Description of problem: When running Ansible Vulnerability Remediation Playbook in Ansible 'Check Mode', getting the following error: Example BEFORE (original) Playbook: ~~~ - name: update vulnerable packages hosts: "abc.example.com" become: true tasks: - name: check for update shell: "{{ ansible_facts['pkg_mgr'] }} check-update -q --cve CVE-2019-11478" register: check_out failed_when: check_out.rc != 0 and check_out.rc != 100 args: warn: false ~~~ # ansible-playbook remediate_vul.yml --check { "msg": "The conditional check 'check_out.rc == 100' failed. The error was: error while evaluating conditional (check_out.rc == 100): 'dict object' has no attribute 'rc'\n\nThe error appears to be in '/var/lib/awx/projects/testing/remediate_vul.yml': line 28, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - when: check_out.rc == 100\n ^ here\n", "_ansible_no_log": false } This is due to previous task "check for update" not executed in Ansible Check Mode. Therefore you will there is no Return Code generated. Return Code 100 (rc ==100) is needed for the next task "upgrade package" to run with conditional "when: check_out.rc == 100". This results in the Playbook to terminate with the previous mentioned error. How reproducible: Always Steps to Reproduce: 1. Download Vulnerability remediation playbook from Insights portal for a host 2. Run it in check mode as "ansible-playbook remediate_vul.yml --check" Actual results: Received following error: { "msg": "The conditional check 'check_out.rc == 100' failed. The error was: error while evaluating conditional (check_out.rc == 100): 'dict object' has no attribute 'rc'\n\nThe error appears to be in '/var/lib/awx/projects/testing/remediate_vul.yml': line 28, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - when: check_out.rc == 100\n ^ here\n", "_ansible_no_log": false } Expected results: Playbook should run smoothly and not terminate with errors in ansible check mode. Additional info: To get the Playbook to execute successful even in Check Mode, I recommend to add "check_mode: no" to the "check for update" task. This forces the task to execute even when running the Playbook in check mode and give Return Code 100 to allow the next task to execute. This task is not making changes anyway and is safe. This also allows the Playbook to run smoothly and not terminate with errors. Example AFTER (proposed change) Playbook: ~~~ - name: update vulnerable packages hosts: "abc.example.com" become: true tasks: - name: check for update shell: "{{ ansible_facts['pkg_mgr'] }} check-update -q --cve CVE-2019-11478" check_mode: no register: check_out failed_when: check_out.rc != 0 and check_out.rc != 100 args: warn: false ~~~
Closing as CURRENTRELEASE as the associated Jira has been resolved.