I have a list of paths stored in files_path variable.
This is a task where I am trying to concatenate paths from variable and adding the rest of the path using join.
- name: Changing supervisor files path
replace:
path: /etc/supervisor/supervisord.conf
regexp: 'files(.*)'
replace: 'files = /etc/supervisor/conf.d/*.conf {{ supervisor_files_path | join(' ')/shared/supervisor/*.conf }}
notify: restart supervisor
when: files_path is defined
The error I get:
fatal: [127.0.0.1]: FAILED! => {"msg": "template error while templating string: unexpected '*'. String: files = /etc/supervisor/conf.d/*.conf {{ files_path | join(' ')/shared/supervisor/*.conf }}"}
The issue is with the second star in code here: /shared/supervisor/*.conf
I was trying to escape using \* or [*], but getting the same error.
How should I change this?
I would try putting {{ }} around it so it becomes {{ /etc/supervisor/conf.d/*.conf }}. Also don't forget to put " " at the beginning and end of the line.
Related
I've been hitting a wall trying to get /etc/exports managed via Ansible.
I've got a role that installs a piece of software on a VM, and I want to then add an entry ot /etc/exports on the NFS server, for that specific VM, so it's able to access the NFS shares needed.
Lineinfile sounds like the way to go, but sofar I can't figure out how to properly write this.
I want this to:
not modify if the host is in the line, no matter where
add the NFS share and the host if there's no line for the NFS share
add the host to the share in case it isn't in there.
The latest installment of my 'add to /etc/exports' that thought should work, but doesn't, is:
- name: Add hosts to mountpoint line
ansible.builtin.lineinfile:
path: /etc/exports
line: '\1 {{ host_ip }}(root_squash,no_subtree_check)'
regex: '^((?!{{ volume_mountpoint }}.*{{ host_ip }}\(root_squash,no_subtree_check\).*).*)$'
backrefs: yes
but i'm still getting all kinds of weird side effects. I've used backreferences etc before, but somehow this one keeps tripping me up.
Anyone who sees what's gong wrong?
Typical /etc/exports entry:
/srv/files 172.16.0.14(rw,no_root_squash,no_subtree_check)
It's not possible in one step to modify a line using backreferences or add the line if missing. To modify the existing mount point the back-references are needed. For example, given the files for testing
shell> cat etc/export1
/srv/files 172.16.0.14(rw,no_root_squash,no_subtree_check)
shell> cat etc/export2
/srv/files 172.16.0.15(rw,no_root_squash,no_subtree_check)
shell> cat etc/export3
/srv/download 172.16.0.14(rw,no_root_squash,no_subtree_check)
the task
tasks:
- lineinfile:
path: "etc/{{ item }}"
regex: '^{{ mount }}(\s+)({{ ipr }})*({{ optionsr }})*(\s*)(.*)$'
line: '{{ mount }}\g<1>{{ ip }}{{ options }} \g<5>'
backrefs: true
vars:
mount: /srv/files
ipr: '172\.16\.0\.14'
ip: '172.16.0.14'
optionsr: '\(.*?\)'
options: '(root_squash,no_subtree_check)'
loop:
- export1
- export2
- export3
gives
--- before: etc/export1 (content)
+++ after: etc/export1 (content)
## -1 +1 ##
-/srv/files 172.16.0.14(rw,no_root_squash,no_subtree_check)
+/srv/files 172.16.0.14(root_squash,no_subtree_check)
changed: [localhost] => (item=export1)
--- before: etc/export2 (content)
+++ after: etc/export2 (content)
## -1 +1 ##
-/srv/files 172.16.0.15(rw,no_root_squash,no_subtree_check)
+/srv/files 172.16.0.14(root_squash,no_subtree_check) 172.16.0.15(rw,no_root_squash,no_subtree_check)
changed: [localhost] => (item=export2)
ok: [localhost] => (item=export3)
The first two files are all right. The problem is the third file. The line hasn't been added to the file. Quoting from backrefs
"... if the regexp does not match anywhere in the file, the file will be left unchanged."
The explanation is simple. There are no groups if the regex doesn't match. If there are no groups the line can't be created.
On the other hand, quoting from regexp
"... If the regular expression is not matched, the line will be added to the file ..."
As a result, it's not possible to ask lineinfile to add a line if the regexp does not match and, at the same time, to do nothing if the regexp is matched. If the regexp is matched you need back-references. If you use back-references you can't add a missing line.
