I’ve just been auditing things and found that sometimes we used the template module with backups=yes even though it was configuring e.g. logrotate stuff in /etc/logrotate.d/
However, programs like logrotate may/will read all files in the directory, including the backups.
So perhaps this would be a useful tip.
I was also wondering - did anyone get burned by this?
Josef
Shouldn't such programs have a filter exclude setting? dpkg and rpm will both place temp files into .d style folders, while installing a package. I can't speak as to what temp extension rpm uses, but dpkg will create a $file.dpkg-new or $file.dpkg-old in such a folder. Plus, vim creates .$file.swp. So, it seems that these other programs will already need to have a way to exclude those files, and ansible should(or might already be) do something similar.
I've worked around it several ways:
- exclude specific extensions: *~ (also works for editor backups)
- include specific extensions: Include *.conf
- make the backups hidden: .backupfile
Also there might be an update in the works for making backups live on
the 'master' not on the target machines. Currently you can simulate
this with a fetch + file/absent set of tasks.