SaltStack disable local windows Administrator if it is enabled - salt-stack

I'd like to disable the built-in windows local administrator account if it is enabled.
As salt.state.user.present doesn't support disabling accounts, I'm using salt.modules.win_useradd.update. However, it disables the account even if it is already disabled.
I can't use unless or onlyif because they only use results parsed from shell commands.
Is there a way to use the boolean value for [user.info][account_disabled] in salt.module.win_useradd.info's return data 'changes' dictionary as a requirement?
I'd like to do something like the following:
builtin_administrator:
module.run:
- user.info:
- name: Administrator
disable_builtin_administrator:
module.run:
- user.update:
- name: Administrator
- account_disabled: true
- require:
- module: builtin_administrator
- require:
- module: builtin_administrator['changes']['user.info']['account_disabled']['false']
You can see the results data changes dictionary from win_useradd.info in the output:
local:
----------
ID: builtin_administrator
Function: module.run
Result: True
Comment: user.info: Built-in account for administering the computer/domain
Started: 15:59:56.440000
Duration: 15.0 ms
Changes:
----------
user.info:
----------
account_disabled:
True
account_locked:
False
active:
False
comment:
Built-in account for administering the computer/domain
description:
Built-in account for administering the computer/domain
disallow_change_password:
False
expiration_date:
2106-02-07 01:28:15
expired:
False
failed_logon_attempts:
0L
fullname:
gid:
groups:
- Administrators
home:
None
homedrive:
last_logon:
Never
logonscript:
name:
Administrator
passwd:
None
password_changed:
2019-10-09 09:22:00
password_never_expires:
True
profile:
None
successful_logon_attempts:
0L
uid:
S-1-5-21-3258603230-662395079-3947342588-500
----------
ID: disable_builtin_administrator
Function: module.run
Result: False
Comment: The following requisites were not found:
require:
module: builtin_administrator['changes']['user.info']['account_disabled']['false']
Started: 15:59:56.455000
Duration: 0.0 ms
Changes:
Summary for local
------------
Succeeded: 1 (changed=1)
Failed: 1
------------
Total states run: 2
Total run time: 15.000 ms
I'm testing with a Windows 10 1903 masterless salt-minion 2019.2.1 (Fluorine) where I set use_superseded for module.run in the minion config file.
Thanks in advance!

I settled for this:
localuser.disable.administrator:
cmd.run:
- name: "Get-LocalUser Administrator | Disable-LocalUser"
- shell: powershell
- onlyif: powershell -command "if ((Get-LocalUser | Where-Object {($_.Name -eq 'Administrator') -and ($_.Enabled -eq $true)}) -eq $null) {exit 1}"