To solve this problem read the content of the files and create a dictionary
- command: "cat etc/{{ item }}"
register: result
loop: [export1, export2, export3]
- set_fact:
content: "{{ dict(_files|zip(_lines)) }}"
vars:
_lines: "{{ result.results|map(attribute='stdout_lines')|list }}"
_files: "{{ result.results|map(attribute='item')|list }}"
gives
content:
export1:
- /srv/files 172.16.0.14(rw,no_root_squash,no_subtree_check)
export2:
- /srv/files 172.16.0.15(rw,no_root_squash,no_subtree_check)
export3:
- /srv/download 172.16.0.14(rw,no_root_squash,no_subtree_check)
Now add the line only if missing, i.e. do not replace the line if the mount point is already there
- lineinfile:
path: "etc/{{ item }}"
line: '{{ mount }} {{ ip }}{{ options }}'
vars:
mount: /srv/files
ip: '172.16.0.14'
options: '(root_squash,no_subtree_check)'
loop: "{{ content|list }}"
when: content[item]|select('search', mount)|length == 0
gives
skipping: [localhost] => (item=export1)
skipping: [localhost] => (item=export2)
--- before: etc/export3 (content)
+++ after: etc/export3 (content)
## -1 +1,2 ##
/srv/download 172.16.0.14(rw,no_root_squash,no_subtree_check)
+/srv/files 172.16.0.14(root_squash,no_subtree_check)
I have the following playbook that is trying to assert that a user prompt variable of NX-OS image equals the ansible_net_image captured from a Nexus switch. This is driving me crazy as to the correct format for the test condition.
---
- name: Upgrade NX-OS on switch with pre-checks to load image as required
hosts: nexus-7000
gather_facts: no
vars_prompt:
- name: NX_OS_Upgrade_Version
prompt: "Please enter NX-OS version to upgrade too - ensure that the filename is as used by boot variable"
private: no
##############################################################################
## Start of task execution
##############################################################################
tasks:
- name: Gather IOS configuration and software facts from switches
nxos_facts:
gather_subset: "!hardware"
################################################################################
## Display running image version to terminal
################################################################################
- debug:
msg: "{{ NX_OS_Upgrade_Version }}"
- assert:
that:
- "ansible_net_image | regex:/^bootflash:\\/\\/\\/(.*) == NX_OS_Upgrade_Version"
Upon execution this error is displayed.
fatal: [switcha]: FAILED! => {"msg": "The conditional check 'ansible_net_image | regex:/^bootflash:\/\/\/(.) == NX_OS_Upgrade_Version' failed. The error was: template error while templating string: expected token 'end of statement block', got '/'. String: {% if ansible_net_image | regex:/^bootflash:\/\/\/(.) == NX_OS_Upgrade_Version %} True {% else %} False {% endif %}"}
fatal: [switchb]: FAILED! => {"msg": "The conditional check 'ansible_net_image | regex:/^bootflash:\/\/\/(.) == NX_OS_Upgrade_Version' failed. The error was: template error while templating string: expected token 'end of statement block', got '/'. String: {% if ansible_net_image | regex:/^bootflash:\/\/\/(.) == NX_OS_Upgrade_Version %} True {% else %} False {% endif %}"}
The regex has been tested, but I am struggling to get the correct syntax for the Ansible play.
It would be great if someone could show me what I have got wrong.
Use 7.3.2. Single-Quoted Style to create regex.
See Testing strings.
For example
- hosts: localhost
vars:
ansible_net_image: 'bootflash:///n5000-uk9-kickstart.5.1.3.N2.1b.bin'
NX_OS_Upgrade_Version1: 'n5000-uk9-kickstart.5.1.3.N2.1b'
my_regex1: '^bootflash:///{{ NX_OS_Upgrade_Version1 }}.bin'
NX_OS_Upgrade_Version2: 'n5000-uk9-kickstart.5.1.4.N2.1b'
my_regex2: '^bootflash:///{{ NX_OS_Upgrade_Version2 }}.bin'
tasks:
- assert:
that: ansible_net_image is match(my_regex1)
success_msg: "Image is version {{ NX_OS_Upgrade_Version1 }}"
fail_msg: "Image is NOT version {{ NX_OS_Upgrade_Version1 }}"
- assert:
that: ansible_net_image is match(my_regex2)
success_msg: "Image is version {{ NX_OS_Upgrade_Version2 }}"
fail_msg: "Image is NOT version {{ NX_OS_Upgrade_Version2 }}"
gives
ok: [localhost] => {
"changed": false,
"msg": "Image is version n5000-uk9-kickstart.5.1.3.N2.1b"
}
fatal: [localhost]: FAILED! => {
"assertion": "ansible_net_image is match(my_regex2)",
"changed": false,
"evaluated_to": false,
"msg": "Image is NOT version n5000-uk9-kickstart.5.1.4.N2.1b"
}
I try to use Ansible regex_replace to filter the sub-string "application_1514971620021_4505" from a status message.
