search

ansible / ansible-modules-extras

Ansible extra modules - these modules ship with ansible
948 stars 1.46k forks source link

iptables: flush does not respect --check #3620

Closed measurabl-robot closed 7 years ago

measurabl-robot commented 7 years ago
ISSUE TYPE
COMPONENT NAME

iptables

ANSIBLE VERSION
ansible 2.2.0.0
CONFIGURATION
OS / ENVIRONMENT

From: OS X To: Ubuntu 14.04

SUMMARY

iptables module with flush=true does not respect --check flag, it makes changes - purging iptables - on remote system.

STEPS TO REPRODUCE

Run playbook containing iptables flush=true task with --check.

- name: flush iptables configuration
  iptables: 
    flush=true
EXPECTED RESULTS

Task should be skipped

ACTUAL RESULTS

iptables are flushed on remote system

ok: [XXX] => {
    "chain": null,
    "changed": false,
    "failed": false,
    "flush": true,
    "invocation": {
        "module_args": {
            "action": "append",
            "chain": null,
            "comment": null,
            "ctstate": [],
            "destination": null,
            "destination_port": null,
            "flush": true,
            "fragment": null,
            "goto": null,
            "icmp_type": null,
            "in_interface": null,
            "ip_version": "ipv4",
            "jump": null,
            "limit": null,
            "limit_burst": null,
            "match": [],
            "out_interface": null,
            "policy": null,
            "protocol": null,
            "reject_with": null,
            "set_counters": null,
            "set_dscp_mark": null,
            "set_dscp_mark_class": null,
            "source": null,
            "source_port": null,
            "state": "present",
            "table": "filter",
            "to_destination": null,
            "to_ports": null,
            "to_source": null,
            "uid_owner": null
        },
        "module_name": "iptables"
    },
    "ip_version": "ipv4",
    "rule": "",
    "state": "present",
    "table": "filter"
}
ansibot commented 7 years ago

@LinusU ping, this issue is waiting for your response. click here for bot help

LinusU commented 7 years ago

needs_contributor

measurabl-robot commented 7 years ago

Workaround: when: "{{ ansible_check_mode == false }}"

ansibot commented 7 years ago

This repository has been locked. All new issues and pull requests should be filed in https://github.com/ansible/ansible

Please read through the repomerge page in the dev guide. The guide contains links to tools which automatically move your issue or pull request to the ansible/ansible repo.

ansibot commented 7 years ago

This issue was migrated to https://github.com/ansible/ansible/issues/29426