Ansible yaml file reporting error on Azure Pipelines - ansible

Please find below the Run Playbook task:
It is given me errors as below:
However, there are no syntax issues, I can assure you that for sure. Ran the syntax check on My CentOS VM (CentOS 7.6)
ansible-playbook -i azure_rm.py ../playbooks/common.yml --syntax-check
[ERROR]: /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.1) or chardet (2.2.1) doesn't match a supported version!
RequestsDependencyWarning) No handlers could be found for logger "msrestazure.azure_active_directory"
playbook: ../playbooks/common.yml
The content of common.yml is below:
- name: Execute common operations across all Windows servers
hosts: all
gather_facts: yes
tasks:
- name: Set timezone to A.U.S. Eastern Time (DST)
win_timezone:
timezone: AUS Eastern Standard Time
- name: Set the region format to English Australia and copy settings to new profiles
win_region:
location: 12
format: en-AU
copy_settings: True
unicode_language: en-AU
register: result
- win_reboot:
when: result.restart_required
- name: Create directory structure
win_file:
path: C:\Temp\
state: directory
# - win_copy:
# src: /data/OnlyOnMyPC/ansible/scripts/
# dest: 'C:\temp\'
# remote_src: no
# force: yes

Related

Ansible Lint isn't able to catch certain errors for the playbook tasks

name[missing] rule is not checked for the standalone playbook. however, its checked for the role though. here is an example ansible-playbook I tested and once I run ansible-lint, it says 'Passed with production profile: 0 failure(s), 0 warning(s) on 1 files' which means no error/warning found:
---
- name: Update web servers
hosts: webservers
remote_user: root
gather_facts: false
tasks:
- ansible.builtin.yum:
name: httpd
state: latest
- ansible.builtin.template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
as you can see, it doesn't have name in the task which should be caught while running ansible-lint. however, name[missing] works fine for roles.
Using the latest ansible-lint 6.11
shell> ansible-lint --version
ansible-lint 6.11.0 using ansible 2.14.1
Your playbook
shell> cat playbook.yaml
- name: Update web servers
hosts: webservers
remote_user: root
gather_facts: false
tasks:
- ansible.builtin.yum:
name: httpd
state: latest
- ansible.builtin.template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
failed as expected
shell> ansible-lint playbook.yaml
WARNING Listing 4 violation(s) that are fatal
name[missing]: All tasks should be named.
playbook.yaml:8 Task/Handler: yum name=httpd state=latest
package-latest: Package installs should not use latest.
playbook.yaml:8 Task/Handler: yum name=httpd state=latest
name[missing]: All tasks should be named.
playbook.yaml:11 Task/Handler: template src=/srv/httpd.j2 dest=/etc/httpd.conf
risky-file-permissions: File permissions unset or incorrect. (warning)
playbook.yaml:11 Task/Handler: template src=/srv/httpd.j2 dest=/etc/httpd.conf
You can skip specific rules or tags by adding them to your configuration file:
# .config/ansible-lint.yml
warn_list: # or 'skip_list' to silence them completely
- experimental # all rules tagged as experimental
- name[missing] # Rule for checking task and play names.
- package-latest # Package installs should not use latest.
Rule Violation Summary
count tag profile rule associated tags
2 name[missing] basic idiom
1 package-latest safety idempotency
1 risky-file-permissions safety unpredictability, experimental (warning)
Failed after min profile: 3 failure(s), 1 warning(s) on 1 files.

