So I have an Ansible playbook and I'm trying to call a command for each item in a list, but also run that command over a fileglob. There is a "with_nested" in Ansible, and it can take variable names, but if I add a "with_fileglob," it just inserts "with_fileglob" as the filename instead of actually doing a glob.
vars:
repo_versions:
- version: trusty
distribution: Ubuntu
- version: wheezy
distribution: Debian
...
- command: reprepro -b /var/www/html includedeb {{ item[0].version }} {{ item[1] }}
with_nested:
- repo_versions
with_fileglob: /home/repoman/debs/*.deb
when: debs_available.stat.exists == True
I've tried a couple of different combinations and I can't seem to get it to process the command in a double for loop (for each .version, for each .deb file)
This should be what you are trying to accomplish.
I used the shell module to register the output of the fileglob, and then the stdout_lines property of the registerd variable in the loop. I have converted the task from my test to your actual commands and paths, so you might need to double check:
vars:
repo_versions:
- version: trusty
distribution: Ubuntu
- version: wheezy
distribution: Debian
tasks:
- shell: ls -1 /home/repoman/debs/*.deb
register: repo_list
- command: reprepro -b /var/www/html includedeb {{ item[0].version }} {{ item[1] }}
with_nested:
- repo_versions
- repo_list.stdout_lines
Related
I am using following ansible tasks for triggering certain a task based on user's choice.
This is working:
tasks:
- name: Run python script for generating Repos Report
command: python GetRepos.py -o {{ org }} -p {{ pat }}
register: result
- debug: msg="{{result.stdout}}"
when: choice == "Repos"
- name: Run python script for generating projects Report
command: python Getprojects.py -o {{ org }} -p {{ pat }}
register: result
- debug: msg="{{result.stdout}}"
when: choice == "projects"
But I want to use a shell script with if else statement to run this in one task as below:
tasks:
- name: run python script
shell: |
if [choice == "repos"]
then
cmd: python GetRepos.py -o {{ org }} -p {{ pat }}
elif [choice == "projects"]
then
cmd: python Getprojects.py -o {{ org }} -p {{ pat }}
fi
register: cmd_output
- debug: msg="{{cmd_output.stdout}}"
But this does not execute the task; it just ends without error.
Is this the right syntax for shell?
How can I achieve these 2 separate working tasks in just one task using the shell module?
The cmd: in a shell script will try to run cmd: as a command, which you don't want.
Also, the if statement conditions need spaces on either side - otherwise, it would try to run [choice as a command, which you also don't want.
Also prefer to use single equals instead of double equals, to make it more portable (the remote hosts could have various different shells!).
The other issue is that choice as used inside the shell script is just a literal string. You need to add the braces {{ }} to interpolate the value, as done elsewhere in the playbook.
Taking into consideration the above, the following should work for you:
tasks:
- name: run python script
shell: |
if [ "{{ choice }}" = "repos" ]
then
python GetRepos.py -o "{{ org }}" -p "{{ pat }}"
elif [ "{{ choice }}" = "projects" ]
then
python Getprojects.py -o "{{ org }}" -p "{{ pat }}"
fi
register: cmd_output
- debug:
msg: "{{ cmd_output.stdout }}"
Is there any command in Ansible to collect the hostnames of hosts with OS Debain?
The file hosts contains no groups!
So a simple command to see the hostnames of hosts containing Debain.
The setup module, which is implicitly called in any playbook via the gather_facts mechanism, contains some output that you could use.
Look for example for the ansible_distribution fact, which should contain Debian on the hosts you are looking for.
If all you want is that list once, you could invoke the module directly, using the ansible command and grep:
ansible all -m setup -a 'filter=ansible_distribution' | grep Debian
If you want to use that information dynamically in a playbook, you could use this pattern:
---
- hosts: all
tasks:
- name: Do something on Debian
debug:
msg: I'm a Debian host
when: ansible_distribution == 'Debian'
I would add that if you want to target distribution and minimum version (often the case), you could do that with a dictionary. I often use this snippet:
---
- hosts: localhost
vars:
minimum_required_version:
CentOS: 7
Debian: 11
Fedora: 31
RHEL7: 7
Ubuntu: 21.10
- name: set boolean fact has_minimum_required_version
set_fact:
has_minimum_required_version: "{{ ansible_distribution_version is version(minimum_required_version[ansible_distribution], '>=') | bool }}"
tasks:
- name: run task when host has minimum version required
debug:
msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} >= {{ minimum_required_version[ansible_distribution] }}"
when: has_minimum_required_version
You could also dynamically include a playbook fragment that targets specific distributions or versions like so:
- name: Include task list in play for specific distros
include_tasks: "{{ ansible_distribution }}.yaml"
Which assumes you'd have Debian.yaml, Ubuntu.yaml, etc. defined for each distro you want to support.
