ansible --check mode for shift left

Steve_Button · September 7, 2022, 3:36pm

Hi,

I’m trying to add some “shift left” to my Ansible, so that mistakes don’t creep in. Firstly, I thought I would run --check (perhaps as a git pre-commit hook or perhaps in Jenkins pipeline eventually). So, I tried it locally. Unfortunately it bombs out in several places, as some tasks are reliant on the output of other tasks. Not a great problem, as I’ve added

when: not ansible_check_mode

to those tasks.

Is there a better way of achieving this? Particularly it would be useful to check that variables are set to something sensible (catch typos or just missed variables) BEFORE it goes into production. We have vars files based on environments, so these don’t get checked until we actually deploy to that environment.

mahespth · September 7, 2022, 3:53pm

Hi Steve,

Take a look at check_mode and assess your playbook to see which features are you can safely change, ie those that do not make change.

https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html

Regards
Steve Maher

vbotka · September 7, 2022, 3:59pm

Providing default values for missing outputs might be a better option
in some cases. It would be good to see the particular case(s).

Mike_Eggleston · September 7, 2022, 3:59pm

Try a dry run with —check on a remote host (—limit $HOST). I forgot, —check does a dry run.

Mike

Topic		Views
variables in "--check" mode Ansible Project	5	May 23, 2014
Developers: Improvements to --check mode (pseudo dry run), now working for more module types, how to instrument the others... Ansible Project	1	February 17, 2013
Check mode by default Ansible Developer	5	September 29, 2014
force --check Ansible Project	2	February 25, 2016
Group project? Adding --check mode to core modules Ansible Project	3	February 10, 2013

ansible --check mode for shift left

Related topics