Unable to stop and disable firewalld using Ansible - ansible

This is my playbook to stop and disable firewalld :
---
- hosts : openstack
connection : ssh
remote_user : ec2-user
become_method : sudo
become : yes
gather_facts : no
tasks :
- command: "{{ item }}"
with_items:
- systemctl stop firewalld
- systemctl disable firewalld
Error :
failed: [ec2-52-87-240-155.compute-1.amazonaws.com] (item=systemctl stop firewalld) => {"changed": true, "cmd": ["systemctl", "stop", "firewalld"], "delta": "0:00:00.009282", "end": "2016-10-27 13:37:20.620051", "failed": true, "item": "systemctl stop firewalld", "rc": 5, "start": "2016-10-27 13:37:20.610769", "stderr": "Failed to stop firewalld.service: Unit firewalld.service not loaded.", "stdout": "", "stdout_lines": [], "warnings": []}
failed: [ec2-52-87-240-155.compute-1.amazonaws.com] (item=systemctl disable firewalld) => {"changed": true, "cmd": ["systemctl", "disable", "firewalld"], "delta": "0:00:00.004876", "end": "2016-10-27 13:37:20.816710", "failed": true, "item": "systemctl disable firewalld", "rc": 1, "start": "2016-10-27 13:37:20.811834", "stderr": "Failed to execute operation: Access denied", "stdout": "", "stdout_lines": [], "warnings": []}
Could anyone help me out with this?

There a few things wrong with this playbook:
don't set a space character between parameter and :
use service module instead of command module
This should work:
---
- hosts: openstack
connection: ssh
remote_user: ec2-user
become: True
gather_facts: False
tasks:
- name: Stop and disable firewalld.
service:
name: firewalld
state: stopped
enabled: False

if firewalld not installed/not running you can simply ignore error message using "failed_when:"
To avoid Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg
- name: 'Disable firewalld Services'
service:
name: "{{item}}"
state: stopped
enabled: no
loop:
- firewalld
register: firewalld_service_disable
failed_when: "firewalld_service_disable|failed and ('Could not find the requested service' not in firewalld_service_disable.msg)"
ignore_errors: yes
tags: test
Below is the anisble playbook execution output
# ansible-playbook main.yml --tags test
PLAY [all] **********************************************************
TASK [Gathering Facts] **********************************************
ok: [ANSIBLECLIENTNODE]
TASK [hardening : Disable firewalld Services] ***********************
changed: [ANSIBLECLIENTNODE] => (item=firewalld)
PLAY RECAP **********************************************************
ANSIBLECLIENTNODE : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
If your ansible version 2.9 and later , follow below "service_facts" method
- name: 'Populate service facts'
service_facts:
- name: 'Disable firewalld Services'
service:
name: "{{item}}"
state: stopped
enabled: no
loop:
- firewalld
when: ansible_facts.services[item] is defined
ignore_errors: yes

Related

Unable to start logstash using /etc/init.d/logstash start

I'm trying to start the logstash service using below playbook. Output says starting but when I checked the status its in stopped state.
---
- hosts: test
gather_facts: False
remote_user: test
become: yes
become_user: root
become_method: sudo
tasks:
- name: starting /etc/init.d/logstash start
shell: /etc/init.d/logstash start
- name: status /etc/init.d/logstash status
shell: /etc/init.d/logstash status
register: logstash_status
- name: output
debug:
msg: "{{logstash_status}}"
Output
PLAY [test] ************************************************************************************************************************************************************
TASK [starting /etc/init.d/logstash start] *****************************************************************************************************************************
changed: [192.168.1.10]
TASK [status /etc/init.d/logstash status] ******************************************************************************************************************************
fatal: [192.168.1.10]: FAILED! => {"changed": true, "cmd": "/etc/init.d/logstash status", "delta": "0:00:00.021383", "end": "2021-06-02 20:31:17.701169", "msg": "non-zero return code", "rc": 1, "start": "2021-06-02 20:31:17.679786", "stderr": "", "stderr_lines": [], "stdout": "Stopped", "stdout_lines": ["Stopped"]}
to retry, use: --limit #/home/test/logstat-config/new.retry
PLAY RECAP *************************************************************************************************************************************************************
192.168.1.10 : ok=1 changed=1 unreachable=0 failed=1
I was able to start the service by running it in background.
---
- hosts: test
gather_facts: False
remote_user: test
become: yes
become_user: root
become_method: sudo
tasks:
- name: starting /etc/init.d/logstash start
shell: nohup /etc/init.d/logstash start &
register: logstash
- debug:
msg: "{{logstash}}"
- name: status /etc/init.d/logstash status
shell: /etc/init.d/logstash status
register: logstash_status
- name: output
debug:
msg: "{{logstash_status}}"
Output:
PLAY [test] ************************************************************************************************************************************************************
TASK [starting /etc/init.d/logstash start] *****************************************************************************************************************************
changed: [192.168.1.10]
TASK [debug] ***********************************************************************************************************************************************************
ok: [192.168.1.10] => {
"msg": {
"changed": true,
"cmd": "nohup /etc/init.d/logstash start &",
"delta": "0:00:00.014488",
"end": "2021-06-03 17:31:02.914306",
"failed": false,
"rc": 0,
"start": "2021-06-03 17:31:02.899818",
"stderr": "",
"stderr_lines": [],
"stdout": "Starting logstash",
"stdout_lines": [
"Starting logstash"
]
}
}
TASK [status /etc/init.d/logstash status] ******************************************************************************************************************************
changed: [192.168.1.10]
TASK [output] **********************************************************************************************************************************************************
ok: [192.168.1.10] => {
"msg": {
"changed": true,
"cmd": "/etc/init.d/logstash status",
"delta": "0:00:00.011286",
"end": "2021-06-03 17:31:03.272873",
"failed": false,
"rc": 0,
"start": "2021-06-03 17:31:03.261587",
"stderr": "",
"stderr_lines": [],
"stdout": "Running",
"stdout_lines": [
"Running"
]
}
}
PLAY RECAP *************************************************************************************************************************************************************
192.168.1.10 : ok=4 changed=2 unreachable=0 failed=0

