I need to use the Ansible lineinfile module in such a way that it operates on a variable path. (This is for Ansible 2.5.2.) In this example the filename should depend on the version of PostgreSQL that is actually installed on a remote host (instead of a hardwired version 9.6):
- lineinfile:
path: /etc/postgresql/9.6/main/postgresql.conf
regexp: '^#?\s*log_connections\s*='
line: 'log_connections = on'
state: present
In bash I would use e.g. this expression for obtaining the version and the path:
/etc/postgresq/$(pg_lsclusters -h | awk '{print $1}' | head -n 1)/main/postgresql.conf
It apparently does not work verbatim as parameter path to Ansible's lineinfile module:
FAILED! => {"changed": false, "msg": "Destination
/etc/postgresq/$(pg_lsclusters -h | awk '{print $1}' | head -n
1)/main/postgresql.conf does not exist !", "rc": 257}
So my question is this: How can I form a variable path with Ansible in this use case?
This seems to work fine:
- name: Got it!
command: bash -c "pg_lsclusters -h | awk '{print $1; exit}'"
register: version
- set_fact: version='{{version.stdout}}'
- lineinfile:
path: "/etc/postgresql/{{version}}/main/postgresql.conf"
regexp: '^#?\s*log_connections\s*='
line: 'log_connections = on'
state: present
Related
Hi I am trying to get miniconda base path, to set the PATH but fail to get it, tried with shell and command , output getting as same input : "conda info | grep -i 'conda av data dir'|awk '{print $6}'"
-name: get_conda_path
shell: echo $(conda info | grep -i 'conda av data dir'|awk '{print $6}')
register: conda_path
- set_fact:
path: "{{conda_path.stdout}}"
Attached output image for the refrenceenter image description here
That's simply because of echo used as part of shell module.
When you remove echo, ansible executes conda info command & then applies the grep followed by awk..
- name: get_conda_path
shell: "conda info | grep -i 'conda av data dir'|awk '{print $6}'"
register: conda_path
- set_fact:
path: "{{conda_path.stdout}}"
I am trying to get all the users I created on the hosts machine. When I run the following command on terminal, I get all the users on the machine.
sudo getent passwd {1000..6000} | cut -d":" -f1
However when I try to run it using ansible, I get an error. I tried all like enquoting in double quotes, escaping the brackets, piping the output to cat etc but nothing is working.
---
- name: "run commands"
become: true
gather_facts: no
hosts: all
tasks:
- name: list all users
shell: getent passwd {1000..6000} | cut -d":" -f1
register: getent
- debug: var=getent.stdout_lines
Note that, per default, Ansible is using /bin/sh, as pointed in the synopsis of the command.
It is almost exactly like the ansible.builtin.command module but runs the command through a shell (/bin/sh) on the remote node.
Source: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html#synopsis
But sh won't interpret a sequence construct like {0..10}.
There are two ways you can overcome this:
Using seq rather:
- shell: getent passwd $(seq 1000 6000) | cut -d":" -f1
register: getent
Specifying to the shell task that you want it executed via bash:
- shell: getent passwd {1000..6000} | cut -d":" -f1
register: getent
args:
executable: /bin/bash
i'm new in Ansible
I would like to know if the value of PermitRootLogin = no in / etc / ssh / sshd_config
- hosts: RH7
tasks:
- name: read File
shell: cat /etc/ssh/sshd_config
register: PermitRootLogin no
help me pls
You can use something like this :
- hosts: RH7
tasks:
- name: read File
shell: awk '/#PermitRootLogin/ {print $2}' /etc/ssh/sshd_config
register: PermitRootLogin
- debug: msg="{{ PermitRootLogin.stdout }}"
cat /etc/ssh/sshd_config | awk '/#PermitRootLogin/ {print $2}' : This command will give you the output of PermitRootLogin from the file /etc/ssh/sshd_config.
We will save the value in PermitRootLogin variable and can see it using the debug command.
I want to execute this command with Ansible:
grep -v -P "^#" /etc/snort/community-sid-msg.map > /etc/snort/community-sid-msg-no-comments.map
I want to know what characters I have to include in my Ansible code:
- name: create file
command: "grep -v -P "^#" /etc/snort/community-sid-msg.map > /etc/snort/community-sid-msg-no-comments.map"
Wouldn't be better to use the copy and replace modules?
- copy:
src: /etc/snort/community-sid-msg.map
dest: etc/snort/community-sid-msg-no-comments.map
- replace:
path: etc/snort/community-sid-msg-no-comments.map
regexp: "^#[^\n]*\n"
Ansible doesn't seem to be able to handle the result '0' for shell commands. This
- name: Check if swap exists
shell: "swapon -s | grep -ci dev"
register: swap_exists
Returns an error
"msg": "non-zero return code"
But when I replace "dev" with "type", which actually always occurs and gives a count of at least 1, then the command is successful and no error is thrown.
I also tried with command: instead of shell: - it doesn't give an error, but then the command is also not executed.
since you want to run a sequence of commands that involve pipe, ansible states you should use shell and not command, as you are doing.
So, the problem is the fact that grep returns 1 (didnt find a match on the swapon output), and ansible considers this a failure. Since you are well sure there is no issue, just add a ignore_errors: true and be done with it.
- name: Check if swap exists
shell: "swapon -s | grep -ci non_existent_string"
register: swap_exists
ignore_errors: true
OR:
if you want to narrow it down to return codes 0 and 1, instruct ansible to not consider failures those 2 rcs:
- name: Check if swap exists
shell: "swapon -s | grep -ci non_existent_string"
register: swap_exists
# ignore_errors: true
failed_when: swap_exists.rc != 1 and swap_exists.rc != 0
I found a better way. if you only need to know the record number this works:
- name: Check if swap exists
shell: "swapon -s | grep -i dev|wc -l"
register: swap_exists
Another way is to always use cat at the end of the pipe. See Ansible shell module returns error when grep results are empty
- name: Check if swap exists
shell: "swapon -s | grep -i dev|cat"
register: swap_exists
You can also parse the grep count result in awk and return your custom output. This will avoid the ignore_errors module.
- name: Check if swap exists
shell: "swapon -s | grep -ci dev" | awk '{ r = $0 == 0 ? "false":"true"; print r }'
register: swap_exists