[ansible-project] Re: ansible-core 2.14 and determining if top level variables exist in source

[flowerysong]

On Wednesday, February 1, 2023 at 2:42:33 PM UTC-5 noke...@gmail.com wrote:
Hi,
I just opened https://github.com/ansible/ansible/issues/79874 and Matt 
explained that 2.14 change is working as designed and closed the issue.

Matt put a link in the issue describing variable lazy eval and how 
undefined variables now work:
https://docs.ansible.com/ansible-core/2.14/porting_guides/porting_guide_core_2.14.html#playbook

I believe I'm tracking those changes, but I'm still lost on how my use case 
can be implemented.  My specific use case was a task's when clause 
determining to execute based on a top level variable being "authored".  If 
the author made a mistake in the nested elements, then an exception is 
desired.  How can this use case be implemented in 2.14?

You can use the varnames lookup to determine whether a top-level variable 
exists:
 
- name: Run when foo exists
  debug:
  when: query('varnames', '^foo$')

If you want to do a preflight check that the variable is defined properly, 
you can do something like this:

- assert:
that: foo is defined
  when: query('varnames', '^foo$')

Then you can continue using `when: foo is defined` on your actual task(s), 
since you have asserted that the variable is either fully undefined or 
fully defined.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6d836e46-e3ae-466e-a463-57b02ac6fb6an%40googlegroups.com.

[ansible-project] Re: ansible.builtin.service hangs

[flowerysong]

On Thursday, October 13, 2022 at 6:37:05 AM UTC-4 uto...@gmail.com wrote:

> Your last "when:" is wrong.
>
> when: 'not i_am_master' 
>
> A quoted when condition that contains no jinja mustaches is just a string, 
> which is always true. You want
>
> when: not i_am_master
>

You are incorrect. Unquoted scalars and quoted scalars are just different 
YAML representations of the same data; once it's parsed these two are 
completely identical. You have to have two levels of quotes (the YAML 
quotes and a quoted string as the Jinja expression) in order for it to be 
treated as always true:

when: '"not i_am"'

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/063e1c95-17f2-4088-a1ef-9248ed0afaaan%40googlegroups.com.

Re: [ansible-project] nested roles

[flowerysong]

I highly disagree with this, and would be interested in a pointer to the 
documentation that you say claims "importing a role in the tasks of another 
role is a bad idea" since I've never seen that in the official Ansible 
documentation.

Explicitly importing or including the role provides more control over 
execution order, and ansible-galaxy can still handle dependency install by 
listing them in meta/requirements.yml 
(https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#using-meta-requirements-yml)

On Saturday, June 18, 2022 at 11:33:55 AM UTC-4 pgm...@gmail.com wrote:

> Hi John, 
>
> Per ansible doc, you should not import a role within another role. 
> Instead, you should use the built in dependencies model. Importing a role 
> in the tasks of another role is a bad idea because it reduces the 
> portability of the role. You'd have to guarantee that the role you're using 
> and the role you import are both present in your roles dir. The dependency 
> model ansible provides solves this problem by leveraging the ansible galaxy 
> command to pull dependencies from remote repositories. 
>
> Paul
>
> Sent from my T-Mobile 5G Device
> Get Outlook for Android 
>
> --
> *From:* ansible...@googlegroups.com  on 
> behalf of John Petro 
> *Sent:* Friday, June 17, 2022, 3:26 PM
> *To:* ansible...@googlegroups.com 
> *Subject:* [ansible-project] nested roles
>
> I have a question regarding nested roles.  
>
> Back Story:  I am doing some code reviews for some ansible code a coworker 
> has done.  I noticed that they are importing other roles into the role they 
> are working on.  
>
> Question:  I feel like this is not a good idea, that dependencies should 
> be taken care of at the playbook level, but I am having a difficult time 
> justifying why nesting roles is not necessarily a good idea, so I am 
> looking for some feedback to help me here.  I welcome your thoughts on 
> this...
>
> --John
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/CAPAjob8sDH_4Sz23MFPTsBiB0wzmokOKmyJdfkGdsPY6nTZchQ%40mail.gmail.com
>  
> 
> .
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7d730b37-122d-44c8-b198-b3a0589984bdn%40googlegroups.com.

[ansible-project] Re: Add/substract to list items - but without a loop

[flowerysong]

This is a little weird because of the use of zip() to turn the list of 
integers into a list of lists, but still fairly readable IMO:

foo | zip | map('sum', start=-1)

On Friday, January 21, 2022 at 8:14:27 AM UTC-5 dick@geant.org wrote:

> Hi
> I have this list of ints:
>
> selection:
>   - 1
>   - 4
>   - 5
>   - 7
>
> I'd like to subtract 1 from each item, so that I will end up with:
>
> selection:
>   - 0
>   - 3
>   - 4
>   - 6
>
> I'd like to avoid adding an intermediary set_fact loop to do the math.
> If I define this filter:
>
> def subtract(number, amount=1):
> return number - amount
>
> Then I can accomplish what I want using:
>
> selection|map('subtract')
>
> which is reasonably clean and understandable.
>
> But before I add a new filter - is there any other way to achieve this?
>
>
> thx
>
>
> -- 
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e8ddd0eb-3ab3-41ee-be68-0bbe7db48b10n%40googlegroups.com.

[ansible-project] Re: include_tasks and noop

[flowerysong]

I don't see any benefit to the proposed feature. If you want to skip an 
include based on a flag value, you can do that without adding complexity to 
the engine.

- include_tasks: "{{ task_file }}.yml"
  when: task_file | default('noop') != 'noop'

On Thursday, December 9, 2021 at 6:05:10 PM UTC-5 Omar wrote:

> This is potential feature idea.
>
> I'm developing a small collection and as an extension points I expose 
> various variable that refer to 'task files'. For example, I have a role 
> named prepare with a task file named `_yum.yml` and I have a variable 
> `repositories_tasks` with a default value `_yum.yml`.
>
> Users can override the variable `repositories_tasks` and provide their own 
> tasks file. Or they could disable it entirely by providing an empty tasks 
> file(maybe with a debug task).
> `repositories_tasks: noop.yml`
>
> Another case is for 'hooks' to run tasks at various phases in a role's 
> execution. For example a `pre_upgrade_hook` or a `pre_restart hook` and 
> have them undefined or set to `None` or an empty string. Sample code:
> ```
> - include_tasks: "{{ pre_kubelet_upgrade_hook }}"
> when: pre_kubelet_upgrade_hook is defined and (not 
> pre_kubelet_upgrade_hook is none) and (pre_kubelet_upgrade_hook | trim != 
> '')
> ```
>
> After seeing this pattern I thought that this could br a lot simpler(from 
> a user perspective). Suppose we have a special value that when it appears 
> as a value in `include_tasks` nothing happens. I will use `ansible_noop` as 
> the special value. the following:
> - include_tasks: ansible_noop
> simply does nothing.
>
> When I user wants to disable a set tasks exposed through a variable, they 
> can assign it to `ansible_noop`, and as a default value for all hook 
> variables you can assign them to `ansible_noop`.
>
> Sample code for role author:
> `defaults/main.yml`
>
> pre_kubelet_upgrade_hook: ansible_noop
> update_kube_tasks: _update_kube.yml
> copy_config_tasks: _copy_config.yml
>
> Sample code for role clients:
> include_role:
> name: upgrade
> vars:
>   pre_kubelet_upgrade_hook: cri_upgrade.yml # File supplied by user
>   update_kube_tasks: update_kube.yml
>   copy_config_tasks: ansible_noop
>
> What do you think?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/72b9c4c9-e1e7-40c6-9637-e472de9abeacn%40googlegroups.com.

[ansible-project] Re: Ability for a host to declare which roles should be applied to it?

[flowerysong]

No, that kind of hack is about as far from best practices as you can get. 
As I said in my previous message, the alternative that you were not aware 
of was using `include_role` with the `always` tag.

On Wednesday, December 8, 2021 at 1:49:58 PM UTC-5 phi...@kauffman.me wrote:

> Thanks. However, I"m not actually using that role.
>
> My main question is if rendering 'import_role' task files follows best 
> practices or if there is an alternative to what I'm doing I'm not aware of.
>
> On Wednesday, December 8, 2021 at 12:06:52 PM UTC-6 flowerysong wrote:
>
>> Set `tags: always` on your include_role task, so that it always runs.
>>
>> On Wednesday, December 8, 2021 at 12:31:16 PM UTC-5 phi...@kauffman.me 
>> wrote:
>>
>>> I'd like to start a discussion on the ability to define roles to 
>>> `import_role` from within host_vars. Instead of *only* defining those roles 
>>> statically in a playbook.
>>>
>>> My goal is to be able to give an inventory_host the ability to define 
>>> any [extra] roles it should import [on top of what is expressed in the 
>>> playbook].
>>>
>>> ```
>>> roles/include-roles/tasks/main.yml 
>>> ---
>>> - name: host_vars defined roles
>>>   include_role:
>>> name: "{{ r }}"
>>>   loop: "{{ roles }}"
>>>   loop_control:
>>> loop_var: r
>>> ```
>>>
>>> This is reasonably effective, but I lose the ability to use tags I've 
>>> set in the roles I include.
>>>
>> ### Conclusion
>>> Overall the rendered task file that imports all the roles does most 
>>> everything I need, but it feels incorrect. Like I abused the tool into 
>>> working how I wanted it to work and not how it was intended to be used. Is 
>>> there some Ansible-ism that I'm not aware of?
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6d079bf0-eee7-465b-a52a-665c534244a8n%40googlegroups.com.

[ansible-project] Re: Ability for a host to declare which roles should be applied to it?

[flowerysong]

Set `tags: always` on your include_role task, so that it always runs.

On Wednesday, December 8, 2021 at 12:31:16 PM UTC-5 phi...@kauffman.me 
wrote:

> I'd like to start a discussion on the ability to define roles to 
> `import_role` from within host_vars. Instead of *only* defining those roles 
> statically in a playbook.
>
> My goal is to be able to give an inventory_host the ability to define any 
> [extra] roles it should import [on top of what is expressed in the 
> playbook].
>
> ```
> roles/include-roles/tasks/main.yml 
> ---
> - name: host_vars defined roles
>   include_role:
> name: "{{ r }}"
>   loop: "{{ roles }}"
>   loop_control:
> loop_var: r
> ```
>
> This is reasonably effective, but I lose the ability to use tags I've set 
> in the roles I include.
>

> ### Conclusion
> Overall the rendered task file that imports all the roles does most 
> everything I need, but it feels incorrect. Like I abused the tool into 
> working how I wanted it to work and not how it was intended to be used. Is 
> there some Ansible-ism that I'm not aware of?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/65844e26-04c5-4a65-86c4-f2ba068c320an%40googlegroups.com.

[ansible-project] Re: Combining several facts into one array

[flowerysong]

While the use of json_query obscures the actual structure that you're 
dealing with (and you haven't provided an example), this looks an awful lot 
like you're taking something where you already have all of the information 
you want in a list, and turning it into three lists. Is there a reason you 
can't just use user_find.json.result.result directly?

On Tuesday, October 5, 2021 at 2:28:09 PM UTC-4 lift...@gmail.com wrote:

> I'm querying our FreeIPA server for user information.  What I need is 
> there UID, GID, and Home directory.  I can get those individually, but how 
> can I set a fact that combines all of these items?  Here's the 3 separate 
> facts, I just can't figure out how to have an array of them:
>
>   - name: Set User facts
> set_fact:
>   user_uid: "{{ user_find.json.result | json_query('result[].uid[]') 
> }}"
>   user_gid: "{{ user_find.json.result | 
> json_query('result[].gidnumber[]') }}"
>   user_list: "{{ user_find.json.result | 
> json_query('result[].homedirectory[]') }}"
>
> Any ideas?
> Harry
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5d057828-2c38-48e6-ae65-2f9251e6c2b5n%40googlegroups.com.

[ansible-project] Re: Excluding items from debug output

[flowerysong]

As the other reply pointed out you were comparing a string to a list, so it 
was always unequal.  However, there's a much cleaner way to output the 
desired information (a task loop will still have output for skipped items):

- name: Output filtered directory list
  debug:
msg: "{{ user_list | difference(['/home/admin', '/home/jdxadmin', 
'/home/test2']) }}"

On Tuesday, October 5, 2021 at 11:53:23 AM UTC-4 lift...@gmail.com wrote:

> I have a fact that I'm printing out currently for debug purposes.  It's a 
> list of user home folders.  I'm trying to exclude certain folders, but not 
> matter what I try, the folders I want to exclude are displayed.  Here's 
> what I'm trying:
>
>   - name: Set User Home Directory fact
> set_fact:
>   user_list: "{{ user_find.json.result | 
> json_query('result[].homedirectory[]') }}"
>
>   - name: Print output
> debug:
>   msg: "{{ item }}"
> with_items: "{{ user_list }}"
> when: (user_list != "/home/admin") or (user_list != "/home/jdxadmin") 
> or (user_list != "/home/test2")
>
> I've tried using "and" and "or" and they both print everything, including 
> the items I'm trying to exclude.  Any ideas on where I'm going wrong?
>
> Thanks,
> Harry
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c3dd7cd0-df61-401d-a222-9c1ccd7bb161n%40googlegroups.com.

[ansible-project] Re: Simple Playbook for mysql query

[flowerysong]

2.9 is before the collection split, so the available version of the module 
is called simply `mysql_query`. Unless you have a specific reason to use 
the collection (and have correctly installed the collection locally), you 
should not use `community.mysql.mysql_query` with 2.9.x.

On Friday, September 17, 2021 at 4:53:20 PM UTC-4 adam.f...@gmail.com wrote:

> ansible 2.9.25
>   config file = /etc/ansible/ansible.cfg
>   configured module search path = 
> ['/home/intulseadmin/.ansible/plugins/modules', 
> '/usr/share/ansible/plugins/modules']
>   ansible python module location = /usr/lib/python3.6/site-packages/ansible
>   executable location = /usr/bin/ansible
>   python version = 3.6.8 (default, Mar 19 2021, 05:13:41) [GCC 8.4.1 
> 20200928 (Red Hat 8.4.1-1)]
>
>
> On Friday, September 17, 2021 at 4:52:22 PM UTC-4 rjr...@gmail.com wrote:
>
>> Which ansible version are you using?: Try command:
>>
>> ansible --version
>>
>> El viernes, 17 de septiembre de 2021 a la(s) 15:37:51 UTC-5, 
>> adam.f...@gmail.com escribió:
>>
>>> Sure!
>>>
>>> ERROR! couldn't resolve module/action 'community.mysql.mysql_query'. 
>>> This often indicates a misspelling, missing collection, or incorrect module 
>>> path.
>>>
>>> The error appears to be in '/etc/ansible/playbooks/get_trunk_name.yml': 
>>> line 8, column 5, but may
>>> be elsewhere in the file depending on the exact syntax problem.
>>>
>>> The offending line appears to be:
>>>
>>>   tasks:
>>>   - name: Select trunk names
>>> ^ here
>>>
>>>
>>> The database is NOT running on the ansible server.  The ansible server 
>>> is not running on my local PC , but rather a server at a colo at a 
>>> different IP.   So I can't use the mysql client from that server.  
>>>
>>> On Friday, September 17, 2021 at 4:07:58 PM UTC-4 rjr...@gmail.com 
>>> wrote:
>>>
 Can you include the returning error message you get?
 Is the database running in the same server where you are running the 
 playbook?
 Database is reachable if you use the mysql client?

 El viernes, 17 de septiembre de 2021 a la(s) 15:03:47 UTC-5, 
 adam.f...@gmail.com escribió:

> Hello,
>
> I have been using Ansible for very basic playbooks.  I now want to 
> have a simply playbook that connected to my asterisk PBX, and lookup a 
> value in the my SQL table.  I have tried many various combinations to get 
> this working, but keep getting errors.  Can someone help with this simply 
> playbook?  I dont know if the issue is bad YAML formatting, or something 
> else.  Thank you in advance!
>
>
> ---
> - name: Select trunk name from pbx
> hosts: demoserver
> become: true
> become_user: root
>
> tasks:
> - name: Select trunk names
> community.mysql.mysql_query:
> login_db: asterisk
> query: SELECT * FROM trunks
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1d49e33e-d0d0-4c37-9451-fdc39917963bn%40googlegroups.com.

[ansible-project] Re: "10" compares as older than "10.0" with version()

[flowerysong]

On Tuesday, September 14, 2021 at 7:20:59 PM UTC-4 Andy Smith wrote:

> My ansible_distribution_version returns "10". This debug fires: 
>
> - name: version 10 < 10.0 
> ansible.builtin.debug: 
> msg: 
> - "I think 10 is older than 10.0" 
> when: {{ ansible_distribution_version }} is version('10.0', '<') 
>
> python 3.9.7, ansible 2.10.14. 
>
> Any way around this without processing ansible_distribution_version 
> to have a trailing ".0" when it has no dots? 
>

Yes. Compare to the lowest version you want to accept, which is '10'. 
(Also, don't nest moustaches.)

when: ansible_facts.distribution_version is version('10', '<')

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c7e2d9f1-428e-4f3c-a315-dc47473b8756n%40googlegroups.com.

Re: [ansible-project] Doubt

[flowerysong]

On Friday, August 27, 2021 at 12:37:39 AM UTC-4 ra...@linuxia.de wrote:

> On 26/08/2021 21:26, Doug Hunley wrote: 
> > try 
> > *- hosts: all 
> >   roles: 
> > - role: debian_stock_config 
> >   when: ansible_facts['os_family']|lower == 'debian'
>
> That condition is overcomplicated. 
>
>   when: ansible_os_family == 'Debian' 
>

That's more a sideways step than an improvement; using ansible_facts is 
better than relying on the top-level injection of vars (which can be 
disabled.)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/de15005c-0cd9-4407-b9ee-813971c4140dn%40googlegroups.com.

[ansible-project] Re: Gathering facts from hosts

[flowerysong]

On Tuesday, April 13, 2021 at 9:26:36 AM UTC-4 werner...@ufz.de wrote:

> Hi list, 
>
> I wonder if there is a dynamic way of providing facts about hosts. 
>
> I only find the possibility to include facts that are hardcoded in one 
> file (or multiple), but they are static, and maybe outdated. This I see 
> on page 
> <
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_vars_facts.html#adding-custom-facts>.
>  
>
>
> Is there any way to extend facts with own facts that are rendered 
> dynamically and delivered on-the-fly when the setup module runs? 
>

To quote the second paragraph in the section you just linked, "You can 
[...] add dynamic facts by adding executable scripts to facts.d. For 
example, you can add a list of all users on a host to your facts by 
creating and running a script in facts.d."

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8b0873bd-c881-41ff-aa49-31676bad4f29n%40googlegroups.com.

[ansible-project] Re: best practices for removing files in a dir when using Ansible

[flowerysong]

On Thursday, February 25, 2021 at 10:45:09 AM UTC-5 paneva wrote:

> Hi Ansible wizards!
> I am currently working on few  tasks in a playbook that are going to 
> remove old files. There is a set number of files that I need to keep, say 3 
> (most recent), and the rest should be removed. I am doing some math magic 
> in Ansible and some shell commands to achieve this. I can't help but 
> wonder, however, if this a "recommended" way of doing this kind of thing. 
> It seems to me that I am doing too many tasks to achieve this and I begin 
> to wonder if I am making this more complicated than it should be. Thanks in 
> advance !!!
> Here is what I have:
> - name: Get list of txt all files in the directory - done for visibility
>   shell:
>  cmd: "ls -t *.txt"
>  chdir: "{{a_dir}}" 
>   register: list_all_files
>
>   - name: Get total number of txt files in this dir
>   shell:
>   cmd: " ls -t *.txt | wc -l "
>   chdir: "{{a_dir}}" 
>   register: total_number_files 
>
>  - set_fact: 
> number_of_files_to_keep: "3"
> curr_number_files: "{{total_number_files.stdout}}"
> num_files_to_remove: "{{(total_number_files|int) - 
> (number_of_files_to_keep |int)}}"  
>
>  - name: Store the files to be removed in a list 
>shell:
>   cmd: "ls -t | tail -{{num_files_toremove}}"   
>register: list_files_to_remove
>
>
Yeah, that's a big mess that avoids using most features that ansible 
provides. Even if you want to stick to the `ls` approach, there's no reason 
to call it so many times.

