Develop Reference

How to make Ansible ignore changes in certain lines in file

I have a regular ubuntu VM. My ansible playbook is the following
---
- hosts: linux
tasks:
- name: "Creating a file file.txt"
become: yes
copy: src=./file.txt dest=~/file.txt
notify: restart some_app
handlers:
- name: restart some_app
become: yes
service:
name=some_app
state=restarted
And the contents of my file are
First line
Second line
After creating my VM I apply my ansible playbook. Then I am doing some work on ubuntu VM which could change the contents of file.txt (in Ubuntu VM, not in host). And when my work is done I apply anible playbook again. But I want to restart some_app only when changes are made to the First line in my file and ignore any changes made to the Second line (during some work in ubuntu VM). For example:
If after my work I have (on Ubuntu VM)
First line
Changed Second line
I want ansible to do nothing to this file (I don't want it to be replaced by initial file.txt on my host) and I don't want some_app to be started.
But if I have
Changed First line
Changed Second line
I want ansible to replace only First line and restart some_app, so after applying ansible playbook I would have
First line
Changed Second line
Is it possible to create Second line only once and then make ansible ignore it completly? How can I make this possible using ansible playbook? I can't split my file.txt into two different files or smth like this.

You can create backup and diff the first lines of the files.
For example, if the destination does not exist the module copy reports changed in the registered dictionary. The attribute backup_file is undefined. In this case, changed_when evaluates to True and the handler is notified
- copy:
src: file.txt
dest: ~/file.txt
backup: true
register: copy_result
changed_when:
- copy_result is changed
- copy_result.backup_file is undefined
notify: restart some_app
If the destination exists you want to notify the handler if the first line changes. Create the block below to test the first line. The tasks in the block will be executed only if a backup file is created
- block:
- script:
cmd: '{{ playbook_dir}}/diff_first_line {{ copy_result.backup_file }}'
executable: /bin/bash
register: diff_result
ignore_errors: true
changed_when: diff_result.stdout_lines.0|d('') == '1c1'
notify: restart some_app
- debug:
var: diff_result
when: debug|d(false)|bool
when:
- copy_result.backup_file is defined
Create the script below. The script returns the diff between the first lines of the destination ~/file.txt and the backup file
shell> cat diff_first_line
diff <(head -n 1 ~/file.txt) <(head -n 1 $1)
exit 0
Create the handler for testing
handlers:
- name: restart some_app
debug:
msg: First line of ~/file.txt changed
Example of a complete playbook for testing
shell> cat pb.yml
- hosts: test_24
tasks:
- copy:
src: file.txt
dest: ~/file.txt
backup: true
register: copy_result
changed_when:
- copy_result is changed
- copy_result.backup_file is undefined
notify: restart some_app
- debug:
var: copy_result
when: debug|d(false)|bool
- block:
- script:
cmd: '{{ playbook_dir}}/diff_first_line {{ copy_result.backup_file }}'
executable: /bin/bash
register: diff_result
ignore_errors: true
changed_when: diff_result.stdout_lines.0|d('') == '1c1'
notify: restart some_app
- debug:
var: diff_result
when: debug|d(false)|bool
when:
- copy_result.backup_file is defined
handlers:
- name: restart some_app
debug:
msg: First line of ~/file.txt changed
If the destination does not exist the file will be created and the handler will be notified
shell> ansible-playbook pb.yml
PLAY [test_24] *******************************************************************************
TASK [copy] **********************************************************************************
changed: [test_24]
TASK [debug] *********************************************************************************
skipping: [test_24]
TASK [script] ********************************************************************************
skipping: [test_24]
TASK [debug] *********************************************************************************
skipping: [test_24]
RUNNING HANDLER [restart some_app] ***********************************************************
ok: [test_24] =>
msg: First line of ~/file.txt changed
PLAY RECAP ***********************************************************************************
test_24: ok=2 changed=1 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
shell> ssh admin#test_24 sudo cat /root/file.txt
First line
Second line
If the destination exists and the first line changed
shell> ssh admin#test_24 sudo cat /root/file.txt
First line changed
Second line
The script in the block will compare the first lines of the files and will notify the handler. Running the playbook with the variable debug=true gives
shell> ansible-playbook pb.yml -e debug=true
PLAY [test_24] *******************************************************************************
TASK [copy] **********************************************************************************
ok: [test_24]
TASK [debug] *********************************************************************************
ok: [test_24] =>
copy_result:
backup_file: /root/file.txt.1520674.2023-01-05#11:00:41~
changed: false
checksum: e23b0534d0708167023aba6f65ef83afe38d52df
dest: /root/file.txt
diff: []
failed: false
gid: 0
group: root
md5sum: cbfa34ef619be185bfbe2b8c8f104d97
mode: '0644'
owner: root
secontext: system_u:object_r:admin_home_t:s0
size: 23
src: /home/admin/.ansible/tmp/ansible-tmp-1672934439.424632-1552928-229786621684419/source
state: file
uid: 0
TASK [script] ********************************************************************************
changed: [test_24]
TASK [debug] *********************************************************************************
ok: [test_24] =>
diff_result:
changed: true
failed: false
rc: 0
stderr: |-
Shared connection to test_24 closed.
stderr_lines:
- Shared connection to test_24 closed.
stdout: |-
1c1
< First line
---
> First line changed
stdout_lines:
- 1c1
- < First line
- '---'
- '> First line changed'
RUNNING HANDLER [restart some_app] ***********************************************************
ok: [test_24] =>
msg: First line of ~/file.txt changed
PLAY RECAP ***********************************************************************************
test_24: ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The handler won't be notified if the first line doesn't change
shell> ssh admin#test_24 sudo cat /root/file.txt
First line
Second line changed
shell> ansible-playbook pb.yml -e debug=true
PLAY [test_24] *******************************************************************************
TASK [copy] **********************************************************************************
ok: [test_24]
TASK [debug] *********************************************************************************
ok: [test_24] =>
copy_result:
backup_file: /root/file.txt.1522339.2023-01-05#11:02:50~
changed: false
checksum: e23b0534d0708167023aba6f65ef83afe38d52df
dest: /root/file.txt
diff: []
failed: false
gid: 0
group: root
md5sum: cbfa34ef619be185bfbe2b8c8f104d97
mode: '0644'
owner: root
secontext: system_u:object_r:admin_home_t:s0
size: 23
src: /home/admin/.ansible/tmp/ansible-tmp-1672934567.8696983-1553096-127236704493791/source
state: file
uid: 0
TASK [script] ********************************************************************************
ok: [test_24]
TASK [debug] *********************************************************************************
ok: [test_24] =>
diff_result:
changed: false
failed: false
rc: 0
stderr: |-
Shared connection to test_24 closed.
stderr_lines:
- Shared connection to test_24 closed.
stdout: ''
stdout_lines: []
PLAY RECAP ***********************************************************************************
test_24: ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Ansible: How to check multiple servers for a text file value, to decide which servers to run the script on?

