Clever Geek Handbook

Failed_when with service and command

I want the list of services to be disabled if they exist on the system. By default, many of these services will not exist, but in cases where the service is installed I want it to be disabled.

If the service doesn't exist, ansible throws an error. While I can continue the task with ignore_error, I don't like it because it not only masks the real problem, but the error still shows up in the unlucky output, and I would rather the command didn't get in the habit of ignoring errors.

I've tried using failed_when, but I can't seem to get it to work with the service, and all the examples use the command, not the service. Here the task - disable_services - is a list declared elsewhere.

- name: "Stop and disable unneeded services"
  service: name={{ item }} enabled=no status=stopped
  failed_when: "'service not loaded' not in stderr"
  with_items: disable_services

The following output failed:

TASK: [hardening | Stop and disable unneeded services] ************************ 
fatal: [host.example.com] => error while evaluating conditional: 'service not loaded' not in stderr

I tried to register the service_output variable and check that "service not loaded" is not in service_output.stderr, but has the same error.

Is it possible to use fail_when in a service, and if so, what level 8 issue am I having here?

+3


source to share


2 answers


There are several problems:

  • He state

    , not status

    .
  • You need to use register

    to bind the result to a variable and then use that variable in failed_when

    .
  • Minor thing: you're only testing one kind of failure (should be fine in this case, but keep that in mind).

This should work:



- name: "Stop and disable unneeded services"
  service: name={{ item }} enabled=no state=stopped
  failed_when: "stop_disabled_services | failed and 'service not found' not in stop_disabled_services.msg"
  register: stop_disabled_services
  with_items: disable_services

And a note on how I got this code: I used ignore_errors

and debug: var=stop_disable_services

to find what is service

returned on error. The most interesting part was the list items stop_disabled_services.results

, as this value stop_disable_services

failed_when

will see. From there, only Jinja2 made sure that only some of the failures would be ignored.

+11


source


The solution I used is different from the marked answer. The solution listed in this answer solved my problem, but did not answer the question as I asked, so this is not the accepted answer. I think this is a much better approach than my initial efforts.

I created a command to get the "installed" services depending on the OS and register the results as a variable. Then I repeat the intersection of installed servers and disabled services.



This is much faster than repeating every potential service and ignoring the error, because only the services that I care about are tested. List_svcs_cmd is an OS dependent set of variables.

---
- name: Get registered services
  shell: "{{ list_svcs_cmd }}"
  register: loaded_services

- name: "Stop and disable unneeded services"
  service: name={{ item }} enabled=no state=stopped
  with_items: disable_services | intersect(loaded_services.stdout_lines)
+3


source






More articles:


All Articles