From a449d008fb3f73b347029125e450d97b1b29804a Mon Sep 17 00:00:00 2001
From: Benjamin Fichtner <benjamin.fichtner@safetyio.com>
Date: Wed, 29 Jul 2020 12:37:05 +0200
Subject: [PATCH] Make ansible check mode runs silent, for all tasks which
 can't be idempotent

---
 roles/matrix-common-after/tasks/start.yml        | 8 +++++---
 roles/matrix-common-after/tasks/stop.yml         | 1 +
 roles/matrix-dimension/tasks/setup_dimension.yml | 3 +++
 roles/matrix-nginx-proxy/tasks/ssl/main.yml      | 2 ++
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml
index 069fb346d..4bb59bfe5 100644
--- a/roles/matrix-common-after/tasks/start.yml
+++ b/roles/matrix-common-after/tasks/start.yml
@@ -1,21 +1,23 @@
 ---
 
-- name: Ensure systemd reloaded
+- name: Ensure systemd is reloaded
   service:
     daemon_reload: yes
 
-- name: Ensure Matrix services stopped
+- name: Ensure Matrix services are stopped
   service:
     name: "{{ item }}"
     state: stopped
   with_items: "{{ matrix_systemd_services_list }}"
+  when: not ansible_check_mode
 
-- name: Ensure Matrix services started
+- name: Ensure Matrix services are started
   service:
     name: "{{ item }}"
     enabled: yes
     state: started
   with_items: "{{ matrix_systemd_services_list }}"
+  when: not ansible_check_mode
 
 # If we check service state immediately, we may succeed,
 # because it takes some time for the service to attempt to start and actually fail.
diff --git a/roles/matrix-common-after/tasks/stop.yml b/roles/matrix-common-after/tasks/stop.yml
index 5ae0afbba..c278dec01 100644
--- a/roles/matrix-common-after/tasks/stop.yml
+++ b/roles/matrix-common-after/tasks/stop.yml
@@ -5,3 +5,4 @@
     name: "{{ item }}"
     state: stopped
   with_items: "{{ matrix_systemd_services_list }}"
+  when: not ansible_check_mode
diff --git a/roles/matrix-dimension/tasks/setup_dimension.yml b/roles/matrix-dimension/tasks/setup_dimension.yml
index 2437a5472..9a0b10756 100644
--- a/roles/matrix-dimension/tasks/setup_dimension.yml
+++ b/roles/matrix-dimension/tasks/setup_dimension.yml
@@ -22,12 +22,15 @@
     group: "{{ matrix_dimension_user_gid }}"
   when: matrix_dimension_enabled|bool
 
+# This task will be always change due to default image :latest
+# to ensure idempotence, this changed_when is set to false
 - name: Ensure Dimension image is pulled
   docker_image:
     name: "{{ matrix_dimension_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}"
+  changed_when: False
   when: matrix_dimension_enabled|bool
 
 - name: Ensure matrix-dimension.service installed
diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml
index 6c0608186..75c382415 100644
--- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml
@@ -8,6 +8,7 @@
 
 # Common tasks, required by almost any method below.
 
+# The recurse option of this task will always return a change, which should be ignored
 - name: Ensure SSL certificate paths exists
   file:
     path: "{{ item }}"
@@ -16,6 +17,7 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
     recurse: true
+  changed_when: False
   with_items:
     - "{{ matrix_ssl_log_dir_path }}"
     - "{{ matrix_ssl_config_dir_path }}"