My sense is they are searching from most specific to least specific file. The
first one they find they use. The remaining params are hardcoded. We do a
similar thing when looking for vars files. We might search for RedHat8, then
RedHat, then Linux.
- name: Add OS specific variables for {{ ansible_os_family }} family
include_vars: "{{ loop_vars }}"
with_first_found:
- files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}-{{ ansible_distribution_version }}-family.yml"
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-family.yml"
- "{{ ansible_os_family }}-family.yml"
- "{{ ansible_system }}.yml"
- "defaults.yml"
paths:
- "vars"
loop_control:
loop_var: loop_vars
Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123
On Apr 18, 2023, at 12:56 PM, Todd Lewis <[email protected]> wrote:
It seems to me that you're re-implementing variable precedence, but only for
one variable.
What if, in group_vars/all, you define
access_conf_src_file: access.conf
Then in your group_vars/whatever (for relevant groups of course, for which the
other one isn't specific enough), you define
access_conf_src_file: access.conf_AGwhatever
Finally, if you have any hosts which need even more specificity, you define in
your host_vars/snowflake1.your.dom
access_conf_src_file: access.conf_AHsnowflake
Then your copy task can just use "{{ access_conf_src_file }}" without invoking
magical expressions.
Admittedly, the appeal of having the Right Thing happen just by creating the
appropriately named src file is compelling. But it isn't the way the rest of
your playbook variables work, so, hmm.
But next, I start to wonder if the right answer isn't to put all the logic and
magic in a template and use ansible.builtin.template instead of
ansible.builtin.copy.
On 4/18/23 11:39 AM, Michael DiDomenico wrote:
i managed to come up with this, but seems like it could be cleaner
---
- name: copy pam etc/security/access.conf file
vars:
findme: |
{%- set findme = [] -%}
{%- for groupn in group_names -%}
{{- findme.append('files/' + item.src + '_AG' + groupn) -}}
{%- endfor -%}
{{- findme.append("files/"+item.src+"_AH"+ansible_hostname) -}}
{{- findme.append("files/"+item.src) -}}
{{- findme | list -}}
# debug:
# msg: "{{ lookup('ansible.builtin.first_found', findme) }}"
ansible.builtin.copy:
src: "{{ lookup('ansible.builtin.first_found', findme) }}"
dest: "/{{item.src}}"
owner: "{{item.owner}}"
group: "{{item.group}}"
mode: "{{item.mode}}"
with_items:
- { src: "etc/security/access.conf", owner: "root", group: "root",
mode: "0644" }
On Tue, Apr 18, 2023 at 11:09 AM Michael DiDomenico
<[email protected]><mailto:[email protected]> wrote:
the below block is an example block i use in a few places to copy in
config files and select a host specific file if it exists. not sure
if it's the best way, but it works for now. what i'd like to do is
add in group selection as well. ie if there's group file look for
that first
so above line 5 you could have
"files/{{ansible_local.baseos.ver}}/{{item.src}}_AG{{group}}" but
clearly that wont work because there likely is more then on group
attached to a host. so i need to try all the groups of a host and see
if there's a matching file. the only way i can think to do it is to
create a second task that looks in the repository for a matching group
file and then registers a variable which i can include in the below
block above line 5
is there a better way?
1 ---
2 - name: copy pam etc/security/access.conf file
3 vars:
4 findme:
5 - "files/{{item.src}}_AH{{ansible_hostname}}"
6 - "files/{{item.src}}"
7 ansible.builtin.copy:
8 src: "{{ lookup('ansible.builtin.first_found', findme) }}"
9 dest: "/{{item.src}}"
10 owner: "{{item.owner}}"
11 group: "{{item.group}}"
12 mode: "{{item.mode}}"
13 with_items:
14 - { src: "etc/security/access.conf", owner: "root", group:
"root", mode: "0644" }
--
Todd
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0900869f-a82c-d022-3303-e783f71eef9f%40gmail.com<https://groups.google.com/d/msgid/ansible-project/0900869f-a82c-d022-3303-e783f71eef9f%40gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6F08BE9B-80AC-45E3-BB56-001ACA832DDE%40nist.gov.
