The project is to update wildcard certificate paths on many servers, each having a differently-named Vhost-*.conf file.
I would like to search for files that match V*.conf, then grep through them and replace the values for crt, key & ca as indicated below.
The closest answer I've found is this one but I couldn't get it to run as-is. And I think the replace module is better suited than lineinfile since I'd rather not re-write the whole line, and would like to replace any number of occurrences in the file.
After some changes this is the closest I've come, but I haven't figured out why my syntax is off:
---
- hosts: myhost5
become: yes
tasks:
- name: grab conf file names
shell: ls /etc/httpd/conf.d/V*.conf
register: vhost_files
- name: replace text
replace:
dest: '{{ item.0 }}'
regexp: '{{ item.1.regexp }}'
line: '{{ item.1.line}}'
backrefs: yes
backup: yes
with_nested:
- "{{vhost_files}}"
- "{{text_to_replace}}"
vars:
text_to_replace:
- { "regexp: 'mywildcard2014.crt', line: 'mywildcard.2016.crt'" }
- { "regexp: 'mywildcard2048_2014.key', line: 'mywildcard.2016.key'" }
- { "regexp: 'gd_bundle2014.crt', line: 'mywildcard.2016.ca-bundle'" }
handlers:
- name: restart apache
service: name=httpd state=restarted
The response I get is:
the field 'args' has an invalid value, which appears to include a
variable that is undefined. The error was: 'dict object' has no attribute 'regexp'
First of all, you need to remove unnecessary double quotes here:
- { regexp: 'mywildcard2014.crt', line: 'mywildcard.2016.crt' }
But there are number of other tiny bugs in your code.
Also keep in mind that using shell commands instead of modules is not an Ansible way.
Consider using find module instead of shell: ls.
---
- hosts: myhost5
become: yes
vars:
text_to_replace:
- { regexp: 'mywildcard2014.crt', line: 'mywildcard.2016.crt' }
- { regexp: 'mywildcard2048_2014.key', line: 'mywildcard.2016.key' }
- { regexp: 'gd_bundle2014.crt', line: 'mywildcard.2016.ca-bundle' }
tasks:
- name: grab conf file names
find:
pattern: V*.conf
path: /etc/httpd/conf.d/
register: vhost_files
- name: replace text
replace:
dest: '{{ item.0.path }}'
regexp: '{{ item.1.regexp }}'
replace: '{{ item.1.line}}'
backup: yes
with_nested:
- "{{vhost_files.files}}"
- "{{text_to_replace}}"
notify: restart apache
handlers:
- name: restart apache
service: name=httpd state=restarted
Related
I want to create user and gather their info in local file but with loop register is now working as expected.
I thought it was an indentation problem but no luck.
My playbook
---
- hosts: localhost
tasks:
- name: Clearing Local file
local_action: shell echo "Zone,docode,doname,testuser Output" > user.csv
- hosts: app
tasks:
- name: Creating user Testuser
become: yes
user:
name: "{{ item }}"
state: present
shell: "/bin/bash"
password: "$6$mysecretsalt$qyctTVhRMS1ZSnCuzQNAM8Y7V/yqSEnyRbal0IYXSqSEVKkXF8ZmXBZoRIaN/PvzE/msq8iOJO830OOCG89va/"
update_password: always
groups: santosh
shell: id "{{item}}"
ragister: userout
loop:
- newuser1
- newuser2
- newuser3
- debug:
var=userout
which gives the following error when executed
ERROR! conflicting action statements: shell, user
The error appears to have been in '/home/santosh/ans-home/playbooks/Create_User_and_Gather_output.yml': line 12, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Creating user Testuser
^ here
You cannot call several modules in one task, you need to separate each call in its own task, as reported by the error message.
I understand why you tried it: to take advantage of the same loop for several task. Unfortunately this is not possible. You could move your set of tasks to a separate file and include it in a loop if you really have to loop over a significant amount of tasks. This is not really required in your situation because:
you only have two tasks
you can compact writing of your loop by using a declared var for reuse
and most essentially because you don't need your second task
In fact, the user module will return the uid of the user it created or that is existing in its result. You just have to register the result of calling the user module.
