How to ignore a particular output error string in Ansible and consider successful

Question

I'm trying to ignore a particular error message in playbook output is having below error message.

fatal: [192.168.0.1]: FAILED! => {"changed": false, "failed": true, "msg": "Sending passwords in plain text without SSL/TLS is extremely insecure.. Query == CHANGE MASTER TO ['MASTER_HOST=%(master_host)s', 'MASTER_USER=%(master_user)s', 'MASTER_PASSWORD=%(master_password)s', 'MASTER_LOG_FILE=%(master_log_file)s', 'MASTER_LOG_POS=%(master_log_pos)s']"}

> Task: 
> - name: Setup Replication   
    become: true   
    mysql_replication:
>      login_host: "{{ slave_ip }}"
>      login_user: "user"
>      login_password: "***"
>      mode: changemaster
>      master_host: "{{ master_ip }}"
>      master_log_file: mysql-bin.000001
>      master_log_pos: 107
>      master_user: "{{ mysql_replicator_user }}"
>      master_password: "{{ mysql_replicator_password }}"

Any luck? how to achieve this?

EDITED: Reply to Marco Answer - well that is the problem here, I would not know what error I might get. But I'm sure that if err msg contains "Sending passwords in plain text without SSL" then ignore if not and anyother error then don't ignore. To explain in simple "Throw exception if error msg doesn't contain -> 'null' or SSL."

Answer 1

There are a couple of options regarding error handling in Ansible. You could use ignore_errors: yes attribute on your task. If you don't want to ignore all errors, you can specify what exactly constitutes an error using something like:

- name: task name
  module: arguments ...
  register: out
  failed_when: 'error message' in out.stderr 

If you want to add more complex failure checks, you can split error handling off into separate task like this:

- name: test
  shell: echo error; exit 123
  register: out
  ignore_errors: yes

- fail: msg="{{ out.stdout }}"
  when: "out.rc != 0 and 'error' not in out.stdout"

In this example first task fails with return code 123 and prints "error" on it's standard output. This will be registered, but ignored. Second task analyzes output values and fails only if return code is different than zero AND standard output does NOT contain string "error".

You can read more details in Ansible documentation: https://docs.ansible.com/ansible/playbooks_error_handling.html

Answer 2

I really wish ignore_errors wasn't simple yes/no check. That would've make our life much more simpler. Recently I discovered this brilliant trick. With this method it's possible to ignore certain known outputs. In this example we're looking for Sending passwords in plain text without SSL text in registered variable. If we find the text, it'll evaluate to 0. Then we'll compare it to -1 which is return code of find function if string not found. Since 0 == -1 will evaluate to False ultimately our condition will be failed_when: False

On the other hand if string is not found, expression will be -1 == -1 => failed_when: True Be careful with this approach as you'll be overriding default fail behavior of the module. So it's best to combine with multiple conditions like exit code.

- name: Risky task
  command: echo "Sending passwords in plain text without SSL"
  register: result
  changed_when: false
  failed_when:
    # returns -1 if string not found
    - result.stdout.find("Sending passwords in plain text without SSL") == -1
    # best to combine additional checks like return code
    - result.rc != 0

I guess you could've use something like result.stdout.find("Sending passwords in plain text without SSL") != 0 or '"Sending passwords in plain text without SSL" not in result.stdout', but double negation makes it kinda harder to understand.