Merge 6782f88e39 into 34f140c22f

Fixed sysctl to work on symlinks

SUMMARY
Fixes #111.
This issue reports a bug of sysctl that the module does not work properly when sysctl_file is a symlink.
I Fixed the bug by inserting os.path.realpath to get real path.
When sysctl_file is a real file, os.path.realpath return the original path as is.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
sysctl
ADDITIONAL INFORMATION


I have executed the script described in #111 and confirmed that it works properly.
But I need to add some tests.

satken@dockerhost1:~/ansible$ sudo docker run --rm -v ${PWD}:/work -w /work -e ANSIBLE_LIBRARY=/work/ansible.posix -e ANSIBLE_HOST_KEY_CHECKING=False satken2/ansible:3.3.0 ansible-playbook -i hosts main.yml

PLAY [test] ********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.91.76]

TASK [test] ********************************************************************
ok: [192.168.91.76] => {
    "msg": "This is test"
}

TASK [command] *****************************************************************
changed: [192.168.91.76]

TASK [command] *****************************************************************
ok: [192.168.91.76]

TASK [debug] *******************************************************************
ok: [192.168.91.76] => {
    "sysctl_current_value.stdout": "kernel.randomize_va_space = 2"
}

TASK [copy] ********************************************************************
changed: [192.168.91.76]

TASK [file] ********************************************************************
changed: [192.168.91.76]

TASK [stat] ********************************************************************
ok: [192.168.91.76]

TASK [assert] ******************************************************************
ok: [192.168.91.76] => {
    "changed": false,
    "msg": "/tmp/ansible_sysctl_test_symlink.conf is correct symlink"
}

TASK [sysctl | enable randomized layout of virtual address space] **************
changed: [192.168.91.76]

TASK [stat] ********************************************************************
ok: [192.168.91.76]

TASK [assert] ******************************************************************
ok: [192.168.91.76] => {
    "changed": false,
    "msg": "/tmp/ansible_sysctl_test_symlink.conf is correct symlink"
}

PLAY RECAP *********************************************************************
192.168.91.76              : ok=12   changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Reviewed-by: quidame
Reviewed-by: Jill R

changelogs/fragments/197-acl-fix-performance.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - acl - Fix module performance (https://github.com/ansible-collections/ansible.posix/pull/197).

changelogs/fragments/206_fix_sysctl_to_work_on_symlinks.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).

plugins/modules/acl.py

@@ -141,9 +141,13 @@ acl:
 
 import os
 import platform
+import fcntl
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_native
+from ansible.module_utils.compat import selectors
+from ansible.module_utils.common.text.converters import to_native, to_text, to_bytes
+from ansible.module_utils.six import b
 
 
 def split_entry(entry):
@@ -223,7 +227,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     return cmd
 
 
-def acl_changed(module, cmd):
+def acl_changed(module, cmd, check_rc=True):
     '''Returns true if the provided command affects the existing ACLs, false otherwise.'''
     # FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
     if platform.system().lower() == 'freebsd':
@@ -231,11 +235,63 @@ def acl_changed(module, cmd):
 
     cmd = cmd[:]  # lists are mutables so cmd would be overwritten without this
     cmd.insert(1, '--test')
-    lines = run_acl(module, cmd)
+    module._acl_changed = False
 
-    for line in lines:
+    def _process_stdout_from_pipe(proc, _acl_module=module):
-        if not line.endswith('*,*'):
+        stdout = b''
-            return True
+        try:
+            selector = selectors.DefaultSelector()
+        except (IOError, OSError):
+            # Failed to detect default selector for the given platform
+            # Select PollSelector which is supported by major platforms
+            selector = selectors.PollSelector()
+
+        selector.register(proc.stdout, selectors.EVENT_READ)
+        if os.name == 'posix':
+            fcntl.fcntl(proc.stdout.fileno(), fcntl.F_SETFL, fcntl.fcntl(proc.stdout.fileno(), fcntl.F_GETFL) | os.O_NONBLOCK)
+
+        while True:
+            events = selector.select(1)
+            for key, event in events:
+                b_chunk = key.fileobj.read()
+                if b_chunk == b(''):
+                    selector.unregister(key.fileobj)
+                if key.fileobj == proc.stdout:
+                    stdout = b_chunk
+                if _acl_module._acl_changed:
+                    continue
+            lines = []
+            for l in stdout.splitlines():
+                lines.append(l.strip())
+            for line in lines:
+                if not line.endswith(b'*,*'):
+                    proc.terminate()
+                    _acl_module._acl_changed = True
+                    proc.returncode = 0
+
+            # only break out if no pipes are left to read or
+            # the pipes are completely read and
+            # the process is terminated
+            if (not events or not selector.get_map()) and proc.poll() is not None:
+                break
+            # No pipes are left to read but process is not yet terminated
+            # Only then it is safe to wait for the process to be finished
+            # NOTE: Actually proc.poll() is always None here if no selectors are left
+            elif not selector.get_map() and proc.poll() is None:
+                proc.wait()
+                # The process is terminated. Since no pipes to read from are
+                # left, there is no need to call select() again.
+                break
+
+    try:
+        (rc, out, err) = module.run_command(
+            cmd, check_rc=check_rc,
+            before_communicate_callback=_process_stdout_from_pipe)
+    except Exception as e:
+        module.fail_json(msg=to_native(e))
+
+    if module._acl_changed:
+        return True
     return False
 
