Hi, Error is not about hosts being unreachable per say, but about a undefined variable (user_exists.rc here) that is still being evaluated for each host, whether it is reachable or not. I'm not sure on how to change this behavior, but you should be able to circumvent the issue by checking whether var is defined before evaluating it : when: "user_exists.rc is defined and user_exists.rc == 0 and inventory_hostname in groups['linux'] and user not in myusers"
Or setting a default value, here with 'default' jinja filter, though you can also initialize somewhere else : when: "user_exists.rc|d() == 0 and inventory_hostname in groups['linux'] and user not in myusers" On a side note, you should probably use more specific modules than shell / command when you can help it, though I don't know much of your context. Here you could use 'ansible.builtin.user' module <https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html#parameter-password_lock> :). Le samedi 29 juillet 2023 à 14:00:42 UTC+2, Kenady Inampudi a écrit : > I have a playbook to lock a user this works as expected but fails when > any of the server in the inventory is unreachable > lock_user.yml > ----------------- > --- > - name: Lock Users > hosts: "{{ target }}" > gather_facts: no > ignore_unreachable: yes > any_errors_fatal: false > vars: > - ansible_python_interpreter: /usr/bin/python > - myusers: ['sapadm', 'root', 'oracle'] > tasks: > - name: Warn about generic accounts > debug: > msg: "{{ user }} is a generic account. DO NOT ATTEMPT TO LOCK THIS > ACCOUNT!" > when: user in myusers > > - name: Check if the user exists {{ user }} > shell: id -u {{ user }} > register: user_exists > ignore_errors: true > > - name: Locking {{ user }} Linux > shell: "passwd -l {{ user }}" > when: "user_exists.rc == 0 and inventory_hostname in groups['linux'] > and user not in myusers" > > - name: Locking {{ user }} AIX > shell: "chuser account_locked=true {{ user }}" > when: "user_exists.rc == 0 and inventory_hostname in groups['aix'] > and user not in myusers" > > - name: User does not exist > debug: > msg: "{{ user }} doesnot exist" > when: user_exists.rc != 0 > > Failure messages at > > check_users task > > fatal: [server1]: FAILED! => {"msg": "Timeout (12s) waiting for privilege > escalation prompt: /etc/profile.d/lang.sh: line 19: warning: setlocale: > LC_CTYPE: cannot change locale (C.UTF-8)\\r\\n"} > ...ignoring > fatal: [server2]: UNREACHABLE! => {"changed": false, "msg": "Failed to > connect to the host via ssh: ssh: connect to host 10.65.112.84 port 22: > Connection timed out", "skip_reason": "Host server2 is unreachable", > "unreachable": true} > ...ignoring > > lock_user task > > fatal: [server1]: FAILED! => {"msg": "The conditional check > 'user_exists.rc == 0 and inventory_hostname in groups['linux'] and user not > in myusers' failed. The error was: error while evaluating conditional > (user_exists.rc == 0 and inventory_hostname in groups['linux'] and user not > in myusers): 'dict object' has no attribute 'rc'\\n\\nThe error appears to > be in '/runner/project/lock_user.yml': line 20, column 7, but may\\nbe > elsewhere in the file depending on the exact syntax problem.\\n\\nThe > offending line appears to be:\\n\\n\\n - name: Locking {{ user }} > Linux\\n ^ here\\nWe could be wrong, but this one looks like it might > be an issue with\\nmissing quotes. Always quote template expression > brackets when they\\nstart a value. For instance:\\n\\n with_items:\\n > - {{ foo }}\\n\\nShould be written as:\\n\\n with_items:\\n - > \\"{{ foo }}\\"\\n"} > fatal: [server2]: FAILED! => {"msg": "The conditional check > 'user_exists.rc == 0 and inventory_hostname in groups['linux'] and user not > in myusers' failed. The error was: error while evaluating conditional > (user_exists.rc == 0 and inventory_hostname in groups['linux'] and user not > in myusers): 'dict object' has no attribute 'rc'\\n\\nThe error appears to > be in '/runner/project/lock_user.yml': line 20, column 7, but may\\nbe > elsewhere in the file depending on the exact syntax problem.\\n\\nThe > offending line appears to be:\\n\\n\\n - name: Locking {{ user }} > Linux\\n ^ here\\nWe could be wrong, but this one looks like it might > be an issue with\\nmissing quotes. Always quote template expression > brackets when they\\nstart a value. For instance:\\n\\n with_items:\\n > - {{ foo }}\\n\\nShould be written as:\\n\\n with_items:\\n - > \\"{{ foo }}\\"\\n"} > > how can i fix this? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ef562a39-c607-43ec-b8b8-a1ce3ced1c5en%40googlegroups.com.