I am trying to ask Ansible to check if a server is passive or active based on the value of a specific file in each server, then Ansible will decide which server it runs the next script on.
For example with 2 servers:
Server1
cat /tmp/currentstate
PASSIVE
Server2
cat /tmp/currentstate
ACTIVE
In Ansible
Trigger next set of jobs on server where the output was ACTIVE.
Once the jobs complete, trigger next set of jobs on server where output was PASSIVE
What I have done so far to grab the state, and output the value to Ansible is
- hosts: "{{ hostname1 | mandatory }}"
gather_facts: no
tasks:
- name: Grab state of first server
shell: |
cat {{ ans_script_path }}currentstate.log
register: state_server1
- debug:
msg: "{{ state_server1.stdout }}"
- hosts: "{{ hostname2 | mandatory }}"
gather_facts: no
tasks:
- name: Grab state of second server
shell: |
cat {{ ans_script_path }}currentstate.log
register: state_server2
- debug:
msg: "{{ state_server2.stdout }}"
What I have done so far to trigger the script
- hosts: "{{ active_hostname | mandatory }}"
tasks:
- name: Run the shutdown on active server first
shell: sh {{ ans_script_path }}stopstart_terracotta_main.sh shutdown
register: run_result
- debug:
msg: "{{ run_result.stdout }}"
- hosts: "{{ passive_hostname | mandatory }}"
tasks:
- name: Run the shutdown on passive server first
shell: sh {{ ans_script_path }}stopstart_terracotta_main.sh shutdown
register: run_result
- debug:
msg: "{{ run_result.stdout }}"
but I don't know how to set the value of active_hostname & passive_hostname based on the value from the script above.
How can I set the Ansible variable of active_hostname & passive_hostname based on the output of the first section?

