Develop Reference

Ansible dynamic inventory could not resolve hostname

In ansible (please see my Repo I have a dynamic inventory (hosts_aws_ec2.yml). It shows this
ansible-inventory -i hosts_aws_ec2.yml --graph
#all:
|--#aws_ec2:
| |--linuxweb01
| |--winweb01
|--#iis:
| |--winweb01
|--#linux:
| |--linuxweb01
|--#nginx:
| |--linuxweb01
|--#ungrouped:
|--#webserver:
| |--linuxweb01
| |--winweb01
|--#windows:
| |--winweb01
When I run any playbook, for example configure_iis_web_server.yml or ping_novars.yml in my repo It says host is unreachable.
ansible-playbook ping_novars.yml -i hosts_aws_ec2.yml --ask-vault-pas --limit linuxweb01
PLAY [linux] ******************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************
fatal: [linuxweb01]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname linuxweb01: Name or service not known", "unreachable": true}
PLAY RECAP ********************************************************************************************************************
linuxweb01 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
ansible all -i hosts_aws_ec2.yml -m debug -a "var=ip" --ask-vault-pass shows that it finds the ip addresses for the files in host_vars folder.
winweb01 | SUCCESS => {
"ip": "3.92.5.126"
}
linuxweb01 | SUCCESS => {
"ip": "52.55.134.86"
}
I used to have this working when I didn't have this in hosts_aws_ec2.yml:
hostnames:
- tag:Name
and the files in host_vars where the actual public IPv4 DNS addresses for example ec2-3-92-5-126.compute-1.amazonaws.com.yml instead of winweb01.Then the inventory would list the public dns not the name.
Is there anyway to use the name tag in the inventory but provide the ip address?

I was able to make it work by adding compose to my dynamic host script:
hostnames:
- tag:Name
compose:
ansible_host: public_dns_name
found answer here: Displaying a custom name for a host

Is it possible to run this command grep with multiple slashes as shell command?

I'm new to Ansible I'm trying to run this command to verify AIDE is installed by running in Ansible. when I run my playbook I get non-zero return code error. I'm not sure if single quotes or double quotes needed for my playbook to run correctly. Please I need assistance.
- name: "Verify AIDE to cryptographic mechanisms are set to protect the integrity of audit tools"
become: true
shell: egrep '(\/usr\/sbin\/(audit|au|rsys))' /etc/aide.conf
register: AIDE_Status
I tried to add double quotes between parenthesis of the command returned the same error. Moved quotes between egrep and /etc/aide.conf.

The egrep works as expected. For example, given the file for testing
shell> cat /tmp/aide.conf
\usr\sbin\audit
the playbook
shell> cat pb.yml
- hosts: localhost
tasks:
- command: egrep '\usr\sbin\(audit|au|rsys)' /tmp/aide.conf
register: aide_status
- debug:
var: aide_status
gives
shell> ansible-playbook pb.yml
PLAY [localhost] *****************************************************************************
TASK [command] *******************************************************************************
changed: [localhost]
TASK [debug] *********************************************************************************
ok: [localhost] =>
aide_status:
changed: true
cmd:
- egrep
- \usr\sbin\(audit|au|rsys)
- /tmp/aide.conf
delta: '0:00:00.003672'
end: '2022-10-26 22:14:13.735346'
failed: false
msg: ''
rc: 0
start: '2022-10-26 22:14:13.731674'
stderr: ''
stderr_lines: []
stdout: \usr\sbin\audit
stdout_lines:
- \usr\sbin\audit
PLAY RECAP ***********************************************************************************
localhost: ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

How to hide unreacheble hosts?

