I have Cloudformation template in yaml format.
The template is rendered by Ansible Jinja2.
I need to find a way to add validation of some elements inside the template. Something like this ("if" statement is a pseudo code of what I want to get):
Parameters:
EnvironmentType:
Default: {{profile}}
Mappings:
Environments:
dev:
DbSnapshotArn: ""
test:
DbSnapshotArn: "AAA"
Type: AWS::RDS::DBInstance
Properties:
{% if Mappings.Environments.{{profile}}.DbInstanceClass %}
DBSnapshotIdentifier: !FindInMap [Environments, !Ref 'EnvironmentType', DbSnapshotArn]
{% endif %}
Is it possible?
Not if Mappings.Environments.{{profile}}.DbInstanceClass references something inside the template.
But if you define a variable like this:
Mappings:
Environments:
Dev:
DbInstanceClass: "..."
And another variable that contains the value of profile, then inside your template you can create an if statement like this:
{% if Mappings.Environments[profile].DbInstanceClass is defined %}
...
{% endif %}
See also:
Jinja2 Tests
Related
In my playbook, a JSON file is included using the include_vars module. The content of the JSON file is as given below:
{
"Component1": {
"parameter1" : "value1",
"parameter2" : "value2"
},
"Component2": {
"parameter1" : "{{ NET_SEG_VLAN }}",
"parameter2": "value2"
}
}
After the JSON file is included in the playbook, I am using uri module to sent an http request as given below:
- name: Configure Component2 variables using REST API
uri:
url: "http://0.0.0.0:5000/vse/api/v1.0/config/working/Component2/configvars/"
method: POST
return_content: yes
HEADER_x-auth-token: "{{ login_resp.json.token }}"
HEADER_Content-Type: "application/json"
body: "{{ Component2 }}"
body_format: json
As it can be seen, the body of the http request is send with the JSON data Component2. However, Jinja2 tries to substitute the {{ NET_SEG_VLAN }} in the JSON file and throws and undefined error. The intention is not to substitute anything inside the JSON file using Jinja2 and send the body as it is in http request.
How to prevent the Jinja2 substitution for the variables included from the JSON file?
You should able to escape the variable even with {{'{{NET_SEG_VLAN}}'}} to tell jinja not to template anything inside that block.
You should be able to escape the variable with {% raw %} and {% endraw %} to tell Jinja not to template anything inside that block.
!unsafe
From documentation at https://docs.ansible.com/ansible/2.10/user_guide/playbooks_advanced_syntax.html#unsafe-or-raw-strings:
When handling values returned by lookup plugins, Ansible uses a data type called unsafe to block templating. Marking data as unsafe prevents malicious users from abusing Jinja2 templates to execute arbitrary code on target machines. The Ansible implementation ensures that unsafe values are never templated. It is more comprehensive than escaping Jinja2 with {% raw %} ... {% endraw %} tags.
You can use the same unsafe data type in variables you define, to prevent templating errors and information disclosure. You can mark values supplied by vars_prompts as unsafe. You can also use unsafe in playbooks. The most common use cases include passwords that allow special characters like { or %, and JSON arguments that look like templates but should not be templated.
I am using it all the time, like this:
# Load JSON content, as a raw string with !unsafe
- tags: ["always"]
set_fact:
dashboard_content: !unsafe "{{ lookup('file', './dash.json') | to_json }}"
# Build dictionnary via template
- tags: ["always"]
set_fact:
cc: "{{ lookup('template', './templates/cm_dashboard.yaml.j2') | from_yaml }}"
## cm_dashboard.yaml.j2 content:
hello: {{ cc_dashboard_content }}
# Now, "cc" is a dict variable, with "hello" field protected!
I'm wondering if it's possible to use a Jinja2 {% if %} expression inside a vars file?
So say I have:
az:
az1: foo
az2: bar
az3: foobar
{% if az == az['az1'] %}
floating_ip_pool = bar
{% endif %}
Basically, I'm trying to avoid having to set these variables each time since they'll always be based on the az.
Thanks.
That's not valid syntax. A vars file must first be parsed as a YAML document, and introducing that Jinja syntax results in something that is no longer valid YAML.
You can do something like this instead:
az:
az1: foo
az2: bar
az3: foobar
floating_ip_pool: "{% if target_az == az['az1'] %}bar{% endif %}"
I have a Jinja2 template in Ansible and I need to include some files conditionally.
Basically, I have a for loop that includes "subparts" that might or might not be present. The following sample demonstrates the basic code that would work if all tools actually had a 'pbr.j2' file, but it crashes because Ansible cannot find some of the files:
{% for tool in tools %}
{% set template = 'tools/' + tool.name + '/pbr.j2' %}
{% include template %}
{% endfor %}
I have also tried the exists and is_file filters, but I always get "false" even when the file exists. Here is a sample code of what I have tried:
{% for tool in tools %}
{% set template = 'tools/' + tool.name + '/pbr.j2' %}
{% if template|exists %}
{% include template %}
{% endif %}
{% endfor %}
The result of this last sample is that no file gets included. If I replace exists with is_file, I get the same behavior.
What do I need to change to accomplish what I want?
I have found a solution to my problem: using ignore missing in the include directive.
In this case, I would use:
{% for tool in tools %}
{% set template = 'tools/' + tool.name + '/pbr.j2' %}
{% include template ignore missing %}
{% endfor %}
Ansible will ignore missing files and only the existing files from that loop will get included.
You are trying to use Ansible filters (exists, is_file) in a Jinja2 template. This works for templates processed by Ansible templating engine, but not for templates processed by the template module.
Jinja2 does not have capability to check the existence of a file, so you need to move your logic to Ansible.
For example: create a find task to search for directories in tools/, and provide an intersection of find-results list with tools list to Jinja2.
New to Jinja2 templating
I can iterate over a list using a for conditional which is simple enough but i am trying to do the below...
I have a variable that contains a un-ordered lists of values which are group names. I would like to access the group_names lists/variable and check if a specific item in this list exists and then perform an action if that value is found.
group_names: [ "groupname1", "groupname2", "groupname3", "groupname4"]
Sounds like you want:
{% if "somevalue" in group_names %}
whatever stuff
{% endif %}
http://jinja.pocoo.org/docs/2.9/templates/
I found Change variable in Ansible template based on group. However how do I extend the answer in groups with children?
If I extend the group vars file in the link above to
[host0]
host0.my-network.com
[host1]
host1.my-network.com
[es-masters:children]
host0
host1
How can I extend the above post's answer (shown below) to make it work with the group vars file above? Simply putting the FQDN in the jinja2 statement does not work.
{% if ansible_fqdn in groups['es-masters'] %}
node_master=true
{% else %}
node_master=false
{% endif %}
What you should do is:
Provide default in template
# role_name/templates/template.j2
node_master={{ role_name_node_master | default(true) }}
Than override in group_vars
# group_vars/es-masters.yml
role_name_node_master: false