[Ansible] How to branch playbook processing [Configuration management]

Hello! This is Shimeji from the System Solutions Department.
Two months have passed since I transferred to the SRE team.
There are still many things I don't understand, but I'm grateful for the environment where I can learn new things every day!
Learning new things is fun!

Today we'll be talking about the configuration management tool Ansible.
There are times when you want to branch the processing of a playbook.

For example, suppose you want to execute the following playbook process.
The contents are a common method of installing a new configuration file after renaming the original configuration file.

- name: Rename Config File shell: mv /etc/hoge/main.cf /etc/hoge/main.cf_backup - name: Deploy Config File template: src: "{{ inventory_dir }}/roles/hoge/template/conf. j2" dest: "/etc/hoge/main.cf" owner: root group: root mode: 644

The above process will ``rename the original configuration file'' and complete the ``installation of the new configuration file'' without any special incident.
However, I would like to skip the process if a file called "main.cf_backup" already exists.
In such cases, use Registered Variables and when statement.

Registered Variables allows you to store the execution results of executed tasks in variables.
By branching the process based on the result, you can skip the process.
Use when statements to branch processing.

If you want to skip the file if it already exists

The playbook processing taking the above into account is as follows.

- name: Rename Config File Confirm stat: path: /etc/hoge/main.cf_backup register: result - name: Rename Config File shell: mv /etc/hoge/main.cf /etc/hoge/main.cf_backup when: not result.stat.exists - name: Deploy Config File template: src: "{{ inventory_dir }}/roles/hoge/template/conf.j2" dest: "/etc/hoge/main.cf" owner: root group: root mode: 644

Look at the process called Rename Config File Confirm.

  stat: path: /etc/hoge/main.cf_backup register: result

The stat module is used to check if main.cf_backup exists.
If it exists, store True in a variable called result, otherwise store False.

And there is a when statement written in the Rename Config File process.

when: not result.stat.exists

Executes the Rename Config File process only if result is not True.

Let's confirm that the process is not executed when the conditions actually match.
Let's execute the process on the server below where main.cf_backup exists.
・192.168.33.72 [CentOS72]

ansible-playbook -i hosts operation.yml --ask-pass

PLAY [apply common configuration to all nodes] ********************************* TASK [Gathering Facts] *** ************************************************** **** ok: [192.168.33.72] TASK [hoge : Rename Config File Confirm] ************************************ ************ ok: [192.168.33.72] TASK [hoge : Rename Config File] *************** *************************** skipping: [192.168.33.72] TASK [hoge : Deploy Config File] ******** ************************************************* OK : [192.168.33.72] PLAY RECAP ************************************************ *************************** 192.168.33.72 : ok=3 changed=0 unreachable=0 failed=0

Yes, processing is being skipped.

Other branch processing

The when statement can perform various other conditional branches.
The following is a playbook that installs Apache only when the OS is CentOS7.

  - name: CentOS7 Install Apache yum: name: httpd state: present when: - ansible_facts['distribution'] == "CentOS" - ansible_facts['distribution_major_version'] == "7"

Conditions can be written in list format.
In that case, the process will be executed only if all conditions are met.
(In the example above, the OS is his CentOS and the version is 7)

Let's actually execute the process on the following two servers.
・192.168.33.67 [CentOS67]
・192.168.33.72 [CentOS72]

ansible-playbook -i hosts operation.yml --ask-pass

PLAY [apply common configuration to all nodes] ********************************* TASK [Gathering Facts] *** ************************************************** **** ok: [192.168.33.65] ok: [192.168.33.72] TASK [test : CentOS7-install-apache] ********************** ********************* skipping: [192.168.33.65] changed: [192.168.33.72] PLAY RECAP ************* ************************************************** ****** 192.168.33.65 : ok=1 changed=0 unreachable=0 failed=0 192.168.33.72 : ok=2 changed=1 unreachable=0 failed=0

The process is being executed only on 192.168.33.72.
Success!

At the end

This is a simple introduction, but
you can use the when statement to perform various other conditional branches.
If you want to know more, please read the official document!
Official document