i want to create a file application.properties file and copy it over to specific location. im using template module for same. but i want to create content of the file based on comma separated input ip addresses count/values
the content of the file should is below.
conf_pg_hba_replication.connection=host replication oracle {{IP1}}/32 trust\nhost replication oracle {{IP2}}/32 trust\nhost replication oracle {{IP3}}/32.............
so i want my file to be created with dynamic content based on comma separated input ip address value.
if my input ip value is 127.0.0.1,123.123.123.123
file content should be
conf_pg_hba_replication.connection=host replication oracle 127.0.0.1/32 trust\nhost replication oracle 123.123.123.123/32 trust
so likewise i need to create contents of file.
please help me on this.
---
- name: pp
hosts: localhost
tasks:
- name: pp
template:
src: pp.j2
dest: pp.properties
newline_sequence: \n
-bash-4.2$ cat pp.j2
conf_pg_hba_replication.connection=host replication oracle {{slave_ip}}/32 trust
i pass ips list through a variable to ansible playbook like below
ansible-playbook postgres.yml -e "ips_list=ip1,ip2,ip3"
You are passing a coma separated ip list as an extra var on the ansible command line.
To acheive your requirement you need to:
transform the string containing the coma separated list to a real list with the split function.
loop over you list in your template to output the result.
This can actually be done in a single task. Given the following templates/pp.j2...
{% for slave_ip in ip_list %}
conf_pg_hba_replication.connection=host replication oracle {{ slave_ip }}/32 trust
{% endfor %}
and the following playbook...
---
- name: template our pp file
hosts: localhost
gather_facts: false
tasks:
- name: pp
template:
src: pp.j2
dest: pp.properties
vars:
ip_list: "{{ ip_list_raw.split(',') }}"
that you call like this...
ansible-playbook test.yml -e "ip_list_raw=127.0.0.1,1.2.3.4,5.6.7.8"
you get the following result
$ cat pp.properties
conf_pg_hba_replication.connection=host replication oracle 127.0.0.1/32 trust
conf_pg_hba_replication.connection=host replication oracle 1.2.3.4/32 trust
conf_pg_hba_replication.connection=host replication oracle 5.6.7.8/32 trust
Note that you can also drop the vars declaration with the split in the template task by passing directly the list of ips as a json array on the command line
ansible-playbook test.yml -e '{"ip_list":["127.0.0.1","1.2.3.4","5.6.7.8"]}'
Or even load them from an external yaml file e.g. my_ip_list.yml
---
ip_list:
- 127.0.0.1
- 1.2.3.4
- 5.6.7.8
like this:
ansible-playbook test.yml -e #my_ip_list.yml'
---
- name: check for postgresql standby
command: "{{ service }} postgres-check-standby"
ignore_errors: yes
register: check_standby
- set_fact:
is_standby: "N"
when:
- '"Error: Cannot get status of postgres server" in check_standby.stdout or "Error: Postgres-Server reports being" in check_standby.stdout'
- '" pg_last_xlog_receive_location \n-------------------------------\n \n(1 row)" in check_standby.stdout'
- set_fact:
is_standby: "Y"
when:
- '"postgres-server is slave/standby" in check_standby.stdout or "Error: Cannot get status of postgres server" in check_standby.stdout'
- '" pg_last_xlog_receive_location \n-------------------------------\n \n(1 row)" not in check_standby.stdout'
- set_fact:
is_standby: "D"
when:
- '"ERROR: postgres server is down or does not seem be standby" in check_standby.stdout'
- '"Is the server running locally and accepting" in check_standby.stderr'
- name: print if standby
command: echo "postgres-server is slave/standby"
when: is_standby == "Y"
- name: print if not standby
command: echo "postgres-server is not slave/standby"
when: is_standby == "N"
- name: print if component is down
command: echo "postgresql component is down"
when: is_standby == "D"
---
- name: check for postgresql master
command: "{{ service }} postgres-check-master"
ignore_errors: yes
register: check_master
- set_fact:
is_master: "Y"
when:
- '" pg_current_xlog_location \n--------------------------\n \n(1 row)" not in check_master.stdout'
- '"postgres-server is master" in check_master.stdout or "Cannot get status of postgres server" in check_master.stdout'
- set_fact:
is_master: "N"
when:
- '"postgres server is down or does not seem be" in check_master.stdout'
- '"ERROR: recovery is in progress" in check_master.stderr'
- set_fact:
is_master: "D"
when:
- '"postgres server is down or does not seem be" in check_master.stdout'
- '"Is the server running locally and accepting" in check_master.stderr'
