I am trying to understand how ansible playbooks are structured and I am failing at a basic example:
---
- hosts: all
tasks:
# update dependencies
- name: install apt dependencies
apt: name={{ item }}
with_items:
- python3-arrow
- python3-netifaces
- python3-requests
- python3-docopt
- name: install pip3 dependencies
pip: name=scapy-python3 executable=pip3
# install service
- name: copy source file
copy: src=honeysyn.py dst=/opt/sentinel-honeysyn/honeysyn.py
- name: copy service file
copy: src=honeysyn.service dst=/etc/systemd/system/honeysyn.service mode=0644
- name: install service, restart and enable
systemd:
name: honeysyn
daemon_reload: yes
enabled: yes
started: yes
The error is:
The offending line appears to be:
copy: src=honeysyn.service dst=/etc/systemd/system/honeysyn.service mode=0644
- name: install service, restart and enable
^ here
I checked the consistency of the YAML file and the JSON output makes sense:
[
{
"tasks": [
{
"name": "install apt dependencies",
"apt": "name={{ item }}",
"with_items": [
"python3-arrow",
"python3-netifaces",
"python3-requests",
"python3-docopt"
]
},
{
"pip": "name=scapy-python3 executable=pip3",
"name": "install pip3 dependencies"
},
{
"copy": "src=honeysyn.py dst=/opt/sentinel-honeysyn/honeysyn.py",
"name": "copy source file"
},
{
"copy": "src=honeysyn.service dst=/etc/systemd/system/honeysyn.service mode=0644",
"name": "copy service file"
},
{
"systemd": {
"started": true,
"enabled": true,
"name": "honeysyn",
"daemon_reload": true
},
"name": "install service, restart and enable"
}
],
"hosts": "all"
}
]
I found out that the errors are often very much off the real bug (I had the same case as above, but it was an extra space after a = in a completely different place) - thus the whole playbook.
What is wrong with this playbook?
The systemd module that you are attempting to use is present in Ansible 2.2 (which is not released as far as I know) and hence will not work with any of the currently available Ansible versions.
https://docs.ansible.com/ansible/systemd_module.html
As #Amit pointed out, it's not released yet.
Ansible seems to have a very zealous documentation release schedule, which sometimes outstrips the release of the actual supporting code :-)
Maybe try the service module instead for now, something like this should work:
- name: install service, enable and start
service:
name: honeysyn
enabled: yes
state: started
Related
I'm using Ansible playbook to get information about the server's hardware internals through iDrac controller. It is performed by 3rd party module, which uses API to connect to the device.
I get server's internals info (controllers, disks, CPU information, etc.) by running the task. And I would like to register some variables from such output (the output is just shortened by dots).
I kept the main structure of output, to make it clear:
ok: [rac1] => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"invocation": {
"module_args": {
"ca_path": null,
"idrac_ip": "192.168.168.100",
"idrac_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"idrac_port": 443,
...
}
},
"msg": "Successfully fetched the system inventory details.",
"system_info": {
"BIOS": [
{
"BIOSReleaseDate": "09/14/2022",
"FQDD": "BIOS.Setup.1-1",
…
}
],
"CPU": [
{
"CPUFamily": "Intel(R) Xeon(TM)",
"Characteristics": "64-bit capable",
"CurrentClockSpeed": "2.1 GHz",
…
},
{
"CPUFamily": "Intel(R) Xeon(TM)",
"Characteristics": "64-bit capable",
…
}
],
"Controller": [
{
"Bus": "67",
"CacheSize": "8192.0 MB",
"DeviceDescription": "RAID Controller in SL 3",
"FQDD": "RAID.SL.3-1",
"Key": "RAID.SL.3-1",
…
},
I need to get only couple values from output (PCI slot num where RAID controller is located):
"DeviceDescription": "RAID Controller in SL 3",
"Key": "RAID.SL.3-1"
But I have no clue, which example from documentation can I use to register value to variable.
Considering this is a third party module. The task execution is very slow, so it is not so easy for me to play with it as much as possible.
Could somebody suggest me please, which direction should I dig? I'm not a big expert in Ansible yet.
My role's tasks are following below.