Related

Ansible Nested Loop for Cisco ACL

I'm creating a playbook for an ACL update, where the existing ACL needs to be updated, but before adding the new set of IP addresses to that ACL, I need to make sure that the ACL is present and that the IP hasn't already been configured.
Process:
Need to add the below IP addresses
ACL NAME: 11, 13, DATA_TEST, dummy
Check if the list of ACL are present
commands: "show access-lists {{item}}"
Check if ACL Exist
Q: Can't figure out how to access each item in the result of the first action to see if ACL has been configured. Ex. We can see from the output that dummy has no output, how can I exclude that and process if exist. (refer code below)
Check if IP addresses already added
Q: What is the best approach here? I'm thinking using when then comparing the ACL output from stdout vs the given variables content (ex. parents/lines)?
Add the set of IP addresses on target ACL
Q: What is the best approach here? Need to match the ACL name and configure using the variable.
If somebody is knowledgeable about Ansible, perhaps you could assist me in creating this project? I'm still doing some research, so any assistance you can give would be greatly appreciated. Thanks
My Code:
---
- name: Switch SVU
hosts: Switches
gather_facts: False
vars:
my_acl_list:
- 11
- 13
- DATA_TEST
- dummy
fail: "No such access-list {{item}}"
UP_ACL11:
parents:
- access-list 11 permit 192.168.1.4
- access-list 11 permit 192.168.1.5
UP_ACL13:
parents: access-list 13 permit 10.22.1.64 0.0.0.63
UP_ACLDATA:
lines:
- permit 172.11.1.64 0.0.0.63
- permit 172.12.2.64 0.0.0.63
parents: ip access-list standard DATA_TEST
tasks:
- name: Check if the ACL Name already exists.
ios_command:
commands: "show access-lists {{item}}"
register: acl_result
loop: "{{my_acl_list}}"
- debug: msg="{{acl_result}}"
- name: Check if ACL Exist
debug:
msg: "{{item.stdout}}"
when: item.stdout.exists
with_items: "{{acl_result.results}}"
loop_control:
label: "{{item.item}}"
# Pending - Need to know how to match if ACL name exist on stdout.
- name: Check if IP addresses already added
set_fact:
when:
# pending - ansible lookup?
# when var: UP_ACL11, UP_ACL13, UP_ACLDATA IPs are not in ACL then TRUE
- name: Add the set of IP addresses on target ACL
ios_config:
# pending - if doest exist on particular ACL name then configure using the var: UP_ACL11, UP_ACL13, UP_ACLDATA
Given the simplified data for testing
acl_result:
results:
- item: DATA_TEST
stdout:
- "Standard ... 10 permit ... 20 permit ..."
stdout_lines:
- - "Standard ..."
- "10 permit ..."
- "20 permit ..."
- item: dummy
stdout:
- ""
stdout_lines:
- - ""
Q: "Check if ACL Exists"
A: If ACL doesn't exist the attribute stdout is a list of empty strings. Test it
- name: Check if ACL Exists
debug:
msg: "{{ item.item }} exists: {{ item.stdout|map('length')|select()|length > 0 }}"
loop: "{{ acl_result.results }}"
loop_control:
label: "{{item.item}}"
gives
TASK [Check if ACL Exists] ********************************************
ok: [localhost] => (item=DATA_TEST) =>
msg: 'DATA_TEST exists: True'
ok: [localhost] => (item=dummy) =>
msg: 'dummy exists: False'
Notes:
In the filter select, "If no test is specified, each object will be evaluated as a boolean". The number 0 evaluates to false.
Example of a complete playbook for testing
- hosts: localhost
vars:
acl_result:
results:
- item: DATA_TEST
stdout:
- "Standard ... 10 permit ... 20 permit ..."
stdout_lines:
- - "Standard ..."
- "10 permit ..."
- "20 permit ..."
- item: dummy
stdout:
- ""
stdout_lines:
- - ""
tasks:
- name: Check if ACL Exists
debug:
msg: "{{ item.item }} exists: {{ item.stdout|map('length')|select()|length > 0 }}"
loop: "{{ acl_result.results }}"
loop_control:
label: "{{item.item}}"
The test can be simplified if you're sure stdout is a list with a single line only
msg: "{{ item.item }} exists: {{ item.stdout|first|length > 0 }}"

how to check 777 permission in multiple directory by ansible

For a single directory my script is running fine, but how to check the same for multiple directories?
Code for a single directory:
---
- name: checking directory permission
hosts: test
become: true
tasks:
- name: Getting permission to registered var 'p'
stat:
path: /var/SP/Shared/
register: p
- debug:
msg: "permission is 777 for /var/SP/Shared/
when: p.stat.mode == "0777" or p.stat.mode == "2777" or p.stat.mode == "4777"
Reading stat_module shows that there is no parameter for recursion. Testing with_fileglob: did not gave the expected result.
So it seems you would need to loop over the directories in a way like
- name: Get directory permissions
stat:
path: "{{ item }}"
register: result
with_items:
- "/tmp/example"
- "/tmp/test"
tags: CIS
- name: result
debug:
msg:
- "{{ result }}"
tags: CIS
but I am sure there can be still more advanced solutions found.

