Ansible-lint warn [301] Commands should not change things if nothing needs doing

geerlingguy / ansible-role-certbot

Ansible Role - Certbot (for Let's Encrypt)

https://galaxy.ansible.com/geerlingguy/certbot/

MIT License

793 stars 348 forks source link

Ansible-lint warn [301] Commands should not change things if nothing needs doing #144

Closed edouard-lopez closed 3 years ago

edouard-lopez commented 3 years ago

I have a task:

- name: Create Certificate for webapps
  command: "{{ certbot_create_command }}"
  notify: Reload Apache
  tags: [web, ssl]

But ansible-lint complains

  WARNING  Listing 1 violation(s) that are fatal                                                                                                                                                                                         
  [301] Commands should not change things if nothing needs doing

What conditional do you recommend?`

Mystic8b commented 3 years ago

Hey! You just need to add this: changed_when: false

olof-j commented 1 year ago

Just for context: doing changed_when: false will make a task show as unchanged, even though it has caused changes. To me, accepting a false positive (a noop command showing up as changed) would be better than a false negative (a command that makes changes shows up as ok). Especially in situations like this, that deal with creating certificates. A reasonable condition would be: does the certificate file exists?