Fast idempotent Ansible apt deb url - ansible

It looks like like command apt install https://github.com/jgraph/drawio-desktop/releases/download/v12.9.3/draw.io-amd64-12.9.3.deb could take long time each time when is invoked even if the package is installed already. It is literally downloads the package each time.
And yes, with ansible is idempotent, with status changed: no.
- name: Install a drawio-desktop .deb package
apt:
deb: https://github.com/jgraph/drawio-desktop/releases/download/v12.9.3/draw.io-amd64-12.9.3.deb
when: ansible_facts['lsb']['id'] == "Ubuntu"
tags:
- debug
- not-macos
Is there any short way to skip download if package installed ?
Ideally will be to say in name that I want to install draw.io if not installed from deb: url else consider things installed.
- name: Install a drawio-desktop .deb package
apt:
name: draw.io
deb: https://github.com/jgraph/drawio-desktop/releases/download/v12.9.3/draw.io-amd64-12.9.3.deb
but is not working like that
TASK [desktop : Install a drawio-desktop .deb package] *********
fatal: [tuxedo]: FAILED! => {"changed": false, "msg": "parameters are mutually exclusive: deb|package|upgrade"}
Any suggestion on a lighter solution to speed up the task?

The behavior seems to be intended according the parameter deb
Ansible will attempt to download deb before installing.
and the current source of apt.py.
So you may have a look into the module package_facts
- name: Gather Package Facts
package_facts:
manager: apt # default ["auto"]
as well a Conditional Example of
when: "ansible_facts['lsb']['id'] == 'Ubuntu' and 'draw.io' not in ansible_facts.packages"
Credits to
How to get the installed apt packages with Ansible?
Further Q&A
Ansible: Do task if apt package is missing
An other approach might be to have the latest package always internally (cached) available and provide a .list file for the native package manager, pointing to the internal repository URL (file share).
By doing this, you could then just use
- name: Install a drawio-desktop .deb package
apt:
name: draw.io
state: latest
without further checks. This will address required updates too.

Related

Install another version of existing package with a supplied deb file using ansible

I want to upgrade certain linux packages on my machines using ansible apt module and provided debian files, but not able to do so. To describe, I've used perl-base package as example below.
I am trying to install a specific version of perl-base(perl-base_5.26.1-6ubuntu0.5_amd64) on a linux system with already installed perl-base_5.26.1-6ubuntu0.3_amd64.
When I do it manually using apt it suggests removal of some conflicting packages, but proceeds without error, which is also the desired outcome.
root#logger:/home/ubuntu# apt install /home/deb_pkgs/perl-base_5.26.1-6ubuntu0.5_amd64.deb
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'perl-base' instead of '/home/deb_pkgs/perl-base_5.26.1-6ubuntu0.5_amd64.deb'
Suggested packages:
perl
The following packages will be REMOVED:
lm-sensors perl
The following packages will be upgraded:
perl-base
1 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
Need to get 0 B/1,391 kB of archives.
After this operation, 962 kB disk space will be freed.
Do you want to continue? [Y/n]
But when I try to do the same using ansible, it fails citing the break in dependency of the perl packages.
TASK [deb-pkg-install : Install deb files] **********************************************************************************************************************************************************
failed: [ubuntu] (item=perl-base) => changed=false
ansible_loop_var: item
item: perl-base
msg: Breaks existing package 'perl' dependency perl-base (= 5.26.1-6ubuntu0.3)
My task currently looks like this,
- name: Install deb files
apt:
deb: "/home/deb_pkgs/{{ deb_files[item].file_name }}"
install_recommends: no
when: not ansible_check_mode
register: install_output
loop: "{{ required_debs }}"
I have solved it by adding another task which removes the packages suggested by apt, but I think there might be more elegant solution than this. I have gone through documentation of builtin.module.apt but couldn't find any suitable parameter to add.
Any input appreaciated! Thanks!

