I need to determine if the gcloud user is logged in as themself. I know I can use gcloud auth list to see which is indicated. The problem is getting Ansible to understand which of the list is selected. If its the system, skip the test. If its the human run the test.
I'm just not sure how ansible can register the return from:
gcloud auth list | grep '*'
I am able to actually find the user information but what I can't seem to get to work is the when:
My apologies if I wasn't clear.
What I have now (and not working)
- name: Verify user is Human
ansible.builtin.debug:
msg: Authorized user is "{{ auth_member }}"
when: not "{{ auth_member }}" | regex_search('.*s6.*')
keeps returning variations of "The offending line appears to be:
msg: Authorized user is "{{ auth_member }}"
when: not "{{ auth_member }}" | regex_search('.s6.')ß
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. "
I have tried various ways to do some sort of "not in" but keep getting the quotes error
(super newbie at ansible)
Related
Can anyone please help me here, I have a playbook which has the following vars:
vars_files:
- "../vars/location.yml"
The location.yml has the following declared:
loc: "{{ inventory_hostname[0:3] }}"
location_file: "/root/ansible/vars/{{ loc }}.yml"
So from hostname location_file: is then prd.yml, this file contains the line:
txm_QA_access: false
Now if I run the playbook which copies a sudoers template with the following conditional specified in it:
{% if txm_QA_access %}
%Sudo-admin ALL= /bin/su - admin
%Team-QA ALL= /bin/su - admin
%Team-QA\ OffShore\ \(UK\) ALL= /bin/su - admin
{% endif %} `
When I run the playbook I get an error:
"msg": "AnsibleUndefinedVariable: `txm_QA_access` is undefined"
Where am I going wrong? Isn't it defined as a Boolean which is false so in theory it should skip adding those lines in the sudoers template?
Any help appreciated spent hours on this now.
I guess this is because the vars file prd.yml (most likely) is not getting loaded. And as #dechandler10 mentioned, you can use include_vars:, instead of vars_files:.
In your playbook you have already included location.yml, next you should include vars from prd.yml before the template task.
vars_files:
- '../vars/location.yml'
tasks:
# Your 'location_file' variable set to: /root/ansible/vars/prd.yml
- name: include variables
include_vars:
file: '{{ location_file }}'
Now that your prd.yml has been included, the variable txm_QA_access will be available for template.
However, Ansible already has built-in mechanism called group_vars and host_vars.
Instead of having to define variable paths with inventory_hostname[0:3], Ansible can directly load variables for hosts or groups with this method. See organizing host and group variables.
You didn't mention doing anything to include the variables in prd.yml, so I'm going to assume you haven't. You'll need to use include_vars to load the variables from that file.
If you are doing that, I recommend adding debug tasks immediately before your template task to sort out exactly which variable is causing the problem.
I'm currently writing a small Ansible playbook whose job is to put in an additional domain in the search list in /etc/resolv.conf.
The second domain to add to the search list must contain part of the hostname of the target hosts. I'm getting the hostname of each of the target hosts during playbook execution using the magic variable {{ inventory_hostname }}.
I then need to extract characters 4 - 6 from the {{ inventory_hostname }} (say 'xyz') such that the second domain to add to the search list is xyz.foo.bar. In bash, this would be obtained with something like:
SERVER=$('hostname':3:3)
env=${SERVER:3:3}
... and the variable 'env' would be equal to 'xyz'.
The playbook works as long as 'xyz' is manually defined.
I am aware that Ansible has regular expression filters which can help with something like this, however I could not figure out a regular expression which does what I need.
For completeness sake, I have tried something like this in ansible:
{{ inventory_hostname|3:3 }}
Any help would be greatly appreciated.
It's almost the same, you can use "{{ inventory_hostname[3:6] }}" to select characters 3 to 6.
For example this task
- debug:
msg: "{{ inventory_hostname[3:6] }}"
Will output
ok: [localhost] => {
"msg": "alh"
}
I want to create a file in each user home directory. Based on the debug output it looks like it is returning a dict containing a list called "files" that has all the info I need including user and group to set on the newly created file. However, it doesn't behave the way I expected and based on everything I am reading I must be misunderstanding how to properly access the variable. Here is what I am doing:
- name: Get Directory Listing Using Find
find:
file_type: directory
paths: /home
register: find_user_dirs
- name: Create Test File in Each Directory
file:
status: touch
path: "{{ item.path }}/test.file"
owner: root
group: root
with_items: "{{ find_user_dirs.files }}"
The documentation briefly mentions dicts vs lists, but there seems to be more to it. I need help to get pointed in the right direction for understanding how to properly use this variable.
Ok, I feel stupid. Probably because I was working on this at 4am, but still a stupid simple oversight on my part. I had a typo in there with "status" instead of "state".
After some rest and debugging with the information provided by Rost, which was helpful for other applications by the way, I paid closer attention and found my error. Now this actually works as intended:
- name: Get Directory Listing Using Find
find:
file_type: directory
paths: /home
register: find_user_dirs
- name: Create Test File in Each Directory
file:
state: touch
path: "{{ item.path }}/test.file"
owner: "{{ item.uid }}"
group: "{{ item.gid }}"
with_items: "{{ find_user_dirs.files }}"
The classic rookie mistake - seeing what you think you see instead of what you ACTUALLY see. Sorry to anyone that wasted any time on this.
