I added your recommended codes, and received no error.
However, the rescue block didn't execute.
---------------------------------------------
- set_fact:
stig_id: V-xxxx
stig_text: "FAILED. Ubuntu isn't configured to preserve log records from
failure events."
- local_action: lineinfile regexp='^V-xxxx' path="{{ output_path }}"
state=absent
- name: Check if log package is installed.
block:
- name: Gather package facts.
become: true
package_facts:
manager: "auto"
- name: validating if the package is installed
debug:
msg: "{{ item }} is installed "
when: '"{{ item }}" in ansible_facts.packages'
with_items:
- rsyslog
register: rsyslog_check
- name: check that log service is enabled if it's installed
shell: systemctl is-enabled rsyslog
register: service_status
failed_when: service_status.rc != 0 and service_status.rc != 1
- name: check that log service is running.
shell: systemctl is-active rsyslog
register: active_status
failed_when: active_status.rc != 0 and active_status.rc != 1
- set_fact:
stig_text: "{{ stig_id }} FAILED. Log service isn't installed and /or
enabled or running."
when: packages.rsyslog is not defined
- set_fact:
stig_text: "PASSED"
rescue:
- name: Install log service package.
become: true
apt:
name: rsyslog
state: present
update_cache: yes
cache_valid_time: 3600
register: installation
- name: Ensure log service is enabled and running.
service:
name: rsyslog
state: started
enabled: yes
register: start_service
- set_fact:
stig_text: "PASSED"
when:
- installation.changed
- start_service.changed
- debug:
msg: "{{ stig_id }} {{ stig_text }}"
always:
- local_action: lineinfile line="{{ stig_id }} {{ stig_text }}" path="{{
output_path }}" create=yes
On Friday, December 18, 2020 at 12:57:53 PM UTC-5 [email protected] wrote:
> Ok, it seems the command "systemctl is-enabled <service>" returns rc=0 if
> server is enabled and rc=1 if service is not enabled.
>
> Any rc != 0 is usually considered as an error.
>
> You can add the following:
>
>
> - name: check that log service is enabled if it's installed
> shell: systemctl is-enabled rsyslog
> register: service_status
> *failed_when: service_status.rc != 0 and service_status.rc != 1*
>
> (more conservative approach)
>
> or
>
> - name: check that log service is enabled if it's installed
> shell: systemctl is-enabled rsyslog
> register: service_status
> *ignore_errors: yes*
>
> (this will ignore any error. Use with caution.)
> El viernes, 18 de diciembre de 2020 a la(s) 10:39:24 UTC-6,
> [email protected] escribió:
>
>> fatal: [localhost]: FAILED! => {"changed": true, "cmd": "systemctl
>> is-enabled rsyslog", "delta": "0:00:00.005366", "end": "2020-12-18
>> 11:37:39.206468", "msg": "non-zero return code", "rc": 1, "start":
>> "2020-12-18 11:37:39.201102", "stderr": "", "stderr_lines": [], "stdout":
>> "disabled", "stdout_lines": ["disabled"]}
>>
>>
>> On Friday, December 18, 2020 at 11:34:01 AM UTC-5 [email protected] wrote:
>>
>>> Try to write the full value of "service_status" right after being used
>>> to register the command with this:
>>>
>>> - debug
>>> msg: "{{ service_status }}"
>>>
>>> to detect what is missing. That dictionary should include stdout, stderr
>>> and stdout_lines keys if command "systemctl is-enabled rsyslog" was
>>> executed with no errors.
>>>
>>> El viernes, 18 de diciembre de 2020 a la(s) 09:33:43 UTC-6,
>>> [email protected] escribió:
>>>
>>>> TASK [set_fact]
>>>> *********************************************************************************************
>>>> fatal: [localhost]: FAILED! => {"msg": "The conditional check
>>>> 'service_status.stdout_lines[0] == 'enabled'' failed. The error was: error
>>>> while evaluating conditional (service_status.stdout_lines[0] ==
>>>> 'enabled'):
>>>> 'dict object' has no attribute 'stdout_lines'\n\nThe error appears to be
>>>> in
>>>> '/home/thuan/Desktop/STIG/57898.yml': line 44, column 7, but may\nbe
>>>> elsewhere in the file depending on the exact syntax problem.\n\nThe
>>>> offending line appears to be:\n\n\n - set_fact:\n ^ here\n"}
>>>>
>>>> TASK [Install log service package.]
