Develop Reference

Ansible jinja dictionary create multiple sudo files for each user

I'm trying to create a sudo file for each user.
Playbook:
- name:
hosts: all
gather_facts: false
tasks:
- name:
template:
src: sudo.j2
dest: "/etc/sudoers.d/{{item.name}}"
loop: "{{userinfo}}"
when: "'admins' in item.groupname"
Var file:
userinfo:
- groupname: admins
name: bill
- groupname: admins
name: bob
- groupname: devs
name: bea
Jinja file:
{% for item in userinfo %}
{% if item.groupname=="admins" %}
{{item.name}} ALL=ALL NOPASSWD:ALL
{% endif %}
{% endfor %}
What I am getting is two files but with information of both users.
bill ALL=ALL NOPASSWD:ALL
bob ALL=ALL NOPASSWD:ALL
How do I make it work such that each file contains information of that user only

The issue is that you have 2 loops: one in the playbook, the other in the template jinja file; try leaving the template file with the templated information only
{{ item.name }} ALL=ALL NOPASSWD:ALL

If condition does not work in state triggered by reactor

I am using an if condition utilizing grain item within a state which triggered by reactor.
and I got an error message Jinja variable 'dict object' has no attribute 'environment'
=================================================
REACTOR config:
cat /etc/salt/master.d/reactor.conf
reactor:
- 'my/custom/event':
- salt://reactor/test.sls
==============================
test.sls
cat /srv/salt/reactor/test.sls
sync_grains:
local.saltutil.sync_grains:
- tgt: {{ data['id'] }}
{% if grains['environment'] in ["prod", "dev", "migr"] %}
test_if_this_works:
local.state.apply:
- tgt: {{ data['id'] }}
- arg:
- dummy_state
{% endif %}
===================================
dummy_state/init.sls
cat /srv/salt/dummy_state/init.sls
create_a_directory:
file.directory:
- name: /tmp/my_test_dir
- user: root
- group: root
- makedirs: True
=================================================
salt 'salt-redhat-23.test.local' grains.item environment
salt-redhat-23.test.local:
----------
environment:
prod
=================================================
salt-redhat-23 ~]# cat /etc/salt/grains
role: MyServer
environment: prod
================================================
If I change the test.sls and use instead of custom grain a grain which salt-master is taking by default then it will works. Also it will work without the if condition in the state.
Do you know why this is happening?
Thank you all in advance.

Issue resolved.
You cannot use custom grains with Reactor directly, you need to call another state to be able to add condition there.
for instance:
cat /etc/salt/master.d/reactor.conf
reactor:
- 'my/custom/event':
- salt://reactor/test.sls
test.sls
# run a state using reactor
test_if_this_works:
local.state.apply:
- tgt: {{ data['id'] }}
- arg:
- reactor.execute
execute.sls
{% set tst = grains['environment'] %}
{% if tst in ['prod', 'dev', 'test', 'migr'] %}
create_a_directory:
file.directory:
- name: /tmp/my_test_dir
- user: root
- group: root
- makedirs: True
{% endif %}
this will work with the if condition, if you try to add the if statement on the test.sls it will not work.

Ansible templates with undefined variables

I have a file with variables that I use in my playbook:
net_interfaces:
...
- name: "eth0"
ip: "192.168.1.100"
mask: "255.255.255.0"
gateway: "192.168.1.1"
...
and I want to deploy some configs with this variables, for example ifcfg-eth0:
DEVICE={{ item.name }}
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR={{ item.ip }}
NETMASK={{ item.netmask }}
GATEWAY={{ item.gateway }}
but sometimes there is no gateway variable for item and in this case I want to remove string
GATEWAY={{ item.gateway }}
from this config file on the target machine. How can I achieve this without creating another task for a certain hosts?

Add condition:
{% if item.gateway is defined %}
GATEWAY={{ item.gateway }}
{% endif %}

Another (and better) way is to use 'default' filter because in this case we can check if some variable was defined and set it's default value if it wasn't. Example:
{{ my_string_value | default("awesome") }}

How to set default user for mounted folder?

