copy module ignores --check flag for file params when md5sums are the same -- Not Cool!

[Sean McGowan]

I am using ansible 1.7.2 on RedHat

Note that I am super happy that I was doing something somewhat innocuous; however, this did just make a large number of changes across 600+ hosts...  not a very cool behavior...  this did not exist in 1.5, which is the version from which i upgraded.
 
thanks in advance...

relevant play:
#  roles/common/tasks/main.yml
---
- name: Read hosts table variables
  include_vars:  "hosts_{{ ansible_distribution }}.yml"
  tags: hosts

- name: debug test
  debug: msg="Here is my hosts {{ hosts }}"
  tags: hosts

- name: Copy hosts table
  copy: src={{ hosts }} dest={{ hosts_target }}
          owner=root group={{ hosts_group }} mode=0644
  tags: hosts


## roles/common/vars/hosts_Redhat.yml
---
hosts_target: /etc/hosts
hosts_group: root

## roles/common/vars/hosts_Solaris.yml
---
hosts_target: /etc/inet/hosts
hosts_group: sys


###  Correct configuration ( this is a solaris host )
[root@padishah1 ansible]# ssh swdw43.scs.iwcs.net "ls -ltr /etc/inet/hosts"
-rw-r--r--   1 root     sys          444 Nov  6 21:22 /etc/inet/hosts

[root@padishah1 ansible]# ssh swdw43.scs.iwcs.net "digest -a md5 /etc/inet/hosts"
93049f5cbfe5c796b82ff256e4cd5639
[root@padishah1 ansible]# md5sum roles/common/files/hosts/hosts.swdw43.scs.iwcs.net
93049f5cbfe5c796b82ff256e4cd5639  roles/common/files/hosts/hosts.swdw43.scs.iwcs.net

ansible-playbook sdlw_block1.yml -i west --tags=hosts --limit="swdw43*" --check

 ____________________
< PLAY [sdlw_block1] >
 --------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


 _________________
< GATHERING FACTS >
 -----------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net]
 ___________________________________________
< TASK: common | Read hosts table variables >
 -------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net]
 ___________________________
< TASK: common | debug test >
 ---------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net] => {
    "msg": "Here is my hosts hosts/hosts.swdw43.scs.iwcs.net"
}
 _________________________________
< TASK: common | Copy hosts table >
 ---------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net]
 ____________
< PLAY RECAP >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


swdw43.scs.iwcs.net        : ok=4    changed=0    unreachable=0    failed=0  


## Change the group to root
[root@padishah1 ansible]# ssh swdw43.scs.iwcs.net "chown :root /etc/inet/hosts && ls -l /etc/inet/hosts"
-rw-r--r--   1 root     root         444 Nov  6 21:22 /etc/inet/hosts

## Run the same play again -- note check is set!!!
[root@padishah1 ansible]# ansible-playbook sdlw_block1.yml -i west --tags=hosts --limit="swdw43*" --check

 ____________________
< PLAY [sdlw_block1] >
 --------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


 _________________
< GATHERING FACTS >
 -----------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net]
 ___________________________________________
< TASK: common | Read hosts table variables >
 -------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net]
 ___________________________
< TASK: common | debug test >
 ---------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net] => {
    "msg": "Here is my hosts hosts/hosts.swdw43.scs.iwcs.net"
}
 _________________________________
< TASK: common | Copy hosts table >
 ---------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


changed: [swdw43.scs.iwcs.net]
 ____________
< PLAY RECAP >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


swdw43.scs.iwcs.net        : ok=4    changed=1    unreachable=0    failed=0  

##  Yikes!!!!  This can be shown with changing perms too, not just group; however,
##  I can leave that exercise out of the thread.
[root@padishah1 ansible]# ssh swdw43.scs.iwcs.net "ls -ltr /etc/inet/hosts"
-rw-r--r--   1 root     sys          444 Nov  6 21:22 /etc/inet/hosts

##  Now, modify the hosts so hosts is different AND change group
[root@padishah1 ansible]# ssh swdw43.scs.iwcs.net "echo '# just a comment line' >> /etc/inet/hosts && ls -l /etc/inet/hosts"
-rw-r--r--   1 root     sys          466 Nov  6 21:34 /etc/inet/hosts
[root@padishah1 ansible]# ssh swdw43.scs.iwcs.net "chown :root /etc/inet/hosts && ls -l /etc/inet/hosts"
-rw-r--r--   1 root     root         466 Nov  6 21:34 /etc/inet/hosts


## Run the play again w/ check still set
[root@padishah1 ansible]# ansible-playbook sdlw_block1.yml -i west --tags=hosts --limit="swdw43*" --check
 ____________________
< PLAY [sdlw_block1] >
 --------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


 _________________
< GATHERING FACTS >
 -----------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net]
 ___________________________________________
< TASK: common | Read hosts table variables >
 -------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net]
 ___________________________
< TASK: common | debug test >
 ---------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


ok: [swdw43.scs.iwcs.net] => {
    "msg": "Here is my hosts hosts/hosts.swdw43.scs.iwcs.net"
}
 _________________________________
< TASK: common | Copy hosts table >
 ---------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


changed: [swdw43.scs.iwcs.net]
 ____________
< PLAY RECAP >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


swdw43.scs.iwcs.net        : ok=4    changed=1    unreachable=0    failed=0  

## Here the check flag works!!!
[root@padishah1 ansible]# ssh swdw43.scs.iwcs.net "ls -l /etc/inet/hosts"
-rw-r--r--   1 root     root         466 Nov  6 21:34 /etc/inet/hosts

[Michael DeHaan]

Can you please be explicit about what the "not a very cool behavior" is ?

I'm having trouble parsing your intent from the above.

Thanks!

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b8789577-91d1-4475-86a9-7adaba5c4aef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sean McGowan]

On Friday, November 7, 2014 9:25:43 AM UTC-5, Michael DeHaan wrote:

Can you please be explicit about what the "not a very cool behavior" is ?

no problem.  what the example below shows is that when using the copy module with file parameters (e.g. mode, owner, group) that the --check flag works if and only if the src and dest checksums do not match.  When they are equal, ansible happily makes the file parameter changes, regardless of --check usage.  I updated to 1.7.2 from 1.5 and this behavior did not exist before.  In 1.5, if the files were the same and the mode was different (for example), ansible would flag it as changed, but not make the change when using the --check flag.  This, in my opinion, is the correct and expected behavior.

Thanks!

[Sean McGowan]

following up on this... is this a bug or an expected behaviour?

[Toshio Kuratomi]

It is a bug. However, I think there have been several fixes to the
file/copy module regarding check mode recently. For instance:
https://github.com/ansible/ansible/issues/8639

I've just tested a very simple copy module playbook and it incorrectly
changed the mode with ansible-1.7.2 but did not set the mode with the
code in the ansible devel branch. So I believe this has been fixed.
If you want to confirm with your more complex case you could check out
the repository from https://github.com/ansible/ansible and give it a
try.

-Toshio

> https://groups.google.com/d/msgid/ansible-project/5c921077-4d82-42bd-8219-30785f01f60f%40googlegroups.com.

[Sean McGowan]

i am unable to pull the development branch at work.  if i have a chance i will pull it down and test it at home.  it is my hope to get involved with this project because i think it is awesome; however, there are still a few hurdles (e.g. no real spare time right now :) ).

anyhow... let me know if you want me to put it up as a bug in github.  if not, then i will just set a reminder to look at this sometime in the future.

thanks!