search

kwoodson / ansible-role-yedit

Ansible Role for Yaml editing
165 stars 62 forks source link

yedit module will modify the file permissions after execution #77

Open EdmundDXu opened 4 years ago

EdmundDXu commented 4 years ago

Hi, I recently encountered a problem when using the yedit module. First, I executed the file module to modify the permissions of a file and changed it to 0600. Then I executed the yedit module to inject a key into this file, and the result was this file. The permissions changed to 0644 again.

Will the yedit module modify the file permissions after execution?

Example: At first, the permission of /etc/origin/master/master-config.yaml are 0644

[root@ocp-node01 etc]# stat /etc/origin/master/master-config.yaml
  File: ‘/etc/origin/master/master-config.yaml’
  Size: 6940        Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 101353485   Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)

Then ,I execute the task below to modify file permission.

- name: "Verify Permissions on the OpenShift Master Configuration File"
  file:
    path: /etc/origin/master/master-config.yaml
    mode: 0600
    state: file

and sucess.

[root@ocp-node01 etc]# stat /etc/origin/master/master-config.yaml
  File: ‘/etc/origin/master/master-config.yaml’
  Size: 6940        Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 101353485   Links: 1
Access: (0600/-rw-------)  Uid: (    0/    root)   Gid: (    0/    root)

After that, I execute the task below to modify file content.

- name: "Enable service-account-lookup on the API Server"
  yedit:
    src: /etc/origin/master/master-config.yaml
    key: kubernetesMasterConfig.apiServerArguments.service-account-lookup
    value:
      - 'true'

With the file content changed, the permissions of the file also changed.

TASK [common : Enable service-account-lookup on the API Server] ****************************************************************************************************************
changed: [192.168.62.121]
[root@ocp-node01 etc]# stat /etc/origin/master/master-config.yaml
  File: ‘/etc/origin/master/master-config.yaml’
  Size: 6940        Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 101355612   Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)

I know I can reverse the order of tasks, but my scenario here is not recommended. Is there any other way to avoid this?