A better solution came to my mind is to include hosts in new groups according to their state.
This would be more optimal in case there are more than two hosts.
- hosts: all
gather_facts: no
vars:
ans_script_path: /tmp/
tasks:
- name: Grab state of server
shell: |
cat {{ ans_script_path }}currentstate.log
register: server_state
- add_host:
hostname: "{{ item }}"
# every host will be added to a new group according to its state
groups: "{{ 'active' if hostvars[item].server_state.stdout == 'ACTIVE' else 'passive' }}"
# Shorter, but the new groups will be in capital letters
# groups: "{{ hostvars[item].server_state.stdout }}"
loop: "{{ ansible_play_hosts }}"
changed_when: false
- name: show the groups the host(s) are in
debug:
msg: "{{ group_names }}"
- hosts: active
gather_facts: no
tasks:
- name: Run the shutdown on active server first
shell: hostname -f # changed that for debugging
register: run_result
- debug:
msg: "{{ run_result.stdout }}"
- hosts: passive
gather_facts: no
tasks:
- name: Run the shutdown on passive server first
shell: hostname -f
register: run_result
- debug:
msg: "{{ run_result.stdout }}"
test-001 is PASSIVE
test-002 is ACTIVE
PLAY [all] ***************************************************************
TASK [Grab state of server] **********************************************
ok: [test-002]
ok: [test-001]
TASK [add_host] **********************************************************
ok: [test-001] => (item=test-001)
ok: [test-001] => (item=test-002)
TASK [show the groups the host(s) are in] ********************************
ok: [test-001] => {
"msg": [
"passive"
]
}
ok: [test-002] => {
"msg": [
"active"
]
}
PLAY [active] *************************************************************
TASK [Run the shutdown on active server first] ****************************
changed: [test-002]
TASK [debug] **************************************************************
ok: [test-002] => {
"msg": "test-002"
}
PLAY [passive] ************************************************************
TASK [Run the shutdown on passive server first] ****************************
changed: [test-001]
TASK [debug] **************************************************************
ok: [test-001] => {
"msg": "test-001"
}
PLAY RECAP ****************************************************************
test-001 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test-002 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

For example, given two remote hosts
shell> ssh admin#test_11 cat /tmp/currentstate.log
ACTIVE
shell> ssh admin#test_13 cat /tmp/currentstate.log
PASSIVE
The playbook below reads the files and runs the commands on active and passive servers
shell> cat pb.yml
- hosts: "{{ host1 }},{{ host2 }}"
gather_facts: false
vars:
server_states: "{{ dict(ansible_play_hosts|
zip(ansible_play_hosts|
map('extract', hostvars, ['server_state', 'stdout'])|
list)) }}"
server_active: "{{ server_states|dict2items|
selectattr('value', 'eq', 'ACTIVE')|
map(attribute='key')|list }}"
server_pasive: "{{ server_states|dict2items|
selectattr('value', 'eq', 'PASSIVE')|
map(attribute='key')|list }}"
tasks:
- command: cat /tmp/currentstate.log
register: server_state
- debug:
var: server_state.stdout
- block:
- debug:
var: server_states
- debug:
var: server_active
- debug:
var: server_pasive
run_once: true
- command: echo 'Shutdown active server'
register: out_active
delegate_to: "{{ server_active.0 }}"
- command: echo 'Shutdown passive server'
register: out_pasive
delegate_to: "{{ server_pasive.0 }}"
- debug:
msg: |
{{ server_active.0 }}: [{{ out_active.stdout }}] {{ out_active.start }}
{{ server_pasive.0 }}: [{{ out_pasive.stdout }}] {{ out_pasive.start }}
run_once: true
shell> ansible-playbook pb.yml -e host1=test_11 -e host2=test_13
PLAY [test_11,test_13] ***********************************************************************
TASK [command] *******************************************************************************
changed: [test_13]
changed: [test_11]
TASK [debug] *********************************************************************************
ok: [test_11] =>
server_state.stdout: ACTIVE
ok: [test_13] =>
server_state.stdout: PASSIVE
TASK [debug] *********************************************************************************
ok: [test_11] =>
server_states:
test_11: ACTIVE
test_13: PASSIVE
TASK [debug] *********************************************************************************
ok: [test_11] =>
server_active:
- test_11
TASK [debug] *********************************************************************************
ok: [test_11] =>
server_pasive:
- test_13
TASK [command] *******************************************************************************
changed: [test_11]
changed: [test_13 -> test_11]
TASK [command] *******************************************************************************
changed: [test_11 -> test_13]
changed: [test_13]
TASK [debug] *********************************************************************************
ok: [test_11] =>
msg: |-
test_11: [Shutdown active server] 2022-10-27 11:16:00.766309
test_13: [Shutdown passive server] 2022-10-27 11:16:02.501907
PLAY RECAP ***********************************************************************************
test_11: ok=8 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
test_13: ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

