When I use an Ansible variable with the src option of the slurp module, the slurp module fails.
I'm trying to build an Ansible playbook to copy the SSH public key from each node in the group to every other node in the group. I cannot use the Ansible lookup() function because that can lookup files only on the Ansible server. Instead, I build the path to the id_rsa.pub with the intent of slurp'ing into memory for the authorized_key function.
My problem is that when I specify an Ansible variable for the src for the slurp module, the playbook fails, even though it lists the correct path to the id_rsa.pub file. If I specify the path instead of using the variable, the slurp module works.
Here is my playbook:
# Usage: ansible-playbook copyPublicKey.yaml --limit <GRP> --extra-vars "userid=<userid>"
---
- hosts: all
remote_user: root
vars:
user_id: "{{ userid }}"
tasks:
- name: Determine the path to the public key file
shell: grep "{{ user_id }}" /etc/passwd | cut -d":" -f6
changed_when: false
register: user_home
- set_fact:
rsa_file: "{{ user_home.stdout_lines | to_nice_yaml | replace('\n', '') }}/.ssh/id_rsa.pub"
- debug:
msg: "Public key file - {{ rsa_file }}"
- slurp:
src: "{{ rsa_file }}"
register: public_key
- debug:
msg: "Public key: {{ public_key }}"
The invocation:
ansible-playbook copyPublicKey.yaml --limit DEV --extra-vars "userid=deleteme2"
The output of the slurp module:
TASK: [slurp ] ****************************************************************
failed: [hana-np-11.cisco.com] => {"failed": true}
msg: file not found: - /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub
failed: [hana-np-13.cisco.com] => {"failed": true}
msg: file not found: - /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub
failed: [hana-np-14.cisco.com] => {"failed": true}
msg: file not found: - /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub
failed: [hana-np-15.cisco.com] => {"failed": true}
msg: file not found: - /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub
failed: [hana-np-12.cisco.com] => {"failed": true}
msg: file not found: - /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub
FATAL: all hosts have already failed -- aborting
Yet if I specify the actual path in the slurp module:
- slurp:
src: /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub
I get the output I expect:
TASK: [slurp ] ****************************************************************
ok: [hana-np-11.cisco.com]
ok: [hana-np-12.cisco.com]
ok: [hana-np-15.cisco.com]
ok: [hana-np-14.cisco.com]
ok: [hana-np-13.cisco.com]
TASK: [debug ] ****************************************************************
ok: [hana-np-11.cisco.com] => {
"msg": "Public key: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBbHgzM0FUdGlLcWlrblQxMWorNjZKSXVFQW1OWWxZcDdCbHIwZXBzaWRuZ3NNYW9pMjNYL1Bjb0EvdnVxYmpxbmZ0Q1YzQmhUdURYQ3BYY0FwNDF5TEF5dlIvOW8xYi9mR2VtZWtlS296ZDh5Smh5VXFMR3IvMmJ6N0N2NFdaOWVqU0dyMFlzWGNjSFNDRmYzNmJreVBPNUg5NUdZdXpGMUV2RzVVcGM3YVNXWEVpM3JWVGJETEhBVC9YTk0veXhRUEMxRjB5Vi8yRkY1WDg4SXU5U0w2TGxrVnhsMUU3VkozTm40UEQrY3RUbGxFeno3enNETWxDbXpzMW5MaHROWnFuSXRZUkhMd21WUk5VcHJvYlpyUm1YMFJVYmIwNFNVbzdBbXpBNnZNcHR1OE1aUURzUGRMckMwYWxPWnZHMHpEUi9ReDlGalh6MVRXMld5WWhZNllRPT0gYW5zaWJsZS1nZW5lcmF0ZWQgb24gaGFuYS1ucC0xMQo=..."
