Question on the multiple loop structure in my playbook
45 views
Skip to first unread message
Deepak B K
Aug 24, 2023, 6:51:59 AM8/24/23
to Ansible Project
Hi All ,
I trying to modify the sshd_config parameter using the lineinfile ansible module . I would like to delegate this to multiple host . As we have used the loop twice its unable to resolve the loop structure.
vars:
ssh_delegate_hosts:
- "192.50.26.248"
- "192.50.27.248"
ssh_delegate_hosts:
- "192.50.26.248"
- "192.50.27.248"
- name: Change configuration in sshd_config
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { regexp: '^AllowTcpForwarding', line: 'AllowTcpForwarding yes' }
- { regexp: '^AllowAgentForwarding', line: 'AllowAgentForwarding yes' }
loop: "{{ ssh_delegate_hosts }}"
delegate_to: "{{ item }}"
path: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { regexp: '^AllowTcpForwarding', line: 'AllowTcpForwarding yes' }
- { regexp: '^AllowAgentForwarding', line: 'AllowAgentForwarding yes' }
loop: "{{ ssh_delegate_hosts }}"
delegate_to: "{{ item }}"
Need your valuable feedback of how to loop both the lines and loop the hosts .
Thanks and Regards,
Deepak Kumar
Will McDonald
Aug 24, 2023, 9:16:53 AM8/24/23
to ansible...@googlegroups.com
You haven't described the actual overarching thing you're trying to do with this, sometimes describing the larger task can be useful in terms of providing better guidance.
But reading between the lines, is there any reason you can't place your intended delegation hosts into an inventory group and address them directly? For example if they're getting special treatment as intended jumphosts or similar. Group them accordingly and run the bits of automation that's unique to that intended system role against those group members.
I'd also tend to prefer a Jinja template over lineinfile for config if possible especially if you need to accommodate different conditional scenarios. It's potentially a little more effort to start, but will save you pain in the long run.
That said, I think you can probably achieve what you're trying to do with a product filter? (There's probably easier ways to get the outcome you want too.)
Here's a simplified example, you'd need to modify slightly to pull out the specific elements:
- name: debug vars
hosts: localhost
gather_facts: no
vars:
delegates:
- host1
- host2
regexes:
- regex: AllowTcpForwarding
line: AllowTcpForwarding yes
- regex: AllowAgentForwarding
line: AllowAgentForwarding yes
tasks:
- name: Do some stuff
debug:
msg: "Doing {{ item.1 }} on {{ item.0 }}"
delegate_to: "{{ item.0 }}"
loop: "{{ delegates | product(regexes) | list }}"
hosts: localhost
gather_facts: no
vars:
delegates:
- host1
- host2
regexes:
- regex: AllowTcpForwarding
line: AllowTcpForwarding yes
- regex: AllowAgentForwarding
line: AllowAgentForwarding yes
tasks:
- name: Do some stuff
debug:
msg: "Doing {{ item.1 }} on {{ item.0 }}"
delegate_to: "{{ item.0 }}"
loop: "{{ delegates | product(regexes) | list }}"
Which would do:
(ansible)$ ansible-playbook test/debug.yml
PLAY [debug vars] ******************************************************************************************************
TASK [Do some stuff] ***************************************************************************************************
ok: [localhost -> host1] => (item=['host1', {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'} on host1"
}
ok: [localhost -> host1] => (item=['host1', {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'} on host1"
}
ok: [localhost -> host2] => (item=['host2', {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'} on host2"
}
ok: [localhost -> host2] => (item=['host2', {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'} on host2"
}
PLAY RECAP *************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
PLAY [debug vars] ******************************************************************************************************
TASK [Do some stuff] ***************************************************************************************************
ok: [localhost -> host1] => (item=['host1', {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'} on host1"
}
ok: [localhost -> host1] => (item=['host1', {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'} on host1"
}
ok: [localhost -> host2] => (item=['host2', {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowTcpForwarding', 'line': 'AllowTcpForwarding yes'} on host2"
}
ok: [localhost -> host2] => (item=['host2', {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'}]) => {
"msg": "Doing {'regex': 'AllowAgentForwarding', 'line': 'AllowAgentForwarding yes'} on host2"
}
PLAY RECAP *************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5cd5230e-f36e-4990-b0ae-2820be5e2d0dn%40googlegroups.com.
Deepak B K
Aug 25, 2023, 6:57:46 AM8/25/23
to Ansible Project
Thank you very much you have in detail describe to handle multiple loops by using the product and list in the ansible playbook . Basically this was a admin script out of box requirements as we are not include in our repository so that the reason we could not leverage the out environmental inventory.
Once again Thank you so much .. I appreciate the help .
Thanks
Deepak Kumar
Reply all
Reply to author
Forward
0 new messages