Ansible with no action detected in task

I would like to check TLS/SSL certificate expiration date from Ansible.
After execute a valid YML (ansible-playbook TEST.yml) appears the following error:
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
The error appears to have been in '/scripts/Ansible/TEST.yml': line 15, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: check validity
^ here
This is the code:
- name: find cerfication files & expiration dates
hosts: 10.0.1.41
gather_facts: false
tasks:
- name: Find cert files under /etc/pki/tls/certs
find:
paths: /etc/pki/tls/certs
file_type: file
patterns: "*.crt"
recurse: yes
excludes: "localhost.crt"
register: find_result
- name: check validity
openssl_certificate_info:
path: "{{ item.path }}"
valid_at:
point_1: "+1w"
point_2: "+10w"
register: result
loop: "{{ find_result.files|flatten(levels=1) }}"
- debug: msg= "{{ result }}"
What's the exactly wrong?
My version:
[root#ansible Ansible]# ansible-playbook --version
ansible-playbook 2.6.20
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.6/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.6.6 (r266:84292, Jun 20 2019, 14:14:55) [GCC 4.4.7 20120313 (Red Hat 4.4.7-23)]
You are on a really old version of Ansible, I would recommend you to upgrade since your version had an end of support long ago (November 6, 2019).
Now, the module you are trying to use didn't exist in the version 2.6, that's the reason for the error raised by Ansible.
In the version 2.6, the way to check a certificate was to use the openssl_certificate module.
Something like:
- name: check validity
openssl_certificate:
path: "{{ item.path }}"
provider: assertonly
valid_at: 20171221162800Z
register: result
loop: "{{ find_result.files }}"

Ansible playbook “path specified in src not found”

I am runnning into this message when I do this :
ansible-playbook -i inventory junos_config_new.yml --check -vvv
ansible-playbook 2.9.9 config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules',
'/usr/share/ansible/plugins/modules'] ansible python module location =
/root/.local/lib/python3.6/site-packages/ansible executable location =
/usr/bin/ansible-playbook python version = 3.6.8 (default, Nov 21
2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] Using
/etc/ansible/ansible.cfg as config file host_list declined parsing
/home/gefela/ansible_junos/inventory as it did not pass its
verify_file() method script declined parsing
/home/gefela/ansible_junos/inventory as it did not pass its
verify_file() method auto declined parsing
/home/gefela/ansible_junos/inventory as it did not pass its
verify_file() method Parsed /home/gefela/ansible_junos/inventory
inventory source with ini plugin
PLAYBOOK: junos_config_new.yml ***************************************************************************************************************************** 1 plays in junos_config_new.yml
This is the playbook that I have ...
name: Juniper SRX configuration compliance checks
hosts: juniper
gather_facts: false
connection: local
tasks:
- name: Syslog server checks
junos_config:
src: ~/ansible_junos/files/syslog_config.txt
comment: Ensure that appropriate Syslog server configured
register: junos_output
- debug:
var: junos_output
- name: success
debug:
msg: Syslog server check - This check has passed with the following output({{ junos_output }})
when: not junos_output.changed
- name: failed
debug:
msg: Syslog server check - This check has failed with the following output({{ junos_output }})
when: junos_output.changed
- name: Admin credentials check
junos_config:
src: ~/ansible_junos/files/admin_user.txt
comment: Ensure that Admin user havee been created
register: junos_output
- debug:
var: junos_output
- name: success
debug:
msg: Admin credentials check - This check has passed with the following output({{ junos_output }})
when: not junos_output.changed
- name: failed
debug:
msg: Admin credentials check - This check has failed with the following output({{ junos_output }})
when: junos_output.changed
The directory ~/ansible_junos/files/syslog_config.txt is in the right place
Should ~/ansible_junos/files/ be the right place to place all the configuration to be compared against the firewall ?
Please let me know ..
It's because ~ is a bash feature, and not an actual path component; your shell expands ~ to mean the home directory for the current user (or for the user named directly after the ~), however, ansible modules would have to go out of their way to use expanduser to behave like that.
You can try sending the filename through the | expanduser filter, or you may have to use gather_facts: true in order to have access to ansible_env.HOME
- set_fact:
config_directory: '{{ "~/ansible_junos/files" | expanduser }}'
- name: Syslog server checks
junos_config:
src: '{{ config_directory }}/syslog_config.txt'
comment: Ensure that appropriate Syslog server configured
register: junos_output
src jues need "admin_user.txt"
- name: Admin credentials check
junos_config:
src: "admin_user.txt"
comment: Ensure that Admin user havee been created
register: junos_output
add you can add admin_user.txt in files/admin_user.txt
I had to change the inventory file ( ansible_user and ansible_password ) and change this
set_fact:
config_directory: '{{ "~/ansible_junos/files" | expanduser }}'
name: Syslog server checks
junos_config:
src: '{{ config_directory }}/syslog_config.txt'
comment: Ensure that appropriate Syslog server configured
register: junos_output
to
set_fact:
config_directory: '{{ "/home/myfolder/ansible_junos/files" }}'
name: Syslog server checks
junos_config:
src: '{{ config_directory }}/syslog_config.txt'
comment: Ensure that appropriate Syslog server configured
register: junos_output

How to caching Windows fact of ansible_fact to Redis?