I know about Ansible's environment: command at the top of playbook, but I don't think that will work for me seeing how I don't know the variables value prior to the execution of the playbook. I'm trying to retrieve package versions and PHP Modules and log them to a file. I want to use regex to capture the version and store it to an environment variable. Then I want to write that variable equals that variable's value to an environment file with a shell command. I also want to pull an array from the environment and loop through that. Ansible doesn't seem to persist the shell environment and the environment variable gets wiped out between commands. This is simple in Bash. Is this possible in Ansible? I'm trying:
---
- hosts: all
become: yes
vars:
site_variables:
code_directory: /home/
dependency_versions:
WGET_VERSION: placeholder
PHP_MODULES: placeholder
tasks:
- name: Retrieve Environment
shell: export WGET_VERSION=$(wget --version | grep -o 'Wget [0-9]*.[0-9]*\+')
shell: export PHP_MODULES=$(php -m)
shell: echo "export {{ item }}={{ lookup('env', item ) }}" >> {{ site_variables.code_directory }}/.env.log
with_items:
- WGET_VERSION
- name: Write PHP Modules Out
shell: export PHP_MODULES=$(php -m)
shell: export PHP_MODULES=$(echo {{ lookup('env', 'PHP_MODULES') }} | sed 's/\[PHP Modules\]//g')
shell: export PHP_MODULES=$(echo {{ lookup('env', 'PHP_MODULES') }} | sed 's/\[Zend Modules\]//g')
shell: export PHP_MODULES=({{ lookup('env', 'PHP_MODULES') }})
shell: echo "# - {{ item.0 }}" >> {{ site_variables.code_directory }}/.env.log
with_items:
- "{{ lookup('env', 'PHP_MODULES') }}"
There's a lot going on here.
First, lookup always runs on the ansible control host, while the script that you pass to the shell module is running on the remote server. So you will never be able to get a remote environment variable using lookup.
For details: https://docs.ansible.com/ansible/playbooks_lookups.html
Secondly, environment variables don't propagate from a child to parent. If you have a script that does this...
export MYVARIABLE=foo
...and you run that script, your current environment will not suddenly have a variable named MYVARIABLE. This is just as true for processes spawned by Ansible as it is for processes spawned by your shell.
If you want to set an ansible variable, consider using the register keyword to get the value:
- hosts: localhost
gather_facts: false
tasks:
- name: get wget version
command: wget --version
register: wget_version_raw
- name: extract wget version
set_fact:
wget_version: "{{ wget_version_raw.stdout_lines[0].split()[2] }}"
- name: show wget version
debug:
msg: "wget version is: {{ wget_version }}"
Is there with_fileglob that works remotely in ansible?
Mainly I do want to use something similar with the with_fileglob but that will glob the files on the remote/target machine, not on the one that is running ansible.
Use find module to filter the files and then process the resulting list:
- name: Get files on remote machine
find:
paths: /path/on/remote
register: my_find
- debug:
var: item.path
with_items: "{{ my_find.files }}"
All of the with_* looping mechanisms are local lookups unfortunately so there's no really clean way to do this in Ansible. Remote operations by design must be enclosed in tasks as it would need to deal with connections and inventory etc.
What you can do is generate your fileglob by shelling out to the host and then registering the output and looping over the stdout_lines part of the output.
So a trivial example may be something like this:
- name : get files in /path/
shell : ls /path/*
register: path_files
- name: fetch these back to the local Ansible host for backup purposes
fetch:
src : /path/"{{item}}"
dest: /path/to/backups/
with_items: "{{ path_files.stdout_lines }}"
This would connect to the remote host (e.g., host.example.com), get all the file names under /path/ and then copy them back to the Ansible host to the path: /path/host.example.com/.
Using ls /path/* didn't work for me, so here's an example that uses find and some simple regex to delete all nginx managed virtual hosts:
- name: get all managed vhosts
shell: find /etc/nginx/sites-enabled/ -type f -name \*-managed.conf
register: nginx_managed_virtual_hosts
- name: delete all managed nginx virtual hosts
file:
path: "{{ item }}"
state: absent
with_items: "{{ nginx_managed_virtual_hosts.stdout_lines }}"
You could use it to find all files with a specific extension or any other mix. For instance to simply get all files in a directory: find /etc/nginx/sites-enabled/ -type f.
