Ansible yum disablerepo does not work if repo is not installed - ansible

I have a number of different Centos7 servers running. I like to use ansible to update them all at once.
As one of my servers has an additional repository enabled, which I do not want to update. I've added to the playbook the option to disable this repo. This works as expected.
However, on my other servers, I did not install and enable this repo. When using the disablerepo in my ansible playbook, I get an error: repository not found.
How do I solve this in the ansible-playbook? Is it possible to add an condition like, if repo installed; then disablerepo; else do nothing?
Is it possible to ignore these errors?
ansible-playbook:
---
- hosts: [all]
tasks:
- name: update all packages to lastest version
yum:
name: '*'
state: latest
disablerepo: sernet-samba-4.2

you can put ignore_errors: yes as in the link from the comment, or you can put when, only if certain package is installed, sure you have to register them to variables first, I'm thinking something like:
- name: check if installed
shell: rpm -qa sernet-samba-4.2
register: is_installed
- name: update all packages to lastest version
yum:
name: '*'
state: latest
disablerepo: sernet-samba-4.2
when: is_installed.rc == 1
Warning: Untested.

After a day of research in internet and experiments finally found a solution that worked. Try to use wildcard.. then it will not fail when repo is missing.
yum:
name: ''
state: latest
disablerepo: sernet-samba

Related

Ansible: 'shell' not executing

I'm trying to run a shell command to install a package downloaded from my local Artifactory repository, as I don't have access to download it straight from the internet.
When I run the command directly on the node as such
rpm -ivh kubectl-1.1.1.x86_64.rpm --nodigest --nofiledigest
It works perfectly.
But then put in Ansible playbook as such
- name: Install Kubectl
shell: rpm -ivh kubectl-1.1.1.x86_64.rpm --nodigest --nofiledigest
Nothing happens.
It doesn't error.. It just doesn't install.
I've tried the command and ansible.builtin.shell module as well, but nothing works.
Is there a way to do this please?
There are different topics in your question.
Regarding
to install a package downloaded from my local Artifactory repository, as I don't have access to download it straight from the internet.
you can use different approaches.
1. Direct download
- name: Make sure package becomes installed from internal repository
yum:
name: https://{{ REPOSITORY_URL }}/artifactory/kube/kubectl-{{ KUBE_VERSION }}.x86_64.rpm
state: present
2. Configure local repository
The next one is to provide a .repo template file like
[KUBE]
name = Kubectl - $basearch
baseurl = https://{{ REPOSITORY_URL }}/artifactory/kube/
username = {{ API_USER }}
password = {{ API_KEY }}
sslverify = 1
enabled = 1
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-KUBE
and to perform
- name: Make sure package becomes installed from internal repository
yum:
name: kubectl
state: present
This is possible because JFrog Artifactory can provide local RPM repositories if configured correctly. For more information you research the documentation there since it is almost only about proper configuration.
Regarding
Nothing happens. It doesn't error.. It just doesn't install.
you can use several task to split up your steps, make them idempotent and get an better insight how they are working.
3. shell, rpm and debug
- name: Make sure destination folder for package download (/opt/packages) exists
file:
path: "/opt/packages/"
state: directory
- name: Download RPM to remote hosts
get_url:
url: "https://{{ REPOSTORY_URL }}/artifactory/kube/kubectl-{{ KUBE_VERSION }}.x86_64.rpm"
dest: "/opt/packages/kubectl-{{ KUBE_VERSION }}.x86_64.rpm"
- name: Check package content
shell:
cmd: "rpm -qlp /opt/packages/kubectl-{{ KUBE_VERSION }}.x86_64.rpm"
register: rpm_qlp
- name: STDOUT rpm_qlp
debug:
msg: "{{ rpm_qlp.stdout.split('\n')[:-1] }}"
- name: Install RPM using 'command: rpm -ivh'
shell:
cmd: "rpm -ivh /opt/packages/kubectl-{{ KUBE_VERSION }}.x86_64.rpm"
register: rpm_ivh
- name: STDOUT rpm_ivh
debug:
msg: "{{ rpm_ivh.stdout.split('\n')[:-1] }}"
Depending on the RPM package, environment and configuration, all may just work good.
Try use command module and register the output i use it to install oci8 by pecl for oracle database on linux

Ansible dnf double disable repo?

I am looking to disable all repos through ansible then enable certain repos that contain the key words, then disable specific repos that got enabled when enabling the repo.
so something like this:
- name: Install all updates and Reboot RHEL8
dnf:
name: '*'
state: latest
disablerepo: "*"
enablerepo: test-8*
disablerepo: "test-8-for-x86_64-eus-rpms, test-8-for-x86_64-eus-rpms, test-8-for-x86_64-eus-rpms"
update_cache: yes
when:
- ansible_distribution_major_version == "8"
but when I run the playbook it does not seem to work, is there a way to make this work?
any help will be appreciated.

Install apache2 sqlite3 git - Ansible Loop

I have read all the similar questions here and yet I don't see a solution that fixed my issue.
This is my code:
---
- name: install apache2, sqlite3, git
tasks:
- name: Install list of packages
apt:
name: "{{ item }}"
state: installed
with_items:
- apache2
- sqlite3
- git
Here is the error:
ERROR! unexpected parameter type in action: <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
The error appears to be in '/projects/challenge/fresco_loops/tasks/main.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
---
- name: install apache2, sqlite3, git
^ here
I am not really an ansible expert and this is just one of the trainings we have to take. Thank you in advance.
firstly the best way to install multiple packages is shown below:
---
- name: install apache2, sqlite3, git
hosts: localhost # run locally
become: yes
tasks:
- name: Install list of packages
apt:
state: present
name:
- apache2
- sqlite3
- git
And a couple of final points:
"installed" is not a valid option for apt, try "present".
package installation requires sudo (become: yes).
To run the code above, which is locally on the node where the playbook sits, you need to use the command: ansible-playbook playbook.yml --ask-become-pass and enter the sudo password when prompted.
Secondly when I tried to run your code I got the following error
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['apache2', 'sqlite3',
'git']` and remove the loop. This feature will be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
failed: [localhost] (item=['apache2', 'sqlite3', 'git']) => {"ansible_loop_var": "item", "changed": false, "item": ["apache2", "sqlite3", "git"], "msg": "value of state must be one of: absent, build-dep, fixed, latest, present, got: installed"}
When using Ansible 2.9.6, if you are using a different version that might explain it? Its always worth telling people what version you are using, in case the problem is version-specific.
Otherwise your code snippet is not representative of what is actually giving you the error.

Adding NewRelic PHP agent via Ansible

I've been trying to install NewRelic agent for PHP on Amazon Linux 2 the "ansible way", but I cannot get it to work with either rpm_key or yum_repository. I've also tried just copying the repo file to /etc/yum.repos.d/newrelic.repo, but it's supposed to use a GPG key and the only one I found is 548C16BF.gpg and at that point I felt this was getting to hacky.
My current setup is:
- name: add the new relic repository
# noqa 303
command: rpm -Uvh http://yum.newrelic.com/pub/newrelic/el5/x86_64/newrelic-repo-5-3.noarch.rpm
but that doesn't sit well with ansible-lint (hence the rule exception).
Am I missing something here or maybe my preconception of what the "ansible-way" would be is incorrect. Asking for a friend (with a lot of Ansible experience).
To add the GPG key:
- name: Adding RPM key
rpm_key:
state: present
key: https://download.newrelic.com/548C16BF.gpg
and Add the repository:
- name: Add repository
yum_repository:
name: rewrelic
description: Newrelic YUM repo
baseurl: http://yum.newrelic.com/pub/newrelic/el5/x86_64/newrelic-repo-5-3.noarch.rpm
Finally install the yum:
- name: install Rewrelic
yum:
name: rewrelic
state: present

package installation not considered in playbook

I got some trouble with automating an installation using ansible.
I use this role (https://github.com/elastic/ansible-elasticsearch) to install elasticsearch on my ubuntu 16.04 server.
The role depends on the package python-jmespath, as mentioned in the documentation.
The role DOES NOT install the package itsself, so i try to install it before role execution.
- hosts: elasticsearch_master_servers
become: yes
tasks:
- name: preinstall jmespath
command: "apt-get install python-jmespath"
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: yes
- hosts: elasticsearch_master_servers
become: yes
roles:
- role: elastic.elasticsearch
vars:
...
When running the playbook i expect the python-jmespath package to be installed before execuction of role takes place, but role execution fails with
You need to install \"jmespath\" prior to running json_query filter"
When i check if the package is installed manually using dpkg -s python-jmespath i can see the package is installed correctly.
A second run of the playbook (with the package already installed) doesnt fail.
Do I miss an ansible configuration, that updates the list of installed packages during the playbook run ?
Am I doing something wrong in general ?
Thanks in advance
FWIW. It's possible to tag installation tasks and install the packages in the first step. For example
- name: install packages
package:
name: "{{ item.name }}"
state: "{{ item.state|default('present') }}"
state: present
loop: "{{ packages_needed_by_this_role }}"
tags: manage_packages
Install packages first
shell> ansible_playbook my-playbook.yml -t manage_packages
and then run the playbook
shell> ansible_playbook my-playbook.yml
Notes
This approach makes checking of the playbooks with "--check" much easier.
Checking idempotency is also easier.
With tags: [manage_packages, never] the package task will be skipped when not explicitly selected. This will speed up the playbook.

Resources