2018-03-14 20:44:21 +01:00
.. _playbooks_conditionals:
2013-09-30 01:03:51 +02:00
Conditionals
============
2013-12-26 20:32:01 +01:00
.. contents :: Topics
2017-01-18 03:55:03 +01:00
Often the result of a play may depend on the value of a variable, fact (something learned about the remote system), or previous task result.
In some cases, the values of variables may depend on other variables.
2018-01-22 22:37:19 +01:00
Additional groups can be created to manage hosts based on whether the hosts match other criteria. This topic covers how conditionals are used in playbooks.
2017-11-22 05:14:27 +01:00
2020-02-14 16:53:14 +01:00
.. note ::
There are many options to control execution flow in Ansible. More examples of supported conditionals can be located here: https://jinja.palletsprojects.com/en/master/templates/#comparisons.
2013-09-30 01:03:51 +02:00
2015-03-06 22:35:49 +01:00
.. _the_when_statement:
2013-09-30 01:03:51 +02:00
The When Statement
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2017-01-18 03:55:03 +01:00
Sometimes you will want to skip a particular step on a particular host.
This could be something as simple as not installing a certain package if the operating system is a particular version,
2013-09-30 01:03:51 +02:00
or it could be something like performing some cleanup steps if a filesystem is getting full.
2020-02-14 16:53:14 +01:00
This is easy to do in Ansible with the `` when `` clause, which contains a raw `Jinja2 expression <https://jinja.palletsprojects.com/en/master/templates/#expressions> `_ without double curly braces (see :ref: `group_by_module` ).
.. note :: Jinja2 expressions are built up from comparisons, filters, tests, and logical combinations thereof. The below examples will give you an impression how to use them. However, for a more complete overview over all operators to use, please refer to the official `Jinja2 documentation <https://jinja.palletsprojects.com/en/master/templates/#expressions> `_ .
2013-10-05 01:06:20 +02:00
It's actually pretty simple::
2013-09-30 01:03:51 +02:00
tasks:
2016-08-16 21:02:25 +02:00
- name: "shut down Debian flavored systems"
2013-09-30 01:03:51 +02:00
command: /sbin/shutdown -t now
2018-09-06 17:26:58 +02:00
when: ansible_facts['os_family'] == "Debian"
2019-03-27 05:26:09 +01:00
# note that all variables can be used directly in conditionals without double curly braces
2013-09-30 01:03:51 +02:00
2020-02-14 16:53:14 +01:00
You can also use `parentheses to group and logical operators <https://jinja.palletsprojects.com/en/master/templates/#logic> `_ to combine conditions::
2014-10-05 19:54:31 +02:00
tasks:
2016-08-16 21:02:25 +02:00
- name: "shut down CentOS 6 and Debian 7 systems"
2014-10-05 19:54:31 +02:00
command: /sbin/shutdown -t now
2018-09-06 17:26:58 +02:00
when: (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6") or
(ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "7")
2014-10-05 19:54:31 +02:00
2020-02-14 16:53:14 +01:00
Multiple conditions that all need to be true (that is, a logical `` and `` ) can also be specified as a list::
2016-08-25 18:52:52 +02:00
tasks:
- name: "shut down CentOS 6 systems"
command: /sbin/shutdown -t now
when:
2018-09-06 17:26:58 +02:00
- ansible_facts['distribution'] == "CentOS"
- ansible_facts['distribution_major_version'] == "6"
2016-08-25 18:52:52 +02:00
2020-02-14 16:53:14 +01:00
A number of Jinja2 `"tests" and "filters" <https://jinja.palletsprojects.com/en/master/templates/#other-operators> `_ can also be used in when statements, some of which are unique and provided by Ansible.
Suppose we want to ignore the error of one statement and then decide to do something conditionally based on success or failure::
2013-09-30 01:03:51 +02:00
tasks:
- command: /bin/false
register: result
ignore_errors: True
2016-06-01 17:06:47 +02:00
2013-09-30 01:03:51 +02:00
- command: /bin/something
2017-11-27 23:58:08 +01:00
when: result is failed
2016-06-01 17:06:47 +02:00
2020-02-14 16:53:14 +01:00
# Both `succeeded` and `success` both work. The former, however, is newer and uses the correct tense, while the latter is mainly used in older versions of Ansible.
