How to access status in ansible_facts.services? - ansible

I am trying to Stop and/or Disable a systemd service if it is running and/or enabled on the remote host.
Contents of tasks/main.yml:
---
- name: Populate service facts
service_facts:
- name: Display selected service
debug:
var: ansible_facts.services[serviceToDisplay]
loop: "{{ disable_services }}"
loop_control:
loop_var: serviceToDisplay
vars:
disable_services:
- cups.service
- cups
- name: Stop and Disable service if it is running or enabled
systemd:
name: cups.service
enabled: false
state: stopped
when:
- "serviceToDisable is defined"
- "serviceToDisable.status == 'enabled'"
loop: "{{ disable_services }}"
loop_control:
loop_var: serviceToDisable
vars:
disable_services:
- cups.service
- cups
become: true
...
Results:
PLAY [configServerGroup] *************************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************************************
ok: [radicale.jlhimpel.net]
TASK [example : Populate service facts] **********************************************************************************************************************
ok: [radicale.jlhimpel.net]
TASK [example : Display selected service] ********************************************************************************************************************
ok: [radicale.jlhimpel.net] => (item=cups.service) => {
"ansible_facts.services[serviceToDisplay]": {
"name": "cups.service",
"source": "systemd",
"state": "running",
"status": "enabled"
},
"ansible_loop_var": "serviceToDisplay",
"serviceToDisplay": "cups.service"
}
ok: [radicale.jlhimpel.net] => (item=cups) => {
"ansible_facts.services[serviceToDisplay]": {
"name": "cups",
"source": "sysv",
"state": "running"
},
"ansible_loop_var": "serviceToDisplay",
"serviceToDisplay": "cups"
}
TASK [example : Stop and Disable service if it is running or enabled] ****************************************************************************************
fatal: [radicale.jlhimpel.net]: FAILED! => {"msg": "The conditional check 'serviceToDisable.status == 'enabled'' failed. The error was: error while evaluating conditional (serviceToDisable.status == 'enabled'): 'str object' has no attribute 'status'\n\nThe error appears to be in '/home/jwhimpel/ansible/roles/example/tasks/main.yml': line 16, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Stop and Disable service if it is running or enabled\n ^ here\n"}
PLAY RECAP ***************************************************************************************************************************************************
radicale.jlhimpel.net : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Ansible version: 2.9.14-1.fc32 on Fedora
How should I go about checking if the status == enabled or the state == running?
Note: The service may optionally not be present in ansible_facts.service. It may also optionally not be running and/or not enabled. I am attempting to make the tasks idempotent.
Thanks

Your second task should be as below, please notice the name clause and the when section:
- name: Stop and Disable service if it is running or enabled
systemd:
name: "{{ ansible_facts.services[serviceToDisable]['name'] }}"
enabled: false
state: stopped
when:
- serviceToDisable is defined
- ansible_facts.services[serviceToDisable]['status'] == 'enabled'
loop: "{{ disable_services }}"
loop_control:
loop_var: serviceToDisable
vars:
disable_services:
- cups.service
- cups
become: true
Not sure why you have defined two times the same service (cups.service and cups), but I guess you have your good reasons.

Related

Play recap and ignored=1 in Ansible

I am checking whether all services related to a docker-compose.yml are running on a system. The code snippet shown below.
---
- name:
shell: docker-compose ps -q "{{ item }}"
register: result
ignore_errors: yes
The code above works as expected. I have to ignore errors otherwise Ansible will not complete. The following result shows ignored=1
PLAY RECAP *******************************************************************************************************
192.168.50.219 : ok=38 changed=12 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1
If this completes successfully I want to run a subsequent playbook but don't know how to specify ignored=1 correctly.
---
- name:
include_tasks: do_other_things.yml
when: ignored is false
How do I get the result from PLAY RECAP into something I can test with?
A better idea than trying to cope with the error returned by docker compose ps when the container does not exist would be to use the purposed module: docker_container_info to achieve the same.
Given the playbook:
- hosts: localhost
gather_facts: no
tasks:
- docker_container_info:
name: "{{ item }}"
register: containers
loop:
- node1 # exists
- node404 # does not exists
- debug:
msg: "`{{ item.item }}` is not started"
loop: "{{ containers.results }}"
loop_control:
label: "{{ item.item }}"
when: not item.exists
This would yield:
TASK [docker_container_info] *************************************************
ok: [localhost] => (item=node1)
ok: [localhost] => (item=node404)
TASK [debug] *****************************************************************
skipping: [localhost] => (item=node1)
ok: [localhost] => (item=node404) =>
msg: `node404` is not started

How to ignore specific errors in an Ansible task

If have an Ansible task, that can fails sometimes, due to some error during the creation of an user account. Especially if the user account is already in use and the user is logged in. If the task fails with a specific error message, like "user account in use" the play must continue. There is no need to fail then, but only on predefined error messages. The task looks like this.
- name: modify user
user:
state: "{{ user.state | default('present') }}"
name: "{{ user.name }}"
home: "{{ user_base_path }}/{{ user.name }}"
createhome: true
Since it's not a shell command, I cannot simply register a var and check the output of .rc. Also I don't get stderr or stdout, when i register a var and print it in debug mode. That was my first approach on check for the error message. I am running out of ideas, how to filter for a specific error and passing the task, but failing on everything else. ignore_errors: yes is not a good solution, because the task should fail in some cases.
As per ansible doc we get stdout and stderr as return fields.
I would suggest to use flag ignore_errors: yes and catch the return as per this example
---
- hosts: localhost
vars:
user:
name: yash
user_base_path: /tmp
tasks:
- name: modify user
user:
state: "{{ user.state | default('present') }}"
name: "{{ user.name }}"
home: "{{ user_base_path }}/{{ user.name }}"
createhome: true
register: user_status
ignore_errors: yes
- name: stdout_test
debug:
msg: "{{ user_status.err }}"
- name: Fail on not valid
fail:
msg: failed
when: '"user account in use" not in user_status.err'
Output:
PLAY [localhost] *************************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************************
ok: [localhost]
TASK [modify user] ***********************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "err": "<main> attribute status: eDSPermissionError\n<dscl_cmd> DS Error: -14120 (eDSPermissionError)\n", "msg": "Cannot create user \"yash\".", "out": "", "rc": 40}
...ignoring
TASK [stdout_test] ***********************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "<main> attribute status: eDSPermissionError\n<dscl_cmd> DS Error: -14120 (eDSPermissionError)\n"
}
TASK [Fail on not valid] *****************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "failed"}
PLAY RECAP *******************************************************************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=1
You can use when, save the return value by the register and set_fact and then bet what will happen according to that value.

Ansible set_facts based on OS version not working

I want to set the patch based on the OS version. came up with this playbook in Ansible version 2.8. but its giving The task includes an option with an undefined variable. error message in the debug line.
---
- hosts: all
gather_facts: yes
vars:
patch_name_8: 'centos8-updates'
patch_name_7: 'centos7-updates'
tasks:
- name: Set fact for CentOS 7
set_fact:
install_patch_name: "{{ patch_name_7 }}"
when: ansible_distribution_major_version == 7
- name: Set fact for CentOS 8
set_fact:
install_patch_name: "{{ patch_name_8 }}"
when: ansible_distribution_major_version == 8
- name: patch name display
debug:
msg: "install {{ install_patch_name }}"
How to set the install_patch_name variable value based on the OS version?
adding the error message:
TASK [patch name display] ************************************************************************************************************
fatal: [host01]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'install_patch_name' is undefined\n\nThe error appears to be in 't.yaml': line 23, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n
- name: patch name display\n ^ here\n"}
thanks
TLDR;
Use
when: ansible_distribution_major_version == "8"
or
when: ansible_distribution_major_version | int == 8
Explanation
Note: all following examples have been played against a centos:8 docker image.
The fact your are looking after is returned as a string :
[root#f6408271fc8c ~]# ansible localhost -m setup -a filter=ansible_distribution_major_version
localhost | SUCCESS => {
"ansible_facts": {
"ansible_distribution_major_version": "8"
},
"changed": false
}
Variables keep their types when using comparison and need to be correctly casted if need be, as demonstrated by the following playbook.
---
- hosts: localhost
tasks:
- name: default compare
debug:
msg: Comparison is true
when: ansible_distribution_major_version == 8
- name: compare as strings
debug:
msg: Comparison is true
when: ansible_distribution_major_version == "8"
- name: compare as ints
debug:
msg: Comparison is true
when: ansible_distribution_major_version | int == 8
Which gives
[root#f6408271fc8c ~]# ansible-playbook play.yml
PLAY [localhost] **************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [localhost]
TASK [default compare] ********************************************************************************************************************************************************************************************
skipping: [localhost]
TASK [compare as strings] *****************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "Comparison is true"
}
TASK [compare as ints] ********************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "Comparison is true"
}
PLAY RECAP ********************************************************************************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0

