ignore-errors¶
此规则检查剧本是否使用ignore_errors指令来忽略所有错误。在剧本中忽略所有错误会隐藏实际的故障,错误地将任务标记为失败,并导致意外的副作用和行为。
不要使用ignore_errors: true指令,而应执行以下操作:
- 仅在使用
{{ ansible_check_mode }}变量时忽略错误。 - 使用
register注册错误。 - 使用
failed_when:并指定可接受的错误条件。
问题代码¶
---
- name: Example playbook
hosts: all
tasks:
- name: Run apt-get update
ansible.builtin.command: apt-get update
ignore_errors: true # <- Ignores all errors, including important failures.
正确代码¶
---
- name: Example playbook
hosts: all
tasks:
- name: Run apt-get update
ansible.builtin.command: apt-get update
ignore_errors: "{{ ansible_check_mode }}" # <- Ignores errors in check mode.
---
- name: Example playbook
hosts: all
tasks:
- name: Run apt-get update
ansible.builtin.command: apt-get update
ignore_errors: true
register: ignore_errors_register # <- Stores errors and failures for evaluation.
---
- name: Example playbook
hosts: all
tasks:
- name: Disable apport
become: "yes"
lineinfile:
line: "enabled=0"
dest: /etc/default/apport
mode: 0644
state: present
register: default_apport
failed_when: default_apport.rc !=0 and not default_apport.rc == 257 # <- Defines conditions that constitute a failure.