Develop Reference

Ansible condtional statement with stdout and variable

I am trying to use a condition to verify the MD5_hash value from the std output with the stored value in the host file.
- block:
- name: Install OS
nxos_install_os:
provider: "{{ creds }}"
system_image_file: "{{bin}}"
issu: no
timeout: 500
when: md5_result.stdout[0] == "{{ MD5_Hash }}"
[WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found:
md5_result.stdout[0] == "{{ MD5_bin5 }}"
I found a suggestion of using [] instead of {{}}, but I am just getting the condition result is FALSE.
Please suggest.

ansible jinja2 template delimiters failed if using 'when'

I have this code, where the first task fails and the second task produces the following warning:
[WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: {{ VRF }} == 17
I am assuming this warning and the failure of the first task are happening for the same reason. From what I understand, the variables are different types. How do I fix this?
---
- name: PE_CE
hosts: localhost
tasks:
- include_vars: /opt/netsec/ansible/orchestration/capabilities/PE_CE/PE_CE_1.yml
- name: Build PE config Cisco
template:
src=/opt/netsec/ansible/orchestration/cisco_templates/PE_CE_CISCO_config_PE.j2
dest=/opt/netsec/ansible/orchestration/config_outputs/new/{{PE_HOSTNAME}}
when: "{{ PX_HOSTNAME }} == None"
- name: Build CE config Cisco
template:
src=/opt/netsec/ansible/orchestration/cisco_templates/PE_CE_CISCO_config_CE.j2
dest=/opt/netsec/ansible/orchestration/config_outputs/new/{{CE_HOSTNAME}}
when: "{{ VRF }} == 17"
What I really want to do is when: "{{ VRF }} == 17" and "{{ PX_HOSTNAME }} == None", or something like {{ PX_HOSTNAME }}|length < 1"

You do not need {{ and }} with when. Do it like this:
when: PX_HOSTNAME == "None" and when: VRF == "17"
Here is some documentation
when: PX_HOSTNAME == "None" will check if PX_HOSTNAME contains the string "None".
If you want to run the task if it is empty, do when: not PX_HOSTNAME or if you want to run the task it it is not empty, do when: PX_HOSTNAME.
You can use the length as well: when: PX_HOSTNAME|length > 0

How to use ansible when condition when string contains '#'

I am writing playbook to check user principal in kerberos servers. If principal exists it should skip task and if not it should create user principal. I am not sure how to use string with when condition I am trying below but getting errors
"ERROR! Syntax Error while loading YAML.
expected <block end>, but found '<scalar>'
The error appears to be in '/home/revyas/RHELProjects/Atlas/eda-datalake/playbooks/provision-emr.yml': line 42, column 31, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
stat:
path: "{{ user_dir }}"/"{{ keytab_name }}"
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
Playbook:
- name: Check if user principals exist
command: 'kadmin -w "{{ emr_kdc_admin_password }}" -p kadmin/admin listprincs'
register: user_princs
delegate_to : "{{ emr_kerberos_master }}"
tags: "emr_acct"
- name: Create user kerberos principal if not exist
command: 'kadmin -w {{ emr_kdc_admin_password }} -p kadmin/admin addprinc -randkey {{ kerberos_username }}#{{ emr_kerberos_realm }}'
when: "{{ kerberos_username }}#{{ emr_kerberos_realm }}" not in user_princs.stdout
delegate_to: "{{ emr_kerberos_master }}"
tags: "emr_acct"
User principal from kdc have format given below:
emr-test1-aren-reetika#abd.xyz.com
emr-test-aren#bd.xyz.com
emr-test-integration-test#bd.xyz.com

For the first cited issue, yaml doesn't behave like python or shell which automatically concatenate string literals together
You'll want:
stat:
path: "{{ user_dir }}/{{ keytab_name }}"
And the second error is because yaml believes the leading " is the start of a YAML literal, but in fact it's the start of a Jinja2 literal, thus:
when: '"{{ kerberos_username }}#{{ emr_kerberos_realm }}" not in user_princs.stdout'
Or you can use any of the scalar folding syntaxes, if you prefer that:
when: >-
"{{ kerberos_username }}#{{ emr_kerberos_realm }}"
not in user_princs.stdout

when: "{{ kerberos_username }}#{{ emr_kerberos_realm }}" not in user_princs.stdout
change to
when: "{{ kerberos_username }}\\#{{ emr_kerberos_realm }}" not in user_princs.stdout

Ansible condition on dictionary item

I have one dictionary list defined:
members_list:
any:
name: any
username: any
anyone:
name:
username: anyone
In my Ansible playbook, I am running multiple docker containers:
docker_container:
name: "{{ item.key }}"
when: "{{ item.key }} != any"
with_dict: "{{ members_list }}"
But I am getting following error:
The conditional check '{{ item.key }} != any' failed. The
error was: error while evaluating conditional ({{ item.key
}} != any): 'any' is undefined
When I run the playbook without when conditional operator it works fine.
Thanks in advance.

You need to quote the word any, because otherwise it is interpreted as a variable reference. Also, you don't need Jinja templating markers in a when expression (the expression is already evaluated as a jinja expression):
- docker_container:
name: "{{ item.key }}"
when: "item.key != 'any'"
with_dict: "{{ members_list }}"
I find nested quotes like this can be confusing, and often opt for one
of YAMLs alternative quoting mechanisms, e.g.:
- docker_container:
name: "{{ item.key }}"
when: >-
item.key != 'any'
with_dict: "{{ members_list }}"
This is identical to the previous version; I just find it easier to
read and understand.

Ansible: Save registered variables to file

How could I save a registered variables to a file using Ansible?
Goal:
I would like to gather detailed information about all PCI buses and devices in the system and save the result somewhere (Ex. using lspci. Ideally, I should have results of command in my local machine for further analysis).
Save results also somewhere with the given criterion.
My playbook looks like this:
tasks:
- name: lspci Debian
command: /usr/bin/lspci
when: ansible_os_family == "Debian"
register: lspcideb
- name: lspci RedHat
command: /usr/sbin/lspci
when: ansible_os_family == "RedHat"
register: lspciredhat
- name: copy content
local_action: copy content="{{ item }}" dest="/path/to/destination/file-{{ item }}-{{ ansible_date_time.date }}-{{ ansible_hostname }}.log"
with_items:
- lspcideb
- aptlist
- lspciredhat
But saves only item_name
Good Q&A with saving 1 variable there - Ansible - Save registered variable to file.
- local_action: copy content={{ foo_result }} dest=/path/to/destination/file
My question:
How can I save multiple variables and transfer stdout to my local machine?

- name: copy content
local_action: copy content="{{ vars[item] }}" dest="/path/to/destination/file-{{ item }}-{{ ansible_date_time.date }}-{{ ansible_hostname }}.log"
with_items:
- lspcideb
- aptlist
- lspciredhat
Explanation:
You must embed variable names in Jinja2 expressions to refer to their values, otherwise you are passing strings. So:
with_items:
- "{{ lspcideb }}"
- "{{ aptlist }}"
- "{{ lspciredhat }}"
It's a universal rule in Ansible. For the same reason you used {{ item }} not item, and {{ foo_result }} not foo_result.
But you use {{ item }} also for the file name and this will likely cause a mess.
So you can refer to the variable value with: {{ vars[item] }}.
Another method would be to define a dictionary:
- name: copy content
local_action: copy content="{{ item.value }}" dest="/path/to/destination/file-{{ item.variable }}-{{ ansible_date_time.date }}-{{ ansible_hostname }}.log"
with_items:
- variable: lspcideb
value: "{{ lspcideb }}"
- variable: aptlist
value: "{{ aptlist }}"
- variable: lspciredhat
value: "{{ lspciredhat }}"