How to compely exclude an host in a playbook after filtering for installed SW

gothsome · September 5, 2024, 2:14pm

Hello again!

I have an playbook where i update something, but id like to add an failsave if any hosts which doesnt have the sw installed will be excluded, so if there are somehpow in the inventroy some uninvited hosts id like to avoid installing the sw to them too.
my test playbook just to test the excluding.
I have to buntu 22 hosts one with wazuh one not and both outputted thhe message which only should be executed from the host with awzuh:

---
- name: Manage Wazuh Services
  hosts: all
  become: yes
  vars:
    wazuh_packages:
      - wazuh-indexer
      - wazuh-manager
      - wazuh-dashboard
  tasks:
    - name: Check if Wazuh packages are installed
      package_facts:
      
    - name: Ensure all Wazuh packages are installed
      block:
        - name: Check Wazuh Indexer installation
          ansible.builtin.package:
            name: "{{ item }}"
            state: present
          loop: "{{ wazuh_packages }}"
          register: wazuh_install_check
          failed_when: wazuh_install_check is not success

        - name: Skip host if any Wazuh package is missing
          meta: end_play
          when: wazuh_install_check is failed

        - name: Output success message for hosts with Wazuh installed
          ansible.builtin.debug:
            msg: "I have Wazuh installed"

I dont know if you can jkust say in the playbok the host gets kicked ouf rom the process, or do i have to set a var for not installed and add an exclude in all tasks?

Thank you!!

utoddl · September 5, 2024, 3:53pm

ansible.builtin.meta: end_play

will end the entire play for all hosts. You want instead

ansible.builtin.meta: end_host

“end_host” (added in Ansible 2.8) is like an “end_play” but for individual hosts. They aren’t “failed”; they just don’t go any farther in the current play.

Otherwise, I don’t see any issues.

gothsome · September 6, 2024, 8:37am

Yeah the playbook doesnt correctly recognize the installed sw in the ubuntu servers thehe playbook thinks the sw ist installed…
or not the second host has soome traces ot installed sw , but no service etc. - had to uninstall and now it seems better!

gothsome · September 6, 2024, 10:51am

got it:
how to test for the 3 Wazuh apps installed and end_host the host without wazuh - now i have to fuse it with the update playbook:

- name: Check Wazuh Packages
  hosts: all
  become: yes
  vars:
    wazuh_packages:
      - wazuh-indexer
      - wazuh-manager
      - wazuh-dashboard

  tasks:
    - name: Gather facts about installed packages
      package_facts:
        manager: auto

    - name: Check if any Wazuh package is missing
      set_fact:
        wazuh_missing: "{{ wazuh_packages | difference(ansible_facts.packages.keys()) }}"

    - name: End play if any Wazuh package is missing
      meta: end_host
      when: wazuh_missing | length > 0

    - name: Output success message for hosts with all Wazuh packages installed
      ansible.builtin.debug:
        msg: "All Wazuh packages are installed on {{ inventory_hostname }}."