Conditionally using a task parameter if a variable is/is not defined.

Hi,

I am running the ec2 module to provision an instance, with variables defined in a vars file, and the action in a role playbook:

- name: instance provisioning
  local_action:
    module: ec2
    region: "{{ region }}"
    key_name: "{{ key }}"
    id: "{{ idempotency_token }}"
    ...truncated...

For the ec2 module, id is an optional client token that if defined makes that operation idempotent.

If the id parameter is present in the action, it expects there to be a value for it.

I would like to have it that if idempotency_token is not defined or declared it does not pass in the id as parameter in the playbook.

I tried using null as a default but Amazon sees this as a valid token.

Is there a way to combine passing in an attribute conditionally, e.g. something like:

- name: instance provisioning
  local_action:
    module: ec2
    region: "{{ region }}"
    key_name: "{{ key }}"
    parameter:
      name: id
      value: "{{ idempotency_token }}"
      when: idempotency_token is defined

Thanks everyone.

Steve

Not super pretty, but something like this should work:

  • local_action: ec2 region=“{{ region }}” key_name=“{{ key }}” {{ ‘id="’ + idempotency_token + ‘"’ if idempotency_token is defined else ‘’ }}

The idea is that all YAML values are run through Jinja and you can use the key-value syntax for a task, with a string that contains only the key-value pairs you want.

That might anger the playbook gods :slight_smile:

It might be better to just have a “when: foo” and “when: not foo”. Somewhat cleaner. It’s not intended that YAML is used for much more than basic variable substitution inside of playbooks, like {{ x }}. You can easily push ansible into ugliness when you do not. 1.6.7 will actually yell at you if you do the above suggestion with variable additions, because it’s designed to detect some variable insertion issues, that can be security related when using untrusted variables.

To the original question, using exact_count instead would be /still/ cleaner and what I would suggest instead. Just specify how many of each tag you want running.

I am new to Ansible and I really appreciate having the project leader respond :slight_smile:

Do you mind posting an example on how exact_count would work for the idempotency_token? I am a bit lost on this one.

Thanks heaps

Steve

It doesn’t need it, actually.

Exact count works by making sure there are X number of instances running with the tag specified by “count_tag”.

Thus if count_tag is “webservers” and you have 5 running and exact count in 200, it will add 195 webservers.

Sources, for those interested, live here: https://github.com/ansible/ansible/blob/devel/library/cloud/ec2

Hi,

I’ve a similar issue and I would be interested if there exists now a solution to omit task parameters based on variable definitions. In my special example I’ve a role to provision EC2 instances. For some instances I would like to allocate private IP addresses and for some I wouldn’t. Any other idea how I can solve this issue without duplication roles?

Best regards,
Christian

I’ve found the solution: https://docs.ansible.com/playbooks_filters.html#omitting-undefined-variables-and-parameters