debconf with variable is not really idempotent?
139 views
Skip to first unread message
Phyks
Jul 16, 2015, 2:09:04 PM7/16/15
to ansible...@googlegroups.com
Hi,
I am using the following line in an Ansible playbook:
```
debconf: name={{ item.name }} question={{ item.question }} vtype={{
item.vtype }} value={{ item.value }}
with_items:
- { name: "mariadb-server-10.0", question:
"mysql-server/root_password", vtype: "password", value:
"{{mysql_root_password}}"}
- { name: "mariadb-server-10.0", question:
"mysql-server/root_password_again", vtype: "password", value:
"{{mysql_root_password}}"}
```
But the task is marked as "changed" at every execution. I would expect
it to be changed only if the values are different than the previous ones
and skipped otherwise.
Moreover, when the value is explicitly given (instead of referencing a
variable), the behaviour is as expected and the task is skipped if it
was already set.
Is it a bug or an expected feature?
Thanks!
--
Phyks
I am using the following line in an Ansible playbook:
```
debconf: name={{ item.name }} question={{ item.question }} vtype={{
item.vtype }} value={{ item.value }}
with_items:
- { name: "mariadb-server-10.0", question:
"mysql-server/root_password", vtype: "password", value:
"{{mysql_root_password}}"}
- { name: "mariadb-server-10.0", question:
"mysql-server/root_password_again", vtype: "password", value:
"{{mysql_root_password}}"}
```
But the task is marked as "changed" at every execution. I would expect
it to be changed only if the values are different than the previous ones
and skipped otherwise.
Moreover, when the value is explicitly given (instead of referencing a
variable), the behaviour is as expected and the task is skipped if it
was already set.
Is it a bug or an expected feature?
Thanks!
--
Phyks
Brian Coca
Jul 16, 2015, 2:20:08 PM7/16/15
to ansible...@googlegroups.com
passwords cannot be read, so they always appear as changed, this is a
limitation of debconf itself.
all other field types should work as you expect
--
Brian Coca
limitation of debconf itself.
all other field types should work as you expect
--
Brian Coca
Phyks
Jul 16, 2015, 4:42:23 PM7/16/15
to ansible...@googlegroups.com
Ok, I did not know about it. I confirm I only have this behavior with
password fields.
Thanks
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3Dj2AQN%2B1Uj%2B7y3ZwrgP6r1YUHhVmNx7Ctg0aFH0LB3mQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
password fields.
Thanks
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3Dj2AQN%2B1Uj%2B7y3ZwrgP6r1YUHhVmNx7Ctg0aFH0LB3mQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
Mischa ter Smitten
Jul 16, 2015, 4:46:46 PM7/16/15
to ansible...@googlegroups.com
Is there any way to work around that?
Brian Coca
Jul 16, 2015, 7:22:39 PM7/16/15
to ansible...@googlegroups.com
Not that i know of, debian's debconf deals with passwords this way,
probably to prevent possible security issues.
If someone figures out a way to compare all the passwords, I'm all
open. In the mysql case we can read the /etc/my.cnf, but ... really we
should not be doing that.
--
Brian Coca
probably to prevent possible security issues.
If someone figures out a way to compare all the passwords, I'm all
open. In the mysql case we can read the /etc/my.cnf, but ... really we
should not be doing that.
--
Brian Coca
Phyks
Jul 16, 2015, 7:25:39 PM7/16/15
to ansible...@googlegroups.com
Sounds like all password fields are not treated this way.
Indeed, `debconf-get-selections` returns:
mariadb-server-10.0 mysql-server/root_password_again password THE_PASSWORD
--
Phyks
Indeed, `debconf-get-selections` returns:
mariadb-server-10.0 mysql-server/root_password_again password THE_PASSWORD
--
Phyks
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mHpjTuozGPL8-d_aWC5dJc0Sv806tPFHDHH_zERxFkgw%40mail.gmail.com.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages