Trouble using with_items and when: stdout == 0
261 views
Skip to first unread message
Patrick Ansible-ML
Sep 13, 2014, 6:19:52 PM9/13/14
to ansible...@googlegroups.com
Hi,
I'm trying to do two simple things:
- check if a user is present in sshd_config AllowUsers
- if not, add the user to the AllowUsers line
Sounds simple enough yet my Ansible foo is still lacking severly. The
problem is that the last task is always skipped.
vars:
allowusers:
- testuser
- patrick
tasks:
- name: Check if build user is in ssh AllowUsers
shell: grep -i -m1 -c {{ item }} /etc/ssh/sshd_config
with_items: allowusers
ignore_errors: True
register: check_allowusers
- debug: var=check_allowusers
- name: Add user to AllowUsers
shell: "sed -i 's|^AllowUsers |AllowUsers {{ item }} |'
/etc/ssh/sshd_config"
with_items: check_allowusers.results
when: item.stdout == 0
Here is the output from debug: var=check_allowusers:
TASK: [builder | debug var=check_allowusers] ****
ok: [test.local] => {
"check_allowusers": {
"changed": true,
"failed": true,
"msg": "One or more items failed.",
"results": [
{
"changed": true,
"cmd": "grep -i -m1 -c testuser /etc/ssh/sshd_config",
"delta": "0:00:00.005375",
"end": "2014-09-13 20:03:37.564863",
"invocation": {
"module_args": "grep -i -m1 -c testuser
/etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "testuser",
"rc": 1,
"start": "2014-09-13 20:03:37.559488",
"stderr": "",
"stdout": "0"
},
{
"changed": true,
"cmd": "grep -i -m1 -c patrick /etc/ssh/sshd_config",
"delta": "0:00:01.005767",
"end": "2014-09-13 20:03:38.671370",
"invocation": {
"module_args": "grep -i -m1 -c patrick
/etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "patrick",
"rc": 0,
"start": "2014-09-13 20:03:37.665603",
"stderr": "",
"stdout": "1"
}
]
}
}
If there isn't a better best practice way to do this then how do I make
this work?
Thanks,
Patrick
I'm trying to do two simple things:
- check if a user is present in sshd_config AllowUsers
- if not, add the user to the AllowUsers line
Sounds simple enough yet my Ansible foo is still lacking severly. The
problem is that the last task is always skipped.
vars:
allowusers:
- testuser
- patrick
tasks:
- name: Check if build user is in ssh AllowUsers
shell: grep -i -m1 -c {{ item }} /etc/ssh/sshd_config
with_items: allowusers
ignore_errors: True
register: check_allowusers
- debug: var=check_allowusers
- name: Add user to AllowUsers
shell: "sed -i 's|^AllowUsers |AllowUsers {{ item }} |'
/etc/ssh/sshd_config"
with_items: check_allowusers.results
when: item.stdout == 0
Here is the output from debug: var=check_allowusers:
TASK: [builder | debug var=check_allowusers] ****
ok: [test.local] => {
"check_allowusers": {
"changed": true,
"failed": true,
"msg": "One or more items failed.",
"results": [
{
"changed": true,
"cmd": "grep -i -m1 -c testuser /etc/ssh/sshd_config",
"delta": "0:00:00.005375",
"end": "2014-09-13 20:03:37.564863",
"invocation": {
"module_args": "grep -i -m1 -c testuser
/etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "testuser",
"rc": 1,
"start": "2014-09-13 20:03:37.559488",
"stderr": "",
"stdout": "0"
},
{
"changed": true,
"cmd": "grep -i -m1 -c patrick /etc/ssh/sshd_config",
"delta": "0:00:01.005767",
"end": "2014-09-13 20:03:38.671370",
"invocation": {
"module_args": "grep -i -m1 -c patrick
/etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "patrick",
"rc": 0,
"start": "2014-09-13 20:03:37.665603",
"stderr": "",
"stdout": "1"
}
]
}
}
If there isn't a better best practice way to do this then how do I make
this work?
