl_link }}"
        state: link

    - stat:
        path: "{{ sysctl_link }}"
      register: stat_result

    - assert:
        that:
          - stat_result.stat.islnk is defined and stat_result.stat.islnk
          - stat_result.stat.lnk_source == "{{ sysctl_file }}"
        success_msg: "{{ sysctl_link }} is correct symlink"
        fail_msg: "{{ sysctl_link }} is NOT correct symlink"

    # This is the real point of all of this.
    # This call will replace the symlink with a real file!
    - name: sysctl | enable randomized layout of virtual address space
      sysctl:
        name: "{{ sysctl_var }}"
        value: "{{ sysctl_val }}"
        sysctl_file: "{{ sysctl_link }}"
        state: present
        sysctl_set: no
        reload: no
        # follow: true  # if only this existed, like it does for `copy` module.

    - stat:
        path: "{{ sysctl_link }}"
      register: stat_result

    - assert:
        that:
          - stat_result.stat.islnk is defined and stat_result.stat.islnk
          - stat_result.stat.lnk_source == "{{ sysctl_file }}"
        success_msg: "{{ sysctl_link }} is correct symlink"
        fail_msg: "{{ sysctl_link }} is NOT correct symlink"

EXPECTED RESULTS

From the above playbook, the output should end with:

myhost $ ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook playbooks/sysctl-bug.yml -v -l testhost
[... elided ...]
TASK [assert] ***********************************************************************
ok: [testhost] => changed=false 
  msg: /tmp/ansible_sysctl_test_symlink.conf is correct symlink
[... elided ...]

ACTUAL RESULTS

From the above playbook, the output actually is:

Using /Users/me/Projects/sysops/ansible/ansible.cfg as config file

PLAY [all] **************************************************************************

TASK [command] **********************************************************************
ok: [testhost] => changed=false 
  cmd:
  - sysctl
  - kernel.randomize_va_space
  delta: '0:00:00.004009'
  end: '2020-11-13 13:44:43.103807'
  rc: 0
  start: '2020-11-13 13:44:43.099798'
  stderr: ''
  stderr_lines: <omitted>
  stdout: kernel.randomize_va_space = 2
  stdout_lines: <omitted>

TASK [debug] ************************************************************************
ok: [testhost] => 
  sysctl_current_value.stdout: kernel.randomize_va_space = 2

TASK [copy] *************************************************************************
changed: [testhost] => changed=true 
  checksum: 61c723791d6e16434a434bc25a22f1f6f9f37d8c
  dest: /tmp/ansible_sysctl_test.conf
  gid: 0
  group: root
  md5sum: cbcb1718a024d5175fed6d728d7bc65d
  mode: '0600'
  owner: root
  size: 66
  src: /home/ede/.ansible/tmp/ansible-tmp-1605296683.776194-20285-115510499115130/source
  state: file
  uid: 0

TASK [file] *************************************************************************
changed: [testhost] => changed=true 
  dest: /tmp/ansible_sysctl_test_symlink.conf
  gid: 0
  group: root
  mode: '0777'
  owner: root
  size: 29
  src: /tmp/ansible_sysctl_test.conf
  state: link
  uid: 0

TASK [stat] *************************************************************************
ok: [testhost] => changed=false 
  stat:
    atime: 1605296688.136057
    attr_flags: ''
    attributes: []
    block_size: 4096
    blocks: 0
    charset: binary
    ctime: 1605296688.136057
    dev: 64769
    device_type: 0
    executable: false
    exists: true
    gid: 0
    gr_name: root
    inode: 82575387
    isblk: false
    ischr: false
    isdir: false
    isfifo: false
    isgid: false
    islnk: true
    isreg: false
    issock: false
    isuid: false
    lnk_source: /tmp/ansible_sysctl_test.conf
    lnk_target: /tmp/ansible_sysctl_test.conf
    mimetype: inode/symlink
    mode: '0777'
    mtime: 1605296688.136057
    nlink: 1
    path: /tmp/ansible_sysctl_test_symlink.conf
    pw_name: root
    readable: true
    rgrp: true
    roth: true
    rusr: true
    size: 29
    uid: 0
    version: null
    wgrp: true
    woth: true
    writeable: true
    wusr: true
    xgrp: true
    xoth: true
    xusr: true

TASK [assert] ***********************************************************************
ok: [testhost] => changed=false 
  msg: /tmp/ansible_sysctl_test_symlink.conf is correct symlink

TASK [sysctl | enable randomized layout of virtual address space] *******************
changed: [testhost] => changed=true

