Hi,
Please find below my Ansible role and playbook which calls that role to deploy cloudformation template on to an AWS account:
main.yml file of patching-cf-ssm role
cat main.yml
---
- name: Check the mandatory parameters are provided
assert:
that:
- ({{ variable_check }} is defined )
- ({{ variable_check }} is not none )
- ({{ variable_check }} | trim != '' )
with_items:
- Managed
- Patching
loop_control:
loop_var: variable_check
- name: Check the environment variables are provided
assert:
that:
- ({{ variable_check }} is defined )
- ({{ variable_checl }} is not none )
- ({{ variable_check }} | trim != '' )
with_items:
- aws_region
- environment_type
- assumed_role
loop_control:
loop_var: variable_check
# tasks file for patching-cf-ssm
- include_vars: "{{playbook_dir}}/vars/patching-config.yml" #Variable file for the below template (MaintenanceWindow.yml)
- name: create a cloudformation stack
cloudformation:
stack_name: "Melton-ansible-cloudformation"
state: "present"
disable_rollback: true
template: "roles/patching-cf-ssm/files/MaintenanceWindow.yml"
#environment:
#AWS_ACCESS_KEY_ID: "{{ assumed_role.sts_creds.access_key }}"
#AWS_SECRET_ACCESS_KEY: "{{ assumed_role.sts_creds.secret_key }}"
#AWS_SECURITY_TOKEN: "{{ assumed_role.sts_creds.session_token }}"
**when: {{ Managed: false }} | {{ Patching: disabled }} | {{ Backup: disabled }}**
**when: {{ Managed: false }} | {{ Patching: enabled }} | {{ Backup: disabled }}**
**when: {{ Managed: true }} | {{ Patching: disabled }} | {{ Backup: disabled }}**
...
pwd
ansible/playbooks/roles/patching-cf-ssm/tasks
and It’s called in main.yml as below
cat patching.yml
---
- hosts: localhost
roles:
- patching-cf-ssm
Challenge is I do NOT want to deploy any CF template if any one of the “when” conditions satisfy.
How do I go about it?
Please assist
Thanks
Ameya