Description
SUMMARY
The sysctl module incorrectly reports changed: true when invoked with an invalid key on Alpine Linux.
This may be a soundness issue: the system is not in the desired state, but Ansible reports success.
One potential root cause is that Alpine's BusyBox sysctl returns exit code 0 even for invalid keys, and this is not correctly handled by the module.
ISSUE TYPE
- Bug Report
COMPONENT NAME
sysctl
ANSIBLE VERSION
ansible [core 2.18.3]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /venv3.12/lib/python3.12/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /venv3.12/bin/ansible
python version = 3.12.3 (main, Feb 4 2025, 14:48:35) [GCC 13.3.0] (/venv3.12/bin/python)
jinja version = 3.1.6
libyaml = True
COLLECTION VERSION
devel
OS / ENVIRONMENT
Reproduced on Alpine Linux 3.10.6 and 3.21.3
STEPS TO REPRODUCE
On Alpine Linux 3.21.3 or 3.20.6 (managed node, can use docker image to reproduce), run the integration tests of sysctl:
ansible-test integration sysctl -vvv --allow-destructive --requirements --allow-root --continue-on-error
EXPECTED RESULTS
The invalid sysctl name should trigger a failure with changed: false and an appropriate error message:
TASK [sysctl : Try sysctl with an invalid name] ********************************
fatal: [testhost]: FAILED! => {"changed": false, "msg": "Failed to reload sysctl: sysctl: cannot stat /proc/sys/test/invalid: No such file or directory\n"}
...ignoring
TASK [sysctl : Debug sysctl_test3] *********************************************
skipping: [testhost]
TASK [sysctl : Validate results for test 3] ************************************
ok: [testhost] => {
"changed": false,
"msg": "All assertions passed"
}
This occurs in all of the tested OSes asides Alpine (Debian, Ubuntu, RHEL, Rocky, Fedora, Suse)
ACTUAL RESULTS
On Alpine, the task incorrectly reports changed: true, despite the name being invalid:
TASK [sysctl : Try sysctl with an invalid name] ********************************
changed: [testhost] => {
"changed": true,
"invocation": {
"module_args": {
"ignoreerrors": false,
"name": "test.invalid",
"reload": true,
"state": "present",
"sysctl_file": "/etc/sysctl.conf",
"sysctl_set": false,
"value": "1"
}
}
}
TASK [sysctl : Debug sysctl_test3] *********************************************
task path: /root/.ansible/collections/ansible_collections/ansible/posix/tests/output/.tmp/integration/sysctl-m85le2_y-ÅÑŚÌβŁÈ/tests/integration/targets/sysctl/tasks/main.yml:146
ok: [testhost] => {
"sysctl_test3": {
"changed": true,
"failed": false
}
}
TASK [sysctl : Validate results for test 3] ************************************
fatal: [testhost]: FAILED! => {
"assertion": "sysctl_test3 is failed",
"changed": false,
"evaluated_to": false,
"msg": "Assertion failed"
}
This causes downstream assertions to fail.