TASK [stat] *************************************************************************
ok: [testhost] => changed=false 
  stat:
    atime: 1605296691.6320832
    attr_flags: e
    attributes:
    - extents
    block_size: 4096
    blocks: 8
    charset: us-ascii
    checksum: b7782f78820c1a7478900fd658b5f93a85a18253
    ctime: 1605296691.6320832
    dev: 64769
    device_type: 0
    executable: false
    exists: true
    gid: 0
    gr_name: root
    inode: 82575388
    isblk: false
    ischr: false
    isdir: false
    isfifo: false
    isgid: false
    islnk: false
    isreg: true
    issock: false
    isuid: false
    mimetype: text/plain
    mode: '0600'
    mtime: 1605296691.6320832
    nlink: 1
    path: /tmp/ansible_sysctl_test_symlink.conf
    pw_name: root
    readable: true
    rgrp: false
    roth: false
    rusr: true
    size: 64
    uid: 0
    version: '563617165'
    wgrp: false
    woth: false
    writeable: true
    wusr: true
    xgrp: false
    xoth: false
    xusr: false

TASK [assert] ***********************************************************************
fatal: [testhost]: FAILED! => changed=false 
  assertion: stat_result.stat.islnk is defined and stat_result.stat.islnk
  evaluated_to: false
  msg: /tmp/ansible_sysctl_test_symlink.conf is NOT correct symlink

PLAY RECAP **************************************************************************
testhost                     : ok=8    changed=3    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

The text was updated successfully, but these errors were encountered:

)" This reverts commit 34b4677.

Fixed sysctl to work on symlinks SUMMARY Fixes #111. This issue reports a bug of sysctl that the module does not work properly when sysctl_file is a symlink. I Fixed the bug by inserting os.path.realpath to get real path. When sysctl_file is a real file, os.path.realpath return the original path as is. ISSUE TYPE Bugfix Pull Request COMPONENT NAME sysctl ADDITIONAL INFORMATION I have executed the script described in #111 and confirmed that it works properly. But I need to add some tests. satken@dockerhost1:~/ansible$ sudo docker run --rm -v ${PWD}:/work -w /work -e ANSIBLE_LIBRARY=/work/ansible.posix -e ANSIBLE_HOST_KEY_CHECKING=False satken2/ansible:3.3.0 ansible-playbook -i hosts main.yml PLAY [test] ******************************************************************** TASK [Gathering Facts] ********************************************************* ok: [192.168.91.76] TASK [test] ******************************************************************** ok: [192.168.91.76] => { "msg": "This is test" } TASK [command] ***************************************************************** changed: [192.168.91.76] TASK [command] ***************************************************************** ok: [192.168.91.76] TASK [debug] ******************************************************************* ok: [192.168.91.76] => { "sysctl_current_value.stdout": "kernel.randomize_va_space = 2" } TASK [copy] ******************************************************************** changed: [192.168.91.76] TASK [file] ******************************************************************** changed: [192.168.91.76] TASK [stat] ******************************************************************** ok: [192.168.91.76] TASK [assert] ****************************************************************** ok: [192.168.91.76] => { "changed": false, "msg": "/tmp/ansible_sysctl_test_symlink.conf is correct symlink" } TASK [sysctl | enable randomized layout of virtual address space] ************** changed: [192.168.91.76] TASK [stat] ******************************************************************** ok: [192.168.91.76] TASK [assert] ****************************************************************** ok: [192.168.91.76] => { "changed": false, "msg": "/tmp/ansible_sysctl_test_symlink.conf is correct symlink" } PLAY RECAP ********************************************************************* 192.168.91.76 : ok=12 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Reviewed-by: quidame Reviewed-by: Jill R

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ansible.posix](https://redirect.github.com/ansible-collections/ansible.posix) | galaxy-collection | minor | `1.5.4` -> `1.6.0` | --- ### Release Notes <details> <summary>ansible-collections/ansible.posix (ansible.posix)</summary> ### [`v1.6.0`](https://redirect.github.com/ansible-collections/ansible.posix/blob/HEAD/CHANGELOG.rst#v160) [Compare Source](https://redirect.github.com/ansible-collections/ansible.posix/compare/1.5.4...1.6.0) \====== ## Release Summary This is the minor release of the `ansible.posix` collection. This changelog contains all changes to the modules and plugins in this collection that have been added after the release of `ansible.posix` 1.5.4. ## Major Changes - Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required version for this release ## Minor Changes - Add summary_only parameter to profile_roles and profile_tasks callbacks. - firewalld - add functionality to set forwarding ([https://github.com/ansible-collections/ansible.posix/pull/548](https://redirect.github.com/ansible-collections/ansible.posix/pull/548)). - firewalld - added offline flag implementation ([https://github.com/ansible-collections/ansible.posix/pull/484](https://redirect.github.com/ansible-collections/ansible.posix/pull/484)) - firewalld - respawn module to use the system python interpreter when the `firewall` python module is not available for `ansible_python_interpreter` ([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)). - firewalld_info - Only warn about ignored zones, when there are zones ignored. - firewalld_info - respawn module to use the system python interpreter when the `firewall` python module is not available for `ansible_python_interpreter` ([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)). - mount - add no_log option for opts parameter ([https://github.com/ansible-collections/ansible.posix/pull/563](https://redirect.github.com/ansible-collections/ansible.posix/pull/563)). - seboolean - respawn module to use the system python interpreter when the `selinux` python module is not available for `ansible_python_interpreter` ([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)). - selinux - respawn module to use the system python interpreter when the `selinux` python module is not available for `ansible_python_interpreter` ([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)). ## Removed Features (previously deprecated) - skippy - Remove skippy pluglin as it is no longer supported([https://github.com/ansible-collections/ansible.posix/issues/350](https://redirect.github.com/ansible-collections/ansible.posix/issues/350)). ## Bugfixes - Bugfix in the documentation regarding the path option for authorised_key([https://github.com/ansible-collections/ansible.posix/issues/483](https://redirect.github.com/ansible-collections/ansible.posix/issues/483)). - seboolean - make it work with disabled SELinux - synchronize - maintain proper formatting of the remote paths ([https://github.com/ansible-collections/ansible.posix/pull/361](https://redirect.github.com/ansible-collections/ansible.posix/pull/361)). - sysctl - fix sysctl to work properly on symlinks ([https://github.com/ansible-collections/ansible.posix/issues/111](https://redirect.github.com/ansible-collections/ansible.posix/issues/111)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: lumiere-bot[bot] <98047013+lumiere-bot[bot]@users.noreply.github.com>

