summaryrefslogtreecommitdiff
path: root/docsite/rst/playbooks_lookups.rst
blob: ac770dab39b4c07ffdaf528ee2cf8f2517428e66 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
Using Lookups
=============

Lookup plugins allow access of data in Ansible from outside sources.  These plugins are evaluated on the Ansible control
machine, and can include reading the filesystem but also contacting external datastores and services.
These values are then made available using the standard templating system
in Ansible, and are typically used to load variables or templates with information from those systems.

.. note:: This is considered an advanced feature, and many users will probably not rely on these features.

.. note:: Lookups occur on the local computer, not on the remote computer.

.. note:: Since 1.9 you can pass wantlist=True to lookups to use in jinja2 template "for" loops.

.. contents:: Topics

.. _getting_file_contents:

Intro to Lookups: Getting File Contents
```````````````````````````````````````

The file lookup is the most basic lookup type.

Contents can be read off the filesystem as follows::

    - hosts: all
      vars:
         contents: "{{ lookup('file', '/etc/foo.txt') }}"

      tasks:

         - debug: msg="the value of foo.txt is {{ contents }}"

.. _password_lookup:

The Password Lookup
```````````````````

.. note::

    A great alternative to the password lookup plugin, if you don't need to generate random passwords on a per-host basis, would be to use :doc:`playbooks_vault`.  Read the documentation there and consider using it first, it will be more desirable for most applications.

``password`` generates a random plaintext password and stores it in
a file at a given filepath.  

(Docs about crypted save modes are pending)
 
If the file exists previously, it will retrieve its contents, behaving just like with_file. Usage of variables like "{{ inventory_hostname }}" in the filepath can be used to set
up random passwords per host (what simplifies password management in 'host_vars' variables).

Generated passwords contain a random mix of upper and lowercase ASCII letters, the
numbers 0-9 and punctuation (". , : - _"). The default length of a generated password is 20 characters.
This length can be changed by passing an extra parameter::

    ---
    - hosts: all

      tasks:

        # create a mysql user with a random password:
        - mysql_user: name={{ client }}
                      password="{{ lookup('password', 'credentials/' + client + '/' + tier + '/' + role + '/mysqlpassword length=15') }}"
                      priv={{ client }}_{{ tier }}_{{ role }}.*:ALL

        (...)

.. note:: If the file already exists, no data will be written to it. If the file has contents, those contents will be read in as the password. Empty files cause the password to return as an empty string        

Starting in version 1.4, password accepts a "chars" parameter to allow defining a custom character set in the generated passwords. It accepts comma separated list of names that are either string module attributes (ascii_letters,digits, etc) or are used literally::

    ---
    - hosts: all

      tasks:

        # create a mysql user with a random password using only ascii letters:
        - mysql_user: name={{ client }}
                      password="{{ lookup('password', '/tmp/passwordfile chars=ascii_letters') }}"
                      priv={{ client }}_{{ tier }}_{{ role }}.*:ALL

        # create a mysql user with a random password using only digits:
        - mysql_user: name={{ client }}
                      password="{{ lookup('password', '/tmp/passwordfile chars=digits') }}"
                      priv={{ client }}_{{ tier }}_{{ role }}.*:ALL

        # create a mysql user with a random password using many different char sets:
        - mysql_user: name={{ client }}
                      password="{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,hexdigits,punctuation') }}"
                      priv={{ client }}_{{ tier }}_{{ role }}.*:ALL

        (...)

To enter comma use two commas ',,' somewhere - preferably at the end. Quotes and double quotes are not supported.

.. _csvfile_lookup:

The CSV File Lookup
```````````````````
.. versionadded:: 1.5

The ``csvfile`` lookup reads the contents of a file in CSV (comma-separated value)
format. The lookup looks for the row where the first column matches ``keyname``, and
returns the value in the first column, unless a different column is specified.

The example below shows the contents of a CSV file named elements.csv with information about the
periodic table of elements::

    Symbol,Atomic Number,Atomic Mass
    H,1,1.008
    He,2,4.0026
    Li,3,6.94
    Be,4,9.012
    B,5,10.81


We can use the ``csvfile`` plugin to look up the atomic number or atomic of Lithium by its symbol::

    - debug: msg="The atomic number of Lithium is {{ lookup('csvfile', 'Li file=elements.csv delimiter=,') }}"
    - debug: msg="The atomic mass of Lithium is {{ lookup('csvfile', 'Li file=elements.csv delimiter=, col=2') }}"


The ``csvfile`` lookup supports several arguments. The format for passing
arguments is::

    lookup('csvfile', 'key arg1=val1 arg2=val2 ...')

The first value in the argument is the ``key``, which must be an entry that
appears exactly once in column 0 (the first column, 0-indexed) of the table. All other arguments are optional.


==========   ============   =========================================================================================
Field        Default        Description
----------   ------------   -----------------------------------------------------------------------------------------
file         ansible.csv    Name of the file to load
delimiter    TAB            Delimiter used by CSV file. As a special case, tab can be specified as either TAB or \t.
col          1              The column to output, indexed by 0
default      empty string   return value if the key is not in the csv file
==========   ============   =========================================================================================

.. note:: The default delimiter is TAB, *not* comma.


.. _more_lookups:

More Lookups
````````````

Various *lookup plugins* allow additional ways to iterate over data.  In :doc:`Loops <playbooks_loops>` you will learn
how to use them to walk over collections of numerous types.  However, they can also be used to pull in data
from remote sources, such as shell commands or even key value stores. This section will cover lookup
plugins in this capacity.

Here are some examples::

    ---
    - hosts: all

      tasks:

         - debug: msg="{{ lookup('env','HOME') }} is an environment variable"

         - debug: msg="{{ item }} is a line from the result of this command"
           with_lines:
             - cat /etc/motd

         - debug: msg="{{ lookup('pipe','date') }} is the raw result of running this command"

         # redis_kv lookup requires the Python redis package
         - debug: msg="{{ lookup('redis_kv', 'redis://localhost:6379,somekey') }} is value in Redis for somekey"

         # dnstxt lookup requires the Python dnspython package
         - debug: msg="{{ lookup('dnstxt', 'example.com') }} is a DNS TXT record for example.com"

         - debug: msg="{{ lookup('template', './some_template.j2') }} is a value from evaluation of this template"

         - debug: msg="{{ lookup('etcd', 'foo') }} is a value from a locally running etcd"

         # The following lookups were added in 1.9
         - debug: msg="{{item}}"
           with_url:
                - 'http://github.com/gremlin.keys'

         # outputs the cartesian product of the supplied lists
         - debug: msg="{{item}}"
           with_cartesian:
                - list1
                - list2
                - list3

As an alternative you can also assign lookup plugins to variables or use them
elsewhere.  This macros are evaluated each time they are used in a task (or
template)::

    vars:
      motd_value: "{{ lookup('file', '/etc/motd') }}"

    tasks:

      - debug: msg="motd value is {{ motd_value }}"

.. seealso::

   :doc:`playbooks`
       An introduction to playbooks
   :doc:`playbooks_conditionals`
       Conditional statements in playbooks
   :doc:`playbooks_variables`
       All about variables
   :doc:`playbooks_loops`
       Looping in playbooks
   `User Mailing List <http://groups.google.com/group/ansible-devel>`_
       Have a question?  Stop by the google group!
   `irc.freenode.net <http://irc.freenode.net>`_
       #ansible IRC chat channel