0

i have the following playbook which check all the roles in elasticsearch, and if the specific role doesn't exist, it creates it

- name: Get all security roles
  uri:
    url: 'http://192.168.2.14:9200/_security/role'
    method: GET
    url_username: elastic
    url_password: strong
  register: security_roles

- debug:
    msg: {{ security_roles }}

- name: make cURL call if anthill_role exists
  shell: curl -u elastic:strong 192.168.2.14:9200
  when: '"sobaka" not in security_roles'

and let's see the output from playbook execution

ansible-playbook elasticsearch-3dc.yml -i hosts.yml
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
[WARNING]: Found variable using reserved name: remote_user

PLAY [Deploy & Configure Elasticsearch on 3DC] *************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************ok: [elasticsearch-db-02]

TASK [elasticsearch-3dc : Get all security roles] **********************************************************************************************************************************ok: [elasticsearch-db-02]

TASK [elasticsearch-3dc : debug] ***************************************************************************************************************************************************ok: [elasticsearch-db-02] => {
    "msg": {
        "changed": false,
        "content_length": "8422",
        "content_type": "application/json; charset=UTF-8",
        "cookies": {},
        "cookies_string": "",
        "elapsed": 0,
        "failed": false,
        "json": {
            "sobaka": {
                "applications": [],
                "cluster": [],
                "indices": [
                    {
                        "allow_restricted_indices": false,
                        "names": [
                            "*"
                        ],
                        "privileges": [
                            "create",
                            "index",
                            "read",
                            "read_cross_cluster",
                            "view_index_metadata",
                            "write",
                            "create_index"
                        ]
                    }
                ],
                "metadata": {},
                "run_as": [],
                "transient_metadata": {
                    "enabled": true
                }
            },


},
        "msg": "OK (8422 bytes)",
        "redirected": false,
        "status": 200,
        "url": "http://192.168.2.14:9200/_security/role"
    }
}

TASK [elasticsearch-3dc : make cURL call if anthill_role exists] *******************************************************************************************************************[WARNING]: Consider using the get_url or uri module rather than running 'curl'.  If you need to use command because get_url or uri is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [elasticsearch-db-02]

but as you can see from the output, the role sobaka is existed, why the task make cURL car if sobaka role exists is runned?

Joom187
  • 155
  • 4
  • 13

2 Answers2

0

Can you try like when: '"sobaka" not in security_roles.json'. Seems like key sobaka is under value dict of key json

Syam Sankar
  • 361
  • 1
  • 6
0

The return of you debug show a dict. You have to check if that dict dont have the specific key

- name: make cURL call if anthill_role exists
  shell: curl -u elastic:strong 192.168.2.14:9200
  when: "'sobaka' not in {{ security_roles.json.keys()|list }}"
idriss Eliguene
  • 779
  • 4
  • 11