   - name: Get list of all txt files in the directory
  shell:
 cmd: ls -t *.txt
 chdir: "{{ a_dir }}"
  register: list_all_files

- name: Store the files to be removed in a list
  set_fact:
list_files_to_remove: "{{ 
list_all_files.stdout_lines[(number_of_files_to_keep | int):] }}"
  vars:
number_of_files_to_keep: "3"

More idiomatic would be to use the `find` module:

- name: Find existing text files
  find:
path: "{{ a_dir }}"
pattern: "*.txt"
  register: result

- name: Remove all but 3 files
  file:
dest: "{{ item.path }}"
state: absent
  loop: "{{ (result.files | sort(attribute='mtime'))[:-3] }}"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a6159b6c-0e98-4bcd-9cea-8f2af6d0edf6n%40googlegroups.com.

Re: [ansible-project] Determine last host in host list

[flowerysong]

On Monday, January 18, 2021 at 5:13:09 PM UTC-5 vbo...@gmail.com wrote:

> On Mon, 18 Jan 2021 22:11:35 +0100 
> Vladimir Botka  wrote: 
>
> > On Mon, 18 Jan 2021 11:32:05 -0800 (PST) 
> > "'Mark Tovey' via Ansible Project"  
> > wrote: 
> > 
> > > I need to determine how many hosts are left to be worked on in a 
> playbook 
> > > run. I have set serial to 1 in the playbook so only one host will be 
> > > worked on at a time, and I have a long pause at the bottom of the 
> playbook 
> > > to force a settling period between hosts. But if the current host is 
> the 
> > > last host in the list, there is no need to pause; the playbook can 
> just end 
> > > immediately. So, how can I determine if there are no more hosts after 
> the 
> > > current host? 
> > 
> > Test the *last batch*. For example 
> > 
> > - debug: 
> > msg: Last batch 
> > when: ansible_play_hosts_all[-1] == ansible_play_batch[-1] 
> > 
> > See "Special variables" 
> > 
> https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html
>  
>
> The next option is 
>
> when: ansible_play_hosts_all[-1] in ansible_play_batch 
>
> But, this won't work if the order is changed. See "Ordering execution 
> based on inventory" 
>
> https://docs.ansible.com/ansible/latest/user_guide/playbooks_strategies.html#ordering-execution-based-on-inventory
>  
>
> Then, the next option is 
>
> - set_fact: 
> hleft: "{{ hostvars[ansible_play_hosts_all.0]['hleft']| 
> default(ansible_play_hosts_all)| 
> difference(ansible_play_batch) }}" 
> delegate_to: "{{ ansible_play_hosts_all.0 }}" 
> delegate_facts: true 
> - debug: 
> msg: Last batch 
> when: not hostvars[ansible_play_hosts_all.0]['hleft'] 
>

That feels overly fragile and difficult to read.

I would just set a flag variable and check whether there are any hosts that 
don't have it set:

  tasks:
- set_fact:
play_is_done: true

- debug:
msg: I'm not last
  when: ansible_play_hosts | map('extract', hostvars, 'play_is_done') | 
reject('defined') | list
 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f44a1920-c80b-41db-94bf-aeffef2135c1n%40googlegroups.com.

[ansible-project] Re: Using formatted PS JSON in play.

[flowerysong]

On Thursday, November 5, 2020 at 5:16:20 PM UTC-5, jesse...@gmail.com wrote:
>
> So i'm having difficulties and am quite stuck...
>
> My goal is to capture details from a UNC paths NTFS ACLS.
>
>   - name: process fish
> set_fact:
>   chum: "{{ fishing.stdout | from_json }}"
>
>   - name: plate SamAccountName's
> set_fact:
>   caughtfish: "{{ chum | json_query(jmesquery) }}"
> vars:
>   jmesquery: 'chum.SamAccountName'
>

json_query() is almost never needed, and adds a whole other language to 
learn (JMESPath) on top of the Jinja that you need to learn in order to use 
Ansible.

You can replace both of your set_fact calls with:

- name: plate fish
  set_fact:
caughtfish: "{{ fishing.stdout | from_json | 
map(attribute='SamAccountName') | list }}"

See https://jinja.palletsprojects.com/en/2.11.x/templates/#map for more 
information on map().

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/de4bedc7-83fa-4b1a-a168-c6d417d82a35o%40googlegroups.com.

Re: [ansible-project] NameError: global name 'fw offline' is not defined

[flowerysong]

On Thursday, July 9, 2020 at 12:26:34 PM UTC-4 keith.no...@sjsu.edu wrote:

> I saw this, however this issue was posed and fixed back in 2018. I'm using 
> a current version of Ansible. I can dig into the python script however from 
> the comments I'm not clear on what would need to be done? 
>

You said you were using Ansible 2.5.1, which is far from current. (It is, 
in fact, from 2018.) You should upgrade to a supported version of Ansible, 
preferably 2.9.x.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3af80fa7-d6ec-4546-a980-a5712bf0bc93n%40googlegroups.com.

Re: [ansible-project] Re: Issue trying to parse tag

[flowerysong]

On Monday, December 9, 2019 at 1:17:26 AM UTC-5, Christian Del Pino wrote:

So what is the best way to get the details of a new instance using tags, or 
> is another method recommended?
>

...use the correct set of inventories with your playbook?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fe369f5f-a4d3-4b70-9f0f-b7678cc314bf%40googlegroups.com.

[ansible-project] Re: Issue trying to parse tag

[flowerysong]

On Friday, December 6, 2019 at 2:21:06 PM UTC-5, Christian Del Pino wrote:
>
>
> I am currently trying to connect to a newly created ec2 instance via a tag 
> that I created, but I am getting an error during the run:
>
> setting up inventory plugins
> Parsed 
> /Users/christiandelpino/stash-infra-shared/modules/aws/k8s/k8s-ansible/hosts/hosts
>  
> inventory source with ini plugin
> META: inventory successfully refreshed
> META: ran handlers
> META: ran handlers
>
> PLAY [Init] 
> **
> skipping: no hosts matched
>
> The tag I am trying to connect to is init. My deploy task looks like this:
>
> - name: Build out AWS Infrastructure
>   hosts: localhost
>   connection: local
>   gather_facts: False
>   roles:
> - role: aws
>
> - name: Refresh Inventory
>   hosts: localhost
>   connection: local
>   gather_facts: False
>   tasks:
> - name: Refresh ec2 cache
>   command: hosts/ec2.py --refresh-cache
> - name: Refresh in-memory EC2 cache
>   meta: refresh_inventory
>

Here, you're referencing hosts/ec2.py
 

> This is the exact ansible command being run:
>
> ansible-playbook --private-key ../../../../../Downloads/XX.pem  
> deploy.yaml --inventory=hosts/hosts
>

But here, you're only using hosts/hosts. refresh_inventory is not going to 
magically load inventories that aren't in use, so (as the playbook output 
shows) you're only getting the static hosts in hosts/hosts.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b1575cb1-6a8c-473d-b18e-6971484ff853%40googlegroups.com.

Re: [ansible-project] using set_fact with until

[flowerysong]

On Wednesday, September 11, 2019 at 3:57:30 PM UTC-4, Vladimir Botka wrote:
>
> On Wed, 11 Sep 2019 18:02:08 +0530 
> Kamesh Sampath > wrote: 
>
> > > >>   set_fact: 
> > > >> che_keycloak: 
> > > >> "{{ lookup('k8s', 
> > > >> api_version='route.openshift.io/v1',kind='Route',resource_name='keycloak',namespace='che')
> > > >>  
>   
> > > >> }}" 
> > > >>   register: che_keycloak_route_result 
> > > >>   until: che_keycloak.spec is defined 
> > > >>   retries: 30 
> > > >>   delay: 10 
> > > >>   when: state == 'present' 
> > > 
> > > With set_fact and until it will not set the variable on each iteration 
> > > unfortunately.   
> > 
> > That is what I observe :( 
> > 
> > > I don't know of any workaround.   
> > 
> > any other better way you think of doing my task? 
>
> The "lookup" plugin is evaluated only once before the module starts [1]. 
> Hence it's not possible to get it working with the until/retries 
> construct. 
>
> FWIW, it is possible to put it together. The "brute-force" playbook below 
>
>   - hosts: localhost 
> vars: 
>   my_continue: true 
>   my_delay: 10 
>   my_retries: 5 
> tasks: 
>   - include_tasks: include-lookup.yml 
> loop: "{{ range(0, my_retries)|list }}" 
>
> with the included file include-lookup.yml 
>
>   - name: 'Get data' 
> set_fact: 
>   my_var: "{{ lookup('pipe', '/scratch/tmp/my_script')|from_yaml 
> }}" 
> when: my_continue 
>   - name: 'Set continue=false when data OK' 
> set_fact: 
>   my_continue: false 
> when: 
>   - my_var.spec is defined 
>   - my_continue 
>   - name: 'Delay next iteration' 
> wait_for: 
>   timeout: "{{ my_delay }}" 
> when: my_continue 
>
> does the job. The concept works. When the variable "my_var.spec" is 
> defined 
> then the variable "continue" will be set to False and following tasks will 
> be 
> skipped. 
>
 
That seems overly complex. I would instead wait until the required data is 
available before running set_fact:

- vars:
che_keycloak_lookup: "{{ lookup('k8s', 
api_version='route.openshift.io/v1',kind='Route',resource='keycloak',namespace='che')
 
}}"
  block:
- debug:
msg: Waiting for data propagation...
  until: "'spec' in che_keycloak_lookup"
  retries: 30
  delay: 10

- name: Get Che Keycloak facts
  set_fact:
che_keycloak: "{{ che_keycloak_lookup }}"


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e960f34e-22ab-4677-bb75-aaefa6012b7e%40googlegroups.com.

[ansible-project] Re: how to stuff running services into a host variable?