 
@@ -356,7 +412,10 @@ def main():
 
         if changed and not module.check_mode:
             run_acl(module, command)
-        msg = "%s is present" % entry
+        if recursive:
+            msg = "%s is present recursively" % entry
+        else:
+            msg = "%s is present" % entry
 
     elif state == 'absent':
         entry = build_entry(etype, entity, use_nfsv4_acls)
@@ -368,15 +427,23 @@ def main():
 
         if changed and not module.check_mode:
             run_acl(module, command, False)
-        msg = "%s is absent" % entry
+        if recursive:
+            msg = "%s is absent recursively" % entry
+        else:
+            msg = "%s is absent" % entry
 
     elif state == 'query':
         msg = "current acl"
 
-    acl = run_acl(
+    if recursive:
-        module,
+        acl = []
-        build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
+        warn = "Not showing resulting acls in the recursive mode"
-    )
+        module.exit_json(changed=changed, msg=msg, acl=acl, warnings=warn)
+    else:
+        acl = run_acl(
+            module,
+            build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
+        )
 
     module.exit_json(changed=changed, msg=msg, acl=acl)
 

plugins/modules/sysctl.py

@@ -366,7 +366,7 @@ class SysctlModule(object):
     # Completely rewrite the sysctl file
     def write_sysctl(self):
         # open a tmp file
-        fd, tmp_path = tempfile.mkstemp('.conf', '.ansible_m_sysctl_', os.path.dirname(self.sysctl_file))
+        fd, tmp_path = tempfile.mkstemp('.conf', '.ansible_m_sysctl_', os.path.dirname(os.path.realpath(self.sysctl_file)))
         f = open(tmp_path, "w")
         try:
             for l in self.fixed_lines:
@@ -377,7 +377,7 @@ class SysctlModule(object):
         f.close()
 
         # replace the real one
-        self.module.atomic_move(tmp_path, self.sysctl_file)
+        self.module.atomic_move(tmp_path, os.path.realpath(self.sysctl_file))
 
 
 # ==============================================================

tests/integration/targets/sysctl/tasks/main.yml

@@ -332,3 +332,37 @@
         that:
           - sysctl_invalid_set1 is failed
           - "'vm.mmap_rnd_bits' not in sysctl_invalid_conf_content.stdout"
+
+    # Test sysctl: sysctl_file is symlink
+    - name: Create link source
+      ansible.builtin.copy:
+        content: |
+          # Testing Ansible Sysctl module on symlink.
+        dest: /tmp/ansible_sysctl_test.conf
+        mode: "0644"
+
+    - name: Create symlink to the conf file
+      ansible.builtin.file:
+        src: /tmp/ansible_sysctl_test.conf
+        dest: /tmp/ansible_sysctl_test_symlink.conf
+        state: link
+
+    - name: Use sysctl module with symlink sysctl file
+      ansible.posix.sysctl:
+        name: 'kernel.randomize_va_space'
+        value: '1'
+        sysctl_file: /tmp/ansible_sysctl_test_symlink.conf
+        state: present
+        sysctl_set: false
+        reload: false
+
+    - name: Stat sysctl file
+      ansible.builtin.stat:
+        path: /tmp/ansible_sysctl_test_symlink.conf
+      register: stat_result
+
+    - name: Ensure the sysctl file remains a symlink
+      ansible.builtin.assert:
+        that:
+          - stat_result.stat.islnk is defined and stat_result.stat.islnk
+          - stat_result.stat.lnk_source == '/tmp/ansible_sysctl_test.conf'