ansible

Ansible loop failure

I can't seem to make this loop work. If anyone can tell what I'm doing wrong, appreciate any advice in advance.

What I'm trying to do is to descend into a directory, that holds directories named for my workstations. The dirs are created from the result of a "fetch" and hold host1.csr/req, host2.csr/req (for example). I only have two directories right now to speed up testing.

I'm trying to run a shell command on the CSR files: openssl req -text -noout -verify -in (host*.csr). Here's what I have in my play. Note: if idents or spelling is wrong, they're just typing errors. The play is running on a closed network. The play does pass --syntax-check.

  name: Find CSR files
  ansible.builtin.find:
    paths: /etc/cert_dir/workstations
    file_type: file
    patterns: “*.csr”
    recurse: yes
  register: csr

  name: csr file names into new variable
  set_fact:
  CSR: “{{csr.files | map(attribute=‘path’) | map(‘basename’) | list }}”

  name: Print csr variable
  debug:
    msg: Print result of CSR search: {{ csr }}

  name: Test variable usage against the found csr files
  ansible.builtin.shell:
    cmd: openssl req -text -noout -verify -in {{ csr }} {{ item.path }}

And of course it doesn't work. The error displayed says the host1.csr file can't be found. In fact, it lists the full path (/etc/cert_dir/wkstns/host1.csr file can't be found). It repeats for host2.csr, I don't get it. The first parts of this play are just a sanity check that will eventually be removed. I just wanted to see if I could get a play to descend into the main dir, go into each workstation dir, and find the csr files. That does work. It shows the two CSR files - host1.csr, host2.csr.

So if the files can be found can anyone tell what I'm doing wrong as far as the loop?

Solution

  • Removing the syntax errors and using the correct encoding, a running minimal example playbook could look like

    ---
- hosts: localhost
  become: false
  gather_facts: false

  tasks:

    - name: Find CSR files
      ansible.builtin.find:
        paths: "{{ playbook_dir }}"
        file_type: file
        patterns: '*.csr'
        recurse: yes
      register: csr

    - name: Set file names into new variable
      set_fact:
        CSR: "{{ csr.files | map(attribute='path') | map('basename') | list }}"

    - name: Print CSR variable
      debug:
        msg: "Print result of CSR search: {{ CSR }}"

    - name: Test variable usage against the found CSR files
      ansible.builtin.shell:
        cmd: "openssl req -text -noout -verify -in {{ item }}"
      loop: "{{ CSR }}"

    and possible shorter

    ---
- hosts: localhost
  become: false
  gather_facts: false

  tasks:

    - name: Find CSR files
      ansible.builtin.find:
        paths: "{{ playbook_dir }}"
        file_type: file
        patterns: '*.csr'
        recurse: yes
      register: CSR

    - name: Check Certificate Signing Request (CSR) against CSR.files
      ansible.builtin.shell:
        cmd: "openssl req -text -noout -verify -in {{ item }}"
      changed_when: false # as it is a reporting task
      loop: "{{ CSR.files | map(attribute='path') | list }}"
      loop_control:
        label: "{{ item | basename }}"