how to run an if/else test in a task
41 views
Skip to first unread message
Jerome Meyer
May 19, 2020, 10:23:27 AM5/19/20
to Ansible Project
Hi Teams,
I'm looking for to do a test before to execute a task. I need to checkup if my computer has already joined the domain
before to join it. otherwise, the adcli will failed.
When computer isn't in domain, the klist will return a "not found" message and at this time the "join active directory" must be running...
Something goes wrong because this task will not be runned.
Here're the portion of task:
before to join it. otherwise, the adcli will failed.
When computer isn't in domain, the klist will return a "not found" message and at this time the "join active directory" must be running...
Something goes wrong because this task will not be runned.
Here're the portion of task:
[...]
- name: checking if domain already joined
shell: /bin/bash -c "/usr/bin/klist -k|grep -i {{ ansible_hostname }}"
register: ad_join_status
ignore_errors: true
- name: join active directory
shell: /bin/bash -c "/usr/sbin/realm join --one-time-password={{ ad_server_onetime }} {{ ad_server_domain }}"
register: ad_active
args:
executable: /usr/bin/bash
when: ad_join_status == "not found"
[...]Do you have any Idea?
Is my test ok or should be another one?
Is my test ok or should be another one?
Thanks and best regards, J.
IaV
May 19, 2020, 12:54:01 PM5/19/20
to Ansible Project
In the when clause use something like ad_join_status.stdout_lines[0]
to check what it needs to be add
- debug
var: ad_join_status
and see what is there
Stefan Hornburg (Racke)
May 19, 2020, 12:56:47 PM5/19/20
to ansible...@googlegroups.com
On 5/19/20 4:23 PM, Jerome Meyer wrote:
> Hi Teams,
>
> I'm looking for to do a test before to execute a task. I need to checkup if my computer has already joined the domain
> before to join it. otherwise, the adcli will failed.
> When computer isn't in domain, the klist will return a "not found" message and at this time the "join active directory"
> must be running...
> Something goes wrong because this task will not be runned.
> Here're the portion of task:
>
> |
> [...]
> -name:checking ifdomain already joined
> Hi Teams,
>
> I'm looking for to do a test before to execute a task. I need to checkup if my computer has already joined the domain
> before to join it. otherwise, the adcli will failed.
> When computer isn't in domain, the klist will return a "not found" message and at this time the "join active directory"
> must be running...
> Something goes wrong because this task will not be runned.
> Here're the portion of task:
>
> |
> [...]
> shell:/bin/bash -c "/usr/bin/klist -k|grep -i {{ ansible_hostname }}"
> register:ad_join_status
> ignore_errors:true
>
> -name:join active directory
> register:ad_join_status
> ignore_errors:true
>
> shell:/bin/bash -c "/usr/sbin/realm join --one-time-password={{ ad_server_onetime }} {{ ad_server_domain }}"
> register:ad_active
> args:
> executable:/usr/bin/bash
> when:ad_join_status =="not found"
> [...]
> |
Hello Jerome,
> register:ad_active
> args:
> executable:/usr/bin/bash
> when:ad_join_status =="not found"
> [...]
> |
Ansible is not a glorified tool for running shell scripts on the target :-/
At any rate, ad_join_status is not a string. Checkout ad_join_status.stdout (string) or ad_join_status.stdout_lines (list).
Regards
Racke
>
>
> Do you have any Idea?
> Is my test ok or should be another one?
> Thanks and best regards, J.
>
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2c942264-1f50-4b28-97a3-e640c9fb3c98%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/2c942264-1f50-4b28-97a3-e640c9fb3c98%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Jerome Meyer
May 20, 2020, 6:23:14 AM5/20/20
to Ansible Project
Thanks for your reply and tips.