Well, for me such behavior is quite unexpected too.
But I found the workaround, this works:
- name: Create Test File in Each Directory
file:
status: touch
path: "{{ item }}/test.file"
owner: root
group: root
with_items: "{{ find_user_dirs | map(attribute='path') | list }}"
Note: i m seeking solution for Ansible. Here is the issue description:
I have a file filedet.yml as below, however realtime this yaml may contain many more IP and file details.
---
10.9.9.111:
/tmp/test.jar:
hash: e6df90d38fa86f0e289f73d79cd2cfd2a29954eb
/tmp/best.jar:
hash: e6df90d38fa86f0e289f73d79cd2cfd2a29954eb
10.8.8.44:
/tmp/conf/extra/httpd-ssl.conf:
hash: 1746f03d57491b27158b0d3a48fca8b5fa85c0c2
/tmp/conf/httpd.conf:
hash: 1746f03d57491b27158b0d3a48fca8b5fa85c0c2
I wish to extract a particular IP and the file details so that it can be removed from the yaml using state: absent attribute . Thus, the desired regex should return the below:
10.9.9.111:
/tmp/test.jar:
hash: e6df90d38fa86f0e289f73d79cd2cfd2a29954e
/tmp/best.jar:
hash: e6df90d38fa86f0e289f73d79cd2cfd2a29954eb
I decided to have the start pattern as '10.9.9.111' and search until there are no spaces or newlines which means until it gets to the next IP.
I prepared the below regex and it shows correct, desired FULL Text match on http://regex101.com. See snapshot.
Regex query below:
[^#](^10.9.9.111:)(.|\n)*^(?!( |\n))
The same regex works fine with grep -Pzo and returns the desired string. However, the regex fails to work with ansible's lineinfile module as it does not yeild any results.
i want this regex or any other solution to work with Ansible so i can remove the given IP and it's file details from the yaml
Ansible:
- name: "Remove entry from file."
lineinfile:
path: "/app/filedet.yaml"
regexp: "[^#](^10.9.9.111:)(.|\n)*^(?!( |\n))"
state: absent
Can you please suggest what is the issue here ?
Q: "I wish to extract an IP and the file details."
A: Use include_vars. For example
- include_vars:
file: filedet.yml
name: my_dict
- debug:
msg: "{{ my_dict['10.9.9.111'] }}"
give
"msg": {
"/tmp/best.jar": {
"hash": "e6df90d38fa86f0e289f73d79cd2cfd2a29954eb"
},
"/tmp/test.jar": {
"hash": "e6df90d38fa86f0e289f73d79cd2cfd2a29954eb"
}
}
Q: "Remove an entry from the file."
A: Use template. For example
$ cat filedet.yml.j2
{% for item in my_dict_keys %}
{{ item }}:
{{ my_dict[item]|to_nice_yaml|indent(2) }}
{% endfor %}
The task below
- set_fact:
my_dict_keys:
- "10.8.8.44"
- template:
src: filedet.yml.j2
dest: filedet.yml
gives
$ cat filedet.yml
10.8.8.44:
/tmp/conf/extra/httpd-ssl.conf:
hash: 1746f03d57491b27158b0d3a48fca8b5fa85c0c2
/tmp/conf/httpd.conf:
hash: 1746f03d57491b27158b0d3a48fca8b5fa85c0c2
Notes:
It's a bad idea to use lineinfile for this purpose
Data in the question is not valid YAML. The key is repeating
10.9.9.111:
/tmp/test.jar:
hash: e6df90d38fa86f0e289f73d79cd2cfd2a29954eb
/tmp/test.jar:
hash: e6df90d38fa86f0e289f73d79cd2cfd2a29954eb
In my playbook, I'd like to loop over two dictionaries (or one dictionary and one list). One is a list (or dictionary) of Domains, the other one is a dictionary that includes the aws-regions with the corresponding server-IPs to use for the DNS-Entries for latency based routing. I want to set for each domain one DNS-record for each aws-region.
- name: set DNS records for Domains
route53:
zone: "{{ item[0].key }}"
record: "{{ item[0].key }}"
value: "{{ item[1].value.server_ip }}"
region: "{{ item[1].key }}"
identifier: "{{ item[1].key }}"
with_nested:
- "{{ domain_dict }}"
- "{{ aws_dict }}"
With two lists, the example works fine. How do I get it to work using at least one dictionary?
domain_dict: (could be a list as well)
domain_dict:
mytest1.example:
mytest2.example:
mytest3.example:
aws_dict:
aws_dict:
us-east-1:
# some other region-related stuff like ami-id,...
server_ip: 1.2.3.4
us-west-1:
# some other region-related stuff
server_ip: 1.2.3.5
us-west-2:
# some other region-related stuff
server_ip: 1.2.3.6
#all other aws-regions
A custom lookup_plugin is your best bet. Otherwise it'll be an ugly sequence of set_fact.
PS:
While you ordinarily shouldn’t have to, should you wish to write your own ways to loop over arbitrary datastructures, you can read Developing Plugins for some starter information. Each of the above features are implemented as plugins in ansible, so there are many implementations to reference