System Roles should consistently use ansible_managed in configuration files it manages

bz#2044640 The network role create an ifcfg file for initscripts. The file used to append a comment "# this file was created by ansible". This patch replaces the proprietary string with the ansible standard {{ ansible_managed }} to adjust to the other system roles. For the implementation, it borrowed the method from kernel_settings, getting the ansible managed comment using the get_ansible_managed.j2 template and pass the comment to network_connections which is added to the ifcfg file. In case network_provider is nm, the comment is not added to the ifcfg file as the file is not managed by Ansible. Note: the required parameter name to pass the ansible managed comment to the network_connection module is "__header". Do not use get_ansible_managed.j2 in the test scripts, but use a hardcoded ansible managed comment to simplify the tests. tests/tasks/get_profile_stat.yml: replace the '=' style with the YAML notation in set_fact. Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
2026-01-23 02:15:17 +00:00 · 2022-02-11 08:18:30 -08:00 · 2022-02-11 08:18:30 -08:00 · 79b39792e4
commit 79b39792e4
parent 61423ed36f
8 changed files with 46 additions and 6 deletions
--- a/library/network_connections.py
+++ b/library/network_connections.py
@ -1528,6 +1528,7 @@ class RunEnvironmentAnsible(RunEnvironment):
        "force_state_change": {"required": False, "default": False, "type": "bool"},
        "provider": {"required": True, "default": None, "type": "str"},
        "connections": {"required": False, "default": None, "type": "list"},
+        "__header": {"required": True, "default": None, "type": "str"},
        "__debug_flags": {"required": False, "default": "", "type": "str"},
    }

@ -1541,7 +1542,7 @@ class RunEnvironmentAnsible(RunEnvironment):

    @property
    def ifcfg_header(self):
-        return "# this file was created by ansible"
+        return self.module.params["__header"]

    def run_command(self, argv, encoding=None):
        return self.module.run_command(argv, encoding=encoding)
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -85,6 +85,9 @@
    force_state_change: "{{ network_force_state_change | default(omit) }}"
    connections: "{{ network_connections | default([]) }}"
    __debug_flags: "{{ __network_debug_flags | default(omit) }}"
+    __header: "{{ __lsr_ansible_managed }}"
+  vars:
+    __lsr_ansible_managed: "{{ lookup('template', 'get_ansible_managed.j2') }}"
  register: __network_connections_result

 - name: Show stderr messages
--- a/templates/get_ansible_managed.j2
+++ b/templates/get_ansible_managed.j2
@ -0,0 +1 @@
+{{ ansible_managed | comment }}
--- a/tests/playbooks/tests_ethtool_features.yml
+++ b/tests/playbooks/tests_ethtool_features.yml
@ -145,6 +145,7 @@
                      features:
                        tx_tcp_segmentation: "no"
                        tx-tcp-segmentation: "no"
+                __header: "# Ansible managed test header"
              register: __network_connections_result
          rescue:
            - name: Show network_connections result
--- a/tests/playbooks/tests_reapply.yml
+++ b/tests/playbooks/tests_reapply.yml
@ -46,6 +46,7 @@
                    - 192.0.2.72/31
                  dhcp4: false
                  auto6: false
+            __header: "# Ansible managed test header"
          ignore_errors: true
          register: test_module_run
        - name: Show test_module_run
--- a/tests/roles/linux-system-roles.network/templates
+++ b/tests/roles/linux-system-roles.network/templates
@ -0,0 +1 @@
+../../../templates/
--- a/tests/tasks/assert_profile_present.yml
+++ b/tests/tasks/assert_profile_present.yml
@ -5,3 +5,8 @@
  assert:
    that: lsr_net_profile_exists
    msg: "profile {{ profile }} does not exist"
+
+- name: "assert that ansible managed comment in '{{ profile }}' is present"
+  assert:
+    that: lsr_net_profile_ansible_managed
+    msg: "profile {{ profile }} does not have the ansible managed comment"
--- a/tests/tasks/get_profile_stat.yml
+++ b/tests/tasks/get_profile_stat.yml
@ -1,7 +1,9 @@
 # SPDX-License-Identifier: BSD-3-Clause
 ---
- name: Initialize NM profile exist flag
-  set_fact: lsr_net_profile_exists=false
+- name: Initialize NM profile exist and ansible_managed comment flag
+  set_fact:
+    lsr_net_profile_exists: false
+    lsr_net_profile_ansible_managed: false

 - name: stat profile file
  stat:
@ -12,7 +14,8 @@
  register: profile_stat

 - name: Set NM profile exist flag based on the profile files
-  set_fact: lsr_net_profile_exists=true
+  set_fact:
+    lsr_net_profile_exists: true
  when: profile_stat.stat.exists

 # When certain profile is marked as absent but still up, the `nmcli connection`
@ -24,6 +27,30 @@
  ignore_errors: yes
  changed_when: false

- name: Set NM profile exist flag based on the nmcli output
-  set_fact: lsr_net_profile_exists=true
+# lsr_net_profile_ansible_managed:
+# under NetworkManager's control, the comment is not added by design.
+# Thus, set it always to true.
+- name: >-
+    Set NM profile exist flag and ansible_managed flag true
+    based on the nmcli output
+  set_fact:
+    lsr_net_profile_exists: true
+    lsr_net_profile_ansible_managed: true
  when: nm_profile_exists.rc == 0
+
+- name: Check ansible_managed comment for the initscripts case
+  block:
+    - name: Get the ansible_managed comment in ifcfg-{{ profile }}
+      command: >-
+        grep "^# Ansible managed"
+        /etc/sysconfig/network-scripts/ifcfg-{{ profile }}
+      register: _result
+
+    - name: Verify the ansible_managed comment in ifcfg-{{ profile }}
+      set_fact:
+        lsr_net_profile_ansible_managed: true
+      when:
+        - _result.stdout_lines | length == 1
+  when:
+    - profile_stat.stat.exists
+    - nm_profile_exists.rc != 0