Handler - NGINX Config fails in check mode about ansible-role-nginx-config HOT 8 CLOSED

Here are a couple of solutions I could think of, but not sure if this would break some other behavior.

1. listen to check nginx instead of run nginx

diff --git a/handlers/main.yml b/handlers/main.yml
index 94508ba..25330b9 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -11,7 +11,7 @@
     var: config.stderr_lines
   failed_when: config.rc != 0
   when: config.rc != 0
-  listen: (Handler - NGINX Config) Run NGINX
+  listen: (Handler - NGINX Config) Check NGINX

 - name: (Handler - NGINX Config) Start/reload NGINX
   service:

2. add conditional to not run in check mode

diff --git a/handlers/main.yml b/handlers/main.yml
index 94508ba..5d97b17 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -9,8 +9,10 @@
 - name: (Handler - NGINX Config) Print NGINX error if syntax check fails
   debug:
     var: config.stderr_lines
-  failed_when: config.rc != 0
-  when: config.rc != 0
+  failed_when: config.rc != 0
+  when:
+    - config.rc != 0
+    - not ansible_check_mode | bool
   listen: (Handler - NGINX Config) Run NGINX

 - name: (Handler - NGINX Config) Start/reload NGINX

from ansible-role-nginx-config.

It also might be considered to take on the bigger task of actually validating the configuration in check mode, but this seems much more complex.

from ansible-role-nginx-config.

Right. Option 2 looks fine to me (I think handler's might get a bit messy if we follow option 1), but what about setting up check_mode: no on the Check NGINX handler?

from ansible-role-nginx-config.

Yes, I think that makes sense with the current implementation. It might be worth noting in the documentation that configuration check cannot be performed in ansible check mode.

I think it would be a common feature request to have configuration validation working in check mode though.

from ansible-role-nginx-config.

By setting check_mode: no the task should always be run, even when using check mode. Unless I am missing something? https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html#enforcing-or-preventing-check-mode-on-tasks

from ansible-role-nginx-config.

You are correct. This is my suggestion in solution 2. I am using same syntax from other task Start/reload NGINX

- name: (Handler - NGINX Config) Start/reload NGINX
  service:
    name: nginx
    state: reloaded
  when:
    - nginx_config_start | bool
    - not ansible_check_mode | bool
  listen: (Handler - NGINX Config) Run NGINX

I will open a second ticket as feature request for the following: Add support to validate nginx configuration in check mode.
This feature would be non-trivial and may not even be possible, but would be a big help in preventing bad configuration pushes.

from ansible-role-nginx-config.

If you set not ansible_check_mode | bool then the Check NGINX handler will get skipped on check mode, but if you set check_mode: no, it will always run on check mode. I'm going to open a PR to add the latter functionality since it makes more sense to run Check NGINX always.

from ansible-role-nginx-config.

Quick update, implementing what I mentioned above successfully turned out to be not as trivial as I expected. I have what I think might be a workable solution but I still need to do some testing. PR hopefully coming in early next week.

This still will not validate the NGINX config that you are deploying in the given playbook (as you mentioned, it might not even be possible within Ansible's check mode), but at least it should cover any unexpected failures when using check.

from ansible-role-nginx-config.