From 1c054ed40a4dbc2a48ffe7720d018c317cad8105 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 15 Feb 2022 14:12:55 +0100 Subject: [PATCH] Simply mask services that should be disabled At some point Ansible started to return much more services in ansible_facts.services, including services that are not installed. This caused the task to think that the service exists, attempt to stop and mask the service. But systemd module fatal errors on non existing services, although the module ends up masking the service in question. The bash remediations simply mask the service, even if it is not installed. Let's do the same with Ansible, mask the service and ignore errors. One down side is that every non-existing service is reported as an error, which is ignored. But still a fatal error. --- shared/templates/service_disabled/ansible.template | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/shared/templates/service_disabled/ansible.template b/shared/templates/service_disabled/ansible.template index 550ed563056..254f41ac7fd 100644 --- a/shared/templates/service_disabled/ansible.template +++ b/shared/templates/service_disabled/ansible.template @@ -6,16 +6,13 @@ {{%- if init_system == "systemd" %}} - name: Disable service {{{ SERVICENAME }}} block: - - name: Gather the service facts - service_facts: - - name: Disable service {{{ SERVICENAME }}} systemd: name: "{{{ DAEMONNAME }}}.service" enabled: "no" state: "stopped" masked: "yes" - when: '"{{{ DAEMONNAME }}}.service" in ansible_facts.services' + ignore_errors: 'yes' - name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket" command: systemctl list-unit-files {{{ DAEMONNAME }}}.socket