From 1c054ed40a4dbc2a48ffe7720d018c317cad8105 Mon Sep 17 00:00:00 2001

From: Watson Sato <wsato@redhat.com>

Date: Tue, 15 Feb 2022 14:12:55 +0100

Subject: [PATCH] Simply mask services that should be disabled

At some point Ansible started to return much more services in

ansible_facts.services, including services that are not installed.

This caused the task to think that the service exists, attempt to stop

and mask the service.

But systemd module fatal errors on non existing services, although the

module ends up masking the service in question.

The bash remediations simply mask the service, even if it is not

installed.

Let's do the same with Ansible, mask the service and ignore errors.

One down side is that every non-existing service is reported as an

error, which is ignored. But still a fatal error.

---

 shared/templates/service_disabled/ansible.template | 5 +----

 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/shared/templates/service_disabled/ansible.template b/shared/templates/service_disabled/ansible.template

index 550ed563056..254f41ac7fd 100644

--- a/shared/templates/service_disabled/ansible.template

+++ b/shared/templates/service_disabled/ansible.template

@@ -6,16 +6,13 @@

 {{%- if init_system == "systemd" %}}

 - name: Disable service {{{ SERVICENAME }}}

   block:

-  - name: Gather the service facts

-    service_facts:

-

   - name: Disable service {{{ SERVICENAME }}}

     systemd:

       name: "{{{ DAEMONNAME }}}.service"

       enabled: "no"

       state: "stopped"

       masked: "yes"

-    when: '"{{{ DAEMONNAME }}}.service" in ansible_facts.services'

+    ignore_errors: 'yes'

 - name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket"

   command: systemctl list-unit-files {{{ DAEMONNAME }}}.socket