What is example output for gcloud firebase test android run

My gcloud firebase test android run command is stuck uploading the app-debug-androidTest.apk. What is an example of the output for this command once it gets past the following point where it's stuck for me?
FirebaseTestLabPlayground[master]15:40:36 gcloud firebase test android run \
> --project locuslabs-android-sdk \
> --app app/build/outputs/apk/debug/app-debug.apk \
> --test app/build/outputs/apk/androidTest/debug/app-debug-androidTest.apk \
> --device model=Pixel2,version=27,locale=en_US,orientation=portrait \
> --verbosity debug
INFO: Test Service endpoint: [None]
INFO: Tool Results endpoint: [None]
DEBUG: Running [gcloud.firebase.test.android.run] with arguments: [--app: "app/build/outputs/apk/debug/app-debug.apk", --device: "[OrderedDict([(u'model', u'Pixel2'), (u'version', u'27'), (u'locale', u'en_US'), (u'orientation', u'portrait')])]", --project: "locuslabs-android-sdk", --test: "app/build/outputs/apk/androidTest/debug/app-debug-androidTest.apk", --verbosity: "debug"]
Have questions, feedback, or issues? Get support by visiting:
https://firebase.google.com/support/
DEBUG: Applying default auto_google_login: True
DEBUG: Applying default performance_metrics: True
DEBUG: Applying default num_flaky_test_attempts: 0
DEBUG: Applying default record_video: True
DEBUG: Applying default timeout: 900
DEBUG: Applying default async: False
INFO: Raw results root path is: [gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/]
Uploading [app/build/outputs/apk/debug/app-debug.apk] to Firebase Test Lab...
Uploading [app/build/outputs/apk/androidTest/debug/app-debug-androidTest.apk] to Firebase Test Lab...
What will likely come next?
Here is the rest of the transcript in case it helps anyone else who's stuck trying gcloud firebase test android run for the first time:
FirebaseTestLabPlayground[master]15:40:36 gcloud firebase test android run \
> --project locuslabs-android-sdk \
> --app app/build/outputs/apk/debug/app-debug.apk \
> --test app/build/outputs/apk/androidTest/debug/app-debug-androidTest.apk \
> --device model=Pixel2,version=27,locale=en_US,orientation=portrait \
> --verbosity debug
INFO: Test Service endpoint: [None]
INFO: Tool Results endpoint: [None]
DEBUG: Running [gcloud.firebase.test.android.run] with arguments: [--app: "app/build/outputs/apk/debug/app-debug.apk", --device: "[OrderedDict([(u'model', u'Pixel2'), (u'version', u'27'), (u'locale', u'en_US'), (u'orientation', u'portrait')])]", --project: "locuslabs-android-sdk", --test: "app/build/outputs/apk/androidTest/debug/app-debug-androidTest.apk", --verbosity: "debug"]
Have questions, feedback, or issues? Get support by visiting:
https://firebase.google.com/support/
DEBUG: Applying default auto_google_login: True
DEBUG: Applying default performance_metrics: True
DEBUG: Applying default num_flaky_test_attempts: 0
DEBUG: Applying default record_video: True
DEBUG: Applying default timeout: 900
DEBUG: Applying default async: False
INFO: Raw results root path is: [gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/]
Uploading [app/build/outputs/apk/debug/app-debug.apk] to Firebase Test Lab...
Uploading [app/build/outputs/apk/androidTest/debug/app-debug-androidTest.apk] to Firebase Test Lab...
Raw results will be stored in your GCS bucket at [https://console.developers.google.com/storage/browser/test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/]
DEBUG: TestMatrices.Create request:
<TestingProjectsTestMatricesCreateRequest
projectId: u'locuslabs-android-sdk'
requestId: '3c76ca4e247d4b38bf102ffcdbaa637b'
testMatrix: <TestMatrix
clientInfo: <ClientInfo
clientInfoDetails: [<ClientInfoDetail
key: u'Cloud SDK Version'
value: '242.0.0'>, <ClientInfoDetail
key: u'Release Track'
value: 'GA'>]
name: u'gcloud'>
environmentMatrix: <EnvironmentMatrix
androidDeviceList: <AndroidDeviceList
androidDevices: [<AndroidDevice
androidModelId: u'Pixel2'
androidVersionId: u'27'
locale: u'en_US'
orientation: u'portrait'>]>>
flakyTestAttempts: 0
resultStorage: <ResultStorage
googleCloudStorage: <GoogleCloudStorage
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/'>
toolResultsHistory: <ToolResultsHistory
