Assigning IP to multiple hosts - loops

I am trying to assign a range of IP to different hosts, but first I am checking if the IP is already attributed. If it is, it gives me an error, so I would like to avoid that too(actually I can assign the IP, but can't pass that error, I am using ignore_errors: yes for now but I would like a better way). Here is part of my script:
---
- hosts: all
gather_facts: yes
become: yes
vars_files:
- client2
tasks:
- set_fact:
intip: "{{ intip | default([]) + [item] }}"
loop: "{{ ansible_interfaces | map('extract',ansible_facts, 'ipv4') | select('defined') | map(attribute='address') | list }}"
ignore_errors: yes
- name: Check IP address
shell:
"ip a a '{{ start_ip|ipmath(my_idx) }}' dev spanbr"
loop_control:
index_var: my_idx
when: (item == inventory_hostname )
loop: "{{ ansible_play_hosts }}"
ignore_errors: yes
I am using this var file, but maybe there is a better way? (I am trying to use something like the first example, but can't get my head around to use it on every hosts)
First vars file (didn't try yet):
client:
- interface:
- local_ip: 10.10.10.10
- name: eth1
- interface:
- local_ip: 10.10.10.11
- name: eth1
Second file:
interface:
- config:
- name: eth0
- config:
- name: eth1
start_ip: 10.10.10.10
I can get only one interface getting the IP and ignoring the address, but as the when conditional is not a loop it only check one interface:
Output:
TASK [Check IP address] ************************************************************************************************************************
skipping: [host2] => (item=host1)
failed: [host1] (item=host1) => {"ansible_index_var": "my_idx", "ansible_loop_var": "item", "changed": true, "cmd": "ip a a '10.10.10.10' dev spanbr", "delta": "0:00:00.005429", "end": "2022-10-20 08:49:43.800954", "item": "host1", "msg": "non-zero return code", "my_idx": 0, "rc": 2, "start": "2022-10-20 08:49:43.795525", "stderr": "RTNETLINK answers: File exists", "stderr_lines": ["RTNETLINK answers: File exists"], "stdout": "", "stdout_lines": []}
skipping: [host1] => (item=host2)
...ignoring
failed: [host2] (item=host2) => {"ansible_index_var": "my_idx", "ansible_loop_var": "item", "changed": true, "cmd": "ip a a '10.10.10.11' dev spanbr", "delta": "0:00:00.002691", "end": "2022-10-20 07:49:43.815422", "item": "host2", "msg": "non-zero return code", "my_idx": 1, "rc": 2, "start": "2022-10-20 07:49:43.812731", "stderr": "RTNETLINK answers: File exists", "stderr_lines": ["RTNETLINK answers: File exists"], "stdout": "", "stdout_lines": []}
...ignoring
I would like to use a notify but I need to use the loop on the task itself so that may be an issue...
Any ideas please??
Here is the output of intip (set_fact) if that helps:
TASK [set_fact] ********************************************************************************************************************************
ok: [host1] => (item=192.168.1.100)
ok: [host1] => (item=127.0.0.1)
ok: [host1] => (item=10.10.10.10)
ok: [host1] => (item=169.254.0.1)
ok: [host2] => (item=127.0.0.1)
ok: [host2] => (item=10.10.10.11)
ok: [host2] => (item=192.168.1.101)


Alright, I found a way to do it, by using host_vars and group_vars, and making my script even easier to write :
---
- hosts: all
gather_facts: yes
become: yes
tasks:
- set_fact:
intip: "{{ hostvars[inventory_hostname].ansible_all_ipv4_addresses }}"
- name: Check IP address
shell:
"ip a a '{{ local_ip }}' dev spanbr"
when: local_ip not in intip
Just by creating 2 files in host_vars.
host1.yaml:
ansible_host: "some_ip"
local_ip: 10.10.10.10
and the same for host2.yaml with different values. All is working great and it's making the script much easier to read too.

