search

redhat-cop / infra.aap_configuration

A collection of roles to manage Ansible Automation Platform 2.5+ with code
https://galaxy.ansible.com/infra/aap_configuration
GNU General Public License v3.0
276 stars 141 forks source link

If value is false or true - it registers a change when there isn't one #459

Closed davidcba1 closed 1 year ago

davidcba1 commented 1 year ago

Summary

Ansible is supposed to be idempotent, yet when you provide a setting with the value of true or false it registers a change in ansible

controller_settings:
  # Splunk Config
  - name: LOG_AGGREGATOR_ENABLED
    value: 0  # False - If set to False it changes every run

This is by utilising the 2 roles of

  roles:
    - {role: redhat_cop.controller_configuration.filetree_read }
    - {role: redhat_cop.controller_configuration.dispatch }

Issue Type

Ansible, Collection, Controller details

# ansible --version
ansible [core 2.13.7]
  config file = /home/adm/aap/ansible-automation-platform/ansible.cfg
  configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/adm/aap/ansible-automation-platform/collections:/home/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.13 (main, Nov  9 2022, 13:16:24) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15)]
  jinja version = 3.0.3
  libyaml = True

# ansible-galaxy collection list

# /usr/share/ansible/collections/ansible_collections
Collection              Version
----------------------- -------
amazon.aws              3.2.0
ansible.controller      4.2.1
ansible.netcommon       3.1.1
ansible.network         1.2.0
ansible.posix           1.3.0
ansible.security        1.0.0
ansible.utils           2.6.1
ansible.windows         1.9.0
ansible.yang            1.0.0
arista.eos              5.0.0
cisco.asa               3.0.0
cisco.ios               3.0.0
cisco.iosxr             3.0.0
cisco.nxos              3.0.0
cloud.common            2.1.1
community.crypto        2.1.0
community.general       4.2.0
community.hashi_vault   4.0.0
frr.frr                 2.0.0
ibm.qradar              2.0.0
junipernetworks.junos   3.0.0
kubernetes.core         2.2.3
openvswitch.openvswitch 2.1.0
redhat.insights         1.0.7
redhat.openshift        2.1.0
redhat.rhv              1.6.5
redhat.satellite        3.3.0
servicenow.itsm         1.3.3
splunk.es               2.0.0
trendmicro.deepsec      2.0.0
vmware.vmware_rest      2.1.5
vyos.vyos               3.0.0

# /home/adm/aap/ansible-automation-platform/collections/ansible_collections
Collection                          Version
----------------------------------- -------
redhat_cop.controller_configuration 2.2.4

Controller version
2.2

EE (using ansible-navigator exec)

OS / ENVIRONMENT

Desired Behavior

when defining your vars - regardless if you have True, true or 1 - it should not register a change

same for False, false, 0

Actual Behavior

A change is always reported if you use anything but 1 or 0 for true/false

STEPS TO REPRODUCE

Using the roles noted above, perform some basic config change like the below

  - name: ORG_ADMINS_CAN_SEE_ALL_USERS
    value: 0  # False - If set to False it changes every run

Try setting to False/false and you will notice a change every time.

When using "false" - it is "changed"

changed: [xxxx] => (item={'failed': 0, 'started': 1, 'finished': 0, 'ansible_job_id': '198060949819.2965323', 'results_file': '/tmp/.ansible_async/198060949819.2965323', 'changed': False, '__controller_setting_item': {'name': 'ORG_ADMINS_CAN_SEE_ALL_USERS', 'value': False}, 'ansible_loop_var': '__controller_setting_item'}) => {"__controller_setting_job_async_results_item": {"__controller_setting_item": {"name": "ORG_ADMINS_CAN_SEE_ALL_USERS", "value": false}, "ansible_job_id": "198060949819.2965323", "ansible_loop_var": "__controller_setting_item", "changed": false, "failed": 0, "finished": 0, "results_file": "/tmp/.ansible_async/198060949819.2965323", "started": 1}, "ansible_job_id": "198060949819.2965323", "ansible_loop_var": "__controller_setting_job_async_results_item", "attempts": 1, "changed": true, "finished": 1, "new_values": {"ORG_ADMINS_CAN_SEE_ALL_USERS": "False"}, "old_values": {"ORG_ADMINS_CAN_SEE_ALL_USERS": false}, "results_file": "/tmp/.ansible_async/198060949819.2965323", "started": 1, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": [], "value": false}

When using 0 - it is "ok"

ok: [xxxx] => (item={'failed': 0, 'started': 1, 'finished': 0, 'ansible_job_id': '66363845749.2967878', 'results_file': '/tmp/.ansible_async/66363845749.2967878', 'changed': False, '__controller_setting_item': {'name': 'ORG_ADMINS_CAN_SEE_ALL_USERS', 'value': 0}, 'ansible_loop_var': '__controller_setting_item'}) => {"__controller_setting_job_async_results_item": {"__controller_setting_item": {"name": "ORG_ADMINS_CAN_SEE_ALL_USERS", "value": 0}, "ansible_job_id": "66363845749.2967878", "ansible_loop_var": "__controller_setting_item", "changed": false, "failed": 0, "finished": 0, "results_file": "/tmp/.ansible_async/66363845749.2967878", "started": 1}, "ansible_job_id": "66363845749.2967878", "ansible_loop_var": "__controller_setting_job_async_results_item", "attempts": 1, "changed": false, "finished": 1, "new_values": {}, "old_values": {}, "results_file": "/tmp/.ansible_async/66363845749.2967878", "started": 1, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
Tompage1994 commented 1 year ago

Hi @davidcba1, thanks for raising this issue.

As this collection wraps around the awx.awx collection (or in your case ansible.controller) the issue would best reside there as it appears the underlying issue would exist if running 

- ansible.controller.settings:
    name: ORG_ADMINS_CAN_SEE_ALL_USERS
    value: false

I'd therefore suggest you raise the issue in the awx.awx collection repository: https://github.com/ansible/awx/issues

I'm closing this issue but if you need to discuss further feel free to reopen