Just try the following for your second play:
- name: Resgister application users
hosts: app
vars:
user_list:
- newuser1
- newuser2
- newuser3
tasks:
- name: Create the users if they don't exist
user:
name: "{{ item }}"
state: present
shell: "/bin/bash"
password: "$6$mysecretsalt$qyctTVhRMS1ZSnCuzQNAM8Y7V/yqSEnyRbal0IYXSqSEVKkXF8ZmXBZoRIaN/PvzE/msq8iOJO830OOCG89va/"
update_password: always
groups: santosh
register: create_users
loop: "{{ user_list }}"
- name: Show ids of users
debug:
msg: "The uid of user {{ item.name }} is: {{ item.uid }}"
loop: "{{ create_users.results }}"
And as a side note: for your first play, do yourself a favor and stop using the old local_action syntax in favor of delegate_to: localhost for a task. It is not even required in your case as your are already targeting your play to localhost only.
I want to be able to read a versionfile if it exists, and check its contents. Then return True if the version changed or the file does not exists, False if versionfile exists and the version matches the content.
Basically this:
# setup test data
- set_fact:
version_expected: "0001"
version_path: "/path/to/version"
version_owner: "root"
version_group: "root"
# this block is used to check for version changes
- name: check version change
block:
- name: check version file
stat:
path: "{{version_path}}"
register: version_file
- set_fact:
version_remote: "{{ lookup('file', version_path) | default('') }}"
when: version_file.stat.exists
- set_fact:
version_changed: not version_file.stat.exists or version_remote != version_expected
# test writing new version
- name: write file
copy:
dest: "{{version_path}}"
content: "{{version_expected}}"
owner: "{{version_owner}}"
group: "{{version_group}}"
when: version_changed
My problem is: This is somewhat ugly and becoming quite redundant in my roles.
Is there a more elegant way to do this?
Is there maybe a module for this? (though I found none)
Or should I just write a module for this?
Best regards,
2d4r
EDIT:
im only meaning the "check version change" block, the surrounding code is for debugging only.
To be more specific, I want to download a server binary, but only if my expectet version differs from the content of the versionfile.
I want to write the new version to file, if (and only if) the download was successfull, but that is not part of my question.
EDIT2:
I got this by now:
# roles/_helper/tasks/version_check.yml
- name: check if file exists
stat:
path: "{{version_path}}"
register: version_file
- name: get remote version
slurp:
src: "{{version_path}}"
register: version_changed
when: version_file.stat.exists
# (False if versionfile exists and version is expected; True else)
- name: set return value
set_fact:
version_changed: "{{ not version_file.stat.exists or ((version_changed.content | b64decode) is version_compare(version_expected, 'ne')) }}"
used like this:
# /roles/example/tasks/main.yml
- include_role:
name: _helper
tasks_from: version_check
vars:
version_path: "{{file_version_path}}"
version_expected: "{{file_version_expected}}"
- name: doing awesome things
when: version_changed
block:
- name: download server
[...]
- name: write version
copy:
dest: "{{file_version_path}}"
content: "{{file_version_expected}}"
It kills the redundancy, but is still not what I want.
Sadly I can not register a return value from a role.
Delete everything except for write file task and remove the condition.
Ansible does this automatically for you.
- name: write file
copy:
dest: "{{version_path}}"
content: "{{version_expected}}"
owner: "{{version_owner}}"
group: "{{version_group}}"
After you changed the question, given the information provided, the only thing I can point to is to use slurp module instead of lookup, as an lookup plugins work locally in the control machine.
Compare versions using your logic or built-in version_compare filter/test.
I have written a playbook to install our custom collectd and that's working , where i'm changing the configuration with lineinfile module now i have another situation where i have multiple site names like one i have in my playbook ie richmod as follows:
Prefix "collectd.dns.NA.richmond.physical.
i have multiple site name viz richmond, carry, london, boston hence looking forward to put them into a varible and call that variable to assign the value.
lets suppose when it run the playbook on first Server it should pick up "richmon" for second it should pick up carry, for third it should london and so on.. looking for ideas..
