[ansible-project] --check shows changes that won't actually happen

Mon, 08 Sep 2014 15:56:01 -0700 

Hi,

We have a playbook to manage SSH keys  on our servers (we are not using the 
authorized_key module because it appends users' keys without ever deleting 
the old ones).
For that we created a template to gather all the SSH keys based on the 
different roles and groups, which is working fine except when using the 
--check option.
When using that option, Ansible will show changes that are not going to 
happen when the playbook is run without the option.

As an example:

$ ansible-playbook keys.yml --limit somehost --check
[...]
somehost : ok=15   changed=4    unreachable=0    failed=0

$ ansible-playbook keys.yml --limit somehost
[...]
somehost : ok=15   changed=0    unreachable=0    failed=0


The changes concern the authorized_key file (here 4 changes because the 
playbook deploys 4 users).
Here's an extract of the output of the command when ran with the --diff 
option:

$ ansible-playbook keys.yml --limit somehost --check --diff
[...]
 ___________________________________________________
< TASK: keys | copy authorized key template to host >
 ---------------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


--- before: ~root/.ssh/authorized_keys
+++ after: 
/home/romain/workspace/it_ansible/roles/keys/templates/authorized_keys.j2
@@ -0,0 +1,4 @@
+ssh-rsa [...]
+ssh-rsa [...]
+ssh-rsa [...]
+ssh-rsa [...]

changed: [somehost]
[...]

The --check option is rendered useless since we can't trust it.
Any idea why this is happening? Does the --check option prevent Ansible 
from getting the authorized_key files from the remote hosts? What could we 
do to make the --check option behave as it should be?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9309612c-53a7-4f2b-8023-dd01f5a4d9f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to