Develop Reference

Ansible gcp_compute_instance_template: argument network is of type <class 'str'> found in 'properties -> network_interfaces'

I'm currently adding GCP to our ansible system as up until now we've done the lengthy process of creating images, instance templates, groups and deploying them all manually with the CLI suite.
I'm getting stuck on an error with network interfaces trying to create a simple Instance Template using the same parameters we used to do manually.
Error:
"msg": "argument network is of type <class 'str'> found in 'properties -> network_interfaces'. and we were unable to convert to dict: dictionary requested, could not parse JSON or key=value"
We don't have a default network for our GCP instances as we have a very specific setup so omitting the network parameter isn't viable either. When I do I get the error The resource 'projects/<PROJECT_NAME>/global/networks/default' was not found\",. As a test when I put the default network as my parameter I again get the <class 'str'> error.
I'm feel like I'm losing my mind. Here is my playbook (with parts changed for company anonymity):
- hosts: localhost
vars_files:
- ../vault/vault.yml
vars:
current_date: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"
site_code: [ eur ]
nat_zone: [ a ]
project_name: "PROJECT_NAME"
network_name: "STG-NET"
image: "haproxy-master-20210219-01"
- name: Create instance template in staging
google.cloud.gcp_compute_instance_template:
name: "ew2-{{ item[1] }}-ig-stg-{{ item[0] }}-haproxy-tpl-{{ current_date }}-test"
properties:
disks:
- auto_delete: true
boot: true
initialize_params:
source_image: "projects/{{ project_name }}/global/images/{{ image }}"
machine_type: n1-standard-1
network_interfaces:
- network: 'projects/{{ project }}/global/networks/{{ network }}'
access_configs:
- name: access_config
type: ONE_TO_ONE_NAT
project: "{{ project_name }}"
auth_kind: "{{ gcp_auth_kind }}"
service_account_file: "{{ gcp_eur_service_account_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present
with_nested:
- "{{ site_code }}"
- "{{ nat_zone }}"
I've also tried the network param without using variables. I've tried without quotation marks. I've tried without the hyphen which is syntax incorrect and subtly changes the error to complain about a list not being a dict instead.
Any guidance as to what I'm getting wrong here would be greatly appreciated!
Environment details:
ansible-playbook --version
ansible-playbook 2.10.5
config file = /home/USER/ansible_aws/ansible.cfg
configured module search path = ['/home/USER/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.6.8 (default, Nov 16 2020, 16:55:22) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

Disclaimer: I have no experience with GCP and nothing to correctly test this against. Meanwhile I have some experience in reading ansible documentation and testing module usage for correct parameters (at least at pure ansible level...)
As I first did, you probably flew over the documentation and its examples a little to fast ;). Meanwhile the specific parameter description is very clear:
network - dictionary
Hence a str is definitely not what is expected, as explicitely reported by your error message. We get more information in the comment:
[...] This field represents a link to a Network resource in GCP. It can be specified in two ways. First, you can place a dictionary with key selfLink and value of your resource's selfLink Alternatively, you can add register: name-of-resource to a gcp_compute_network task and then set this network field to {{ name-of-resource }}
If you look correctly at the examples, you'll see that they demonstrate the second scenario above (creating/registering a network to use the registered var directly in that parameter).
Taking for granted your own example in your question is using a ressource selfLink (have no clue if your current value looks correct or not...), I guess you should modify your definition as follows (abridged to network interfaces only):
network_interfaces:
- network:
selfLink: 'projects/{{ project }}/global/networks/{{ network }}'
access_configs:
- name: access_config
type: ONE_TO_ONE_NAT

I wanted to deploy multiple VMs from ansible, from values given by the enduser

I wanted to deploy multiple VMS from my ansible-playbook, so I used split function and I am getting the error of dict does not have user_inout error. Please have a look at my code.
Code:
- name: os system
pause:
prompt: |
Which os do you want to use?
1- Windows Server
2- CentOS_7
3- CentOs_8
4- Ubuntu
5- Others
register: os_system
- set_fact:
o_name: "{{ os_system.user_input.split(',') }}"
- name: Domain Decision
pause:
prompt: Do you want your PC in Domain
register: decision
when: 'item|string == "1"'
with_items:
- "{{ o_name }}"
- set_fact:
dec: "{{ decision.user_input.split(',') }}"
Now my real issue, if the user chooses option 1,2 then it will be split by set_fact for os_system and according to that input it will decide for the domain decision my main issue is that while the task is at set_fact for the decision, it will give me the error like this:
Error:
fatal: [x.x.x.x]: FAILED! => {
"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'user_input'\n\nThe error appears to be in '/home/x.x.x.x/sites/playbook.yml': line 82, column 6, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - set_fact:\n ^ here\n"
}
IF I remove the loop from task domain decision, then set_fact works very perfectly.

When you want to collect user input, it can be in two ways:
Interactive (prompted), using vars_prompt.
Through variables (non-prompted). For example, you could have users create a file with variables and load with vars_file.
I would prefer the second approach if possible.
However, to get user input interactively through prompts:
- hosts: my_hosts
vars_prompt:
- name: os_system
prompt: |
Which os do you want to use?
1- Windows Server
2- CentOS_7
3- CentOs_8
4- Ubuntu
5- Others
private: no
tasks:
- set_fact:
o_name: "{{ os_system.split(',') }}"
You should note that by splitting the input of 1,2 - you will not get OS name. You will again have to set a fact based on the number (1 = Windows Server). IMHO this is unnecessary complication.
A much better option would be to have users create a variables file like below:
my_vars.yml:
os_choices:
- { name: Windows Server, domain: yes }
- { name: CentOS_7, domain: no }
And load it in play using:
- hosts: my_hosts
vars_file:
- my_vars.yml

How to execute ansible-playbook with Azure Dynamic Inventories along with keyed groups conditional

I am trying to use azure_rm plugin in ansible to generate dynamic hosts on Azure platform. With keyed group conditional, I am able to successfully make it work with an ansible ad-hoc command. However, it does not work when I try to pass the same with "ansible-playbook". Can anyone please help how could I run an ansible-playbook the same way ?
Below is my dynamic inventory generation file:
---
plugin: azure_rm
auth_source: msi
keyed_groups:
- prefix: tag
key: tags
When I use the file to ping the target VM, below is a success response.
Command used:
ansible -m ping tag_my_devops_ansible_slave -i dynamic_inventory_azure_rm.yml
Response:
devops-eastus2-dev-ansibleslave-vm_2f44 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
However, when I use the same with ansible-playbook, I get the below error.
Command used:
ansible-playbook tag_cdo_devops_ansible_slave -i dynamic_inventory_azure_rm.yml test-playbook.yml
Error:
ansible-playbook: error: unrecognized arguments: test-playbook.yml
Can anyone please help on how to execute an ansible-playbook for the above use case ?

The ansible-playbook command does not accept a list of targets on the command line, rather the playbook file has hosts: as a top-level key indicating the hosts to which the playbook will apply.
So, if the playbook is always going to be used with that tag, you can just indicate that in the playbook:
- hosts: tag_cdo_devops_ansible_slave
tasks:
- debug: var=ansible_host
It also appears that hosts: does honor jinja2 templating, so you can achieve what you're trying to do via:
- hosts: '{{ azure_playbook_hosts }}'
tasks:
- debug: var=ansible_host
and then ansible-playbook -e azure_playbook_hosts=tag_cdo_devops_ansible_slave -i dynamic_inventory_azure_rm.yml test-playbook.yml
Or you can create a dedicated inventory file that only returns hosts matching your desired tag, and then use -i for that inventory along with hosts: all in the playbook file.

Ansible Lookup with azure_keyvault_secret Invalid Credentails

I'm attempting to retrieve a secret stored in Azure Key Vault with Ansible. I found and installed the azure.azure_preview_modules using ansible-galaxy. I've also updated the ansible.cfg to point to the lookup_plugins directory from the role. When Running the following playbook I get the error:
- hosts: localhost
connection: local
roles:
- { role: azure.azure_preview_modules }
tasks:
- name: Look up secret when ansible host is general VM
vars:
url: 'https://myVault.vault.azure.net/'
secretname: 'SecretPassword'
client_id: 'ServicePrincipalIDHere'
secret: 'ServicePrinipcalPassHere'
tenant: 'TenantIDHere'
debug: msg="the value of this secret is {{lookup('azure_keyvault_secret',secretname,vault_url=url, cliend_id=client_id, secret=secret, tenant_id=tenant)}}"
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'azure_keyvault_secret'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Invalid credentials provided."}
Using the same information I can connect to Azure using AZ PowerShell and AZCLI and retrieve the Azure Key Vault secrets at the commandline. However, those same credentails do not work within this task for the playbook using the lookup plug-in.

I had a similar error when using python sdk (which ansible is built on top of). try changing url to this:
url: 'https://myVault.vault.azure.net' # so remove the trailing slash
the error text is 101% misleading

After much toil I figured out the issue! The argument client_id is misspelled in the example and I didn't catch it which resulted in the error. cliend_id=client_id,
https://github.com/Azure/azure_preview_modules/blob/master/lookup_plugins/azure_keyvault_secret.py#L49
Corrected example below.
- name: Look up secret when ansible host is general VM
vars:
url: 'https://valueName.vault.azure.net'
secretname: 'secretName/version'
client_id: 'ServicePrincipalID'
secret: 'P#ssw0rd'
tenant: 'tenantID'
debug: msg="the value of this secret is {{lookup('azure_keyvault_secret',secretname,vault_url=url, client_id=client_id, secret=secret, tenant_id=tenant)}}"

Azure Module in Ansible

I am trying to create a resource group in Azure using Ansible. However i am getting following error:
ERROR! no action detected in task
The error appears to have been in '/home/alam/azure/rg.yml': line 6, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
- azure_rm_resourcegroup:
^ here
Here is my yml playbook:
- name: Test the inventory script
hosts: azure
connection: local
gather_facts: no
tasks:
- name: "Create a resource group"
azure_rm_resourcegroup:
location: westus
name: Testing
state: present
tags:
delete: never
testing: testing
Command:
ansible-playbook -i ./ansible/contrib/inventory/azure_rm.py rg.yml

Upgrade Ansible to at least version 2.1 (better yet to the latest one). The docs are clear on that requirement:
azure_rm_resourcegroup - Manage Azure resource groups.
New in version 2.1.
If you use an older version, the module name will not be recognised and Ansible will throw an error: "no action detected in task."

Upgrading to 2.2 has resolved the issue. However to create the resources "hosts" should not be "Azure". Change it to "localhost"