2013-09-30 01:03:51 +02:00
- command: /bin/something_else
2017-11-27 23:58:08 +01:00
when: result is succeeded
2016-06-01 17:06:47 +02:00
2013-09-30 01:03:51 +02:00
- command: /bin/still/something_else
2017-11-27 23:58:08 +01:00
when: result is skipped
2013-09-30 01:03:51 +02:00
2016-06-01 17:06:47 +02:00
2020-02-14 16:53:14 +01:00
.. note :: both `success` and `succeeded` work (`similarly for fail` /`failed` , etc).
2019-11-05 22:25:15 +01:00
.. warning :: You might expect a variable of a skipped task to be undefined and use `defined` or `default` to check that. **This is incorrect** ! Even when a task is failed or skipped the variable is still registered with a failed or skipped status. See :ref: `registered_variables` .
2016-06-01 17:06:47 +02:00
2013-09-30 01:03:51 +02:00
2018-09-06 17:26:58 +02:00
To see what facts are available on a particular system, you can do the following in a playbook::
- debug: var=ansible_facts
2013-09-30 01:03:51 +02:00
2020-02-14 16:53:14 +01:00
Tip: Sometimes you'll get back a variable that's a string and you'll want to do a math operation comparison on it.
You can do this like so::
2013-09-30 01:03:51 +02:00
tasks:
- shell: echo "only on Red Hat 6, derivatives, and later"
2018-09-06 17:26:58 +02:00
when: ansible_facts['os_family'] == "RedHat" and ansible_facts['lsb']['major_release']|int >= 6
2013-09-30 01:03:51 +02:00
2020-02-14 16:53:14 +01:00
.. note :: the above example requires the lsb_release package on the target host in order to return the `lsb major_release` fact.
2013-09-30 01:03:51 +02:00
2020-02-14 16:53:14 +01:00
Variables defined in the playbooks or inventory can also be used, just make sure to apply the `` |bool `` filter to non-boolean variables (e.g., `string` variables with content like `` yes `` , `` on `` , `` 1 `` , `` true `` ).
An example may be the execution of a task based on a variable's boolean value::
2013-09-30 01:03:51 +02:00
vars:
epic: true
2019-06-17 16:53:30 +02:00
monumental: "yes"
2013-09-30 01:03:51 +02:00
Then a conditional execution might look like::
tasks:
- shell: echo "This certainly is epic!"
2019-06-17 16:53:30 +02:00
when: epic or monumental|bool
2013-09-30 01:03:51 +02:00
or::
2017-01-18 03:55:03 +01:00
2013-09-30 01:03:51 +02:00
tasks:
- shell: echo "This certainly isn't epic!"
when: not epic
2020-02-14 16:53:14 +01:00
If a required variable has not been set, you can skip or fail using Jinja2's `` defined `` test.
For example::
2013-09-30 01:03:51 +02:00
tasks:
- shell: echo "I've got '{{ foo }}' and am not afraid to use it!"
when: foo is defined
2014-01-17 14:09:52 +01:00
- fail: msg="Bailing out. this play requires 'bar'"
2015-07-25 14:05:27 +02:00
when: bar is undefined
2013-09-30 01:03:51 +02:00
2017-01-18 03:55:03 +01:00
This is especially useful in combination with the conditional import of vars files (see below).
2020-02-14 16:53:14 +01:00
As the examples show, you don't need to use `` {{ }} `` to use variables inside conditionals, as these are already implied.
