json_query with authorized_key-module output

Archives Ansible Project
1

Hi,

i have a problem with the response of the authorized_key-module in combination with the Jinja2 Filter “json_query”. This filter works already fine for me with the prompt-Module where i extract all the inputs with “y”(query: “results[?user_input==‘y’]”).

ansible --version
ansible 2.4.0.0
python version = 2.7.10 (default, Feb 7 2017, 00:08:15) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)]

This is a testplay to prey my problem(you’ll need 2 testssh keys in /tmp with “.pub” ending, example content “ssh-rsa 123== Comment 1” ):

2

Instead of we recreate this why don't you run it for us and post the output?
Preferably with
"ANSIBLE_STDOUT_CALLBACK=debug ansible-playbook -v playbook.yaml"

3

There is no output of the second debug-task. Dont know why…
Output of the command:

Using /Users/blackended_user/git/project/ansible/ansible.cfg as config file

PLAY [localhost] ****************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [localhost]

TASK [test] *********************************************************************************************************
ok: [localhost] => (item=/tmp/1.pub) => {
“changed”: false,
“comment”: null,
“exclusive”: false,
“failed”: false,
“gid”: 31346032,
“group”: “blackended_group”,
“item”: “/tmp/1.pub”,
“key”: “ssh-rsa 123== Comment 1”,
“key_options”: null,
“keyfile”: “/tmp/test_authorized_keys”,
“manage_dir”: false,
“mode”: “0600”,
“owner”: “blackended_user”,
“path”: “/tmp/test_authorized_keys”,
“size”: 24,
“state”: “file”,
“uid”: 218476800,
“unique”: false,
“user”: “blackended_user”,
“validate_certs”: true
}
changed: [localhost] => (item=/tmp/2.pub) => {
“changed”: true,
“comment”: null,
“exclusive”: false,
“failed”: false,
“gid”: 31346032,
“group”: “blackended_group”,
“item”: “/tmp/2.pub”,
“key”: “ssh-rsa 456== Comment 2”,
“key_options”: null,
“keyfile”: “/tmp/test_authorized_keys”,
“manage_dir”: false,
“mode”: “0600”,
“owner”: “blackended_user”,
“path”: “/tmp/test_authorized_keys”,
“size”: 48,
“state”: “file”,
“uid”: 218476800,
“unique”: false,
“user”: “blackended_user”,
“validate_certs”: true
}

TASK [debug] ********************************************************************************************************
ok: [localhost] => {}

MSG:

{‘msg’: u’All items completed’, ‘changed’: True, ‘results’: [{u’comment’: None, u’exclusive’: False, u’uid’: 218476800, u’owner’: u’blackended_user’, u’manage_dir’: False, u’group’: u’ADS\Dom\xe4nen-Benutzer’, ‘failed’: False, u’state’: u’file’, u’gid’: 31346032, u’invocation’: {u’module_args’: {u’comment’: None, u’exclusive’: False, u’validate_certs’: True, u’key_options’: None, u’state’: u’present’, u’user’: u’blackended_user’, u’key’: u’ssh-rsa 123== Comment 1’, u’path’: u’/tmp/test_authorized_keys’, u’unique’: False, u’keyfile’: u’/tmp/test_authorized_keys’, u’manage_dir’: False}}, u’size’: 24, ‘_ansible_parsed’: True, ‘_ansible_item_result’: True, u’key_options’: None, u’user’: u’blackended_user’, u’key’: u’ssh-rsa 123== Comment 1’, u’path’: u’/tmp/test_authorized_keys’, u’unique’: False, ‘_ansible_no_log’: False, u’keyfile’: u’/tmp/test_authorized_keys’, ‘changed’: False, ‘item’: u’/tmp/1.pub’, u’mode’: u’0600’, u’validate_certs’: True}, {u’comment’: None, u’exclusive’: False, u’uid’: 218476800, u’owner’: u’blackended_user’, u’manage_dir’: False, u’group’: u’ADS\Dom\xe4nen-Benutzer’, ‘failed’: False, u’state’: u’file’, u’gid’: 31346032, u’invocation’: {u’module_args’: {u’comment’: None, u’exclusive’: False, u’validate_certs’: True, u’changed’: True, u’key_options’: None, u’state’: u’present’, u’user’: u’blackended_user’, u’key’: u’ssh-rsa 456== Comment 2’, u’path’: u’/tmp/test_authorized_keys’, u’unique’: False, u’keyfile’: u’/tmp/test_authorized_keys’, u’manage_dir’: False}}, u’size’: 48, ‘_ansible_parsed’: True, ‘_ansible_item_result’: True, u’key_options’: None, u’user’: u’blackended_user’, u’key’: u’ssh-rsa 456== Comment 2’, u’path’: u’/tmp/test_authorized_keys’, u’unique’: False, ‘_ansible_no_log’: False, u’keyfile’: u’/tmp/test_authorized_keys’, u’changed’: True, ‘item’: u’/tmp/2.pub’, u’mode’: u’0600’, u’validate_certs’: True}]}

