I have the following playbook example.yml:
- hosts: all
remote_user: administrator
become: yes
tasks:
- name: Put resolv.conf
template:
src: /home/user/resolv.conf.j2
dest: /etc/resolv.conf
backup: yes
mode: 0644
when: variable_name == "string"
The purpose is to update the resolv.conf by a customized one.
For executing it I am running:
ansible-playbook example.yml -k -u administrator --become --ask-become-pass --limit server_name -e variable_name='string'
However I get the following error:
SSH password:
SUDO password[defaults to SSH password]:
PLAY [all] *********************************************************************
TASK [setup] *******************************************************************
ok: [server_name]
TASK [Put resolv.conf] *******************************************************
fatal: [server_name]: FAILED! => {"changed": true, "failed": true, "msg": "unsupported parameter for module: when"}
to retry, use: --limit #/home/user/playbooks/example.retry
PLAY RECAP *********************************************************************
server_name : ok=1 changed=0 unreachable=0 failed=1
I have tried with different syntax by applying "()" to the variable, change between double and single commas, etc. But always the same error.
If I don't use both, variable and when condition, the task is succesfully completed.
Where is the problem?
Mind the padding!
- hosts: all
remote_user: administrator
become: yes
tasks:
- name: Put resolv.conf
template:
src: /home/user/resolv.conf.j2
dest: /etc/resolv.conf
backup: yes
mode: 0644
when: variable_name == "string"
when is a task property, not template's parameter.
Related
New ansible user
Here is my playbook.
---
- name: Creating Local User Account on RHEL Systems.
hosts: hapansible05
become: true
vars:
passwd: WSXcde1234
tasks:
- name: Creating Local User
user:
name: svc_cldscp
password: "{{ passwd | password_hash('sha512') }}"
comment: svc_cldscp-ServiceAcct
shell: /bin/bash
Keep getting this message on RHEL server
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
PLAY [Creating Local User Account on RHEL Systems.] ********************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************
ok: [hapansible05]
TASK [Creating Local User] ***********************************************************************************************************************************
****fatal: [hapansible05]: FAILED! => {"changed": false, "msg": "usermod: user 'svc_cldscp' does not exist in /etc/passwd\n", "name": "svc_cldscp", "rc": 6}******
PLAY RECAP *************************************************************************************************************************************************
hapansible05 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
A working practice example for creating and configuring local users via user module with a filter for Hashing and encrypting strings and passwords is
---
- name: Create local user account on RHEL System
hosts: rhel.example.com
become: true
vars:
pwd: "WSXcde1234"
tasks:
- name: Create and configure user in local system
user:
name: "svc_cldscp"
password: "{{ pwd | password_hash('sha512') }}"
system: false # Defaults to no
createhome: true # Defaults to yes
uid: '1234' #
group: '1234' # Need to exist before
shell: /bin/bash # Defaults to /bin/bash
comment: "Service Account"
state: present
The following ansible-playbook works fine for non-sudo access.
But fails when I un-comment become:yes
---
- hosts: all
become: yes
tasks:
- name: Register the policy file in a variable
read_csv:
path: policy.csv
delegate_to: localhost
register: csv_file
- name: Check rules pre-remediation
command: "{{ item.Compliance_check }}"
register: output
with_items:
"{{ csv_file.list }}"
- name: Perform remediation
command: "{{ item.item.Remediation }}"
when: item.item.Expected_result != item.stdout
with_items:
"{{ output.results }}"
The inventory file looks like:
10.136.59.110 ansible_ssh_user=username ansible_ssh_pass=password ansible_sudo_pass=password
Error I'm facing is:
user#hostname:~/git-repo/MCI$ ansible-playbook playbook.yaml -i inventory
PLAY [all] *******************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************
ok: [10.136.59.109]
TASK [Register the policy file in a variable] ********************************************************************************************
Sorry, try again.
fatal: [10.136.59.109 -> localhost]: FAILED! => {"changed": false, "module_stderr": "[sudo via ansible, key=mjcqjbcyeemygkxwycgeftiikivnylsj] password:\nsudo: no password was provided\nsudo: 1 incorrect password attempt\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
PLAY RECAP *******************************************************************************************************************************
10.136.59.109 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Can't understand why this error is showing. I have tried providing correct sudo passwords in both inventory as well as at run-time using --ask-become-pass
Please help find out the cause of the error.
I had a working playbook in my test environment, where my user was root user itslef and didnt have any issue.
When i moved my playbook to staging environment , there my login user account is "admin" which is sudo user. But all of my playbooks are failing in this environment.
---
- name: Replace the silent-install-server_ file to each Application Servers
hosts: localhost,CCM,RM
vars:
jts_file: /etc/ansible/roles/IBM2/files/silent-install-server_JTS.xml
ccm_file: /etc/ansible/roles/IBM2/files/silent-install-server_CCM.xml
rm_file: /etc/ansible/roles/IBM2/files/silent-install-server_RM.xml
dest_dir: /opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64
tasks:
- name: check the folder existance
stat: path=/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64
register: folder_exist
- name: JTS Server
copy:
src: "{{ jts_file }}"
dest: "{{ dest_dir }}/"
mode: 777
backup: yes
delegate_to: localhost
when: folder_exist.stat.exists == True
- name: CCM Server
copy:
src: "{{ ccm_file }}"
dest: "{{ dest_dir }}/"
mode: 777
backup: yes
delegate_to: 10.16.24.102`enter code here`
when: folder_exist.stat.exists == True
- name: RM Server
copy:
src: "{{ rm_file }}"
dest: "{{ dest_dir }}/"
mode: 777
backup: yes
delegate_to: 10.16.24.103
when: folder_exist.stat.exists == True
getting below error.
