Ansible: module command - ansible

I want to execute this command with Ansible:
grep -v -P "^#" /etc/snort/community-sid-msg.map > /etc/snort/community-sid-msg-no-comments.map
I want to know what characters I have to include in my Ansible code:
- name: create file
command: "grep -v -P "^#" /etc/snort/community-sid-msg.map > /etc/snort/community-sid-msg-no-comments.map"

Wouldn't be better to use the copy and replace modules?
- copy:
src: /etc/snort/community-sid-msg.map
dest: etc/snort/community-sid-msg-no-comments.map
- replace:
path: etc/snort/community-sid-msg-no-comments.map
regexp: "^#[^\n]*\n"

Related

Getting error when try to list all users on the hosts

I am trying to get all the users I created on the hosts machine. When I run the following command on terminal, I get all the users on the machine.
sudo getent passwd {1000..6000} | cut -d":" -f1
However when I try to run it using ansible, I get an error. I tried all like enquoting in double quotes, escaping the brackets, piping the output to cat etc but nothing is working.
---
- name: "run commands"
become: true
gather_facts: no
hosts: all
tasks:
- name: list all users
shell: getent passwd {1000..6000} | cut -d":" -f1
register: getent
- debug: var=getent.stdout_lines
Note that, per default, Ansible is using /bin/sh, as pointed in the synopsis of the command.
It is almost exactly like the ansible.builtin.command module but runs the command through a shell (/bin/sh) on the remote node.
Source: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html#synopsis
But sh won't interpret a sequence construct like {0..10}.
There are two ways you can overcome this:
Using seq rather:
- shell: getent passwd $(seq 1000 6000) | cut -d":" -f1
register: getent
Specifying to the shell task that you want it executed via bash:
- shell: getent passwd {1000..6000} | cut -d":" -f1
register: getent
args:
executable: /bin/bash

Ansible - Check if PermitRootLogin is equal to no

i'm new in Ansible
I would like to know if the value of PermitRootLogin = no in / etc / ssh / sshd_config
- hosts: RH7
tasks:
- name: read File
shell: cat /etc/ssh/sshd_config
register: PermitRootLogin no
help me pls
You can use something like this :
- hosts: RH7
tasks:
- name: read File
shell: awk '/#PermitRootLogin/ {print $2}' /etc/ssh/sshd_config
register: PermitRootLogin
- debug: msg="{{ PermitRootLogin.stdout }}"
cat /etc/ssh/sshd_config | awk '/#PermitRootLogin/ {print $2}' : This command will give you the output of PermitRootLogin from the file /etc/ssh/sshd_config.
We will save the value in PermitRootLogin variable and can see it using the debug command.

Ansible playbook put find exhaust to text file with sed

How to start a playbook when pulling a playbook and insert it into the config? for example in /etc/nginx/sites-available/default
need to insert this
fastcgi_pass unix: /var/run/php/php7.0-fpm.sock;
How to insert for example 7.1 or 7.2 instead of 7.0 if the PHP versions will differ?
Partially found the solution using find, but how now to insert the result of find into the file?
I use the command: find /var/run/php/ -name *.sock
exhaust such: /var/run/php/php7.2-fpm.sock
Now this case should be inserted into the file by sed
An option would be to use lineinfile
- shell: "php -n -v | head -n 1 | cut -d ' ' -f 2 | cut -d '.' -f 1,2"
register: php_version
- lineinfile:
path: /etc/nginx/sites-available/default
regexp: "^fastcgi_pass unix:"
line: "fastcgi_pass unix: /var/run/php/php{{ php_version.stdout }}-fpm.sock;"

Ansible module lineinfile with variable path

I need to use the Ansible lineinfile module in such a way that it operates on a variable path. (This is for Ansible 2.5.2.) In this example the filename should depend on the version of PostgreSQL that is actually installed on a remote host (instead of a hardwired version 9.6):
- lineinfile:
path: /etc/postgresql/9.6/main/postgresql.conf
regexp: '^#?\s*log_connections\s*='
line: 'log_connections = on'
state: present
In bash I would use e.g. this expression for obtaining the version and the path:
/etc/postgresq/$(pg_lsclusters -h | awk '{print $1}' | head -n 1)/main/postgresql.conf
It apparently does not work verbatim as parameter path to Ansible's lineinfile module:
FAILED! => {"changed": false, "msg": "Destination
/etc/postgresq/$(pg_lsclusters -h | awk '{print $1}' | head -n
1)/main/postgresql.conf does not exist !", "rc": 257}
So my question is this: How can I form a variable path with Ansible in this use case?
This seems to work fine:
- name: Got it!
command: bash -c "pg_lsclusters -h | awk '{print $1; exit}'"
register: version
- set_fact: version='{{version.stdout}}'
- lineinfile:
path: "/etc/postgresql/{{version}}/main/postgresql.conf"
regexp: '^#?\s*log_connections\s*='
line: 'log_connections = on'
state: present

Ansible error on shell command returning zero

Ansible doesn't seem to be able to handle the result '0' for shell commands. This
- name: Check if swap exists
shell: "swapon -s | grep -ci dev"
register: swap_exists
Returns an error
"msg": "non-zero return code"
But when I replace "dev" with "type", which actually always occurs and gives a count of at least 1, then the command is successful and no error is thrown.
I also tried with command: instead of shell: - it doesn't give an error, but then the command is also not executed.
since you want to run a sequence of commands that involve pipe, ansible states you should use shell and not command, as you are doing.
So, the problem is the fact that grep returns 1 (didnt find a match on the swapon output), and ansible considers this a failure. Since you are well sure there is no issue, just add a ignore_errors: true and be done with it.
- name: Check if swap exists
shell: "swapon -s | grep -ci non_existent_string"
register: swap_exists
ignore_errors: true
OR:
if you want to narrow it down to return codes 0 and 1, instruct ansible to not consider failures those 2 rcs:
- name: Check if swap exists
shell: "swapon -s | grep -ci non_existent_string"
register: swap_exists
# ignore_errors: true
failed_when: swap_exists.rc != 1 and swap_exists.rc != 0
I found a better way. if you only need to know the record number this works:
- name: Check if swap exists
shell: "swapon -s | grep -i dev|wc -l"
register: swap_exists
Another way is to always use cat at the end of the pipe. See Ansible shell module returns error when grep results are empty
- name: Check if swap exists
shell: "swapon -s | grep -i dev|cat"
register: swap_exists
You can also parse the grep count result in awk and return your custom output. This will avoid the ignore_errors module.
- name: Check if swap exists
shell: "swapon -s | grep -ci dev" | awk '{ r = $0 == 0 ? "false":"true"; print r }'
register: swap_exists

Resources