carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-11 07:05:27 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge 7f8505d693 into b96fad5e5b

Browse source
This commit is contained in:
mubashirusman 2025-08-07 21:31:14 +00:00 committed by GitHub
commit 6d09174ba2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 419 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
plugins/modules/sysctl.py
View file

@ -56,6 +56,16 @@ options:
- Verify token value with the sysctl command and set with C(-w) if necessary.
type: bool
default: false
system_wide:
description:
- If V(true), uses C(sysctl --system) behavior to reload all sysctl configuration files.
- This will reload configuration from C(/etc/sysctl.d/*.conf), C(/run/sysctl.d/*.conf),
C(/usr/local/lib/sysctl.d/*.conf), C(/usr/lib/sysctl.d/*.conf), C(/lib/sysctl.d/*.conf),
and C(/etc/sysctl.conf) in that order.
- If V(false), only reloads the specific sysctl file defined by O(sysctl_file).
- Only applies when O(reload) is V(true).
type: bool
default: false
author:
- David CHANIAL (@davixx)
'''
@ -100,6 +110,14 @@ EXAMPLES = r'''
sysctl_set: true
state: present
reload: true
# Set vm.swappiness and reload all system sysctl configuration files (equivalent to sysctl --system)
- ansible.posix.sysctl:
name: vm.swappiness
value: '10'
state: present
reload: true
system_wide: true
'''
# ==============================================================
@ -108,6 +126,7 @@ import os
import platform
import re
import tempfile
import glob
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six import string_types
@ -121,17 +140,30 @@ class SysctlModule(object):
# success or failure.
LANG_ENV = {'LANG': 'C', 'LC_ALL': 'C', 'LC_MESSAGES': 'C'}
# We define a variable to keep all the directories to be read, equivalent to
# (/sbin/sysctl --system) option
SYSCTL_DIRS = [
'/etc/sysctl.d/*.conf',
'/run/sysctl.d/*.conf',
'/usr/local/lib/sysctl.d/*.conf',
'/usr/lib/sysctl.d/*.conf',
'/lib/sysctl.d/*.conf',
'/etc/sysctl.conf'
]
def __init__(self, module):
self.module = module
self.args = self.module.params
self.sysctl_cmd = self.module.get_bin_path('sysctl', required=True)
self.sysctl_file = self.args['sysctl_file']
self.system_wide = self.args['system_wide']
self.proc_value = None # current token value in proc fs
self.file_value = None # current token value in file
self.file_lines = [] # all lines in the file
self.file_values = {} # dict of token values
self.system_wide_file_value = None # current token value from system-wide files
self.changed = False # will change occur
self.set_proc = False # does sysctl need to set value
@ -161,19 +193,36 @@ class SysctlModule(object):
if thisname not in self.file_values:
self.file_values[thisname] = None
# if system_wide is enabled, also check system-wide configuration
if self.system_wide:
system_wide_values = self.read_system_wide_sysctl_files()
# If the value exists in system-wide config, use that for comparison
if thisname in system_wide_values:
self.system_wide_file_value = system_wide_values[thisname]
else:
self.system_wide_file_value = None
else:
self.system_wide_file_value = None
# update file contents with desired token/value
self.fix_lines()
