How to print only the stderr_lines when shell command execution fails in ansible playbook task

Question

In my ansible playbook I have a task that executes a shell command. One of the parameters of that command is password. When the shell command fails, ansible prints the whole json object that includes the command having password. If I use no_log: True then I get censored output and not able to get stderr_lines. Is there a way to customize the output when shell command execution fails?

Answer 1

You can take advantage of ansible blocks and their error handling feature.

Here is an example playbook

---
- name: Block demo for shell
  hosts: localhost
  gather_facts: false

  tasks:
    
    - block:

        - name: my command
          shell: my_command is bad
          register: cmdresult
          no_log: true

      rescue:

        - name: show error
          debug:
            msg: "{{ cmdresult.stderr }}"

        - name: fail the playbook
          fail:
            msg: Error on command. See debug of stderr above

which gives the following result:

PLAY [Block demo for shell] *********************************************************************************************************************************************************************************************************************************************

TASK [my command] *******************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [show error] *******************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "/bin/sh: 1: my_command: not found"
}

TASK [fail the playbook] ************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error on command. See debug of stderr above"}

PLAY RECAP **************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0

Answer 2

You can utilize something like this :

- name: Running it
  hosts: localhost
  tasks:
    - name: failing the task
      shell: sh a.sh > output.txt
      ignore_errors: true
      register: abc

    - name: now failing
      command: rm output.txt
      when: abc|succeeded

stdout will be written to a file. If it's a failure you can check the file and debug it, if it's a success then file will be deleted.