>>>> *************************************************************************
>>>> ok: [localhost]
>>>>
>>>> TASK [Ensure log service is enabled and running.]
>>>> ***********************************************************
>>>> changed: [localhost]
>>>>
>>>> TASK [set_fact]
>>>> *********************************************************************************************
>>>> ok: [localhost]
>>>>
>>>> TASK [debug]
>>>> ************************************************************************************************
>>>> ok: [localhost] => {
>>>> "msg": "V-57898 PASSED"
>>>> }
>>>>
>>>> TASK [lineinfile]
>>>> *******************************************************************************************
>>>> ok: [localhost]
>>>>
>>>>
>>>> On Friday, December 18, 2020 at 10:10:18 AM UTC-5 [email protected]
>>>> wrote:
>>>>
>>>>> Can you copy the error message ? I don't see how the error can include
>>>>> something related to "results" is that is no longer part of the "when"
>>>>> entry.
>>>>>
>>>>> El viernes, 18 de diciembre de 2020 a la(s) 09:07:06 UTC-6,
>>>>> [email protected] escribió:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I've tried that and - service_status.stdout_lines[0] == 'enabled'
>>>>>> but still same error.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Friday, December 18, 2020 at 9:54:04 AM UTC-5 [email protected]
>>>>>> wrote:
>>>>>>
>>>>>>> The error says "results" don't exist.
>>>>>>>
>>>>>>> I think that line should be:
>>>>>>> when: 'enabled' in service_status.stdout_lines[0]
>>>>>>>
>>>>>>> El viernes, 18 de diciembre de 2020 a la(s) 08:37:18 UTC-6,
>>>>>>> [email protected] escribió:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>
>>>>>>>> I'm getting the below error. I've tried: service_status.stdout ==
>>>>>>>> 'enabled',
>>>>>>>> and service.status.stdout.find('enabled') != -1 but no luck.
>>>>>>>>
>>>>>>>>
>>>>>>>> TASK [set_fact]
>>>>>>>> *********************************************************************************************
>>>>>>>> fatal: [localhost]: FAILED! => {"msg": "The conditional check
>>>>>>>> 'service_status.results[0].stdout == 'enabled'' failed. The error was:
>>>>>>>> error while evaluating conditional (service_status.results[0].stdout
>>>>>>>> ==
>>>>>>>> 'enabled'): 'dict object' has no attribute 'results'\n\nThe error
>>>>>>>> appears
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ==================================================
>>>>>>>>
>>>>>>>>
>>>>>>>> - name: Check if log package is installed.
>>>>>>>> block:
>>>>>>>> - name: Gather package facts.
>>>>>>>> become: true
>>>>>>>> package_facts:
>>>>>>>> manager: "auto"
>>>>>>>> - name: validating if the package is installed
>>>>>>>> debug:
>>>>>>>> msg: "{{ item }} is installed "
>>>>>>>> when: '"{{ item }}" in ansible_facts.packages'
>>>>>>>> with_items:
>>>>>>>> - rsyslog
>>>>>>>> register: rsyslog_check
>>>>>>>>
>>>>>>>> - name: check that log service is enabled if it's installed
>>>>>>>> shell: systemctl is-enabled rsyslog
>>>>>>>> register: service_status
>>>>>>>>
>>>>>>>> - debug:
>>>>>>>> var: service_status
>>>>>>>>
>>>>>>>> - name: check that log service is running.
>>>>>>>> shell: systemctl status rsyslog
>>>>>>>> register: active_status
>>>>>>>> - set_fact:
>>>>>>>> stig_text: "{{ stig_id }} FAILED. Log service isn't installed and
>>>>>>>> /or enabled or running."
>>>>>>>> when: "'rsyslog' in ansible_facts.packages"
>>>>>>>>
>>>>>>>> - set_fact:
>>>>>>>> stig_text: "PASSED"
>>>>>>>> when:
>>>>>>>> - service_status.results[0].stdout == 'enabled'
>>>>>>>> - active_status.stdout[0] == 'running'
>>>>>>>>
>>>>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5d54df5e-5027-4c6d-aa10-912afa82984en%40googlegroups.com.
