search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
828 stars 1.53k forks source link

lxc_container doesn't replace existing container_config values #4205

Open moqmar opened 2 years ago

moqmar commented 2 years ago

Summary

When changing a value in container_config, a line gets added instead of replaced in /var/lib/lxc/CONTAINER/config.

It seems to affect line lxc_container.py:723 - I don't really understand why it's using container_config.insert there instead of just setting container_config[line_index]

Issue Type

Bug Report

Component Name

lxc_container

Ansible Version

$ ansible --version
ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/momar/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/momar/.local/lib/python3.8/site-packages/ansible
  ansible collection location = /home/momar/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/momar/.local/bin/ansible
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
Collection        Version
----------------- -------
community.general 4.4.0

Configuration

No response

OS / Environment

Debian 11 Bullseye

Steps to Reproduce

- hosts: all
  tasks:
  - ansible.builtin.apt:
      name: [python3-lxc, lxc-templates, debootstrap, apparmor]
  - community.general.lxc_container:
      name: "example"
      template: "debian"
      template_options: "--release bullseye"
      container_config:
      - lxc.cgroup2.memory.max = 43421772800
ansible-playbook -i hosts playbook.yml
sed -i 's/43421772800/13421772800/' playbook.yml
ansible-playbook -i hosts playbook.yml

Expected Results

I'd expect the line to be replaced:

$ ssh HOST cat /var/lib/lxc/example/config | grep -Fn lxc.cgroup2.memory.max
25:lxc.cgroup2.memory.max = 13421772800

Actual Results

The line gets added:

$ ssh HOST cat /var/lib/lxc/example/config | grep -Fn lxc.cgroup2.memory.max
25:lxc.cgroup2.memory.max = 43421772800
26:lxc.cgroup2.memory.max = 13421772800

This by itself accidentally "works", as LXC will take the latter value, but if I change it back to the first value, nothing will happen and it will forever stay at the second value.

Code of Conduct

ansibullbot commented 2 years ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 2 years ago

cc @cloudnull click here for bot help

felixfontein commented 2 years ago

I think this is a mistake, since the comment above it explicitly says # If the sanitized values don't match replace them.

moqmar commented 2 years ago

Something really important I just noticed about that: there are some LXC options which can be specified multiple times! An example would be lxc.cgroup2.devices.allow.

moqmar commented 2 years ago

Maybe we can use := to overwrite existing options? Or the more Ansible-like way of having different maps container_config_append (with the old container_config as an alias and everything just as it works right now), container_config_overwrite and container_config_remove (or _present, _overwrite and _absent)? The most verbose alternative would be to have a separate lxc_container_config module that can then use state: present|absent and overwrite: true.

ansibullbot commented 2 years ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help