1

I need to write an Ansible script that iterates over all available IPv4/6 addresses of the complete inventory to create a firewall script containing all "my" addresses.

What I try is:

{% for hostname in groups['all'] %}
{% if hostvars[hostname]['ansible_default_ipv4']['address'] is defined %}
  iptables ... {{ hostvars[hostname]['ansible_default_ipv4']['address'] }}
{% endif %}
{% if hostvars[hostname]['ansible_default_ipv6']['address'] is defined %}
  ip6tables ... {{ hostvars[hostname]['ansible_default_ipv6']['address'] }}
{% endif %}
{% endfor %}

And run for example ansible-playbook site.yml --limit=server1 only one entry is printed in the result instead of all

iptables ... a.b.c.d
ip6tables .... c:d:e:f::1

When I run a playbook with a group (not all) then it contains only the IPs of this group - but not "all", which would make more sense to my, because of the foreach group[all].

The result is generated via a task

- name: Configure Firewall
  template: src={{item.src}} dest={{item.dest}} owner={{item.owner}} group={{item.group}} mode={{item.mode}}
  with_items:
    - { src: "init.sh.j2", dest: "/etc/firewall/init.sh", owner: 'root', group: 'root', mode: '0750' }

I know that hostvars[hostname]['ansible_host'] is reliable but it would only be one IP of many per host and in case of a full dual stack IPv4/6 not acceptable, because only one of the two addresses will be configured.

Is there another way to get the facts from all hosts?

TRW
  • 876
  • 7
  • 23
  • Although the use of the facts is different, this is basically the same question as [Force fact gathering on all hosts](https://stackoverflow.com/questions/30024664/force-fact-gathering-on-all-hosts). – gaige Aug 04 '19 at 11:39

0 Answers0