PLAY [Replace the silent-install-server_ file to each Application Servers] **********************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
ok: [localhost]
fatal: [10.16.24.102]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
fatal: [10.165.240.103]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
TASK [check the folder existance] ***************************************************************************************************************************
ok: [localhost]
TASK [JTS Server] *******************************************************************************************************************************************
ok: [localhost -> localhost]
TASK [CCM Server] *******************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "Failed to get information on remote file (/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64/silent-install-server_CCM.xml): Shared connection to 10.16.24.102 closed.\r\n"}
to retry, use: --limit #/etc/ansible/roles/IBM2/tasks/best/silentiInstallerfile.retry
PLAY RECAP **************************************************************************************************************************************************
10.16.24.102 : ok=0 changed=0 unreachable=0 failed=1
10.16.24.103 : ok=0 changed=0 unreachable=0 failed=1
localhost : ok=3 changed=0 unreachable=0 failed=1
my hostfile is as below
[IHS]
10.16.24.100
[JTS]
10.16.24.101
[CCM]
10.16.24.102
[RM]
10.16.24.103
I will suggest making for admin#10.16.24.102 and admin#10.165.240.103 sudo access without password:
You can add to /etc/sudoers file:
admin ALL=(ALL:ALL) NOPASSWD:ALL
Make sure admin#10.16.24.102 and admin#10.165.240.103 is able to "sudo su".
fatal: [10.16.24.102]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
fatal: [10.165.240.103]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
If you are not running as root, you need to tell ansible to become root
become: yes
This can be done per play, per host in inventory, or on individual tasks
I use ansible 2.1 and I want to run a command to a group of hosts, using delegate_to. I use localhost as the host param and I want to delegate a “touch” command to both of cls hosts
I have the following
---
- hosts: ansible
# gather_facts: yes
tasks:
- debug: var=groups.cls
- name: touch a file to running host
shell: echo {{ item }} >> /tmp/{{ inventory_hostname }}
delegate_to: "{{ item }}"
with_items: "{{ groups.cls }}"
with output:
[root#ansible control]# ansible-playbook -i inventory test.yml
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [ansible]
TASK [debug] *******************************************************************
ok: [ansible] => {
"groups.cls": [
"cls-host-1",
"cls-host-2"
]
}
TASK [touch a file to running host] ********************************************
changed: [ansible -> cls-host-1] => (item=cls-host-1)
changed: [ansible -> cls-host-2] => (item=cls-host-2)
PLAY RECAP *********************************************************************
ansible : ok=3 changed=1 unreachable=0 failed=0
but the touch is done only on the first host:
[root#cls-host-1 ~]# more /tmp/ansible
cls-host-1
cls-host-2
Is anything wrong? Can I delegate the command with any other way?
I've tested a variation of your playbook using Ansible 2.4.0.0:
#!/usr/bin/env ansible-playbook
- hosts: stretch.fritz.box
tasks:
- name: touch
shell: echo {{item}} >>/tmp/{{inventory_hostname}}
delegate_to: "{{item}}"
with_items:
- jessie.fritz.box
- short.fritz.box
This is working fine: the touch is performed on jessie and short
jessie$ cat /tmp/stretch.fritz.box
jessie.fritz.box
short$ cat /tmp/stretch.fritz.box
short.fritz.box
Perhaps this feature was introduced in Ansible between 2.1 and 2.4.
I try to do something like that:
I have this playbook
---
- hosts: all
vars:
user: myuser
venv_name: venv
only_deploy_code: "yes"
roles:
- my_venv
In roles/my_venv/tasks/main.yml::
---
- name: pip Install packages into virtualenv
pip: name={{ item }} virtualenv="{{ home }}/{{ venv_name }}" virtualenv_site_packages="yes"
with_items:
- PyYAML
- numexpr
sudo_user: "{{ user }}"
sudo: true
when: only_code_deploy == "no"
but I get this error::
TASK: [akd_venv | pip Install packages into virtualenv]
***********************
fatal: [vagrant] => error while evaluating conditional: only_code_deploy == "no"
Just try to omit the quotes around the yes and change your when statement like this:
- hosts: all
gather_facts: no
vars:
only_deploy_code: yes
tasks:
- debug:
msg: "This is yes message"
when: not only_deploy_code
Tested on the local machine like this:
ansible-playbook -i "localhost," test.yml -c local
with the output:
PLAY ***************************************************************************
TASK [debug] *******************************************************************
skipping: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=0
I think this is the expected behaviour that you want, just modified the when statement if you want to skip it for no instead of yes like this:
when: only_deploy_code