---
- name: Playbook to Install CollectD
#hosts: all[1]
hosts: all
remote_user: root
become: true
tasks:
- name: Downloading collectd
get_url:
url="http://my-dc/collectd-5.7.2.tar.gz"
dest="/opt/"
- name: Extracting collectd archive
unarchive:
src="/opt/collectd-5.7.2.tar.gz"
dest="/opt/"
remote_src=True
- name: Creating soft link to collectd Dir
file:
src: "/opt/collectd-5.7.2"
dest: "/opt/collectd"
state: link
owner: root
group: root
#############################################################################################
# Dont Disable the gather_facts at all as {{ ansible_hostname }} absolutlty depends on facts #
# ###########################################################################################
- name: Committing changes to collectd configuration....
lineinfile:
dest: "{{ item.dest }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backrefs: yes
with_items:
- { dest: '/opt/collectd/etc/collectd.conf', regexp: '#Hostname "collectServer"', line: 'Hostname "{{ ansible_hostname }}"' }
- { dest: '/opt/collectd/etc/collectd.conf', regexp: '# Prefix "collectd.unix."', line: ' Prefix "collectd.dns.NA.richmond.physical."' }
- name: Copy the collectd Daemon to init ..
copy:
src: "/opt/collectd/startup/collectd"
dest: "/etc/init.d/"
remote_src: True
mode: 0755
owner: root
group: root
- name: starting collectd Service
service:
name: collectd
state: started
enabled: yes
All what I need is in title, for example I want to know how I can do somethings like that :
---
- hosts: ansible-clients
tasks:
- name: Fetch source list from clients
fetch: src=/etc/apt/sources.list
dest=/tmp/allnodes.sourcelist
OR in simply way
echo remote#/etc/apt/sources.list >> local#/tmp/allnodes.sourcelist
I can create and run script in local but the only condition I have is to do all actions in one playbook.
You can use this play:
---
- hosts: ansible-clients
tasks:
- name: Fetch source list from clients
fetch:
src: /etc/apt/sources.list
flat: yes
dest: "/tmp/{{ inventory_hostname }}.sourcelist"
- name: Merge files
run_once: yes
delegate_to: localhost
shell: "cat /tmp/{{ item }}.sourcelist >> /tmp/allnodes.sourcelist"
with_items: "{{ groups['ansible-clients'] }}"
First task is used to fetch all files from remotes and store them in /tmp. inventory_hostname is used in filename to be sure it is unique.
Second task is run once on any host, and append all files (get list of hosts linked to group ansible-clients) in final file
I am writing a playbook that ensure nodes appear in /etc/fstab.
I am using loops to prevent code duplication.
The logic is first to check if the line appears using grep (with perl regex because it is a multi line) and store the results in a register.
Then I want to add only the lines that are not in fstab file. To achieve that I need to loop over list (the register with the grep return codes) and a dictionary (that contains the fstab entries).
I am having errors with the parallel loop. I tried to follow these steps.
One or more undefined variables: 'str object' has no attribute 'item'
tasks/fstab.yaml:
---
- name: Make dirs
sudo: yes
file: path={{ item.value }} state=directory
with_dict:
"{{ fstab.paths }}"
- name: Check whether declared in fstab
sudo: no
command: grep -Pzq '{{ item.value }}' /etc/fstab
register: is_declared
with_dict:
"{{ fstab.regexs }}"
- name: Add the missing entries
sudo: yes
lineinfile: dest=/etc/fstab line="{{ item.1.item.value }}"
when: item.0.rc == 1
with_together:
- "{{ is_declared.results }}"
- "{{ fstab.entries }}"
vars/main.yml:
---
fstab:
paths:
a: "/mnt/a"
b: "/mnt/b"
regexs:
a: '\n# \(a\)\nfoo1'
b: '\n# \(b\)\nfoo2'
entries:
a: "\n# (a)\nfoo1"
b: "\n# (b)\nfoo2"
I am not using template on purpose (I want to add entries to existing files and not to over write them).
UPDATE: I see ansible has module "mount" which deals with fstab. However I am still looking for a solution to this issue because I might be needed it again later on.
I have a couple ideas as to why your original approach was failing, but let's scratch that for a moment. It looks like you're overcomplicating things- why not use a complex list var to tie it all together, and use the regexp arg to the lineinfile module instead of a separate regex task? (though your sample data should work fine even without the regexp param) Something like:
---
- name: Make dirs
sudo: yes
file: path={{ item.path }} state=directory
with_items: fstab
- name: Add the missing entries
sudo: yes
lineinfile: dest=/etc/fstab line={{ item.entry }} regexp={{ item.regex }}
with_items: fstab
fstab:
- path: /mnt/a
regex: '\n# \(a\)\nfoo1'
entry: "\n# (a)\nfoo1"
- path: /mnt/b
regex: '\n# \(b\)\nfoo2'
entry: '\n# (b)\nfoo2'