1

Network guy pretending to "code"...(insert laughter/shame here). I am trying to create a playbook full of STIG requirements. I would like to be able to run this playbook against network devices, then easily copy the results into our the .ckl files.

In case it's not completely and utterly apparent, I have been using Ansible for less than a week.

*First I am having ansible register the output of a command. *Then I would like ansible to validate certain words or phrases are in the output of the register. *Then of course have a debug message state "Not a Finding {insert register here}", or "Open {insert register here}"

I cannot seem to get the "when {this pharse} (is (or not) in) register.stdout" to work.

Using Ansible 2.9

    - hosts: ios
  connection: network_cli
  gather_facts: no
  tasks:
    - name: Gather Username Configuration Lines
      ios_command:
        commands: show run | i username localadmin
      register: output
    - debug:
        msg:  "{{ output.stdout }}"
    - name: Username has correct privilege level
      block:
        - debug:
            msg: "{{ output.stdout }}"
      when: "'privilege 15' in output.stdout"

Output:

$ ansible-playbook ciscouserprivcheck.yml -u localadmin -k
SSH password: 

PLAY [ios] *************************************************************************************************************************************

TASK [Gather Username Configuration Lines] *****************************************************************************************************
ok: [Cisco1]

TASK [debug] ***********************************************************************************************************************************
ok: [Cisco1] => 
  msg:
  - username localadmin privilege 15 secret 5 $1$o1t2$VoZhNwm3bMfsTJ6e8RIdl1

TASK [debug] ***********************************************************************************************************************************
skipping: [Cisco1]

PLAY RECAP *************************************************************************************************************************************
Cisco1                     : ok=2    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
Anthony Mastrean
  • 21,850
  • 21
  • 110
  • 188
andrew.howell
  • 11
  • 2
  • There is no shame in learning something new. All of us do it! The code seems correct to me. What version of Ansible are you using? – vkozyrev Apr 19 '20 at 17:45
  • Running this on CentOS 7 (64bit) ansible 2.9.6 config file = /home/localadmin/NetworkAutomation/Project20/ansible.cfg configured module search path = [u'/home/localadmin/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] – andrew.howell Apr 20 '20 at 18:41
  • Try adding debugger to the playbook file. Between `hosts` and `connection` insert `debugger: on_skipped`. And when you run the playbook next time and Ansible should stop at the last `debug` task and ask you for input. You can check the value of `output` variable there by executing `(debug)> p task_vars['vars']['hostvars']['localhost']['output']['stdout']`. You should replace localhost with your host name though. – vkozyrev Apr 21 '20 at 05:55

0 Answers0