From the description of your use case I understand that you like to perform tasks on certain servers which a have service role installed (annot.: Terracotta Server) and based on a certain service state.
Therefore, I like to recommend an approach with Custom facts.
Depending on if you have control about where the currentstate.log is placed or how it is structured, you could use in example something like
cat /tmp/ansible/service/terracotta.fact
[currentstate]
ACTIVE = true
PASSIVE = false
or add dynamic facts by adding executable scripts to facts.d ...
Means, alternatively, you can add the current service state to your host facts by creating and running a script in facts.d, which would just read the content of /tmp/currentstate.log.
Then, a sample playbook like
---
- hosts: localhost
become: false
gather_facts: true
fact_path: /tmp/ansible/service
gather_subset:
- "!all"
- "!min"
- "local"
tasks:
- name: Show Gathered Facts
debug:
msg: "{{ ansible_facts }}"
when: ansible_local.terracotta.currentstate.active | bool
will result into an output of
TASK [Show Gathered Facts] ******
ok: [localhost] =>
msg:
ansible_local:
terracotta:
currentstate:
active: 'true'
passive: 'false'
gather_subset:
- '!all'
- '!min'
- local
module_setup: true
An other approach is to address How the inventory is build and Group the hosts
[terracotta:children]
terracotta_active
terracotta_passive
[terracotta_active]
terracotta1.example.com
[terracotta_passive]
terracotta2.example.com
You can then just easily and simple define where a playbook or task should run, just by Targeting hosts and groups
ansible-inventory -i hosts--graph
#all:
|--#terracotta:
| |--#terracotta_active:
| | |--terracotta1.example.com
| |--#terracotta_passive:
| | |--terracotta2.example.com
|--#ungrouped:
ansible-inventory -i hosts terracotta_active --graph
#terracotta_active:
|--terracotta1.example.com
or Conditionals based on ansible_facts, in example
when: 'terracotta_active' in group_names
... from my understanding, both would be minimal and simple solutions without re-implementing functionality which seems to be already there.

Play recap and ignored=1 in Ansible

I am checking whether all services related to a docker-compose.yml are running on a system. The code snippet shown below.
---
- name:
shell: docker-compose ps -q "{{ item }}"
register: result
ignore_errors: yes
The code above works as expected. I have to ignore errors otherwise Ansible will not complete. The following result shows ignored=1
PLAY RECAP *******************************************************************************************************
192.168.50.219 : ok=38 changed=12 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1
If this completes successfully I want to run a subsequent playbook but don't know how to specify ignored=1 correctly.
---
- name:
include_tasks: do_other_things.yml
when: ignored is false
How do I get the result from PLAY RECAP into something I can test with?

A better idea than trying to cope with the error returned by docker compose ps when the container does not exist would be to use the purposed module: docker_container_info to achieve the same.
Given the playbook:
- hosts: localhost
gather_facts: no
tasks:
- docker_container_info:
name: "{{ item }}"
register: containers
loop:
- node1 # exists
- node404 # does not exists
- debug:
msg: "`{{ item.item }}` is not started"
loop: "{{ containers.results }}"
loop_control:
label: "{{ item.item }}"
when: not item.exists
This would yield:
TASK [docker_container_info] *************************************************
ok: [localhost] => (item=node1)
ok: [localhost] => (item=node404)
TASK [debug] *****************************************************************
skipping: [localhost] => (item=node1)
ok: [localhost] => (item=node404) =>
msg: `node404` is not started

