Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error on Debian on first check_mode run #76

Open
Al-thi opened this issue Dec 23, 2022 · 3 comments
Open

Error on Debian on first check_mode run #76

Al-thi opened this issue Dec 23, 2022 · 3 comments
Labels
enhancement

Comments

@Al-thi
Copy link

Al-thi commented Dec 23, 2022
edited
Loading

Hello,

This role fails on Debian when playing the following tasks in check_mode on a fresh server :

- name: get fail2ban version
  ansible.builtin.command: >
    fail2ban-server -V
  changed_when: false
  check_mode: false
  register: _fail2ban_version_raw
  tags:
    - configuration
    - fail2ban
    - fail2ban-install

fails with :

fatal: [xxx]: FAILED! => {"changed": false, "cmd": "fail2ban-server -V", "msg": "[Errno 2] No such file or directory: b'fail2ban-server'", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

and :

- name: update configuration file - /etc/fail2ban/jail.local
  ansible.builtin.template:
    src: etc/fail2ban/jail.local.j2
    dest: /etc/fail2ban/jail.local
    owner: root
    group: root
    mode: 0644
  notify: restart fail2ban
  tags:
    - configuration
    - fail2ban
    - fail2ban-configuration
    - fail2ban-configuration-update

fails with :

fatal: [xxx]: FAILED! => {"changed": false, "msg": "AnsibleFilterError: Input version value cannot be empty"}

and :

- name: start and enable service
  ansible.builtin.service:
    name: fail2ban
    state: "{{ service_default_state | default('started') }}"
    enabled: "{{ service_default_enabled | default(true) | bool }}"
  tags:
    - configuration
    - fail2ban
    - fail2ban-start-enable-service

fails with :

fatal: [xxx]: FAILED! => {"changed": false, "msg": "Could not find the requested service fail2ban: host"}

because fail2ban is not installed and therefore the version cannot be parsed.

I suggest adding the following line to these tasks to ignore check_mode errors :

- name: get fail2ban version
  ansible.builtin.command: >
    fail2ban-server -V
  changed_when: false
  check_mode: false
  register: _fail2ban_version_raw
  tags:
    - configuration
    - fail2ban
    - fail2ban-install
  ignore_errors: "{{ ansible_check_mode }}" # fixes error
- name: update configuration file - /etc/fail2ban/jail.local
  ansible.builtin.template:
    src: etc/fail2ban/jail.local.j2
    dest: /etc/fail2ban/jail.local
    owner: root
    group: root
    mode: 0644
  notify: restart fail2ban
  tags:
    - configuration
    - fail2ban
    - fail2ban-configuration
    - fail2ban-configuration-update
  ignore_errors: "{{ ansible_check_mode and fail2ban_version == '' }}" # fixes error
- name: start and enable service
  ansible.builtin.service:
    name: fail2ban
    state: "{{ service_default_state | default('started') }}"
    enabled: "{{ service_default_enabled | default(true) | bool }}"
  tags:
    - configuration
    - fail2ban
    - fail2ban-start-enable-service
  ignore_errors: "{{ ansible_check_mode and fail2ban_version == '' }}" # fixes error
@Al-thi
Copy link
Author

Al-thi commented Dec 23, 2022

I also had to ignore errors in the handler, for the same reasons.

@Al-thi
Copy link
Author

Al-thi commented Dec 26, 2022

FYI I edited my post to fix a syntax error in the ignore_errors condition

@Al-thi
Copy link
Author

Al-thi commented Jan 5, 2023

FYI I updated again my message. Now it works 😓

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tersmitten @Al-thi