---
- name: Safe Service Status Check with Error Handling
hosts: all
gather_facts: yes
vars:
target_services:
- auditd
- mlocate-updatedb.timer
- updatedb.timer
- chronyd
- firewalld
- sshd
- NetworkManager
service_results: []
tasks:
- name: Check service existence first
shell: |
for service in {{ target_services | join(' ') }}; do
if systemctl list-unit-files --type=service,timer | grep -q "^$service"; then
echo "$service:exists"
else
echo "$service:not_found"
fi
done
register: service_existence_check
- name: Parse service existence
set_fact:
existing_services: "{{ service_existence_check.stdout_lines | select('match', '.*:exists$') | map('regex_replace', ':exists$', '') | list }}"
missing_services: "{{ service_existence_check.stdout_lines | select('match', '.*:not_found$') | map('regex_replace', ':not_found$', '') | list }}"
- name: Get detailed status for existing services only
shell: |
service="{{ item }}"
if systemctl is-active "$service" >/dev/null 2>&1; then
active_state="active"
else
active_state="$(systemctl is-active "$service" 2>/dev/null || echo 'inactive')"
fi
if systemctl is-enabled "$service" >/dev/null 2>&1; then
enabled_state="enabled"
else
enabled_state="$(systemctl is-enabled "$service" 2>/dev/null || echo 'disabled')"
fi
echo "$service:$active_state:$enabled_state"
register: existing_service_status
loop: "{{ existing_services }}"
failed_when: false
- name: Build service information safely
set_fact:
node_service_info:
hostname: "{{ inventory_hostname }}"
os_version: "{{ ansible_distribution }} {{ ansible_distribution_version }}"
services: {}
- name: Add existing services to info
set_fact:
node_service_info: "{{ node_service_info | combine({
'services': node_service_info.services | combine({
item.split(':')[0]: {
'exists': true,
'active_state': item.split(':')[1],
'enabled_state': item.split(':')[2],
'is_active': item.split(':')[1] == 'active',
'is_enabled': item.split(':')[2] == 'enabled'
}
})
}) }}"
loop: "{{ existing_service_status.results | map(attribute='stdout') | list }}"
when: existing_service_status.results is defined
- name: Add missing services to info
set_fact:
node_service_info: "{{ node_service_info | combine({
'services': node_service_info.services | combine({
item: {
'exists': false,
'active_state': 'not-found',
'enabled_state': 'not-found',
'is_active': false,
'is_enabled': false
}
})
}) }}"
loop: "{{ missing_services }}"
- name: Display safe service status
debug:
msg: |
================================================
HOST: {{ inventory_hostname }} ({{ ansible_distribution }} {{ ansible_distribution_version }})
================================================
📊 SERVICES FOUND: {{ existing_services | length }}/{{ target_services | length }}
📊 SERVICES MISSING: {{ missing_services | length }}/{{ target_services | length }}
{% for service in target_services %}
{% if service in existing_services %}
{% set svc_info = node_service_info.services[service] %}
├─ {{ service }}: {{ '🟢 ACTIVE' if svc_info.is_active else '🔴 ' + svc_info.active_state | upper }} | {{ '✅ ENABLED' if svc_info.is_enabled else '❌ ' + svc_info.enabled_state | upper }}
{% else %}
├─ {{ service }}: ❌ NOT FOUND
{% endif %}
{% endfor %}
🎯 KEY SERVICES STATUS:
{% if 'auditd' in existing_services %}
{% set auditd = node_service_info.services['auditd'] %}
🔍 auditd: {{ '✅ OPERATIONAL' if auditd.is_active else '⚠️ ' + auditd.active_state | upper }}
{% else %}
🔍 auditd: ❌ NOT INSTALLED
{% endif %}
{% if 'mlocate-updatedb.timer' in existing_services %}
📍 mlo