I tried to get nested values using debug task(just to figure out key which I need to register), like this, but no luck:
### Get inventory key:value pairs and trying to save certain value to variable ###:
- name: Get Inventory
dellemc.openmanage.idrac_system_info:
idrac_ip: "{{ idrac_ip }}"
idrac_user: "{{ idrac_user }}"
idrac_password: "{{ idrac_password }}"
validate_certs: False
register: ansible_facts[system_info][Controller][FQDD].result
### Trying to show my saved variable in this task ###
- name: print registered value
debug:
var: RAID slot is at "{{ result }}"
verbosity: 4
I get this message after launching playbook:
"msg": "Unsupported parameters for (dellemc.openmanage.idrac_system_info) module: register. Supported parameters include: idrac_ip, timeout, idrac_user, ca_path, idrac_port, validate_certs, idrac_password (idrac_pwd)."
Since you are providing already valid output, how do have generated that? How was it "printed"?
A minimal example playbook
---
- hosts: rac1
become: false
gather_facts: false
vars:
result:
system_info: {
"BIOS": [
{
"BIOSReleaseDate": "09/14/2022",
"FQDD": "BIOS.Setup.1-1"
}
],
"CPU": [
{
"CPUFamily": "Intel(R) Xeon(TM)",
"Characteristics": "64-bit capable",
"CurrentClockSpeed": "2.1 GHz"
},
{
"CPUFamily": "Intel(R) Xeon(TM)",
"Characteristics": "64-bit capable"
}
],
"Controller": [
{
"Bus": "67",
"CacheSize": "8192.0 MB",
"DeviceDescription": "RAID Controller in SL 3",
"FQDD": "RAID.SL.3-1",
"Key": "RAID.SL.3-1"
}
]
}
tasks:
- name: Show Facts
debug:
msg: "{{ result.system_info.Controller }}"
will result already into the expected output of
TASK [Show Facts] *****************************
ok: [rac1] =>
msg:
- Bus: '67'
CacheSize: 8192.0 MB
DeviceDescription: RAID Controller in SL 3
FQDD: RAID.SL.3-1
Key: RAID.SL.3-1
Regarding
which example from documentation can I use to register value to variable.
you may read about Registering variables. For registering results, even for 3rd-party or Custom Modules the structure will be
- name: Task
module_name:
module_parameter: values
register: variable_name
That's why you get an syntax error
Unsupported parameters for (dellemc.openmanage.idrac_system_info) module: register.
about the incorrect indention. Therefore try first
- name: Get Inventory
dellemc.openmanage.idrac_system_info:
idrac_ip: "{{ idrac_ip }}"
idrac_user: "{{ idrac_user }}"
idrac_password: "{{ idrac_password }}"
validate_certs: False
register: inventory
- name: Show Inventory
debug:
msg: "{{ inventory }}"
to get familiar with the result set and data structure.
Further documentation which might help are Return Values and idrac_system_info module – Get the PowerEdge Server System Inventory.
I'm creating playbook to install fluentbit on windows hosts. Everything is working properly but i'm getting error when creating service, it doesn’t fail the install as then everything is already in place but I would like to figure out how I could leverage conditionals. Could you help me with this? :)
My adhoc test-play where I've tried to parse results from ansible.windows.win_service_info module is as follows:
---
- name: Check Windows service status
hosts: win
gather_facts: True
tasks:
- name: Check if a service is installed
win_service:
name: fluent-bit
register: service_info
- debug: msg="{{service_info}}"
- name: Get info for a single service
ansible.windows.win_service_info:
name: fluent-bit
register: service_info
- debug: msg="{{ service_info }}"
- name: Get info for a fluent-bit service
ansible.windows.win_service_info:
name: logging
register: service_exists
- debug: msg="{{ service_exists }}"
- name: Send message if service exists
debug:
msg: "Service is installed"
when: service_exists.state is not defined or service_exists.name is not defined
- name: Send message if service exists
debug:
msg: "Service is NOT installed"
when: service_exists.state is not running
I just don’t get it how I could parse output so that I could skip task when fluent-bit -service exists = True like here:
TASK [debug] *****************************************************************************************
ok: [win-server-1] => {
"msg": {
"can_pause_and_continue": false,
"changed": false,
"depended_by": [],
"dependencies": [],
"description": "",
"desktop_interact": false,
"display_name": "fluent-bit",
**"exists": true,**
"failed": false,
"name": "fluent-bit",
"path": "C:\\fluent-bit\\bin\\fluent-bit.exe -c C:\\fluent-bit\\conf\\fluent-bit.conf",
"start_mode": "manual",
"state": "stopped",
"username": "LocalSystem"
}
}
Cheers :)
So, got it working as I wanted with service_info.exists != True, now it will skip the task if service is already present.
I try to set a wallpaper on Debian Systems with ansible on xfce4 desktops. For this I looked up the official documentation: https://docs.ansible.com/ansible/latest/collections/community/general/xfconf_module.html
My Task:
- name: set wallpaper
become_user: odin
xfconf:
channel: "xfce4-desktop"
property: "/backdrop/screen0/{{item}}/image-path"
value_type: "string"
value: ['/usr/share/backgrounds/xfce/802192.jpg']
loop:
- monitor0
- monitor1
- monitorDP-1
- monitoreDP-1
I receive the following error:
XFConfException: xfconf-query failed with error (rc=1): Failed to init libxfconf: Error spawning command line “dbus-launch --autolaunch=2e66f568a1c34fda92dcec58e724b679 --binary-syntax --close-stderr”: Child process exited with code 1.
failed: [localhost] (item=monitoreDP-1) => {
"ansible_loop_var": "item",
"changed": false,
"invocation": {
"module_args": {
"channel": "xfce4-desktop",
"force_array": false,
"property": "/backdrop/screen0/monitoreDP-1/image-path",
"state": "present",
"value": [
"/usr/share/backgrounds/xfce/802192.jpg"
],
"value_type": [
"string"
]
}
},
"item": "monitoreDP-1",
"msg": "Module failed with exception: xfconf-query failed with error (rc=1): Failed to init libxfconf: Error spawning command line “dbus-launch --autolaunch=2e66f568a1c34fda92dcec58e724b679 --binary-syntax --close-stderr”: Child process exited with code 1.",
"output": {
"ansible_facts": {
"xfconf": {}
},
"cmd_args": [
"/usr/bin/xfconf-query",
"--channel",
"xfce4-desktop",
"--property",
"/backdrop/screen0/monitoreDP-1/image-path"
],
"force_lang": "C",
"rc": 1,
"stderr": "Failed to init libxfconf: Error spawning command line “dbus-launch --autolaunch=2e66f568a1c34fda92dcec58e724b679 --binary-syntax --close-stderr”: Child process exited with code 1.\n",
"stdout": ""
},
"vars": {
"cmd_args": [
"/usr/bin/xfconf-query",
"--channel",
"xfce4-desktop",
"--property",
"/backdrop/screen0/monitoreDP-1/image-path"
]
}
}
I thought about copying the xml config for xfce4-desktop on to every machine, but not every machine has the same screen "monitor" property.
Got it to work. Seems like running the task as root was doing the trick.
The xfce modification works as root for me as well with the following approach:
- name: Copy wallpaper file
copy:
src: files/wallpaper.jpg
dest: /usr/share/backgrounds/xfce/debian-wallpaper.jpg
owner: root
group: root
when: ansible_distribution == "Debian"
- name: Change wallpaper
become: true
xfconf:
channel: xfce4-desktop
property: /backdrop/screen0/monitoreDP-1/workspace0/last-image
value: ["/usr/share/backgrounds/xfce/debian-wallpaper.jpg"]
value_type: string
when: ansible_distribution == "Debian"
This will configure the xfce files in /root/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml though.
I was not able to do it for another user USERNAME, besides with this workaround:
- name: Copy xfce4 desktop xml files from root to user
copy:
src: /root/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
dest: /home/USERNAME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
owner: USERNAME
group: USERNAME
force: yes
when: ansible_distribution == "Debian"
If anybody know how to use xfconf module in a better way to overcome this workaround, please let me know.
