Idempotency issue with jail.local

Oefenweb / ansible-fail2ban

Ansible role to set up fail2ban in Debian-like systems

MIT License

117 stars 55 forks source link

Idempotency issue with jail.local #48

Closed maxlareo closed 6 years ago

maxlareo commented 6 years ago

Hi there,

Each time I run my playbooks, I always get a changed with the update configuration file - /etc/fail2ban/jail.local task.

In the template jail.local.j2, the service.items() are not sorted and are in a different order at each run.

I use this kind of settings :

fail2ban_services:
    - name: ssh
      port: 2345
      filter: sshd
      logpath: /var/log/auth.log
      maxretry: 6
    - name: postfix
      port: smtp,ssmtp,submission
      filter: postfix
      logpath: /var/log/mail.log

I will make a pull request to propose a solution as soon as this issue get a number

tersmitten commented 6 years ago

I've never had any issues with this. What OS and python version are you using?

maxlareo commented 6 years ago

I'm on a Debian Stretch with the debian stable python packages :

ii  python                                 2.7.13-2
ii  python3                                3.5.3-1
ii  python-jinja2                          2.8-1

and I'm using the Ansible ubuntu repo, so the latest ansible version at this date:

ii  ansible                                2.4.1.0-1ppa~trusty

I hope it helps

tersmitten commented 6 years ago

Are you running Ansible with Python 2.7.13-2 or 3.5.3-1?

maxlareo commented 6 years ago

Oh nice call, I forgot to check with which version of python I was using ansible. After few tests, it appears that the problem occur with python3 (3.5.3-1 in my case) only and not python2.

tersmitten commented 6 years ago

That's what I thought. I don't think Python 3 is support (yet) by Ansible.

Nevertheless, you fix seems valid as the order of dictionary keys is not fixed.