check the patch version

[alexis calvayrac]

Hello, I currently have a playbook that retrieves information from a Cisco machine in a text file. Then I run a scipt bash run by ansible to check the patch version.

The problem is that this way of doing things does not respect idempotence.

Do you know a module to check that a line exists within the file or even a variable and which returns an "OK" if the line exists ?

Thank you in advance

[Brad Van Orden]

Could you give some more details and possibly your ansible code and output?  What type of Cisco device?  Switch, firewall, etc?

[alexis calvayrac]

[Playbook]

---

- hosts: all
  connection: local
  gather_facts: no
 
  tasks:

    - name: Take infos
      ios_command :
        host: "{{ ansible_host}}"
        username: xxxxx
        password: xxxxxx
        timeout: xxxx
        commands: 
          - show version
          - exit
      register: result
 
    - name: get output
      copy:
        content: "{{ result.stdout_lines[0] | join('\n') }}"

        dest: "resultat/{{ ansible_host }}.txt"

   - name: check version

     shell: ./verif.sh

[output]

Cisco Identity Services Engine Patch
---------------------------------------------
Version      : xxxx
Install Date : xxxxxxxxx

Cisco Identity Services Engine Patch
---------------------------------------------
Version      : xxxxxxxx
Install Date : xxxxxxx

verif.sh:

grep 'Version      : x' resultat/$1.txt

if [ "$?" = "0" ]
then
        echo "$1 --> OK" >> resultat/resultat.txt
else
        echo "$1 --> KO" >> resultat/resultat.txt
fi

Actually I just want to check that the line Version 5 for example exists in my.txt file without going through a script. And by the way it's a CISCO ISE

[Brad Van Orden]

What is in reply?  Instead of putting in a file and then running your script against that, you might be able to directly get the value from the registered variable.  Put a debug module after ios_command and print out result.

On Friday, October 12, 2018 at 9:12:44 AM UTC-4, alexis calvayrac wrote:

[alexis calvayrac]

Yes, I can actually do as you say and not go through a text file. The purpose of this playbook is to do nothing if the right version is installed and otherwise install the right one. 

Something like.

If {{ result }} != "Version 5" 

then 

install Version 5

fi 

But I don't know how to isolate and test the string "Version: x" directly in Ansible

[Brad Van Orden]

Right.  Which is why I suggested printing it out with a debug statement.  You should then be able to determine the best way to split/join to isolate your output and then use a subsequent when statement to decide if to proceed with the desired update.  Make sense?

[alexis calvayrac]

Yeah, I see. I didn't think of that. I'll try tomorrow. I'll keep you informed. Thank you very much for your time.

"Qui facit per alium facit per se."

[alexis calvayrac]

Ok I got it but do you know how to do the reverse for  wrong version ? I've to remplace "in" by somothing like "is not" or something like that.

      debug:

        msg="OK"
      when: "'Version      : 7' in output.stdout_lines[0] | join('\n')"

[Kai Stian Olstad]

On 17.10.2018 10:07, alexis calvayrac wrote:
> Ok I got it but do you know how to do the reverse for wrong version ?
> I've
> to remplace "in" by somothing like "is not" or something like that.

not in

--
Kai Stian Olstad

[alexis calvayrac]

Okay, I feel stupid. Thx all of you.

[Brad Van Orden]

Is it working then?

[alexis calvayrac]

Yes, it works. I think I can optimize it, especially in terms of testing. But he does what I want. Thank you very much.