I try to write the playbook.yml for my vagrant machine and I'm faced with the following problem.
Ansible prompt me to set these variables and I set these variables to null/false/no/[just enter], but the roles is executed no matter! How can I prevent this behavior? I just want no actions if no vars are set..
---
- name: Deploy Webserver
hosts: webservers
vars_prompt:
run_common: "Run common tasks?"
run_wordpress: "Run Wordpress tasks?"
run_yii: "Run Yii tasks?"
run_mariadb: "Run MariaDB tasks?"
run_nginx: "Run Nginx tasks?"
run_php5: "Run PHP5 tasks?"
roles:
- { role: common, when: run_common is defined }
- { role: mariadb, when: run_mariadb is defined }
- { role: wordpress, when: run_wordpress is defined }
- { role: yii, when: run_yii is defined }
- { role: nginx, when: run_nginx is defined }
- { role: php5, when: run_php5 is defined }
I believe the variables will always be defined when you use vars_prompt, so "is defined" will always be true. What you probably want is something along these lines:
- name: Deploy Webserver
hosts: webservers
vars_prompt:
- name: run_common
prompt: "Product release version"
default: "Y"
roles:
- { role: common, when: run_common == "Y" }
Edit: To answer your question, no it does not throw an error. I made a slightly different version and tested it using ansible 1.4.4:
- name: Deploy Webserver
hosts: localohst
vars_prompt:
- name: run_common
prompt: "Product release version"
default: "N"
roles:
- { role: common, when: run_common == "Y" or run_common == "y" }
And roles/common/tasks/main.yml contains:
- local_action: debug msg="Debug Message"
If you run the above example and just hit Enter, accepting the default, then the role is skipped:
Product release version [N]:
PLAY [Deploy Webserver] *******************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
TASK: [common | debug msg="Debug Message"] ************************************
skipping: [localhost]
PLAY RECAP ********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0
But if you run this and enter Y or y when prompted then the role is executed as desired:
Product release version [N]:y
PLAY [Deploy Webserver] *******************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
TASK: [common | debug msg="Debug Message"] ************************************
ok: [localhost] => {
"item": "",
"msg": "Debug Message"
}
PLAY RECAP ********************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0
Related
I have task to read data from csv file and push result to templates and copy those templates to different servers. however, i am getting error while writing to template. below are details -
main.yml
- name: Print return information from the previous task
vars:
test_csv: "{{ lookup('file', '/u00/ansible/Playbooks/files/newrelic_test.csv', wantlist=True) }}"
ansible.builtin.debug:
var: test_csv
- name: copy template
template:
src: /u00/ansible/Playbooks/files/infra-config.yml_template
dest: /u00/app/monitor/infra-config.yml
with_items: test_csv
notify: confirm copy done
- name: Start the New Relic Service
ansible.builtin.systemd:
name: infra.service
state: started
become: yes
become_user: root
infra-config.yml_template -
custom_attributes:
application : {{ item.Application }}
env : {{ item.env }}
datacenter : {{ item.Datacenter }}
log:
file: /u00/app/monitor/infra.log
csv file content
Application,Host,env,Datacenter
Microsoft,testserver1,TEST,DC1
Apple,testserver2,TEST,DC2
error -
> TASK [config-update : copy template]
> ******************************************* [0;31mAn exception occurred during task execution. To see the full traceback, use -vvv.
> The error was: ansible.errors.AnsibleUndefinedVariable:
> 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute
> 'db_name'[0m [0;31mfailed: [testserver1]
> (item=test_csv) => {"ansible_loop_var": "item", "changed": false,
> "item": "test_csv", "msg": "AnsibleUndefinedVariable:
> 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute
> 'db_name'"}
Expectation is to read csv file and use variables in template in different servers.
testserver1 -
> custom_attributes: application : Microsoft env : Test datacenter : DC1
> log: file: /u00/app/monitor/infra.log
testserver2 -
> custom_attributes: application : Apple env : Test datacenter : DC1
> log: file: /u00/app/monitor/infra.log
There are few things to fix in your playbook. First, you are defining your test_csv variable inside a task and it cannot be accessible by other tasks. You can use register instead. However, the first task returns a list but with one string like this "test_csv": ["Application,Host,env,Datacenter\nMicrosoft,testserver1,TEST,DC1 \nApple,testserver2,TEST,DC2"] which only results one item in the test_csv list.
You can achieve this by using read_csv module as well. Below I demonstrate how:
Note that I have added a condition using inventory_hostname on the copy template task since you might want to target each csv line according to its hostname. You can modify this according to your needs.
