How to iterate on an Ansible dictionary of lists - list

In an Ansible task, I want to iterate on all subelements of each dictionary category. The container I am using looks like this:
myDict:
- {category1: el00, category2: [el10, el11], category3: [el20, el21, el22, el23]}
The expected output would be :
msg: el00
msg: el10 el11
msg: el20 el21 el22 el23

If you want to take into account the fact that the variable myDict is a list and that there might be more items create a file
shell> cat iteration.yml
- debug:
msg: "{{ i.0 }} {{ i.1 }} {{ i.2 }}"
with_nested:
- "{{ item.category1 }}"
- "{{ item.category2 }}"
- "{{ item.category3 }}"
loop_control:
loop_var: i
and include it in the loop
- include_tasks: iteration.yml
loop: "{{ myDict }}"
gives
msg: el00 el10 el20
msg: el00 el10 el21
msg: el00 el10 el22
msg: el00 el10 el23
msg: el00 el11 el20
msg: el00 el11 el21
msg: el00 el11 el22
msg: el00 el11 el23
If you want to iterate the first item in the list only the task below gives the same result
- debug:
msg: "{{ item.0 }} {{ item.1 }} {{ item.2 }}"
with_nested:
- "{{ myDict.0.category1 }}"
- "{{ myDict.0.category2 }}"
- "{{ myDict.0.category3 }}"

Related

Using variable for tag name in Ansible AWS modules

ec2_snapshot module allows me to create snapshots of volumes and tag at the same time. This is straight forward while using fix names for tags. But how can I set tag name itself from a variable?
Example task:
- name: AWS EBS Disks Snapshot For Volumes
ec2_snapshot:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_key_id }}"
security_token: "{{ aws_security_token }}"
volume_id: "{{ item.id }}"
region: "{{ aws_region }}"
snapshot_tags:
Name: "{{ timestamp.stdout }}"
"{{ tagname_variable }}": "{{ tagvalue_variable }}"
type: "{{ item.type }}"
description: "{{ timestamp.stdout }}_snapshot"
with_items:
- "{{ volumeinputs }}"
The tagname_variable is literally created as a tag name, not the value of the variable.
How I can make this work?
You will need to dynamically create that part of you dictionary, for example, with a combine, as YAML dictionaries key are usually not templated by Ansible.
This can be done in a vars sections of the task itself:
- name: AWS EBS Disks Snapshot For Volumes
ec2_snapshot:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_key_id }}"
security_token: "{{ aws_security_token }}"
volume_id: "{{ item.id }}"
region: "{{ aws_region }}"
snapshot_tags: "{{ _snapshot_tags }}"
description: "{{ timestamp.stdout }}_snapshot"
loop: "{{ volumeinputs }}"
vars:
_snapshot_tags_static:
Name: "{{ timestamp.stdout }}"
type: "{{ item.type }}"
_snapshot_tags: >-
{{
_snapshot_tags_static
| combine({tagname_variable: tagvalue_variable})
}}

Ansible: playbook to deploy VM (Linux)

I created this playbook to deploy new VM from template.
Now if I try to deploy a new Linux VM it works correctly but the hostname won't be customized
It keeps the same hostname from the template and I don't know why ??
Here is my playbook (this is just a test):
- name: Clone multiple VMs
hosts: localhost
gather_facts: false
vars_files:
multiple_vms.yml
tasks:
- name: Clone multiple Ubuntu VMS from Template
local_action:
module: vmware_guest
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
validate_certs: no
folder: "{{ folder }}"
template: "{{ vmtemplate }}"
name: "{{ item }}"
cluster: "{{ vcenter_cluster }}"
datacenter: "{{ vcenter_datacenter }}"
state: poweredon
networks:
- name: "{{ network }}"
type: "{{ network_dhcp_or_static }}"
hardware:
memory_mb: {{ number_memory }}
num_cpus: {{ number_cpu }}
customization:
hostname: "{{ servers }}"
domain : "mydomaine.test"
#customization_spec: "{{ customization_spec }}"
with_items: "{{ servers }}"
where vars multiple_vms.yml:
servers:
- ubuntu_test01
- ubuntu_test02
....
So I need my new VMS to take the hostname from the servers list (ubuntu_test01.mydomaine.test ..etc)
Thanks for the help
Using vmware_guest and customization option
First, try hostname: "{{ item }}"
Second, don't do the loop thing at all. Make a proper inventory, then:
- name: Clone multiple VMs
hosts: all
gather_facts: false
vars_files:
multiple_vms.yml
tasks:
- name: Clone multiple Ubuntu VMS from Template
vmware_guest:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
validate_certs: no
folder: "{{ folder }}"
template: "{{ vmtemplate }}"
name: "{{ ansible_hostname }}"
cluster: "{{ vcenter_cluster }}"
datacenter: "{{ vcenter_datacenter }}"
state: poweredon
networks:
- name: "{{ network }}"
type: "{{ network_dhcp_or_static }}"
hardware:
memory_mb: {{ number_memory }}
num_cpus: {{ number_cpu }}
customization:
hostname: "{{ ansible_hostname }}"
domain : "mydomaine.test"
delegate_to: localhost
N.B.: local_action is deprecated. Use delegate_to: localhost.

