Hi, I need to install some packages across different Linux distros (mainly CentOS/Redhat and Ubuntu right now). However, since there isn’t a unified package manager (at least not bundled with core), I’m trying to find the best way to do this.

I understand that we can use something like ‘when: ansible_os_family == “RedHat”’ or the like, but when we have 400 CentOS hosts and 200 Ubuntu hosts, that’s a lot of “skipping” messages (I’m aware these can also be suppressed in the main config file). We have playbooks that run against certain groups of hosts (these groups can contain multiple distros), so I’m not sure that using group_by is the best option either as, from my understanding, I’d have to have a ‘group_by’ in each of those playbooks and for each distro.

For example, we have an ‘ntp’ role which basically just installs the ntp package, drops in the ntp config using template and ensures it’s started (we have similar roles for snmp, ssmtp etc.).

I came across a previous post with an answer from Michael DeHaan suggesting using the following action (although Michael does state that it’s a bad idea), however, this no longer appears to work;

Using task;

“I understand that we can use something like ‘when: ansible_os_family == “RedHat”’ or the like, but when we have 400 CentOS hosts and 200 Ubuntu hosts, that’s a lot of “skipping” messages”

Use this module:

http://docs.ansible.com/group_by_module.html

• hosts: all
  tasks:

• group_by: key=os-{{ ansible_os_family }}

• hosts: os-RedHat
  tasks:

• Red Hat things

Also be sure to use “with_items” where possible to group package installs into a minimum of transactions, which will save considerable install time.

Hi Michael,

Yep, I know of the group_by module, but the way I understand it, this would require me to have a separate task for each distro that has a different package manager. Also since we have things arranged into roles which are called by playbooks split by, let’s say, ‘departments’, I’d have to add the group_by for each distro into each playbook and move the tasks into those playbooks (rather than calling a role, unless I also split the roles by OS which makes things even less cleaner).

At the moment, my playbooks just look like this, as an example;

• hosts:
• prod-servers

roles:

• common
• ntp
• snmp
• nfs_client

I’ve found a library written by someone that does what I was hoping here:- https://github.com/mantiz/ansible-library-pkgmgr but I didn’t really want to go down the route of using libraries that may not be supported or become unusable in future versions of ansible.

Not sure if there is another way to do this?

Hi,

However, since there isn't a unified package manager (at least not bundled with core), I'm trying to find the best way to do this.

I user dynamic groups and group variables to abstract the differences: put files Ubuntu / Suse / Linux / SunOS / AIX / what_ever in group_vars/*. Example:

Ubuntu:
nrpe_package: nagios-nrpe-server
nrpe_service: nagios-nrpe-server

Suse:
nrpe_package: nagios-nrpe
nrpe_service: nrpe

Then the play looks like:

- hosts: all
  gather_facts: yes
  sudo: true
  tasks:
    # create useful groups
    - group_by: key={{ ansible_system }}
    - group_by: key={{ ansible_distribution }}
    # manage nrpe
    - action: "{{ ansible_pkg_mgr }} name={{ nrpe_package }} state=installed"
    - service: name={{ nrpe_service }} enabled=yes state=started
    - template: src=common/etc/nagios/nrpe.cfg dest={{ nrpe_prefix }}nrpe.cfg owner=root group=root mode=0644 backup=yes
      notify: restart nrpe
  handlers:
    - name: restart nrpe
      service: name={{ nrpe_service }} state=restarted

HTH, Sascha.

Aufsichtsratsvorsitzender: Herbert Vogel
Geschäftsführung: Michael Krüger
Sitz der Gesellschaft: Halle/Saale
Registergericht: Amtsgericht Stendal | Handelsregister-Nr. HRB 208414
UST-ID-Nr. DE 158253683

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Empfänger sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail oder des Inhalts dieser Mail sind nicht gestattet. Diese Kommunikation per E-Mail ist nicht gegen den Zugriff durch Dritte geschützt. Die GISA GmbH haftet ausdrücklich nicht für den Inhalt und die Vollständigkeit von E-Mails und den gegebenenfalls daraus entstehenden Schaden. Sollte trotz der bestehenden Viren-Schutzprogramme durch diese E-Mail ein Virus in Ihr System gelangen, so haftet die GISA GmbH - soweit gesetzlich zulässig - nicht für die hieraus entstehenden Schäden.

Hi,

• action: “{{ ansible_pkg_mgr }} name={{ nrpe_package }} state=installed”

This doesn’t work for me, see original post, it results in an error (using ansible version 1.6.10). And from previous posts, it seems it’s not recommended to use this method.

EDIT: just tried this using 1.7 and it does work again. Just a bit cautious of using this approach against the advice from Michael regarding using {{ ansible_pkg_mgr }} in this way

This is a very common misconception.

Not only do packages change by distro, but also how you manage the package.

For instance, think of how Apache is managed very very differently between Ubuntu and RHEL.

This is the least of anyone’s concerns so dealing with the idea that the OSes is different as soon is possible is the correct way of handling this.

Abstractions, in this case, are a lie.

Yep, using {{ ansible_pkg_manager }} also won’t take advantage of with_items optimizations in yum or apt, and will make things run much slower.

I am interested in what error you saw though.

The error using 1.6.10 was as below (see original post);

TASK: [ntp | Ensure NTP is Installed] *****************************************
<XX.XX.XX.XX> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO XX.XX.XX.XX
<XX.XX.XX.XX> REMOTE_MODULE {{ ansible_pkg_mgr }} name=ntp state=present
fatal: [XX.XX.XX.XX] => module {{ not found in /usr/share/ansible/system:/usr/share/ansible/commands:/usr/share/ansible/messaging:/usr/share/ansible/cloud:/usr/share/ansible/notification:/usr/share/ansible/net_infrastructure:/usr/share/ansible/inventory:/usr/share/ansible/utilities:/usr/share/ansible/internal:/usr/share/ansible/files:/usr/share/ansible/packaging:/usr/share/ansible/database:/usr/share/ansible/source_control:/usr/share/ansible/network:/usr/share/ansible/web_infrastructure:/usr/share/ansible/monitoring:/usr/share/ansible

FATAL: all hosts have already failed – aborting

“It works as expected on 1.7.”

Ok, the latest stable ansible release is 1.7.1, so we should be good to go. We are not going to be applying backports to any 1.6 releases.