So, has requested I've checked out the stdout message:
I've received only message when the domain already joined, like:
ok: [localhost] => {
"ad_join_status.stdout_lines": [
" 3 server_name@domain",
" 3 server_name@domain",
" 3 server_name@domain",
" 3 host/server_name@domain",
" 3 host/server_name@domain",
[...]Otherwise, the klist cannot start because it doesn't found the file : /etc/krb5.keytab :
# /usr/bin/klist -k|grep -i server_name
klist: Key table file '/etc/krb5.keytab' not found while starting keytab And in this case nothing appears in stdout:
ok: [localhost] =>
ad_join_status.stdout: ''That's means, I should use an another test for checking domain joining... :(
Stefan Hornburg (Racke)
May 20, 2020, 6:39:03 AM5/20/20
to ansible...@googlegroups.com
On 5/20/20 12:23 PM, Jerome Meyer wrote:
> Thanks for your reply and tips.
> So, has requested I've checked out the stdout message:
>
> I've received only message when the domain already joined, like:
>
> |
> ok:[localhost]=>{
> "ad_join_status.stdout_lines":[
> " 3 server_name@domain",
> " 3 server_name@domain",
> " 3 server_name@domain",
> " 3 host/server_name@domain",
> " 3 host/server_name@domain",
> [...]
> |
>
> Otherwise, the klist cannot start because it doesn't found the file : /etc/krb5.keytab :
> |
> # /usr/bin/klist -k|grep -i server_name
> klist:Keytable file '/etc/krb5.keytab'notfound whilestarting keytab
> Thanks for your reply and tips.
> So, has requested I've checked out the stdout message:
>
> I've received only message when the domain already joined, like:
>
> |
> ok:[localhost]=>{
> "ad_join_status.stdout_lines":[
> " 3 server_name@domain",
> " 3 server_name@domain",
> " 3 server_name@domain",
> " 3 host/server_name@domain",
> " 3 host/server_name@domain",
> [...]
> |
>
> Otherwise, the klist cannot start because it doesn't found the file : /etc/krb5.keytab :
> |
> # /usr/bin/klist -k|grep -i server_name
> |
>
> And in this case nothing appears in stdout:
> |
> ok:[localhost]=>
>
> ad_join_status.stdout:''
> |
>
>
> That's means, I should use an another test for checking domain joining... :(
Right, so far this isn't really Ansible related. Determine a command which reliably tells you
>
> And in this case nothing appears in stdout:
> |
> ok:[localhost]=>
>
> ad_join_status.stdout:''
> |
>
>
> That's means, I should use an another test for checking domain joining... :(
whether the domain is already joined *before* you are trying to automate it.
Regards
Racke
>
>
> On Tuesday, May 19, 2020 at 4:23:27 PM UTC+2, Jerome Meyer wrote:
>
> Hi Teams,
>
> I'm looking for to do a test before to execute a task. I need to checkup if my computer has already joined the domain
> before to join it. otherwise, the adcli will failed.
> When computer isn't in domain, the klist will return a "not found" message and at this time the "join active
> directory" must be running...
> Something goes wrong because this task will not be runned.
> Here're the portion of task:
>
> |
> [...]
> shell:/bin/bash -c "/usr/bin/klist -k|grep -i {{ ansible_hostname }}"
> register:ad_join_status
> ignore_errors:true
>
> -name:join active directory
> register:ad_join_status
> ignore_errors:true
>
> shell:/bin/bash -c "/usr/sbin/realm join --one-time-password={{ ad_server_onetime }} {{ ad_server_domain }}"
> register:ad_active
> args:
> executable:/usr/bin/bash
> when:ad_join_status =="not found"
> [...]
> |
>
>
> Do you have any Idea?
> Is my test ok or should be another one?
> Thanks and best regards, J.
>
> register:ad_active
> args:
> executable:/usr/bin/bash
> when:ad_join_status =="not found"
> [...]
> |
>
>
> Do you have any Idea?
> Is my test ok or should be another one?
> Thanks and best regards, J.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2b03d0ae-482f-46e8-a7e7-afb7286f1adc%40googlegroups.com
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/ansible-project/2b03d0ae-482f-46e8-a7e7-afb7286f1adc%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages