Develop Reference

Conditional when win_service exists?

I'm creating playbook to install fluentbit on windows hosts. Everything is working properly but i'm getting error when creating service, it doesn’t fail the install as then everything is already in place but I would like to figure out how I could leverage conditionals. Could you help me with this? :)
My adhoc test-play where I've tried to parse results from ansible.windows.win_service_info module is as follows:
---
- name: Check Windows service status
hosts: win
gather_facts: True
tasks:
- name: Check if a service is installed
win_service:
name: fluent-bit
register: service_info
- debug: msg="{{service_info}}"
- name: Get info for a single service
ansible.windows.win_service_info:
name: fluent-bit
register: service_info
- debug: msg="{{ service_info }}"
- name: Get info for a fluent-bit service
ansible.windows.win_service_info:
name: logging
register: service_exists
- debug: msg="{{ service_exists }}"
- name: Send message if service exists
debug:
msg: "Service is installed"
when: service_exists.state is not defined or service_exists.name is not defined
- name: Send message if service exists
debug:
msg: "Service is NOT installed"
when: service_exists.state is not running
I just don’t get it how I could parse output so that I could skip task when fluent-bit -service exists = True like here:
TASK [debug] *****************************************************************************************
ok: [win-server-1] => {
"msg": {
"can_pause_and_continue": false,
"changed": false,
"depended_by": [],
"dependencies": [],
"description": "",
"desktop_interact": false,
"display_name": "fluent-bit",
**"exists": true,**
"failed": false,
"name": "fluent-bit",
"path": "C:\\fluent-bit\\bin\\fluent-bit.exe -c C:\\fluent-bit\\conf\\fluent-bit.conf",
"start_mode": "manual",
"state": "stopped",
"username": "LocalSystem"
}
}
Cheers :)

So, got it working as I wanted with service_info.exists != True, now it will skip the task if service is already present.

ansible - cant set wallpaper in xfce4 with xfconf "failed to init libxfconf "

I try to set a wallpaper on Debian Systems with ansible on xfce4 desktops. For this I looked up the official documentation: https://docs.ansible.com/ansible/latest/collections/community/general/xfconf_module.html
My Task:
- name: set wallpaper
become_user: odin
xfconf:
channel: "xfce4-desktop"
property: "/backdrop/screen0/{{item}}/image-path"
value_type: "string"
value: ['/usr/share/backgrounds/xfce/802192.jpg']
loop:
- monitor0
- monitor1
- monitorDP-1
- monitoreDP-1
I receive the following error:
XFConfException: xfconf-query failed with error (rc=1): Failed to init libxfconf: Error spawning command line “dbus-launch --autolaunch=2e66f568a1c34fda92dcec58e724b679 --binary-syntax --close-stderr”: Child process exited with code 1.
failed: [localhost] (item=monitoreDP-1) => {
"ansible_loop_var": "item",
"changed": false,
"invocation": {
"module_args": {
"channel": "xfce4-desktop",
"force_array": false,
"property": "/backdrop/screen0/monitoreDP-1/image-path",
"state": "present",
"value": [
"/usr/share/backgrounds/xfce/802192.jpg"
],
"value_type": [
"string"
]
}
},
"item": "monitoreDP-1",
"msg": "Module failed with exception: xfconf-query failed with error (rc=1): Failed to init libxfconf: Error spawning command line “dbus-launch --autolaunch=2e66f568a1c34fda92dcec58e724b679 --binary-syntax --close-stderr”: Child process exited with code 1.",
"output": {
"ansible_facts": {
"xfconf": {}
},
"cmd_args": [
"/usr/bin/xfconf-query",
"--channel",
"xfce4-desktop",
"--property",
"/backdrop/screen0/monitoreDP-1/image-path"
],
"force_lang": "C",
"rc": 1,
"stderr": "Failed to init libxfconf: Error spawning command line “dbus-launch --autolaunch=2e66f568a1c34fda92dcec58e724b679 --binary-syntax --close-stderr”: Child process exited with code 1.\n",
"stdout": ""
},
"vars": {
"cmd_args": [
"/usr/bin/xfconf-query",
"--channel",
"xfce4-desktop",
"--property",
"/backdrop/screen0/monitoreDP-1/image-path"
]
}
}
I thought about copying the xml config for xfce4-desktop on to every machine, but not every machine has the same screen "monitor" property.

