Develop Reference

Iterate over nested loops

I am trying to iterate over level3 variable in Ansible. I've prepared a playbook like this:
---
- hosts: localhost
gather_facts: no
connection: local
vars:
level1:
- abc
- def
level2:
- { name: "app1", level3: ["aaaa","bbbb"]}
- { name: "app2", level3: ["eeeee"]}
tasks:
- name: test
debug: msg="{{ item.0 }} {{ item.1.name }} {{ item.2 }}"
with_nested:
- "{{ level1 }}"
- "{{ level2 }}"
- "{{ level2.level3 }}"
But I get error:
PLAY [localhost] ***************************************************************************************************************************************************
TASK [test] ********************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "'list object' has no attribute 'level3'"}
PLAY RECAP *********************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
What is bad with my config? I want to have on output each element.

level2.level3 does not exist. level2 is a list so e.g. level2.0.level3 exists.
I'm not entirely sure from your question but I think what you are looking for is:
- debug:
msg: "{{ item.0 }} {{ item.1.0.name }} {{ item.1.1 }}"
loop: "{{ level1 | product(level2 | subelements('level3')) }}"
You can keep the older with_ syntax using the nested lookup if you wish. The produced result is a bit different so you have to adapt to the datastructure:
- debug:
msg: "{{ item.0 }} {{ item.1.name }} {{ item.2 }}"
with_nested:
- "{{ level1 }}"
- "{{ level2 | subelements('level3') }}"
which can eventually be written back to a loop: syntax as follow:
- debug:
msg: "{{ item.0 }} {{ item.1.name }} {{ item.2 }}"
loop: "{{ q('nested', level1, level2 | subelements('level3')) }}"
All examples give the same result (delta the spitted item for each iteration, example output with first proposition)
PLAY [localhost] *****************************************************************************************************************************************
TASK [debug] *********************************************************************************************************************************************
ok: [localhost] => (item=['abc', [{'name': 'app1', 'level3': ['aaaa', 'bbbb']}, 'aaaa']]) => {
"msg": "abc app1 aaaa"
}
ok: [localhost] => (item=['abc', [{'name': 'app1', 'level3': ['aaaa', 'bbbb']}, 'bbbb']]) => {
"msg": "abc app1 bbbb"
}
ok: [localhost] => (item=['abc', [{'name': 'app2', 'level3': ['eeeee']}, 'eeeee']]) => {
"msg": "abc app2 eeeee"
}
ok: [localhost] => (item=['def', [{'name': 'app1', 'level3': ['aaaa', 'bbbb']}, 'aaaa']]) => {
"msg": "def app1 aaaa"
}
ok: [localhost] => (item=['def', [{'name': 'app1', 'level3': ['aaaa', 'bbbb']}, 'bbbb']]) => {
"msg": "def app1 bbbb"
}
ok: [localhost] => (item=['def', [{'name': 'app2', 'level3': ['eeeee']}, 'eeeee']]) => {
"msg": "def app2 eeeee"
}
PLAY RECAP ***********************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Ansible playbook get values from dict

I want to retrieve the id from a json dict based on a certain name. In this case I would like to get the ID from the "WebLogic" and store it into a variable to use the ID in a next task.
The playbook:
- name: Get Tags
uri:
url: "https://xx.xx-xx.xx{{ uat_env }}api/config/v1/autoTags"
method: GET
headers:
Content-Type: application/json; charset=utf-8
Authorization: xxx
return_content: yes
register: data
- name: Print returned json dictionary
debug:
var: data.json
- debug:
msg: "{{ data.json['values'] | json_query(query) }}"
vars:
name: 'WebLogic'
query: "[?name=='{{ name }}'].id"
- name: TEST
set_fact:
test: "{{ data.json['values'] | json_query([?name=='WebLogic'].id) }}"
Test run:
PLAY [TEST] ********************************************************************
TASK [Get all UAT autoTags] ****************************************************
ok: [localhost]
TASK [Print returned json dictionary] ******************************************
ok: [localhost] => {
"data.json": {
"values": [
{
"id": "5c3849a4-a044-4a98-a67a-c1ea42d652ca",
"name": "Apache"
},
{
"id": "b37511f4-d4e8-4c77-a628-841dba5c65d8",
"name": "WebLogic"
}
]
}
}
TASK [debug] *******************************************************************
ok: [localhost] => {
"msg": [
"b37511f4-d4e8-4c77-a628-841dba5c65d8"
]
}
TASK [TEST] ********************************************************************
fatal: [localhost]: FAILED! => {"msg": "template error while templating string: unexpected char '?' at 37. String: {{ data.json['values'] | json_query([?name=='WebLogic'].id) }}"}
PLAY RECAP *********************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The message returns empty.

the problem is at the data.json.values syntax, please replace with data.json["values"]
the two tasks to show the difference:
- debug:
msg: "{{ data.json.values | json_query(query) }}"
vars:
name: 'WebLogic'
query: "[?name=='{{ name }}'].id"
- debug:
msg: "{{ data.json['values'] | json_query(query) }}"
vars:
name: 'WebLogic'
query: "[?name=='{{ name }}'].id"
update:
To assign the value to a variable, below task should do it:
- set_fact:
my_var: "{{ data.json['values'] | json_query(query) }}"
vars:
name: 'WebLogic'
query: "[?name=='{{ name }}'].id"
- debug:
var: my_var

How to use proper loop in Ansible uri module

I'm using the Ansible uri module to trigger the pfSense API.
Now I want to create firewall rules in a task (code is truncated).
---
# tasks file for creating firewall rules
- name: "Create firewall rules"
uri:
url: "https://{{ pf_hostname }}/api/v1/firewall/rule"
method: "POST"
body: "{ \
\"client-id\": \"{{ pf_user }}\",
\"client-token\": \"{{ pf_password }}\",
\"type\": \"{{ pf_fw_type_01 }}\",
\"interface\": \"{{ pf_fw_interface_01 }}\",
}"
The vars file looks like this.
---
# vars file for creating firewall rules
# Authentication
pf_hostname: "pfsense.local"
pf_user: "admin"
pf_password: "pfsense"
# Rule 01
pf_fw_type_01: "pass"
pf_fw_interface_01: "wan"
How can I now repeat the task without unnecessary redundancy (e.g. with loop) for other rules?
I only come up with the following idea, but it doesn't seem ideal to me.
loop:
- "{{ item.client-id: {{ pf_user }}, item.type: {{ pf_fw_type_01 }} }}"
- "{{ item.client-id: {{ pf_user }}, item.type: {{ pf_fw_type_02 }} }}"

How about putting the rules as a dynamic parameter in the list?
For example, here's like.
vars.yml
---
# vars file for creating firewall rules
# Authentication
pf_hostname: "pfsense.local"
pf_user: "admin"
pf_password: "pfsense"
rules:
- num: 01
type: "pass"
pf_fw_interface: "wan"
- num: 02
type: "pass"
pf_fw_interface: "wan"
playbook
---
- hosts: localhost
gather_facts: false
vars_files:
- vars.yml
tasks:
- debug:
msg: |
{
"client-id": "{{ pf_user }}",
"client-token": "{{ pf_password }}",
"type": "{{ item.type }}",
"interface": "{{ item.pf_fw_interface }}"
}
loop: "{{ rules }}"
result
$ ansible-playbook main.yml
(snip)
PLAY [localhost] *********************************************************************************************************************************************************************
TASK [debug] *************************************************************************************************************************************************************************
ok: [localhost] => (item={'type': 'pass', 'pf_fw_interface': 'wan'}) => {
"msg": {
"client-id": "admin",
"client-token": "pfsense",
"interface": "wan",
"type": "pass"
}
}
ok: [localhost] => (item={'type': 'pass', 'pf_fw_interface': 'wan'}) => {
"msg": {
"client-id": "admin",
"client-token": "pfsense",
"interface": "wan",
"type": "pass"
}
}
(snip)

