Ansible troubleshooting - Error 301: no-changed-when

"Ansible Error 301, no-changed-when, ensures tasks properly report changes. Use changed_when to define task modifications accurately."

Ansible troubleshooting - Error 301: no-changed-when

October 31, 2023
Posted by Luca Berton
Ansible error, Ansible best practices, Ansible playbook, Ansible troubleshooting, Automation, Infrastructure as Code, Ansible linting, Ansible coding, DevOps, IT automation

Introduction

Ansible, the automation tool of choice for many IT professionals, allows users to automate tasks, manage configurations, and deploy software with ease and efficiency. However, the reliability and predictability of Ansible playbooks depend on how well tasks report changes. In this article, we will explore Ansible Error 301, “no-changed-when,” in Ansible-Lint which emphasizes the importance of ensuring that tasks return changes to results or conditions. We’ll discuss the best practices for handling task outputs, improving playbook reliability, and preventing unexpected behavior.

The Problem: Tasks Not Reflecting Changes

Ansible Error 301, “no-changed-when,” checks whether tasks within a playbook report changes to results or conditions. Tasks that do not naturally detect whether a change has occurred should use the changed_when clause to define under what conditions they should be considered “changed.” This is particularly important for tasks that read or execute arbitrary commands, such as those using the shell or command modules.

Problematic Code Example:

---
- name: Example playbook
  hosts: all
  tasks:
    - name: Does not handle any output or return codes
      ansible.builtin.command: cat {{ my_file | quote }} # <- Does not handle the command output.

In the problematic code above, the task does not handle the output of the cat command or the return codes, making it difficult to determine if the task resulted in any changes.

Output:

WARNING  Listing 1 violation(s) that are fatal
no-changed-when: Commands should not change things if nothing needs doing.
301.yml:5 Task/Handler: Does not handle any output or return codes

Read documentation for instructions on how to ignore specific rule violations.

                  Rule Violation Summary                  
 count tag             profile rule associated tags       
     1 no-changed-when shared  command-shell, idempotency 

Failed: 1 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'safety'. Rating: 3/5 star

Join 50+ hours of courses in our exclusive community

Correcting Tasks to Reflect Changes

To address Ansible Error 301 and ensure tasks properly reflect changes, you should use the changed_when clause or other relevant arguments. Here’s the corrected code:

---
- name: Example playbook
  hosts: all
  tasks:
    - name: Handle shell output with return code
      ansible.builtin.command: cat {{ my_file | quote }}
      register: my_output # <- Registers the command output.
      changed_when: my_output.rc != 0 # <- Uses the return code to define when the task has changed.

In the corrected code, the task registers the command output and uses the changed_when clause to specify under what conditions the task should be considered “changed.”

Benefits of Tasks Reflecting Changes

Reliability: Ensuring that tasks reflect changes improves the reliability and predictability of your Ansible playbooks.
Transparency: It provides transparency into which tasks have an impact on the system and under what conditions they trigger changes.
Security: By detecting and reporting changes, you can identify any unexpected alterations or unauthorized activities within your automation environment.
Adherence to Best Practices: Using changed_when aligns with Ansible best practices and ensures that your playbooks behave as expected.

The “changed_when” Clause for Handlers

It’s worth noting that the “changed_when” clause applies not only to regular tasks but also to handlers. Handlers are special tasks that are triggered only when notified by other tasks. Just like regular tasks, handlers should also be configured to report changes when necessary.

Conclusion

Ansible Error 301, “no-changed-when”, emphasizes the importance of ensuring that tasks reflect changes in your Ansible playbooks. By using the changed_when clause and other relevant arguments, you can improve playbook reliability and maintain transparency in your automation processes.

In the world of automation, consistency, and predictability are paramount. Therefore, when working with Ansible, make it a practice to handle task outputs and return codes effectively to ensure that your playbooks operate as intended.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza