Jaap Joris Vens
Jaap Joris Vens

Reputation: 3560

How can I print a custom error message when an Ansible tasks fails?

The following Ansible playbook verifies that a user can access GitHub:

- name: Generate SSH keypair
  become: true
  user:
    name: '{{ system_user }}'
    generate_ssh_key: yes

- name: Register public key of user {{ system_user }}
  become: true
  slurp:
    src: '/home/{{ system_user }}/.ssh/id_rsa.pub'
  register: pubkey

- name: Verify the user {{ system_user }} can access GitHub
  become: true
  become_user: '{{ system_user }}'
  shell:
    cmd: 'ssh [email protected] 3>&2 2>&1 1>&3- | grep -q "successfully authenticated"'
    executable: /bin/bash

Currently, this play fails with the following error message:

TASK [Gathering Facts] *******************************************************************************
ok: [example.com]

TASK [Generate SSH keypair] **************************************************************************
ok: [example.com]

TASK [Register public key of user myuser] ************************************************************
ok: [example.com]

TASK [Verify the user myuser can access GitHub] ******************************************************
fatal: [example.com]: FAILED! => {"changed": true, "cmd": "ssh [email protected] 3>&2 2>&1 1>&3-
| grep -q \"successfully authenticated\"", "delta": "0:00:00.682593", "end": "2020-09-24 13:21:52.2524
73", "msg": "non-zero return code", "rc": 1, "start": "2020-09-24 13:21:51.569880", "std
err": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

PLAY RECAP *******************************************************************************************
example.com    : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

When this tasks fails, I would like to instruct the user to manually add the public key to their GitHub account. Therefore, I would like to customize the above error message to include the necessary instructions and the value of pubkey.content How can I do that? Something like the following would be great:

- name: Verify the user {{ system_user }} can access GitHub
  become: true
  become_user: '{{ system_user }}'
  shell:
    cmd: 'ssh [email protected] 3>&2 2>&1 1>&3- | grep -q "successfully authenticated"'
    executable: /bin/bash
  custom_error_message: >
    Oops, it seems that {{ system_user }} cannot access GitHub!
    Please add the following key to your GitHub account:
    {{ pubkey.content | b64decode }} 

Also, it would be nice if the task wouldn't simply check whether the user can log in, but also whether it has at least read access on a particular repository.

Upvotes: 1

Views: 5070

Answers (1)

Jaap Joris Vens
Jaap Joris Vens

Reputation: 3560

With many thanks to commenter @Zeitounator, I came up with the following solution:

- name: generate SSH keypair
  become: true
  user:
    name: '{{ system_user }}'
    generate_ssh_key: yes

- block:
    - name: verify the user {{ system_user }} can access the repository
      become: true
      become_user: '{{ system_user }}'
      shell:
        cmd: 'ssh [email protected] 3>&2 2>&1 1>&3- | grep -q "successfully authenticated"'
        executable: /bin/bash
  rescue:
    - name: register public key of user {{ system_user }}
      become: true
      slurp:
        src: '/home/{{ system_user }}/.ssh/id_rsa.pub'
      register: pubkey
    - fail:
        msg: >
          Oops, it seems that {{ system_user }} cannot access GitHub!
          Please add the following key to your GitHub account:
          {{ pubkey.content | b64decode }}

Upvotes: 2

Related Questions