Open Al-thi opened 1 year ago
Hello,
This role fails on Debian when playing the following tasks in check_mode on a fresh server :
- name: get fail2ban version ansible.builtin.command: > fail2ban-server -V changed_when: false check_mode: false register: _fail2ban_version_raw tags: - configuration - fail2ban - fail2ban-install
fails with :
fatal: [xxx]: FAILED! => {"changed": false, "cmd": "fail2ban-server -V", "msg": "[Errno 2] No such file or directory: b'fail2ban-server'", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
and :
- name: update configuration file - /etc/fail2ban/jail.local ansible.builtin.template: src: etc/fail2ban/jail.local.j2 dest: /etc/fail2ban/jail.local owner: root group: root mode: 0644 notify: restart fail2ban tags: - configuration - fail2ban - fail2ban-configuration - fail2ban-configuration-update
fatal: [xxx]: FAILED! => {"changed": false, "msg": "AnsibleFilterError: Input version value cannot be empty"}
- name: start and enable service ansible.builtin.service: name: fail2ban state: "{{ service_default_state | default('started') }}" enabled: "{{ service_default_enabled | default(true) | bool }}" tags: - configuration - fail2ban - fail2ban-start-enable-service
fatal: [xxx]: FAILED! => {"changed": false, "msg": "Could not find the requested service fail2ban: host"}
because fail2ban is not installed and therefore the version cannot be parsed.
I suggest adding the following line to these tasks to ignore check_mode errors :
- name: get fail2ban version ansible.builtin.command: > fail2ban-server -V changed_when: false check_mode: false register: _fail2ban_version_raw tags: - configuration - fail2ban - fail2ban-install ignore_errors: "{{ ansible_check_mode }}" # fixes error
- name: update configuration file - /etc/fail2ban/jail.local ansible.builtin.template: src: etc/fail2ban/jail.local.j2 dest: /etc/fail2ban/jail.local owner: root group: root mode: 0644 notify: restart fail2ban tags: - configuration - fail2ban - fail2ban-configuration - fail2ban-configuration-update ignore_errors: "{{ ansible_check_mode and fail2ban_version == '' }}" # fixes error
- name: start and enable service ansible.builtin.service: name: fail2ban state: "{{ service_default_state | default('started') }}" enabled: "{{ service_default_enabled | default(true) | bool }}" tags: - configuration - fail2ban - fail2ban-start-enable-service ignore_errors: "{{ ansible_check_mode and fail2ban_version == '' }}" # fixes error
I also had to ignore errors in the handler, for the same reasons.
FYI I edited my post to fix a syntax error in the ignore_errors condition
ignore_errors
FYI I updated again my message. Now it works :sweat:
Hello,
This role fails on Debian when playing the following tasks in check_mode on a fresh server :
fails with :
and :
fails with :
and :
fails with :
because fail2ban is not installed and therefore the version cannot be parsed.
I suggest adding the following line to these tasks to ignore check_mode errors :