Ansible - Ansible - Loop

 Ansible - Loop 12-18-2020

Loop

Install software on a host
- hosts: worker1
  tasks:
  - package:
      name: httpd
      state: present

  - package:
      name: php

Installing two software, say you run it on RHEL systems, you call package two times and also yum command two times.
It comsumes more CPU/Memory time. You waster unwanted CPU/RAM.

How we can resolve this kind of situation?
-> Rather than calling same command multiple times, we call these command one time and pass list of sfotware packages..


software we supply like this order

[ php, httpd, ... bac ]

items

its a list..

for loop..


Lets try an example in python

1. We have list of packages
>>> p = [ "httpd", "php", "xyz"]

2. Print them
>>> p
['httpd', 'php', 'xyz']

3. Loop through it
>>> for i in p:
...     print(i)
...
httpd
php
xyz
>>>

You can directly asign values.

>>> for i in [1,2,3, 4]:
...     print(i)
...
1
2
3
4


- hosts: worker1
  tasks:
  - package:
      name: "{{ item }}"
      state: present

    loop:
       - "httpd"
       - "php"



note: older versions they use items



Define with variable
# cat myloop.yaml
- hosts: worker1
  vars:
  - x:
     - "httpd"
     - "php"

  tasks:
  - package:
      name: "{{ item }}"
      state: present

    loop: ""{{ x }}"

  - debug:
      var: x

# ap



# cat myloop.yaml
- hosts: worker1
  vars:
  - x:
     - "httpd"
     - "php"
  tasks:
    - debug:
        var: x[0]

print the first value




In linux systems,
we create a user and associate this group to multiple users.

groupadd mygroup
# useradd [user1, user2 ...] -g/G mygroup

# cat /etc/passwd, etc/group


How do we do on ansible

google for ansible-doc to create user
ansible-doc user


# cat user.yaml
- hosts: localhost
  tasks:
  - user:    # ansible module to create user ansible-doc user
      name: "jack"
      password: "password"
      state: present

# ap user.yaml

-> Add user to the group
# ansible-doc user

go to groups (secondary group) and see the options


# cat user.yaml
- hosts: localhost
  tasks:
  - user:    # ansible module to create user ansible-doc user
      name: "jack"
      password: "password"
      state: present
      groups: "devops"

[root@master day16]# ansible-playbook user.yaml

how do we create multiple group?
# cat user.yaml
- hosts: localhost
  vars:
  - u1:
        - "jack1"
        - "redhat"
        - "devops"
# u1=[ "jack", "redhat", "devops" ]
         0        1          2
we know, but how system knows?

  tasks:
  - user:    # ansible module to create user ansible-doc user
      name: "jack"
      password: "password"
      state: present
      groups: "devops"
    loop:


---------------------

# cat user.yaml
- hosts: localhost
  vars:
  - u1:
        - "jack1"
        - "redhat"
        - "devops"
  tasks:
  - user:    # ansible module to create user ansible-doc user
      name: "{{ u1[0] }}"
      password: "{{ u1[1] }}
      state: present
      groups: "{{ u1[2] }}"
#    loop:


How can we arrange data better.
Arrangement of data structure is not easy.

- hosts: localhost
  vars:
  - u1:
        - "jack1"
        - 1234abc
        - "redhat"
        - "devops"
  tasks:
  - user:       # ansible module to create user ansible-doc user
      name: "{{ u1[0] }}"
      password: "{{ u1[1] }}
      state: present
      groups: "{{ u1[2] }}"
    loop:

say if you add a value, then it will mess up your passwd.
here your pw is going to be 1234abc rather than redhat.



we are not going to use list any more. Instead of taking index number, we will give the name to it. such as user, password, group..

Instead of precreated 0, 1, 2, 3 .., we will use our own.



- hosts: localhost
  vars:
  - u1:
        - "name": "jack1"
        - "gid" 1234
        - "password" "redhat"
        - "g": "devops"
  tasks:
  - user:  
      name: "{{ u1[0] }}"
      password: "{{ u1[1] }}
      state: present
      groups: "{{ u1['g'] }}"

This is called dictionary or HASH..



- hosts: localhost
  vars:
  - u1:
        - "name": "jack1"
#        - "gid": 1234
        - "password": "redhat"
        - "g": "devops"
  tasks:
  - user:
      name: "{{ u1[0] }}"
      password: "{{ u1['password'] }}
      state: present
      groups: "{{ u1['g'] }}"




python dictionary
userdb = ["Ram",1111, "sam",2222, "chris", 3333]


userdb = [ ["Ram",1111], ["sam",2222], ["chris", 3333]]
> userdb
> userdb[1]
> userdb[1][1]
> userdb[0][1]
> userdb[2][1]


to retirve, you need to know the position number


Lets try on ansible

- hosts: localhost
  vars:
  - u1:
        - "name": "jack1"
#        - "gid": 1234
        - "password": "redhat"
        - "g": "devops"
  tasks:
  - user:
      name: "{{ u1[0] }}"
      password: "{{ u1['password'] }}
      state: present
      groups: "{{ u1['g'] }}"




Three information in one variable
- hosts: 127.0.0.1
  vars:
  - userdb:
       - "Sam", 1111
       - "Bill", 222
       - "Cabob", 333



can be written as

- hosts: 127.0.0.1
  vars:
  - userdb:
       - "Sam"
          1111
       - "Bill"
          222
       - "Cabob"
          333



or

- hosts: 127.0.0.1
  vars:
  - userdb:
       - name: "Ram"
       - phone: 1111
       - name: "jack"
#         password: redhat
          name: "Chris"
          phone: 222
  tasks:
  - debug:
      var: userdb



- hosts: 127.0.0.1
  vars:
  - userdb:
       - name: "Ram"
       - phone: 1111
       - name: "jack"
#         password: redhat
          name: "Chris"
          phone: 222

  tasks:
  - debug:
      var: userdb[1]



loop is a for loop...
for loop is always applies to variable..



pw stored on plain text is not supported.




============================

encript pw

ansible-doc passwd

convert clear text into hash
item.p | password_hash('sha512')


previledge escalation - Tuesday ..

know about sudo ...


you can use loop inside jinga template

jinga can only be use on template file


replace with varaible with vault...