[flowerysong]

On Monday, August 12, 2019 at 3:57:36 PM UTC-4, a.g. wrote:
>
> I can't seem to get this syntax correct, and at least one reference I 
> found produced more errors.  I'd like to create a list of all running 
> processes.
>
> - name: populate running services into a list
>   set_fact:
> services_running: >
>   {%  if (hostvars[inventory_hostname]['services']['{{ item 
> }}']['state'] == 'running')  %}
>  services_running + [ '{{ item }}' ]
>   {%  endif  %}
>   with_items: "{{ hostvars[inventory_hostname]['services'].keys() }}"
>

That's a very roundabout approach.

- set_fact:
services_running: "{{ services | dict2items | selectattr('value.state', 
'equalto', 'running') | map(attribute='key') | list }}"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/468166b7-a2ee-4c1e-8331-b202279d65ab%40googlegroups.com.

[ansible-project] Re: How to check when at least one element of a list is not null

[flowerysong]

On Wednesday, June 26, 2019 at 10:08:17 AM UTC-4, jean-christophe manciot 
wrote:
>
> The real goal here is to perform an action only when at least one of 
> *inventory_hostname* groups from *group_names* matches one group from 
> another list of groups (in this example: ```git|local|ntopng```) .
>
> This is defined within a *role*, so I cannot use the list ```  - 
> hosts:```.
>
> For instance, to print all hostname variables only when inventory_hostname 
> belong to at least one of git,local or ntopng groups,I tried this:
> - name: Print all variables for "{{ inventory_hostname }}" system device 
> (except any role parameters)
>   debug: 
> var: hostvars[inventory_hostname]
>   when: group_names | map('regex_search', "^(git|local|ntopng)$") | list | 
> length > 0
>

That's overly complicated, unless you've misstated your requirements.

when: group_names | intersect(['git', 'local', 'ntopng'])

 

> It does not work as expected, because the length always returns the number 
> of groups within group_names. It seems that length considers a null 
> element as defined and counts it.
> "is defined" does not work either for the same reason.
>
> I cannot find a way to test if *at least one element of the search is not 
> null*.
>

While you shouldn't be using regex or complex filtering at all for this 
particular thing, you might find this information useful in the future.

A null element is still an element. You can filter out elements you don't 
want.

when: group_names | map('regex_search', "^(git|local|ntopng)$") | select | 
list

Though it's simpler to do that in the first place instead of map.

when: group_names | select('match', '^(git|local|ntopng)$') | list

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6db8ad37-3738-4030-9c79-8f85a9b4db83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Convert a hex number to decimal

[flowerysong]

On Friday, May 24, 2019 at 3:25:06 PM UTC-4, Bob Carroll wrote:
>
> This has to be easy, but I have tried a way to many things.  Given a hex 
> number as a string, say '8d', I cannot convert it to a decimal string.
> I presumed to prepend '0x' but '{{ "0x8d" | int }}' returns 0.  I am not 
> having any better luck with jinja2 format().  I feel pretty stupid right 
> now and I am tempted to just call the shell.
> Sorry, but sometimes I really miss perl's weak type casting.
>
> One of 100 attempts:
>
> ---
> - hosts: localhost
>   gather_facts: no
>   tasks:
>   - set_fact:
>   hex_val: '0x8d'
>   - set_fact:
>   int_val: "{{ hex_val | int }}"
>   - debug:
>   var: int_val
>

{{ hex_val | int(base=16) }}

http://jinja.pocoo.org/docs/2.10/templates/#int

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f534a229-e9bb-44b3-a3ac-28a0989ebb41%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Q on hostvars access to inventory variables ad-hoc vs playbook

[flowerysong]

On Wednesday, May 15, 2019 at 2:52:26 PM UTC-4, J Davis wrote:
>
> $ ansible-playbook -i prtmpftp, hostvarstest.yml
>

You told ansible-playbook to use 'prtmpftp,' as the inventory source; this 
does not include any host vars, since it's a simple comma-separated list of 
hostnames. You should instead use the same inventory you used in your adhoc 
command by running `ansible-playbook hostvarstest.yml`

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8f5a7db0-b7ad-4321-9666-7c3a15792108%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible vault -- "ERROR! playbooks must be a list of plays"

[flowerysong]

On Thursday, January 17, 2019 at 11:35:12 AM UTC-5, John Harmon wrote:
>
>
> I wouldn't be surprised if I am using this incorrectly, but I could use 
> some outside input.  Consider the following tree (not in a role):
> .
> ├── get_user_info.yml
> └── vault.yml
>
>
> *Q1: I had to use vars_files to get the variables read in.  Is that 
> normal?  Otherwise, my ansible_user kept defaulting to "NONE" when 
> executing (as seen under debug level 4)*
>

Yes. There are cases where variable files are automatically loaded (e.g. 
roles, group_vars) but random YAML files adjacent to the playbook is not 
one of those cases.
 

> I execute the playbook as follows (which works) but get an error toward 
> the end (in the play recap):
> ansible-playbook ./get_user_info.yml --vault-id @prompt vault.yml -i /etc/
> ansible/inventory/windows -e user=someuser-e host=myserver
>
> ERROR! playbooks must be a list of plays
>
>
You ran, disregarding the other flags, `ansible-playbook get_user_info.yml 
vault.yml`, so Ansible attempted to execute those files as playbooks. The 
second one is not a playbook so it errored out.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0c4b54b0-ffba-4058-b14c-56db0ba0dce0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Removing empty strings from a list

[flowerysong]

On Tuesday, December 18, 2018 at 2:47:30 AM UTC-5, Karl Auer wrote:
>
> I am trying to build a list of names from a list of objects. It works 
> fine, but some of the objects don't have a name. No problem, I use the 
> default() filter to set those elements of my list to empty strings, like 
> this:
>
> # Build a list of names from a list of things
> - set_fact:
>  names: "{{ names |default([]) + [ item.name |default('') ] }}"
>   with_items: "{{ things }}"
>
> This got me, as expected, this result (because at the moment, my test list 
> of things has two items, and neither has a name attribute):
>
> ok: [localhost] => {
> "names": [
> "", 
> ""
> ]
> }
>
> Now, how can I remove those empty strings from my list? I have read 
> numerous articles that mention "rejectattr", but I don't understand how 
> to use it.
>

Well, the easiest way is not to put them in there in the first place.

- set_fact:
names: "{{ things | selectattr('name', 'defined') | 
map(attribute='name') | list }}"
 

>  
>
I tried this:
>
> # Remove any empty elements from the list of instance profile names
> - set_fact:
>  names: "{{ names |default([]) |reject('equalto', '') }}"
>
> And got this mystifying  output:
>
> ok: [localhost] => {
> "names": ""
> }
>

map(), select(), and friends return generators; use the list filter (as 
I've done above) to convert it to a list.

PS: Pointers to USEFUL, COMPLETE examples of how to use rejectattr(), 
> reject() and so on would be useful too. All the examples I have found seem 
> to assume a huge amount of knowledge I don't have, or are tiny fragments of 
> code...
>

They're very simple filters, so useful, complete examples are going to *be* 
tiny fragments of 
code. http://jinja.pocoo.org/docs/latest/templates/#rejectattr

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/28329a51-bb25-4efc-be11-990ce9f7e9a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Creating an aws target group with ansible

[flowerysong]

On Wednesday, November 28, 2018 at 11:16:58 PM UTC-5, joeldamata wrote:

> What Im trying to accomplish is to create a network load balancer target 
> group from dynamically generated list of instances.
>
> brokerInstancesList is a list of instance ids. I need to iterate over this 
> list and add them as targets to this target group.
>
>
> Something like the below is what I need.
>
>
> - name: "Create 9092 target group"
>   elb_target_group:
> name: "tg-{{ ClusterName }}"
> protocol: tcp
> port: 9092
> vpc_id: "{{ VPCID }}"
> targets:
>   {% for item in {{ brokerInstancesList }} -%}
>   - Id: "{{ apple }}"
> Port: 9092
>   {%- endfor %}
> state: present
>
>
The elb_target_group interface maps very easily to the AWS API, but it's a 
bit clunky to use.

targets: "{{ brokerInstancesList | map('json_query', '{Id: @}') | 
map('combine', { 'Port': 9092 }) | list }}"

(It might be possible to do this in fewer operations with a more complex 
JMESPath expression, but this way works and is almost readable.)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7b048700-9596-49ee-a130-3ab7c81c4b4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Complex host patterns

[flowerysong]

On Tuesday, October 23, 2018 at 8:25:12 PM UTC-4, Gonzalo Servat wrote:
>
> On Wed, Oct 24, 2018 at 2:29 AM flowerysong  > wrote:
>
>> On Tuesday, October 23, 2018 at 2:24:59 AM UTC-4, Gonzalo Servat wrote:
>>>
>>> Hi All
>>>
>>> When working with host patterns 
>>> <https://docs.ansible.com/ansible/2.7/user_guide/intro_patterns.html>, 
>>> is it possible to craft one that says "must be in group X *and* must be in 
>>> either group Y, W and Z"?
>>>
>>> e.g. host must be in group "webserver" but it *must* also be in either 
>>> group dc1, dc2 or dc3.
>>>
>>> I can see how to check that webserver is part of dc1 (webserver,&dc1) 
>>> but not sure how to build it with multiple "OR" on the "AND" (something 
>>> like "webserver,&(dc1,dc2,dc3)" is what I'm looking for but it doesn't work)
>>>
>>
>> You're trying to do it backwards. Build the union of your other groups 
>> and do the intersection with webserver.
>>
>> &webserver,dc1,dc2,dc3
>>
>
> Thanks, good suggestion. I suppose there's no way to say "must be 
> webserver OR dbserver AND in (dc1 OR dc2 OR dc3)"?
>

Not in a host pattern. no. If you can't do it in the inventory, you can do 
it with a dynamic group:

- hosts: localhost
  gather_facts: false
  tasks:
- add_host:
name: "{{ item }}"
groups: target_hosts
  when: hostvars[item].group_names | intersect(['dc1', 'dc2', 'dc3'])
  loop: "{{ groups.webserver | union(groups.dbserver) }}"

- hosts: target_hosts
  tasks:
- command: /bin/true


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3be73ef6-851f-4168-9e8e-9dd9e84e4af5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Complex host patterns

[flowerysong]

On Tuesday, October 23, 2018 at 2:24:59 AM UTC-4, Gonzalo Servat wrote:
>
> Hi All
>
> When working with host patterns 
> , is 
> it possible to craft one that says "must be in group X *and* must be in 
> either group Y, W and Z"?
>
> e.g. host must be in group "webserver" but it *must* also be in either 
> group dc1, dc2 or dc3.
>
> I can see how to check that webserver is part of dc1 (webserver,&dc1) but 
> not sure how to build it with multiple "OR" on the "AND" (something like 
> "webserver,&(dc1,dc2,dc3)" is what I'm looking for but it doesn't work)
>

You're trying to do it backwards. Build the union of your other groups and 
do the intersection with webserver.