I have a json as follows:
{
"bootstrap": true,
"server": true,
"datacenter": "aws",
"data_dir": "/var/consul",
"log_level": "INFO",
"enable_syslog": true
}
This is on 3 servers which are in ansible inventory file as
[consul]
10.0.0.1
10.0.0.2
10.0.0.3
Now to make the nodes join the cluster i will have to actually add the following config line as well
"start_join": ["ip_of_other_node_1", "ip_of_other_node_2"]
and this will go on each of the 3 servers
So basically it means if 10.0.0.1 is one of those nodes in cluster, it's config will look like
{
"bootstrap": true,
"server": true,
"datacenter": "aws",
"data_dir": "/var/consul",
"log_level": "INFO",
"enable_syslog": true,
"start_join": ["10.0.0.2","10.0.0.3"]
}
I am trying to this via ansible as follows:
- name: Add the ip's of other servers to join cluster
lineinfile:
path: /etc/consul.d/server/config.json
regexp: '^"enable_syslog"'
insertafter: '^"enable_syslog"'
line: '"start_join": ["{{ groups['consul'][1] }}", "{{ groups['consul'][2] }}"]'
when: inventory_hostname == '{{ groups['consul'][0] }}'
Which is not really helping me out saying syntax error at line: , i am not sure what is the best way to achieve something like this via ansible and also what how to tackle the case when i increase the servers in inventory.
You can use the Template module to replace the config file on your servers, instead of changing it in place with the regex. This way you can add a task to generate a new config file with the start_join field containing the elements of your hosts file (or any other and more complex configuration) using regular jinja2 templates.
I´m trying to build my project in Gitlab but I´m getting an 404 error when the composition.yml tries to get the keycloak-theme.jar.
If I call the url from the browser I can download this keycloak-theme.jar but for some reason the ubuntu image in the Gitlab Runner does not see the file.
Could be a problem with the Gitlab Runner? Because other projects which use the same ansible-manager worked months ago and now are retrieving the same error during the building and I haven't changed any line of code since months.
Error:
TASK [Download custom keycloak theme]
****************************************** fatal: [127.0.0.1]: FAILED! => {"changed": false, "dest": "influx/docker/config/keycloak", "gid": 0, "group": "root", "mode": "0755", "msg": "Request failed", "owner":
"root", "response": "HTTP Error 404: Not Found", "size": 4096,
"state": "directory", "status_code": 404, "uid": 0, "url":
"https://gitlab.com/team-influx/keycloak-themes/default-theme/-/jobs/artifacts/1.1/raw/keycloak-theme.jar?job=keycloak_theme_build"} to retry, use: --limit
#/builds/team-influx/project/Test/test/ansible-influx-manager/ci/influx_ci_release_playbook.retry
composition.yml
---
release:
title: 'test'
version: '0.1.0'
influx:
version: '1.3.1'
apps:
- name: 'schema'
version: 'master'
- name: 'bpmn-instances-manager'
version: 'master'
- name: 'bpmn-definitions-datastore'
version: 'master'
- name: 'bpmn-editor-bpmnjs'
version: 'master'
- name: 'bpmn-instances-datastore'
version: 'master'
- name: 'bpmn-definitions-manager'
version: 'master'
- name: 'bpmn-repository'
version: 'master'
project:
customer: 'Test/test'
apps:
- name: 'test'
version: 'master'
keycloak_theme:
name: 'default-theme'
version: '1.1'
.gitlab-ci.yml
image: ubuntu:latest
variables:
RELEASE_TITLE: 'test'
RELEASE_VERSION: '0.1.0'
AIM_REPO_URL: 'gitlab.com/team-influx/ansible-influx-manager.git'
before_script:
# install ansible
- apt-get update && apt-get install -y -qq software-properties-common git
- apt-add-repository ppa:ansible/ansible
- apt-get update && apt-get install -y -qq ansible
build_kam_release:
script:
- rm -rf ../ansible-influx-manager
- 'git clone https://gitlab-ci-token:${CI_JOB_TOKEN}#${AIM_REPO_URL} ../ansible-influx-manager'
- mv * ../ansible-influx-manager/release
- ansible-playbook ../ansible-influx-manager/ci/influx_ci_release_playbook.yml
- mv ../influx .
artifacts:
name: '${RELEASE_TITLE}-${RELEASE_VERSION}'
paths:
- 'influx'
when: manual
keycloak_custom_theme.yml
---
- name: 'Download custom keycloak theme'
get_url:
url: '{{ gitlab_kc_themes_prefix }}{{ keycloak_theme.name }}/-/jobs/artifacts/{{ keycloak_theme.version }}{{ gitlab_kc_themes_suffix }}'
dest: '{{ influx_home_dir }}/docker/config/keycloak'
headers: 'PRIVATE-TOKEN: {{ gitlab_access_token }}'
The GitLab access token was expired.
To set a new one it's necessary to generate a new one here Profile>Settings>Access Tokens