Using Ansible to enable logs AWS Application Load Balancer

name: Add HTTP listener rules
elb_application_lb:
state: present
name: "{{ albinfo.load_balancer_name }}"
subnets:
- "{{ albinfo.availability_zones[0].subnet_id }}"
- "{{ albinfo.availability_zones[1].subnet_id }}"
- "{{ albinfo.availability_zones[2].subnet_id }}"
security_groups:
- "{{ albinfo.security_groups[0] }}"
listeners:
- Protocol: HTTP
Port: 80
DefaultActions:
- Type: forward
TargetGroupName: default
Rules:
- Conditions:
- Field: host-header
Values: "{{ item.url }}"
Priority: "{{ item.priority }}"
Actions:
- TargetGroupName: "{{ item.name }}"
Type: forward
purge_listeners: no
with_items: "{{ regions }}"

How to evaluate a yaml key using jinja and then evaluate its value using jinja in .j2 file using ansible?

I have a kubernetes secrets manifest in the form of secret.j2 file which has a password key. This password key is supposed assigned a value from an ansible-vault encrypted string present in a dev.yml file. This dev.yml looks like below:-
dev_db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
I am passing "dev" as a runtime parameter "namespace=dev" to my playbook. The stringData of secret.j2 looks like this:-
stringData:
consoleadminpassword: "{{'{{'}} {{ namespace + '_console_password' }} {{'}}'}}"
consolenonadminpassword: "{{'{{'}} {{ namespace + '_console_password' }} {{'}}'}}"
dbpassword: "{{'{{'}} {{ namespace + '_console_password' }} {{'}}'}}"
When I am templating secret.j2 to secret.yml, the resulting output of stringData looks like this:-
stringData:
consoleadminpassword: "{{ dev_console_password }}"
consolenonadminpassword: "{{ dev_console_password }}"
dbpassword: "{{ dev_db_password }}"
Now I want it to further evaluate the "dev_db_password" to set "dbpassword" key to the decrypted value from dev.yml while ansible templates secret.j2 to secret.yml. Is there a way to achieve this in the same line by modifying dbpassword: "{{'{{'}} {{ namespace + '_db_password' }} {{'}}'}}" ?
Q: "evaluate the dev_db_password ... while ansible templates secret.j2. Is there a way to achieve this in the same line by modifying dbpassword: ... ?"
A: Yes. There is. Try lookup plugin vars. See ansible-doc -t lookup vars
dbpassword: "{{'{{'}} {{ lookup('vars', namespace + '_db_password') }} {{'}}'}}"
For example, the template
shell> cat secret.j2
stringData:
consoleadminpassword: "{{'{{'}} {{ lookup('vars', namespace + '_console_password') }} {{'}}'}}"
consolenonadminpassword: "{{'{{'}} {{ lookup('vars', namespace + '_console_password') }} {{'}}'}}"
dbpassword: "{{'{{'}} {{ lookup('vars', namespace + '_db_password') }} {{'}}'}}"
and the playbook
- hosts: localhost
tasks:
- template:
src: secret.j2
dest: secret.yml
vars:
namespace: dev
dev_console_password: passwd_console
dev_db_password: passwd_db
give
shell> cat secret.yml
stringData:
consoleadminpassword: "{{ passwd_console }}"
consolenonadminpassword: "{{ passwd_console }}"
dbpassword: "{{ passwd_db }}"
If you don't need the next evaluation of the variables (passwords) in the dictionary the template below
shell> cat secret.j2
stringData:
consoleadminpassword: {{ lookup('vars', namespace + '_console_password') }}
consolenonadminpassword: {{ lookup('vars', namespace + '_console_password') }}
dbpassword: {{ lookup('vars', namespace + '_db_password') }}
will give
shell> cat secret.yml
stringData:
consoleadminpassword: passwd_console
consolenonadminpassword: passwd_console
dbpassword: passwd_db
If you put the passwords into an encrypted file
shell> cat dev.yml
dev_console_password: passwd_console
dev_db_password: passwd_db
shell> ansible-vault encrypt dev.yml
Encryption successful
shell> cat dev.yml
$ANSIBLE_VAULT;1.1;AES256
30663636653963333864346339303034356463356234383035363561356365376130396465323736
...
the playbook will give the same results
- hosts: localhost
vars:
namespace: dev
tasks:
- include_vars: "{{ namespace }}.yml"
- template:
src: secret.j2
dest: secret.yml

Terminate EC2 instances, based on tags, using Ansible

I`m struggling to get this working without success.. Here my playbook.
First a search my machines by tag and later try to terminate them.
- name: EC2 Facts
ec2_instance_facts:
region: us-east-1
filters:
"tag:Type": "staging"
aws_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') }}"
aws_secret_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}"
register: ec2
- name: Kill EC2 Instance
ec2:
instance_ids: "{{ item.instance_id }}"
state: "{{ state }}"
region: "{{ lookup('env', 'AWS_REGION') }}"
aws_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') }}"
aws_secret_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}"
with_items: "{{ ec2.instances }}"
running like this:
ansible-playbook ec2_id_kill.yml --extra-vars "state=absent"
Looks ansible cannot find the instance_id from the facts
I am using this to terminate the single instance, you can adjust this to terminate multiple instance:
- name: EC2 Facts
ec2_instance_info:
region: us-east-1
filters:
"tag:Type": "staging"
aws_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') }}"
aws_secret_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}"
register: ec2
- name: Kill EC2 Instance
ec2:
instance_ids: "{{ ec2.instances[0].id }}"
state: "{{ state }}"
region: "{{ lookup('env', 'AWS_REGION') }}"
aws_access_key: "{{ lookup('env', 'AWS_ACCESS_KEY_ID') }}"
aws_secret_key: "{{ lookup('env', 'AWS_SECRET_ACCESS_KEY') }}"
Hope that help you