ansible.posix
ansible.posix copied to clipboard
sysctl: add option to remove the extra options from the manages files
SUMMARY
Add a new option to manage the content of the file exclusively by the module and delete all variables that are not part of parameter list in the playbook.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
sysctl
ADDITIONAL INFORMATION
As part of the workflows in our organization we manage forwarding on network interfaces via sysctl
. The problem is that every now and then the interface names change (e.g. some bridges are created or removed). Currently that means that we either need to have a run with the variables in question marked as absent
and then remove them from the config (which seems like an avoidable overhead) or use templates to ensure that if the config is modified and some variables are deleted then they do not stay in the corresponding file on the system.
Having an option to tell sysctl
to either handle each config variable independently (current behavior) or to manage the whole file and stip away all the parameters that are not mentioned in the playbook
- name: Manage forwarding
sysctl:
state: present
sysctl_file: '/etc/sysctl.d/90-net-fwd.conf'
exclusive: yes
name: 'net.ipv4.conf.eno1.forwarding'
value: '1'
@Ph0enix89 Hello, thank you for reporting this! :)
I may be misunderstood your use case but at first glance, this looks like a similar behavior replacing a sysctl file using copy
or template
module. If so, wouldn't it work to use those modules to replace the file and load it by the handlers
section?
Yes, that is the workaround that we currently use. When we want to ensure that a file does not contain any unwanted variables we switch to using templates. So we have a wrapper around sysctl
role which either lets the role manage the config or switches to templates in certain cases.
So if the role could handle it inherently it would simplify things.
However looking at the code it seems that right now each variable is handled independently and a single file will be opened and modified multiple times if multiple variables need to be managed. So it's not very straightforward to refactor the code to support the suggested behavior. However at this point the question is more on a conceptual level if the described behavior makes sense and other users could benefit from it. Or it could be that it's just our special case and does not affect anyone else.
@Ph0enix89 thanks for the clarification.
Apologies if I misunderstood your original request, I think it is not only for the contents of the sysctl file but also OS runtime settings.
If your request is only for operations on sysctl files, can use the template module. Also, I think we are unable to delete OS runtime parameters using sysctl, so I think you'll need to revert parameters to default values except for specified parameters. However, as far as I know, there is no way to restore the sysctl value to the default.
Therefore, implementing this feature would be difficult with the current sysctl module architecture. Having said that, this might be a feature to consider when refactoring in the future. So I'm keeping the feature
label and have added the waiting_on_contributor
for future refactoring.
Thanks again! :)