I want to have 2 "sub tasks" in a main task, but for some reason I am getting a syntax error.
In my /etc/ansible directory I have to following structure:
playbooks/
set_users.yml
roles/
users/
tasks/
main.yml
create_admin.yml
update_root.yml
vars/
main.yml
In the create_admin.yml file I have the following:
---
- name: Create srv_admin user
user: name=srv_admin password="{{ admin_password }}" groups=wheel shell=/bin/bash
And in update_root.yml:
---
- name Update root password
user: name=root password="{{ root_password }}"
Then I include these tasks in main.yml:
---
- name: Modify users
tasks:
- include: update_root.yml
- include: create_admin.yml
My vars/main.yml contains my passwords:
---
admin_password: SHA512HASH
root_password: SHA512HAS
Now bringing it all together in playbooks/set_users.yml:
---
- name: create user
hosts: servers
remote_user: root
roles:
- users
But I am obviously doing something wrong. When I run the playbook, I get the following error:
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
The error appears to have been in '/etc/ansible/roles/users/tasks/main.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
---
- name: Modify users
^ here
How can I use these two "sub" tasks in tasks/main.yml so that I can simply import the role in the playbook?
EDIT
After implementing #Konstantin Suvorov suggestion:
The error appears to have been in '/etc/ansible/roles/users/tasks/update_root.yml': line 3, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name Update root password
user: name=root password="{{ root_password }}"
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
tasks/main.yml should be a list of tasks, so no need in tasks: keyword:
---
- include: update_root.yml
- include: create_admin.yml
And avoid using key=value syntax, it'll shoot in the leg sometime, use pure YAML:
- name: Update root password
user:
name: root
password: "{{ root_password }}"
Related
teaching myself ansible. i'm trying to do a simple ls -l on a list of home directories.
###contents of my first playbook
- hosts: localhost
become: true
vars_files:
- /home/admin/.ansible/vault/vault.yml
roles:
- list_home_dirs
###contents of my first role list_home_dirs
- name: target home directories
homedirs:
- "/home/john"
- "/home/jane"
- name: listing contents of home directories
shell: ls -l "{{ homedirs }}"
ignore_errors: true
when i run my playbook with tasks on the role i get this:
ERROR! unexpected parameter type in action: <class 'ansible.parsing.yaml.objects.AnsibleSequence'>
The offending line appears to be:
- name: list content of home directories
^ here
i ran yamllint and online yml checkers. no issues with syntax mentioned.
can you please help me? what am i doing wrong?
Let's say I have a playbook that uses two roles like this.
---
- hosts: database
become: yes
roles:
- role: foo_role_one
- role: foo_role_two
And I have a file in /group_vars/database/vars.yml like this.
---
username: bar
The username variable is used by both foo_role_one and foo_role_two, but the values are not identical. I know I could include the variable directly as a child of - role: foo_role_one, but I am attempting to keep my playbooks clean with the variables for groups and and hosts in their own files. To accomplish this I'd like to do some like this.
---
- hosts: database
become: yes
roles:
- role: foo_role_one
'{{ foo_one }}'
- role: foo_role_two
'{{ foo_two }}'
And then in /group_vars/database/vars.yml have the following.
---
foo_one:
username: bar
foo_two:
username: baz
I cannot find a syntax with the yaml spec that will allow me to do this. I thought anchors and references would do it, but it appears that they do not span yaml files.
I think you'll find what you're looking for right in the roles documentation, which shows, for example in which two roles both want variables named dir and app_port, but the values for each role need to be different:
- hosts: webservers
roles:
- common
- role: foo_app_instance
vars:
dir: '/opt/a'
app_port: 5000
tags: typeA
- role: foo_app_instance
vars:
dir: '/opt/b'
app_port: 5001
tags: typeB
I believe that's the same situation you're asking about.
I trying to create a simple paybook with a common role. Unfortunately I get stymied by ansible. I have looked up and down the internet for solution for this error.
The setup:
I am running ansible 2.7.4 on Ubuntu 18.04
directory structure:
~/Ansible_Do
playbook.yml
inventory (hosts file)
/roles
/common
/defaults
main.yml (other variables)
/tasks
main.yml
richard_e.yml
/vars
vars_and_stuff.yml (vault)
I have a simple playbook.yml
---
# My playbook 1
- hosts: test
- name: Go to common role to run tasks.
roles:
- common
tasks:
- name: echo something
shell: echo $(ip addr | grep inet)
...
I run this command to start the playbook:
~/Ansible_Do$ ansible-playbook -vv --vault-id #prompt -i ~/Ansible_Do/inventory playbook.yml
I enter the vault password continuing the playbook.
