Eric Anderson, Author at ericsysmin's DevOps Blog

How to loop blocks of code in Ansible

June 20, 2019

In this blog post I will cover how we can loop groups/blocks of tasks within Ansible. Currently using - block: will not work. However you can use - include_tasks: my_grouped_tasks.yml to loop a group of tasks. Within that tasks file you can use {{ item }} on each of your tasks and It will copy from the item during the loop. At Avi Networks we’ve used this for much of our internal task groupings which have items that depend on creation of each other and cannot independently run loops without causing issues.

In the following I have some visual representations to show what the goal origianlly was, and how you can accomplish it.

PROBLEM:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

# playbook.yml

---

- hosts: localhost

connection: local

vars:

ip_addresses:

- 10.0.0.10

- 10.0.0.11

tasks:

- block:

- name: Copy using inline content to first file

copy:

content: |

ip_address={{ item }}

dest: /etc/some_config_file.conf

- name: Copy using inline content to second file

copy:

content: |

ip_address={{ item }}

dest: /etc/some_other_config_file.conf

loop: "{{ ip_addresses }}"

SOLUTION:

1

2

3

4

5

6

7

8

9

10

11

12

# playbook.yml

---

- hosts: localhost

connection: local

vars:

ip_addresses:

- 10.0.0.10

- 10.0.0.11

tasks:

- name: deploy files with network address in them

include_tasks: network_files.yml

loop: "{{ ip_addresses }}"

1

2

3

4

5

6

7

8

9

10

11

12

13

# network_files.yml

---

- name: Copy using inline content to first file

copy:

content: |

ip_address={{ item }}

dest: /etc/some_config_file.conf

- name: Copy using inline content to second file

copy:

content: |

ip_address={{ item }}

dest: /etc/some_other_config_file.conf

This will effectively do a loop over your multiple tasks. I know it’s a bit annoying, but this is currently the only working solution to looping over blocks of tasks.

ansible, blocks, devops, loops

Ansible, DevOps

1 Comment

Integrating Zabbix w/Slack for Channel Notifications

January 16, 2019

Eric Anderson

I’ve been using Slack and Zabbix now for a few years, and figured since there’s not too many guides out there on how to integrate the two easily. I know there are a few examples so far, but this is what’s worked best for me.

First I use this script, and put it in your alertscripts directory, ex. /usr/lib/zabbix/alertscripts .

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

#!/usr/bin/python

import sys

import yaml

from slackclient import SlackClient

slack_config_file = '/etc/zabbix/slack.yml'

with open(slack_config_file, 'r') as ymlfile:

slack_config = yaml.load(ymlfile)

slack = SlackClient(slack_config['slack_api_token'])

channel = sys.argv[1]

message = "```Status: %s\n%s```" %(sys.argv[2], sys.argv[3])

response = send_slack_message(channel, message)

if response["ok"]:

print("Message posted successfully: " + response["message"]["ts"])

# If the message failed, check for rate limit headers in the response

elif response["ok"] is False and response["headers"]["Retry-After"]:

# The `Retry-After` header will tell you how long to wait before retrying

delay = int(response["headers"]["Retry-After"])

print("Rate limited. Retrying in " + str(delay) + " seconds")

time.sleep(delay)

slack.api_call("chat.postMessage", channel=channel, text=message)

Notice there’s no field for credentials. That’s because over time I found it easier to deploy with a configuration file that was in yaml format.

Make sure you create an API token for slack by creating a Slack App, then using it’s Verification Token. Hopefully in the future I revisit this and make use of the Client ID, Client Secret, Signing Secret configuration.

So to provide that file we need to create the following in your zabbix configuration directory ex. /ext/zabbix/slack.yml .

1 2	# Zabbix - Slack Configuration slack_api_token: {{ zabbix_slack_api_token }}

This makes it easier at least for me to deploy and separate configuration from the script itself.

Next steps include creating the Slack Media Type.

Navigate to Administration > Media types

Select “Create media type”, and fill out the following:

1

2

3

4

5

6

7

8

Name: Slack

Type: Script

Script name: zabbix_slack.py

Script parameters:

{ALERT.SENDTO}

{ALERT.SUBJECT}

{ALERT.MESSAGE}

Enabled: Checked

Don’t forget to save!

Your first value is going to be “Channel” the rest fill in the message details.

devops, notifications, operations, ops, slack, zabbix

Zabbix

Leave a comment

Using Avi Ansible modules to Patch your Avi Controller

January 16, 2019

Eric Anderson

So I’ve been working for a company called Avi Networks for a while now. Working on customer deployments, internal devops automation, customer migrations, and tons of other projects including getting Avi to have the largest module library available out of any load balancer on the market. Well, today were going to show how to use Avi’s Ansible modules to patch your Avi Controller. It’s easy, here’s how.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

---

- name: Patch Controller | Upload package on controller

avi_api_fileservice:

avi_credentials: "{{ avi_credentials }}"

upload: true

timeout: 300

path: /patch_pkgs/

file_path: "{{ patch_path }}"

- name: Patch Controller | Upgrade controller

avi_api_session:

avi_credentials: "{{ avi_credentials }}"

http_method: post

timeout: 300

path: cluster/upgrade/

data:

image_path: controller://upgrade_pkgs/{{ patch_path|basename }}

force: true

disruptive: true

patch: true

- name: Patch Controller | Wait for the Controller Upgrade to finish

avi_api_session:

avi_credentials: "{{ avi_credentials }}"

http_method: get

timeout: 300

path: cluster/upgrade/status

register: upgrade_status

until: upgrade_status.obj.result == "SUCCESS"

retries: 120

delay: 10

This will also wait for the controller to come back up 🙂

avi, avinetworks, devops, network, patching

DevOps

Leave a comment

Deploying Modules as an Ansible Role

October 2, 2018

Eric Anderson

As Ansible grows as solution for much of the DevOps community many partners and supported modules are hitting the community. However, all of us are being hit by a serious problem. Release Gap.

Release Gap is the difference of time between your modules being accepted into the Ansible core and the time you release a new feature or patch you want your customers to use.

At Avi we ran into this problem, and luckily Ansible has a solution. Roles. Using roles to deploy your modules helps you control your code and guarantee customers are using the latest tested modules you offer.

To do this we need to have a role structure as such.

1

2

3

4

5

6

7

8

role-name/

meta/

main.yml

library/

module1.py

module2.py

module_utils/

module_util.py

However, users will need to include the role in their playbook.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

# Playbook that uses roles for modules

---

- hosts: localhost

connection: local

roles:

- role: company.sdk

tasks:

- name: This module does something

module1:

module_param1: value1

module_param2: value2

- name: This other module does something else

module2:

module2_param1: value1

module2_param2: value2

However, there are some caveats. Your module names should never be the same as modules that someone else, or core uses. In our case we stuck with avi_<module-name> for our modules.

A good way to look at the pipeline is the following.

Using this pipeline you can then import your modules into the core, but also pre-release or release modules at your own schedule and version, independent of Ansible release schedule. You can also allow users to upgrade their environments.

Users can then download your modules using the following command.

1	ansible-galaxy install -f company.sdk

You can also specify version so your end users can control versions of your modules

1	ansible-galaxy install -f company.sdk,v1.0.0

The goal of this was to empower the partners, supported modules to be downloaded by customers without having to force customers to also upgrade Ansible itself which can affect other modules that are working for all playbooks.

ansible, development, modules, roles

Ansible

Leave a comment

Been a while…

August 21, 2018

Eric Anderson

Sorry everyone, I’ve been gone for a while. I’ve been super busy at this company Avi Networks. I’ve been here for 2 years, and it’s been growing fast. However, I’m back in the DevOps/SRE realm of things, which will allow me to once again share some of my insights on the world of automation, containers, scripting, and other cool workarounds to get things working the way you want.

I’m probably going to make a few changes in the next few weeks to this blog to get it running again, and move the commenting system over to something that I won’t have to manage and prevent spam. I’ve manually had to approve a lot of comments, and that doesn’t scale, obviously. lol

Uncategorized

Leave a comment