ansible.posix icon indicating copy to clipboard operation
ansible.posix copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

sysctl: add option to remove the extra options from the manages files

Open Ph0enix89 opened this issue 2 years ago • 3 comments

SUMMARY

Add a new option to manage the content of the file exclusively by the module and delete all variables that are not part of parameter list in the playbook.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

sysctl

ADDITIONAL INFORMATION

As part of the workflows in our organization we manage forwarding on network interfaces via sysctl. The problem is that every now and then the interface names change (e.g. some bridges are created or removed). Currently that means that we either need to have a run with the variables in question marked as absent and then remove them from the config (which seems like an avoidable overhead) or use templates to ensure that if the config is modified and some variables are deleted then they do not stay in the corresponding file on the system.

Having an option to tell sysctl to either handle each config variable independently (current behavior) or to manage the whole file and stip away all the parameters that are not mentioned in the playbook

- name: Manage forwarding
  sysctl:
    state: present
    sysctl_file: '/etc/sysctl.d/90-net-fwd.conf'
    exclusive: yes
    name: 'net.ipv4.conf.eno1.forwarding'
    value: '1'

Ph0enix89 avatar Nov 14 '21 23:11 Ph0enix89

@Ph0enix89 Hello, thank you for reporting this! :) I may be misunderstood your use case but at first glance, this looks like a similar behavior replacing a sysctl file using copy or template module. If so, wouldn't it work to use those modules to replace the file and load it by the handlers section?

saito-hideki avatar Nov 26 '21 00:11 saito-hideki

Yes, that is the workaround that we currently use. When we want to ensure that a file does not contain any unwanted variables we switch to using templates. So we have a wrapper around sysctl role which either lets the role manage the config or switches to templates in certain cases.

So if the role could handle it inherently it would simplify things.

However looking at the code it seems that right now each variable is handled independently and a single file will be opened and modified multiple times if multiple variables need to be managed. So it's not very straightforward to refactor the code to support the suggested behavior. However at this point the question is more on a conceptual level if the described behavior makes sense and other users could benefit from it. Or it could be that it's just our special case and does not affect anyone else.

Ph0enix89 avatar Nov 28 '21 19:11 Ph0enix89

@Ph0enix89 thanks for the clarification. Apologies if I misunderstood your original request, I think it is not only for the contents of the sysctl file but also OS runtime settings.
If your request is only for operations on sysctl files, can use the template module. Also, I think we are unable to delete OS runtime parameters using sysctl, so I think you'll need to revert parameters to default values except for specified parameters. However, as far as I know, there is no way to restore the sysctl value to the default. Therefore, implementing this feature would be difficult with the current sysctl module architecture. Having said that, this might be a feature to consider when refactoring in the future. So I'm keeping the feature label and have added the waiting_on_contributor for future refactoring.

Thanks again! :)

saito-hideki avatar Nov 29 '21 14:11 saito-hideki