projectId: u'locuslabs-android-sdk'>>
testExecutions: []
testSpecification: <TestSpecification
androidInstrumentationTest: <AndroidInstrumentationTest
appApk: <FileReference
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/app-debug.apk'>
orchestratorOption: OrchestratorOptionValueValuesEnum(ORCHESTRATOR_OPTION_UNSPECIFIED, 0)
testApk: <FileReference
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/app-debug-androidTest.apk'>
testTargets: []>
disablePerformanceMetrics: False
disableVideoRecording: False
testSetup: <TestSetup
account: <Account
googleAuto: <GoogleAuto>>
additionalApks: []
directoriesToPull: []
environmentVariables: []
filesToPush: []>
testTimeout: u'900s'>>>
DEBUG: TestMatrices.Create response:
<TestMatrix
clientInfo: <ClientInfo
clientInfoDetails: [<ClientInfoDetail
key: u'Cloud SDK Version'
value: u'242.0.0'>, <ClientInfoDetail
key: u'Release Track'
value: u'GA'>]
name: u'gcloud'>
environmentMatrix: <EnvironmentMatrix
androidDeviceList: <AndroidDeviceList
androidDevices: [<AndroidDevice
androidModelId: u'Pixel2'
androidVersionId: u'27'
locale: u'en_US'
orientation: u'portrait'>]>>
projectId: u'locuslabs-android-sdk'
resultStorage: <ResultStorage
googleCloudStorage: <GoogleCloudStorage
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/'>
toolResultsHistory: <ToolResultsHistory
projectId: u'locuslabs-android-sdk'>>
state: StateValueValuesEnum(VALIDATING, 1)
testExecutions: [<TestExecution
environment: <Environment
androidDevice: <AndroidDevice
androidModelId: u'Pixel2'
androidVersionId: u'27'
locale: u'en_US'
orientation: u'portrait'>>
id: u'matrix-fq9ojlzvta35a_execution-2kcgdj0bkm22a'
matrixId: u'matrix-fq9ojlzvta35a'
projectId: u'locuslabs-android-sdk'
state: StateValueValuesEnum(VALIDATING, 1)
testSpecification: <TestSpecification
androidInstrumentationTest: <AndroidInstrumentationTest
appApk: <FileReference
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/app-debug.apk'>
testApk: <FileReference
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/app-debug-androidTest.apk'>
testTargets: []>
testSetup: <TestSetup
account: <Account
googleAuto: <GoogleAuto>>
additionalApks: []
directoriesToPull: []
environmentVariables: []
filesToPush: []>
testTimeout: u'900s'>
timestamp: u'2019-04-19T08:42:36.638Z'>]
testMatrixId: u'matrix-fq9ojlzvta35a'
testSpecification: <TestSpecification
androidInstrumentationTest: <AndroidInstrumentationTest
appApk: <FileReference
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/app-debug.apk'>
testApk: <FileReference
gcsPath: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/app-debug-androidTest.apk'>
testTargets: []>
testSetup: <TestSetup
account: <Account
googleAuto: <GoogleAuto>>
additionalApks: []
directoriesToPull: []
environmentVariables: []
filesToPush: []>
testTimeout: u'900s'>
timestamp: u'2019-04-19T08:42:36.638Z'>
Test [matrix-fq9ojlzvta35a] has been created in the Google Cloud.
Firebase Test Lab will execute your instrumentation test on 1 device(s).
Creating individual test executions...done.
Test results will be streamed to [https://console.firebase.google.com/project/locuslabs-android-sdk/testlab/histories/bh.f0b3cb84d82b84d2/matrices/7272098978475034799].
15:42:48 Test is Pending
15:43:11 Starting attempt 1.
15:43:11 Test is Running
15:44:07 Started logcat recording.
15:44:07 Preparing device.
15:44:38 Logging in to Google account on device.
15:44:38 Installing apps.
15:44:53 Retrieving Pre-Test Package Stats information from the device.
15:44:53 Retrieving Performance Environment information from the device.
15:44:53 Started crash detection.
15:44:53 Started crash monitoring.
15:44:53 Started performance monitoring.
15:44:53 Started video recording.
15:44:53 Starting instrumentation test.
15:45:00 Completed instrumentation test.
15:45:14 Stopped performance monitoring.
15:45:29 Stopped crash monitoring.
15:45:29 Stopped logcat recording.
15:45:29 Retrieving Post-test Package Stats information from the device.
15:45:29 Logging out of Google account on device.
15:45:29 Done. Test time = 4 (secs)
15:45:29 Starting results processing. Attempt: 1
15:45:37 Completed results processing. Time taken = 4 (secs)
15:45:37 Test is Finished
