issue with ansible dry-run mode (--check) on package installation tasks (yum and apt modules)

js.a · May 10, 2018, 4:11am

Hello guys.

I’m here to bring an issue with Ansible dry-run (–check) mode. I have been facing a curious situation where package installation made using Playbooks and run in a dry-run mode is not working as expected. Using register+debug module it’s possible to see that the package has been successfully installed, but when I try to use that installed package in later task, Ansible fails.

My Playbook:

flowerysong1 · May 10, 2018, 5:06am

The whole point of check mode is that it doesn’t make changes to the system. If you want things to change (e.g. packages to install), don’t run in check mode.

js.a · May 11, 2018, 2:55am

@flowerysong

The point is, a CI tool such as Travis, Tower… will report error on that task, but actually there is no error at all (normal running). In addition, package installing task is just 0,5% of the whole deployment project and thinking deeper, every task does changes on the systems. Many ansible other modules I have used do work in --check mode, except package manager which I am reporting here.

tkuratom · May 11, 2018, 3:10am

The yum task succeeded. It’s the subsequent fail that is failing. You can make any other module +fail react in the same way:

file: path=/var/tmp/i_do_not_exist_yet state=directory
stat:
path: /var/tmp/i_do_not_exist_yet
register: file
fail:
msg: “File i_do_not_exist_yet doesn’t exist!”
when: file.stat.exists == False

As flowerysong says, --check means, do not make any changes to the system. So you cannot run ansible in check-mode and then expect an assertion that a change was made to succeed. Similarly, you cannot expect that running a second task which depends on the first task to have changed the system in some way to succeed in check-mode because the change will not have been made to the system.

-Toshio

js.a · May 11, 2018, 8:42pm

Ok guys, I got the point “–check doesn’t make any changes to the system” after making more tests with tasks coupling (Task2 relies on previous executed Task1), --check mode will never work for these cases. Therefore, i will change my test pipeline to discard dry-run mode which has been thought to do a “Functional test”.

Thank you very much for helping me.

j

Kai_Stian_Olstad · May 12, 2018, 10:54am

An alternative to make check work involves some code changes.

You have "check_mode: no" to make a task run in check_mode.
You can also check if Ansible run in check mode to skip some task, "when: not ansible_check_mode"

Topic		Views
Issues trying to get dry run(--check) to play out cleanly Ansible Project	0	January 29, 2014
Playbook fails on check but runs fine otherwise Ansible Project	2	March 9, 2016
Reporting on dry run package updates Ansible Project galaxy-ng	0	December 8, 2015
Why no dry run ability? Ansible Project ansible-project	1	February 8, 2013
Developers: Improvements to --check mode (pseudo dry run), now working for more module types, how to instrument the others... Ansible Project	1	February 17, 2013

issue with ansible dry-run mode (--check) on package installation tasks (yum and apt modules)

Related topics