Or condition is not working with set_facts in my playbook

I created one playbook to run the tasks based on the test case so I have created like below
Here when I pass the ansible-playbook playbook.yml -e stage=1, it's skipping all the tasks, and when I debug the test_case* values I could see both are in a false state, So can some help me to work this code.
---
- name: test
hosts: localhost
tasks:
- name: setting the level
set_fact:
test_case_1: "{{ stage == 1 }}"
test_case_2: "{{ stage == 1 or stage == 2 }}"
- name: "running ls command"
shell: "ls -l"
register: testing
when:
- test_case_1 == true
- debug:
msg: "{{ testing.stdout_lines }}"
when:
- test_case_1 == true
- name: "kickoff"
shell: "df -Th"
register: kick
when:
- test_case_2 == true
- name: "printing kickoff"
debug:
msg: "{{ kick.stdout_lines }}"
when:
- test_case_2 == true
Below is the error results which I am getting
[root#server ~]# ansible-playbook playbook.yml -e stage=1
PLAY [test] ***********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [localhost]
TASK [setting the level] **********************************************************************************************
ok: [localhost]
TASK [running ls command] *********************************************************************************************
skipping: [localhost]
TASK [debug] **********************************************************************************************************
skipping: [localhost]
TASK [kickoff] ********************************************************************************************************
skipping: [localhost]
TASK [printing kickoff] ***********************************************************************************************
skipping: [localhost]
PLAY RECAP ************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
[root#server ~]#
expected results should be, it should execute all the tasks from the play.

Your problem is that you are performing an integer comparison (stage == 1), but when you provide a value on the command line via -e stage=1, you are setting a string value.
You probably want to case the value of stage to an integer using the int filter.
---
- name: test
hosts: localhost
tasks:
- name: setting the level
set_fact:
test_case_1: "{{ stage|int == 1 }}"
test_case_2: "{{ stage|int == 1 or stage|int == 2 }}"
With this change, things seem to work as expected.
Unrelated to your question, but you could rewrite the second test like this:
{{ stage|int in [1, 2] }}
That simplifies things a bit.

How do I handle rollback in case of failure using handlers in Ansible?

I wrote below yml file which will install the SSM and cloudwatch agent but I want to rollback the installation in case of any failures during the installation. I tried use FAIL but not working..Please advise..
---
# tasks file for SSMAgnetInstall
- name: status check
command: systemctl status amazon-ssm-agent
register: s_status
- debug:
msg: "{{ s_status }}"
- name: Get CPU architecture
command: getconf LONG_BIT
register: cpu_arch
changed_when: False
check_mode: no
when: s_status.stdout == ""
ignore_errors: true
- name: Install rpm file for Redhat Family (Amazon Linux, RHEL, and CentOS) 32/64-bit
yum:
name: "https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_386/amazon-ssm-agent.rpm"
state: present
when: s_status.stdout == ""
become: yes
ignore_errors: true
- name: cloud status check
command: systemctl status amazon-cloudwatch-agent
register: cld_status
become: yes
- debug:
msg: "{{ cld_status }}"
- name: Register to cloud watch service
become: yes
become_user: root
service:
name: amazon-ssm-agent
enabled: yes
state: started
- name: copy the output to a local file
copy:
content: "{{ myshell_output.stdout }}"
dest: "/home/ansible/rama/output.txt"
delegate_to: localhost

You should have a look at the the documentation on blocks, more specifically the error handling part. This is the general idea with an oversimplified example, you will have to adapt to your specific case.
The test.yml playbook
---
- hosts: localhost
gather_facts: false
tasks:
- block:
- name: I am a task that can fail
debug:
msg: "I {{ gen_fail | default(false) | bool | ternary('failed', 'succeeded') }}"
failed_when: gen_fail | default(false) | bool
- name: I am a task that will never fail
debug:
msg: I succeeded
rescue:
- name: I am a task in a block played when a failure happens
debug:
msg: rescue task
always:
- name: I am a task always played whatever happens
debug:
msg: always task
Played normally (no fail)
$ ansible-playbook test.yml
PLAY [localhost] ************************************************************************
TASK [I am a task that can fail] ********************************************************
ok: [localhost] => {
"msg": "I succeeded"
}
TASK [I am a task that will never fail] *************************************************
ok: [localhost] => {
"msg": "I succeeded"
}
TASK [I am a task always played whatever happens] ***************************************
ok: [localhost] => {
"msg": "always task"
}
PLAY RECAP ******************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Played forcing a fail
$ ansible-playbook test.yml -e gen_fail=true
PLAY [localhost] ************************************************************************
TASK [I am a task that can fail] ********************************************************
fatal: [localhost]: FAILED! => {
"msg": "I failed"
}
TASK [I am a task in a block played when a failure happens] *****************************
ok: [localhost] => {
"msg": "rescue task"
}
TASK [I am a task always played whatever happens] ***************************************
ok: [localhost] => {
"msg": "always task"
}
PLAY RECAP ******************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=1 ignored=0