Thanks,
Patrick
Michael DeHaan
Sep 14, 2014, 9:38:15 AM9/14/14
to ansible...@googlegroups.com
The stdout in one case is "0" and another is "1" so this seems to be working as designed.
As such, I think this would be the way your system is setup (aka it works correctly) or your grep needs modification.
Ansible *appears* to be doing what you want.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5414C302.8030703%40puzzled.xs4all.nl.
For more options, visit https://groups.google.com/d/optout.
Patrick Ansible-ML
Sep 14, 2014, 10:30:10 AM9/14/14
to ansible...@googlegroups.com
Hi Michael,
Thank you for your feedback.
On 14-09-14 15:38, Michael DeHaan wrote:
> The stdout in one case is "0" and another is "1" so this seems to be
> working as designed.
>
> As such, I think this would be the way your system is setup (aka it
> works correctly) or your grep needs modification.
>
> Ansible *appears* to be doing what you want.
Tried more stuff and got a useful error. It appears that Ansible does
not pass in the *name* from the 'allowuser' list as item in the sed
command but instead throws in *all* the 'results' text:
"cmd": "sed -i 's|^AllowUsers |AllowUsers {u'changed': True, ...
Obviously that will make sed fail. So what do I need to change to make
it use just the name from the 'allowuser' list?
Full error:
TASK: [builder | builder | Add user to AllowUsers]
****************************
failed: [test.nl] => (item={u'stdout': u'0', u'changed': True, u'end':
u'2014-09-14 16:07:04.437150', 'item': u'testuser', u'cmd': u'grep -i -c
testuser /etc/ssh/sshd_config', u'rc': 1, u'start': u'2014-09-14
16:07:04.433035', u'stderr': u'', u'delta': u'0:00:00.004115',
'invocation': {'module_name': u'shell', 'module_args': u'grep -i -c
testuser /etc/ssh/sshd_config'}}) => {"changed": true, "cmd": "sed -i
's|^AllowUsers |AllowUsers {u'changed': True, u'end': u'2014-09-14
16:07:04.437150', u'stdout': u'0', u'cmd': u'grep -i -c testuser
/etc/ssh/sshd_config', 'item': u'testuser', u'delta': u'0:00:00.004115',
u'stderr': u'', u'rc': 1, 'invocation': {'module_name': u'shell',
'module_args': u'grep -i -c testuser /etc/ssh/sshd_config'}, u'start':
u'2014-09-14 16:07:04.433035'} |' /etc/ssh/sshd_config", "delta":
"0:00:00.005010", "end": "2014-09-14 16:07:04.567878", "item":
{"changed": true, "cmd": "grep -i -c testuser /etc/ssh/sshd_config",
"delta": "0:00:00.004115", "end": "2014-09-14 16:07:04.437150",
"invocation": {"module_args": "grep -i -c testuser
"0"}, "rc": 1, "start": "2014-09-14 16:07:04.562868"}
stderr: sed: -e expression #1, char 60: unterminated `s' command
FATAL: all hosts have already failed -- aborting
Thanks,
Patrick
> send an email to ansible-project+unsubscribe@__googlegroups.com
> <mailto:ansible-project%2Bunsu...@googlegroups.com>.
> <mailto:ansible...@googlegroups.com>.
> <https://groups.google.com/d/msgid/ansible-project/5414C302.8030703%40puzzled.xs4all.nl>.
> For more options, visit https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
> <mailto:ansible-proje...@googlegroups.com>.
> To post to this group, send email to ansible...@googlegroups.com
> <mailto:ansible...@googlegroups.com>.
> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyjuP0Nr5vy2%2B7iZ0EdYsYJ1rGR1g2xHES9nZaXNUCDMw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Thank you for your feedback.
On 14-09-14 15:38, Michael DeHaan wrote:
> The stdout in one case is "0" and another is "1" so this seems to be
> working as designed.
