issue with ansible dry-run mode (--check) on package installation tasks (yum and apt modules)

[js.a]

Hello guys.

I'm here to bring an issue with Ansible dry-run (--check) mode. I have been facing a curious situation where package installation made using Playbooks and run in a dry-run mode is not working as expected. Using register+debug module it's possible to see that the package has been successfully installed, but when I try to use that installed package in later task, Ansible fails.

My Playbook:

---
- hosts: logging
  become: yes

  tasks:
    - name: Setting up EPEL
      yum: name=epel-release state=present
      register: inst
    - debug: var=inst

    - name: Checking installation
      stat:
        path: /etc/yum.repos.d/epel.repo
      register: file

    - fail:
        msg: "File epel.repo doesn't exist!"
      when: file.stat.exists == False

Result:

[root@c7 projX]# ansible-playbook -i inventory epel.yml --check

PLAY [logging] ***************************************************************************

TASK [Gathering Facts] *******************************************************************
ok: [192.168.52.20]

TASK [Setting up EPEL] *******************************************************************
changed: [192.168.52.20]

TASK [debug] *****************************************************************************
ok: [192.168.52.20] => {
    "inst": {
        "changed": true,
        "changes": {
            "installed": [
                "epel-release"
            ]
        },
        "failed": false,
        "results": []
    }
}

TASK [Checking installation] *************************************************************
ok: [192.168.52.20]

TASK [fail] ******************************************************************************
fatal: [192.168.52.20]: FAILED! => {"changed": false, "msg": "File epel.repo doesn't exist!"}

PLAY RECAP *******************************************************************************
192.168.52.20              : ok=4    changed=1    unreachable=0    failed=1

---------------------------------------------------------------------------

If I take '--check' for dry-run out of the command it does work, but it's not the best approach for me once I'm planning to put this "checking task" in a CI software to "automate the automation".

My question is: is there any specific reason for that case (package installation) not to work with --check parameter? I've done further tests using Ubuntu and the Ansible's apt module but the same problem comes up.

Could you guys help me?

thank you.
j

[flowerysong]

The whole point of check mode is that it doesn't make changes to the system. If you want things to change (e.g. packages to install), don't run in check mode.

[js.a]

@flowerysong

The point is, a CI tool such as Travis, Tower... will report error on that task, but actually there is no error at all (normal running). In addition, package installing task is just 0,5% of the whole deployment project and thinking deeper, every task does changes on the systems. Many ansible other modules I have used do work in --check mode, except package manager which I am reporting here.

--------------------------------------- 

[Toshio Kuratomi]

The yum task succeeded. It's the subsequent fail that is failing.  You can make any other module +fail react in the same way:

- file: path=/var/tmp/i_do_not_exist_yet state=directory

- stat:

      path: /var/tmp/i_do_not_exist_yet
      register: file

    - fail:
        msg: "File i_do_not_exist_yet doesn't exist!"
      when: file.stat.exists == False

As flowerysong says, --check means, do not make any changes to the system.  So you cannot run ansible in check-mode and then expect an assertion that a change was made to succeed.  Similarly, you cannot expect that running a second task which depends on the first task to have changed the system in some way to succeed in check-mode because the change will not have been made to the system.

-Toshio

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/19f62a98-3ae0-4515-9da1-8058a7805dba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[js.a]

Ok guys, I got the point "--check doesn't make any changes to the system" after making more tests with tasks coupling (Task2 relies on previous executed Task1), --check mode will never work for these cases. Therefore, i will change my test pipeline to discard dry-run mode which has been thought to do a "Functional test".

Thank you very much for helping me.

j

--------------------------------------------------

[Kai Stian Olstad]

On 11.05.2018 22:42, js.a wrote:
> Ok guys, I got the point "--check doesn't make any changes to the
> system"
> after making more tests with tasks coupling (Task2 relies on previous
> executed Task1), --check mode will never work for these cases.
> Therefore, i
> will change my test pipeline to discard dry-run mode which has been
> thought
> to do a "Functional test".

An alternative to make check work involves some code changes.

You have "check_mode: no" to make a task run in check_mode.
You can also check if Ansible run in check mode to skip some task,
"when: not ansible_check_mode"

--
Kai Stian Olstad