accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode

2023-11-09 17:08:13 +01:00 · 2023-11-09 17:08:13 +01:00 · 1f0011ad2a
parent 6822eaa4f0
commit 1f0011ad2a
6 changed files with 34 additions and 14 deletions
--- a/1
+++ b/1
@ -81,6 +81,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * etc-git: add versioning for /var/unbound/etc
 * base: ignore errors on packages installation because it fails for some packages when run in check mode
 * evomaintenance: upstream release 23.10.1
+* accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode

 ### Fixed

--- a/roles/accounts/tasks/user.yml
+++ b/roles/accounts/tasks/user.yml
@ -23,7 +23,7 @@
    - accounts
    - admin

- name: "Gather available local users"
+- name: "Gather available local users for usage in check_mode"
  ansible.builtin.getent:
    database: passwd
  tags:
@ -57,6 +57,13 @@
    - accounts
    - admin

+- name: "Gather available local groups for usage in check_mode"
+  ansible.builtin.getent:
+    database: group
+  tags:
+    - accounts
+    - admin
+
 - name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
  ansible.builtin.user:
    name: "{{ user.name }}"
@ -68,7 +75,9 @@
    - "{{ evobsd_sudo_group }}"
  loop_control:
    loop_var: groups_item
-  when: user.name in getent_passwd.keys()
+  when:
+    - user.name in getent_passwd.keys()
+    - groups_item in getent_group.keys()
  tags:
    - accounts
    - admin
--- a/roles/etc-git/tasks/repository.yml
+++ b/roles/etc-git/tasks/repository.yml
@ -16,6 +16,7 @@
    repo: "{{ repository_path }}"
    scope: local
    value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}"
+  when: not ansible_check_mode
  tags:
    - etc-git

@ -28,20 +29,13 @@
  tags:
    - etc-git

- name: "{{ repository_path }}/.gitignore is present"
-  ansible.builtin.copy:
-    src: gitignore
-    dest: "{{ repository_path }}/.gitignore"
-    owner: root
-    mode: "0600"
-    force: false
-  tags:
-    - etc-git
-
 - name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
  ansible.builtin.lineinfile:
    dest: "{{ repository_path }}/.gitignore"
    line: "{{ item }}"
+    owner: root
+    mode: "0600"
+    create: true
  loop: "{{ gitignore_items | default([]) }}"
  tags:
    - etc-git
@ -51,6 +45,7 @@
    name: core.editor
    scope: global
    value: vim
+  when: not ansible_check_mode
  tags:
    - etc-git

--- a/roles/evocheck/tasks/exec.yml
+++ b/roles/evocheck/tasks/exec.yml
@ -1,6 +1,7 @@
 ---
 - name: "Run evocheck"
-  ansible.builtin.command: "{{ evocheck_bin_dir }}/evocheck.sh"
+  ansible.builtin.command:
+    cmd: "{{ evocheck_bin_dir }}/evocheck.sh"
  register: evocheck_run
  changed_when: false
  failed_when: false
@ -10,6 +11,6 @@

 - ansible.builtin.debug:
    var: evocheck_run.stdout_lines
-  when: evocheck_run.stdout | length != 0
+  when: evocheck_run.stdout | length > 0
  tags:
    - evocheck-exec
--- a/roles/nagios-nrpe/handlers/main.yml
+++ b/roles/nagios-nrpe/handlers/main.yml
@ -3,3 +3,4 @@
  ansible.builtin.service:
    name: nrpe
    state: restarted
+  when: nrpe_exists.stat.exists
--- a/roles/nagios-nrpe/tasks/main.yml
+++ b/roles/nagios-nrpe/tasks/main.yml
@ -31,9 +31,15 @@
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.cfg
    line: 'include_dir=/etc/nrpe.d'
+    create: true
  tags:
    - nagios-nrpe

+- name: "Check if nrpe service exists, for usage in check_mode"
+  stat: 
+    path: /etc/rc.d/nrpe
+  register: nrpe_exists
+
 - name: "Custom configuration is present"
  ansible.builtin.blockinfile:
    block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
@ -61,6 +67,8 @@
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
+    create: true
+    mode: "0644"
  when: nrpe_config_content.rc != 0
  tags:
    - nagios-nrpe
@ -72,6 +80,8 @@
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
+    create: true
+    mode: "0644"
  when: nrpe_config_content.rc == 0
  tags:
    - nagios-nrpe
@ -81,6 +91,8 @@
    dest: /etc/nrpe.d/evolix.cfg
    insertbefore: BOF
    line: "# Allowed IPs"
+    create: true
+    mode: "0644"
  tags:
    - nagios-nrpe

@ -142,5 +154,6 @@
    name: nrpe
    enabled: true
    state: started
+  when: nrpe_exists.stat.exists
  tags:
    - nagios-nrpe