When I put in top.sls this:
/var/www:
file.directory:
- user: {{ pillar['user'] }}
- group: www-data
- mode: 755
- makedirs: True
It creates "/var/www" dir with permissions which are defined and that is ok.
So basically chown is: user:www-data
But when I try to mount that folder to my Mac then problem show up.
owner and group are-> 501:dialout
Here is code which I use:
/var/www:
{% if pillar['sshfs_www'] %}
file.directory:
- mode: 755
- follow_symlinks: False
- group: www-data
- makedirs: True
mount:
- user: {{ pillar['user'] }}
- mounted
- device: sshfs#{{ pillar['sshfs_www'] }}
- fstype: fuse
- opts: nonempty,allow_other,auto
{% else %}
file.directory:
- mode: 755
- group: www-data
- makedirs: True
{% endif %}
Not only that user and group are not set as I set, I get error: Failed to change user to myuser
How can I mount with my user and group?
Thank you

I hope this will help other users to solve their problem with permissions when mounting with salt:
So here how I solved that.
First I manually setup id for user and group:
{{ pillar['user'] }}:
user.present:
- shell: /bin/bash
- home: /home/{{ pillar['user'] }}
- require_in:
- uid: 4000
- gid: 4000
- file: /home/{{ pillar['user'] }}/.ssh/id_rsa
- file: /home/{{ pillar['user'] }}/.ssh/authorized_keys
www-data:
group.present:
- gid: 4000
- system: True
- members:
- {{ pillar['user'] }}
After that in part where is mount, I defined uid and gid with this part: uid=4000,gid=4000
/var/www:
{% if pillar['sshfs_www'] %}
mount:
- user: {{ pillar['user'] }}
- mounted
- device: sshfs#{{ pillar['sshfs_www'] }}
- fstype: fuse
- opts: nonempty,allow_other,auto,uid=4000,gid=4000
{% else %}
file.directory:
- mode: 755
- group: www-data
- makedirs: True
{% endif %}

Citing Sven from a serverfail answer:
You can't. That's a limitation of SSHFS/Fuse: Everything is mapped to the permission of the user you use to connect with SSH by default.
However, it appears you can work around this a bit with idmap files, see the options -o idmap, -o uidfile, -o gidfile and -o nomap in the man page.

how do i create a zfs filesystem/zpool using ansible using zfs-linux

I want the equivalent of the following to be generated using the zfs module in ansible, the following works using the command line, but fails on second run as the filesystem already exists.
{{ part_postgres }} is set to /dev/sdb in this instance.
zpool create -O compression=gzip postgres {{ part_postgres }} -O secondarycache=all
Currently in ansible I have:
- name: Create postgres zpool
zfs: name=postgres{{ part_postgres }}
compression=gzip
state=present
secondarycache=all
mountpoint=/postgres
atime=off

Ok - the zfs module won't do it, would need to write a new model for zpool. That said, its easy enough to check for zpool existing using the 'creates' annotation for the command module in ansible:
- name: Create postgres zpool
command: zpool create -O compression=gzip postgres /dev/sdb -o ashift=12 -O secondarycache=all
creates=/postgres
This will check if /postgres exists, and only run the command if it doesn't.

Here is another example:
- hosts: all
vars:
zfs_pool_name: data
zfs_pool_mountpoint: /mnt/data
zfs_pool_mode: mirror
zfs_pool_devices:
- sda
- sdb
zfs_pool_state: present
zfs_pool_options:
- "ashift=12"
tasks:
- name: check ZFS pool existance
command: zpool list -Ho name {{ zfs_pool_name }}
register: result_pool_list
ignore_errors: yes
changed_when: false
- name: create ZFS pool
command: >-
zpool create
{{ '-o' if zfs_pool_options else '' }} {{ zfs_pool_options | join(' -o ') }}
{{ '-m ' + zfs_pool_mountpoint if zfs_pool_mountpoint else '' }}
{{ zfs_pool_name }}
{{ zfs_pool_mode if zfs_pool_mode else '' }}
{{ zfs_pool_devices | join(' ') }}
when:
- zfs_pool_state | default('present') == 'present'
- result_pool_list.rc == 1
- name: destroy ZFS pool
command: zpool destroy {{ zfs_pool_name }}
when:
- zfs_pool_state | default('present') == 'absent'
- result_pool_list.rc == 0