I have ansible_fact caching using redis.
It is well gathering to cache of redis for RHEL/AIX/HPUX and using ansible_fact of playbook.
but, Windows fact is not caching to redis.
What problem? or What configuration will do?
My ansible version is
[user]$ ansible --version
ansible 2.8.0
config file = /home/user/.ansible.cfg
configured module search path = [u'/home/user/utility/module']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Mar 26 2019, 22:13:06) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
My ansible.cfg is
$ ansible-config dump --only-changed
ANSIBLE_PIPELINING(/home/user/.ansible.cfg) = True
CACHE_PLUGIN(/home/user/.ansible.cfg) = redis
CACHE_PLUGIN_CONNECTION(/home/user/.ansible.cfg) = localhost:6379:0
CACHE_PLUGIN_TIMEOUT(/home/user/.ansible.cfg) = 86100
DEFAULT_FACT_PATH(/home/user/.ansible.cfg) = /home/user/facts.d
DEFAULT_GATHERING(/home/user/.ansible.cfg) = smart
DEFAULT_REMOTE_USER(/home/user/.ansible.cfg) = user
First playbook is well done (gather_fact: yes), gathering ansible_memtotal_mb for windows
- name: gather fact
hosts: windows
gather_facts: yes
tasks:
- name: insertline
lineinfile
path: "fact.html"
insertbefore: "</th></tr>"
line: "{{ ansible_memtotal_mb }}"
Second playbook is problem (gather_fact: no), it is not use fact for cache data and fatal error occur.
- name: gather fact
hosts: windows
gather_facts: no
tasks:
- name: insertline
lineinfile
path: "fact.html"
insertbefore: "</th></tr>"
line: "{{ ansible_memtotal_mb }}"
The ansible_memtotal_mb is not using cache data of redis, despite of using cache for redis.
TASK [(lineinfile) Save result DATA to HTML file. ****************************
Tuesday 30 July 2019 10:41:40 +0900 (0:00:00.613) 0:00:07.639 **********
fatal: [hostname]: FAILED! => {"msg": "The task includes an option with an
undefined variable. The error was: 'ansible_memtotal_mb' is undefined
The error appears to be in '/home/user/systeminfo.yml': line 73, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: (lineinfile) Save result DATA to HTML file. [\"{{ WEB_DIR }}\"]
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- \"{{ foo }}\"
"}

error conflicting actions statements

My playbook appears as follows:
hosts: localhost
tasks:
name: Get the build synchronize:
mode=pull src=jenkins_server_ip:/home/capsilon/Jenkins/trunk/builds/{{item}}/ dest=/home/builds/{{item}}
with_items:
['as2-client', 'amc-gateway', 'router']
hosts: localhost
tasks:
name: Zip and send
command: /bin/sh "/home/zipfile.sh"
hosts: windows
tasks:
name: Deployment
win_get_url:
url: 'http://server_ip/builds/build.zip'
dest: 'D:\build.zip'
win_unzip:
src: D:\build.zip
dest: D:\
Get the following error:
ERROR! conflicting action statements
The error appears to have been in '/etc/ansible/playbooks/new_logic_zip.yaml': line 16, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
- name: Deployment
^ here
What is the error here??
Using latest git developer code. Any help would be really appreciated.
It needs to have quotes around the src and dest on the win_unzip task which also need to be defined separate to win_get_url:
- name: Deployment
win_get_url:
url: 'http//server_ip/builds/build.zip'
dest: 'D:\build.zip'
- win_unzip:
src: 'D:\build.zip'
dest: 'D:\'

Resources