Related

Loop through subelements of subelements

I am using the following data structure in Ansible:
datacenters:
- name: Datacenter1
clusters:
- name: ClusterA
hosts:
- 192.168.0.1
- 192.168.0.2
- name: ClusterB
hosts:
- 192.168.1.1
- 192.168.1.2
- name: Datacenter2
clusters:
- name: ClusterC
hosts:
- 192.168.2.1
- 192.168.2.2
In a task, I want to iterate over each host while having access to the data of all the parent layers. If there is only one nesting level, it can easily be done with the subelements filter:
loop: '{{ datacenters | subelements(''clusters'') }}'
This will give me access to the data like this:
'Datacenter: {{ item.0.name }}, Cluster: {{ item.1.name }}'
I was hoping to be able to extend this concept like this:
loop: '{{ datacenters | subelements(''clusters'') | subelements(''hosts'') }}'
And being able to access the data like this:
'Datacenter: {{ item.0.name }}, Cluster: {{ item.1.name }}, Host: {{ item.2 }}'
But that does not work and I get the following error message instead:
Unexpected templating type error occurred on ({{ datacenters | subelements('clusters') | subelements('hosts') }}): the key hosts should point to a dictionary, got ...(the result of the first layer)
I found this question, which solves a similar problem, but relies on having distinct dict keys on all nesting levels, which I don't, because datacenters and clusters have the same name key.
So, how can I iterate over subelements of subelements in Ansible?

A bit far-fetched but the following playbook will achieve your goal:
---
- hosts: localhost
gather_facts: false
vars:
datacenters:
- name: Datacenter1
clusters:
- name: ClusterA
hosts:
- 192.168.0.1
- 192.168.0.2
- name: ClusterB
hosts:
- 192.168.1.1
- 192.168.1.2
- name: Datacenter2
clusters:
- name: ClusterC
hosts:
- 192.168.2.1
- 192.168.2.2
# Get the list of datacenters
_dcs: "{{ datacenters | map(attribute='name') }}"
# Get the corresponding list of clusters with subelements on hosts
_clusters: "{{ datacenters | map(attribute='clusters') | map('subelements', 'hosts') }}"
# Recreate a list with the sublisted hosts per clusters and create subelements on that final result
_overall: "{{ dict(_dcs | zip(_clusters)) | dict2items(key_name='datacenter', value_name='clusters') | subelements('clusters') }}"
tasks:
- name: Loop on the result
debug:
msg:
- "DC: {{ item.0.datacenter }}"
- "Cluster: {{ item.1.0.name }}"
- "Host: {{ item.1.1 }}"
loop: "{{ _overall }}"
loop_control:
label: "{{ item.0.datacenter }} - {{ item.1.0.name }}"
This gives:
PLAY [localhost] **************************************************************************************************************************************************
TASK [Loop on the result] *****************************************************************************************************************************************
ok: [localhost] => (item=Datacenter1 - ClusterA) => {
"msg": [
"DC: Datacenter1",
"Cluster: ClusterA",
"Host: 192.168.0.1"
]
}
ok: [localhost] => (item=Datacenter1 - ClusterA) => {
"msg": [
"DC: Datacenter1",
"Cluster: ClusterA",
"Host: 192.168.0.2"
]
}
ok: [localhost] => (item=Datacenter1 - ClusterB) => {
"msg": [
"DC: Datacenter1",
"Cluster: ClusterB",
"Host: 192.168.1.1"
]
}
ok: [localhost] => (item=Datacenter1 - ClusterB) => {
"msg": [
"DC: Datacenter1",
"Cluster: ClusterB",
"Host: 192.168.1.2"
]
}
ok: [localhost] => (item=Datacenter2 - ClusterC) => {
"msg": [
"DC: Datacenter2",
"Cluster: ClusterC",
"Host: 192.168.2.1"
]
}
ok: [localhost] => (item=Datacenter2 - ClusterC) => {
"msg": [
"DC: Datacenter2",
"Cluster: ClusterC",
"Host: 192.168.2.2"
]
}
PLAY RECAP ********************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Bad file descriptor in Ansible when read JSON content is numeric

Below is my JSON file:
[
{
"?xml": {
"attributes": {
"encoding": "UTF-8",
"version": "1.0"
}
}
},
{
"domain": [
{
"name": "mydom"
},
{
"domain-version": "12.2.1.3.0"
},
{
"server": [
{
"name": "AdminServer"
},
{
"ssl": {
"name": "AdminServer"
}
},
{
"listen_port": "12400"
},
{
"listen_address": "mydom.host1.bank.com"
}
]
},
{
"server": [
{
"name": "myserv1"
},
{
"ssl": [
{
"name": "myserv1"
},
{
"login-timeout-millis": "25000"
}
]
},
{
"listen_port": "22421"
}
]
}
]
}
]
Here is the code to get the listen port number form the json
---
- name: ReadJsonfile
hosts: localhost
tasks:
- name: Display the JSON file content
shell: "cat this.json"
register: result
- name: save the Json data to a Variable as a Fact
set_fact:
jsondata: "{{ result.stdout | from_json }}"
- name: create YML for server name with Listen port
shell: "echo {{ server.0.name }}_httpport: {{ httpport[0].listen_port }}>>{{ playbook_dir }}/wlsdatadump.yml"
loop: "{{ jsondata[1].domain }}"
vars:
server: "{{ item.server | selectattr('name', 'defined') }}"
httpport: "{{ item.server | selectattr('listen_port', 'defined') | list }}"
when: item.server is defined and (item.server | selectattr('listen_port', 'defined')) != []
I get the below error when executing the play
TASK [create YML for server name with Listen port] ************************************************************
skipping: [localhost] => (item={'name': 'mydom'})
skipping: [localhost] => (item={'domain-version': '12.2.1.3.0'})
failed: [localhost] (item={'server': [{'name': 'AdminServer'}, {'ssl': {'name': 'AdminServer'}}, {'listen_port': '12400'}, {'listen_address': 'mydom.host1.bank.com'}]}) => {"ansible_loop_var": "item", "changed": true, "cmd": "echo AdminServer_httpport: 12400>>/web/aes/admin/playbooks/dump.yml", "delta": "0:00:00.007706", "end": "2022-03-17 04:43:24.665832", "item": {"server": [{"name": "AdminServer"}, {"ssl": {"name": "AdminServer"}}, {"listen_port": "12400"}, {"listen_address": "mydom.host1.bank.com"}]}, "msg": "non-zero return code", "rc": 1, "start": "2022-03-17 04:43:24.658126", "stderr": "/bin/sh: 12400: Bad file descriptor", "stderr_lines": ["/bin/sh: 12400: Bad file descriptor"], "stdout": "", "stdout_lines": []}
If i change the port number from numeric to non-numeric say change "12400" to "portfirst" the playbook works fine.
This issue may have to do with the data type.
Can you please suggest how can i overcome this error?

you create a file listenport.j2 in folder templates:
{% for item in jsondata[1].domain if item.server is defined and (item.server | selectattr('listen_port', 'defined')) != [] %}
{{ item.server.0.name }}_httpport: {{ (item.server | selectattr('listen_port', 'defined')| list).0.listen_port }}
{% endfor %}
playbook:
- name: ReadJsonfile
hosts: localhost
tasks:
- name: Display the JSON file content
shell: "cat ./file2.json"
register: result
- name: save the Json data to a Variable as a Fact
set_fact:
jsondata: "{{ result.stdout | from_json }}"
- name: template
template:
src: listenport.j2
dest: "{{ playbook_dir }}/wlsdatadump.yml"
result in file wlsdatadump.yml:
AdminServer_httpport: 12400
myserv1_httpport: 22421
if you are working on lot of hosts (not only on localhost) and just want to create the file on localhost, use delegate_to: localhost inside the task

How to use proper loop in Ansible uri module

I'm using the Ansible uri module to trigger the pfSense API.
Now I want to create firewall rules in a task (code is truncated).
---
# tasks file for creating firewall rules
- name: "Create firewall rules"
uri:
url: "https://{{ pf_hostname }}/api/v1/firewall/rule"
method: "POST"
body: "{ \
\"client-id\": \"{{ pf_user }}\",
\"client-token\": \"{{ pf_password }}\",
\"type\": \"{{ pf_fw_type_01 }}\",
\"interface\": \"{{ pf_fw_interface_01 }}\",
}"
The vars file looks like this.
---
# vars file for creating firewall rules
# Authentication
pf_hostname: "pfsense.local"
pf_user: "admin"
pf_password: "pfsense"
# Rule 01
pf_fw_type_01: "pass"
pf_fw_interface_01: "wan"
How can I now repeat the task without unnecessary redundancy (e.g. with loop) for other rules?
I only come up with the following idea, but it doesn't seem ideal to me.
loop:
- "{{ item.client-id: {{ pf_user }}, item.type: {{ pf_fw_type_01 }} }}"
- "{{ item.client-id: {{ pf_user }}, item.type: {{ pf_fw_type_02 }} }}"

