Is there an easy way to enforce that when a playbook is run that the ansible running it is the correct version?
Ansible is extremely powerful, so I understand the solution can be achieved by creating a local playbook that is the first play of a super playbook. This is the solution I will work up but is there a better way to do this?
-Aaron
Here is the playbook for anyone intrested:
hosts: localhost
tasks:
name: ansible_check
shell: ansible --version| cut -d ’ ’ -f2
register: ansible_version
fail: msg=“Ansible 1.3 not detected”
when: ansible_version.stdout.find(“1.3”) == -1
Nope, it’s been a requested feature though.
I’d be happy to see a pull request for it!
Many people will want this to be a role though, so I’m wondering if it should just be an action plugin that ignores the host loop (similar to pause) and then raises a failure.
Etc?
I've used similar checks before. One trap with this approach is that if
you use --limit on the command line, and don't include localhost in the
host list, the check will be skipped.
Have not been able to find a way around that problem yet.
K
Kahlil (Kal) Hodgson GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd (w) +61 (0) 3 9008 5281
Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia
"All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore,
if you can't get them together again, there must be a reason. By all
means, do not use a hammer." -- IBM maintenance manual, 1925
You probably can get away with
Neat trick!
Hey Michael,
Thanks for the quick response. I have not yet developed plugins for ansible yet. I will need to explore this more but if I put something together, I will pass it on.
-A
Seems I spoke to soon about that trick. If I run the following playbook:
- hosts: all[0]
tasks:
- local_action: command /bin/true
- hosts: demo
tasks:
- command: /bin/true
I get:
<rizo:app> ansible-playbook stub.yml
PLAY [all[0]]
Nah, that doesn't work:
$ ansible all -m ping -o
amqp-oe-1 | success >> {"changed": false, "ping": "pong"}
amqp-oe-2 | success >> {"changed": false, "ping": "pong"}
^C32
ERROR: interrupted
$ ansible all[0] -m ping -o
amqp-oe-1 | success >> {"changed": false, "ping": "pong"}
$ ansible all[0] -m ping -o --limit productie
No hosts matched
(BTW Being able to run a task on some fixed (possibly delegated) host that
is not impacted by --limit would be a welcome feature btw
I have a use case where I want to clear the arp cache on one firewall when
I re-provision a couple of vm's, where the playbook run is allways
--limit'ed)
I think both these examples show that the subset filtering of the inventory occurs before the patterns (such as ‘all’) or groups are matched. I do not know where in the ansible project this occurs, so I cannot not be more help for making a change of that magnitude.
It is a rather small fix to hard code the localhost in during the limit command.
Here is where the changes would need to occur:
However, the better change would be to fix all to reference an unfiltered list or to even maybe add a new pattern.
-A
“Nah, that doesn’t work:”
Please file a ticket on github. This should.
Might be something special with the all group. Unclear.
“However, the better change would be to fix all to reference an unfiltered list or to even maybe add a new pattern.”
I don’t understand what this means exactly.
All being said, this is a development conversation that should now occur on ansible-devel, since we’re talking about code.
"Nah, that doesn't work:"
Please file a ticket on github. This should.
Sorry, I've known for a long time this didn't work and never assumed this
was a bug.
Might be something special with the all group. Unclear.
Seems not:
$ ansible nexus[0] -m ping -o
nexus-on-1 | success >> {"changed": false, "ping": "pong"}
$ ansible nexus[0] -m ping -o --limit productie
No hosts matched
Ticket filed: https://github.com/ansible/ansible/issues/4335
Serge
Hey Michael,
I was saying it appears the “subset” function which limits the inventory is occurring earlier in the execution than the building of the list stored in the pattern “all”. I do not know if this is the intent (it sounds like maybe no) but if it was, you could add a new pattern called “unfiltered”. This would allow access of the inventory hosts both in a filtered and unfiltered way such that all[0] gets the first host of a filtered/limited inventory and unfiltered[0] gets the first host of the inventory file without limiting or as it appears in the file (no matter if limiting is on or off).
I do not use “limit” and so my questions have been answered. However, I am happy to join a discussion in ansible-devel to help with the changes here. Sense I do not need the change, I will not be opening that discussion.
-A
I don’t want to add a new pattern, we will make this “just work”.