2013-09-30 01:03:51 +02:00
2016-04-21 15:42:00 +02:00
.. _loops_and_conditionals:
Loops and Conditionals
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2020-02-14 16:53:14 +01:00
Combining `` when `` with loops (see :ref: `playbooks_loops` ), be aware that the `` when `` statement is processed separately for each item. This is by design::
2013-09-30 01:03:51 +02:00
tasks:
- command: echo {{ item }}
move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-09-17 05:32:34 +02:00
loop: [ 0, 2, 4, 6, 8, 10 ]
2013-09-30 01:03:51 +02:00
when: item > 5
2020-02-14 16:53:14 +01:00
If you need to skip the whole task depending on the loop variable being defined, used the `` |default `` filter to provide an empty iterator::
2016-04-21 15:42:00 +02:00
- command: echo {{ item }}
move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-09-17 05:32:34 +02:00
loop: "{{ mylist|default([]) }}"
2016-04-21 15:42:00 +02:00
when: item > 5
move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-09-17 05:32:34 +02:00
If using a dict in a loop::
2016-04-21 15:42:00 +02:00
- command: echo {{ item.key }}
2018-04-25 19:55:34 +02:00
loop: "{{ query('dict', mydict|default({})) }}"
2016-04-21 15:42:00 +02:00
when: item.value > 5
.. _loading_in_custom_facts:
2013-09-30 01:03:51 +02:00
Loading in Custom Facts
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2018-03-14 20:44:21 +01:00
It's also easy to provide your own facts if you want, which is covered in :ref: `developing_modules` . To run them, just
2013-09-30 01:03:51 +02:00
make a call to your own custom fact gathering module at the top of your list of tasks, and variables returned
there will be accessible to future tasks::
tasks:
- name: gather site specific fact data
action: site_facts
- command: /usr/bin/thingy
2013-10-05 01:06:20 +02:00
when: my_custom_fact_just_retrieved_from_the_remote_system == '1234'
2016-04-21 15:42:00 +02:00
.. _when_roles_and_includes:
2017-09-17 20:02:46 +02:00
Applying 'when' to roles, imports, and includes
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2013-09-30 01:03:51 +02:00
Note that if you have several tasks that all share the same conditional statement, you can affix the conditional
2015-08-04 22:13:11 +02:00
to a task include statement as below. All the tasks get evaluated, but the conditional is applied to each and every task::
2013-09-30 01:03:51 +02:00
2017-09-17 20:02:46 +02:00
- import_tasks: tasks/sometasks.yml
2013-09-30 01:03:51 +02:00
when: "'reticulating splines' in output"
2020-02-14 16:53:14 +01:00
.. note :: In versions prior to 2.0 this worked with task includes but not playbook includes. 2.0 allows it to work with both.
2015-08-04 22:13:11 +02:00
2013-09-30 01:03:51 +02:00
Or with a role::
- hosts: webservers
roles:
2018-04-05 20:41:26 +02:00
- role: debian_stock_config
2018-09-06 17:26:58 +02:00
when: ansible_facts['os_family'] == 'Debian'
2013-09-30 01:03:51 +02:00
2020-02-14 16:53:14 +01:00
You will note a lot of `` skipped `` output by default in Ansible when using this approach on systems that don't match the criteria.
2019-06-26 23:07:27 +02:00
In many cases the :ref: `group_by module <group_by_module>` can be a more streamlined way to accomplish the same thing; see
2018-09-05 21:06:02 +02:00
:ref: `os_variance` .
2013-09-30 01:03:51 +02:00
2018-09-05 21:06:02 +02:00
When a conditional is used with `` include_* `` tasks instead of imports, it is applied `only` to the include task itself and not
to any other tasks within the included file(s). A common situation where this distinction is important is as follows::
2017-09-17 20:02:46 +02:00
2018-09-05 21:06:02 +02:00
# We wish to include a file to define a variable when it is not
# already defined
2017-09-17 20:02:46 +02:00
# main.yml
2018-09-05 21:06:02 +02:00
- import_tasks: other_tasks.yml # note "import"
2017-09-17 20:02:46 +02:00
when: x is not defined
# other_tasks.yml
- set_fact:
x: foo
- debug:
var: x
2018-09-05 21:06:02 +02:00
This expands at include time to the equivalent of::
- set_fact:
x: foo
when: x is not defined
- debug:
var: x
when: x is not defined
Thus if `` x `` is initially undefined, the `` debug `` task will be skipped. By using `` include_tasks `` instead of `` import_tasks `` ,
both tasks from `` other_tasks.yml `` will be executed as expected.
For more information on the differences between `` include `` v `` import `` see :ref: `playbooks_reuse` .
2017-09-17 20:02:46 +02:00
2016-04-21 15:42:00 +02:00
.. _conditional_imports:
2013-09-30 01:03:51 +02:00
Conditional Imports
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2017-11-22 05:14:27 +01:00
.. note :: This is an advanced topic that is infrequently used.
2013-09-30 01:03:51 +02:00
Sometimes you will want to do certain things differently in a playbook based on certain criteria.
Having one playbook that works on multiple platforms and OS versions is a good example.
