From 5935dce47fa9e2b7fe9f474a5d2f8a9d74b49d0f Mon Sep 17 00:00:00 2001
From: Martin Schurz <Martin.Schurz@t-systems.com>
Date: Fri, 2 Oct 2020 23:03:14 +0200
Subject: [PATCH] do not persist sysctl when value is invalid

the order of actions for setting, persisting and activation is changed,
to not persist an invalid sysctl value. This is only enforced when
sysct_set is True.
---
 plugins/modules/sysctl.py                     |  4 ++--
 .../integration/targets/sysctl/tasks/main.yml | 21 +++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/plugins/modules/sysctl.py b/plugins/modules/sysctl.py
index 7aa4d96..1654ec6 100644
--- a/plugins/modules/sysctl.py
+++ b/plugins/modules/sysctl.py
@@ -182,12 +182,12 @@ class SysctlModule(object):
 
         # Do the work
         if not self.module.check_mode:
+            if self.set_proc:
+                self.set_token_value(self.args['name'], self.args['value'])
             if self.write_file:
                 self.write_sysctl()
             if self.changed and self.args['reload']:
                 self.reload_sysctl()
-            if self.set_proc:
-                self.set_token_value(self.args['name'], self.args['value'])
 
     def _values_is_equal(self, a, b):
         """Expects two string values. It will split the string by whitespace
diff --git a/tests/integration/targets/sysctl/tasks/main.yml b/tests/integration/targets/sysctl/tasks/main.yml
index d72fd52..6372128 100644
--- a/tests/integration/targets/sysctl/tasks/main.yml
+++ b/tests/integration/targets/sysctl/tasks/main.yml
@@ -289,3 +289,24 @@
           - sysctl_check_mode2 is changed
           - "'vm.swappiness=22' in sysctl_check_mode_conf_content.stdout_lines"
           - sysctl_check_mode_current_vm_swappiness.stdout == '22'
+
+    # Test sysctl: invalid value
+    - name: Set invalid sysctl property using module
+      sysctl:
+        name: vm.mmap_rnd_bits
+        value: '1024'
+        state: present
+        reload: yes
+        sysctl_set: True
+      ignore_errors: True
+      register: sysctl_invalid_set1
+
+    - name: Read /etc/sysctl.conf
+      command: 'cat /etc/sysctl.conf'
+      register: sysctl_invalid_conf_content
+
+    - name: Ensure changes were not made
+      assert:
+        that:
+          - sysctl_invalid_set1 is failed
+          - "'vm.mmap_rnd_bits' not in sysctl_invalid_conf_content.stdout"