}
ok: [hana-np-12.cisco.com] => {
"msg": "Public key: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBd2hPa0FqcEhwbUU4ZEkvemR6d0I1U0htZnlpdXljd2ZmK2lDNW9KaEN4aU5ST0ZKbnVyOFArWno2K2c4Qy8waUdkNGs1ZHIwcE9IY1liWHlMeDNObHhTTWN6RnowZWNSUnMzL1FOOEQzSnBtWlR6T0JaMm1SaG1FY0hGbS9uTkh5eUZyWXlPOHlQNWpqNmxiSUlwU0lMb1BZZGJvM1dxenBGZjhiaDFlVkhRTEo2citVZzNwcUhUeWRzRDZhY3Rtc1ZvWWUvdVV6WExiYkpKbUxxdi9ZeGU4ZW9aUmtONkVqNGtaVDBibDFYUktkM0xTQlZKMHRwa3A1bVgzekxMNGVvWVEzMzMzam1qd2MzU1dWSHVObVl1b1ZsRFEvSzdoR2lFVHd5YUM3VU9hQ29pcEVnUGl5b2o3U1JpNzZCenpxV2hXc2dIbHI0REM3U0p2WFpObk9RPT0gYW5zaWJsZS1nZW5lcmF0ZWQgb24gaGFuYS1ucC0xMgo=..."
}
ok: [hana-np-13.cisco.com] => {
"msg": "Public key: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBemFzeitlSW9OSnc2Q3psaVVSR2NQbnMyRkVWbDRtd1RqbDJrWkYxcC9uL0d1b3RPS01vMnR2RmQrN3JmY3YrN2VSZXNtM1lldXJzOXRCQXdSVDdvbXdjckpqUkJiM2Q3UHd3MnM1OTJjb0RjdFo3aE9vL3p4S1FCeWtjaXcvejJ3U1pKWUZKdnE4eFloWkxQNmxnK01uVW1Rd0JROURhREc3MVY2VFc5cFdSM0poYk5BZ2s4bWpBYlEyQk1kK2lWOGxoOUorcWIxbGE3RVVRRGZNaUM3R0ZKVmxJUVlpdm02Q045dGZOdnJGRlNaamZ6MEZKeXhQQWd1VW05d2NUMG9lUDdEQTJTVFNZQ0trQklvRmVuTUp3eFFzNDZSclJSenlBNlErN3I3Q3g5WnpPSlQ0OGgzQnpHQkNwYnhNd0R2L1RMNjRNTDN3UGxXVng5NGZvU2NRPT0gYW5zaWJsZS1nZW5lcmF0ZWQgb24gaGFuYS1ucC0xMwo=..."
}
ok: [hana-np-14.cisco.com] => {
"msg": "Public key: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBd3U5V3FaZHBmSjdUZkFhNkc2V05pTkpraWVjWllObjZ4Mno2WWo3eUhsdDBrVWhoYmVXZWR4and0Ukl5d0h2UUZCU2xoVVo2V1Vhc2w0RlZsdzcrOHRGVkVIMkkwTUQ1YjN5UGFrclFhVXdxZHZ6TDEvVXpQWkJjTGU0SENmTGdLNjAxaXdncXBvdUVoRjFEdjEvVHorcTFvU0dmTTFOVjFPOFBGc1pQVjRZbVpoTC9qTVZBNE5MUzFKdXRoS1VmZlo3TmJOSk42SmdWaE14UW8vQXZIZmZvYktDUGJ1VWxDTFE0cTV6VlVTWkxyV1p3VmdncU44MkVnd0xYS00xU0IvOVQ2YmFMVXZhaDVVN0s1QjEzR0pFVXJWek1NNWZ0clpwdEo4T1N3OXUvMHJLVXlzZ0hRcUZVM0ViN0JkVkUxQVdCRXFtaW1XRFdMV3hUclJmZ053PT0gYW5zaWJsZS1nZW5lcmF0ZWQgb24gaGFuYS1ucC0xNAo=..."