As an example, the name of the Apache package may be different between CentOS and Debian,
but it is easily handled with a minimum of syntax in an Ansible Playbook::
---
- hosts: all
remote_user: root
vars_files:
- "vars/common.yml"
2018-09-06 17:26:58 +02:00
- [ "vars/{{ ansible_facts['os_family'] }}.yml", "vars/os_defaults.yml" ]
2013-09-30 01:03:51 +02:00
tasks:
2017-02-14 11:39:27 +01:00
- name: make sure apache is started
service: name={{ apache }} state=started
2013-09-30 01:03:51 +02:00
.. note ::
2018-09-06 17:26:58 +02:00
The variable "ansible_facts['os_family']" is being interpolated into
2013-09-30 01:03:51 +02:00
the list of filenames being defined for vars_files.
As a reminder, the various YAML files contain just keys and values::
---
2018-02-20 21:12:12 +01:00
# for vars/RedHat.yml
2013-09-30 01:03:51 +02:00
apache: httpd
somethingelse: 42
2018-02-20 21:12:12 +01:00
How does this work? For Red Hat operating systems ('CentOS', for example), the first file Ansible tries to import
2019-06-26 23:07:27 +02:00
is 'vars/RedHat.yml'. If that file does not exist, Ansible attempts to load 'vars/os_defaults.yml'. If no files in
2018-02-20 21:12:12 +01:00
the list were found, an error is raised.
2013-09-30 01:03:51 +02:00
2018-02-20 21:12:12 +01:00
On Debian, Ansible first looks for 'vars/Debian.yml' instead of 'vars/RedHat.yml', before
falling back on 'vars/os_defaults.yml'.
2013-09-30 01:03:51 +02:00
2018-02-20 21:12:12 +01:00
Ansible's approach to configuration -- separating variables from tasks, keeping your playbooks
from turning into arbitrary code with nested conditionals - results in more streamlined and auditable configuration rules because there are fewer decision points to track.
2013-09-30 01:03:51 +02:00
Selecting Files And Templates Based On Variables
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
.. note :: This is an advanced topic that is infrequently used. You can probably skip this section.
Sometimes a configuration file you want to copy, or a template you will use may depend on a variable.
The following construct selects the first available file appropriate for the variables of a given host, which is often much cleaner than putting a lot of if conditionals in a template.
The following example shows how to template out a configuration file that was very different between, say, CentOS and Debian::
- name: template a file
2018-02-03 12:29:22 +01:00
template:
src: "{{ item }}"
dest: /etc/myapp/foo.conf
2018-04-25 19:55:34 +02:00
loop: "{{ query('first_found', { 'files': myfiles, 'paths': mypaths}) }}"
move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-09-17 05:32:34 +02:00
vars:
myfiles:
2018-09-06 17:26:58 +02:00
- "{{ansible_facts['distribution']}}.conf"
move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-09-17 05:32:34 +02:00
- default.conf
mypaths: ['search_location_one/somedir/', '/opt/other_location/somedir/']
2013-09-30 01:03:51 +02:00
Register Variables
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
Often in a playbook it may be useful to store the result of a given command in a variable and access
it later. Use of the command module in this way can in many ways eliminate the need to write site specific facts, for
instance, you could test for the existence of a particular program.
2019-01-29 22:28:18 +01:00
.. note :: Registration happens even when a task is skipped due to the conditional. This way you can query the variable for `` is skipped `` to know if task was attempted or not.
2020-02-14 16:53:14 +01:00
The `` register `` keyword decides what variable to save a result in. The resulting variables can be used in templates, action lines, or *when* statements. It looks like this (in an obviously trivial example)::
2013-09-30 01:03:51 +02:00
- name: test play
hosts: all
tasks:
- shell: cat /etc/motd
register: motd_contents
- shell: echo "motd contains the word hi"
when: motd_contents.stdout.find('hi') != -1
2020-02-14 16:53:14 +01:00
As shown previously, the registered variable's string contents are accessible with the `` stdout `` value.
