From be4568334c0c8811396d7b9818aaf39453200da8 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Fri, 8 Dec 2017 15:07:58 +0000
Subject: [PATCH] Fix failure handling in prechecks

In a HAProxy precheck task, the command module is used, and the results
inspected by checking the stdout attribute of the result. However, if
the command fails (non-zero exit code), in some cases there may not be a
stdout attribute in the result object. This causes an AttributeError and
prevents ansible's useful diagnostic output from being displayed.

Change-Id: Id502b5d0b71fe2150a29df43154c925dca96ef06
Trivial Fix
---
 ansible/roles/haproxy/tasks/precheck.yml         | 3 ++-
 ansible/roles/prechecks/tasks/service_checks.yml | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml
index 3e5973205a..e2bfda4a1e 100644
--- a/ansible/roles/haproxy/tasks/precheck.yml
+++ b/ansible/roles/haproxy/tasks/precheck.yml
@@ -79,7 +79,8 @@
   changed_when: false
   failed_when: >-
     '169.254.' not in kolla_internal_vip_address and
-    kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none
+    (ip_addr_output | failed or
+     kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none)
   when:
     - enable_haproxy | bool
     - container_facts['keepalived'] is not defined
diff --git a/ansible/roles/prechecks/tasks/service_checks.yml b/ansible/roles/prechecks/tasks/service_checks.yml
index 22a52f18c8..3a739c595e 100644
--- a/ansible/roles/prechecks/tasks/service_checks.yml
+++ b/ansible/roles/prechecks/tasks/service_checks.yml
@@ -7,6 +7,9 @@
   failed_when: result | failed
                or (result.stdout | from_yaml).Server.Version | regex_replace('(\\d+\\.\\d+\\.\\d+).*', '\\1') | version_compare(docker_version_min, '<')
 
+# NOTE(mgoddard): If passwords.yml is encrypted using ansible-vault, this check
+# will pass, but only because nothing in the vault file has the format of a
+# YAML dict item.
 - name: Checking empty passwords in passwords.yml. Run kolla-genpwd if this task fails
   local_action: command grep '^[^#].*:\s*$' "{{ CONFIG_DIR | default('/etc/kolla') }}/passwords.yml"
   run_once: True