&webserver,dc1,dc2,dc3

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5c419683-c4a0-44ec-b5de-729289e1b3bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: AWS_EC2 plugin keyed_groups suffix option

[flowerysong]

On Monday, October 15, 2018 at 7:45:15 PM UTC-4, Guy Knights wrote:
>
> Is there any way to specify a suffix for the keyed_groups option in the 
> aws_ec2 inventory plugin? I'm looking at migrating from Ansible 2.4 to 2.6 
> and would like to switch from the old ec2 dynamic inventory script. 
> However, we currently specify our host groups as "_servers", 
> eg. "web_servers". Is there any way I can replicate this host group format 
> in the aws_ec2 plugin or am I out of luck?
>
> I know I could change the format of our host groups but I'd prefer not to 
> have to do that if possible as there are conditional includes, etc I'd have 
> to adjust as well.
>

Sure, just include the suffix in the key.

keyed_groups:
  - prefix: ''
separator: ''
key: tags.Class ~ '_servers'

 
"all": {
"children": [
"aws_ec2", 
"builder_servers", 
"ctools_mx_servers", 
"dev_servers", 
"dnsbl_servers", 
"egress_servers", 
"jail_servers", 
"master_servers", 
"mx_servers", 
"relay_egress_servers", 
"syslog_servers", 
"ungrouped"
]

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2bb67f08-245e-41df-95d2-de695b47914b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Automate a command which requires random keystrokes

[flowerysong]

On Wednesday, August 29, 2018 at 6:52:47 PM UTC-4, Bharath Kumar wrote:
>
> Hello All,
>
> I have a command that has to be automated/written into playbook that 
> requires 15-20 random keystrokes.
>
> The scenario is; I am using certutil to generate a key. 
>
> The certutil command when run manually on the shell, asks for few 
> keystrokes to fill in a empty space between two vertical bar with 
> keystrokes on the cmd. Some thing like |*|.
>
> How do i automate this using Ansible.
>
> *Play*
> - name: Generating CSR
>   command: certutil -R -k rsa -g 2048 -n cert -s "CN={{ ref_number }}, 
> OU=MyOU, O=MyO, L=MyL, ST=MyST, C=MyC" -d {{ dir_path }} -f {{ pass_file 
> }} -a -o {{ ansible_fqdn }}.csr
>
> *Error*
>  stderr: |2-
>
> A random seed must be generated that will be used in the
> creation of your key.  One of the easiest ways to create a
> random seed is to use the timing of keystrokes on a keyboard.
>
> To begin, type keys on the keyboard until this progress meter
> is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
>
>
> Continue typing until the progress meter is full:
>
> |||
>
> Finished.  Press enter to continue:
> certutil: unable to generate key(s)
> : PR_END_OF_FILE_ERROR: Encountered end of file
>   stderr_lines:
>   - ''
>   - A random seed must be generated that will be used in the
>   - creation of your key.  One of the easiest ways to create a
>   - random seed is to use the timing of keystrokes on a keyboard.
>   - ''
>   - To begin, type keys on the keyboard until this progress meter
>   - is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
>   - ''
>   - ''
>   - 'Continue typing until the progress meter is full:'
>   - ''
>   - ''
>   - '||'
>   - '|'
>   - ''
>   - 'Finished.  Press enter to continue: '
>   - 'certutil: unable to generate key(s)'
>   - ': PR_END_OF_FILE_ERROR: Encountered end of file'
>

 Use the -z flag to supply certutil with a noise file. Unfortunately 
certutil will attempt to read as much data as possible from this file so 
you can't point it directly at /dev/urandom, but if you don't have anything 
suitably random to point it at you can easily create a noise file in a 
separate step:

- name: Create noise file
  command: dd if=/dev/urandom of=/var/cache/noise count=1

- name: Generate CSR
  command: certutil -R -k rsa -g 2048 -n cert -s "CN={{ ref_number }}, 
OU=MyOU, O=MyO, L=MyL, ST=MyST, C=MyC" -d {{ dir_path }} -f {{ pass_file }} 
-z /var/cache/noise -a -o {{ ansible_fqdn }}.csr

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4aafe3f5-9139-49a0-b4b9-dfb59bcfeea7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Comparing part of a string as an integer

[flowerysong]

On Thursday, August 23, 2018 at 3:14:27 PM UTC-4, Jameson Pugh wrote:
>
> On Thu, Aug 23, 2018 at 2:26 PM flowerysong  > wrote:
>
>> On Thursday, August 23, 2018 at 1:23:23 PM UTC-4, Jameson Pugh wrote:
>>>
>>> I apologize, guys. There were some typeos in my example. This isn't the 
>>> actual code I'm using because I tried to simplify the example to only 
>>> include the problem I'm having. This is a copy of the playbook that 
>>> includes on this scenario. Obviously, production playbook I'm putting this 
>>> in will have the variable for the interfaces pulled from the device:
>>>
>>> ---
>>> - hosts: "{{ target }}"
>>>   connection: network_cli
>>>   gather_facts: no
>>>   tasks:
>>>
>>>   - set_fact:
>>>   interfaces:
>>> - TenGigabitEthernet 0/32
>>> - TenGigabitEthernet 0/33
>>>
>>>   - debug: var={{ item }}
>>> loop: "{{ interfaces }}"
>>> when: item[21:]|int <= 32
>>>
>>> My goal is to have this only output the first string in the list of 
>>> interfaces as it is equal to or less than 32. In production, this will be a 
>>> much larger list, and I will have other filters, so that it only includes 
>>> my 10 gig interfaces, but the rest of it is already working for me. Thanks.
>>>
>>
>> There's nothing wrong with your condition, you're just using debug 
>> incorrectly. 'var' expects a var name, so you're double-interpolating and 
>> telling it to look up the value of the variable named 'TenGigabitEthernet 
>> 0/32', which fails.
>>
>
> Gotcha, so debug can't be used to debug the output of a loop. Thanks. 
>

Yes, it can. You can do "msg={{ item }}" or "var=item". You just can't do 
what you did. Because it's wrong.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d1af948c-6bbf-472a-931a-9114ce37f020%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Comparing part of a string as an integer

[flowerysong]

On Thursday, August 23, 2018 at 1:23:23 PM UTC-4, Jameson Pugh wrote:
>
> I apologize, guys. There were some typeos in my example. This isn't the 
> actual code I'm using because I tried to simplify the example to only 
> include the problem I'm having. This is a copy of the playbook that 
> includes on this scenario. Obviously, production playbook I'm putting this 
> in will have the variable for the interfaces pulled from the device:
>
> ---
> - hosts: "{{ target }}"
>   connection: network_cli
>   gather_facts: no
>   tasks:
>
>   - set_fact:
>   interfaces:
> - TenGigabitEthernet 0/32
> - TenGigabitEthernet 0/33
>
>   - debug: var={{ item }}
> loop: "{{ interfaces }}"
> when: item[21:]|int <= 32
>
> My goal is to have this only output the first string in the list of 
> interfaces as it is equal to or less than 32. In production, this will be a 
> much larger list, and I will have other filters, so that it only includes 
> my 10 gig interfaces, but the rest of it is already working for me. Thanks.
>

There's nothing wrong with your condition, you're just using debug 
incorrectly. 'var' expects a var name, so you're double-interpolating and 
telling it to look up the value of the variable named 'TenGigabitEthernet 
0/32', which fails.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4c14a51b-dfa4-4c25-afb3-45abdb8175d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: AWS instance profile - how to create in Ansible?

[flowerysong]

On Friday, May 11, 2018 at 9:06:08 PM UTC-4, Karl Auer wrote:
>
> I can't figure out how to create an instance profile.
>
> It's easy enough to attach an instance profile; the ec2_lc module has an 
> instance_profile_name parameter.
>
> But how to create the policy and role?
>
> There seem to be three relevant modules, iam, iam_policy and iam_role. 
> iam_role even has a create_instance_policy parameter! But each of these 
> seems to do only part of the job.
>
> For example, iam_policy lets me set up an policy, but it requires a 
> target to attach the policy to, so won't create a standalone policy. I need 
> a standalone policy because iam_role  requires managed policies to attach 
> to the roles it creates. iam appears to let me create a role too, but I 
> don't understand most of its parameters (what the heck is a path in this 
> context?)
>

The piece you appear to be missing is iam_managed_policy.
 