How 'not to run multiple times' command/shell task in Ansible playbook

I have a task in Ansible to install SASS utilities via RubyGems option, which works well without any issues. If I re-run the same playbook again, it will try to re-install this utility again.
In this case, how to run it once that are using command or shell usage in Ansible playbook. I have somehow handled it not to run the installation by using 'when' option, but need a guidance for better logic/implementation
Task Info:
- name: Install SASS packages by using npm utility.
command: /usr/bin/npm install -g sass
To eliminate re-running the above command task in Ansible playbook, I am using below validation logic and added 'when' option as provided below. Is this fine or do we have a better way of handling this one?
- name: Validation of SASS packages availability.
shell: /usr/local/bin/sass --version
register: result
- debug:
msg: "{{ result.stdout }}"
- name: Install SASS packages by using npm utility.
command: /usr/bin/npm install -g sass
when: "'No such file or directory' in result.stdout"
Results:
TASK [mean-stack : Validation of SASS packages availability.] ************************************************************************************
changed: [linuxosdev003.local.lab]
TASK [mean-stack : debug] ************************************************************************************************************************
ok: [linuxosdev003.local.lab] => {
"msg": "1.47.0 compiled with dart2js 2.15.1"
}
TASK [mean-stack : Install SASS packages by using npm utility.] **********************************************************************************
skipping: [linuxosdev003.local.lab]
PLAY RECAP ***************************************************************************************************************************************
linuxosdev003.local.lab : ok=6 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
You should avoid command or shell whenever possible, if you want an idempotent playbook. Especially your example - remove sass and try your playbook. It should fail. Either check if the file exists
- name: "Check, if file exists"
stat:
path: "/usr/local/bin/sass"
register: sass_installed
But - as already commented - use an ansible module to install NPM packages, like you would do with system packages (package or yum or apt) or Python modules (with pip). The module is also available in the last RedHat releease 2.9 under https://docs.ansible.com/ansible/2.9/modules/npm_module.html and should be as easy:
- name: "Install NPM package: sass"
npm:
name: "sass"
If you need to install more then one NPM package, you could loop over them
- name: "Install NPM packages"
npm:
name: "{{ item }}"
loop:
- "package1"
- "package2"
As #β.εηοιτ.βε and #TRW already mentioned, using a module will eliminate the need for such checks.
However, if it is as simple as checking whether a path exists, then command module itself can be used like:
- name: Install SASS packages by using npm utility.
command:
cmd: /usr/bin/npm install -g sass
creates: /usr/local/bin/sass
This is equal to your when condition, i.e. command will run when the path given in creates is not present.
Whereby I prefer the solution from #β.εηοιτ.βε and #TRW if package managers are available for the tasks, sometimes it might be necessary to stay on the shell module. For such cases I use the similar approach like in the original question.
---
- hosts: test.example.com
become: no
gather_facts: no
tasks:
- name: Gather installed Java version, if there is any
shell:
cmd: java -version 2>&1 | head -1 | cut -d '"' -f 2
register: result
check_mode: false
changed_when: false
failed_when: result.rc != 0 and result.rc != 127
- name: Set default version, if there is no
set_fact:
result:
stdout_lines: "0.0.0_000"
when: "'command not found' in result.stdout"
check_mode: false
- name: Report result
debug:
msg: "{{ result.stdout_lines }}"
check_mode: false
Based on the installed version an installer or updater would be called to install or update to the latest version if necessary.
Thanks to
Why does Java version go to stderr?

No package matching 'git2u' found available, installed or updated

I'm trying to run Ansible on my existing nodes and I'm getting errors on all of the nodes except one on which it works fine:
The error message:
No package matching 'git2u' found available, installed, or updated.
All of the nodes are CentOS 7.
What am I doing wrong?
Same when I'm using yum from the terminal:
yum info git2u
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, langpacks, ps
Loading mirror speeds from cached hostfile
* epel: d2lzkl7pfhq30w.cloudfront.net
Error: No matching Packages to list
My playbook:
- name: install epel7 and ius-release to install latest git
package:
name:
- epel-release
- 'https://repo.ius.io/ius-release-el7.rpm'
state: present
when: ansible_distribution == 'CentOS'
- name: install git2u
package:
name: git2u
state: present
when: ansible_distribution == 'CentOS'
The git2u pacakge was renamed to git216, which was later retired. If you use IUS I highly recommend watching the announce repository to be notified when packages are retired.
https://ius.io/faq#how-do-i-know-when-an-ius-package-is-being-retired

