ansible apt absent not working for dropbear - ansible

I tried a simple install/uninstall ansible playbook with dropbear but not able to remove the module by setting apt state to absent.
---
# filename: install.yaml
- hosts: all
become: yes
tasks:
- name: install dropbear
tags: dropbear
apt:
name: dropbear
---
# filename: uninstall.yaml
- hosts: all
become: yes
tasks:
- name: uninstall dropbear
tags: dropbear
apt:
name: dropbear
state: absent
When running the uninstall.yaml ansible playbook, it prints out that the task is OK and state has been changed. I ssh into the target server but the dropbear command still exist.

Finally get it work! Thanks to #zeitounator's hint.
Adding autoremove: yes still not work, but after manually uninstall dropbear with apt-get remove dropbear. I found there are dependencies. I tried using a wildcard with name: dropbear*, then the dropbear is removed.
---
# uninstall.yaml
- hosts: all
become: yes
tasks:
- name: uninstall dropbear
tags: dropbear
apt:
name: dropbear*
state: absent
autoremove: yes
purge: yes
I think this method might work for other packages with dependencies not able to be removed by ansible apt module using autoremove, too.
Still don't know why the autoremove not work. It should be used for the case to remove denepencies(weired).

I did not dig into why this happens, but you will get the exact same behavior if you simply install the package manually and run a simple removal with apt remove dropbear. The dropbear command will still be there until you apt autoremove the dependent packages that where installed as well.
So the correct way to uninstall this particular package is:
- hosts: all
become: yes
tasks:
- name: uninstall dropbear
tags: dropbear
apt:
name: dropbear
state: absent
purge: true
autoremove: true
Note that the purge might not be necessary for your particular problem but ensures that any trace of the package and its dependencies (e.g. config files...) are gone.
See the apt module documentation for more information.

Related

How to install ansible yum packages in order

I have:
ignore_errors: false
become: yes
become_method: sudo
yum:
name: ["epel-release", "clamav"]
state: present
update_cache: yes
It complains that no package found, but I need to install epel-release before I can install clamav because it lives in epel repo. Is there a way to ensure the order? What are the options besides splitting to 2 stanzas? Thanks.
Ansible loop can solve like below.
ignore_errors: false
become: yes
become_method: sudo
yum:
name: "{{ item }}"
state: present
update_cache: yes
loop:
- "epel-release"
- "clamav"
Although using a loop as proposed by #Haldum should effectively solve your issue, its use is discouraged in yum module documentation. Since you definitely need to add the epel repo prior to using it, I would create two tasks where you can eventually install several packages in the second.
- name: install my things
hosts: my_hostgroup
become: true
vars:
my_packages:
- clamav
# - some other package maybe
tasks:
- name: Install prerequisite epel repo
yum:
name: epel-release
state: present
- name: Install required packages
yum:
name: "{{ my_packages }}"
state: present

installing package using loop in ansible

I need to use with_items loop to install apache2, sqlite3, and git in Ansible. I'm trying to use the below code but it seems like nothing is happening.
---
- hosts: all
sudo: yes
name: install apache2, sqlite3, git on remote server
tasks:
- name: Install list of packages
action: apt pkg={{item}} state=installed
with_items:
- apache2
- sqlite3
- git
you have to place the variable item inside the double quotes...
Try this code it'll work:
---
- name: install apache2, sqlite3, git on remote servers
hosts: all
become: true
tasks:
- name: Install packages
package:
name: "{{item}}"
state: present
loop:
- apache2
- sqlite3
- git
Try
---
- name: install apache2, sqlite3, git on remote servers
hosts: all
sudo: true
tasks:
- name: Install packages
package:
name: {{ item }}
state: present
loop:
- apache2
- sqlite3
- git
See package – Generic OS package manager
"This module actually calls the pertinent package modules for each system (apt, yum, etc)."
See apt – Manages apt-packages if you need apt specific attributes.

Installing locustio 0.14 using ansible playbook

I am new to ansible and writing a playbook to install locustio with python3 on a Ubuntu 18.04. I don't know how to install locustio with pip3 in playbook. If use pip package, then it gives error to use older version of locust. ( use a pinned old locust version (pip/pip3 install locustio==0.13.5) . I would like to know how to install locust with pip3 or locust 0.13.5 version with pip?
- hosts: all
tasks:
- name: Create folder to keep the files
file:
path: /opt/locust
state: directory
mode: '0755'
become: yes
- name: Python installation
apt:
name: ['python3']
state: present
become: yes
- name: Pip installation
apt:
name: ['python3-pip']
state: present
become: yes
- name: pip install
apt:
name: ['python-pip']
state: present
become: yes
- name: Locust Installation
pip:
name: ['locustio']
state: present
become: yes
I haven't used Ansible, but looking at the docs there seems to be a executable parameter that you could set to pip3.

