docker-systemctl-replacement icon indicating copy to clipboard operation
docker-systemctl-replacement copied to clipboard

Published 20 hours ago verified publisher icon gdraheim

Possible to work with ansible service_facts module?

Open joshtrutwin opened this issue 2 years ago • 1 comments

We use the ansible service_facts module to check services:

    - name: "Collect facts about system services."
      service_facts:
      register: services_state

    - debug:
        msg:
          "service_facts: ": "{{ services_state }}"

    - name: "Test if service is enabled and running"
      assert:
        that:
          - services_state.ansible_facts.services is defined and services_state.ansible_facts.services | length > 0
          - services_state.ansible_facts.services['falcon-sensor.service'] | length > 0
          - services_state.ansible_facts.services['falcon-sensor.service'].status == "enabled"
          - services_state.ansible_facts.services['falcon-sensor.service'].state == "running"

        fail_msg: "The falcon-sensor service is not running as expected."
        quiet: true

When using systemctl as the init daemon we for a molecule container we get this:

TASK [Collect facts about system services.] ************************************
skipping: [aws-amzn2-gold-ami]

TASK [debug] *******************************************************************
ok: [aws-amzn2-gold-ami] => {
    "msg": {
        "service_facts: ": {
            "changed": false,
            "failed": false,
            "msg": "Failed to find any services. This can be due to privileges or some other configuration issue.",
            "skipped": true
        }
    }
}

TASK [Test if service is enabled and running] **********************************
fatal: [aws-amzn2-gold-ami]: FAILED! => {"assertion": "services_state.ansible_facts.services is defined and services_state.ansible_facts.services | length > 0", "changed": false, "evaluated_to": false, "msg": "The falcon-sensor service is not running as expected."}

upon inspecting the source code for this module it appears to be inspecting /proc/1/comm to determine if systemd is running:

class SystemctlScanService(BaseService):
    <snip>
    def systemd_enabled(self):
        # Check if init is the systemd command, using comm as cmdline could be symlink
        try:
            f = open('/proc/1/comm', 'r')
        except IOError:
            # If comm doesn't exist, old kernel, no systemd
            return False
        for line in f:
            if 'systemd' in line:
                return True
        return False

I'm guessing there's nothing that can be done to prevent this? With the systemctl replacement script as container init command the contents of this file is "systemctl".

Thanks!

joshtrutwin avatar Jun 05 '23 19:06 joshtrutwin

FYI I also filed a ticket with Ansible, I think the problem is theirs as the service_facts module does not check for the canary folder /run/systemd/system:

https://github.com/ansible/ansible/issues/80975

joshtrutwin avatar Jun 05 '23 21:06 joshtrutwin