}
ok: [hana-np-15.cisco.com] => {
"msg": "Public key: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBdWwxTjlWQkNSU3QrOG5jdTRMVUlBb2hxUEkrWmRlcEtINHlhU1BBZWtETXdkaXpLVHZRSElXdC9iVkpXUzNma3BOYjVuTXFtMkR1eFZnKzBtZmRPTTk1Q2ZsUk00ZUNON05Jb25HQTQrUGVyOXRYdlNrdFU4U0huWERsZVNNa3dybUxnQ1dQN2lwbDRTdGt1SUNGaFh1NzBkOHBEN29IeW9BZVVWWVFuYzRkZldHQStVNU1SdWNSaC9mNWhhS25pN1hpRHZ0alVTaDJHN1RpMTlIdHBvYnlQdmdNSjVnRUt2OXRlWGJ3Qk14YXZicEFiRjJVOTRRTmorKzZOYTZIaWUweS9JQzVtWDRvSmgyb2Z6bGwybjA0MHdtQWRkQS9mY1d1L0IvR3FyOWNDZlhXK0hIUU95MEJoUXNBMk54K3A1RU4rbG1iREg1TUNHTW41Y0RLVEpRPT0gYW5zaWJsZS1nZW5lcmF0ZWQgb24gaGFuYS1ucC0xNQo=..."
}
What am I doing wrong? What don't I know about using Ansible variables?
slurp module fails because you provide it incorrect data -- the error message is:
msg: file not found: - /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub
Rephrasing:
The file named "- /usr/sap/DEV/home/deleteme2/.ssh/id_rsa.pub" cannot be found.
Quite obviously such a file with a hyphen and a space at the beginning does not exist and the error is valid.
The reason for malformed data is unnecessary to_nice_yaml filter on a user_home.stdout_lines list (hyphen is an element marker in YAML).
You can safely remove it and use the following:
---
- hosts: all
remote_user: root
vars:
user_id: "{{ userid }}"
tasks:
- name: Determine the path to the public key file
shell: grep "{{ user_id }}" /etc/passwd | cut -d":" -f6
changed_when: false
register: user_home
- slurp:
src: "{{ user_home.stdout_lines[0] }}/.ssh/id_rsa.pub"
register: public_key
- debug:
msg: "Public key: {{ public_key }}"
Elements of stdout_lines don't have trailing newlines, so replace('\n', '') is unnecessary, but as it is a list, even though south a single element, you need to address only the first element with [0].
Otherwise you could also get the value with user_home.stdout | replace('\n', '') }}/.ssh/id_rsa.pub.
In this case, the issue is related to incorrect file name (as mentioned by techraf).
But just a note about what I have experienced is that slurp also shows the same error "File not found" when the file resides in a directory whose permissions are not allowing ansible user to read content from it. Though, it should print permission related error but it shows instead "File not found" error.
Related
I am trying to extract the status (http) (Enabled/ Disabled) for each server and display it in the logs. It is able to check for http status but when I try to store it, it is giving following error.
- name: Check http status(yes or no)
shell: |
sshpass -p "{{ imc_prod_password }}" ssh -T -o StrictHostKeyChecking=no {{ imc_username }}#"{{ item.cimcNames }}" << EOL
scope http
show detail | grep Enabled
EOL
register: http_status
loop: "{{ user_list.list }}"
- debug:
msg: '{{ http_status.stdout_lines | select("Enabled") | list }}'
The command show detail gives following output
Enabled: no
Output - Line 59 points to - debug:
TASK [cimc_reip : Check http status(yes or no)] ********************************
changed: [hostname] => (item={'PreferredDNS': 'x.x.x.x', 'IPdetails': 'x.x.x.x', 'Alternate': 'x.x.x.x', 'id': '1', 'GWDetails': 'x.x.x.x', 'Subnetdetails': 'x.x.x.x', 'cimcNames': 'test-server-01-r'})
changed: [hostname] => (item={'PreferredDNS': 'x.x.x.x', 'IPdetails': 'x.x.x.x', 'Alternate': 'x.x.x.x', 'id': '2', 'GWDetails': 'x.x.x.x', 'Subnetdetails': 'x.x.x.x', 'cimcNames': 'test-server-02-r'})
TASK [cimc_reip : debug] *******************************************************
fatal: [hostname]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout_lines'\n\nThe error appears to be in '/builds/xxxxx/xxxx/playbooks/roles/cimc_reip/tasks/main.yml': line 59, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - debug:\n ^ here\n"}
As already mentioned in the comments you are registering the result set in a loop in one variable. You will get therefore an dictionary and in your example an error