# what do we need to do now?
if self.file_values[thisname] is None and self.args['state'] == "present":
# Determine the effective current value (system-wide takes precedence if enabled)
if self.system_wide and self.system_wide_file_value is not None:
current_file_value = self.system_wide_file_value
else:
current_file_value = self.file_values[thisname]
if current_file_value is None and self.args['state'] == "present":
self.changed = True
self.write_file = True
elif self.file_values[thisname] is None and self.args['state'] == "absent":
elif current_file_value is None and self.args['state'] == "absent":
self.changed = False
elif self.file_values[thisname] and self.args['state'] == "absent":
elif current_file_value and self.args['state'] == "absent":
self.changed = True
self.write_file = True
elif self.file_values[thisname] != self.args['value']:
elif current_file_value != self.args['value']:
self.changed = True
self.write_file = True
# with reload=yes we should check if the current system values are
@ -306,15 +355,22 @@ class SysctlModule(object):
# https://github.com/ansible/ansible/issues/58158
return
else:
# system supports reloading via the -p flag to sysctl, so we'll use that
sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
if self.args['ignoreerrors']:
sysctl_args.insert(1, '-e')
if self.system_wide:
for sysctl_file in self.SYSCTL_DIRS:
for conf_file in glob.glob(sysctl_file):
rc, out, err = self.module.run_command([self.sysctl_cmd, '-p', conf_file], environ_update=self.LANG_ENV)
if rc != 0 or self._stderr_failed(err):
self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
else:
# system supports reloading via the -p flag to sysctl, so we'll use that
sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
if self.args['ignoreerrors']:
sysctl_args.insert(1, '-e')
rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
if rc != 0 or self._stderr_failed(err):
self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
if rc != 0 or self._stderr_failed(err):
self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
# ==============================================================
# SYSCTL FILE MANAGEMENT
@ -344,6 +400,35 @@ class SysctlModule(object):
v = v.strip()
self.file_values[k] = v.strip()
# Get the token value from all system-wide sysctl files
def read_system_wide_sysctl_files(self):
"""Read all system-wide sysctl configuration files when system_wide=True"""
system_values = {}
for sysctl_pattern in self.SYSCTL_DIRS:
for conf_file in glob.glob(sysctl_pattern):
if os.path.isfile(conf_file):
try:
with open(conf_file, "r") as read_file:
lines = read_file.readlines()
for line in lines:
line = line.strip()
# don't split empty lines or comments or line without equal sign
if not line or line.startswith(("#", ";")) or "=" not in line:
continue
k, v = line.split('=', 1)
k = k.strip()
v = v.strip()
# Later files override earlier ones (mimicking sysctl --system behavior)
system_values[k] = v.strip()
except IOError:
# Skip files that can't be read
continue
return system_values
# Fix the value in the sysctl file content
def fix_lines(self):
checked = []
@ -401,7 +486,8 @@ def main():
reload=dict(default=True, type='bool'),
sysctl_set=dict(default=False, type='bool'),
ignoreerrors=dict(default=False, type='bool'),
sysctl_file=dict(default='/etc/sysctl.conf', type='path')
sysctl_file=dict(default='/etc/sysctl.conf', type='path'),
system_wide=dict(default=False, type='bool'), # system_wide parameter
),
supports_check_mode=True,
required_if=[('state', 'present', ['value'])],

118
tests/integration/targets/sysctl/tasks/main.yml
View file

@ -229,6 +229,91 @@
ansible.builtin.assert:
that:
- sysctl_test4 is failed
##
## sysctl --system
##
- name: Set vm.swappiness to 10 with --system option
ansible.posix.sysctl:
name: vm.swappiness
value: 10
state: present
reload: false
sysctl_set: true
system_wide: true
register: sysctl_system_test1
- name: Check with sysctl command
ansible.builtin.command: sysctl vm.swappiness
changed_when: false
register: sysctl_check_system1
- name: Debug sysctl_system_test1 sysctl_check_system1