INFO: Test matrix completed in state: FINISHED
Instrumentation testing complete.
More details are available at [https://console.firebase.google.com/project/locuslabs-android-sdk/testlab/histories/bh.f0b3cb84d82b84d2/matrices/7272098978475034799].
DEBUG:
TRHistoriesExecutions.Get response:
<Execution
completionTime: <Timestamp
nanos: 674000000
seconds: 1555663532>
creationTime: <Timestamp
nanos: 31000000
seconds: 1555663361>
executionId: u'7272098978475034799'
outcome: <Outcome
summary: SummaryValueValuesEnum(success, 4)>
specification: <Specification
androidTest: <AndroidTest
androidAppInfo: <AndroidAppInfo
name: u'FirebaseTestLabPlayground'
packageName: u'com.example.firebasetestlabplayground'
versionCode: u'1'
versionName: u'1.0'>
androidInstrumentationTest: <AndroidInstrumentationTest
testPackageId: u'com.example.firebasetestlabplayground.test'
testRunnerClass: u'android.support.test.runner.AndroidJUnitRunner'
testTargets: []>
testTimeout: <Duration
seconds: 900>>>
state: StateValueValuesEnum(complete, 0)
testExecutionMatrixId: u'matrix-fq9ojlzvta35a'>
DEBUG:
ToolResultsSteps.List response:
<ListStepsResponse
steps: [<Step
completionTime: <Timestamp
nanos: 849000000
seconds: 1555663531>
creationTime: <Timestamp
nanos: 232000000
seconds: 1555663361>
description: u'all targets'
dimensionValue: [<StepDimensionValueEntry
key: u'Model'
value: u'Pixel2'>, <StepDimensionValueEntry
key: u'Version'
value: u'27'>, <StepDimensionValueEntry
key: u'Locale'
value: u'en_US'>, <StepDimensionValueEntry
key: u'Orientation'
value: u'portrait'>]
labels: []
name: u'Instrumentation test'
outcome: <Outcome
summary: SummaryValueValuesEnum(success, 4)>
runDuration: <Duration
nanos: 617000000
seconds: 170>
state: StateValueValuesEnum(complete, 0)
stepId: u'bs.b2c854c31dd1dcd1'
testExecutionStep: <TestExecutionStep
testIssues: [<TestIssue
category: CategoryValueValuesEnum(common, 0)
errorMessage: u'Test is compatible with Android Test Orchestrator.'
severity: SeverityValueValuesEnum(suggestion, 2)
type: TypeValueValuesEnum(compatibleWithOrchestrator, 2)>]
testSuiteOverviews: [<TestSuiteOverview
totalCount: 1
xmlSource: <FileReference
fileUri: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/Pixel2-27-en_US-portrait/test_result_1.xml'>>]
testTiming: <TestTiming
testProcessDuration: <Duration
seconds: 4>>
toolExecution: <ToolExecution
commandLineArguments: []
toolLogs: [<FileReference
fileUri: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/Pixel2-27-en_US-portrait/logcat'>]
toolOutputs: [<ToolOutputReference
output: <FileReference
fileUri: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/Pixel2-27-en_US-portrait/test_cases/0000_logcat'>
testCase: <TestCaseReference
className: u'com.example.firebasetestlabplayground.ExampleInstrumentedTest'
name: u'useAppContext'>>, <ToolOutputReference
output: <FileReference
fileUri: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/Pixel2-27-en_US-portrait/test_result_1.xml'>>, <ToolOutputReference
output: <FileReference
fileUri: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/Pixel2-27-en_US-portrait/video.mp4'>>, <ToolOutputReference
output: <FileReference
fileUri: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/Pixel2-27-en_US-portrait/bugreport.txt'>>, <ToolOutputReference
output: <FileReference
fileUri: u'gs://test-lab-bcr7j9th055js-i215tdq3ht0hw/2019-04-19_15:41:26.364106_bmag/Pixel2-27-en_US-portrait/instrumentation.results'>>]>>>]>
INFO: Display format: "
table[box](
outcome.color(red=Fail, green=Pass, yellow=Inconclusive),
axis_value:label=TEST_AXIS_VALUE,
test_details:label=TEST_DETAILS
)
"
┌─────────┬──────────────────────────┬─────────────────────┐
│ OUTCOME │ TEST_AXIS_VALUE │ TEST_DETAILS │
├─────────┼──────────────────────────┼─────────────────────┤
│ Passed │ Pixel2-27-en_US-portrait │ 1 test cases passed │
└─────────┴──────────────────────────┴─────────────────────┘
FirebaseTestLabPlayground[master]15:45:45 gcloud firebase test android run --project locuslabs-android-sdk --app app/build/outputs/apk/debug/app-debug.apk --test app/build/outputs/apk/androidTest/debug/app-debug-androidTest.apk --device model=Pixel2,version=27,locale=en_US,orientation=portrait --verbosity debug