Converting shell script to Ansible play

I am trying to translate a shell script into Ansible.
Snippet of code that is confusing me:
sudo apt-get update
sudo ACCEPT_EULA=Y apt-get install msodbcsql mssql-tools
sudo apt-get install unixodbc-dev
What I have so far:
- name: Install SQL Server prerequisites
apt: name={{item}} state=present
update_cache: yes
with_items:
- msodbcsql
- mssql-tools
- unixodbc-dev
No idea where to tie in ACCEPT_EULA=Y.
This is an environment variable, so:
- name: Install SQL Server prerequisites
apt:
name: "{{item}}"
state: present
update_cache: yes
with_items:
- msodbcsql
- mssql-tools
- unixodbc-dev
environment:
ACCEPT_EULA: Y
And mind the indentation. It's really important in YAML.

Can Ansible "echo" items as it installs them?

I have a rather long task in my Ansible playbook that installs various packages using APT. This tasks takes a very long time on my laptop. Is there any way to get Ansible to "echo" which item it's installing as it iterates through the packages so I can get an idea of how much longer this task is going to take?
- name: install global packages
apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
become: True
become_user: root
with_items:
- git
- vim
- bash-completion
- bash-doc
- wput
- tree
- colordiff
- libjpeg62-turbo-dev
- libopenjpeg-dev
- zlib1g-dev
- libwebp-dev
- libffi-dev
- libncurses5-dev
- python-setuptools
- python-dev
- python-doc
- python-pip
- virtualenv
- virtualenvwrapper
- python-psycopg2
- postgresql-9.4
- postgresql-server-dev-9.4
- postgresql-contrib
- postgresql-doc-9.4
- postgresql-client
- postgresql-contrib-9.4
- postgresql-9.4-postgis-2.1
- postgis-doc
- postgis
- nginx
- supervisor
- redis-server
In general, Ansible actually does exactly that. It would output every item separately. Which under the hood means: It builds a python package, uploads it to the host(s) and executes it - for every item.
The apt and yum modules have been optimized for loops. Instead of looping over every item, Ansible builds a package that installs all loop items in one go.
Your command translates to something like this:
apt-get -y install git vim bash-completion bash-doc wput ...
So in this case, no, there is no way to output the separate steps to see where Ansible is. Because there are no separate steps.
The docs for the apt module is missing the note which is available in the yum module page:
When used with a loop of package names in a playbook, ansible optimizes the call to the yum module. Instead of calling the module with a single package each time through the loop, ansible calls the module once with all of the package names from the loop.
When you work with remote machines, this is actually a preferable behavior. This speeds up the play by a lot. If you run your playbook locally, of course there is not much benefit.
A simple workaround would be to simply not use the apt module but run a shell command.
- name: install global packages
shell: apt-get -y install {{ item }}
become: True
Find your ansible install directory using:
> python -c 'import ansible; print ansible.__file__'
/usr/local/lib/python2.7/dist-packages/ansible/__init__.pyc
Backup the <ansible_install>/runner/__init__.py file
/usr/local/lib/python2.7/dist-packages/ansible/runner/__init__.py
Edit the file, search for 'apt' and remove 'apt' from the list.
if len(items) and utils.is_list_of_strings(items) and self.module_name in [ 'apt', 'yum', 'pkgng' ]:
to
if len(items) and utils.is_list_of_strings(items) and self.module_name in [ 'yum', 'pkgng' ]:
Thats it!
When I want a bit more feedback on the playbook run I'll group packages together by their purpose. The cache_valid_time allows you to do this without the normal penalty of updating the repo cache each time. I find this improves readability and documentation as well.
- name: install global packages
apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
become: True
with_items:
- git
- vim
- bash-completion
- bash-doc
- wput
- tree
- colordiff
- libjpeg62-turbo-dev
- libopenjpeg-dev
- zlib1g-dev
- libwebp-dev
- libffi-dev
- libncurses5-dev
- name: install python and friends
apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
become: True
with_items:
- python-setuptools
- python-dev
- python-doc
- python-pip
- virtualenv
- virtualenvwrapper
- python-psycopg2
- name: install postgresql
apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
become: True
with_items:
- postgresql-9.4
- postgresql-server-dev-9.4
- postgresql-contrib
- postgresql-doc-9.4
- postgresql-client
- postgresql-contrib-9.4
- postgresql-9.4-postgis-2.1
- name: install postgis
apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
become: True
with_items:
- postgis-doc
- postgis
- name: install nginx
apt: pkg=nginx update_cache=yes cache_valid_time=3600
become: True
- name: install supervisor
apt: pkg=supervisor update_cache=yes cache_valid_time=3600
become: True
- name: install redis
apt: pkg=redis-server update_cache=yes cache_valid_time=3600
become: True

Resources