Ini_file destroys all other content

Get Help
1

I’m trying to use the ini_file module to add AmbientCapabilties option with three values to a file. It’s worse than just not idempotent, it’s destructive. The first time it works fine but the second time it removes everything else in the file except the section, option and values.

  - name: Ensure "AmbientCapibilities is in section "[Service]" in the SplunkForwarder service config
    community.general.ini_file:
      path: /etc/systemd/system/SplunkForwarder.service
      section: Service
      option: AmbientCapabilities
      value: "{{ splunk_forwarder_ambient_capabilities | list | flatten | unique | join(' ') }}"
       mode: '0644'
       backup: true
       exclusive: true
       no_extra_spaces: true
    become: true
    when: splunk_forwarder_ambient_capabilities is defined and splunk_forwarder_ambient_capabilities | length

I’ve tried doing it with values: {{ splunk_forwarder_ambient_capabilities }}
and section_has_values but it seems this results in three individual option/value lines in the target file, like this:

AmbientCapabilities=foo
AmbientCapabilities=bar
AmbientCapabilities=baz

I can’t use a template because the service file is created by a command task that runs earlier in the role and can’t be easily replaced. I may be able to use lineinfile or some other module but I’d rather use ini_file because it matches the type of file (technically a systemd service file) but the structure is the same as an ini file.

I’m aware of systemd drop-ins but in this case the vendor has chosen to do things in a non-standard way so I have to work with what I have.

2

The task you have posted doesn’t look valid due to the indenting, also the unbalanced quotes in the name breaks syntax highlighting, do these things make a difference? I can’t see what you are doing wrong apart from this.

I have also added a sort below so that a change in the order won’t result in changes.

  - name: "Ensure AmbientCapibilities is in section [Service] in the SplunkForwarder service config"
    community.general.ini_file:
      path: /etc/systemd/system/SplunkForwarder.service
      section: Service
      option: AmbientCapabilities
      value: "{{ splunk_forwarder_ambient_capabilities | list | flatten | unique | sort | join(' ') }}"
      mode: '0644'
      backup: true
      exclusive: true
      no_extra_spaces: true
    become: true
    when: splunk_forwarder_ambient_capabilities is defined and splunk_forwarder_ambient_capabilities | length

It is to be expected that using a values list will result in multiple options, there is an example of this in the documentation:

- name: Ensure multiple values "beverage=coke" and "beverage=pepsi" are in section "[drinks]" in specified file
  community.general.ini_file:
    path: /etc/conf
    section: drinks
    option: beverage
    values:
      - coke
      - pepsi
    mode: '0600'
    state: present
3

That’s not true. You might not want to do it with a template, but it is something you can do. (Source: it’s what I do.)

It’s also unclear to me what you mean by this. You should still be able to use drop-in files as it’s systemd functionality, not something that Splunk needs to do something special to support.