0

I'm currently building a playbook to test if some conf files are existing and then check the contents. Files are the following

  • /etc/resolv.conf - then check if nameservers are well configured
  • /etc/systemd/timesyncd.conf - check if something has been configured
  • /etc/ntp.conf - also check if something has been configured

.yml code is the following, as you can see the task is the same for every checks, just reconfigured filepath and the regex part if needed.

  tasks:
    # RESOLV.CONF
    - name: Check if resolv.conf exist
      stat:
        path: /etc/resolv.conf
      register: resolv_conf

    - name: Retrieve nameservers
      debug:
        msg: "{{ contents }}"
      vars:
        contents: "{{ lookup('file', '/etc/resolv.conf') | regex_findall('\\s*nameserver\\s*(.*)') }}"
      when: resolv_conf.stat.exists == True

    # NTP.CONF
    - name: check if ntp.conf exists
      stat:
        path: /etc/ntp.conf
      register: ntp_conf

    - name: retrieve ntp conf server content
      debug:
        msg: "{{ contents }}"
      vars:
        contents: "{{ lookup('file', '/etc/ntp.conf') | regex_search('^server.*') }}"
      when: ntp_conf.stat.exists == True

    # TIMESYNC.CONF
    - name: check if timesyncd
      stat:
        path: /etc/systemd/timesyncd.conf 
      register: timesyncd_conf 

    - name: Affiche le contenu de timesyncd.conf s'il est configure
      debug:
        msg: "{{ contents }}"
      vars:
        contents: "{{ lookup('file', '/etc/systemd/timesyncd.conf') | regex_search('^NTP=.*') }}"
      when: timesyncd_conf.stat.exists == True

The tasks are running well except the one about NTP.CONF check that fails with the following :

vendredi 07 octobre 2022  08:28:07 +0200 (0:00:00.509)       0:00:05.115 ******
[WARNING]: Unable to find '/etc/ntp.conf' in expected paths (use -vvvvv to see paths)
fatal: [my_server]: FAILED! => {"msg": "An unhandled exception occurred while templating '{{ lookup('file', '/etc/ntp.conf') | regex_search('^server.*') }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /etc/ntp.conf. could not locate file in lookup: /etc/ntp.conf"}

I don't understand why it fails as i use the same function, users, and file got the same rights are some others within /etc/. Moreover, i quickly tried to do the same with "cat" and it works :

 - name: check ntp.conf content  
      command: "cat /etc/ntp.conf"
      register: ntp_conf_contenu
    - debug:
        msg:
        - " {{ ntp_conf_contenu  | regex_findall ('server') }}"

Do you have any idea why it fails ?

Thanks a lot !

Paul Gear
  • 4,367
  • 19
  • 38
motorbass
  • 303
  • 2
  • 12

1 Answers1

1

Lookups are not executed on the remote host, they are executed locally.

From the documentation:

Like all templating, lookups execute and are evaluated on the Ansible control machine.

So you check if the file exists on the remote machine and then you read it from your local machine where the playbook is executed.

To read a file from the remote machine you can use the slurp module.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
  • Crap ! How i could avoid to read this information... i'm giving a try to slurp in that case. i'll keep you updated within minutes. – motorbass Oct 07 '22 at 07:48
  • 1
    You might also rethink if you need these tasks at all. The way ansible works you should just describe what the config files should contain (template, lineinfile modules). Ansible will then check by itself if the files need changing. There is no need to do the checks yourself. – Gerald Schneider Oct 07 '22 at 07:53
  • That's true. I think you mean replace my actual task by using jinja2 template file to check content/replace content ? – motorbass Oct 07 '22 at 08:16
  • Exactly. If you do tests yourself if a file needs change, and then start a new task that modifies the file, the first thing Ansible is going to do is to check again if the file needs changing. – Gerald Schneider Oct 07 '22 at 08:19
  • You right. Thanks a lot for your advices Gerard. I'll have a look to re-create my playbook in that way. (as i'm a beginner in Ansible i still keep a "scripting way of thinking" as you can see like : test this, if ... then ... – motorbass Oct 07 '22 at 08:27
  • by the way, i didn't mentionned it but in my case, the fact of retrieving file content was 1st for an inventory goal (to retrieve data, and then format it in a csv) that's why i went for looking into every file :) – motorbass Oct 07 '22 at 13:40