0

I'm new to Ansible. I created a playbook that uses PowerShell to reset your password of your admin account. The script has a check that only resets the password IF the account is enabled. When the account is disabled, it spits out a write-host saying they should create a ticket.

This all works fine , however, the job ends with a green status. Technically, this is correct cause the whole playbook ran correctly. But for the end user, he/she will think that the password was reset. (Yes the message clearly state it didn't, but i know how users are, they don't read and only look at colors).

So my question is with win_shell how can i change the color of the job from green to orange or red?

I know it is possible with ansible.windows.win_powershell but we don't have that module. So it has to be with win_shell.

Hope this is an easy ask. Thank you kindly.

Edit, solution:

Thanks to Hendrik Pingel below. I made sure to only include the phrase below after all my needed changes are done. So unless the script spits this out, something went wrong and i can safely change color to red.

- name: Change flag to red if there was no success in the message output.
  debug:
    msg: "{{lookupResult.stdout_lines}}"
  failed_when: '"Password reset was a success" not in lookupResult.stdout'

S.

Snak3d0c
  • 101
  • 4

2 Answers2

2

The failure conditions of a task can be controlled with the failed_when conditional.

If a task should always fail it is possible to do just:

    - name: fail always
      ansible.builtin.debug:
        msg: "Failed"
      failed_when: always

If the failure condition should be based on a specifig output of command do something like this:

- name: Check if a file exists in temp and fail task if it does
  ansible.builtin.command: ls /tmp/this_should_not_be_here
  register: result
  failed_when: '"No such" not in result.stdout'
Henrik Pingel
  • 9,380
  • 2
  • 28
  • 39
  • It shouldn't always fail though. The win_shell has an if-clause. If the account is enabled it will try to reset and mail (which technically can fail along the way), if the account is disabled, it displays this information. It is then and only then that i want to have the red flag. – Snak3d0c Mar 03 '23 at 09:23
  • Check the link. You can define the failure behaviour also on the stdout of the command. Something like `failed_when: '"Whatever" in result.stdout'` is possible. – Henrik Pingel Mar 03 '23 at 09:30
  • Thanks, that in combo with how my logic was setup got me to where i needed to be. Not sure if it will work for every occasion, but it sure fits this one. – Snak3d0c Mar 03 '23 at 09:44
1

Exit your script with an error code.

if ($account.disabled) {
    Write-Host "Account is disabled"
    Exit 1
}
Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
  • I tried that too, but then i ran into an issue with `no_log: true` . It discards my output to the user, making it less informative. – Snak3d0c Mar 03 '23 at 09:28