conditional in template?
385 views
Skip to first unread message
J
Apr 2, 2015, 6:33:06 PM4/2/15
to ansible...@googlegroups.com
All,
I'm attempting to use a conditional in a template, without success. Specifically I'm trying to add an iptable rule that allows traffic sourced from eth1 on all hosts:
Below is the relevant portion of the template:
{% if 'eth1' in ansible_interfaces %}
{% if hostvars[host]['ansible_eth1']['ipv4']['address'] is defined %}
-A INPUT -s {{ hostvars[host]['ansible_eth1']['ipv4']['address'] }} -j ACCEPT
{% endif %}
{% endif %}
{% endfor %}
Unfortunately the playbook still errors out:
fatal: [test2] => {'msg': "AnsibleUndefinedVariable: One or more undefined variables: 'dict object' has no attribute 'ipv4'", 'failed': True}
This server does indeed have an eth1 interface but said interface does _not_ have an IP address in this particular case.
This "if x is defined" syntax seems to work fine in a "when:" conditional in the playbook, just not in the template itself.
Any thoughts on what I may be doing wrong and how to rectify this error / problem?
Many thanks!
James Cammarata
Apr 6, 2015, 11:48:47 AM4/6/15
to ansible...@googlegroups.com
Hi. The "is defined" portion is failing because of the 'ipv4' subkey failure. You will have to do something like this:
{% if 'ipv4' in hostvars[host]['ansible_eth1'] and hostvars[host]['ansible_eth1']['ipv4']['address'] is defined %}
{% if 'ipv4' in hostvars[host]['ansible_eth1'] and hostvars[host]['ansible_eth1']['ipv4']['address'] is defined %}
If that's still not working, and ansible_eth1 does have the 'ipv4' entry, then this is most likely a fact-gathering issue, where the targeted host hasn't yet gathered facts. If so, you can make sure facts are gathered about all systems by adding a simple initial play to your playbook:
- hosts: all
gather_facts: yes
Hope that helps!
James Cammarata
Director, Ansible Core Engineering
github: jimi-c
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/82e08499-be63-441c-b3de-d52085a941da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages