I'm using Ansible to install an agent on Linux servers. There are different install procedures based on if the system is running systemd or initd. I created a role for both install procedures, but I want to see if the server is running systemd or initd first and then run the corresponding role. Below is the code I have created. Will this type of conditional work this way or am I missing the mark?
tasks:
- name: check if running initd or systemd and role the correct role
command: pidof systemd
register: pid_systemd
- name: check if running initd or systemd and role the correct role
command: pidof /sbin/init
register: pid_initd
- include_role:
name: install-appd-machine-agent-initd
when: pid_initd.stdout == '1'
- include_role:
name: install-appd-machine-agent-systemd
when: pid_systemd.stdout == '1'
Ansible collects facts of a system using gather_facts via setup module. This provides a magic variable called ansible_service_mgr. This variable can be used to conditionally execute tasks.
For example, to run your roles conditionally:
tasks:
- include_role:
name: install-appd-machine-agent-initd
when: ansible_service_mgr == "sysvinit"
- include_role:
name: install-appd-machine-agent-systemd
when: ansible_service_mgr == "systemd"
Related
I have a simple playbook that I run on new managed nodes for Ansible
the playbook has 3 roles : create ansible admin user on destination host , copy ssh key , sets sudo no passwd for ansible user
I have Rhel based nodes and also debian based nodes
for Rhel I use root , for debian root not used by default and I keep it that way so I have a different admin user called sysadmin
I am trying to find a way that the playbook will identify the OS and choose either root or sysadmin user to run the Play , and also use a proper password from a file in ansible vault
thanks
this is the playbook
name: init managed node
user: root
hosts: init_clients
become: yes
gather_facts: yes
ignore_errors: no
vars:
user: ansible-admin
passwd: password-hash
roles:
create_admin_user
set_authorized_key
set_no_pass
100% real code. But if I didn't have it at my fingertips, I would skip answering this question, as there's no indication of any effort on your part.
- name: Set the system user name for Ubuntu
set_fact:
linux_system_user: ubuntu
when: ansible_os_family == 'Debian'
- name: Set the system user name for CentOS
set_fact:
linux_system_user: centos
when: ansible_distribution == 'CentOS'
- name: Set the system user name for RedHat
set_fact:
linux_system_user: root
when: ansible_distribution == 'RedHat'
My issue is that Ansible still needs to run the first Playbook as some user
if that user is the same for all systems (root for example).
That's ok if the user is not the same.
I have to run the playbook once for Rhel and once for Debian and then change the "user" statement to a differener user.
In my ansible playbook i am taking 2 inputs from user and i also wanted to take a third input which should be optional at times and if user provides the value for var3 then playbook must execute a task otherwise it should not, so what is the way to achieve this?
Also i wanted to know that i am using awx open-source UI for ansible so i choose the hosts to run the playbook in ansible awx inventory, after that what should i write in 'hosts' of my playbook or it can be left alone.
- name: Updating "{{ service_name }}" server codebase and starting its service.
hosts: all
tasks:
- name: Stopping nginx service
command: sudo service nginx stop
- name: Performing git checkout in the specified directory "{{ path }}"
command: git checkout .
args:
chdir: "{{ path }}"
- name: Running npm install in the directory "{{ path }}"
command: npm install
args:
chdir: "{{ path }}/node_modules"
- name: Restarting the "{{ service_name }}" service
command: sudo service "{{ service_name }}" restart
- name: Restarting the nginx service
command: sudo service nginx restart
Who is the user in this instance? you? if you are the user then you can run
ansible-playbook -i hosts <your-playbook> -e "service_name=<yourservice>"
to dynamically change the service_name variable upon playbook excecution.
you can then add the second variable to the command also, but be aware with the 'optional' third variable as i'm sure if you do not reference all variables in your playbook you will get an error.
EDIT: You will need to ref both service_name and path variables when you execute the ansible-playbook command, where is the 3rd variable as it doesnt appear to be in your provided code sample?
I have a playbook which needs to be run based on the operating System.
UseCase: Lets assume there is a service that is running.
On Linux we can check if it is installed and running using the
systemctl status application.service
While command and on windows we will be using the
sc query "ServiceName" | find "RUNNING"
Now we have to install it based on the output of the above a commands which requires us to segregate the playbook based on the OS.
Classic Example: Create a directory based on the OS
- name: Install QCA Agent on Linux targets
hosts: all
gather_facts: true
remote_user: root
tasks:
- name: Create Directory for Downloading Qualys Cloud Agent
sudo: yes
sudo_user: root
file:
path: /usr/q1/
state: directory
owner: root
group: root
mode: 0777
recurse: no
- name: Create Directory for Downloading Qualys Cloud Agent
win_file:
path: c:\q1
state: directory
owner: Administrator
group: Administrator
mode: 0777
recurse: no
The playbook will alwayz be successful only if one of the condition is met and it is whether it is Windows or Unix OS. I can alwayz add a condition which will prompt based on:
when: ansible_distribution == 'Redhat' or ansible_distribution == 'CentOS'
However what i would like to achieve is based on a condition it should trigger my playbook.yml file.
name: Load a variable file based on the OS type, or a default if not found. Using free-form to specify the file.
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- default.yaml
https://docs.ansible.com/ansible/2.5/modules/include_vars_module.html?highlight=with_first_found
I would like to know if there is a better example explaining the same that i could implement or if there are other ways to achieve the same.
Thank you,
The example you show from the Ansible docs is pretty much the best practice and is common in many playbooks (and roles for that matter) that deal with multiple OSes. If you have code that is different (instead of the variable example here), you'll be using include_tasks instead of include_vars, but the concept is the same.
I have a playbook that provisions a host for use with Rails/rvm/passenger. I'd like to add use the same playbook to setup both test and production.
In testing, the user to add to the rvm group is jenkins. The one in production is passenger. My playbook excerpt below does this based on the inventory_hostname parameter.
It seems like adding a new user:/when: block in the playbook for every testing or production host is the wrong way to go here. Should I be using an Ansible role for this?
Thanks
---
- hosts: all
become: true
...
tasks:
- name: add jenkins user to rvm group when on testing
user: name={{ item }}
shell=/bin/bash
groups=rvm
append=yes
with_items:
- jenkins
when: "'bob.mydomain' in inventory_hostname"
- name: add passenger user to rvm group when on rails production
user: name={{ item }}
shell=/bin/bash
groups=rvm
append=yes
with_items:
- passenger
when: "'alice.mydomain' in inventory_hostname"
Create an inventory file called inventories/testing
[web]
alice.mydomain
[testing:children]
web
This will control what hosts are targeted when you run your playbook against your testing environment.
Create another file called group_vars/testing
rvm_user: jenkins
This file will keep all variables required for running a playbook against the testing environment. Your production file should have the same variables, but with different values.
Finally in your playbook:
---
- hosts: all
become: true
...
tasks:
- name: add user to rvm group
user:
name: "{{ rvm_user }}"
shell: "/bin/bash"
groups: rvm
append: yes
Now, when you want to run your playbook, you execute it like so:
ansible-playbook -i inventories/testing site.yml
Ansible will do the right thing, and look for a testing file in group_vars and read variables from there. It will ignore variables in a file or folder not named after your environment with the exception of a file called all which is intended to be for common variables across playbooks.
Good luck - Ansible is an amazing tool :)
I have ansible role which have task delegated to localhost:
- name: Test role
hosts: my_hosts
gather_facts: no
tasks:
- name: Register remote hosts
include_role: name=register_remote_hosts
delegate_to: localhost
The Role register_remote_systems must work for every host in my_hosts, but must be ran from the box where Ansible is invoked, that is why there is delegate_to.
The role register_remote_hosts checks for a specific application on localhost and if one is not installed it creates virtual environment and then installs it:
- name: Check if my_app is installed system-wide
shell: |
my_app --version >/dev/null 2>&1
register: my_app_cmd
failed_when: my_app_cmd.rc not in [0, 127]
- name: Install My App
block:
- name: Create temporary directory for my_app
tempfile:
state: directory
suffix: my_app
register: my_app_temp
- name: Create virtual environment
command: virtualenv "{{ my_app_temp.path }}"
- name: Install my_app
pip:
name: my_app
state: latest
virtualenv: "{{ my_app_temp.path }}"
virtualenv_site_packages: yes
- name: Set Virtual Environment variable
set_fact:
venv_activate: "source {{ my_app_temp.path }}/bin/activate"
when: my_app_cmd.rc != 0
- name: Use my_app
shell: |
{{ venv_activate | default('echo "Using my_app from system path"') }}
my_app --version
Everything works great, but if there are many hosts in my_hosts then a lot of venvs are being created.
What would be the best approach to create role which is reusing same venv with my_app installed. Note that role is included in many different playbooks and I do not want to write additional role included in every playbook where "Register remote hosts" included role is used. There is of course concurrency problem of creating venv prior to using that in other playbooks.
Above solution works and I can live with it, but maybe there are nicer design patterns for such problems in Ansible.
Solution is to put run_once (thanks #ssbarnea):
when: my_app_cmd.rc != 0
run_once: yes