Develop Reference

Ansible unzip error/unarchive not fitting

i try to get the version within an .war file. In a script this was done by:
/usr/bin/unzip -p tomcat.war inside/path/to/version.txt | /bin/grep "version"
This is working. When i use the shell command in Ansible like this:
- name: Check .war Version
ignore_errors: yes
shell: /usr/bin/unzip -p tomcat.war inside/path/to/version.txt | /bin/grep "version"
register: war_version
It's telling me:
fatal: [localhost]: FAILED! => {"changed": true, "cmd":
"/usr/bin/unzip -p tomcat.war inside/path/to/version.txt | /bin/grep
"version"", "delta": "0:00:00.005014", "end": "2021-11-01
07:36:49.885688", "msg": "non-zero return code", "rc": 1, "start":
"2021-11-01 07:36:49.880674", "stderr": "", "stderr_lines": [],
"stdout": "", "stdout_lines": []}
With the builtin unarchive i think it's not possible to do this clean in one step. I would need to unarchive to a temp folder, grep the version, and delete the folder again. Is there a workaround with the unarchive module, or does anyone know how to fix the shell error? When i set ignore_errors to yes, it's throwing the error in my {{ war_version }}.
Regards

unable to fetch a binary path with ansible shell module

Team,
Works locally on my laptop manually but fails only when calling via ansible. Is ansible looking at it in different shell? I have ansible controller as MAC book.
I am trying to store the path of a binary in register variable but shell command is not executing.
- name: "Find kubectl binary"
register: kubectl_path
shell: which kubectl
args:
executable: /bin/bash
output:
TASK [Find kubectl binary] ***************************************************************************************************************
fatal: [target1]: FAILED! => {"changed": true, "cmd": "which kubectl", "delta": "0:00:00.007541", "end": "2019-10-01 17:17:45.515963", "msg": "non-zero return code", "rc": 1, "start": "2019-10-01 17:17:45.508422", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

How to do an Ansible condition test of user/group existence?

As new nodes (CentOS 7.6) are added, there are basic groups and users that need to be created. Some of the nodes have some of the groups and users. I would like to only create the groups and users on the nodes where they don't exist via my Ansible (version 2.8.0) basic role file.
Currently, I'm testing for the group/user, but the there's always a "fatal" printed and my conditionals don't appear to work.
roles/basic/tasks/main.yml
- name: "Does k8s group exist?"
shell: grep -q "^k8s" /etc/group
register: gexist
- name: "Create k8s group"
shell: groupadd -g 8000 k8s
when: gexist.rc != 0
- name: "Does k8s user exist?"
shell: id -u k8s > /dev/null 2>&1
register: uexist
- name: "Create k8s user"
shell: useradd -g 8000 -d /home/k8s -s /bin/bash -u 8000 -m k8s
when: uexist.rc != 0
which yields:
TASK [basic : Does k8s group exist?] *****************************************************************************************************************************
fatal: [master]: FAILED! => {"changed": true, "cmd": "grep -q \"^k8s:\" /etc/group", "delta": "0:00:00.009424", "end": "2019-05-29 14:42:17.947350", "msg": "non-zero return code", "rc": 1, "start": "2019-05-29 14:42:17.937926", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
fatal: [node3]: FAILED! => {"changed": true, "cmd": "grep -q \"^k8s:\" /etc/group", "delta": "0:00:00.012089", "end": "2019-05-29 06:41:36.661356", "msg": "non-zero return code", "rc": 1, "start": "2019-05-29 06:41:36.649267", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
fatal: [node1]: FAILED! => {"changed": true, "cmd": "grep -q \"^k8s:\" /etc/group", "delta": "0:00:00.010104", "end": "2019-05-29 14:42:17.990460", "msg": "non-zero return code", "rc": 1, "start": "2019-05-29 14:42:17.980356", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
changed: [node2]
There has got to be a better to do conditionals (if-then-else) than the way I'm doing it.