Ansible when condition from debug msg

i want create a task of a when condition from a stdout.
Example here of playbook:
---
- hosts: localhost
gather_facts: false
ignore_errors: yes
vars:
- dev_ip: '192.168.20.192'
tasks:
- name: checkking ssh status
wait_for:
host: "{{dev_ip}}"
port: 22
timeout: 2
state: present
register: ssh_stat
- name: checkcondition
debug:
msg: "{{ssh_stat}}"
message out put is:
ok: [localhost] => {
"msg": {
"changed": false,
"elapsed": 2,
"failed": true,
"msg": "Timeout when waiting for 192.168.20.192:22"
}
}
i want to make a when condition task if string "Timeout when waiting for 192.168.20.192:22" is in the ssh_stat.stdout
Here's what you need:
---
- name: answer stack overflow
hosts: localhost
gather_facts: false
ignore_errors: yes
tasks:
- name: checkking ssh status
wait_for:
host: 192.168.1.23
port: 22
timeout: 2
state: present
register: ssh_stat
- name: do something else when ssh_stat.msg == "Timeout when waiting for 192.168.1.23:22"
shell: echo "I am doing it"
when: ssh_stat.msg == "Timeout when waiting for 192.168.1.23:22"
output:
PLAY [answer stack overflow] **************************************************************************************************************************************************************************************
TASK [checkking ssh status] ***************************************************************************************************************************************************************************************
[WARNING]: Platform linux on host localhost is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
fatal: [localhost]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "elapsed": 3, "msg": "Timeout when waiting for 192.168.1.23:22"}
...ignoring
TASK [do something else when ssh_stat.msg == "Timeout when waiting for 192.168.1.23:22"] ************************************************************************************************************************
changed: [localhost]
PLAY RECAP ********************************************************************************************************************************************************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1

Extract value from output and send to next task

I am trying to define a template in Ansible Tower, where I want to extract the id for the Active Controller in Kafka Broker and then use this value in another template / task that will perform the rolling restart but will make sure the active controller is started last
When I run this Ansible task
- name: Find active controller
shell: '/bin/zookeeper-shell 192.168.129.227 get /controller'
register: resultAC
I get the below result. I want to extract the brokerid and assign the value of 2 to a variable that can be used in a different task in the same template or pass it to another template when the templates are part of a workflow definition.
I tried using resultAC.stdout_lines[5].brokerid but that does not work.
The structure of resultAC:
{
"resultAC": {
"stderr_lines": [],
"changed": true,
"end": "2020-08-19 07:36:01.950347",
"stdout": "Connecting to 192.168.129.227\n\nWATCHER::\n\nWatchedEvent state:SyncConnected type:None path:null\n{\"version\":1,\"brokerid\":2,\"timestamp\":\"1597241391146\"}",
"cmd": "/bin/zookeeper-shell 192.168.129.227 get /controller",
"failed": false,
"delta": "0:00:02.843972",
"stderr": "",
"rc": 0,
"stdout_lines": [
"Connecting to 192.168.129.227",
"",
"WATCHER::",
"",
"WatchedEvent state:SyncConnected type:None path:null",
"{\"version\":1,\"brokerid\":2,\"timestamp\":\"1597241391146\"}"
],
"start": "2020-08-19 07:35:59.106375"
},
"_ansible_verbose_always": true,
"_ansible_no_log": false,
"changed": false
}
Because your JSON is just part of a list of strings, it is not parsed or considered as a JSON.
You will have to use the Ansible filter from_json in order to parse it back to a dictionary.
Given the playbook:
- hosts: all
gather_facts: no
vars:
resultAC:
stdout_lines:
- "Connecting to 192.168.129.227"
- ""
- "WATCHER::"
- ""
- "WatchedEvent state:SyncConnected type:None path:null"
- "{\"version\":1,\"brokerid\":2,\"timestamp\":\"1597241391146\"}"
tasks:
- debug:
msg: "{{ (resultAC.stdout_lines[5] | from_json).brokerid }}"
This gives the recap:
PLAY [all] *************************************************************************************************************************************************************
TASK [debug] ***********************************************************************************************************************************************************
ok: [localhost] => {
"msg": "2"
}
PLAY RECAP *************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Going further, maybe I would select and match the JSON in the stdout_lines list, just in case it is not always at the sixth line:
- hosts: all
gather_facts: no
vars:
resultAC:
stdout_lines:
- "Connecting to 192.168.129.227"
- ""
- "WATCHER::"
- ""
- "WatchedEvent state:SyncConnected type:None path:null"
- "{\"version\":1,\"brokerid\":2,\"timestamp\":\"1597241391146\"}"
tasks:
- debug:
msg: "{{ (resultAC.stdout_lines | select('match','{.*\"brokerid\":.*}') | first | from_json).brokerid }}"