Got it to work. Seems like running the task as root was doing the trick.

The xfce modification works as root for me as well with the following approach:
- name: Copy wallpaper file
copy:
src: files/wallpaper.jpg
dest: /usr/share/backgrounds/xfce/debian-wallpaper.jpg
owner: root
group: root
when: ansible_distribution == "Debian"
- name: Change wallpaper
become: true
xfconf:
channel: xfce4-desktop
property: /backdrop/screen0/monitoreDP-1/workspace0/last-image
value: ["/usr/share/backgrounds/xfce/debian-wallpaper.jpg"]
value_type: string
when: ansible_distribution == "Debian"
This will configure the xfce files in /root/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml though.
I was not able to do it for another user USERNAME, besides with this workaround:
- name: Copy xfce4 desktop xml files from root to user
copy:
src: /root/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
dest: /home/USERNAME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
owner: USERNAME
group: USERNAME
force: yes
when: ansible_distribution == "Debian"
If anybody know how to use xfconf module in a better way to overcome this workaround, please let me know.

Ansible playbook not looping through device_list

I am trying to loop variables into a playbook, but I keep getting the following error
TASK [Add policy package to model device] ********************************************************************************************************************************************************************
failed: [fmg01] (item={'device_name': 'FGT1', 'device_ip': '192.168.0.103', 'group_name': 'Branch_Office', 'policy_package': 'default', 'device_serial': 'FGVM01TM12345678'}) => {"ansible_loop_var": "item", "changed": false, "item": {"device_ip": "192.168.0.103", "device_name": "FGT1", "device_serial": "FGVM01TM12345678", "group_name": "Branch_Office", "policy_package": "default"}, "meta": {"status": {"code": -10, "message": "The data is invalid for selected url"}, "url": "/pm/pkg/adom/root"}, "unreachable": false}
Below is my YML playbook. It works just fine when I use static variables (write out a single IP address and serial number as a string)
---
- name: Add model device to FMG and install Policy Package
hosts: fmg01
# gather_facts: no
connection: httpapi
collections:
- fortinet.fortimanager
vars_files:
- inventory.yml
tasks:
- name: Add model device
fmgr_dvm_cmd_add_device:
loose_validation: true
method: exec
params:
- data:
adom: root
device:
# device action: add_model
mgmt_mode: 'fmg'
#os_ver: 6
#mr: 4
sn: '{{item.device_serial}}'
adm_pass: 'password'
adm_usr: 'admin'
ip: '{{item.device_ip}}'
loop: '{{device_list}}'
- name: Add policy package to model device
fmgr_pm_pkg_adom_obj:
loose_validation: true
method: set
url_params:
adom: root
params:
- data:
name: default
scope member:
- name: '{{item.device_serial}}'
vdom: root
type: pkg
loop: '{{device_list}}'
- name: Install policy package to model device
fmgr_securityconsole_install_package:
loose_validation: true
method: exec
params:
- data:
adom: root
pkg: default
scope:
- name: '{{item.device_serial}}'
vdom: root
loop: '{{device_list}}'
Here is my inventory.yml file. I tested this ok with the first task. It passed in the IP address in ok. I tested the other tasks with the device_serial parameter, but that did not work.
#feeds into playbook
#add_device / add_device_group
device_list:
- device_name: FGT1
device_ip: '192.168.0.103'
group_name: Branch_Office
policy_package: default
device_serial: 'FGVM01TM12345678'

Problem turned out to be an indention problem with the params portion
- name: Add policy package to model device
fmgr_pm_pkg_adom_obj:
loose_validation: true
method: set
url_params:
adom: root
params:
- data:
name: default
scope member:
- name: '{{item.device_serial}}'
vdom: root
type: pkg
loop: '{{device_list}}'