Csv file content:
Application,Host,env,Datacenter
Microsoft,localhost,TEST,DC1
Apple,testserver2,TEST,DC2
Example of playbook for testing:
- name: Check status
hosts: localhost
gather_facts: no
tasks:
- name: read csv file and return a list
read_csv:
path: test.csv
register: applications
- name: Ouput applications from previous task
debug:
msg: "{{ item.Application }}"
loop: "{{ applications.list }}"
- name: copy template
template:
src: src.yml_template ##I would recommendr to use .j2 jinja template instead.
dest: dest.yml
loop: "{{ applications.list }}"
when: inventory_hostname == item.Host
src.yml_template content:
custom_attributes:
application : {{ item.Application }}
env : {{ item.env }}
datacenter : {{ item.Datacenter }}
log:
file: /u00/app/monitor/infra.log
Gives in dest.yml:
custom_attributes:
application : Microsoft
env : TEST
datacenter : DC1
log:
file: /u00/app/monitor/infra.log
Cli output:
PLAY [Check status] **********************************************************************************************************************************************************
TASK [read csv file and return a list] ***************************************************************************************************************************************
ok: [localhost]
TASK [Ouput applications from previous task] *********************************************************************************************************************************
ok: [localhost] => (item={'Application': 'Microsoft', 'Host': 'localhost', 'env': 'TEST', 'Datacenter': 'DC1 '}) => {
"msg": "Microsoft"
}
ok: [localhost] => (item={'Application': 'Apple', 'Host': 'testserver2', 'env': 'TEST', 'Datacenter': 'DC2'}) => {
"msg": "Apple"
}
TASK [copy template] *********************************************************************************************************************************************************
changed: [localhost] => (item={'Application': 'Microsoft', 'Host': 'localhost', 'env': 'TEST', 'Datacenter': 'DC1 '})
skipping: [localhost] => (item={'Application': 'Apple', 'Host': 'testserver2', 'env': 'TEST', 'Datacenter': 'DC2'})
I'm trying to configure a replicaset of mongodb using ansible,
I succeeded to install mongoDB on the primary server and created the replica-set configuration file except when I launch the playbook, I get an error of type: MongoNetworkError: connect ECONNREFUSED 3.142.150.62:28041
Does anyone have an idea please how to solve this?
attached, the playbook and the error on the Jenkins console
Playbook:
---
- name: Play1
hosts: hhe
#connection: local
become: true
#remote_user: ec2-user
#remote_user: root
tasks:
- name: Install gnupg
package:
name: gnupg
state: present
- name: Import the public key used by the package management system
shell: wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
- name: Create a list file for MongoDB
shell: echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
- name: Reload local package database
command: sudo apt-get update
- name: Installation of mongodb-org
package:
name: mongodb-org
state: present
update_cache: yes
- name: Start mongodb
service:
name: mongod
state: started
enabled: yes
- name: Play2
hosts: hhe
become: true
tasks:
- name: create directories on all the EC2 instances
shell: mkdir -p replicaset/member
- name: Play3
hosts: secondary1
become: true
tasks:
- name: Start mongoDB with the following command on secondary1
shell: nohup mongod --port 28042 --bind_ip localhost,ec2-18-191-39-71.us-east-2.compute.amazonaws.com --replSet replica_demo --dbpath replicaset/member &
- name: Play4
hosts: secondary2
become: true
tasks:
- name: Start mongoDB with the following command on secondary2
shell: nohup mongod --port 28043 --bind_ip localhost,ec2-18-221-31-81.us-east-2.compute.amazonaws.com --replSet replica_demo --dbpath replicaset/member &
- name: Play5
hosts: arbiter
become: true
tasks:
- name: Start mongoDB with the following command on arbiter
shell: nohup mongod --port 27018 --bind_ip localhost,ec2-13-58-35-255.us-east-2.compute.amazonaws.com --replSet replica_demo --dbpath replicaset/member &
- name: Play6
hosts: primary
become: true
tasks:
- name: Start mongoDB with the following command on primary
shell: nohup mongod --port 28041 --bind_ip localhost,ec2-3-142-150-62.us-east-2.compute.amazonaws.com --replSet replica_demo --dbpath replicaset/member &
- name: Create replicaset initialize file
copy:
dest: /tmp/replicaset_conf.js
mode: "u=rw,g=r,o=rwx"
content: |
var cfg =
{
"_id" : "replica_demo",
"version" : 1,
"members" : [
{
"_id" : 0,
"host" : "3.142.150.62:28041"
},
{
"_id" : 1,
"host" : "18.191.39.71:28042"
},
{
"_id" : 2,
"host" : "18.221.31.81:28043"
}
]
}
rs.initiate(cfg)
- name: Pause for a while
pause: seconds=20
- name: Initialize the replicaset
shell: mongo /tmp/replicaset_conf.js
The error on Jenkins Consol:
PLAY [Play6] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [primary]
TASK [Start mongoDB with the following command on primary] *********************
