ansible and grep
364 views
Skip to first unread message
Dimitar Hristov
Aug 26, 2015, 9:40:05 AM8/26/15
to Ansible Project
Hi Guys,
I'm working on a playbook, which sets up sftp accounts and changes some rules in iptables. What I need is to check whether an IP address is added in the firewall. My tasks, when I use "grep", fail. Here are the tasks:
###################
# # doesn't work
# - name: Test
# shell: grep {{ owner }} /etc/ssh/sshd_config
# register: test_output
#
# - debug: msg={{ test_output.stdout }}
##################
# this doesn't work for some reason
# - name: Check if the ip address exists in /etc/fw
# shell: grep "{{ ip_address }}" /etc/fw
# register: shell_output
# doesn't work too
- name: Check if ip address is in the firewall
shell: iptables -L -n | grep "{{ ip_address }}"
register: iptables_output
- debug: msg={{ iptables_output.stdout }}
# - debug: msg={{ shell_output.stdout }}
Here's the error (run against 2 hosts), with -vvvv:
TASK: [create-sftp | Check if ip address is in the firewall] ******************
<bgva-cos7-test1> ESTABLISH CONNECTION FOR USER: dimitar
<bgva-cos7-test2> ESTABLISH CONNECTION FOR USER: dimitar
<bgva-cos7-test1> REMOTE_MODULE command iptables -L -n | grep "200.100.50.1" #USE_SHELL
<bgva-cos7-test2> REMOTE_MODULE command iptables -L -n | grep "200.100.50.1" #USE_SHELL
<bgva-cos7-test1> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test1 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319 && echo $HOME/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319'
<bgva-cos7-test2> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test2 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004 && echo $HOME/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004'
<bgva-cos7-test1> PUT /tmp/tmpTzNNO9 TO /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319/command
<bgva-cos7-test2> PUT /tmp/tmpqOc14s TO /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004/command
<bgva-cos7-test1> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test1 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=frjrmedozkhjgxxuonfotcxzpdkytwbu] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-frjrmedozkhjgxxuonfotcxzpdkytwbu; LANG=C LC_CTYPE=C /usr/bin/python /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319/command; rm -rf /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319/ >/dev/null 2>&1'"'"''
<bgva-cos7-test2> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test2 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=ezmydxmmvjdksoohxzupfpnyfuhqnnou] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ezmydxmmvjdksoohxzupfpnyfuhqnnou; LANG=C LC_CTYPE=C /usr/bin/python /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004/command; rm -rf /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004/ >/dev/null 2>&1'"'"''
failed: [bgva-cos7-test1] => {"changed": true, "cmd": "iptables -L -n | grep \"200.100.50.1\"", "delta": "0:00:00.005236", "end": "2015-08-26 16:03:34.189480", "rc": 1, "start": "2015-08-26 16:03:34.184244", "warnings": []}
failed: [bgva-cos7-test2] => {"changed": true, "cmd": "iptables -L -n | grep \"200.100.50.1\"", "delta": "0:00:00.005521", "end": "2015-08-26 16:03:34.143277", "rc": 1, "start": "2015-08-26 16:03:34.137756", "warnings": []}
FATAL: all hosts have already failed -- aborting
Any idea what's wrong with the playbook?
Regards,
DH
I'm working on a playbook, which sets up sftp accounts and changes some rules in iptables. What I need is to check whether an IP address is added in the firewall. My tasks, when I use "grep", fail. Here are the tasks:
###################
# # doesn't work
# - name: Test
# shell: grep {{ owner }} /etc/ssh/sshd_config
# register: test_output
#
# - debug: msg={{ test_output.stdout }}
##################
# this doesn't work for some reason
# - name: Check if the ip address exists in /etc/fw
# shell: grep "{{ ip_address }}" /etc/fw
# register: shell_output
# doesn't work too
- name: Check if ip address is in the firewall
shell: iptables -L -n | grep "{{ ip_address }}"
register: iptables_output
- debug: msg={{ iptables_output.stdout }}
# - debug: msg={{ shell_output.stdout }}
Here's the error (run against 2 hosts), with -vvvv:
TASK: [create-sftp | Check if ip address is in the firewall] ******************
<bgva-cos7-test1> ESTABLISH CONNECTION FOR USER: dimitar
<bgva-cos7-test2> ESTABLISH CONNECTION FOR USER: dimitar
<bgva-cos7-test1> REMOTE_MODULE command iptables -L -n | grep "200.100.50.1" #USE_SHELL
<bgva-cos7-test2> REMOTE_MODULE command iptables -L -n | grep "200.100.50.1" #USE_SHELL
<bgva-cos7-test1> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test1 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319 && echo $HOME/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319'
<bgva-cos7-test2> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test2 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004 && echo $HOME/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004'
<bgva-cos7-test1> PUT /tmp/tmpTzNNO9 TO /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319/command
<bgva-cos7-test2> PUT /tmp/tmpqOc14s TO /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004/command
<bgva-cos7-test1> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test1 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=frjrmedozkhjgxxuonfotcxzpdkytwbu] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-frjrmedozkhjgxxuonfotcxzpdkytwbu; LANG=C LC_CTYPE=C /usr/bin/python /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319/command; rm -rf /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-64676685734319/ >/dev/null 2>&1'"'"''
<bgva-cos7-test2> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/dimitar/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 bgva-cos7-test2 /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=ezmydxmmvjdksoohxzupfpnyfuhqnnou] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ezmydxmmvjdksoohxzupfpnyfuhqnnou; LANG=C LC_CTYPE=C /usr/bin/python /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004/command; rm -rf /home/dimitar/.ansible/tmp/ansible-tmp-1440594213.1-88397253344004/ >/dev/null 2>&1'"'"''
failed: [bgva-cos7-test1] => {"changed": true, "cmd": "iptables -L -n | grep \"200.100.50.1\"", "delta": "0:00:00.005236", "end": "2015-08-26 16:03:34.189480", "rc": 1, "start": "2015-08-26 16:03:34.184244", "warnings": []}
failed: [bgva-cos7-test2] => {"changed": true, "cmd": "iptables -L -n | grep \"200.100.50.1\"", "delta": "0:00:00.005521", "end": "2015-08-26 16:03:34.143277", "rc": 1, "start": "2015-08-26 16:03:34.137756", "warnings": []}
FATAL: all hosts have already failed -- aborting
Any idea what's wrong with the playbook?
Regards,
DH
Brian Coca
Aug 26, 2015, 10:06:54 AM8/26/15
to Ansible Project
it seems to be working 'as written', grep is not finding the ip, so it
returns rc=1 which ansible interprets as the task failing, you can use
ignore_errors or failed_when to bypass this 'failure' as you just seem
to care if the grep found something or not.
--
Brian Coca
returns rc=1 which ansible interprets as the task failing, you can use
ignore_errors or failed_when to bypass this 'failure' as you just seem
to care if the grep found something or not.
--
Brian Coca
Dimitar Hristov
Aug 27, 2015, 6:29:20 AM8/27/15
to Ansible Project
Yes, when I set ignore_errys the tasks work properly. Thanks!
Reply all
Reply to author
Forward
0 new messages