failed_when - multiple conditions

[ProfHase]

Hi,
when trying to install keys to a java keystore I am using the following task:

- name: java install ssl certs
  shell:
    source /etc/profile.d/java.sh;
    cd $JAVA_HOME/jre/lib/security;
    $JAVA_HOME/bin/keytool -import -noprompt -keystore cacerts -alias {{ item }} -file /tmp/{{ item }}.crt -storepass storepass
  register: command_result
  changed_when: "'already exists' not in command_result.stdout"
  failed_when: "'already exists' not in command_result.stdout"

If the key has already been added, keytool returns '1' and writes '...already exists' to stdout.
I would like the task not to fail either:
- if the key has been added
or
the key already exists.

I tried the condition

failed_when: "'already exists' not in command_result.stdout and command_result.rc != 0"

But that one does not work (error while evaluating conditional).

Any ideas how to achieve this task?
Thanks a lot

[Michael DeHaan]

Multiple checks looks like:

failed_when: color == 'blue' or number == 5

Note that if you are telling when not to fail, you will need to negate your condition.

Ansible denotes lists of conditions as "ORs" so:

failed_when:

   - color == 'blue'

   - number == 5

Is equivalent syntax.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b537bc57-b9a4-4543-8cf7-40981a0faa9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ProfHase]

Okay thanks, maybe I got some problem with the semantics:

  failed_when:
    - "'already installed' not in command_result.stderr"
    - "command_result.rc == 1"

>> Does not fail if either of the conditions is false ( so it does not fail if result.rc == 1 and 'already installed' is in stderr) which in this case is the desired behaviour.
If one reads this task one could think that any of the list is a fail condition (so if one condition is true, everything fails), so this is not a real 'OR'?
Maybe there should be a module with 'passed when:' ?

Thanks

[Andy Baker]

Just hit a similar thing. I feel that 'passed_when' or 'succeeded_when' would make for simpler playbooks in several cases.

Also - it's not clear from the docs what syntax is allowed fo failed_when. Is it parsed as Python? i.e. any valid Python expression allowed?

[Brian Coca]

when: and all *_when: are parsed by jinja, so any valid jinja2
expression should work. If the docs are not clear on this we do take
PRs to make them better.

--
Brian Coca

[edroz...@gmail.com]

I just hit this issue (two years after you did) and the reply to my issue was that Ansible list syntax does an implicit AND on the multiple conditions, not OR, contradicting what Michael DeHaan wrote above earlier. I'm asking the Ansible project to document this somewhere, not obvious at all.

My issue submission for reference:

https://github.com/ansible/ansible/issues/18311

Using your original example, re-formatting as follows should work:

failed_when: >
    'already installed' not in command_result.stderr or
    command_result.rc == 1