Ansible error handling with ignore_errors, any_errors_fatal, failed_when, and changed_when - Part 13

▬▬▬▬▬▬ 🚀 Courses ▬▬▬▬▬▬

▬▬▬▬▬▬ ⭐️ Guide and Repository ⭐️ ▬▬▬▬▬▬

Ansible has become the automation tool of choice for many DevOps engineers and system admins. Ansible is a strong tool, but it isn't always the best. Handling errors is an important part of every management process, and Ansible is no different. In this blog post, we'll look at the ignore_errors, any_errors_fatal, failed_when, and changed_when methods for handling errors in Ansible. By getting good at these methods, you can make playbooks that can handle mistakes and unplanned events well.

1. ignore_errors

With the ignore_errors statement, you can keep running a script even if one of its tasks fails. This can be especially helpful when running jobs that could fail for different reasons but shouldn't stop the plan from running as a whole.

To use ignore_errors, add it to a task definition and set it to "yes." Here's an example:

- name: Run a command that might fail
command: some_command
ignore_errors: yes

In this example, if "some_command" fails, Ansible will report the failure but continue executing the rest of the playbook.

2. any_errors_fatal

By default, if a task fails on some hosts, Ansible keeps running the rest of the plan. You can use the any_errors_fatal command to stop the playbook from running on all hosts if a task fails on any server. This can be helpful when a failed job could be a sign of a major problem that needs to be fixed right away.

Here's what I mean:

- name: Ensure all hosts have the correct configuration
hosts: all
any_errors_fatal: true
tasks:
- name: Apply critical security patch
command: apply_security_patch

In this example, if the "apply_security_patch" task fails on any host, the playbook will immediately stop executing on all hosts.

3. failed_when

The failed_when directive allows you to define custom conditions for a task to be considered as failed. This can be useful when the default failure conditions are not suitable for your specific use case.

For example, suppose you want to check if a file exists, but you don't want the task to fail if the file does not exist. In this case, you can use the "stat" module with the failed_when directive:

- name: Check if a file exists
stat:
path: /path/to/file
register: file_stat
failed_when: false

- name: Display a message if the file exists
debug:
msg: "The file exists."

4. changed_when

With the changed_when command, you can set your own rules to see if a task has changed a system. This can be helpful if the usual way to find out if the state has changed is not good enough for your use case.

For example, let's say you have a custom script that could change a system, but its return code doesn't tell you if any changes were made or not. In this case, you can use the changed_when directive with the "command" module:

- name: Run custom script
register: custom_script_result

In this example, the task will be considered as having made changes if the string "CHANGED" appears in the script's output.

▬▬▬▬▬▬ ⭐️ Time Stamps ⭐️ ▬▬▬▬▬▬

0:00 Intro
0:14 Example 1: copy file on offline servers
01:16 Example 2: Copy config file on wrong path
02:11 ignore_errors
04:47 any_errors_fatal
10:46 changed_when

▬▬▬▬▬▬ ⭐️ Follow me ⭐️ ▬▬▬▬▬▬

Disclaimer/Policy: All the content/instructions are solely mine. The source is completely open-source.

Video is copyrighted and can not be re-distributed on any platform.