How to loop over inventory_hostname in Ansible

I'm trying to add all the hosts of the dynamic inventory to the group: reachable.
Here is my playbook.
$ cat collect_try.yaml
---
- hosts: "{{ env }}:&{{ zone }}"
become: true
tasks:
- add_host:
name: "{{ inventory_hostname }}"
group: reachable
- name: dynamicgroup
hosts: reachable
gather_facts: false
tasks:
- debug: msg="{{ inventory_hostname }} is reachable"
Here is my output:
TASK [Gathering Facts]
ok: [vm1.nodekite.com]
ok: [vm2.nodekite.com]
ok: [vm3.nodekite.com]
ok: [vm4.nodekite.com]
TASK [add_host]
changed: [vm1.nodekite.com] => {
"add_host": {
"groups": [
"reachable"
],
"host_name": "vm1.nodekite.com",
"host_vars": {
"group": "reachable"
}
},
"changed": true
}
PLAY [dynamicgroup]
META: ran handlers
TASK [debug]
ok: [vm1.nodekite.com] => {
"msg": "vm1.nodekite.com is reachable"
PLAY RECAP:
vm1.nodekite.com : ok=3 changed=1 unreachable=0 <=====
vm2.nodekite.com : ok=1 changed=0 unreachable=0
vm3.nodekite.com : ok=1 changed=0 unreachable=0
vm4.nodekite.com : ok=1 changed=0 unreachable=0
How to use loops to add all the hosts to the "group": "reachable". could someone please assist.

From add_host documentation notes:
This module bypasses the play host loop and only runs once for all the hosts in the play, if you need it to iterate use a with-loop construct.
In your specific case (i.e. dynamic host pattern in your play), you should be able to achieve your requirements using the inventory_hostnames lookup, e.g (not fully tested):
- name: Collect reachable hosts
hosts: localhost
gather_facts: false
tasks:
- name: Push hosts to "reachable" group
vars:
pattern: "{{ env }}:&{{ zone }}"
add_host:
name: "{{ item }}"
group: reachable
loop: "{{ query('inventory_hostnames', pattern) }}"

Multiple loops in ansible task

I'm trying to use vars to perform loops in ansible but I'm struggling to get them to work. The documentation talks about the loop attribute but as far as I can tell, this only works if you have one loop in a task.
Is it possible to use different loops in a task or must it be split into different tasks?
- name: "Configure ufw"
ufw:
policy: "{{ defaults.policy }}"
direction: "{{ defaults.direction }}"
rule: allow
src: "{{ rules }}"
logging: on
state: enabled
vars:
defaults:
- { direction: incoming, policy: deny }
- { direction: outgoing, policy: allow }
rules:
- 80/tcp
- 443/tcp
When I run the code I get the error
"msg": "The task includes an option with an undefined variable. The error was: 'list object' has no attribute 'direction'

What you need is with_nested. This:
---
- hosts: localhost
become: no
connection: local
vars:
defaults:
- { direction: incoming, policy: deny }
- { direction: outgoing, policy: allow }
rules:
- 80/tcp
- 443/tcp
tasks:
- name: Change connect file to bulk mode
debug:
msg: "{{ item.0.direction }}: {{ item.1 }}"
with_nested:
- "{{ defaults }}"
- "{{ rules }}"
Gives this output:
TASK [Change connect file to bulk mode] *********************************************************************************************
ok: [localhost] => (item=None) => {
"msg": "incoming: 80/tcp"
}
ok: [localhost] => (item=None) => {
"msg": "incoming: 443/tcp"
}
ok: [localhost] => (item=None) => {
"msg": "outgoing: 80/tcp"
}
ok: [localhost] => (item=None) => {
"msg": "outgoing: 443/tcp"
}

with_nested may be an option, as per Jack's answer.
Alternately, and possibly the currently preferred mechanism, is to use loop: "{{ your_first_list | product (your_second_list) | list }}" to combine your multiple lists into a single list.
For example, this:
- name: test
ansible.builtin.debug:
msg: "{{ item.0.0 }} - {{ item.0.1}} - {{ item.1 }}"
loop: "{{ [ ['incoming','deny'], ['outgoing','allow']] | product( [ '80/tcp', '443/tcp' ] ) | list }}"
produces this output:
ok: [examplehost.my.example.com] => (item=[[u'incoming', u'deny'], u'80/tcp']) => {
"msg": "incoming - deny - 80/tcp"
}
ok: [examplehost.my.example.com] => (item=[[u'incoming', u'deny'], u'443/tcp']) => {
"msg": "incoming - deny - 443/tcp"
}
ok: [examplehost.my.example.com] => (item=[[u'outgoing', u'allow'], u'80/tcp']) => {
"msg": "outgoing - allow - 80/tcp"
}
ok: [examplehost.my.example.com] => (item=[[u'outgoing', u'allow'], u'443/tcp']) => {
"msg": "outgoing - allow - 443/tcp"
}