Stdout error

[Thuan]

Hi,

I'm getting the below error. I've tried: service_status.stdout == 'enabled', 

  and service.status.stdout.find('enabled') != -1 but no luck.

TASK [set_fact] *********************************************************************************************

fatal: [localhost]: FAILED! => {"msg": "The conditional check 'service_status.results[0].stdout == 'enabled'' failed. The error was: error while evaluating conditional (service_status.results[0].stdout == 'enabled'): 'dict object' has no attribute 'results'\n\nThe error appears

==================================================

- name: Check if log package is installed.

block:

- name: Gather package facts.

become: true

package_facts:

manager: "auto"

- name: validating if the package is installed

debug:

msg: "{{ item }} is installed "

when: '"{{ item }}" in ansible_facts.packages'

with_items:

- rsyslog

register: rsyslog_check

- name: check that log service is enabled if it's installed

shell: systemctl is-enabled rsyslog

register: service_status

- debug:

var: service_status

- name: check that log service is running.

shell: systemctl status rsyslog

register: active_status

- set_fact:

stig_text: "{{ stig_id }} FAILED. Log service isn't installed and /or enabled or running."

when: "'rsyslog' in ansible_facts.packages"

- set_fact:

stig_text: "PASSED"

when:

- service_status.results[0].stdout == 'enabled'

- active_status.stdout[0] == 'running'

[Roberto Paz]

The error says "results" don't exist.

I think that line should be:

when: 'enabled' in service_status.stdout_lines[0]

[Thuan]

Hi,

I've tried that and - service_status.stdout_lines[0] == 'enabled'

but still same error.

[Roberto Paz]

Can you copy the error message ? I don't see how the error can include something related to "results" is that is no longer part of the "when" entry.

[Thuan]

TASK [set_fact] *********************************************************************************************

fatal: [localhost]: FAILED! => {"msg": "The conditional check 'service_status.stdout_lines[0] == 'enabled'' failed. The error was: error while evaluating conditional (service_status.stdout_lines[0] == 'enabled'): 'dict object' has no attribute 'stdout_lines'\n\nThe error appears to be in '/home/thuan/Desktop/STIG/57898.yml': line 44, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - set_fact:\n      ^ here\n"}

TASK [Install log service package.] *************************************************************************

ok: [localhost]

TASK [Ensure log service is enabled and running.] ***********************************************************

changed: [localhost]

TASK [set_fact] *********************************************************************************************

ok: [localhost]

TASK [debug] ************************************************************************************************

ok: [localhost] => {

    "msg": "V-57898 PASSED"

}

TASK [lineinfile] *******************************************************************************************

ok: [localhost]

[Roberto Paz]

Try to write the full value of "service_status" right after being used to register the command with this:

- debug

       msg: "{{ service_status }}"

to detect what is missing. That dictionary should include stdout, stderr and stdout_lines keys if command "systemctl is-enabled rsyslog" was executed with no errors.

[Thuan]

fatal: [localhost]: FAILED! => {"changed": true, "cmd": "systemctl is-enabled rsyslog", "delta": "0:00:00.005366", "end": "2020-12-18 11:37:39.206468", "msg": "non-zero return code", "rc": 1, "start": "2020-12-18 11:37:39.201102", "stderr": "", "stderr_lines": [], "stdout": "disabled", "stdout_lines": ["disabled"]}

[Roberto Paz]

Ok, it seems the command "systemctl is-enabled <service>" returns rc=0 if server is enabled and rc=1 if service is not enabled.

Any rc != 0 is usually considered as an error.

You can add the following:

- name: check that log service is enabled if it's installed

shell: systemctl is-enabled rsyslog

register: service_status

failed_when: service_status.rc != 0 and service_status.rc != 1

(more conservative approach)

or

- name: check that log service is enabled if it's installed

shell: systemctl is-enabled rsyslog

register: service_status

ignore_errors: yes

(this will ignore any error. Use with caution.)  

[Thuan]

I added your recommended codes, and received no error.

However, the rescue block didn't execute.

---------------------------------------------

- set_fact:

stig_id: V-xxxx

stig_text: "FAILED. Ubuntu isn't configured to preserve log records from failure events."

- local_action: lineinfile regexp='^V-xxxx' path="{{ output_path }}" state=absent

- name: Check if log package is installed.

block:

- name: Gather package facts.

become: true

package_facts:

manager: "auto"

- name: validating if the package is installed

debug:

msg: "{{ item }} is installed "

when: '"{{ item }}" in ansible_facts.packages'

with_items:

- rsyslog

register: rsyslog_check

- name: check that log service is enabled if it's installed

shell: systemctl is-enabled rsyslog

register: service_status

failed_when: service_status.rc != 0 and service_status.rc != 1

- name: check that log service is running.

shell: systemctl is-active rsyslog

register: active_status

failed_when: active_status.rc != 0 and active_status.rc != 1

- set_fact:

stig_text: "{{ stig_id }} FAILED. Log service isn't installed and /or enabled or running."

when: packages.rsyslog is not defined

- set_fact:

stig_text: "PASSED"

rescue:

- name: Install log service package.

become: true

apt:

name: rsyslog

state: present

update_cache: yes

cache_valid_time: 3600

register: installation

- name: Ensure log service is enabled and running.

service:

name: rsyslog

state: started

enabled: yes

register: start_service

- set_fact:

stig_text: "PASSED"

when:

- installation.changed

- start_service.changed

- debug:

msg: "{{ stig_id }} {{ stig_text }}"

always:

- local_action: lineinfile line="{{ stig_id }} {{ stig_text }}" path="{{ output_path }}" create=yes