Extract certbot using regex

Get Help
1

Hello,
I have a question about getting a certbot version using regex.
I got sent from the letsencrypt forum to this one.
We think our ansible command is outdated, since I get this error

I replaced the personal data with {}

Check if the latest version of Certbot is already installed...
  {server} failed | msg: [Errno 2] No such file or directory: b'certbot'
Extract installed Certbot version using regex...
  {server} failed | msg: The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout'

The error appears to be in '/home/{me}/ansible/{directory}/{company}.webapp/tasks/7.5-letsencrypt.yml': line 70, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Extract installed Certbot version using regex
  ^ here

Now this is the ansible command we use

- name: Extract installed Certbot version using regex
  set_fact:
    installed_certbot_version_extracted: "{{ installed_certbot_version.stdout | regex_search('(?<=certbot )\\d+\\.\\d+\\.\\d+') }}"
  when: webapp.use_letsencrypt | default(False) | bool

A colleague of mine have not updated his system and stuff and everything is working fine at his instance, but when it comes to mine I get this error.
He only gets the {server} failed | msg: [Errno 2] No such file or directory: b'certbot' but its continuing after that.

2

Is the No such file or directory: b'certbot' error a result of certbot not being installed?

If I needed to check the version I’d do something like this:

---
- name: Get the certbot version
  block:

    - name: Run certbot --version
      ansible.builtin.command: certbot --version
      check_mode: false
      changed_when: false
      register: certbot_version_command

    - name: Set a fact for the certbot version
      ansible.builtin.set_fact:
        certbot_version: "{{ certbot_version_command.stdout | ansible.builtin.regex_replace('^certbot') | trim }}"
        certbot_semver: "{{ certbot_version_command.stdout | ansible.builtin.regex_replace('^certbot') | trim | community.general.jc('semver') }}"

    - name: Print the certbot version
      ansible.builtin.debug:
        var: certbot_version

    - name: Print the certbot semver
      ansible.builtin.debug:
        var: certbot_semver

  tags:
    - certbot
...

This results in:


TASK [certbot : Run certbot --version] ************************************************************************************************
ok: [localhost]

TASK [certbot : Set a fact for the certbot version] ***********************************************************************************
ok: [localhost]

TASK [certbot : Print the certbot version] ********************************************************************************************
ok: [localhost] => 
    certbot_version: 2.1.0

TASK [certbot : Print the certbot semver] *********************************************************************************************
ok: [localhost] => 
    certbot_semver:
        build: null
        major: 2
        minor: 1
        patch: 0
        prerelease: null

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
3

Hi Chris!

Certbot is not installed, but he still should continue right?
This is our full certbot check code

- name: Get latest Certbot release information
  uri:
    url: https://api.github.com/repos/certbot/certbot/releases/latest
    return_content: yes
  register: latest_certbot_release_info
  changed_when: False
  when: webapp.use_letsencrypt | default(False) | bool

- name: Set latest_certbot_version variable
  set_fact:
    latest_certbot_version: "{{ (latest_certbot_release_info.content | from_json).tag_name.replace('v', '') }}"
  when: webapp.use_letsencrypt | default(False) | bool

- name: Check if the latest version of Certbot is already installed
  command: certbot --version
  register: installed_certbot_version
  changed_when: False
  ignore_errors: True
  when: webapp.use_letsencrypt | default(False) | bool

- name: Extract installed Certbot version using regex
  set_fact:
    installed_certbot_version_extracted: "{{ installed_certbot_version.stdout | regex_search('(?<=certbot )\\d+\\.\\d+\\.\\d+') }}"
  when: webapp.use_letsencrypt | default(False) | bool
4

You could add an additional when condition to the set_fact task to ensure that it is only run when certbot is installed, for example by checking the return code of the version check?

  when:
    - installed_certbot_version.rc == 0
    - webapp.use_letsencrypt | default(False) | bool
5

Looking good, thank you very much for your help and fast responses!

6

Hello chris!

I am a step further but I get a weird message now, does this have something to do with the previous step?

image
image1004×490 35.1 KB

7

Is certbot installed on the server in question?

8

No it is not. But my collegue did this on the previous server on his machine without certbot installed and it worked

9

Why do you think a task that uses certbot should work when certbot is not installed?