search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
820 stars 1.5k forks source link

kernel_blacklist - Error while setting attributes: /tmp/xyz: Operation not supported #7362

Closed bartlomiejkida closed 12 months ago

bartlomiejkida commented 1 year ago

Summary

I wanted to blacklist some kernel modules using the ready-made kernel_blacklist in Ansible.

My sample code:

- name: Remove potentially affected (and unused) modules
  community.general.kernel_blacklist:
    name: "{{ line_item }}"
    state: present
    blacklist_file: "/etc/modprobe.d/{{ line_item }}-blacklist.conf"
  with_items:
    - cifs
    - cls_rsvp
  loop_control:
    loop_var: line_item

As I understand it, the module should create such a file and add content to it.

As a result, when you run the playbook, the files are created but their contents are empty:

$ find /etc/modprobe.d/ -size 0 -ls
  6030631      0 -rw-r--r--   1 root     root            0 paź  7 12:19 /etc/modprobe.d/cls_rsvp-blacklist.conf
  6029638      0 -rw-r--r--   1 root     root            0 paź  7 12:19 /etc/modprobe.d/cifs-blacklist.conf

Additionally, when launching the playbook, I receive a failure message. Below traceback ( -vvv)

The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_community.general.kernel_blacklist_payload_rk2m8l96/ansible_community.general.kernel_blacklist_payload.zip/ansible/module_utils/basic.py", line 1003, in set_attributes_if_different
    raise Exception("Error while setting attributes: %s" % (out + err))
Exception: Error while setting attributes: /tmp/tmpnholykn5: Operation not supported

failed: [local] (item=cls_rsvp) => {
    "ansible_loop_var": "line_item",
    "changed": false,
    "details": "Error while setting attributes: /tmp/tmpnholykn5: Operation not supported\n",
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "blacklist_file": "/etc/modprobe.d/cls_rsvp-blacklist.conf",
            "name": "cls_rsvp",
            "state": "present"
        }
    },
    "line_item": "cls_rsvp",
    "mode": "0644",
    "msg": "chattr failed",
    "owner": "root",
    "path": "/tmp/tmpnholykn5",
    "size": 0,
    "state": "file",
    "uid": 0
}

I don't know why module display Error while setting attributes: /tmp/tmpwn_d8ybv: Operation not supported. In bash shell work perfect:

# rm -fv /etc/modprobe.d/cifs-blacklist.conf
removed '/etc/modprobe.d/cifs-blacklist.conf'
# touch /etc/modprobe.d/cifs-blacklist.conf
# echo 'test test' > /etc/modprobe.d/cifs-blacklist.conf

Issue Type

Bug Report

Component Name

kernel_blacklist

Ansible Version

$ ansible --version
ansible [core 2.14.10]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/bkida/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /home/bkida/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.5 (main, Aug 28 2023, 00:00:00) [GCC 13.2.1 20230728 (Red Hat 13.2.1-1)] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

# /usr/lib/python3.11/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 6.6.2  

# /usr/share/ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 6.6.0

Configuration

$ ansible-config dump --only-changed
CONFIG_FILE() = /etc/ansible/ansible.cfg

OS / Environment

Fedora 38

Steps to Reproduce

Copy example code from summary description and run on the same ansible / community.general version

Expected Results

Working module ;)

Actual Results

Error while setting attributes: /tmp/tmpwn_d8ybv: Operation not supported

Code of Conduct

ansibullbot commented 1 year ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @matze click here for bot help

felixfontein commented 1 year ago

The module copies the current file to a temporary place (while preserving permissions) and atomically moves it back.

The "preserving permissions" part of the first copying step seems to fail.

This extra copying step was added in 2ad7ed4f83701b2919e287de0cd50b17884371de, more specifically in https://github.com/ansible-collections/community.general/pull/3329/commits/b42ca595ec85aaf5e71d0abfe5bfbfc019097777. @russoz do you remember why you did it that way?

russoz commented 1 year ago

@felixfontein TBH, not really. But I found a better way to do it.