The playbook starts pulls facts from the test group of servers. Then reads the role and works to /roles/common. That calls the /common/tasks/main.yml file. This is where the error happens.
The error appears to have been in '/home/~/Ansible_Do/roles/common/tasks/main.yml': line 8, column 3
# Common/tasks file
---
- name: Bring variable from vault
include_vars:
file: vars_and_stuff.yml
name: My_password
- name: Super Richard <====== Error
become: yes
vars:
ansible_become_pass: "{{ My_password }}"
- import_tasks: ./roles/common/tasks/ricahrd_e.yml
...
The ./roles/common/tasks/ricahrd_e.yml is a simple testing task.
---
- name: say hi
debug:
msg: "Active server."
...
The error on "- name". I have checked online and in the Ansible docs to see if there is a key I'm missing. I found an example for include_vars in a /role/tasks (https://gist.github.com/halberom/ef3ea6d6764e929923b0888740e05211) showing proper syntax (I presume) in a simple role. The code works as parts, but not together.
I have reached what I can understand. I feel that is error is utterly simple and I am missing something (forest for the trees).
The error means exactly what it says, except the "module name" is not misspelled in your case, but missing altogether.
This...
- name: Super Richard <====== Error
become: yes
vars:
ansible_become_pass: "{{ My_password }}"
... is not a valid task definition, it does not declare an action.
An action in Ansible is a call to a module, hence "misspelled module name".
The error comes after name, because that's where Ansible expects the name of the "module" that you want to call, e.g. shell in your first example.
You are probably assuming that become is a "module", but it is not.
It is a "playbook keyword", in this case applied on the task level, which has the effect that you become another user for this task only.
But as the task has no action, you get this error.
See docs:
Playbook keywords
Understanding privilege escalation
After a bit of work I got the playbook to work. Knowing that 'become' is not a task was the start. I also found out how to pull the proper vars from the vault.
# My first playbook 1
- hosts: test
become: yes
vars_files:
- ./roles/common/vars/vars_and_stuff.yml
vars:
ansible_become_pass: "{{ My_password }}"
roles:
- common
tasks:
- name: echo something
shell: echo $(ip addr | grep inet)
The vars file access the vault and then vars: pulls the password used by become. With become in force I ran the other tasks in the common role with a last standalone task. Lastly, don't try to - name: at the top level of the playbook as it trigger a hosts undefined error.
My test.yml playbook looks like this:
- hosts: all
roles:
- role: test-role
And the test-role role looks like this:
---
- import_tasks: a.yml
tags:
- a
- import_tasks: b.yml
tags:
- b
but if I run this using:
ansible-playbook -i inventories/dev --tags "b" playbooks/test.yml --check
I get tasks from a.yml running.
Why?
FYI, a.yml looks like this:
- set_fact: test_file="/tmp/test.txt"
- name: Look for the test file
stat:
path: "{{ test_file }}"
register: stat_result
- block:
- name: If the file exists, end playbook
debug: msg="Test file existed, ending play"
- meta: end_play
when: stat_result.stat.exists == True
The error is:
ERROR! The conditional check 'stat_result.stat.exists == True' failed. The error was: error while evaluating conditional (stat_result.stat.exists == True): 'stat_result' is undefined
and
The offending line appears to be:
debug: msg="Test file existed, ending play"
- meta: end_play
^ here
Why is a.yml even being run when I'm using tags to specifically not include it?!
You have to tag your top-level playbook if you want to use the command line to include/exclude tags. In your case, the tags need to be in test.yml, not the role.
- hosts: all
roles:
- role: test-role
tags:
- a
I'm not sure about your setup, but using import_role has always worked well for me:
- hosts: vpc
tasks:
- import_role:
name: test-role
tags:
- a
But that may not make a difference for you. Hope this helps.
I am testing the variable feature in ansible along with include_vars and with_first_found.
My playbook is
---
- name: Load Variables from files.
include_vars: "{{ item }}"
with_first_found:
- "a.yml"
- "b.yml"
- "default.yml"
- name: another play
hosts: all
tasks:
- debug: msg="hello {{ http_port }}"
But when Im running this, I get the ERROR,
# ansible-playbook -i inventory/plat-inventory test.yaml
ERROR! 'with_first_found' is not a valid attribute for a Play
The error appears to have been in '/root/config-3.0.98/ansible/test.yaml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
---
- name: Load Variables from files.
^ here
default.yml states :
http_port: 80
What am I missing here ?
As far as I know, include_vars should be a task, as the examples in its documentation
something like
- name: playbook
hosts: somehosts
gather_facts: false
tasks:
- name: "add some vars"
include_vars: somefile.yml
But then, those variables won't probably be available in the other playbook.