Make persist-iptables more robust

We're seeing when the shell command fails (for whatever reason) and since it's failed_when: false, the subsequent tasks actually fail. We can check if stdout is not defined as a failure condition because that means the module itself failed and we should not continue to process the next tasks since they depend on stdout being defined.. Additionally we can add some retries to try again if possible. Change-Id: Iabc1619009220c6f1c91b84f81d5262c4d9d8430 Related-Bug: #1885697
2020-07-02 08:41:43 -06:00 · 2020-07-02 08:41:43 -06:00 · d8c3a4a808
commit d8c3a4a808
parent 5f6c714208
1 changed files with 6 additions and 2 deletions
--- a/roles/persistent-firewall/tasks/main.yaml
+++ b/roles/persistent-firewall/tasks/main.yaml
@ -3,7 +3,9 @@
  # Using shell to try and debug why this task when run sometimes returns -13
  shell: iptables-save
  changed_when: false
-  failed_when: false
+  failed_when: iptables_rules.stdout is not defined
+  retries: 5
+  delay: 1
  register: iptables_rules
  tags:
    - skip_ansible_lint
@ -13,7 +15,9 @@
  # Using shell to try and debug why this task when run sometimes returns -13
  shell: ip6tables-save
  changed_when: false
-  failed_when: false
+  failed_when: ip6tables_rules.stdout is not defined
+  retries: 5
+  delay: 1
  register: ip6tables_rules
  tags:
    - skip_ansible_lint