Saturday, 22 October 2016

Ansible - Getting a list of ip addresses for a specfic group

I had a very simple problem.  I needed to get a list of IP addresses from a group of slave servers  in inventory to use as part of a firewall ruleset task in a playbook for a master server (so access was only allowed to the master from the slaves).  I knew the ip addresses were accessible via hostvars but as I only run this playbook on the master (I don't use a site.yml type god playbook) I knew I needed to run something on the slaves first to gather the facts that build hostvars  Also I wasn't using a template so that ruled out using for loops in jinja2.

My approach to solving this was:
  • Create a playbook the runs on the slave servers but does nothing
  • Include this playbook in the master server playbook
  • Filter the hostvars data to produce a list consisting only of the ip4 addresses for a specific host group

Note: You need ansible >= 2.1 for this to work for the map extract feature

slave_do_nothing.yml
---
# Does nothing but will gather facts for later use
- hosts: slave
  tasks: [] 


master_server_test.yml
---
- include: slave_do_nothing.yml
- hosts: master
  tasks:
    - name: Do something with the slave ip address now in item
      set_fact:
         n00b: "{{ n00b| default([]) + [item] }}"
      with_items:
        "{{ groups['slave']|map('extract', hostvars,
        ['ansible_eth0', 'ipv4', 'address'])|list }}"

    - debug: msg="{{ n00b }}"


I've included something else I also discovered along the way which was how to create a list and append items to it.  You can see that fact n00b is created and defaults to a empty list and we add each item that is passed from with_items.  We then use debug to print it at the end (a list of ip addresses).  This should be very useful for debugging tasks in the future.

As a further example here is the task I use in a playbook for an icecast master server  to allow inbound connections from the icecast relays.

- name: Allow inbound from icecast relays
  firewalld:
    zone: public
    state: enabled
    permanent: true
    immediate: true
    rich_rule:
      "rule family=ipv4 source address={{ item }}
      port port={{ icecast_port }} protocol=tcp accept"
  with_items:
    "{{ groups['icecast-relay']|map('extract', hostvars,
    ['ansible_eth0', 'ipv4', 'address'])|list }}"