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
- "{{ sysctl_system_test1 }}"
- "{{ sysctl_check_system1 }}"
- name: Validate results for --system option
ansible.builtin.assert:
that:
- sysctl_system_test1 is changed
- sysctl_check_system1.stdout_lines == ["vm.swappiness = 10"]
# Test system_wide with reload=true
- name: Set vm.dirty_ratio to 20 with system_wide and reload=true
ansible.posix.sysctl:
name: vm.dirty_ratio
value: 20
state: present
reload: true
system_wide: true
register: sysctl_system_reload_test
- name: Check vm.dirty_ratio value
ansible.builtin.command: sysctl -n vm.dirty_ratio
changed_when: false
register: sysctl_check_dirty_ratio
- name: Validate system_wide with reload
ansible.builtin.assert:
that:
- sysctl_system_reload_test is changed
- sysctl_check_dirty_ratio.stdout == "20"
# Test system_wide=false behavior (default)
- name: Create custom sysctl file for testing
ansible.builtin.copy:
content: |
# Custom sysctl test file
vm.dirty_background_ratio=5
dest: "{{ output_dir_test }}/custom_sysctl.conf"
mode: "0644"
- name: Set vm.dirty_background_ratio with system_wide=false
ansible.posix.sysctl:
name: vm.dirty_background_ratio
value: 10
state: present
reload: true
system_wide: false
sysctl_file: "{{ output_dir_test }}/custom_sysctl.conf"
register: sysctl_system_false_test
- name: Check custom sysctl file content
ansible.builtin.command: cat {{ output_dir_test }}/custom_sysctl.conf
changed_when: false
register: custom_sysctl_content
- name: Validate system_wide=false behavior
ansible.builtin.assert:
that:
- sysctl_system_false_test is changed
- "'vm.dirty_background_ratio=10' in custom_sysctl_content.stdout"
- name: Test on RHEL VMs
when:
@ -366,3 +451,36 @@
that:
- stat_result.stat.islnk is defined and stat_result.stat.islnk
- stat_result.stat.lnk_source == '/tmp/ansible_sysctl_test.conf'
# Test sysctl: --system
- name: Set vm.swappiness to 10 with --system option
ansible.posix.sysctl:
name: vm.swappiness
value: 10
state: present
reload: false
sysctl_set: true
system_wide: true
register: sysctl_system_test1
- name: Check with sysctl command
ansible.builtin.command: sysctl vm.swappiness
changed_when: false
register: sysctl_check_system1
- name: Debug sysctl_system_test1 sysctl_check_system1
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
- "{{ sysctl_system_test1 }}"
- "{{ sysctl_check_system1 }}"
- name: Validate results for --system option
ansible.builtin.assert:
that:
- sysctl_system_test1 is changed
- sysctl_check_system1.stdout_lines == ["vm.swappiness = 10"]
- name: Include system_wide specific tests
ansible.builtin.include_tasks: system_wide_tests.yml

203
tests/integration/targets/sysctl/tasks/system_wide_tests.yml Normal file
View file

@ -0,0 +1,203 @@
---
# Additional tests specifically for system_wide parameter functionality
- name: Test system_wide parameter basic functionality
block:
# Test system_wide with a simple sysctl parameter
- name: Set vm.swappiness with system_wide=true (first time)
ansible.posix.sysctl:
name: vm.swappiness
value: 35
state: present
reload: false
system_wide: true
register: sysctl_system_wide_first_test
- name: Debug first test result
ansible.builtin.debug:
var: sysctl_system_wide_first_test
- name: Set vm.swappiness with system_wide=true (second time - should not change)
ansible.posix.sysctl:
name: vm.swappiness
value: 35
state: present
reload: false
system_wide: true
register: sysctl_system_wide_second_test
- name: Debug second test result
ansible.builtin.debug:
var: sysctl_system_wide_second_test
- name: Validate system_wide basic functionality
ansible.builtin.assert:
that:
- sysctl_system_wide_first_test is changed
- sysctl_system_wide_second_test is not changed
# Test system_wide with reload=true
- name: Set vm.dirty_expire_centisecs with system_wide=true and reload
ansible.posix.sysctl:
name: vm.dirty_expire_centisecs
value: 3000
state: present
reload: true
system_wide: true
register: sysctl_system_wide_reload_test
- name: Check vm.dirty_expire_centisecs value