TASK [debug] ********************************************************************************************************

PLAY RECAP **********************************************************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=0

4

There is no output of the second debug-task. Dont know why...
Output of the command:

<snip />

TASK [debug]
********************************************************************************************************
ok: [localhost] => {}

MSG:

{'msg': u'All items completed', 'changed': True, 'results': [{u'comment':
None, u'exclusive': False, u'uid': 218476800, u'owner': u'blackended_user',
u'manage_dir': False, u'group': u'ADS\\Dom\xe4nen-Benutzer', 'failed':
False, u'state': u'file', u'gid': 31346032, u'invocation': {u'module_args':
{u'comment': None, u'exclusive': False, u'validate_certs': True,
u'key_options': None, u'state': u'present', u'user': u'blackended_user',
u'key': u'ssh-rsa 123== Comment 1', u'path': u'/tmp/test_authorized_keys',
u'unique': False, u'keyfile': u'/tmp/test_authorized_keys', u'manage_dir':
False}}, u'size': 24, '_ansible_parsed': True, '_ansible_item_result':
True, u'key_options': None, u'user': u'blackended_user', u'key': u'ssh-rsa
123== Comment 1', u'path': u'/tmp/test_authorized_keys', u'unique': False,
'_ansible_no_log': False, u'keyfile': u'/tmp/test_authorized_keys',
'changed': False, 'item': u'/tmp/1.pub', u'mode': u'0600',
u'validate_certs': True}, {u'comment': None, u'exclusive': False, u'uid':
218476800, u'owner': u'blackended_user', u'manage_dir': False, u'group':
u'ADS\\Dom\xe4nen-Benutzer', 'failed': False, u'state': u'file', u'gid':
31346032, u'invocation': {u'module_args': {u'comment': None, u'exclusive':
False, u'validate_certs': True, u'changed': True, u'key_options': None,
u'state': u'present', u'user': u'blackended_user', u'key': u'ssh-rsa 456==
Comment 2', u'path': u'/tmp/test_authorized_keys', u'unique': False,
u'keyfile': u'/tmp/test_authorized_keys', u'manage_dir': False}}, u'size':
48, '_ansible_parsed': True, '_ansible_item_result': True, u'key_options':
None, u'user': u'blackended_user', u'key': u'ssh-rsa 456== Comment 2',
u'path': u'/tmp/test_authorized_keys', u'unique': False, '_ansible_no_log':
False, u'keyfile': u'/tmp/test_authorized_keys', u'changed': True, 'item':
u'/tmp/2.pub', u'mode': u'0600', u'validate_certs': True}]}

Instead of
   - debug:
       msg: "{{ item.item }}"
     with_items: "{{ sshKey | json_query(query) }}"
       vars:
         query: "results[?changed==true]"

You can use this

   - debug:
       msg: "{{ item.item }}"
     with_items: '{{ sshKey.results }}'
     when: item.changed

5

Instead of

  • debug:
    msg: “{{ item.item }}”
    with_items: “{{ sshKey | json_query(query) }}”
    vars:
    query: “results[?changed==true]”

You can use this

  • debug:
    msg: “{{ item.item }}”
    with_items: ‘{{ sshKey.results }}’
    when: item.changed


Kai Stian Olstad

Thank you a lot. Sometimes i dont see the forest for the trees :wink: But nevertheless i am unhappy i cant use the json_query filter on that. I neither know if it is a bug or my bad.

6

Sorry, but your suggested solution doesnt cover my request full:

  • debug:
    msg: “{{ item.item }}”
    with_items: “{{ sshKey.results }}”
    when:

  • sshKey.changed

  • debug:
    msg: “{{ item.item }}”
    with_items: “{{ sshKey.results }}”
    when:

  • not sshKey.changed

The conditional isnt based on the results.(item).changed. It is based on “sshKey.changed” and if one of the keys has changed, it is for every item true.

Is it possible to take the actual item in the when clause?

7

Well, my example did, if you check it you'll see "when: item.changed".

8

I am sorry, my bad! Should had have copy your snipet :wink: Thank you so much!