I'm using Ansible to deploy (Git clone, run the install script) a framework to a server. The install step means running the install.sh script like this:
- name: Install Foo Framework
shell: ./install.sh
args:
chdir: ~/foo
How can I determine whether I have executed this step in a previous run of Ansible? I want to add a when condition to this step that only executes if the install.sh script hasn't been run previously.
The install.sh script does a couple of things (replacing some files in the user's home directory), but it's not obvious whether the script was run before from just taking a look at the files. The ~/foo.sh file might have existed before, it's not clear whether it was replaced by the install script or was there before.
Is there a way in Ansible to store a value on the server that let's me determine whether this particular task has been executed before? Or should I just create a marker file in the user's home directory (e.g. ~/foo-installed) that I check in later invocations of the playbook?
I suggest to use the script module instead. This module has a creates parameter:
a filename, when it already exists, this step will not be run. (added in Ansible 1.5)
So your script then could simply touch a file which would prevent execution of the script in subsequent calls.
Here's how I solved it in the end. The pointer to using the creates option helped:
- name: Install Foo Framework
shell: ./install.sh && touch ~/foo_installed
args:
chdir: ~/foo
creates: ~/foo_installed
Using this approach, the ~/foo_installed file is only created when the install script finished without an error.
Related
What is the difference between raw, shell and command in the ansible playbook? And when to use which?
command: executes a remote command on the target host, in the same shell of other playbook's tasks.
It can be used for launch scripts (.sh) or for execute simple commands. For example:
- name: Cat a file
command: cat somefile.txt
- name: Execute a script
command: somescript.sh param1 param2
shell: executes a remote command on the target host, opening a new shell (/bin/sh).
It can be used if you want to execute more complex commands, for example, commands concatenated with pipes. For example:
- name: Look for something in a file
shell: cat somefile.txt | grep something
raw: executes low-level commands where the interpreter is missing on the target host, a common use case is for installing python. This module should not be used in all other cases (where command and shell are suggested)
Since I were I stumbling about the same question, I wanted to share my findings here too.
The command and shell module, as well gather_facts (annot.: setup.py) depend on a properly installed Python interpreter on the Remote Node(s). If that requirement isn't fulfilled one may experience errors were it isn't possible to execute
python <ansiblePython.py>
In a Debian 10 (Buster) minimal installation i.e., python3 was installed but the symlink to python missing.
To initialize the system correctly before applying all other roles, I've used an approach with the raw module
ansible/initSrv/main.yml
- hosts: "{{ target_hosts }}"
gather_facts: no # is necessary because setup.py depends on Python too
pre_tasks:
- name: "Make sure remote system is initialized correctly"
raw: 'ln -s /usr/bin/python3 /usr/bin/python'
register: set_symlink
failed_when: set_symlink.rc != 0 and set_symlink.rc != 1
which is doing something like
/bin/sh -c 'ln -s /usr/bin/python3 /usr/bin/python'
on the remote system.
Further Documentation
raw module – Executes a low-down and dirty command
A common case is installing python on a system without python installed by default.
... but not only restricted to that
Playbook Keyword - pre_tasks
A list of tasks to execute before roles.
Set the order of task execution in Ansible
I am using ansible 1.9 and want to run two commands. I have tried several variations:
- name: npm build
command: npm run build
args:
chdir: "{{ app_dir }}"
- name: clean up
shell: sed_index.sh
args:
chdir: "{{ app_dir }}"
On running I get the following error:
"stderr": "/bin/sh: 1: npm: not found"
However
npm run build
works fine when I log in to the server and run it in the app_dir.
I also tried:
- name: npm install and clean
command: "{{ item }} chdir={{ app_dir }}"
with_items:
- npm run build
- sed_index.sh
Again I get a npm not found error.
If I comment out the npm run build command I get an error when running the sed_index script on the 'cd dist' command below, saying 'dist' not found.
sed_index.sh
#!/usr/bin/env bash
cd dist
sed -i 's|=static/css/font-awesome.min.css rel=stylesheet>|=/app/static/css/font-awesome.min.css rel=stylesheet>|g' index.html
Any ideas?
The npm executable is probably not in a standard location like /usr/bin/npm. Probably /usr/local/bin/npm, but it's up to you to find where it's installed and use the fully qualified path. From a login that can run the npm command, execute 'which npm'. The output will be what you want to use instead of just npm.