- name: print if master
command: echo "postgres-server is master"
when: is_master == "Y"
- name: print if not master
command: echo "postgres-server is not master"
when: is_master == "N"
- name: print if component is down
command: echo "postgresql component is down"
when: is_master == "D"
---
- name: check postgresql status
command: "{{ service }} status"
ignore_errors: yes
register: postgresql_status
- name: start if its down
command: "{{ service }} start"
when:
- 'postgresql_status is failed or postgresql_status.rc != 0 or "apigee-service: apigee-postgresql: OK" not in postgresql_status.stderr'
- name: validate it is a standby node
include: check_standby.yml
- fail:
msg: postgres-server is not standby or down - please check"
when: is_standby != "Y"
- name: get ip address of old_master
shell: host {{OLD_MASTER_FQDN}} | awk -F"has address " '{print$2}'
ignore_errors: yes
register: old_master_ip
- name: get no of octet in ip address
shell: echo {{old_master_ip.stdout}} | sed s'/\./ /g' | wc -w
ignore_errors: yes
register: ip_octet_count
- name: echo old_master_ip
command: echo Old Master Node Ip address:- {{old_master_ip.stdout}}
when: old_master_ip.stdout != "" and ip_octet_count.stdout == "4"
- name: fail if unable to get ip address
fail:
msg: failed to get the ip address, please check and enter FQDN of old master postgres node
when: old_master_ip.stdout == "" or ip_octet_count.stdout != "4"
- name: Switching standby to master
shell: "{{ service}} promote-standby-to-master {{old_master_ip.stdout}}"
- name: validate master post swap
include: check_master.yml
- fail:
msg: postgresql is not master. please check microservice logs for error details.
when: is_master != "Y"
- name: backup existing file
command: "mv {{properties_file}} {{properties_file}}_backup{{ansible_date_time.date}}"
when: postgres_properties_file.stat.exists
- name: download properties file from Bitbucket
shell: "curl -k -v -u {{ username }}:{{ passwd }} {{POSTGRESQL_PROPERTIES_BB_URL}}?raw -o {{properties_file}}"
args:
warn: no
- name: restart postgresql component
command: "{{ service }} restart"
- name: print Outcome
command: echo "Successfully converted postgresql slave to master"
---
- name: check whether node is master node
include: check_master.yml
- name: bring down node if master is up and running
command: "{{ service }} stop"
when: is_master != "D"
- name: get ip address of new_master
shell: host {{NEW_MASTER_FQDN}} | awk -F"has address " '{print$2}'
ignore_errors: yes
register: new_master_ip
- name: get slave ip
shell: hostname -i
ignore_errors: yes
register: slave_ip
- name: get no of octet in slave ip address
shell: echo {{slave_ip.stdout}} | sed s'/\./ /g' | wc -w
ignore_errors: yes
register: slave_ip_octet_count
- name: get no of octet in new master ip address
shell: echo {{new_master_ip.stdout}} | sed s'/\./ /g' | wc -w
ignore_errors: yes
register: ip_octet_count_m
- name: echo new_master_ip and slave ip
command: "{{ item }}"
with_items:
- echo New Master Node Ip address:- {{new_master_ip.stdout}}
- echo Slave Ip address:- {{slave_ip.stdout}}
when: new_master_ip.stdout != "" and ip_octet_count_m.stdout == "4" and slave_ip.stdout != "" and slave_ip_octet_count.stdout == "4"
- name: fail if unable to get ip address
fail:
msg: failed to get the ip addresses, please check and enter FQDN of postgresql node
when: new_master_ip.stdout == "" or ip_octet_count_m.stdout != "4" or slave_ip.stdout == "" or slave_ip_octet_count.stdout != "4"
- name: create temp replication config file
copy:
dest: /tmp/setup_replication.txt
content: |
PG_MASTER={{new_master_ip.stdout}}
PG_STANDBY={{slave_ip.stdout}}
mode: 0750
- name: comment out the conf_pg_hba_replication.connection property in postgresql properties file
replace:
path: "{{properties_file}}"
regexp: 'conf_pg_hba_replication.connection='
replace: '#conf_pg_hba_replication.connection='
backup: yes
when: postgres_properties_file.stat.exists
- name: remove data folder
file:
path: /opt/apigee/data/apigee-postgresql
state: absent
- name: perform postgresql standby replication
shell: nohup {{service}} setup-replication-on-standby -f /tmp/setup_replication.txt >/tmp/standby_replication.log &
register: nohup_rep
- name: get PID of replication progress
shell: ps -eaf|grep -i setup-replication-on-standby|grep -v grep
ignore_errors: true
register: PID
- name: get PID count
shell: ps -eaf|grep -i setup-replication-on-standby|grep -v grep|wc -l
ignore_errors: true
register: PID_COUNT
- fail:
msg: There is an issue with replication - Please check the logs.