> *If anyone has a working example that they can share, I would be most 
> grateful*.
>
 
- hosts: localhost
 become: false
 tasks:
   - name: Create IAM policy for EC2 tagging
 iam_managed_policy:
   state: present
   policy_name: UpdateEC2_tags
   policy_description: Read and update tags for EC2 resources
   policy:
 Version: '2012-10-17'
 Statement:
   - Action: 'ec2:CreateTags'
 Effect: Allow
 Resource: '*'
   - Action: 'ec2:DescribeTags'
 Effect: Allow
 Resource: '*'
   - Action: 'ec2:DeleteTags'
 Effect: Allow
 Resource: '*'
 register: tagpolicy

- name: Create builder role
 iam_role:
   name: builder
   state: present
   assume_role_policy_document:
 Version : '2012-10-17'
 Statement:
   - Effect: Allow
 Action: 'sts:AssumeRole'
 Principal:
   Service: ec2.amazonaws.com
   managed_policy:
 - 'arn:aws:iam::aws:policy/AmazonS3FullAccess'
 - 'arn:aws:iam::aws:policy/AmazonSNSFullAccess'
 - 'arn:aws:iam::aws:policy/AmazonRoute53FullAccess'
 - "{{ tagpolicy.policy.arn }}"


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/93dc1d9a-1386-4152-ae34-cb1d760453ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: issue with ansible dry-run mode (--check) on package installation tasks (yum and apt modules)

[flowerysong]

On Thursday, May 10, 2018 at 12:11:02 AM UTC-4, js.a wrote:
>
> Hello guys.
>
> I'm here to bring an issue with Ansible dry-run (--check) mode. I have 
> been facing a curious situation where package installation made using 
> Playbooks and run in a dry-run mode is not working as expected. Using 
> register+debug module it's possible to see that the package has been 
> successfully installed, but when I try to use that installed package in 
> later task, Ansible fails. 
>
> *My Playbook:* 
>
> ---
> - hosts: logging
>   become: yes
>
>   tasks:
> - name: Setting up EPEL
>   yum: name=epel-release state=present
>   register: inst
> - debug: var=inst
>
> - name: Checking installation
>   stat:
> path: /etc/yum.repos.d/epel.repo
>   register: file
>
> - fail:
> msg: "File epel.repo doesn't exist!"
>   when: file.stat.exists == False
>
> *Result:* 
>
> [root@c7 projX]# ansible-playbook -i inventory epel.yml --check
>
> PLAY [logging] 
> ***
>
> TASK [Gathering Facts] 
> ***
> ok: [192.168.52.20]
>
> TASK [Setting up EPEL] 
> ***
> changed: [192.168.52.20]
>
> TASK [debug] 
> *
> ok: [192.168.52.20] => {
> "inst": {
> "changed": true,
> "changes": {
> "installed": [
> "epel-release"
> ]
> },
> "failed": false,
> "results": []
> }
> }
>
> TASK [Checking installation] 
> *
> ok: [192.168.52.20]
>
> TASK [fail] 
> **
> fatal: [192.168.52.20]: FAILED! => {"changed": false, "msg": *"File 
> epel.repo doesn't exist!"*}
>
> PLAY RECAP 
> ***
> 192.168.52.20  : ok=4changed=1unreachable=0failed=1
>
> ---
>
> If I take '--check' for dry-run out of the command it does work, but it's 
> not the best approach for me once I'm planning to put this "checking task" 
> in a CI software to "automate the automation". 
>
> My question is: is there any specific reason for that case (package 
> installation) not to work with --check parameter? I've done further tests 
> using Ubuntu and the Ansible's apt module but the same problem comes up. 
>

The whole point of check mode is that it doesn't make changes to the 
system. If you want things to change (e.g. packages to install), don't run 
in check mode.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/35f1213e-164f-4030-a41d-11635667658e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ALB module coming soon?

[flowerysong]

On Wednesday, May 9, 2018 at 11:14:27 AM UTC-4, Karl Auer wrote:
>
> Does anyone know if an AWS application load balancer module is coming 
> soon? I've seen a few requests for one when googling, but no indication of 
> a new module.
>

"Coming soon" as in came out eight months ago: 
https://docs.ansible.com/ansible/latest/modules/elb_application_lb_module.html

(If you meant a module for network load balancers, that should be coming 
soon.)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3ebf3fdf-396f-4bf7-aae7-9623b477e8ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: how to filter with variables instead of literals in ec2_instance_facts?

[flowerysong]

On Sunday, May 6, 2018 at 10:38:14 AM UTC-4, Karl Auer wrote:
>
> How does "~" differ from "+"?
>
>
> "{{ 'hello' ~ name ~ 'there!' }}"
> vs
> "{{ 'hello' + name + 'there!' }}"
>
> ?
>

Since this is an incredibly common question, I've written up a short 
explanation with examples:
https://immensefail.tumblr.com/post/173645339395/jinja-faq-concatenation

While they’re often interchangeable, developing a habit of using the 
concatenation operator means that you don’t have to worry about or code 
around the situations where they’re not.


TASK [Addition isn't concatenation] 
ok: [localhost] => {
"13 + 37": "50"
}

TASK [Concatenation is concatenation] **
ok: [localhost] => {
"13 ~ 37": "1337"
}

TASK [Concatenation handles mixed types] ***
ok: [localhost] => {
"13 ~ '37'": "1337"
}

TASK [It's possible to do the coercion manually, but who wants to do that?] 
ok: [localhost] => {
"13 | string + '37'": "1337"
}

TASK [Addition doesn't like mixed types] ***
fatal: [localhost]: FAILED! => {"msg": "Unexpected templating type error 
occurred on ({{13 + '37'}}): unsupported operand type(s) for +: 'int' and 
'str'"}

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/70403e1f-e1ee-4e56-a87d-ec1251eaf9bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: how to filter with variables instead of literals in ec2_instance_facts?

[flowerysong]

On Saturday, May 5, 2018 at 7:54:27 PM UTC-4, Karl Auer wrote:
>
>
> Did you actually try that?
>
> When I use that, I get the same error as before: An error occurred 
> (InvalidParameterValue) when calling the DescribeInstances operation: The 
> filter 'GroupName' is invalid
>
> ("GroupName" is the value in my variable tag_name)
>

Yes, it works. You have to construct a valid filter, and GroupName isn't a 
valid filter.
 
- hosts: localhost
  become: false
  tasks:
- ec2_instance_facts:
filters: "{{ { tag_name: tag_value } }}"
  vars:
tag_name: "tag:Name"
tag_value: "*"
- ec2_instance_facts:
filters: "{{ { 'tag:' ~ tag_name: tag_value } }}"
  vars:
tag_name: Name
tag_value: "*"


PLAY [localhost] 
***

TASK [Gathering Facts] 
*
ok: [localhost]

TASK [ec2_instance_facts] 
**
ok: [localhost]

TASK [ec2_instance_facts] 
**
ok: [localhost]

PLAY RECAP 
*
localhost  : ok=3changed=0unreachable=0failed=0

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3d8bda0d-0417-40df-9608-6e5a047117ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: how to filter with variables instead of literals in ec2_instance_facts?

[flowerysong]

On Saturday, May 5, 2018 at 6:57:33 PM UTC-4, Karl Auer wrote:
>
> I've tried a LOT of things now, and have come to the conclusion that 
> ec2_instance_facts requires a literal filter name, at least in the case 
> of "tags:Name".
>
> This makes that filter essentially useless :-(
>
> Please, can someone tell me I'm wrong, and how me how to filter on a 
> tag:value pair passed in as a variable?
>

- ec2_instance_facts:
filters: "{{ { tag_name: tag_value } }}"


 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/38b14171-3086-4c2d-868f-de3882384090%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: map()...What am I doing wrong here?

[flowerysong]

On Sunday, April 22, 2018 at 7:30:15 PM UTC-4, Gregory Mirsky wrote:
>
> I've been trying to extract the values for subnet_id from the dictionary 
> subnet_facts but keep getting undefined (3 times instead of the values) as 
> a return value. I should be getting [subnet-fd6bfa95, subnet-7c8bb031, 
> subnet-7c8bb031]
>
> Any ideas?
>
> Below is the local host testbed playbook i've been using trying to get 
> this jinja filter to work. 
>

'subnets' is a list (observe the [ ].)
 

>   "subnets": [
>>   {
>>   "assign_ipv6_address_on_creation": 
>> false,
>>   "availability_zone": "us-east-2b",
>>   "available_ip_address_count": 251,
>>   "cidr_block": "10.0.2.0/24",
>>   "default_for_az": false,
>>   "id": "subnet-6ad01910",
>>   "ipv6_cidr_block_association_set": 
>> [],
>>   "map_public_ip_on_launch": true,
>>   "state": "available",
>>   "subnet_id": "subnet-6ad01910",
>>   "tags": {
>>   "DeleteTag": "
>> test-g...@.com ",
>>   "Name": 
>> "test-subnet-us-east-2b-public",
>>   "SubnetType": "public"
>>   },
>>   "vpc_id": "vpc-1227b97a"
>>   }
>>   ]
>>  
>>
>   var: "{{ subnet_facts | selectattr('results.subnets.id') | list }}"
>>
>
Here, you appear to be trying to get the 'id' attribute of 'subnets'. It 
doesn't have one, because it's a list.

var: "subnet_facts.results | map(attribute='subnets') | flatten | 
map(attribute='id') | list"

(The `flatten` filter is new in Ansible 2.5; on older versions you'd need 
to use the `flatten` lookup.)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1e8c11c4-622e-42f7-8c91-913a0666ec65%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Hostnames with EC2 inventory plugin

[flowerysong]

On Wednesday, April 11, 2018 at 3:19:51 AM UTC-4, os...@apartum.com wrote:
>
> I'm testing the new Amazon EC2 dynamic inventory plugin. I need to set the 
> host names to the "Name" tag, but I don't understand the documentation. 
> Reading this: 
> http://docs.ansible.com/ansible/latest/plugins/inventory/aws_ec2.html I 
> understand I should write something like this:
>
> hostnames:
>   - tag:Name=Name
>
>
The inventory plugin does not currently have useful support for setting 
hostnames from tags. I submitted a pull request 
(https://github.com/ansible/ansible/pull/35880) to add this functionality, 
but it hasn't been merged yet.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7851c084-7697-4a54-bf0e-739c726012fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Find module results not returning as expected

[flowerysong]

On Saturday, April 7, 2018 at 8:50:44 AM UTC-4, Gabriel Forster wrote:
>
> Using the find module to find unknown files in a given directory and 
> register the results as a variable to be looped through later on. The debug 
> of the registered var shows a full on array of all kinds of attributes 
> about the files (way more than I want) - except the file name! It does show 
> the file name in the files.path, which I should be able to filter with 
> basename, but that doesn't work either. This either should be much more 
> straightforward, or my understanding of this is way off.
>
> Question: How do I store unknown file names in a dir as a list that I can 
> loop through in a subsequent task?
>
>
> My current play (I've tried a few different iterations - and the echo is 
> just an example, would like to do other things like use the script module 
> and such):
>
>  ---
>  - hosts: localhost
>tasks:
>  - name: Check the files
>find:
>  paths: /home/gforster/projects/scripts
>register: files_found
>  
>  - name: echo files
>command: "echo {{ item.path | basename }}"
>loop: "{{ files_found.files }}"
>
>
>
>
> Expected Results:
>
> TASK [echo files] 
> *
> changed: [localhost] => {
> "msg": "some_filesname"
> }
>

If you want to output a message use the debug module, not "command: echo".

