Reputation: 2080
How to update an immutable file with Ansible
Trying to update an immutable file (on a filesystem that supports attributes) with Ansible fails with the following error.
Operation not permitted
Also see https://github.com/ansible/ansible/issues/48886
Example Task
- name: example
template:
src: example.j2
dest: /some/example
attributes: '+i'
So far I have come up with the following options to handle this, each with a drawback.
Option 1)
drawback: both tasks always change the file on every run
- name: Make example mutable (so changes can be applied)
file:
path: /some/example
attributes: '-i'
- name: Deploy example
template:
src: example.j2
dest: /some/example
attributes: '+i'
Option 2)
drawback: the initial error is shown which might be confusing and it has code duplication
- name: Handle example changes
block:
- name: Deploy example
template:
src: example.j2
dest: /some/example
attributes: '+i'
rescue:
- name: Make example mutable (so changes can be applied)
file:
path: /some/example
attributes: '-i'
- name: Deploy example
template:
src: example.j2
dest: /some/example
attributes: '+i'
So how should a task like this be implemented to successfully apply changes without any error?
Upvotes: 2
Views: 1319
Answers (1)
Reputation: 6685
i believe the source of your problem is the fact you work on /tmp Filesystem.
template module documentation states about the attributes:
To get supported flags look at the man page for chattr on the target system.
I played on my linux box with chattr command and here is the difference in behavior:
[root@greenhat-34 ~] > cd /tmp
[root@greenhat-34 tmp] > touch file1
[root@greenhat-34 tmp] > chattr +i file1
chattr: Inappropriate ioctl for device while reading flags on file1
[root@greenhat-34 tmp] > lsattr file1
lsattr: Inappropriate ioctl for device While reading flags on file1
[root@greenhat-34 tmp] > cd /
[root@greenhat-34 /] > touch file2
[root@greenhat-34 /] > chattr +i file2
[root@greenhat-34 /] > lsattr file2
----i--------------- file2
[root@greenhat-34 /] > rm file2
rm: remove regular empty file 'file2'? y
rm: cannot remove 'file2': Operation not permitted
[root@greenhat-34 /] > chattr -i file2
[root@greenhat-34 /] > rm file2
rm: remove regular empty file 'file2'? y
[root@greenhat-34 /] >
seems that chattr cant work on tmpfs FS.
TL/DR:
If you generate those files in a regular directory - for example: /testdir - instead of /tmp, you should be good to go.
Upvotes: 1
Related Questions
- How to copy file content to another file in Ansible without overwriting the second file
- How to overwrite file in Ansible
- Override content of File in ansible
- Updating an attribute in an Ansible List using
- Ansible replace text in file
- Edit key-value pairs in a file using Ansible playbook
- Replace the whole content of a file using Ansible
- How to modify the different values of the same file on 2 servers
- Edit json file using ansible
- Replacing a line of a file using Ansible