Ansible task variable output not displaying

Below is my simple playbook
name: "test"
hosts: webservers
tasks:
- name: Echo my_env_var
shell: "echo $MY_ENV_VARIABLE"
environment:
MY_ENV_VARIABLE: whatever_value
- name: Echo my_env_var again
shell: "echo $MY_ENV_VARIABLE"
register: stdd
- debug: msg={{stdd.stdout_lines}}
My output is always msg:"" or msg: []. Why am i not able to see the value of variable
I took your example and changed it from debug msg to debug var. I also simplified it by only running the task once, and found the error in the process. The environment argument is specific to a task. You aren't including it in your second shell task.
Here's the example I used.
echo.yml
- hosts: localhost
tasks:
- name: Echo my_env_var
shell: "echo $MY_ENV_VARIABLE"
environment:
MY_ENV_VARIABLE: whatever_value
register: stdd
- debug: var=stdd
execution
$ ansible-playbook -c local -i "localhost," echo.yml
PLAY [localhost] **************************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
TASK: [Echo my_env_var] *******************************************************
changed: [localhost]
TASK: [debug var=stdd] ********************************************************
ok: [localhost] => {
"var": {
"stdd": {
"changed": true,
"cmd": "echo $MY_ENV_VARIABLE",
"delta": "0:00:00.005332",
"end": "2016-07-25 19:42:54.320667",
"invocation": {
"module_args": "echo $MY_ENV_VARIABLE",
"module_complex_args": {},
"module_name": "shell"
},
"rc": 0,
"start": "2016-07-25 19:42:54.315335",
"stderr": "",
"stdout": "whatever_value",
"stdout_lines": [
"whatever_value"
],
"warnings": []
}
}
}
PLAY RECAP ********************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=0

Ansible playbook - environment variables

I am trying (newbie) to setup a playbook, which will use lookup plugin to fetch secrets from vault (https://github.com/jhaals/ansible-vault), but it will fail on missing environment variables every time. Can anyone help? Thanks for the help.
PS: token is for a test purposes
There is condition in lookup module :
url = os.getenv('VAULT_ADDR')
if not url:
raise AnsibleError('VAULT_ADDR environment variable is missing')
Playbook:
---
- hosts: localhost
vars:
vault1_env:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
tasks:
- shell: echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY
environment: "{{ vault1_env }}"
register: shellout
- debug: var=shellout
- debug: msg="{{ lookup('vault', 'secret/hello', 'value') }}"
output:
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [localhost]
TASK [command] *****************************************************************
changed: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"shellout": {
"changed": true,
"cmd": "echo VAULT_ADDR is $VAULT_ADDR, VAULT_TOKEN is $VAULT_TOKEN, VAULT_SKIP_VERIFY is $VAULT_SKIP_VERIFY",
"delta": "0:00:00.001268",
"end": "2016-05-17 15:46:34.144735",
"rc": 0,
"start": "2016-05-17 15:46:34.143467",
"stderr": "",
"stdout": "VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True",
"stdout_lines": [
"VAULT_ADDR is https://localhost:8200/, VAULT_TOKEN is ab9b16c6-52d9-2051-0802-6f047d929b63, VAULT_SKIP_VERIFY is True"
],
"warnings": []
}
}
TASK [debug] *******************************************************************
fatal: [localhost]: FAILED! => {"failed": true, "msg": "ERROR! VAULT_ADDR environment variable is missing"}
PLAY RECAP *********************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1
Here you are only setting environmental variables for the shell module, and not for the others. If you want to use variables across multiple modules, or for an entire a host, you should use the environment attribute on all of the modules, or on the host itself, something like this:
---
- hosts: localhost
environment:
VAULT_ADDR: https://localhost:8200/
VAULT_TOKEN: my-token-id
VAULT_SKIP_VERIFY: True
Why don't you make use of the vault feature to encrypt a variable file and then include this file in your playbook.
http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault

Resources