- name: echo files
  debug:
msg: "{{ item.path | basename }}"
  loop: "{{ files_found.files }}"


TASK [echo files] 
**
ok: [localhost] => (item=None) => {
"msg": "vault.zip"
}

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dced9739-702b-43ec-8082-993e55dc7fa1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Remove missing files from a list

[flowerysong]

On Wednesday, April 4, 2018 at 4:43:14 PM UTC-4, Andy Smith wrote:
>
>
> I'd like to provide a default list of paths to all remote hosts, but 
> sometimes some of those paths won't be present. At the time the 
> /etc/foo/files_of_interest file is built I would like to exclude any 
> paths that don't exist. 
>
> I would prefer not to use per-host variables to specify a different 
> set of paths as that would be too much to manage and some of these 
> paths may spring into existence later on, without me knowing. 
>
> I found one way to do it: 
>
> https://gist.github.com/grifferz/a505e352baa18e06ba1ba1d02a123ee2 
>
> This works, but have I missed something which allows this to be done 
> in a more elegant way? 
>

Building the list of missing files doesn't need to be a multi-step process 
or involve an Ansible loop. I would preserve the ordering in the generated 
file instead of splitting it into two lists, so that someone manually 
adding a file and uncommenting its line creates the same state as 
re-templating the file.

So, something like 
this: https://gist.github.com/flowerysong/d6c5b16123473279c025fe8d34c20bd6

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c75d5467-a92f-4af4-958e-de240bf6fe0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Depreciated `ask_sudo_pass` works while new-hotness `ask_become_pass` fails

[flowerysong]

On Thursday, March 29, 2018 at 7:52:44 PM UTC-4, Matthew Wyant wrote:
>
> I'm in the middle of migrating our Ansible projects to 2.5. Specifically, 
> moving to the new network_cli connection module.
>
> So far, everything is working well, except using the `become` framework. 
> The short of it is, in `ansible.cfg`, `ask_sudo_pass = True` has the 
> desired effect of prompting for a become password, and defaulting an empty 
> response to the SSH password. However, this throws a depreciation warning.
>
> When attempting to use the new hotness, neither `ask_become_pass = True` 
> nor `become_ask_pass = True` have the desired effect.
>
> Am I missing something?
>
> > ansible-playbook --version
> ansible-playbook 2.5.0
>   config file = /Users//projects/ansible/ansible.cfg
>   configured module search path = 
> [u'/Users//.ansible/plugins/modules', 
> u'/usr/share/ansible/plugins/modules']
>   ansible python module location = 
> /Users//projects/ansible/venv/lib/python2.7/site-packages/ansible
>   executable location = 
> /Users//projects/ansible/venv/bin/ansible-playbook
>   python version = 2.7.14 (default, Sep 25 2017, 09:53:22) [GCC 4.2.1 
> Compatible Apple LLVM 9.0.0 (clang-900.0.37)]
>
> ansible.cfg
>
> [defaults]
> inventory = ./bin/inventory
> host_key_checking = False
> accelerate_timeout = 60
> timeout = 30
>
> ask_pass = True
> ask_become_pass = True # What I /think/ should be used
> become_ask_pass = True # ...the documentation is vague
> ask_sudo_pass = True . # Works without fail
>

become_ask_pass goes in the [privilege_escalation] section, not [defaults]. 
See 
https://docs.ansible.com/ansible/2.5/reference_appendices/config.html#default-become-ask-pass
 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/30cf3a78-2b4f-440c-95f7-8b935bb02bb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Absurd run_once behavior, skipping entirely if first node fails a when test

[flowerysong]

On Monday, March 19, 2018 at 9:42:58 PM UTC-4, Josh Smift wrote:
>
> My use case involved roles. I had something like
>
> - hosts: web:app:db
>   roles:
> - role: myrole
>   when: color == "blue"
>
> In the role, there was a task that ran on localhost (via delegate_to), but 
> only once (via run_once) for the whole batch of hosts.
>
> Everything worked fine, except that if the first host in inventory 
> happened not to be blue, the run_once caused the localhost task to be 
> skipped. The order of the hosts in inventory was completely arbitrary -- 
> these were EC2 instances at AWS.
>
> The eventual workaround was to add the `when` to every single task in the 
> role *except* the run_once one, which made both the playbook and the role 
> less readable.
>

Disregarding the implementation details, `run_once: true` is effectively 
the same as adding `when: inventory_hostname == ansible_play_batch.0` to 
the task . As I said before, if that's not what you want you should instead 
write a conditional that expresses your actual intent.

Here's one approach:

- group_by:
key: color_{{ color | default('octarine') }}

- name: Run on localhost once
  delegate_to: localhost
  debug:
msg: His pills, his hands, his jeans
  when: inventory_hostname == groups.color_blue.0

Or you might opt for something like this, which is overly clever and 
requires a very recent version of Jinja:

- name: Run on localhost once
  delegate_to: localhost
  debug:
msg: Suddenly I was a lilac sky
  vars:
first_host: "{{ ansible_play_hosts | map('extract', hostvars) | 
selectattr('color', 'defined') | selectattr('color', 'equalto', 'blue') | 
first }}"
  when: inventory_hostname == first_host.inventory_hostname

Or you might restructure the playbook so it only runs the role on blue 
hosts and doesn't need a separate conditional, and use `run_once` on the 
task. The best approach depends on personal taste and other decisions made 
in writing the playbook and setting up your Ansible environment.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ba1a1714-7c7b-4f2c-bcdf-e200b938e495%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Absurd run_once behavior, skipping entirely if first node fails a when test

[flowerysong]

On Monday, March 19, 2018 at 2:49:12 PM UTC-4, Alex Hunt wrote:
>
> When running a task with run_once, if the first node is skipped, the 
> entire task is skipped, rather than running on the first host that is not 
> skipped.
>
> This behavior is not what is intuitively understood, this behavior is not 
> mentioned in the docs, and this behavior is almost certainly not what most 
> of people want it to do. There are discussions of this in multiple github 
> issues, the most detailed of which is at 
> https://github.com/ansible/ansible/issues/19966, but there are also at 
> least https://github.com/ansible/ansible/issues/11496, 
> https://github.com/ansible/ansible/issues/13226, and 
> https://github.com/ansible/ansible/issues/23594.
>

It may confuse some people, but it's both the documented behaviour and the 
least surprising way to do things. Conditionals should not affect the 
number of times a run_once task is evaluated even if they result in the 
task being skipped.

https://docs.ansible.com/ansible/latest/playbooks_delegation.html#run-once 
says: "When “run_once” is not used with “delegate_to” it will execute on 
the first host, as defined by inventory, in the group(s) of hosts targeted 
by the play - e.g. webservers[0] if the play targeted “hosts: webservers”."
 

> Below is an untested simple example of a scenario that would skip the 
> run_once task, when it should (according to the docs, and common sense) run 
> on one of either host2 or host3.
>
> Inventory
> [all]
> host1
> host2
> host3
>
> Playbook
> - name: Test Play
>   hosts: all
>   tasks:
> - include: outer-task.yml
>
> outer-task.yml
> - name: Outer task
>   include: inner-task.yml
>   when: inventory_hostname != 'host1'
>
> inner-task.yml
> - name: Inner task
>   command: do_something
>   run_once: True
>
> This issue is exacerbated by the fact that the inner task may have no idea 
> why the first host is skipped (IE: we're including a reusable task that may 
> get run many times in different ways). In those cases, there is no way to 
> work around the issue with a simple `when: inventory_hostname == 
> something`, since we don't know what to check against.
>

You're mixing different ways of limiting where a task runs, with 
predictable results (the task is assigned to one host, and the conditional 
results in it being skipped). If you don't care which host it runs on, use 
run_once without a conditional. If you want to run it on a specific host, 
use delegate_to with run_once or a conditional without run_once.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9c58e144-46b7-4998-8769-bdfaee91c5da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Repeat a task based on a csv string from extra_var

[flowerysong]

On Sunday, March 18, 2018 at 11:17:56 PM UTC-4, GoFigure wrote:
>
> Hello All,
>
> There is a specific nut I am trying to crack in ansible. We want to dev a 
> job template that add disks to and server instance. The size and number of 
> disk will be provided as an extra_var csv string, eg. 10,100,25,200 would 
> add 4 disks of sizes 10GB, 100GB, 25GB & 200GB. We have the task ready and 
> it works, so adding one disk is not a problem, but how do we then repeat 
> that task for the next disk? Its not a question of nuts and bolts of adding 
> disks, its a question how do we take the csv string (not file) and then 
> loop the task.
>

- hosts: localhost
  vars:
foo: 10,30,20
  tasks:
- debug:
var: item
  with_list: "{{ foo.split(',') }}"

 
TASK [debug] 
***
ok: [localhost] => (item=10) => {
"attempts": 1, 
"changed": false, 
"item": "10"
}
ok: [localhost] => (item=30) => {
"attempts": 1, 
"changed": false, 
"item": "30"
}
ok: [localhost] => (item=20) => {
"attempts": 1, 
"changed": false, 
"item": "20"
}

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f0e3b67e-598b-4d6c-96f1-9b463124c892%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: git checkout to new branch and change back to local user

[flowerysong]

On Tuesday, March 13, 2018 at 1:42:19 PM UTC-4, Patrick Hunt wrote:
>
> Good catch.  You're correct, it is possible, I was mistaken.  Practically 
> is it possible to be able to provide multiple sets of credentials for your 
> example?  I've always done a work around, such as I listed in the other 
> comment, since I can pass my current logon (-k) username/password, and can 
> pass 1 set of become credentials (-K), but not a 2nd or 3rd set of become 
> credentials.
>

Well, one of the advantages of sudo as a privilege escalation method is 
that there aren't separate sets of credentials for each escalation target, 
you just have to be permitted to run things as the users in question.