In the shell the message looks like this:
I run this code in Ansible:
---
- hosts: [npif]
remote_user: root
tasks:
- block:
- name: Admin submit check
command: chdir=/usr/spring-xd-1.3.1.RELEASE-yarn/ bin/xd-yarn submitted
register: admininfo
- debug: msg="{{ admininfo.stdout }}"
- debug: msg="{{ admininfo.stdout | regex_replace('^.*(application\_\d.*\_\d*)\s.*', '\\1') }}"
become: yes
become_user: ingestdev
debug: msg="{{ admininfo.stdout }}" returns the status message in the different format than in the shell:
ok: [npif] => {
"msg": " APPLICATION ID USER NAME QUEUE TYPE STARTTIME FINISHTIME STATE FINALSTATUS ORIGINAL TRACKING URL\n ------------------------------ --------- --------- -------- ---- -------------- ---------- ------- ----------- ------------------------\n application_1514971620021_4505 ingestdev spring-xd batch_cb XD 1/3/18 2:49 PM N/A RUNNING UNDEFINED http://x.x.x.x:9394"
}
When I run the second debug with regex_replace, I get the identical output to the first debug output - no regex_replace filter has been applied. The regex filter is correct - I've tested it externally. Basically the Ansible code is working too - I have tested with line below and got "test" as expected.
- debug: msg="{{ 'test.home.com' | regex_replace('^([^.]*).*', '\\1') }}"
Do you have an idea, what is wrong with my approach?
Your first problem is that .* doesn't appear to match newlines. Consider this:
- debug:
msg: "{{ admininfo.stdout | regex_replace('.*application', 'foo') }}"
This will replace application with foo, but will leave the header lines intact. Since the ^ anchors your regular expression to the beginning of the text (not the beginning of a line) your expression will never match.
You can take advantage of the fact that ansible has already provided you with individual lines in the stdout_lines key of your registered output. In this case, you would use something like:
- debug:
msg: >
{{ admininfo.stdout_lines[2] | regex_replace('^.*(application_\d.*_\d*)\s.*', '\1') }}
Note here that I've made a few changes in how things are quoted and escaped. In particular, I'm using the folded literal operator > in place of double quotes, and you neede to use \1 instead of \\1 for your replacement string.
This gives me:
ok: [localhost] => {
"msg": "application_1514971620021_4505\n"
}
My problem is with ansible and parsing stdout. I need to capture the stdout from an ansible play and parse this output for a specific substring within stdout and save into a var. My specific use case is below
- shell: "vault.sh --keystore EAP_HOME/vault/vault.keystore |
--keystore-password vault22 --alias vault --vault-block |
vb --attribute password --sec-attr 0penS3sam3 --enc-dir |
EAP_HOME/vault/ --iteration 120 --salt 1234abcd"
register: results
become: true
This generates an output with the following line, the goal is to capture the masked key that jboss vault generates and save that in an ansible var so I can use it to configure the standalone.xml template:
vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>
I need a way parse this string with possibly regex and save the "MASK-5dOaAVafCSd" substring into an ansible var using set_facts module or any other ansible module.
Currently my code looks like this
#example stdout
results: vault-option name=\"KEYSTORE_PASSWORD\" value=\"MASK-5dOaAVafCSd\"/>
- name: JBOSS_VAULT:define keystore password masked value variable
set_fact:
masked_value: |
"{{ results.stdout |
regex_replace('^.+(MASK-.+?)\\.+','\\\1') }}"
This code is defining masked_value as the results.stdout, not the expected capture group.
You are very close. I advice you to use regex101.com to test regular expressions.