The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout_lines'
The following test shows it
---
- hosts: localhost
become: false
gather_facts: false
vars:
USERNAME: ['test'] # list
PASSWORD: 'password'
target_host: "test.example.com"
tasks:
- name: Check http status
shell: |
sshpass -p '{{ PASSWORD }}' ssh -T -o StrictHostKeyChecking=no {{ item }}#"{{ target_host }}" << EOF
sudo lsof -Pi TCP
EOF
register: http_status
loop: "{{ USERNAME }}" # list
- debug:
msg: "{{ http_status | type_debug }}"
resulting into an output of
TASK [debug] ************
ok: [test.example.com] =>
msg: dict
You can loop over the http_status.results list in the dictionary as follow
- name: Show result
debug:
msg: "{{ item.stdout_lines }}"
loop: "{{ http_status.results }}" # list
loop_control:
label: "{{ item.item }}" # with USERNAME looped over to limit the displayed output
resulting into an output of
TASK [Show result] *****************************************************************************
ok: [test.example.com] => (item=test) =>
msg:
- COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
- httpd 384 root 19u IPv4 12345678 0t0 TCP test.example.com:443 (LISTEN)
So, I have this list:
ip_range:
- "1.x.x.x/24"
- "2.x.x.x/24"
And I'm trying to pass it on to an AWS cli command as a valid JSON:
- name: list of IPs
set_fact:
allowed_cidrs: "{{ ip_range | ipaddr('network/prefix') }}"
- debug:
msg: "{{ allowed_qualys_cidrs | to_json }}"
- name: send command
command: >
aws wafv2 update-ip-set
--addresses "{{ allowed_cidrs | to_json }}"
That debug prints:
["1.x.x.x/24", "2.x.x.x/24"]
But what the command tries to send is:
"cmd": [
"aws",
"wafv2",
"update-ip-set",
"--addresses",
"[1.x.x.x/24, 2.x.x.x/24]",
]
Which, because the double quotes are gone, is not a valid JSON.
I already tried every possible approach with Ansible and Jinja2, but I can't figure out a way to send that command with a valid JSON.
Use single quotes in your command rather than double quotes:
- name: list of IPs
set_fact:
allowed_cidrs: "{{ ip_range | ipaddr('network/prefix') }}"
vars:
ip_range:
- "1.1.1.1/24"
- "2.2.2.2/24"
- name: send command
command: >-
aws wafv2 update-ip-set
--addresses '{{ allowed_cidrs | to_json }}'
register: _cmd
- debug:
var: _cmd.cmd
Yields:
TASK [list of IPs] **********************************************************
ok: [localhost]
TASK [send command] *********************************************************
changed: [localhost]
TASK [debug] ****************************************************************
ok: [localhost] => {
"_cmd.cmd": [
"aws",
"wafv2",
"update-ip-set",
"--addresses",
"[\"1.1.1.0/24\", \"2.2.2.0/24\"]"
]
}
I would like to pass a particular value as an input to the URI from the JSON body. But i am getting an error as below. Please find below code and expectation is to put the netid = 12345 in the
place of netid in the URL as {{ api_uri }}/networks/12345/appliance
Error:
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'rules'\n\nThe error appears to be in '/***/firewallrules.yml': line 35, column 10, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Firewall rule update\n ^ here\n"}
URI Task:
- name: Firewall rule update
uri:
method: PUT
url: "{{ api_uri }}/networks/{{ netid(from firewall.json) }}/appliance"
body: "{{ lookup('file', 'firewall.json') | from_json }}"
body_format: json
register: firewallresults
ignore_errors: yes
Firewall(JSON input to API):
{
"rules": [
{
"comment": "Test1.",
"destCidr": "x.x.x.x/24",
"srcCidr": "y.y.y.y/24",
"netid":"12345"
},
{
"comment": "Test2",
"destCidr": "a.a.a.a/24",
"srcCidr": "b.b.b.b/24",
"netid":"12345"
} ]
}
The error message reports AnsibleUnsafeText object' has no attribute 'rules' ... The error appears to be in '/***/firewallrules.yml' but I cant find anything about .rules or firewallrules.yml in your description.