move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-09-17 05:32:34 +02:00
The registered result can be used in the loop of a task if it is converted into
2020-02-14 16:53:14 +01:00
a list (or already is a list) as shown below. `` stdout_lines `` is already available on the object as
well though you could also call `` home_dirs.stdout.split() `` if you wanted, and could split by other
2013-09-30 01:03:51 +02:00
fields::
move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-09-17 05:32:34 +02:00
- name: registered variable usage as a loop list
2013-09-30 01:03:51 +02:00
hosts: all
tasks:
2018-02-03 12:29:22 +01:00
- name: retrieve the list of home directories
command: ls /home
register: home_dirs
- name: add home dirs to the backup spooler
file:
path: /mnt/bkspool/{{ item }}
src: /home/{{ item }}
state: link
loop: "{{ home_dirs.stdout_lines }}"
# same as loop: "{{ home_dirs.stdout.split() }}"
2013-09-30 01:03:51 +02:00
2020-02-14 16:53:14 +01:00
As shown previously, the registered variable's string contents are accessible with the `` stdout `` value.
2016-04-22 22:23:17 +02:00
You may check the registered variable's string contents for emptiness::
- name: check registered variable for emptiness
hosts: all
tasks:
- name: list contents of directory
command: ls mydir
register: contents
- name: check contents for emptiness
2019-06-26 23:07:27 +02:00
debug:
2018-02-03 12:29:22 +01:00
msg: "Directory is empty"
2016-04-22 22:23:17 +02:00
when: contents.stdout == ""
2018-01-22 22:37:19 +01:00
Commonly Used Facts
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2018-03-14 20:44:21 +01:00
The following Facts are frequently used in Conditionals - see above for examples.
2018-01-22 22:37:19 +01:00
.. _ansible_distribution:
2018-09-06 17:26:58 +02:00
ansible_facts['distribution']
-----------------------------
2018-01-22 22:37:19 +01:00
2018-09-06 17:26:58 +02:00
Possible values (sample, not complete list)::
2018-01-22 22:37:19 +01:00
Alpine
Altlinux
Amazon
Archlinux
ClearLinux
Coreos
2019-10-09 21:05:21 +02:00
CentOS
2018-01-22 22:37:19 +01:00
Debian
2018-06-06 11:15:00 +02:00
Fedora
2018-01-22 22:37:19 +01:00
Gentoo
Mandriva
NA
OpenWrt
OracleLinux
RedHat
Slackware
SMGL
SUSE
2019-10-09 21:05:21 +02:00
Ubuntu
2018-01-22 22:37:19 +01:00
VMwareESX
.. See `OSDIST_LIST`
.. _ansible_distribution_major_version:
2018-09-06 17:26:58 +02:00
ansible_facts['distribution_major_version']
-------------------------------------------
2018-01-22 22:37:19 +01:00
This will be the major version of the operating system. For example, the value will be `16` for Ubuntu 16.04.
.. _ansible_os_family:
2018-09-06 17:26:58 +02:00
ansible_facts['os_family']
--------------------------
2018-01-22 22:37:19 +01:00
2018-09-06 17:26:58 +02:00
Possible values (sample, not complete list)::
2018-01-22 22:37:19 +01:00
AIX
Alpine
Altlinux
Archlinux
Darwin
Debian
FreeBSD
Gentoo
HP-UX
Mandrake
RedHat
SGML
Slackware
Solaris
Suse
2019-03-12 00:38:27 +01:00
Windows
2018-01-22 22:37:19 +01:00
2019-03-12 00:38:27 +01:00
.. Ansible checks `OS_FAMILY_MAP`; if there's no match, it returns the value of `platform.system()`.
2013-09-30 01:03:51 +02:00
2013-10-05 18:31:16 +02:00
.. seealso ::
2018-03-14 20:44:21 +01:00
:ref: `working_with_playbooks`
2013-10-05 18:31:16 +02:00
An introduction to playbooks
2018-03-14 20:44:21 +01:00
:ref: `playbooks_reuse_roles`
2013-10-05 18:31:16 +02:00
Playbook organization by roles
2018-03-14 20:44:21 +01:00
:ref: `playbooks_best_practices`
2013-10-05 18:31:16 +02:00
Best practices in playbooks
2018-03-14 20:44:21 +01:00
:ref: `playbooks_variables`
2013-10-05 18:31:16 +02:00
All about variables
2018-07-21 15:48:47 +02:00
`User Mailing List <https://groups.google.com/group/ansible-devel> `_
2013-10-05 18:31:16 +02:00
Have a question? Stop by the google group!
`irc.freenode.net <http://irc.freenode.net> `_
#ansible IRC chat channel