Can anyone clarify how the validate option of the template module works? I have deliberately configured apache with invalid configuration. On the command line apache2 -t -f /etc/apache2/apache2.conf fails with a syntax error. But the template module, configured with validate: 'apache2 -t -f %s' thinks it’s just fine.
Also, what kind of results should be registered in a register variable for a failed validation?
I’m using ansible 2.4.4.0 on Ubuntu 18.04.
My task:
- name: "TestingConfig - Debian Family - Template main apache configuration file."
when: ansible_os_family == 'Debian'
template:
dest: "{{ aspects_apache24_test_configuration_root }}/apache2.conf"
src: "main.conf.j2"
owner: "root"
group: "root"
mode: "0640"
validate: 'apache2 -t -f %s'
register: inprocess_validation_result
tags:
- aspects_apache24
- aspects_apache24_configuration
- aspects_apache24_config
The template module does the validation using the new configuration file.
This takes places before the file is put into its final place, so it’s specifically not /etc/apache2/apache2.conf, but rather a temporary file.
The location of this tempfile is part of the registered results:
TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [bionic]
TASK [test template module] ***********************************************************************************************************************************
changed: [bionic]
TASK [debug] **************************************************************************************************************************************************
ok: [bionic] => {
“results”: {
“changed”: true,
“checksum”: “9ef49cb61d96783deb22dd7ba23f42d48303a840”,
“dest”: “/etc/apache2/apache2.conf”,
“diff”: ,
“failed”: false,
“gid”: 0,
“group”: “root”,
“md5sum”: “04f23d5d3f10c6f65eb3ec754d4ce73c”,
“mode”: “0644”,
“owner”: “root”,
“size”: 7250,
“src”: “/home/vagrant/.ansible/tmp/ansible-tmp-1534823379.24-1117512573422/source”,
“state”: “file”,
“uid”: 0
}
}
PLAY RECAP ****************************************************************************************************************************************************
bionic : ok=3 changed=1 unreachable=0 failed=0
From you question it’s not clear whether you manually ran ‘apache2 -t -f /etc/apache2/apache2.conf’ on the target host after the template module has run, or before that?
And it’s also not clear if the template module changed something when “thinks it’s just fine”.
Either way, debugging output (-v) should reveal more.
Dick
Well, I think there were quite a few issues in my role that manifested in the template validation not working correctly. With fresh eyes, and inspired to think things through better, I was able to get it fixed. I hope.
So, thanks!
To anyone experiencing something similar, double check your conditionals. If you have a main conf file that includes other templated conf files from elsewhere on the system, make sure your main file is really pulling in those files, and that the main file gets changed so that the validation command is triggered.