Ansible-playbook does not working with dictionary and with_items loop!

Get Help
1

ansible-playbook is not working with dictionary and a with_items loop!), here’s part of the role and dictionary:

global_groups:
  production_ansible:
    gid: 10001
  staging_ansible:
    gid: 20001
  grafana:
    gid: 10501
  prometheus:
    gid: 10502
  zookeeper:
    gid: 10503
  rundeck:
    gid: 10504
  nginx:
    gid: 10505
  gnupgserver:
    gid: 10506
  sequoia:
    gid: 10507

  - name: user management set global groups macOS
    tags:
      - user_mgmt
      - admin_accounts
    group:
      name:     "{{ item }}"
#      gid:      "{{ custom_groups[item].gid if custom_groups[item] is defined else global_groups[item].gid | mandatory }}"
      gid:      "{{ global_groups[item].gid | mandatory }}"
      state:    "{{ global_groups[item].state | default('present') }}"
#      gid:      "{{ item.gid | mandatory }}"
#      state:    "{{ item.state | default('present') }}"
    with_list: global_groups
    when:
      - (global_groups[item].state|default('present')) == 'present'
#      - item not in skip_groups

Here is the output:

TASK [common : include_tasks] ******************************************************************************************************************************************************************************************************************
task path: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/roles/common/tasks/main.yml:32                                                                                                                                  
included: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/roles/common/tasks/add_groups.yml for capsule-v-001-mm038                                                                                                        
                                                                                                                                                                                                                                                
TASK [common : user management set global groups macOS] ****************************************************************************************************************************************************************************************
task path: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/roles/common/tasks/add_groups.yml:20                                                                                                                            
[ERROR]: Task failed: Finalization of task args for 'ansible.builtin.group' failed: Error while resolving value for 'gid': The filter plugin 'ansible.builtin.mandatory' failed: Mandatory variable 'global_groups' not defined.                
                                                                                                                                                                                                                                                
Task failed.                                                                                                                                                                                                                                    
Origin: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/roles/common/tasks/add_groups.yml:20:5                                                                                                                             

18 #      - item not in skip_groups
19
20   - name: user management set global groups macOS
       ^ column 5

<<< caused by >>>

Finalization of task args for 'ansible.builtin.group' failed.
Origin: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/roles/common/tasks/add_groups.yml:24:5

22       - user_mgmt
23       - admin_accounts
24     group:
       ^ column 5

<<< caused by >>>

Error while resolving value for 'gid': The filter plugin 'ansible.builtin.mandatory' failed: Mandatory variable 'global_groups' not defined.
Origin: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/roles/common/tasks/add_groups.yml:27:17

25       name:     "{{ item }}"
26 #      gid:      "{{ custom_groups[item].gid if custom_groups[item] is defined else global_groups[item].gid | mand... 
27       gid:      "{{ global_groups[item].gid | mandatory }}"
                   ^ column 17

failed: [capsule-v-001-mm038] (item=global_groups) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "global_groups",
    "msg": "Task failed: Finalization of task args for 'ansible.builtin.group' failed: Error while resolving value for 'gid': The filter plugin 'ansible.builtin.mandatory' failed: Mandatory variable 'global_groups' not defined."
}

Also, it works if I put it in a dedicated playbook:


---

- name: My First Play
  hosts: all
  tasks:
    - name: debug global_groups
      debug:
        var: global_groups
      tags:
        - test
    - name: debug user management set global groups macOS
      tags:
        - user_mgmt
        - admin_accounts
      debug:
        var: "{{ item }}"
      with_items: global_groups
      when:
        - (global_groups[item].state|default('present')) == 'present'
#        - item not in skip_groups

...
# vim:ft=ansible

Output:

TASK [debug global_groups] *********************************************************************************************************************************************************************************************************************
task path: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/playbooks/debug_global_groups.yml:7                                                                                                                             
ok: [capsule-v-001-mm038] => {                                                                                                                                                                                                                  
    "global_groups": {                                                                                                                                                                                                                          
        "gnupgserver": {                                                                                                                                                                                                                        
            "gid": 10506                                                                                                                                                                                                                        
        },                                                                                                                                                                                                                                      
        "grafana": {                                                                                                                                                                                                                            
            "gid": 10501                                                                                                                                                                                                                        
        },                                                                                                                                                                                                                                      
        "nginx": {                                                                                                                                                                                                                              
            "gid": 10505                                                                                                                                                                                                                        
        },                                                                                                                                                                                                                                      
        "production_ansible": {                                                                                                                                                                                                                 
            "gid": 10001                                                                                                                                                                                                                        
        },                                                                                                                                                                                                                                      
        "prometheus": {                                                                                                                                                                                                                         
            "gid": 10502                                                                                                                                                                                                                        
        },                                                                                                                                                                                                                                      
        "rundeck": {                                                                                                                                                                                                                            
            "gid": 10504                                                                                                                                                                                                                        
        },                                                                                                                                                                                                                                      
        "sequoia": {                                                                                                                                                                                                                            
            "gid": 10507
        },
        "staging_ansible": {
            "gid": 20001
        },
        "zookeeper": {
            "gid": 10503
        }
    }
}
                                                                                                                                                                                                                                                
TASK [debug user management set global groups macOS] *******************************************************************************************************************************************************************************************
task path: /Users/chris/Projects/checkouts/capsule-cloud-ops/MacStadium_ansible/playbooks/debug_global_groups.yml:12
ok: [capsule-v-001-mm038] => (item=global_groups) => {
    "global_groups": {
        "gnupgserver": {
            "gid": 10506
        },
        "grafana": {
            "gid": 10501
        },
        "nginx": {
            "gid": 10505
        },
        "production_ansible": {
            "gid": 10001
        },
        "prometheus": {
            "gid": 10502
        },
        "rundeck": {
            "gid": 10504
        },
        "sequoia": {
            "gid": 10507
        },
        "staging_ansible": {
            "gid": 20001
        },
        "zookeeper": {
            "gid": 10503
        }
    },
    "item": "global_groups"
}
2

It’s a bit of a stretch to say “it works” about the above tasks. First of all,

with_list: global_groups

Doesn’t do anything useful. with_list: expects to be given a list. You’ve given it a string which, by irrelevant coincidence, happens to be the name of a dict.

If you want to iterate over the items in that dict, I recommend using

loop: '{{ global_groups | dict2items  }}'

That will loop over your global_groups dict, making item look like this on respective iterations:

(item={'key': 'production_ansible', 'value': {'gid': 10001}})
(item={'key': 'staging_ansible', 'value': {'gid': 20001}})
(item={'key': 'grafana', 'value': {'gid': 10501}})
(item={'key': 'prometheus', 'value': {'gid': 10502}})
(item={'key': 'zookeeper', 'value': {'gid': 10503}})
(item={'key': 'rundeck', 'value': {'gid': 10504}})
(item={'key': 'nginx', 'value': {'gid': 10505}})
(item={'key': 'gnupgserver', 'value': {'gid': 10506}})
(item={'key': 'sequoia', 'value': {'gid': 10507}})

To get your task to work, you could try something like this:

    - name: User management set global groups macOS
      tags:
        - user_mgmt
        - admin_accounts
      ansible.builtin.group:
        name:  "{{ item.key }}"
        gid:   "{{ item.value.gid | mandatory }}"
        state: "{{ item.value.state | default('present') }}"
      loop: '{{ global_groups | dict2items  }}'
      when:
        - (item.value.state | default('present')) == 'present'

Working your custom_groups and skip_groups back in is left as an exercise for the reader. :slight_smile:
Good luck!

1 Like
3

I tried putting:

loop: '{{ global_groups | dict2items  }}'

I get the same error too!

Why does it work on my playbook but not my role?

Should I remove the files in ~/.ansible/tmp ?

4

It doesn’t work on your playbook. It’s confusing because the result you get is the result you expect, but not for the reasons you think.

Which error is that? Please show a complete input and the actual error so we can help you understand what’s going wrong.

It won’t hurt, but they’ll probably just get re-created / replaced on subsequent runs. If that’s not happening, then there may be a configuration issue, or they may be left over from some error condition. I wouldn’t worry about cleaning up ~/.ansible/tmp until we get the errors with your playbook / tasks worked out.