From 7cd63176766e01d51c32fe73fadd7fb3699dcd3c Mon Sep 17 00:00:00 2001
From: Michael Chmielewski <michael.chmielewski@threatstack.com>
Date: Thu, 16 Sep 2021 13:05:22 -0400
Subject: [PATCH] Address a situation in check mode where the auditd
 stop/disable tasks may try to execute, even though the actual status check
 they rely on is skipped.

---
 .kitchen.yml             | 1 -
 tasks/disable_auditd.yml | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.kitchen.yml b/.kitchen.yml
index bd914b7..8594fb5 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -60,7 +60,6 @@ platforms:
         - yum install -y audit initscripts
         - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
         - systemctl enable auditd.service
-    image: centos:7
   - name: centos-7
     driver_config:
       image: centos:7
diff --git a/tasks/disable_auditd.yml b/tasks/disable_auditd.yml
index e256107..ef3e5d6 100644
--- a/tasks/disable_auditd.yml
+++ b/tasks/disable_auditd.yml
@@ -9,11 +9,13 @@
 - name: Stop service auditd
   command: service auditd stop
   when: auditd_status.rc == 0
+  ignore_errors: "{{ ansible_check_mode }}"
   args:
     warn: no
 
 - name: Disable service auditd
   command: systemctl disable auditd
   when: auditd_status.rc == 0
+  ignore_errors: "{{ ansible_check_mode }}"
   args:
     warn: no