Here's a way to do it so that you can loop through all found. In my example, i had to look for all instances of pip to wipe out awscli in preparation to install awscli v2.0. I've done similar with lineinfile to strip out vars in /etc/skel dotfiles
- name: search for pip
find:
paths: [ /usr/local/bin, /usr/bin ]
file_type: any
pattern: pip*
register: foundpip
- name: Parse out pip paths (say that 3 times fast)
set_fact:
pips: "{{ foundpip | json_query('files[*].path') }}"
- name: List all the found versions of pip
debug:
msg: "{{ pips }}"
#upgrading pip often leaves broken symlinks or older wrappers behind which doesn't affect pip but breaks playbooks so ignore!
- name: remove awscli with found versions of pip
pip:
name: awscli
state: absent
executable: "{{ item }}"
loop: "{{ pips }}"
ignore_errors: yes
I am using ansible to deploy my django App
using
- name: Upgrade the virtualenv.
pip: requirements={{project_root}}/www/requirements.txt virtualenv={{project_root}}/www/virtualenv
But i only want to run that if requirements.txt changed since last run
We need to determine if any of the requirement files have changed. The steps are as follows:
Touch the temp requirement files. (If they didn't exist, the md5 will be different for the new blank file)
Calculate the md5 hash of the previous requirement files
Caclulate the md5 hash of the current requirement files (the ones just pulled down from GIT)
Iterate through the results of these stat commands in-step, comparing the md5 hash, register the output of the comparison
Only if ANY of the results in #4 changed will we install the pip packages
Copy the current requirement files to the tmp location.
Here's my playbook, {{virtualenv.requirements}} is a list of requirement files, eg: ['/work/project/requirements.txt', '/work/project/requirements-prod.txt']:
- name: Assures temp requirements directory exists
file: path="/tmp{{ virtualenv.path }}" state=directory
sudo: yes
when: install_pip_packages
- name: Assures temp requirements files exists
file: path="/tmp{{ item }}" state=touch
sudo: yes
with_items: virtualenv.requirements_files
when: install_pip_packages
- name: Calculate md5 of temp requirements
stat: path="/tmp{{ item }}"
with_items: virtualenv.requirements_files
register: temp_requirements_stat
when: install_pip_packages
- name: Calculate md5 of current requirements
stat: path="{{ item }}"
with_items: virtualenv.requirements_files
register: current_requirements_stat
when: install_pip_packages
- name: Check requirement files for changes
command: test {{ temp_requirements_stat.results[item.0].stat.md5 }} = {{ current_requirements_stat.results[item.0].stat.md5 }}
changed_when: "requirements_check.rc != 0"
failed_when: requirements_check.stderr
with_indexed_items: virtualenv.requirements_files
register: requirements_check
when: install_pip_packages
- name: Install packages required by the Django app inside virtualenv
pip: virtualenv={{ virtualenv.path }} extra_args='-U' requirements="{{ virtualenv.requirements_files | join(' -r ') }}"
when: install_pip_packages and requirements_check.changed
- name: Copy requirements to /tmp
command: cp "{{ item }}" "/tmp{{ item }}"
sudo: yes
with_items: virtualenv.requirements_files
when: install_pip_packages
Here are two options:
put your requirements.txt under Ansible control and use 'copy' or 'template' module, then invoke 'pip' module with 'notify:' statement
second way is more complex:
retrieve md5 sum of requirements.txt on each Ansible run and compare it with saved md5 somewhere on the server ('stat' module could be used)
retrieve pre-saved md5 sum of requirements.txt
if current md5 is not equal to presaved, then invoke pip task ('when:' statement)
save new md5 somewhere on the server for next Ansible run
I use this pretty short workaround for git repository.
- name: get requirements changes since last pull
shell: "cd {{ project_root }}; git log --name-status --oneline origin/master
{{ git_result.before }}..{{ git_result.after }} | grep requirements.txt"
register: pip_check
failed_when: false
- name: update pip requirements
pip: requirements={{ project_root }}/requirements.txt
virtualenv=~/.virtualenvs/www/
when: pip_check.stdout_lines
It's not universal and not cross-platform recipe, but works well for many situations.