ansible.builtin.command: sysctl -n vm.dirty_expire_centisecs
changed_when: false
register: sysctl_check_dirty_expire
- name: Validate system_wide with reload=true
ansible.builtin.assert:
that:
- sysctl_system_wide_reload_test is changed
- sysctl_check_dirty_expire.stdout == "3000"
# Test system_wide=false behavior (default)
- name: Create custom sysctl file for testing system_wide=false
ansible.builtin.copy:
content: |
# Custom sysctl test file
vm.dirty_background_ratio=5
dest: "{{ output_dir_test }}/custom_sysctl.conf"
mode: "0644"
- name: Set vm.dirty_background_ratio with system_wide=false
ansible.posix.sysctl:
name: vm.dirty_background_ratio
value: 10
state: present
reload: true
system_wide: false
sysctl_file: "{{ output_dir_test }}/custom_sysctl.conf"
register: sysctl_system_false_test
- name: Check custom sysctl file content
ansible.builtin.command: cat {{ output_dir_test }}/custom_sysctl.conf
changed_when: false
register: custom_sysctl_content
- name: Validate system_wide=false behavior
ansible.builtin.assert:
that:
- sysctl_system_false_test is changed
- "'vm.dirty_background_ratio=10' in custom_sysctl_content.stdout"
# Test system_wide with check mode
- name: Test system_wide in check mode
ansible.posix.sysctl:
name: vm.swappiness
value: 25
state: present
reload: true
system_wide: true
check_mode: true
register: sysctl_system_wide_check_mode
- name: Validate check mode works with system_wide
ansible.builtin.assert:
that:
- sysctl_system_wide_check_mode is changed
# Test system_wide with missing directories (should not fail)
- name: Test system_wide with potentially missing directories
ansible.posix.sysctl:
name: vm.overcommit_memory
value: 1
state: present
reload: true
system_wide: true
ignoreerrors: true
register: sysctl_system_wide_missing_dirs
- name: Validate system_wide handles missing directories
ansible.builtin.assert:
that:
- sysctl_system_wide_missing_dirs is not failed
- name: Test system_wide with multiple configuration files (RHEL/CentOS only)
when:
- ansible_facts.os_family == 'RedHat'
- ansible_facts.virtualization_type != 'docker'
block:
# Test that system_wide processes multiple configuration files
- name: Create test sysctl.d file
ansible.builtin.copy:
content: |
# Test system-wide sysctl reload
vm.dirty_writeback_centisecs=500
dest: /etc/sysctl.d/99-ansible-test.conf
mode: "0644"
backup: true
register: test_sysctl_file
- name: Apply setting with system_wide to test multiple file processing
ansible.posix.sysctl:
name: vm.overcommit_memory
value: 1
state: present
reload: true
system_wide: true
register: sysctl_multifile_test
- name: Verify both settings are applied
ansible.builtin.shell: |
sysctl -n vm.dirty_writeback_centisecs
sysctl -n vm.overcommit_memory
changed_when: false
register: sysctl_multifile_check
- name: Validate multiple file processing
ansible.builtin.assert:
that:
- sysctl_multifile_test is changed
- "'500' in sysctl_multifile_check.stdout"
- "'1' in sysctl_multifile_check.stdout"
- name: Cleanup test sysctl.d file
ansible.builtin.file:
path: /etc/sysctl.d/99-ansible-test.conf
state: absent
- name: Test system_wide parameter combinations
block:
# Test system_wide with sysctl_set
- name: Test system_wide with sysctl_set=true
ansible.posix.sysctl:
name: vm.swappiness
value: 15
state: present
reload: true
system_wide: true
sysctl_set: true
register: sysctl_system_wide_set_test
- name: Check vm.swappiness value after system_wide + sysctl_set
ansible.builtin.command: sysctl -n vm.swappiness
changed_when: false
register: sysctl_check_swappiness_set
- name: Validate system_wide with sysctl_set
ansible.builtin.assert:
that:
- sysctl_system_wide_set_test is changed
- sysctl_check_swappiness_set.stdout == "15"
# Test system_wide with reload=false (should not trigger system reload)
- name: Test system_wide with reload=false
ansible.posix.sysctl:
name: vm.dirty_ratio
value: 25
state: present
reload: false
system_wide: true
register: sysctl_system_wide_no_reload
- name: Validate system_wide with reload=false
ansible.builtin.assert:
that:
- sysctl_system_wide_no_reload is changed