eengstrom mentioned this issue Nov 13, 2020

sysctl module replaces symlink with a real file ansible/ansible#72621

Closed

maxamillion added the bug This issue/PR relates to a bug. label Dec 1, 2020

Akasurde added the waiting_on_contributor Needs help. Feel free to engage to get things unblocked label Jun 4, 2021

satken2 pushed a commit to satken2/ansible.posix that referenced this issue Jun 10, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

42c4c19

satken2 mentioned this issue Jun 10, 2021

Fixed sysctl to work on symlinks #206

Merged

satken2 pushed a commit to satken2/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

3d7334d

satken2 pushed a commit to satken2/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

c9747fd

satken2 pushed a commit to satken2/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

a488709

satken2 pushed a commit to satken2/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

34b4677

aminvakil added a commit to aminvakil/ansible.posix that referenced this issue Jun 11, 2021

Revert "sysctl: Fixed sysctl to work on symlinks(ansible-collections#111

c329407

)" This reverts commit 34b4677.

aminvakil pushed a commit to aminvakil/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

e982a64

aminvakil pushed a commit to aminvakil/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

cfe0bde

aminvakil pushed a commit to aminvakil/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

50f9b3a

aminvakil pushed a commit to aminvakil/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

6a6ad57

aminvakil pushed a commit to aminvakil/ansible.posix that referenced this issue Jun 11, 2021

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

e6f6d5c

aminvakil added a commit to aminvakil/ansible.posix that referenced this issue Jun 11, 2021

Revert "sysctl: Fixed sysctl to work on symlinks(ansible-collections#111

ab65a15

)" This reverts commit 34b4677.

saito-hideki added has_pr and removed waiting_on_contributor Needs help. Feel free to engage to get things unblocked labels Nov 29, 2021

jillr added a commit to satken2/ansible.posix that referenced this issue May 7, 2024

Revert "sysctl: Fixed sysctl to work on symlinks(ansible-collections#111

96a72ac

)" This reverts commit 34b4677.

jillr pushed a commit to satken2/ansible.posix that referenced this issue May 7, 2024

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

a88f5f8

jillr pushed a commit to satken2/ansible.posix that referenced this issue May 7, 2024

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

55ea4ba

jillr pushed a commit to satken2/ansible.posix that referenced this issue May 7, 2024

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

97dcdee

jillr pushed a commit to satken2/ansible.posix that referenced this issue May 7, 2024

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

a842e5f

jillr pushed a commit to satken2/ansible.posix that referenced this issue May 7, 2024

sysctl: Fixed sysctl to work on symlinks(ansible-collections#111)

9064ff7

jillr added a commit to satken2/ansible.posix that referenced this issue May 7, 2024

Revert "sysctl: Fixed sysctl to work on symlinks(ansible-collections#111

d49bd27

)" This reverts commit 34b4677.

softwarefactory-project-zuul bot closed this as completed in #206 May 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`sysctl` module replaces symlink with a real file #111

`sysctl` module replaces symlink with a real file #111

eengstrom commented Nov 13, 2020

sysctl module replaces symlink with a real file #111

sysctl module replaces symlink with a real file #111

Comments

eengstrom commented Nov 13, 2020

SUMMARY

ISSUE TYPE

COMPONENT NAME

ANSIBLE VERSION

CONFIGURATION

OS / ENVIRONMENT

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

`sysctl` module replaces symlink with a real file #111

`sysctl` module replaces symlink with a real file #111