Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible to work with ansible service_facts module? #158

Open
joshtrutwin opened this issue Jun 5, 2023 · 1 comment
Open

Possible to work with ansible service_facts module? #158

joshtrutwin opened this issue Jun 5, 2023 · 1 comment

Comments

@joshtrutwin
Copy link

joshtrutwin commented Jun 5, 2023
edited
Loading

We use the ansible service_facts module to check services:

    - name: "Collect facts about system services."
      service_facts:
      register: services_state

    - debug:
        msg:
          "service_facts: ": "{{ services_state }}"

    - name: "Test if service is enabled and running"
      assert:
        that:
          - services_state.ansible_facts.services is defined and services_state.ansible_facts.services | length > 0
          - services_state.ansible_facts.services['falcon-sensor.service'] | length > 0
          - services_state.ansible_facts.services['falcon-sensor.service'].status == "enabled"
          - services_state.ansible_facts.services['falcon-sensor.service'].state == "running"

        fail_msg: "The falcon-sensor service is not running as expected."
        quiet: true

When using systemctl as the init daemon we for a molecule container we get this:

TASK [Collect facts about system services.] ************************************
skipping: [aws-amzn2-gold-ami]

TASK [debug] *******************************************************************
ok: [aws-amzn2-gold-ami] => {
    "msg": {
        "service_facts: ": {
            "changed": false,
            "failed": false,
            "msg": "Failed to find any services. This can be due to privileges or some other configuration issue.",
            "skipped": true
        }
    }
}

TASK [Test if service is enabled and running] **********************************
fatal: [aws-amzn2-gold-ami]: FAILED! => {"assertion": "services_state.ansible_facts.services is defined and services_state.ansible_facts.services | length > 0", "changed": false, "evaluated_to": false, "msg": "The falcon-sensor service is not running as expected."}

upon inspecting the source code for this module it appears to be inspecting /proc/1/comm to determine if systemd is running:

class SystemctlScanService(BaseService):
    <snip>
    def systemd_enabled(self):
        # Check if init is the systemd command, using comm as cmdline could be symlink
        try:
            f = open('/proc/1/comm', 'r')
        except IOError:
            # If comm doesn't exist, old kernel, no systemd
            return False
        for line in f:
            if 'systemd' in line:
                return True
        return False

I'm guessing there's nothing that can be done to prevent this? With the systemctl replacement script as container init command the contents of this file is "systemctl".

Thanks!
@joshtrutwin
Copy link
Author

FYI I also filed a ticket with Ansible, I think the problem is theirs as the service_facts module does not check for the canary folder /run/systemd/system:

ansible/ansible#80975

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joshtrutwin