How about putting the rules as a dynamic parameter in the list?
For example, here's like.
vars.yml
---
# vars file for creating firewall rules
# Authentication
pf_hostname: "pfsense.local"
pf_user: "admin"
pf_password: "pfsense"
rules:
- num: 01
type: "pass"
pf_fw_interface: "wan"
- num: 02
type: "pass"
pf_fw_interface: "wan"
playbook
---
- hosts: localhost
gather_facts: false
vars_files:
- vars.yml
tasks:
- debug:
msg: |
{
"client-id": "{{ pf_user }}",
"client-token": "{{ pf_password }}",
"type": "{{ item.type }}",
"interface": "{{ item.pf_fw_interface }}"
}
loop: "{{ rules }}"
result
$ ansible-playbook main.yml
(snip)
PLAY [localhost] *********************************************************************************************************************************************************************
TASK [debug] *************************************************************************************************************************************************************************
ok: [localhost] => (item={'type': 'pass', 'pf_fw_interface': 'wan'}) => {
"msg": {
"client-id": "admin",
"client-token": "pfsense",
"interface": "wan",
"type": "pass"
}
}
ok: [localhost] => (item={'type': 'pass', 'pf_fw_interface': 'wan'}) => {
"msg": {
"client-id": "admin",
"client-token": "pfsense",
"interface": "wan",
"type": "pass"
}
}
(snip)

Looping over an ansible dict for specific value

With ansible, looping over a list of items that return a dict(?) with listed values.
Basically I want to check a dict of packages to see if they are installed or not (and later on return a message for any missing packages).
Any loop/with_dict combo tried so far return various errors that the specific variable can't be found.
When querying the status itself (yum module) it does put the full output into the {{ pkg }} var, per package.
---
- name: Ansible tests playbook
hosts: vms
remote_user: root
vars:
pkgs:
- yum-utils
- mariadb-libs
tasks:
- name: Check packages
yum:
list: "{{ item }}"
disablerepo: '*'
register: pkg
loop: "{{ pkgs }}"
If I then simply output the contents of {{ pkg.results }} with :
- name: list
debug:
msg: "{{ item }}"
loop: "{{ pkg.results }}"
I get :
root#vm011:~/ovirt# ansible-playbook check.yml
PLAY [Ansible tests playbook] **************************************************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************************************************
ok: [vm017.warp]
TASK [Check paclages] **********************************************************************************************************************************************************************
ok: [vm017.warp] => (item=yum-utils)
ok: [vm017.warp] => (item=mariadb-libs)
TASK [list] ********************************************************************************************************************************************************************************
ok: [vm017.warp] => (item=None) =>
msg:
changed: false
failed: false
invocation:
module_args:
allow_downgrade: false
conf_file: null
disable_gpg_check: false
disable_plugin: []
disablerepo: '*'
enable_plugin: []
enablerepo: null
exclude: null
install_repoquery: true
installroot: /
list: yum-utils
name: null
security: false
skip_broken: false
state: installed
update_cache: false
update_only: false
validate_certs: true
item: yum-utils
results:
- arch: noarch
envra: 0:yum-utils-1.1.31-50.el7.noarch
epoch: '0'
name: yum-utils
release: 50.el7
repo: installed
version: 1.1.31
yumstate: installed
ok: [vm017.warp] => (item=None) =>
msg:
changed: false
failed: false
invocation:
module_args:
allow_downgrade: false
conf_file: null
disable_gpg_check: false
disable_plugin: []
disablerepo: '*'
enable_plugin: []
enablerepo: null
exclude: null
install_repoquery: true
installroot: /
list: mariadb-libs
name: null
security: false
skip_broken: false
state: installed
update_cache: false
update_only: false
validate_certs: true
item: mariadb-libs
results:
- arch: x86_64
envra: 1:mariadb-libs-5.5.60-1.el7_5.x86_64
epoch: '1'
name: mariadb-libs
release: 1.el7_5
repo: installed
version: 5.5.60
yumstate: installed
How can I get just the yumstate value (installed, or otherwise), per package, into a separate variable ?
If, for instance, I try to debug the msg with
- name: list
debug:
msg: "{{ item.yumstate }}"
loop: "{{ pkg.results }}"
I get:
fatal: [vm017.warp]: FAILED! =>
msg: |-
The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'yumstate'