I need to execute some commands through the shell module, but when I execute them on a group of hosts, they are displayed in the terminal unreachable. How to make it so that information is displayed only on available hosts?
For now, running
ansible all -m shell -a "df -h"
Results in:
Mint-5302 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.53.2 port 22: No route to host",
"unreachable": true
}

You can find the documentation here
Ignoring unreachable host errors
- name: Execute shell
shell: "df -h"
ignore_unreachable: yes
And at the playbook level, to ignoring each unreachable's hosts
- hosts: all
ignore_unreachable: yes
tasks:
- name: Execute shell
shell: "df -h"

You can achieve this behavior by using community.general.diy callback plugin.
Create ansible.cfg file with following content -
[defaults]
bin_ansible_callbacks = True
stdout_callback = community.general.diy
[callback_diy]
runner_on_unreachable_msg=""
Run your ad-hoc command and you will get the following output
$ ansible -m ping 192.168.10.1
PLAY [Ansible Ad-Hoc] *************************************************************************
TASK [ping] ***********************************************************************************
PLAY RECAP ************************************************************************************
192.168.10.1 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0

List running java processes in a linux host via ansible playbook

I want to list the java processes running in the mentioned hosts. However am not getting the desired o/p
Have created a ansible-playbook file to read the shell commands.
name: 'Check the running java processes'
hosts: all
tasks:
- name: 'check running processes'
shell: ps -ef | grep -i java```
output: PLAY [Check the running java processes] ****************************************
TASK [setup] *******************************************************************
ok: [target1]
ok: [target2]
TASK [check running processes] *************************************************
changed: [target1]
changed: [target2]
PLAY RECAP *********************************************************************
target1 : ok=2 changed=1 unreachable=0 failed=0
target2 : ok=2 changed=1 unreachable=0 failed=0
However, it's not listing the processes.

You could see the result with your actual playbook by running ansible in verbose mode.
However, the good way to do this is to register the output of your task and display its content in a debug task (or use it in any other task/loop).
To know how your registered var looks like, you can read the doc about common and shell's specific return values... or you can simply debug the full var in your playbook and have a look at it.
Here is an example just to get the full stdout of the command:
---
- name: Check the running java processes
hosts: all
tasks:
- name: Check running processes
shell: ps -ef | grep -i java
register: ps_cmd
- name: Show captured processes
debug:
var: ps_cmd.stdout

Ansible variable precedence

So I have this playbook, in this playbook I have a variable, let's call it the_var
Now this variable should always have the same value default except for certain inventories where it should be not_default
This is how I did it, under group_vars/all.yml I put the_var: default and under inventories/my_special_inv I put the_var=not_default (under [all:vars])
When I run ansible-playbook -i inventories/my_special_inv I expect the variables value to be not_default (since I overrode the default behaviour with the inventory file). but it is set to default
How do I implement this behaviour correctly?

I am giving you working example that will help you to understand it better:
.
|-- default
| |-- group_vars
| | `-- server.yml
| `-- inventory
|-- site.yml
|-- special
| |-- group_vars
| | `-- server.yml
| `-- inventory
In this example I have just tested it against the localhost host so inside both the special/inventory and default/inventory, I have this group, but you can put whatever as per your need:
[server]
localhost
Important thing is the group name, it should match under the default/group_vars and special/group_vars file name (in my case it is server but in your case it can be anything):
So in default/group_vars, I have placed:
---
the_var: default
and in special/group_vars, I have placed:
---
the_var: not_default
In my test playbook(site.yml in this case) have:
---
- hosts: all
gather_facts: no
tasks:
- debug:
msg: "{{ the_var }}"
Now when I call the playbook against the default inventory, got this value:
anansible-playbook -i default site.yml -c local
PLAY [all] *********************************************************************
TASK [debug] *******************************************************************
ok: [localhost] => {
"msg": "default"
}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0
when I call the playbook against the special inventory, got this value:
ansible-playbook -i special site.yml -c local
PLAY [all] *********************************************************************
TASK [debug] *******************************************************************
ok: [localhost] => {
"msg": "not_default"
}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0
-c local is for localhost connection which you don't need in your live environment, I am sure you are working on remote host with ssh connection, which is default. Hope it help you.