when: PID_COUNT.stdout == "0"
- name: print PID of replication process
command: "{{ item }}"
with_items:
- "echo {{nohup_rep.cmd}}"
- "echo {{PID.stdout}}"
Related
So I am trying take values from file, let's call it "test.yaml"
file looks like this (sorry for long output, but it is the shortest cut containing all patterns and structure):
---
results:
- failed: false
item: XXX.XX.XX.XX
invocation:
module_args:
validate_certs: false
vm_type: vm
show_tag: false
username: DOMAIN\domain-user
proxy_host:
proxy_port:
show_attribute: false
password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
port: XXX
folder:
hostname: XXX.XX.XX.XX
changed: false
virtual_machines:
- ip_address: XXX.XX.XX.XX
mac_address:
- XX:XX:XX:aa:XX:XX
uuid: XXXX-XX-XX-XXXX-XXXXX
guest_fullname: Red Hat Enterprise Linux X (XX-bit)
moid: vm-XXX
folder: "/DOMAIN-INTERXION/vm"
cluster:
attributes: {}
power_state: poweredOn
esxi_hostname: esx.hostname
tags: []
guest_name: VMnameXX
vm_network:
XX:XX:XX:aa:XX:XX:
ipv6:
- XX::XXX:XX:XXXX
ipv4:
- XXX.XX.XX.XX
I would like, for example to have something like:
results.invocation.virtual_machines.ip_address
results.invocation.module_args.user_name
I tried all kind of stuff but it doesn't work :)
last attempt is this:
---
- name: demo how register works
hosts: localhost
tasks:
- name: Include all .json and .jsn files in vars/all and all nested directories (2.3)
include_vars:
file: test.yml
name: vm
- name: debug
debug:
msg: "{{ item.0.item }}"
with_subelements:
- "{{ vm.results }}"
- virtual_machines
register: subelement
following your structure and after fixing some errors:
results.invocation.virtual_machines.ip_address is results[0].virtual_machines[0].ip_address
and
results.invocation.module_args.user_name is results[0].invocation.module_args.username
(results and virtual_machines are arrays, write results[0] or results.0 is same)
so a sample of playbook doing job:
- name: vartest
hosts: localhost
tasks:
- name: Include all .json and .jsn files in vars/all and all nested directories (2.3)
include_vars:
file: test.yml
name: vm
- name: ip
set_fact:
ipadress: "{{ vm.results[0].virtual_machines[0].ip_address }}"
- name: username
set_fact:
username: "{{ vm.results[0].invocation.module_args.username }}"
- name: display
debug:
msg: "ip: {{ ipadress }} and username: {{ username }}"
result:
ok: [localhost] =>
msg: 'ip: XXX.XX.XX.XX and username: DOMAIN\domain-user'
I have my ansible task running in all my api_servers which i would restrict it to run only on one IP (one of the api_server)
I have added run_once: true but it didnt helps.
Kindly advise.
EDIT :
Will the below work? I have 10 instances of app_servers running, I want the task to run only on one app_server
run_once: true
when:
- inventory_hostname == groups['app_servers'][0]
Where my inventory file is like
[app_servers]
prod_app_[1:4]
I would write my playbook like that:
---
# Run on all api_servers
- hosts: api_servers
tasks:
- name: do something on all api_servers
#...
# Run only on one api_server e.q. api_server_01
- hosts: api_server_01
tasks:
- name: Gather data from api_server_01
#...
The other option would be to work with when: or to run the playbook with the --limit option
---
- hosts: all
tasks:
- name: do something only when on api_server_01
#...
when: inventory_hostname == "api_server_01"
EDIT:
Here you will see all the option in one example:
---
- hosts: all
tasks:
- debug: msg="run_once"
run_once: true
- debug: msg=all
- debug: msg="run on the first of the group"
when: inventory_hostname == groups['app_servers'][0]
# Option with separated hosts, this one will be faster if gather_facts is not tuned.
- hosts: app_servers[0]
tasks:
- debug: msg="run on the first of the group"
(Since I can not comment, I have to answer.)