Ansible -playbook when deb not installed install

im trying to write a playbook and i want to check if a deb package is installed and if not installed then install
so iv'e tried so far using the package_facts module and i can't figure this out
- name: Gather package facts
package_facts:
manager: auto
- name: Debug if package is present
debug:
msg: 'yes, mypackage is present'
when: '"besagent" in ansible_facts.packages'
register: besagent
- name: Debug if package is absent
debug:
msg: 'no, mypackage is absent'
when: '"besagent" not in ansible_facts.packages'
and this is the command to install the deb
- name: Install_BigFix_DEB
apt: deb="/usr/BigFix/BESAgent-9.5.11.191-debian6.amd64.deb"
sudo: true
So i see if the package is installed or not and i have a command to install the package but how do i make it happen automatically.
If BigFix agent is not installed Then install the agent?
Thanks for the help!!
Ansible operations are idempotent in nature. If you are using Ansible modules then you don't need to check if deb package is installed or not. Ansible will take care of it. If the package is not installed it will install. Else it will skip.
You can directly use
- name: Install_BigFix_DEB
apt: deb="/usr/BigFix/BESAgent-9.5.11.191-debian6.amd64.deb"
sudo: true
As per Ansible document:
An operation is idempotent if the result of performing it once is exactly the same as the result of performing it repeatedly without any intervening actions.
You don't need to check if the package is already installed or not.
The apt module take care of that.
If the package is already installed, apt will do nothing and return a status: ok,
if not, it will install it and return a status: changed.

How to make Ansible execute a shell script if a package is not installed

How can I make Ansible execute a shell script if a (rpm) package is not installed? Is it somehow possible to leverage the yum module?
I don't think the yum module would help in this case. It currently has 3 states: absent, present, and latest. Since it sounds like you don't want to actually install or remove the package (at least at this point) then you would need to do this in two manual steps. The first task would check to see if the package exists, then the second task would invoke a command based on the output of the first command.
If you use "rpm -q" to check if a package exists then the output would look like this for a package that exists:
# rpm -q httpd
httpd-2.2.15-15.el6.centos.1.x86_64
and like this if the package doesn't exist:
# rpm -q httpdfoo
package httpdfoo is not installed
So your ansible tasks would look something like this:
- name: Check if foo.rpm is installed
command: rpm -q foo.rpm
register: rpm_check
- name: Execute script if foo.rpm is not installed
command: somescript
when: rpm_check.stdout.find('is not installed') != -1
The rpm command will also exit with a 0 if the package exists, or a 1 if the package isn't found, so another possibility is to use:
when: rpm_check.rc == 1
Based on the Bruce P answer above, a similar approach for apt/deb files is
- name: Check if foo is installed
command: dpkg-query -l foo
register: deb_check
- name: Execute script if foo is not installed
command: somescript
when: deb_check.stdout.find('no packages found') != -1
If the package is installable through the system package manager (yum, apt, etc) itself, then you can make use of the check mode flag of ansible to register installation status without actually installing the package.
- name: check if package is installed
package:
name: mypackage
state: present
check_mode: true
register: mypackage_check
- name: run script if package installed
shell: myscript.sh
when: not mypackage_check.changed
Related to this.
Putting everything together, complete playbook for Debian (Ubuntu) which Updates package only if it's already installed:
---
- name: Update package only if already installed (Debian)
hosts: all
sudo: yes
tasks:
- name: Check if Package is installed
shell: dpkg-query -W -f='${Status}' {{ package }} | grep 'install ok installed'
register: is_installed
failed_when: no
changed_when: no
- name: Update Package only if installed
apt:
name: {{ package }}
state: latest
update_cache: yes
when: is_installed.rc == 0
Sadly Ansible still hasn't built-in support for making simple package updating, see ex: https://github.com/ansible/ansible/issues/10856
Since Ansible 2.5, you can use the package_facts module:
- name: Gather package facts
package_facts:
manager: auto
- name: Debug if package is present
debug:
msg: 'yes, mypackage is present'
when: '"mypackage" in ansible_facts.packages'
- name: Debug if package is absent
debug:
msg: 'no, mypackage is absent'
when: '"mypackage" not in ansible_facts.packages'
Note: you need the python bindings for apt/rpm installed on the target, e.g. python-apt for Debian.
You shouldn't be using dpkg -l package because it has no idea if your package has been removed or is still installed.
Instead it's probably better to use dpkg -s package.
To check if the package is installed :
- shell: dpkg -s package | grep 'install ok installed'
or if you don't mind the package on hold or other states :
- shell: dpkg -s package | grep 'installed'
This return 0 when installed and 1 if not.
(It's important to use the shell as we are using a pipe |)
I find using shell or command module is not "ansiblic".
I prefer to use yum module and json_query filter to check if a package is already installed. E.g. httpd package :
- yum:
list: httpd
register: apache_service
- assert:
that:
- "'installed' in apache_service|json_query('results[*].yumstate')"
msg: 'httpd is not installed'

Resources