But, yes, it is possible to provide different credentials. It's easiest to 
do this non-interactively using a Vault-encrypted variable or another 
secret lookup method, but there are various ways to make it interactive.

- hosts: localhost
  become: true
  tasks:
- command: whoami
  become_method: su
  become_user: flowerysong
  vars:
ansible_become_pass: "{{ user_passwords.flowerysong }}"
- command: whoami

TASK [command] 
*
changed: [localhost] => {"changed": true, "cmd": ["whoami"], "delta": 
"0:00:00.002181", "end": "2018-03-13 15:15:47.586117", "rc": 0, "start": 
"2018-03-13 15:15:47.583936", "stderr": "", "stderr_lines": [], "stdout": 
"flowerysong", "stdout_lines": ["flowerysong"]}

TASK [command] 
*
changed: [localhost] => {"changed": true, "cmd": ["whoami"], "delta": 
"0:00:00.002159", "end": "2018-03-13 15:15:47.717122", "rc": 0, "start": 
"2018-03-13 15:15:47.714963", "stderr": "", "stderr_lines": [], "stdout": 
"root", "stdout_lines": ["root"]}


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/26c3cc46-c398-4671-ae3d-7ae2891a250d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: git checkout to new branch and change back to local user

[flowerysong]

On Tuesday, March 13, 2018 at 10:35:27 AM UTC-4, Patrick Hunt wrote:
>
> I can help to address #2 at least for now.
>>
>
> Ansible does not allow you to chain "Become" statements.
>

This is true; you cannot use two types or levels of privilege escalation at 
once.
 

>   In other words you cannot log in as user1, become root, and then become 
> user2 (or even user1) in the same play.
>

This is untrue. The privilege escalation settings for each task in a play 
are independent.

- hosts: localhost
  become: true
  tasks:
- command: whoami
- command: whoami
  become_user: email
- command: whoami
  become: false

TASK [command] 
*
changed: [localhost] => {"attempts": 1, "changed": true, "cmd": ["whoami"], 
"delta": "0:00:00.002095", "end": "2018-03-13 12:38:30.764121", "rc": 0, 
"start": "2018-03-13 12:38:30.762026", "stderr": "", "stderr_lines": [], 
"stdout": "root", "stdout_lines": ["root"]}

TASK [command] 
*
changed: [localhost] => {"attempts": 1, "changed": true, "cmd": ["whoami"], 
"delta": "0:00:00.001929", "end": "2018-03-13 12:38:30.889973", "rc": 0, 
"start": "2018-03-13 12:38:30.888044", "stderr": "", "stderr_lines": [], 
"stdout": "email", "stdout_lines": ["email"]}

TASK [command] 
*
changed: [localhost] => {"attempts": 1, "changed": true, "cmd": ["whoami"], 
"delta": "0:00:00.002009", "end": "2018-03-13 12:38:31.004561", "rc": 0, 
"start": "2018-03-13 12:38:31.002552", "stderr": "", "stderr_lines": [], 
"stdout": "ec2-user", "stdout_lines": ["ec2-user"]}


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7bc4a055-8a29-470f-9d02-e785b1576860%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Trying to capture value from with_lines loop

[flowerysong]

On Sunday, March 4, 2018 at 10:46:27 PM UTC-5, Evan wrote:
>
> I'm trying to loop through a list (file) of powervc regions, delegating a 
> command to them, and if that command (find a vm) is successful (ie: the vm 
> is on that region) I want to record the region name. I'm using delegate_to 
> because I have other commands to run that are not on that region.
>
> ---
> - hosts: all
>   gather_facts: false
>   vars:
> host: host1
>
>   tasks:
>
>   - name: "Validate if VM exists on Region"
> shell: source /opt/ibm/powervc/powervcrc.auto && openstack --insecure 
> server show {{host}} |grep -owP 'id.*\|\s\K.*[^\|]+' | awk {' print $1 '}
> register: vm_exist
> delegate_to: "{{ item }}"
> with_lines: cat regions.inv
> ignore_errors: false
>
>
> This currently works - regions.inv is a list of names (region1-pvc, 
> region2-pvc etc). It loops through each entry, connects to the host and 
> runs the shell command. Is it possible to capture the value of {{ item }} 
> for use in other tasks if the shell command returns successfully? I've 
> tried using hostvar, but the powervc node isn't internally called region1. 
> It returns the hostname 'powervc' - the region1-pvc/IP name is just a DNS 
> entry.
>
> Every attempt to use {{ item }} in the next task returns an "undefined" 
> error. This may be a logic issue with how I'm trying to structure my 
> playbooks, but it's currently the only way I can think of doing it. Any 
> suggestions?
>

You should look more closely at the contents of the `vm_exist` variable. It 
contains a list of results, and each result includes the value of `item` 
for that iteration of the loop.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/199bc582-f0c5-4bca-afe2-6536ca4bfcae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Can I combine with_items and when?

[flowerysong]

On Monday, February 26, 2018 at 9:39:10 AM UTC-5, Nico Sabbi wrote:
>
> HI,
> can I combine when: and with_items clauses as in this example?
>
>   become: true
>   become_user: root
>   tasks:
> - block:
>   - debug:
>   msg: "riga {{item}}"
>   - user:
>   name: "{{ item.split(':')[0] }}"
>   home: "{{ item.split(':')[1] }}"
> when: item search(":")
> with_items: [ "abc:def", "yyy.zzz"]
>
> The sad output is the following, indicating that "item" is undefined  in 
> the loop.
>
> TASK [debug] 
> ***
> fatal: [localhost]: FAILED! => {"msg": "The task includes an option with 
> an undefined variable. The error was: 'item' is undefined\n\nThe error 
> appears to have been in '/home/nico2601/block.yml': line 25, column 9, but 
> may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe 
> offending line appears to be:\n\n- block:\n  - debug:\n^ 
> here\n\nexception type:  'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'item' is undefined"}
> to retry, use: --limit @/home/nico2601/block.retry
>

You'll note that this error is from the 'debug' task, which has neither a 
loop nor a 'when' clause. `item` is undefined because `item` has not been 
defined for that task.

If you were attempting to apply the loop to the entire block, that is not 
supported.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2a1feab4-0efc-400e-94c4-079433d09a29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Run pre/post tasks once with serial 1

[flowerysong]

On Thursday, February 15, 2018 at 12:51:23 PM UTC-5, Michael Perzel wrote:
>
> Gah not quite there. I use meta_end play when I calculate that a patch 
> isn't relevant so that we don't spend time decomissioning a host that 
> doesn't need a patch. Problem is this skips the post_tasks if the last 
> server in the group isn't relevant. I tried using handlers but that results 
> in 1 execution per node.
>
> I think I might need to re-think my playbook organization and simplify. I 
> could use a workflow in tower to accomplish this simpler without skipped 
> tasks.
>

Since you want to run 3 sets of tasks on different sets of servers it would 
be a lot cleaner to split your playbook into three plays instead of one:

- hosts: patchgroup[0]
  tasks:
- debug: msg=pre

- hosts: patchgroup
  serial: 1
  tasks:
 - debug: msg=patch

- hosts: patchgroup[0]
  tasks:
- debug: msg=post 

This way you won't have a bunch of skipped tasks and you can end_play 
during patching without affecting your post tasks, since they're a separate 
play.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d4d5647c-f986-4bde-b34f-8dab00a85b3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Yaml statement over multiple lines.

[flowerysong]

On Tuesday, February 13, 2018 at 7:25:24 AM UTC-5, mail.ph...@gmail.com 
wrote:
>
>
> How should I split this dest: statement into multiple lines ?
>
> - copy:
> content: "{{ config.stdout[0] }}"
> *dest: "{{ backup_root }}/{{ inventory_hostname }}/dhcp_leases_{{ 
> ansible_date_time.year }}{{ ansible_date_time.month }}{{ 
> ansible_date_time.day }}{{ ansible_date_time.hour }}{{ 
> ansible_date_time.minute }}{{ ansible_date_time.second }}"*
>

There are multiple ways to do it, but I'd go for something like this:
dest: "{{ [ backup_root, inventory_hostname, 'dhcp_leases_' ~
  ('%Y%m%d%H%M%S' | strftime) ] | join('/') }}"

(If using the time from the facts is important, you can do 
"strftime(ansible_date_time.epoch)" instead of the plain invocation.)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/80449d9d-463f-4436-8ab5-a3dac2d6aa89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Looping over nested inventory items with conditional

[flowerysong]

On Tuesday, February 13, 2018 at 4:02:57 PM UTC-5, Jason Gilfoil wrote:
>
>
> We're migrating from a single load balancer pair for all systems 
> (dev/test/qa/prod) to separate pairs for dev/test and qa/prod. As a result, 
> my previous task to pull nodes from the pool on the load balancer will no 
> longer suffice without some conditional logic. I have a partial solution, 
> but it two issues. 
>
> 1st Issue
> In the following code i'm attempting to make it so that if the server is 
> in the test inventory group, it uses the dev-test f5 pair and if it's not, 
> use the qa-prod f5 pair. The first issue is that it loops over all 
> combinations so the task would essentially execute twice for each f5 
> target. 
>
> https://pastebin.com/ZxkPqvPF
>
> 2nd Issue
> The second problem is that i need to expand the conditional to allow 
> multiple statements. 
>
> I need to find a way to expand this line:
>   msg: "{{ (inventory_hostname in groups['test']) | 
> ternary(hostvars[item[0]].ansible_host,hostvars[item[1]].ansible_host) }}"
> into
>   msg: "{{ (inventory_hostname in groups['test'] OR inventory_hostname 
> in groups['dev']) | 
> ternary(hostvars[item[0]].ansible_host,hostvars[item[1]].ansible_host) }}"
>

 I'm not entirely sure of your constraints, but it seems like you would 
want something more 
like https://gist.github.com/flowerysong/ae18f75d2103b41198149380e8d6fb1c 
rather than a nested loop.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/de494e3c-e47c-4ea9-ab1a-1586eefda4a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.