Here is my solution:
---
- hosts: localhost
gather_facts: no
tasks:
- shell: echo 'vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"'
register: results
- set_fact:
myvalue: "{{ results.stdout | regex_search(regexp,'\\1') }}"
vars:
regexp: 'value=\"([^"]+)'
- debug:
var: myvalue
result:
ok: [localhost] => {
"myvalue": [
"MASK-5dOaAVafCSd"
]
}
Update:
regex_search returns a list of found matches, so to get only first one use:
{{ results.stdout | regex_search(regexp,'\\1') | first }}
The above solution worked for me, however I had to do some extra logic to filter shell command output to get to the line which contains following
<vault-option name="KEYSTORE_PASSWORD" value="MASK-6qcNdkIprlA"/>
because vault command output has many lines in it. Once this line is captured, the solution given by Konstantin works just fine. Below is the whole thing that needs to done in one place.
- name: Creating jboss vault
shell: |
{{ baseDir }}/bin/vault.sh -e {{ vaultDir }} -k {{ keystoreURL }} -p {{ keystorePassword }} \
-s {{ keystoreSalt }} -i {{ iterationCount }} -v {{ keystoreAlias }} -b {{ vaultBlock }} \
-a {{ attributeName }} -x {{ attributeValue }}
register: vaultResult
- set_fact:
jbossKeystorePassword: "{{ item | regex_search('value=\"([^\"]+)','\\1') | first }}"
when: item | trim | match('.*KEYSTORE_PASSWORD.*')
with_items:
- "{{ vaultResult.stdout_lines }}"
- debug:
var: jbossKeystorePassword
Be sure to replace all variables with your values in above vault.sh command.
I want to change one line of my code in file /var/www/kibana/config.js during installation from
elasticsearch: "http://"+window.location.hostname+":9200"
to
elasticsearch: "http://192.168.1.200:9200"
Here I tried to use lineinfile to do that as show below
- name: Comment out elasticsearch the config.js to ElasticSearch server
lineinfile:
dest=/var/www/kibana/config.js
backrefs=true
regexp="(elasticsearch.* \"http.*)$"
line="elasticsearch\: \" {{ elasticsearch_URL }}:{{ elasticsearch_port }} \" "
state=present
I have set variables of {{elasticsearch_URL}} and {{elasticsearch_port}} to http://192.168.1.200 and 9200, respectively.
Here is the error message I met:
ERROR: Syntax Error while loading YAML script, /Users/shuoy/devops_workspace/ansible_work/logging-for-openstack/roles/kibana/tasks/Debian.yml
Note: The error may actually appear before this position: line 29, column 25
regexp="(elasticsearch.* \"http.*)$"
line="elasticsearch\: \" {{ elasticsearch_URL }}:{{ elasticsearch_port }} \" "
^
The solution that will work in any case no matter how many nested quotes you might have and without forcing you to add more quotes around the whole thing (which can get tricky to impossible depending on the line you want to write) is to output the colon through a Jinja2 expression, which simply returns the colon as a string:
{{ ":" }}
Or in your complete line:
line="elasticsearch\: \" {{ elasticsearch_URL }}{{ ":" }}{{ elasticsearch_port }} \" "
Credit to this goes to github user drewp.
you need to enclose the entire line in ", where : appears.
lineinfile:
'dest=/var/www/kibana/config.js
backrefs=true
regexp="(elasticsearch.* \"http.*)$"
line="elasticsearch\: \ {{ elasticsearch_URL }}:{{ elasticsearch_port }} \ "
state=present'
See these pages:
Link-1 Link-2 Link-3
Just keep the colon in quotes separately -
regexp="(elasticsearch.* \"http.*)$" line="elasticsearch':' \" {{ elasticsearch_URL }}:{{ elasticsearch_port }} \" "
foo=bar is the more suitable format for a one-line directive, but as you're already spanning several lines with your parameters anyway, just change the = to :, and it won't fuss about having a colon in your string.
- name: Comment out elasticsearch the config.js to ElasticSearch server
lineinfile:
dest: /var/www/kibana/config.js
backrefs: true
regexp: 'elasticsearch.* "http.*$'
line: 'elasticsearch: "{{ elasticsearch_URL }}:{{ elasticsearch_port }}"'
state: present
It’s a string already; you don’t have to (and can’t, as seen here) escape colons inside it.
line="elasticsearch: \" {{ elasticsearch_URL }}:{{ elasticsearch_port }} \" "
What I've found to be working consistently in all cases is a variable. For example, vars/main.yml:
fw_zone_str: 'Error: NAME_CONFLICT: new_zone():'
In tasks/foo.yml:
failed_when: fw_zone_str not in fw_new_zone.stderr