>
> As such, I think this would be the way your system is setup (aka it
> works correctly) or your grep needs modification.
>
> Ansible *appears* to be doing what you want.
not pass in the *name* from the 'allowuser' list as item in the sed
command but instead throws in *all* the 'results' text:
"cmd": "sed -i 's|^AllowUsers |AllowUsers {u'changed': True, ...
Obviously that will make sed fail. So what do I need to change to make
it use just the name from the 'allowuser' list?
Full error:
TASK: [builder | builder | Add user to AllowUsers]
****************************
failed: [test.nl] => (item={u'stdout': u'0', u'changed': True, u'end':
u'2014-09-14 16:07:04.437150', 'item': u'testuser', u'cmd': u'grep -i -c
testuser /etc/ssh/sshd_config', u'rc': 1, u'start': u'2014-09-14
16:07:04.433035', u'stderr': u'', u'delta': u'0:00:00.004115',
'invocation': {'module_name': u'shell', 'module_args': u'grep -i -c
testuser /etc/ssh/sshd_config'}}) => {"changed": true, "cmd": "sed -i
's|^AllowUsers |AllowUsers {u'changed': True, u'end': u'2014-09-14
16:07:04.437150', u'stdout': u'0', u'cmd': u'grep -i -c testuser
/etc/ssh/sshd_config', 'item': u'testuser', u'delta': u'0:00:00.004115',
u'stderr': u'', u'rc': 1, 'invocation': {'module_name': u'shell',
'module_args': u'grep -i -c testuser /etc/ssh/sshd_config'}, u'start':
u'2014-09-14 16:07:04.433035'} |' /etc/ssh/sshd_config", "delta":
"0:00:00.005010", "end": "2014-09-14 16:07:04.567878", "item":
{"changed": true, "cmd": "grep -i -c testuser /etc/ssh/sshd_config",
"delta": "0:00:00.004115", "end": "2014-09-14 16:07:04.437150",
"invocation": {"module_args": "grep -i -c testuser
/etc/ssh/sshd_config", "module_name": "shell"}, "item": "testuser",
"rc": 1, "start": "2014-09-14 16:07:04.433035", "stderr": "", "stdout":
"0"}, "rc": 1, "start": "2014-09-14 16:07:04.562868"}
stderr: sed: -e expression #1, char 60: unterminated `s' command
FATAL: all hosts have already failed -- aborting
Thanks,
Patrick
> <mailto:ansible-project%2Bunsu...@googlegroups.com>.
> To post to this group, send email to
> ansible-project@googlegroups.__com
> <mailto:ansible...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/__msgid/ansible-project/__5414C302.8030703%40puzzled.__xs4all.nl
> <https://groups.google.com/d/msgid/ansible-project/5414C302.8030703%40puzzled.xs4all.nl>.
> For more options, visit https://groups.google.com/d/__optout
> <https://groups.google.com/d/optout>.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-proje...@googlegroups.com
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> <mailto:ansible-proje...@googlegroups.com>.
> To post to this group, send email to ansible...@googlegroups.com
> <mailto:ansible...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyjuP0Nr5vy2%2B7iZ0EdYsYJ1rGR1g2xHES9nZaXNUCDMw%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyjuP0Nr5vy2%2B7iZ0EdYsYJ1rGR1g2xHES9nZaXNUCDMw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Michael DeHaan
Sep 14, 2014, 12:58:29 PM9/14/14
to ansible...@googlegroups.com
Yeah you will have to do "item.something" to not get the full hash result, like item.rc or item.stdout or item.cmd, as appropriate...
<mailto:ansible-project@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/__msgid/ansible-project/__5414C302.8030703%40puzzled.__xs4all.nl
<https://groups.google.com/d/msgid/ansible-project/5414C302.8030703%40puzzled.xs4all.nl>.
