sysctl module and removal of entry

[KSS]

Hi,

I've come across a situation where the sysctl module is not removing an entry if the value matches even if the state is set to 'absent'. 

e.g, 

• The following does not remove the sysctl entry if the value below matches that in the sysctl file;
  

       - name: Test removal of sysctl key

         sysctl: name={{ item }} value=0 state=absent reload=no

         with_items:

           - net.bridge.bridge-nf-call-ip6tables

           - net.bridge.bridge-nf-call-iptables

           - net.bridge.bridge-nf-call-arptables

• If the value is different, it does remove the key.
  

       - name: Test removal of sysctl key

         sysctl: name={{ item }} value=1 state=absent reload=no

         with_items:

           - net.bridge.bridge-nf-call-ip6tables

           - net.bridge.bridge-nf-call-iptables

           - net.bridge.bridge-nf-call-arptables

• If the value is omitted, it does remove the key. 
  

       - name: Test removal of sysctl key

         sysctl: name={{ item }} state=absent reload=no

         with_items:

           - net.bridge.bridge-nf-call-ip6tables

           - net.bridge.bridge-nf-call-iptables

           - net.bridge.bridge-nf-call-arptables

# ansible --version = ansible 1.7.1

Remote machine=CentOS6.5

In debug, it shows the state is set to absent even though it appears to ignore it;

PLAY [XX.XX.XX.XX] **********************************************************

GATHERING FACTS ***************************************************************

<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX

<XX.XX.XX.XX> REMOTE_MODULE setup

<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500 && echo $HOME/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500'

<XX.XX.XX.XX> PUT /tmp/tmpit9iZw TO /root/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500/setup

<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500/setup; rm -rf /root/.ansible/tmp/ansible-tmp-1412781537.17-34022334345500/ >/dev/null 2>&1'

ok: [XX.XX.XX.XX]

TASK: [Test removal of sysctl key] ********************************************

<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX

<XX.XX.XX.XX> REMOTE_MODULE sysctl name=net.bridge.bridge-nf-call-ip6tables value=0 state=absent reload=no

<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092 && echo $HOME/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092'

<XX.XX.XX.XX> PUT /tmp/tmpj3GFfR TO /root/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092/sysctl

<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092/sysctl; rm -rf /root/.ansible/tmp/ansible-tmp-1412781537.7-197935696377092/ >/dev/null 2>&1'

ok: [XX.XX.XX.XX] => (item=net.bridge.bridge-nf-call-ip6tables) => {"changed": false, "item": "net.bridge.bridge-nf-call-ip6tables"}

<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX

<XX.XX.XX.XX> REMOTE_MODULE sysctl name=net.bridge.bridge-nf-call-iptables value=0 state=absent reload=no

<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706 && echo $HOME/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706'

<XX.XX.XX.XX> PUT /tmp/tmpWbVgcA TO /root/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706/sysctl

<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706/sysctl; rm -rf /root/.ansible/tmp/ansible-tmp-1412781538.12-44471411742706/ >/dev/null 2>&1'

ok: [XX.XX.XX.XX] => (item=net.bridge.bridge-nf-call-iptables) => {"changed": false, "item": "net.bridge.bridge-nf-call-iptables"}

<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX

<XX.XX.XX.XX> REMOTE_MODULE sysctl name=net.bridge.bridge-nf-call-arptables value=0 state=absent reload=no

<XX.XX.XX.XX> EXEC /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771 && echo $HOME/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771'

<XX.XX.XX.XX> PUT /tmp/tmpaq_Q5s TO /root/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771/sysctl

<XX.XX.XX.XX> EXEC /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771/sysctl; rm -rf /root/.ansible/tmp/ansible-tmp-1412781538.55-56695379779771/ >/dev/null 2>&1'

ok: [XX.XX.XX.XX] => (item=net.bridge.bridge-nf-call-arptables) => {"changed": false, "item": "net.bridge.bridge-nf-call-arptables"}

PLAY RECAP ********************************************************************

XX.XX.XX.XX              : ok=2    changed=0    unreachable=0    failed=0

and the entry definitely exists on the remote host;

# grep bridge /etc/sysctl.conf

# Disable netfilter on bridges.

net.bridge.bridge-nf-call-ip6tables = 0

net.bridge.bridge-nf-call-iptables = 0

net.bridge.bridge-nf-call-arptables = 0

Is this known/expected behavior (I would expect an 'absent' state to remove the entry when it matches the name and value)?