Check for Value for a Key in Dict within Ansible

I want to run a Ansible Task in a string(vlan) is found within a keys (name) value. i.e
dict
interfaces_l3:
- name: vlan101
ipv4: 192.168.1.100/24
state: present
task
- name: Enable Features
nxos_feature:
feature: interface-vlan
state: enabled
when: vlan in interfaces_l3.values()
This is what I have but currently, this is not working.
There are a few problems with your expression:
interfaces_l3.values() should just blow up, because interfaces_l3 is a list, and lists don't have a .values() method.
You are referring to a variable named vlan rather than a string "vlan".
You are asking if any item in the interfaces_l3 list contains the string "vlan" in the value of the name attribute. You could do something like this:
---
- hosts: localhost
gather_facts: false
vars:
interfaces_l3_with_vlan:
- name: vlan101
ipv4: 192.168.1.100/24
state: present
interfaces_l3_without_vlan:
- name: something else
ipv4: 192.168.1.100/24
state: present
tasks:
- name: this should run
debug:
msg: "enabling features"
when: "interfaces_l3_with_vlan|selectattr('name', 'match', 'vlan')|list"
- name: this should be skipped
debug:
msg: "enabling features"
when: "interfaces_l3_without_vlan|selectattr('name', 'match', 'vlan')|list"
Which produces the following output:
PLAY [localhost] ******************************************************************************************************************************************************************************
TASK [this should run] ************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "enabling features"
}
TASK [this should be skipped] *****************************************************************************************************************************************************************
skipping: [localhost]
PLAY RECAP ************************************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0

How do I handle rollback in case of failure using handlers in Ansible?

I wrote below yml file which will install the SSM and cloudwatch agent but I want to rollback the installation in case of any failures during the installation. I tried use FAIL but not working..Please advise..
---
# tasks file for SSMAgnetInstall
- name: status check
command: systemctl status amazon-ssm-agent
register: s_status
- debug:
msg: "{{ s_status }}"
- name: Get CPU architecture
command: getconf LONG_BIT
register: cpu_arch
changed_when: False
check_mode: no
when: s_status.stdout == ""
ignore_errors: true
- name: Install rpm file for Redhat Family (Amazon Linux, RHEL, and CentOS) 32/64-bit
yum:
name: "https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_386/amazon-ssm-agent.rpm"
state: present
when: s_status.stdout == ""
become: yes
ignore_errors: true
- name: cloud status check
command: systemctl status amazon-cloudwatch-agent
register: cld_status
become: yes
- debug:
msg: "{{ cld_status }}"
- name: Register to cloud watch service
become: yes
become_user: root
service:
name: amazon-ssm-agent
enabled: yes
state: started
- name: copy the output to a local file
copy:
content: "{{ myshell_output.stdout }}"
dest: "/home/ansible/rama/output.txt"
delegate_to: localhost
You should have a look at the the documentation on blocks, more specifically the error handling part. This is the general idea with an oversimplified example, you will have to adapt to your specific case.
The test.yml playbook
---
- hosts: localhost
gather_facts: false
tasks:
- block:
- name: I am a task that can fail
debug:
msg: "I {{ gen_fail | default(false) | bool | ternary('failed', 'succeeded') }}"
failed_when: gen_fail | default(false) | bool
- name: I am a task that will never fail
debug:
msg: I succeeded
rescue:
- name: I am a task in a block played when a failure happens
debug:
msg: rescue task
always:
- name: I am a task always played whatever happens
debug:
msg: always task
Played normally (no fail)
$ ansible-playbook test.yml
PLAY [localhost] ************************************************************************
TASK [I am a task that can fail] ********************************************************
ok: [localhost] => {
"msg": "I succeeded"
}
TASK [I am a task that will never fail] *************************************************
ok: [localhost] => {
"msg": "I succeeded"
}
TASK [I am a task always played whatever happens] ***************************************
ok: [localhost] => {
"msg": "always task"
}
PLAY RECAP ******************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Played forcing a fail
$ ansible-playbook test.yml -e gen_fail=true
PLAY [localhost] ************************************************************************
TASK [I am a task that can fail] ********************************************************
fatal: [localhost]: FAILED! => {
"msg": "I failed"
}
TASK [I am a task in a block played when a failure happens] *****************************
ok: [localhost] => {
"msg": "rescue task"
}
TASK [I am a task always played whatever happens] ***************************************
ok: [localhost] => {
"msg": "always task"
}
PLAY RECAP ******************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=1 ignored=0

Resources