you are looping correctly through the pkg.results, but in each item the yumstate is under another results key. you should use:
- name: list
debug:
msg: "{{ item.results.yumstate }}"
loop: "{{ pkg.results }}"
i tried your code on my fedora, and the results for one of the 2 packages has as value a list, so the item.results.yumstate would not work: Fedora response for yum utils:
"item.results": [
{
"arch": "noarch",
"epoch": "0",
"name": "yum-utils",
"nevra": "0:yum-utils-1.1.31-517.fc29.noarch",
"release": "517.fc29",
"repo": "fedora",
"version": "1.1.31",
"yumstate": "available"
},
{
"arch": "noarch",
"epoch": "0",
"name": "yum-utils",
"nevra": "0:yum-utils-1.1.31-518.fc29.noarch",
"release": "518.fc29",
"repo": "updates",
"version": "1.1.31",
"yumstate": "available"
}
]
for mariadb-libs, no packages found, response was:
"item.results": []
hope it helps

You did indeed point me in the correct way.
- name: list
debug:
msg: "Package {{ item.results[0].name }} is {{ item.results[0].yumstate }}"
loop: "{{ pkg.results }}"
Did the trick, with just "{{ item.results.yumstate }}" it still returned an error
TASK [list] ********************************************************************************************************************************************************************************
fatal: [vm017.warp]: FAILED! =>
msg: |-
The task includes an option with an undefined variable. The error was: 'list object' has no attribute 'yumstate'
Adding the [0] got me:
TASK [list] ********************************************************************************************************************************************************************************
ok: [vm017.warp] => (item=None) =>
msg: Package yum-utils is installed
ok: [vm017.warp] => (item=None) =>
msg: Package mariadb-libs is installed

You might want to consider nested loops , also known aa "loops and includes" if you're attempting fancy things.
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#defining-inner-and-outer-variable-names-with-loop-var