Ansible: get docker container output during container creation

I'm trying to create a docker container which generates a secretkey using Ansible, but the docker_container doesn't seem to return the container output.
If I ssh into the server and run
root#localhost:~# docker run --rm sentry-onpremise config generate-secret-key
I get the desired output. A secret key such as this
q16w8(5s9_+%4#z8m%c%0uzb&agf0pn+6zfocraponasww&r)f
But if I try to run the same command using an Ansible playbook, the docker container is executed, but no value is returned:
...
- name: Cria secret key para utilizacao em passos seguintes
docker_container:
name: sentry-key-generator
cleanup: True
image: sentry-onpremise
command: config generate-secret-key
register: saida
tags:
- debug
- fail:
msg: "Valor de saida: {{ saida }}"
tags:
- debug
...
fatal: [45.56.93.133]: FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"msg": "Valor de saida: {u'changed': True, u'ansible_facts': {}}"
},
"module_name": "fail"
},
"msg": "Valor de saida: {u'changed': True, u'ansible_facts': {}}" }
Is this a limitation with the docker_container module? Do I have to setup any other configuration in docker or ansible to get the container output?

This is a bug that was introduced in Ansible 2.2.x, that strips ansible_docker_container away from results.
See:
https://github.com/ansible/ansible/issues/22323
https://github.com/ansible/ansible/issues/20543
Patch:
https://github.com/ansible/ansible/pull/22324/files
The fix is to be released with Ansible 2.3.x

Why is this basic ansible playbook throwing an error?

I am trying to understand how ansible playbooks are structured and I am failing at a basic example:
---
- hosts: all
tasks:
# update dependencies
- name: install apt dependencies
apt: name={{ item }}
with_items:
- python3-arrow
- python3-netifaces
- python3-requests
- python3-docopt
- name: install pip3 dependencies
pip: name=scapy-python3 executable=pip3
# install service
- name: copy source file
copy: src=honeysyn.py dst=/opt/sentinel-honeysyn/honeysyn.py
- name: copy service file
copy: src=honeysyn.service dst=/etc/systemd/system/honeysyn.service mode=0644
- name: install service, restart and enable
systemd:
name: honeysyn
daemon_reload: yes
enabled: yes
started: yes
The error is:
The offending line appears to be:
copy: src=honeysyn.service dst=/etc/systemd/system/honeysyn.service mode=0644
- name: install service, restart and enable
^ here
I checked the consistency of the YAML file and the JSON output makes sense:
[
{
"tasks": [
{
"name": "install apt dependencies",
"apt": "name={{ item }}",
"with_items": [
"python3-arrow",
"python3-netifaces",
"python3-requests",
"python3-docopt"
]
},
{
"pip": "name=scapy-python3 executable=pip3",
"name": "install pip3 dependencies"
},
{
"copy": "src=honeysyn.py dst=/opt/sentinel-honeysyn/honeysyn.py",
"name": "copy source file"
},
{
"copy": "src=honeysyn.service dst=/etc/systemd/system/honeysyn.service mode=0644",
"name": "copy service file"
},
{
"systemd": {
"started": true,
"enabled": true,
"name": "honeysyn",
"daemon_reload": true
},
"name": "install service, restart and enable"
}
],
"hosts": "all"
}
]
I found out that the errors are often very much off the real bug (I had the same case as above, but it was an extra space after a = in a completely different place) - thus the whole playbook.
What is wrong with this playbook?

The systemd module that you are attempting to use is present in Ansible 2.2 (which is not released as far as I know) and hence will not work with any of the currently available Ansible versions.
https://docs.ansible.com/ansible/systemd_module.html

As #Amit pointed out, it's not released yet.
Ansible seems to have a very zealous documentation release schedule, which sometimes outstrips the release of the actual supporting code :-)
Maybe try the service module instead for now, something like this should work:
- name: install service, enable and start
service:
name: honeysyn
enabled: yes
state: started