[ansible-project] sysctl module and removal of entry

[KSS]

Hi,

I've come across a situation where the sysctl module is not removing an 
entry if the value matches even if the state is set to 'absent'. 

e.g, 


   - The following *does not remove* the sysctl entry if the value below 
   matches that in the sysctl file;
   
       - name: Test removal of sysctl key
         sysctl: name={{ item }} value=0 state=absent reload=no
         with_items:
           - net.bridge.bridge-nf-call-ip6tables
           - net.bridge.bridge-nf-call-iptables
           - net.bridge.bridge-nf-call-arptables


   - If the value is different, it *does remove* the key.
   
       - name: Test removal of sysctl key
         sysctl: name={{ item }} value=1 state=absent reload=no
         with_items:
           - net.bridge.bridge-nf-call-ip6tables
           - net.bridge.bridge-nf-call-iptables
           - net.bridge.bridge-nf-call-arptables

   - If the value is omitted, it *does remove* the key. 
   
       - name: Test removal of sysctl key
         sysctl: name={{ item }} state=absent reload=no
         with_items:
           - net.bridge.bridge-nf-call-ip6tables
           - net.bridge.bridge-nf-call-iptables
           - net.bridge.bridge-nf-call-arptables

# ansible --version = ansible 1.7.1
Remote machine=CentOS6.5

In debug, it shows the state is set to absent even though it appears to 
ignore it;

PLAY [XX.XX.XX.XX] 
**********************************************************

GATHERING FACTS 
***************************************************************
<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX
<XX.XX.XX.XX> REMOTE_MODULE setup
<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500 && echo 
$HOME/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500'
<XX.XX.XX.XX> PUT /tmp/tmpit9iZw TO 
/root/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500/setup
<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python 
/root/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500/setup; rm -rf 
/root/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500/ >/dev/null 
2>&1'
ok: [XX.XX.XX.XX]

TASK: [Test removal of sysctl key] 
********************************************
<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX
<XX.XX.XX.XX> REMOTE_MODULE sysctl name=net.bridge.bridge-nf-call-ip6tables 
value=0 *state=absent* reload=no
<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092 && echo 
$HOME/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092'
<XX.XX.XX.XX> PUT /tmp/tmpj3GFfR TO 
/root/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092/sysctl
<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python 
/root/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092/sysctl; rm -rf 
/root/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092/ >/dev/null 
2>&1'
ok: [XX.XX.XX.XX] => (item=net.bridge.bridge-nf-call-ip6tables) => 
{"changed": false, "item": "net.bridge.bridge-nf-call-ip6tables"}
<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX
<XX.XX.XX.XX> REMOTE_MODULE sysctl name=net.bridge.bridge-nf-call-iptables 
value=0 *state=absent* reload=no
<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706 && echo 
$HOME/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706'
<XX.XX.XX.XX> PUT /tmp/tmpWbVgcA TO 
/root/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706/sysctl
<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python 
/root/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706/sysctl; rm -rf 
/root/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706/ >/dev/null 
2>&1'
ok: [XX.XX.XX.XX] => (item=net.bridge.bridge-nf-call-iptables) => 
{"changed": false, "item": "net.bridge.bridge-nf-call-iptables"}
<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX
<XX.XX.XX.XX> REMOTE_MODULE sysctl name=net.bridge.bridge-nf-call-arptables 
value=0 *state=absent* reload=no
<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771 && echo 
$HOME/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771'
<XX.XX.XX.XX> PUT /tmp/tmpaq_Q5s TO 
/root/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771/sysctl
<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python 
/root/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771/sysctl; rm -rf 
/root/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771/ >/dev/null 
2>&1'
ok: [XX.XX.XX.XX] => (item=net.bridge.bridge-nf-call-arptables) => 
{"changed": false, "item": "net.bridge.bridge-nf-call-arptables"}

PLAY RECAP 
********************************************************************
XX.XX.XX.XX              : ok=2    changed=0    unreachable=0    failed=0

and the entry definitely exists on the remote host;

# grep bridge /etc/sysctl.conf
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0


Is this known/expected behavior (I would expect an 'absent' state to remove 
the entry when it matches the name and value)? 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9ee26358-bf45-4ebe-a37e-86684bb1b17d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.