Loop ansible_host stuck with first item

I am using the module csv-source-of-truth (https://github.com/joelwking/csv-source-of-truth) to get the IP and OS information from a csv file. I was able to register these info into a vsheet and using debug, I can see that I can loop through the contents of the vsheet.
However, when I use ios_command and try to loop through the vsheet, it seems that it gets stuck at the first entry of the vsheet.
This are the contents of the Inventory.csv file:
192.168.68.201,ios
192.168.68.202,ios
Code:
---
- hosts: localhost
gather_facts: false
tasks:
- name: Block
block:
- name: Use CSV
csv_to_facts:
src: '{{playbook_dir}}/NEW/Inventory.csv'
vsheets:
- INFO:
- IP
- OS
- debug:
msg: '{{item.IP}}'
loop: '{{INFO}}'
- name: Show Version
vars:
ansible_host: '{{item.IP}}'
ansible_network_os: '{{item.OS}}'
ansible_user: cisco
ansible_ssh_pass: cisco
ansible_connection: network_cli
ansible_become: yes
ansible_become_method: enable
ios_command:
commands: show version
register: output
loop: '{{INFO}}'
- name: Show the output of looped Show Version
debug:
var: output
- name: Show just the stdout_lines
debug:
var: output.results.{{item}}.stdout_lines
with_sequence: "0-{{output|length - 2}}"
You will notice on the output that it only has results for R1 when you look at the uptime information. i.e. R1 has an uptime of such and such.
PLAY [localhost] **********************************************************************************************************************************************
TASK [Use CSV] ************************************************************************************************************************************************
ok: [localhost]
TASK [debug] **************************************************************************************************************************************************
ok: [localhost] => (item={u'IP': u'192.168.68.201', u'OS': u'ios'}) => {
"msg": "192.168.68.201"
}
ok: [localhost] => (item={u'IP': u'192.168.68.202', u'OS': u'ios'}) => {
"msg": "192.168.68.202"
}
TASK [Show Version] *******************************************************************************************************************************************
ok: [localhost] => (item={u'IP': u'192.168.68.201', u'OS': u'ios'})
ok: [localhost] => (item={u'IP': u'192.168.68.202', u'OS': u'ios'})
TASK [Show the output of looped Show Version] *****************************************************************************************************************
ok: [localhost] => {
"output": {
"changed": false,
"msg": "All items completed",
"results": [
{
"ansible_loop_var": "item",
"changed": false,
"failed": false,
"invocation": {
"module_args": {
"auth_pass": null,
"authorize": null,
"commands": [
"show version"
],
"host": null,
"interval": 1,
"match": "all",
"password": null,
"port": null,
"provider": null,
"retries": 10,
"ssh_keyfile": null,
"timeout": null,
"username": null,
"wait_for": null
}
},
"item": {
"IP": "192.168.68.201",
"OS": "ios"
},
"stdout": [
-- Output removed for brevity
],
"stdout_lines": [
[
"-- Output removed for brevity
"R1 uptime is 1 hour, 34 minutes",
]
]
},
{
"ansible_loop_var": "item",
"changed": false,
"failed": false,
"invocation": {
"module_args": {
"auth_pass": null,
"authorize": null,
"commands": [
"show version"
],
"host": null,
"interval": 1,
"match": "all",
"password": null,
"port": null,
"provider": null,
"retries": 10,
"ssh_keyfile": null,
"timeout": null,
"username": null,
"wait_for": null
}
},
"item": {
"IP": "192.168.68.202",
"OS": "ios"
},
"stdout": [
-- Output removed for brevity
],
"stdout_lines": [
[
-- Output removed for brevity
"R1 uptime is 1 hour, 34 minutes",
]
]
}
]
}
}
TASK [Show just the stdout_lines] *****************************************************************************************************************************
ok: [localhost] => (item=0) => {
"ansible_loop_var": "item",
"item": "0",
"output.results.0.stdout_lines": [
[
-- Output removed for brevity
"R1 uptime is 1 hour, 34 minutes",
]
]
}
ok: [localhost] => (item=1) => {
"ansible_loop_var": "item",
"item": "1",
"output.results.1.stdout_lines": [
[
-- Output removed for brevity
"R1 uptime is 1 hour, 34 minutes",
]
]
}
PLAY RECAP ****************************************************************************************************************************************************
localhost : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Try to create an inventory
- name: Create inventory
add_host:
hostname: '{{ item.IP }}'
groups: temp_group_01
ansible_network_os: '{{ item.OS }}'
ansible_user: cisco
ansible_ssh_pass: cisco
ansible_connection: network_cli
ansible_become: yes
ansible_become_method: enable
loop: '{{ INFO }}'
and delegate to the hosts
- name: Show Version
ios_command:
commands: show version
register: output
delegate_to: '{{ item }}'
loop: '{{ groups['temp_group_01'] }}'
Explanation
From the play below can be seen that the connection does not obey the changed ansible_host and keeps using the first item in the loop.
- hosts: test_01
tasks:
- command: hostname
register: result
vars:
ansible_host: "{{ item }}"
loop:
- test_02
- test_03
- debug:
msg: "{{ result.results|map(attribute='stdout')|list }}"
gives
TASK [command] ******************************************************************************
changed: [test_01] => (item=test_02)
changed: [test_01] => (item=test_03)
TASK [debug] ********************************************************************************
ok: [test_01] => {
"msg": [
"test_02",
"test_02"
]
}
This behavior is very probably caused by the connection plugin because vars works as expected. The play below
- hosts: test_01
tasks:
- command: echo "{{ ansible_host }}"
register: result
vars:
ansible_host: "{{ item }}"
loop:
- test_02
- test_03
- debug:
msg: "{{ result.results|map(attribute='stdout')|list }}"
gives
TASK [command] ******************************************************************************
changed: [test_01] => (item=test_02)
changed: [test_01] => (item=test_03)
TASK [debug] ********************************************************************************
ok: [test_01] => {
"msg": [
"test_02",
"test_03"
]
}
As a result, it's not possible to loop ansible_host. Instead, delegate_to shall be used.

Resources