Can't generate lets-encrypt certificate using saltStack

I am trying to generate the lets-encrypt certificate and here are the steps that I followed:
Under /srv/salt/pillars/minion I added the file init.sls
letsencrypt:
config: |
email = email
auth:
method: standalone
type: http-01
port: 8080
agree-tos = True
renew-by-default = True
domainsets:
mydomain:
- mydomain.com
After that I updated the salt_pillar:
# . update_salt.sh
# salt 'minion' state.sls letsencrypt
I got this result:
ID: letsencrypt-crontab-mydomain.com
Function: cron.present
Name: /usr/local/bin/renew_letsencrypt_cert.sh mydomain.com
Result: False
Comment: One or more requisite failed: letsencrypt.domains.create-initial-
cert-mydomain.com
Started:
Duration:
Changes:
------------
ID: create-fullchain-privkey-pem-for-mydomain.com
Function: cmd.run
Name: cat /etc/letsencrypt/live/mydomain.com/fullchain.pem \
/etc/letsencrypt/live/mydomain.com/privkey.pem \
> /etc/letsencrypt/live/mydomain.com/fullchain-privkey.pem && \
chmod 600 /etc/letsencrypt/live/mydomain.com/fullchain-privkey.pem
Result: False
Comment: One or more requisite failed: letsencrypt.domains.create-initial-cert-mydomain.com
Started:
Duration:
Changes:
What should I modify in my configuration to get the certificate?

Saltstack: ignoring result of cmd.run

I am trying to invoke a command on provisioning via Saltstack. If command fails then I get state failing and I don't want that (retcode of command doesn't matter).
Currently I have the following workaround:
Run something:
cmd.run:
- name: command_which_can_fail || true
is there any way to make such state ignore retcode using salt features? or maybe I can exclude this state from logs?
Use check_cmd :
fails:
cmd.run:
- name: /bin/false
succeeds:
cmd.run:
- name: /bin/false
- check_cmd:
- /bin/true
Output:
local:
----------
ID: fails
Function: cmd.run
Name: /bin/false
Result: False
Comment: Command "/bin/false" run
Started: 16:04:40.189840
Duration: 7.347 ms
Changes:
----------
pid:
4021
retcode:
1
stderr:
stdout:
----------
ID: succeeds
Function: cmd.run
Name: /bin/false
Result: True
Comment: check_cmd determined the state succeeded
Started: 16:04:40.197672
Duration: 13.293 ms
Changes:
----------
pid:
4022
retcode:
1
stderr:
stdout:
Summary
------------
Succeeded: 1 (changed=2)
Failed: 1
------------
Total states run: 2
If you don't care what the result of the command is, you can use:
Run something:
cmd.run:
- name: command_which_can_fail; exit 0
This was tested in Salt 2017.7.0 but would probably work in earlier versions.

Resources