changed: [primary]
TASK [Create replicaset initialize file] ***************************************
ok: [primary]
TASK [Pause for a while] *******************************************************
Pausing for 20 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [primary]
TASK [Initialize the replicaset] ***********************************************
fatal: [primary]: FAILED! => {"changed": true, "cmd": "/usr/bin/mongo 3.142.150.62:28041 /tmp/replicaset_conf.js", "delta": "0:00:00.146406", "end": "2022-08-11 09:46:07.195269", "msg": "non-zero return code", "rc": 1, "start": "2022-08-11 09:46:07.048863", "stderr": "", "stderr_lines": [], "stdout": "MongoDB shell version v5.0.10\nconnecting to: mongodb://3.142.150.62:28041/test?compressors=disabled&gssapiServiceName=mongodb\nError: couldn't connect to server 3.142.150.62:28041, connection attempt failed: SocketException: Error connecting to 3.142.150.62:28041 :: caused by :: Connection refused :\nconnect#src/mongo/shell/mongo.js:372:17\n#(connect):2:6\nexception: connect failed\nexiting with code 1", "stdout_lines": ["MongoDB shell version v5.0.10", "connecting to: mongodb://3.142.150.62:28041/test?compressors=disabled&gssapiServiceName=mongodb", "Error: couldn't connect to server 3.142.150.62:28041, connection attempt failed: SocketException: Error connecting to 3.142.150.62:28041 :: caused by :: Connection refused :", "connect#src/mongo/shell/mongo.js:372:17", "#(connect):2:6", "exception: connect failed", "exiting with code 1"]}
You start the service already with
service:
name: mongod
state: started
enabled: yes
thus shell: nohup mongod ... & is pointless. You cannot start the mongod service multiple times, unless you use different port and dbPath. You should prefer to start the mongod as service, i.e. systemctl start mongod or similar instead of nohup mongod ... &. I prefer to use the configuration file (typically /etc/mongod.conf) rather than command line options.
Plain mongo command uses the default port 27017, i.e. it does not connect to the MongoDB instances you started in above task.
You should wait till replica set is initated. You can do it like this:
content: |
var cfg =
{
"_id" : "replica_demo",
"version" : 1,
"members" : [
{
"_id" : 0,
"host" : "3.142.150.62:28041"
},
{
"_id" : 1,
"host" : "18.191.39.71:28042"
},
{
"_id" : 2,
"host" : "18.221.31.81:28043"
}
]
}
rs.initiate(cfg)
while (! db.hello().isWritablePrimary ) { sleep(1000) }
You configured an ARBITER. However, an arbiter node is useful only with an even number of Replica Set members. With 3 members it does not make much sense. Anyway, you don't add the arbiter to your Replica Set, so what is the reason to define it?
Just a note, you don't have to create a temp file, you can execute script directly, e.g. similar to this:
shell:
cmd: mongo --eval '{{ script }}'
executable: /bin/bash
vars:
script: |
var cfg =
{
"_id" : "replica_demo",
...
}
rs.initiate(cfg)
while (! db.hello().isWritablePrimary ) { sleep(1000) }
print(rs.status().ok)
register: ret
failed_when: ret.stdout_lines | last != "1"
Be aware of correct quoting.
Question is similar to this one: Replace a line in a config file with ansible . Difference is that my playbook is first copying a file to a destination and then editing that same file after it's been copied. Also I'm using variables to replace the string, however it isn't changing the lines that contain the particular string site_name in the conf file.
Playbook;
---
- hosts: server-test2
become: true
vars:
site_name: bokucasinon.com
tasks:
- name: Configuring nginx for the new site
template:
src: ../provision-server/nginx.j2
dest: /etc/nginx/conf.d/{{site_name}}.conf
mode: 064
- name: Configuring nginx for the new site
become: true
lineinfile:
dest: /etc/nginx/conf.d/{{site_name}}.conf
regexp: '^(.*)site_name(.*)$'
line: "{{site_name}}"
backrefs: yes
Output:
TASK [Configuring nginx for the new site] **************************************************************
task path: /home/melvmagr/repos/ansible/provision-server/wp-db-nginx-conf.yml:10
ok: [server-test2] => {"changed": false, "checksum": "904d19dde94ad38672d751246fd2680ce297244d", "dest": "/etc/nginx/conf.d/bokucasinon.com.conf", "gid": 0, "group": "root", "mode": "0064", "owner": "root", "path": "/etc/nginx/conf.d/bokucasinon.com.conf", "size": 4232, "state": "file", "uid": 0}
TASK [Configuringg nginx for the new site] *************************************************************
task path: /home/melvmagr/repos/ansible/provision-server/wp-db-nginx-conf.yml:15
ok: [server-test2] => {"backup": "", "changed": false, "msg": ""}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************************************
server-test2 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
As one can see, changed=0 and upon checking the conf file it remains site_name instead of bokucasinon.com
Another thing I tried was to use the replace module but got same output.
