From d8ae1e3b04550f271d5561430a9008dee1cf4187 Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Tue, 7 Jun 2016 13:05:49 -0500 Subject: [PATCH] Set check_mode variable every time In check mode, the security role will fail when tags are used. This is because the check_mode variable wasn't being set when tags were provided. This patch ensures that the tasks that check for check mode and set the subsequent check_mode variable will run every time. Closes-bug: 1590086 Change-Id: Ib6a29ee4c36632cd6d982ce87105f0ddec4a891d --- .../notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml | 7 +++++++ tasks/main.yml | 7 ++++++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml diff --git a/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml b/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml new file mode 100644 index 00000000..ee8e78d2 --- /dev/null +++ b/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + When the security role was run in Ansible's check mode and a tag was + provided, the ``check_mode`` variable was not being set. Any tasks which + depend on that variable would fail. This `bug is fixed `_ + and the ``check_mode`` variable is now set properly on every playbook run. diff --git a/tasks/main.yml b/tasks/main.yml index 582a843a..45e5c831 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -27,18 +27,23 @@ - name: Check if we're in check/audit mode command: /bin/true register: noop_result + tags: + - always - name: Check to see if systemd is in use command: systemctl status register: systemd_check failed_when: False - always_run: True + tags: + - always - name: Set facts set_fact: check_mode: "{{ noop_result | skipped }}" systemd_running: "{{ systemd_check | success }}" linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}" + tags: + - always - include: apt.yml when: ansible_pkg_mgr == 'apt'