For more options, visit https://groups.google.com/d/__optout
<https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to ansible-project+unsubscribe@googlegroups.com
<mailto:ansible-project+unsub...@googlegroups.com>.
To post to this group, send email to ansible-project@googlegroups.com
<mailto:ansible-project@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyjuP0Nr5vy2%2B7iZ0EdYsYJ1rGR1g2xHES9nZaXNUCDMw%40mail.gmail.com
<https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyjuP0Nr5vy2%2B7iZ0EdYsYJ1rGR1g2xHES9nZaXNUCDMw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5415A66B.20305%40puzzled.xs4all.nl.
Patrick Ansible-ML
Sep 14, 2014, 5:39:23 PM9/14/14
to ansible...@googlegroups.com
On 14-09-14 18:58, Michael DeHaan wrote:
> Yeah you will have to do "item.something" to not get the full hash
> result, like item.rc or item.stdout or item.cmd, as appropriate...
Thanks Michael. That put me on the right track. Here's what gave the
> Yeah you will have to do "item.something" to not get the full hash
> result, like item.rc or item.stdout or item.cmd, as appropriate...
expected results:
- name: builder | Add user to AllowUsers
shell: "sed -i 's|^AllowUsers |AllowUsers {{ item.item }} |'
/etc/ssh/sshd_config"
with_items: check_allowusers.results
when: item.stdout == "0"
notify: restart sshd
with_items: check_allowusers.results
when: item.stdout == "0"
Cheers,
Patrick
Patrick Ansible-ML
Sep 15, 2014, 9:56:32 AM9/15/14
to ansible...@googlegroups.com
Hi,
I'm trying to do two simple things:
- check if a user is present in sshd_config AllowUsers
- if not, add the user to the AllowUsers line
Sounds simple enough yet my Ansible foo is still lacking severly. The
problem is that the last task is always skipped.
vars:
allowusers:
- testuser
- patrick
tasks:
- name: Check if build user is in ssh AllowUsers
shell: grep -i -m1 -c {{ item }} /etc/ssh/sshd_config
with_items: allowusers
ignore_errors: True
register: check_allowusers
- debug: var=check_allowusers
- name: Add user to AllowUsers
I'm trying to do two simple things:
- check if a user is present in sshd_config AllowUsers
- if not, add the user to the AllowUsers line
Sounds simple enough yet my Ansible foo is still lacking severly. The
problem is that the last task is always skipped.
vars:
allowusers:
- testuser
- patrick
tasks:
- name: Check if build user is in ssh AllowUsers
shell: grep -i -m1 -c {{ item }} /etc/ssh/sshd_config
with_items: allowusers
ignore_errors: True
register: check_allowusers
- debug: var=check_allowusers
shell: "sed -i 's|^AllowUsers |AllowUsers {{ item }} |'
/etc/ssh/sshd_config"
with_items: check_allowusers.results
when: item.stdout == 0
with_items: check_allowusers.results
when: item.stdout == 0
Dick Davies
Sep 16, 2014, 5:37:56 AM9/16/14
to ansible list
use lineinfile
On 13 September 2014 23:12, Patrick Ansible-ML
> To post to this group, send email to ansible...@googlegroups.com.
On 13 September 2014 23:12, Patrick Ansible-ML
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/5414C151.5030606%40puzzled.xs4all.nl.
Patrick Ansible-ML
Sep 16, 2014, 1:32:45 PM9/16/14
to ansible...@googlegroups.com
On 16-09-14 11:37, Dick Davies wrote:
> use lineinfile
Thanks Dick. I've solved my original problem once I learned that you can
do all sorts of cool things with 'item' in 'when'. But I have used
lineinfile for another task and it works great.
Cheers,
Patrick
> use lineinfile
Thanks Dick. I've solved my original problem once I learned that you can
do all sorts of cool things with 'item' in 'when'. But I have used
lineinfile for another task and it works great.
Cheers,
Patrick
Reply all
Reply to author
Forward
0 new messages