FYI - When I'm doing a one-off or other small task that I don't want to take the time to write a playbook for, if it's not an easy one liner in Ansible I write a small script to execute via the script module. One of the first commands in those scripts is to set the PATH if I know some of the commands are in non-standard locations.
Use full path to the npm executable. Ansible runs commands in non-interactive shell session and your environment set in rc files is not read.
Regarding the second problem: if you get a "'dist' not found" error, it means either dist directory does not exist, or you call it from a wrong directory. It's impossible to tell given the information you provided.
#techraf answer should help you to solve this issue.
For some reason if you look for an alternate way, give a try like below with ansible command:
ansible -m shell -a "/bin/bash -c 'cd {{app_dir}} && npm run build && ./sed_index.sh'" -e "app_dir=/path/to/app_dir" <host/group name>
You should be able to convert it back to your playbook once you get it running.
I'm setting up an Ansible role to install Ahsay Offsite Backup Server.
After downloading and extracting the compressed file containing the software, I need to run the install script. I've determined that it's a step early in the script where it checks that your current user has appropriate permissions which is failing to run.
When I run the playbook, the final task never finishes.
The role
- name: Check if OBS install files have already been downloaded
stat:
path: /tmp/obs/version.txt
register: stat_result
- name: Ensures /tmp/obs exists
file: path=/tmp/obs state=directory
- name: Download and extract OBS install files
unarchive:
src: https://ahsay-dn.ahsay.com/v6/obsr/62900/obsr-nix.tar.gz
dest: /tmp/obs
remote_src: true
validate_certs: no
when: stat_result.stat.exists == false
- name: Install OBS
command: bash -lc "/tmp/obs/bin/install.sh > /tmp/install_output.log"
The playbook configuration is for all tasks to become sudo.
If I run the command in a shell on the remote host, it executes successfully.
I've hit similar issues before where commands fail because (in the case of rvm) it requires the bash_profile to load and pull in a bunch of environment variables first. The fix for that was as I've done above, to wrap the command in bash -lc "...", but that hasn't helped this time.
I'd love any suggestions of how I could continue troubleshooting this one.
you are checking for file presence before ensuring the folder.
some applications require tty, and when not on it they ask some stupid question
to really debug while the command is "stuck" connect to the offending machine, and try analyzing what does the script do: look in its /proc/${PID} folder (if you're on linux), maybe connect to it via strace -p ${PID} and maybe dup its stderr to see maybe it prints something that makes sense to you.
Also, you don't really have to run command, you can use shell module, and specify its args to make sure the command runs from specific folder, like so:
- name: Install OBS
shell: |
./bin/install.sh \
1> /tmp/install.output.log \
2> /tmp/install.error.log
args:
executable: /bin/bash
chdir: /tmp/obs
I'm asking myself why Ansible doesn't source ~/.profile file before execute template module on one host ?
Distant host ~/.profile:
export ENV_VAR=/usr/users/toto
A single Ansible task:
- template: src=file1.template dest={{ ansible_env.ENV_VAR }}/file1
Ansible fail with:
fatal: [distant-host] => One or more undefined variables: 'dict object' has no attribute 'ENV_VAR'
Ansible is not running remote tasks (command, shell, ...) in an interactive nor login shell. It's same like when you execute command remotely via 'ssh user#host "which python"'
To source ~/.bashrc won't work often because ansible shell is not interactive and ~/.bashrc implementation by default ignores non interactive shell (check its beginning).
The best solution for executing commands as user after its ssh interactive login I found is:
- hosts: all
tasks:
- name: source user profile file
#become: yes
#become_user: my_user # in case you want to become different user (make sure acl package is installed)
shell: bash -ilc 'which python' # example command which prints
register: which_python
- debug:
var: which_python
bash: '-i' means interactive shell, so .bashrc won't be ignored
'-l' means login shell which sources full user profile (/etc/profile and ~/.bash_profile, or ~/.profile - see bash manual page for more details)
Explanation of my example: my ~/.bashrc sets specific python from anaconda installed under that user.
Ansible is not running tasks in an interactive shell on the remote host. Michael DeHaan has answered this question on github some time ago:
The uber-basic description is ansible isn't really doing things through the shell, it's transferring modules and executing scripts that it transfers, not using a login shell.
i.e. Why does an SSH remote command get fewer environment variables then when run manually?
It's not a continous shell environment basically, nor is it logging in and typing commands and things.
You should see the same result (undefined variable) by running this:
ssh <host> echo $ENV_VAR
In a lot of places I've used below structure:
- name: Task Name
shell: ". /path/to/profile;command"
when ansible escalates the privilige to sudo it don't invoke the login shell of sudo user
we need to make changes in the way we call sudo like invoking it with -i and -H flags
"sudo_flags=-H" in your ansible.cfg file
If you can run as root, you can use runuser.
- shell: runuser -l '{{ install_user }}' -c "{{ cmd }}"
This effectively runs the command as install_user in a fresh login shell, as if you had used su - *install_user* (which loads the profile, though it might be .bash_profile and not .profile...) and then executed *cmd*.
I'd try not to run everything as root just so you can run it as someone else, though...
If you can modify the configuration of your target host and don't want to change your ansible yaml code. You can try this:
add the variable ENV_VAR=/usr/users/toto into /etc/environment file rather than ~/.profile.
shell: "bash -l scala -version"
by using bash -l will allow ansible to load corresponding bash_profile.
bash: '-i' (interactive shell) won't allow the ansible to run other task.
add the variable ENV_VAR=/usr/users/toto into /etc/environment file rather than ~/.profile.
You really can use /etc/environment, but only if a variable has a static value. If we use variable which gets the value of another variable it doesn't work. For example, if we put this line to /etc/environment
XDG_RUNTIME_DIR=/run/user/$(id -u)
Ansible can see exactly XDG_RUNTIME_DIR=/run/user/$(id -u), not XDG_RUNTIME_DIR=/run/user/1012.
And if we put this line to ~/.bash_profile or ~/.bashrc:
export XDG_RUNTIME_DIR=/run/user/$(id -u)
User can see XDG_RUNTIME_DIR=/run/user/1012 (if user's id is 1012) when he works manually, but Ansible doesn't get variable XDG_RUNTIME_DIR at all.
I have a tomcat.sh with its intended purpose to restart (stop and start) the tomcat after it has been deployed onto the remote host.
I noticed that the Shell and Command modules is not executing the .sh file. However, I am able to execute the .sh file manually on the remote host as the the remote user.
The Playbook tasks are listed below:
Shell
- name: ensures tomcat is restarted
shell:
"nohup {{tomcat_dir}}/apache-tomcat-{{tomcat_version}}/tomcat.sh &"
Command
- name: ensures tomcat is restarted test-test
command: ./tomcat.sh
args:
chdir: "{{tomcat_dir}}/apache-tomcat-{{tomcat_version}}"
I was having the same problem. I have my simple script that is supposed to start a java program. shell and command module work very erratically. That is sometimes the java program is started successfully, and sometimes nothing happens. Even though ansible rc status shows as 0 (which is successful exit code ). I even put a echo "Hello" >> output.log as the first line in my script, to check if the script is actually picked for running. But, even that does not get printed.But, no errors whatsoever is printed and ansible module exit status (rc) is 0.Also, be sure to look at the stderr too. Sometimes, even though rc could be 0, but there might be some info in stderr
After lots of hair tearing, I could manage to fix my issue. I was running the java program as "sudo".I removed the sudo out of my script, and put it within playbook as the "become" directive - http://docs.ansible.com/ansible/become.html . This directive is available from ansible 2.0 onwards only, so I had to upgrade my ansible from 1.5 to 2.0. My playbook finally looked like this
- name: Execute run.sh
become: true
script: /home/vagrant/deploy/target/scripts/run.sh
The script looks like this:
nohup java -Djava.net.preferIPv4Stack=true -Xms1048m -Xmx1048m -cp /x/y/z/1.jar com.github.binitabharati.x.Main >> output.log 2>&1 &
Also, notice that I have not used the command or shell module, instead I used script module.
Does the value of {{tomcat_dir}} start with a "/"? If not then it will try to execute the command using the specified path relative to the home dir of whichever user ansible using to ssh in to the remote host.
incidentally, If you installed via package manager, this might be easier?
- name: restart tomcat
become: yes
become_user: sudo
service: name=tomcat state=restarted
More detail on the "service" module here
Of course, the service name may be different, like tomcat6 or tomcat7 or whatever, but you get the gist, I hope.
Lastly, if you installed tomcat via ansible using a role from galaxy or github, your role may have handlers that you could copy to get this done.