simple thing that looks difficult: cooking command line for nmap

[txemi Martínez]

I am starting with ansible and sometimes I find things that I would be able to program in python, bash or java but I do not know hot to handle in ansible playbooks.

I want some remote machine to make an nmap on all local networks. This is the command I want:

nmap -T4 -A -F -oX /tmp/${filename} 192.168.20.0/24  192.168.21.0/24

Being  192.168.20.0/24 and 192.168.21.0/24 two networks for eth0 and eth1 interfaces, when I do not know how many interfaces are there at playbook execution time.

This is what I am actually using:

  - command:  nmap -T4 -A -F -oX /tmp/${filename} ${ansible_eth0.ipv4.network}/24

 

but this is not what I want because 24 is hardcoded (no obtained from ansible_eth0.ipv4.mask fact) and eth1 is missing.

This information is already available in facts but I need some processing for building nmap command line and I do not know how to scape to some programming language to do this.

Things I think about:

- Can I pass the facts to an external or inline script that do this for me and then I get de command line?

- Should I make an ansible module for nmap? But can I access facts from within the module? 

- I could also use the script module and upload a bash script to do it but I would like to use facts and other configuration and logic available locally as well as having granular local control of each operation, cooking de command first and executing it then via command module for instance. If I finally have to upload  a complex script for each operation I do not see the point in using ansible architecture instead of using bare paramiko or ssh.

Thanks,

txemi. 

[James Cammarata]

There are a couple of options you could use here. First, you could deploy a custom fact that would give you the CIDR value. Second, you could write a custom jinja2 filter that would accept a netmask (for example, ansible_eth0.ipv4.netmask) and convert that to a CIDR value.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/127d5d4e-70d8-4ae2-81c3-db53021fc5cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Antonio Marin]

You can also create the mentioned script an invoke it as local_action: before your remote nmap task.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFg%2Bn8S-4C5nDWgChxUyafaTMMXFQWWXy-rOVHEyDW2vfw2qzw%40mail.gmail.com.