In respect to the minimal information
I would like to pass a particular value as an input to the URI from the JSON body. ... need a solution to get the netid from my input JSON ... which will be used in the API URI
it seems that your URI task and URL parameter are misconstructed. I've created a debugging task to get a better understanding of the use case.
---
- hosts: localhost
become: false
gather_facts: false
vars:
BODY: "{{ lookup('file', 'firewall.json') | from_json }}"
tasks:
- name: Show BODY
debug:
msg: "{{ BODY }}"
- name: Show first 'netid' for URL
debug:
var: BODY.rules[0].netid
- name: Show all 'netid's for URL
debug:
msg: "{{ item.netid }}"
loop: "{{ BODY.rules }}"
Resulting into an output of
TASK [Show first 'netid' for URL] ***
ok: [localhost] =>
BODY.rules[0].netid: '12345'
TASK [Show all 'netid's for URL] ***
ok: [localhost] => (item={u'comment': u'Test1.', u'destCidr': u'x.x.x.x/24', u'netid': u'12345', u'srcCidr': u'y.y.y.y/24'}) =>
msg: '12345'
ok: [localhost] => (item={u'comment': u'Test2', u'destCidr': u'a.a.a.a/24', u'netid': u'12345', u'srcCidr': u'b.b.b.b/24'}) =>
msg: '12345'
I have a variable that is set from a Tower survey and I am using it to retrieve an associated IP address in netbox. I am not able to get it to match when I use square brackets and when I use {{ or ' or " everything is matched and my whole IPAM database is returned.
vars:
location: "{{ LOCATION }}"
c_description: "{{CIRCUIT_DESC}}"
prefix_length: "{{PREFIX}}"
tasks:
- name: "Print IP"
debug:
msg: "{{ query('netbox.netbox.nb_lookup', 'ip-addresses', api_filter= 'description=
[c_description]', api_endpoint='http://netbox', token='', validate_certs='False') }}"
Here is my output:
TASK [Print IP] ****************************************************************
ok: [localhost] => {
"msg": []
}
Solved in another forum using a tilda:
- name: "Print IP"
debug:
msg: "{{ query('netbox.netbox.nb_lookup', 'ip-addresses', api_filter='description=' ~ c_description,
api_endpoint='http://netbox.', token='', validate_certs='False') }}"
Here is my play:
- name: Tag ec2 instances
hosts: localhost
tasks:
- name: Print Hosts
debug: var=hostvars[item]['ec2_id']
with_inventory_hostnames: all
- name: Print Hosts 2
debug: msg={{hostvars[item]['ec2_id']}}
with_inventory_hostnames: all
- name: Tag Hosts
ec2_tag:
resource: "{{ hostvars[item]['ec2_id'] }}"
region: ap-southeast-2
args:
tags: {mytag: 'myvalue'}
with_inventory_hostnames: all
Can anyone explain why the second task fails with the following error while the first one is successful?
...
ok: [localhost] => (item=172.31.11.37) => {
"hostvars[item]['ec2_id']": "i-xxxxxx",
"item": "172.31.11.37"
}
TASK [Print Hosts 2] ***********************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "'dict object' has no attribute 'ec2_id'"}
debug module with var=hostvars[item]['ec2_id'] will not fail if anything to the right of equal sign is undefined.
While msg={{hostvars[item]['ec2_id']}} will fail if the part in braces can't be templated.
In your example this may fail for localhost because I'm almost sure that ec2_id is not defined for localhost.
To avoid this, you can apply when statement to your loop, as follows:
- name: Print Hosts 2
debug: msg={{hostvars[item]['ec2_id']}}
when: hostvars[item]['ec2_id'] is defined
with_inventory_hostnames: all