0

I have the following code and realised that under the debug section.

-
  name: CIS Requirements check
  hosts: target1
  tasks:

    -
      name: Check for CIS PermitRootLogin
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^\s*PermitRootLogin\s+no\s*$'
        state: absent
      check_mode: yes
      register: permitrootlogin_check

    -
      debug:
    msg: "{% if permitrootlogin_check.changed %}[PASSED] SSH root login disabled{% else %}[FAILED] SSH root login not disabled{% endif %}"
      register: permitrootlogin_results

permitrootlogin_check.changed would help to achieve the same objective as permitrootlogin_check.found.

However I also noticed that while .change is dependent on the state present/absent, .found is not dependent on the state and .found also does not seem to work with the state: present.

Why is this so?

U880D
  • 8,601
  • 6
  • 24
  • 40
user10160459
  • 11
  • 1
  • 3

1 Answers1

1

What is the difference between .changed and .found?

According Ansible documentation Return Vales

Ansible modules normally return a data structure that can be registered into a variable

whereby there are Common Return Values for all modules and Return Values for specific modules.

The Common Return Value .changed

... indicating if the task had to make changes ...

in your case within the file /etc/ssh/sshd_config.

The Module Specific Return Value .found indicates if the task has found something for the under regexp given Regular Expression.

U880D
  • 8,601
  • 6
  • 24
  • 40