Ok, it seems the command "systemctl is-enabled <service>" returns rc=0 if server is enabled and rc=1 if service is not enabled.
Any rc != 0 is usually considered as an error. You can add the following: - name: check that log service is enabled if it's installed shell: systemctl is-enabled rsyslog register: service_status *failed_when: service_status.rc != 0 and service_status.rc != 1* (more conservative approach) or - name: check that log service is enabled if it's installed shell: systemctl is-enabled rsyslog register: service_status *ignore_errors: yes* (this will ignore any error. Use with caution.) El viernes, 18 de diciembre de 2020 a la(s) 10:39:24 UTC-6, [email protected] escribió: > fatal: [localhost]: FAILED! => {"changed": true, "cmd": "systemctl > is-enabled rsyslog", "delta": "0:00:00.005366", "end": "2020-12-18 > 11:37:39.206468", "msg": "non-zero return code", "rc": 1, "start": > "2020-12-18 11:37:39.201102", "stderr": "", "stderr_lines": [], "stdout": > "disabled", "stdout_lines": ["disabled"]} > > > On Friday, December 18, 2020 at 11:34:01 AM UTC-5 [email protected] wrote: > >> Try to write the full value of "service_status" right after being used to >> register the command with this: >> >> - debug >> msg: "{{ service_status }}" >> >> to detect what is missing. That dictionary should include stdout, stderr >> and stdout_lines keys if command "systemctl is-enabled rsyslog" was >> executed with no errors. >> >> El viernes, 18 de diciembre de 2020 a la(s) 09:33:43 UTC-6, >> [email protected] escribió: >> >>> TASK [set_fact] >>> ********************************************************************************************* >>> fatal: [localhost]: FAILED! => {"msg": "The conditional check >>> 'service_status.stdout_lines[0] == 'enabled'' failed. The error was: error >>> while evaluating conditional (service_status.stdout_lines[0] == 'enabled'): >>> 'dict object' has no attribute 'stdout_lines'\n\nThe error appears to be in >>> '/home/thuan/Desktop/STIG/57898.yml': line 44, column 7, but may\nbe >>> elsewhere in the file depending on the exact syntax problem.\n\nThe >>> offending line appears to be:\n\n\n - set_fact:\n ^ here\n"} >>> >>> TASK [Install log service package.] >>> ************************************************************************* >>> ok: [localhost] >>> >>> TASK [Ensure log service is enabled and running.] >>> *********************************************************** >>> changed: [localhost] >>> >>> TASK [set_fact] >>> ********************************************************************************************* >>> ok: [localhost] >>> >>> TASK [debug] >>> ************************************************************************************************ >>> ok: [localhost] => { >>> "msg": "V-57898 PASSED" >>> } >>> >>> TASK [lineinfile] >>> ******************************************************************************************* >>> ok: [localhost] >>> >>> >>> On Friday, December 18, 2020 at 10:10:18 AM UTC-5 [email protected] >>> wrote: >>> >>>> Can you copy the error message ? I don't see how the error can include >>>> something related to "results" is that is no longer part of the "when" >>>> entry. >>>> >>>> El viernes, 18 de diciembre de 2020 a la(s) 09:07:06 UTC-6, >>>> [email protected] escribió: >>>> >>>>> Hi, >>>>> >>>>> I've tried that and - service_status.stdout_lines[0] == 'enabled' >>>>> but still same error. >>>>> >>>>> >>>>> >>>>> >>>>> On Friday, December 18, 2020 at 9:54:04 AM UTC-5 [email protected] >>>>> wrote: >>>>> >>>>>> The error says "results" don't exist. >>>>>> >>>>>> I think that line should be: >>>>>> when: 'enabled' in service_status.stdout_lines[0] >>>>>> >>>>>> El viernes, 18 de diciembre de 2020 a la(s) 08:37:18 UTC-6, >>>>>> [email protected] escribió: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>> I'm getting the below error. I've tried: service_status.stdout == >>>>>>> 'enabled', >>>>>>> and service.status.stdout.find('enabled') != -1 but no luck. >>>>>>> >>>>>>> >>>>>>> TASK [set_fact] >>>>>>> ********************************************************************************************* >>>>>>> fatal: [localhost]: FAILED! => {"msg": "The conditional check >>>>>>> 'service_status.results[0].stdout == 'enabled'' failed. The error was: >>>>>>> error while evaluating conditional (service_status.results[0].stdout == >>>>>>> 'enabled'): 'dict object' has no attribute 'results'\n\nThe error >>>>>>> appears >>>>>>> >>>>>>> >>>>>>> >>>>>>> ================================================== >>>>>>> >>>>>>> >>>>>>> - name: Check if log package is installed. >>>>>>> block: >>>>>>> - name: Gather package facts. >>>>>>> become: true >>>>>>> package_facts: >>>>>>> manager: "auto" >>>>>>> - name: validating if the package is installed >>>>>>> debug: >>>>>>> msg: "{{ item }} is installed " >>>>>>> when: '"{{ item }}" in ansible_facts.packages' >>>>>>> with_items: >>>>>>> - rsyslog >>>>>>> register: rsyslog_check >>>>>>> >>>>>>> - name: check that log service is enabled if it's installed >>>>>>> shell: systemctl is-enabled rsyslog >>>>>>> register: service_status >>>>>>> >>>>>>> - debug: >>>>>>> var: service_status >>>>>>> >>>>>>> - name: check that log service is running. >>>>>>> shell: systemctl status rsyslog >>>>>>> register: active_status >>>>>>> - set_fact: >>>>>>> stig_text: "{{ stig_id }} FAILED. Log service isn't installed and >>>>>>> /or enabled or running." >>>>>>> when: "'rsyslog' in ansible_facts.packages" >>>>>>> >>>>>>> - set_fact: >>>>>>> stig_text: "PASSED" >>>>>>> when: >>>>>>> - service_status.results[0].stdout == 'enabled' >>>>>>> - active_status.stdout[0] == 'running' >>>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/89fe4717-97f8-46c5-a332-ee48d2f31137n%40googlegroups.com.