replace:
path: /etc/nginx/conf.d/{{site_name}}.conf
regexp: '(^site_name)(.*)$'
replace: '{{site_name}}'
Any ideas why this is happening or what I'm doing wrong?
Thanks in advance
Appreciate all of you for the help but I've managed to find what I was looking for, after lots of trials and errors. I did indeed need to use the ansible.builtin.replace module. Apparently what I was using (the lineinfile module) was not made for changing ALL the lines that contain a particular string (reference: https://www.middlewareinventory.com/blog/ansible-lineinfile-examples/) so basically just to put things into perspective, I needed to change my playbook with the following;
- name: Configuring nginx for the new site
become: true
template:
src: ../provision-server/nginx.j2
dest: /etc/nginx/conf.d/{{site_name}}.conf
mode: 064
- name: Configuring nginx for the new site
become: yes
become_user: root
ansible.builtin.replace:
path: /etc/nginx/conf.d/{{site_name}}.conf
regexp: 'sitename.com'
replace: "{{site_name}}"
I know the "guest" user is the default for RabbitMQ, but I thought I'd configured everything to use different names.
My stack is Django / Celery / RabbitMQ, running in Docker.
First up, the error - I jst get loads of these - every few seconds:
rabbitmq_1 | 2020-07-29 08:28:00.775 [warning] <0.1234.0> HTTP access denied: user 'guest' - invalid credentials
rabbitmq_1 | 2020-07-29 08:28:05.775 [warning] <0.1240.0> HTTP access denied: user 'guest' - invalid credentials
rabbitmq_1 | 2020-07-29 08:28:10.776 [warning] <0.1246.0> HTTP access denied: user 'guest' - invalid credentials
rabbitmq_1 | 2020-07-29 08:28:15.776 [warning] <0.1252.0> HTTP access denied: user 'guest' - invalid credentials
rabbitMQ Dockerfile
FROM rabbitmq:management-alpine
ENV RABBITMQ_USER rabbit_user
ENV RABBITMQ_PASSWORD rabbit_user
ADD rabbitmq.conf /etc/rabbitmq/
ADD definitions.json /etc/rabbitmq/
RUN chown rabbitmq:rabbitmq /etc/rabbitmq/rabbitmq.conf /etc/rabbitmq/definitions.json
CMD ["rabbitmq-server"]
rabbitmq.conf
management.load_definitions = /etc/rabbitmq/definitions.json
definitions.json
{
"users": [
{
"name": "rabbit_user",
"password": "rabbit_user",
"tags": ""
},
{
"name": "admin",
"password": "admin",
"tags": "administrator"
}
],
"vhosts": [
{
"name": "\/phoenix"
}
],
"permissions": [
{
"user": "rabbit_user",
"vhost": "\/phoenix",
"configure": ".*",
"write": ".*",
"read": ".*"
}
],
"parameters": [],
"policies": [],
"exchanges": [],
"bindings": [],
"queues": [
{
"name": "high_prio",
"vhost": "\/phoenix",
"durable": true,
"auto_delete": false,
"arguments": {}
},
{
"name": "low_prio",
"vhost": "\/phoenix",
"durable": true,
"auto_delete": false,
"arguments": {}
}
]
}
docker-compose.yml
rabbitmq:
build:
context: ./rabbitmq
dockerfile: Dockerfile
# image: rabbitmq:3-management-alpine
ports:
- "15672:15672" # RabbitMQ management plugin
environment:
- RABBITMQ_DEFAULT_USER=rabbit_user
- RABBITMQ_DEFAULT_PASS=rabbit_user
- RABBITMQ_DEFAULT_VHOST=phoenix
expose:
- "5672" # Port exposed between docker containers
depends_on:
- db
- cache
celery_worker:
<<: *django
command: bash -c "celery -A phoenix.celery worker --loglevel=INFO -n worker1#%h"
environment:
- DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
- EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
- DJANGO_SETTINGS=${DJANGO_SETTINGS}
# HC the rabbit user. Not secure obvs, but OK for PoC.
- RABBITMQ_DEFAULT_USER=rabbit_user
- RABBITMQ_DEFAULT_PASS=rabbit_user
ports: []
links:
- rabbitmq
- cache
depends_on:
- db
- cache
- rabbitmq
settings.py
CELERY_BROKER_URL = "amqp://rabbit_user:rabbit_user#rabbitmq:5672/phoenix"
CELERY_BROKER_VHOST = "phoenix"
CELERY_RESULT_BACKEND = "django-db"
CELERY_CACHE_BACKEND = "default"
CELERY_TIME_ZONE = TIME_ZONE
I had it all working before when I just pulled the default rabbitMQ container in the docker-compose yaml file. Now I've created a specific Dockerfile for rabbitMQ, and setup rabbit_user and the vhost "phoenix". It all seems to be working - tasks are run, I see the message stats in the rabbit console, but I'm suffering these random "guest" login attempts. The word "guest" appears nowhere in my codebase, so somewhere RabbitMQ is using the default not "rabbit_user", but I can't see where.
Rather typical that I solve this by "fixing" something else ..
I noticed in my RMQ panel that the low_prio and high_prio queues had vhost "/phoenix", while the celery workers had vhost "phoenix" (I'd thought the RMQ config required the leading slash from my reading). I amended this so that all queues were allocated to "phoenix", and the mystery guest login disappeared.
I can only assume that since Celery was configured for the vhost "phoenix", that "/phoenix" was treated as s different vhost, with no users assigned to it, so RabbitMQ tried to use the "guest" default.
Not entirely sure why things were connecting to it - I'd sent nothing to those queues yet - but in case somebody else has this issue, this is what solved it for me.
I am using below tasks in my playbook to initialize cluster and add secondary to primary:
- name: Initialize replica set
run_once: true
delegate_to: host1
shell: >
mongo --eval 'printjson(rs.initiate())'
- name: Format secondaries
run_once: true
local_action:
module: debug
msg: '"{{ item }}:27017"'
with_items: ['host2', 'host3']
register: secondaries
- name: Add secondaries
run_once: true
delegate_to: host1
shell: >
/usr/bin/mongo --eval 'printjson(rs.add({{ item.msg }}))'
with_items: secondaries.results
I am getting below error:
TASK [mongodb-setup : Add secondaries] *******************************
fatal: [host1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.utils.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'msg'\n\nThe error appears to have been in '/var/lib/awx/projects/_dev/roles/mongodb-setup/tasks/users.yml': line 15, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Add secondaries\n ^ here\n"}
Thanks for the response, I have amended my code as below
- name: Add secondaries
run_once: true
delegate_to: host-1
shell: >
/usr/bin/mongo --eval 'printjson(rs.add({{ item }}:27017))'
with_items:
- host2
- host3
but getting below error
failed: [host-2 -> host-1] (item=host-2) => {"changed": true, "cmd": "/usr/bin/mongo --eval 'printjson(rs.add(host-2:27017))'", "delta": "0:00:00.173077", "end": "2019-08-06 13:29:09.422560", "item": "host-2", "msg": "non-zero return code", "rc": 252, "start": "2019-08-06 13:29:09.249483", "stderr": "", "stderr_lines": [], "stdout": "MongoDB shell version: 3.2.22\nconnecting to: test\n2019-08-06T13:29:09.419-0500 E QUERY [thread1] SyntaxError: missing ) after argument list #(shell eval):1:37", "stdout_lines": ["MongoDB shell version: 3.2.22", "connecting to: test", "2019-08-06T13:29:09.419-0500 E QUERY [thread1] SyntaxError: missing ) after argument list #(shell eval):1:37"]}
You issue is not with rs.add() but with the data you loop over. In your last task, your item list is a single string.
# Wrong #
with_items: secondaries.results
You want to pass an actual list form your previously registered result:
with_items: "{{ secondaries.results }}"
That being said, registering the result of a debug task is rather odd. You should use set_fact to register what you need in a var, or better directly loop other your list of hosts in your task. It also looks like the rs.add funcion is exepecting a string so you should quote the argument in your eval. Something like:
- name: Add secondaries
shell: >
/usr/bin/mongo --eval 'printjson(rs.add("{{ item }}:27017"))'
with_items:
- host2
- host3
And the way you use delegation seems rather strange to me in this context but it's hard to give any valid clues without a complete playbook example of what you are trying to do (that you might give in a new question if necessary).