See user and group. The code below is probably what you're looking for.
- name: "Create k8s group"
group:
gid: 8000
name: k8s
- name: "Create k8s user"
user:
group: k8s
home: /home/k8s
shell: /bin/bash
uid: 8000
name: k8s
The only if-then-else in Ansible I'm aware of is the ternary filter (for other options see jinja). The control flow is rather poor in Ansible compared to other procedural languages. It's because of the code rather defines a state of the system then a procedure.
To answer your question:
How to do an Ansible condition test of user/group existence?
Your code does it correctly, but the purpose of Ansible is to define the state of the system. It's not important a user or group existed before or not. After successfully having run the code they will exist (definition of a state) and running the code again makes sure they still exist (audit).

Ansible task fails, when creating extensions

While provisioning via Vagrant and Ansible I keep running into this issue.
TASK [postgresql : Create extensions] ******************************************
failed: [myapp] (item=postgresql_extensions) => {"changed": true, "cmd": "psql myapp -c 'CREATE EXTENSION IF NOT EXISTS postgresql_extensions;'", "delta": "0:00:00.037786", "end": "2017-04-01 08:37:34.805325", "failed": true, "item": "postgresql_extensions", "rc": 1, "start": "2017-04-01 08:37:34.767539", "stderr": "ERROR: could not open extension control file \"/usr/share/postgresql/9.3/extension/postgresql_extensions.control\": No such file or directory", "stdout": "", "stdout_lines": [], "warnings": []}
I'm using a railsbox.io generated playbook.

Turns out that railsbox.io is still using a deprecated syntax in the task.
- name: Create extensions
sudo_user: '{{ postgresql_admin_user }}'
shell: "psql {{ postgresql_db_name }} -c 'CREATE EXTENSION IF NOT EXISTS {{ item }};'"
with_items: postgresql_extensions
when: postgresql_extensions
The last line should use full jinja2 syntax.
when: '{{postgresql_extensions}}'

Ansible timezone module fails (different reasons on different OSes)

I decided to refactor some playbooks and give a try to the new timezone module.
The task I try is a verbatim copy of the example given in the manual page:
- name: set timezone to Asia/Tokyo
timezone:
name: Asia/Tokyo
It fails on each system I tried. Results for Vagrant machines:
On Debian 8 (debian/jessie64):
TASK [set timezone to Asia/Tokyo] **********************************************
fatal: [debian]: FAILED! => {"changed": false, "cmd": "/usr/bin/timedatectl set-timezone Asia/Tokyo", "failed": true, "msg": "Failed to set time zone: The name org.freedesktop.PolicyKit1 was not provided by any .service files", "rc": 1, "stderr": "Failed to set time zone: The name org.freedesktop.PolicyKit1 was not provided by any .service files\n", "stdout": "", "stdout_lines": []}
On CentOS 7 (centos/7) - different from Debian:
TASK [set timezone to Asia/Tokyo] **********************************************
fatal: [centos]: FAILED! => {"changed": false, "cmd": "/usr/bin/timedatectl set-timezone Asia/Tokyo", "failed": true, "msg": "Failed to set time zone: Interactive authentication required.", "rc": 1, "stderr": "Failed to set time zone: Interactive authentication required.\n", "stdout": "", "stdout_lines": []}
On Ubuntu 16.04 (ubuntu/xenial64) - same as CentOS, different from Debian:
TASK [set timezone to Asia/Tokyo] **********************************************
fatal: [ubuntu]: FAILED! => {"changed": false, "cmd": "/usr/bin/timedatectl set-timezone Asia/Tokyo", "failed": true, "msg": "Failed to set time zone: Interactive authentication required.", "rc": 1, "stderr": "Failed to set time zone: Interactive authentication required.\n", "stdout": "", "stdout_lines": []}
Am I missing something? Is there some dependency required?

timedatectl needs sudo privileges.
- name: set timezone to Asia/Tokyo
timezone:
name: Asia/Tokyo
become: yes
become_method: sudo

Check if dbus package is installed (tested on Ubuntu):
dpkg -l dbus
and install it with:
apt-get install -y dbus
else you get a error:
# /usr/bin/timedatectl
Failed to create bus connection: No such file or directory