What about delegate_to? Where you delegate the task to a specific host.
hosts: all
tasks:
- name: Install vim on specific host
package:
name: vim
state: present
delegate_to: staging_machine
Or
As #user2599522 mentioned: --limit is also an option to use:
You can also limit the hosts you target on a particular run with the --limit flag. (Patterns and ansible-playbook flags)
Playbook below seems to be having trouble running thru the list of VM names..
error is as follows:
(type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Failed to find the managed object for [
then spits out the list separated with \name\
what am I doing wrong here?
- hosts: localhost
vars_prompt:
- name: vcenter_hostname
prompt: Please provide the vcenter server hostname.
private: no
- name: vcenter_username
prompt: Please provide the vcenter server username.
private: no
- name: vcenter_password
prompt: Please provide the password for the username.
unsafe: yes
private: yes
vars:
vm_name: "{{lookup('file', '/etc/ansible/lists/lab_common_backup.txt')}}"
tasks:
- name: vm_tag_add
vmware_tag_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
validate_certs: no
tag_names:
- 'Labs: Common Backup'
object_name: "{{ vm_name }}"
object_type: VirtualMachine
state: remove
I was able to get this working by using .split(), the default delimiter for split is a space..
object_name: "{{ vm_name.split() }}"
I need to validate that the PermitRootLogin parameter is equal to "no", for example:
PermitRootLogin no
But sometimes between these words there is more than one space. For this reason I use a regex, but apparently I do it wrong. This is the line that seems to be bad:
when: check_config.stdout.find('PermitRootLogin\s+no') != -1
Any idea how to fix this?
- hosts: redhat
tasks:
- name: check file
shell: cat /etc/ssh/sshd_config
register: check_config
- name: compare string
when: check_config.stdout.find('PermitRootLogin\s+no') != -1
debug: msg="this server is ok"
Q: "Validate that the PermitRootLogin parameter is equal to no."
A: Put the below declaration into the vars
match_lines: "{{ check_config.stdout_lines|
map('regex_search', '^\\s*PermitRootLogin\\s+no$')|
select }}"
and test the length of the list
- debug:
msg: this server is OK
when: match_lines|length > 0
Example of a complete playbook for testing
- hosts: localhost
vars:
match_lines: "{{ check_config.stdout_lines|
map('regex_search', '^\\s*PermitRootLogin\\s+no$')|
select }}"
tasks:
- command: cat /etc/ssh/sshd_config
register: check_config
- debug:
var: match_lines
- debug:
msg: This server is OK
when: match_lines|length > 0
gives, for example (abridged)
TASK [debug] *******************************************
ok: [localhost] =>
match_lines:
- PermitRootLogin no
TASK [debug] *******************************************
ok: [localhost] =>
msg: This server is OK
Given the inventory below set hosts -hosts: rehat
shell> cat hosts
[redhat]
test_11
test_12
test_13
The playbook gives, for example (abridged)
TASK [debug] *******************************************
ok: [test_11] =>
match_lines:
- PermitRootLogin no
ok: [test_12] =>
match_lines: []
ok: [test_13] =>
match_lines: []
TASK [debug] *******************************************
skipping: [test_12]
ok: [test_11] =>
msg: This server is OK
skipping: [test_13]
You can use lookup to simplify the task if the play is running at the localhost only. For example, the playbook below gives the same result
- hosts: localhost
tasks:
- debug:
msg: This server is OK
when: match_lines|length > 0
vars:
match_lines: "{{ lookup('file', '/etc/ssh/sshd_config').splitlines()|
map('regex_search', '^\\s*PermitRootLogin\\s+no$')|
select }}"
If you want to put/replace the line in the config use lineinfile. For example,
- lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin(.*)$'
line: 'PermitRootLogin no'
I have ansible task in which I am passing the password value hard coded.
Ansible script:-
- name: Airflow
rabbitmq_user:
user: airflow
password: password
state: present
force: yes
become: yes
become_method: sudo
become_user: root
register: airflow_dbsetup
notify:
- restart rabbitmq-server
Now I have created AWS parameter store like below. How can I pass these values inside my ansible script.
Take a look at the aws_ssm plugin for ansible.
Example:
- name: Airflow
rabbitmq_user:
user: "{{ lookup('aws_ssm', 'rabbitmq_user', region='us-east-1') }}"
password: "{{ lookup('aws_ssm', 'rabbitmq_password', region='us-east-1') }}
state: present
force: yes
become: yes
become_method: sudo
become_user: root
register: airflow_dbsetup
notify:
- restart rabbitmq-server