-
-
Save marcusphi/6791404 to your computer and use it in GitHub Desktop.
--- | |
# This has been tested with ansible 1.3 with these commands: | |
# ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts isFirstRun=false" | |
# ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts isFirstRun=true" | |
# ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts" | |
# NB: The type of the variable is crucial! | |
- name: Ansible Conditionals Examples | |
hosts: $hosts | |
vars_files: | |
- vars.yml | |
tasks: | |
########### Correct COMPLEX expressions ################### | |
# Need parentheses around $is_live, because it (may) contain an _or_, and _and_ has higher prio than _or_; | |
- name: ($is_live) and (isFirstRun == 'true') # OK only if isFirstRun is defined. | |
command: echo hello | |
when: ($is_live) and (isFirstRun == 'true') | |
# isFirstRun is a string var, whereas is_mgmt is an expression evaluating to a string, so it seems we need the $ to dereference it | |
- name: $is_mgmt and (isFirstRun == 'true') # OK only if isFirstRun is defined | |
command: echo hello | |
when: $is_mgmt and (isFirstRun == 'true') | |
- name: $is_mgmt and (isFirstRun != 'false') # OK only if isFirstRun is defined | |
command: echo hello | |
when: $is_mgmt and (isFirstRun != 'false') | |
- name: $is_mgmt and (not isFirstRun == 'false') # OK only if isFirstRun is defined | |
command: echo hello | |
when: $is_mgmt and (not isFirstRun == 'false') | |
########### SIMPLE expressions ############################ | |
- name: is_mgmt # OK | |
command: echo hello | |
when: is_mgmt | |
- name: $is_mgmt # OK | |
command: echo hello | |
when: $is_mgmt | |
- name: ($is_mgmt) # OK | |
command: echo hello | |
when: ($is_mgmt) | |
- name: (is_mgmt) # WRONG - Always runs | |
command: echo hello | |
when: (is_mgmt) | |
###### | |
- name: isFirstRun == 'true' # OK | |
command: echo hello | |
when: isFirstRun == 'true' | |
- name: not isFirstRun != 'true' # OK | |
command: echo hello | |
when: not isFirstRun != 'true' | |
- name: not isFirstRun == 'false' # OK | |
command: echo hello | |
when: not isFirstRun == 'false' | |
- name: isFirstRun != 'false' # OK | |
command: echo hello | |
when: isFirstRun != 'false' | |
- name: $isFirstRun == 'true' # WRONG - $isFirstRun is interpreted as true and true is not equal to 'true' so only works for negative match | |
command: echo hello | |
when: $isFirstRun == 'true' | |
########### All wrong ##################################### | |
- name: ($is_live == True) and (isFirstRun == 'true') # WRONG - Only first live node on true (none of false (correct)) | |
command: echo hello | |
when: ($is_live == True) and (isFirstRun == 'true') | |
- name: $is_live and (isFirstRun == 'true') # WRONG - Correct when true, but only first live when false | |
# ['$inventory_hostname' == 'tsrvuweblive71' or '$inventory_hostname' == 'tsrvuweblive72' and (isFirstRun == 'true')] | |
command: echo hello | |
when: $is_live and (isFirstRun == 'true') | |
- name: is_live and (isFirstRun == 'true') # WRONG - All nodes run on true (none of false (correct)) | |
command: echo hello | |
when: is_live and (isFirstRun == 'true') | |
- name: ($is_live == 'True') and (isFirstRun == 'true') # WRONG - Only first live node on true (none on false (correct)) | |
command: echo hello | |
when: ($is_live == 'True') and (isFirstRun == 'true') | |
- name: (is_live == 'True') and (isFirstRun == 'true') # WRONG - No nodes run on niether true nor false - is_live not dereferenced | |
command: echo hello | |
when: (is_live == 'True') and (isFirstRun == 'true') | |
###### | |
- name: is_mgmt and (isFirstRun == 'true') | |
# WRONG - All run on true | |
command: echo hello | |
when: is_mgmt and (isFirstRun == 'true') | |
- name: is_mgmt and (isFirstRun != 'false') | |
# WRONG - All run on true | |
command: echo hello | |
when: is_mgmt and (isFirstRun != 'false') | |
- name: is_mgmt and (not isFirstRun == 'false') | |
# WRONG - All run on true | |
command: echo hello | |
when: is_mgmt and (not isFirstRun == 'false') | |
- name: mgmt and isFirstRun equal true with () | |
# WRONG - Does not run when isFirstRun is 'false' (which is correct), but runs all nodes when 'true' | |
command: echo hello | |
when: ((is_mgmt) and (isFirstRun == 'true')) | |
- name: mgmt and isFirstRun not_equal true with $ | |
# WRONG - Always runs mgmt irrespective of value of isFirstRun | |
command: echo hello | |
when: $is_mgmt and $isFirstRun != 'true' | |
- name: mgmt and not isFirstRun equal true with $ | |
# # WRONG - Always runs mgmt irrespective of value of isFirstRun | |
command: echo hello | |
when: $is_mgmt and not $isFirstRun == 'true' | |
- name: mgmt and isFirstRun equal true with $ | |
# WRONG - Never runs any node | |
command: echo hello | |
when: $is_mgmt and $isFirstRun == 'true' | |
- name: mgmt and not isFirstRun equal true with only_if and $ | |
# WRONG - All nodes run | |
command: echo hello | |
only_if: "'$is_mgmt' and not '$isFirstRun' == 'true'" | |
- name: mgmt and isFirstRun not_equal true with only_if and $ | |
# WRONG - All nodes run | |
command: echo hello | |
only_if: "'$is_mgmt' and '$isFirstRun' != 'true'" | |
- name: mgmt and isFirstRun not_equal true with () | |
# WRONG - All nodes run when isFirstRun is false and no nodes run when isFirstRun is true | |
command: echo hello | |
when: ((is_mgmt) and (isFirstRun != 'true')) | |
- name: mgmt and isFirstRun not_equal true | |
# WRONG - All nodes run when isFirstRun is false and no nodes run when isFirstRun is true | |
command: echo hello | |
when: is_mgmt and isFirstRun != 'true' | |
- name: mgmt and not isFirstRun equal true | |
# WRONG - All nodes run when isFirstRun is false and no nodes run when isFirstRun is true | |
command: echo hello | |
when: is_mgmt and not isFirstRun == 'true' | |
- name: mgmt and not isFirstRun equal true with () | |
# WRONG - All nodes run when isFirstRun is false and no nodes run when isFirstRun is true | |
command: echo hello | |
when: ((is_mgmt) and (not isFirstRun == 'true')) | |
- name: mgmt and not isFirstRun equal true with only_if, $ and () | |
# ERROR Conditional expression must evaluate to True or False: ($is_mgmt) and (not '$isFirstRun' == 'true') | |
command: echo hello | |
only_if: "($is_mgmt) and (not '$isFirstRun' == 'true')" |
--- | |
# The "" makes this evaluate to a string. Which is good in some cases and bad in other... | |
is_mgmt: "'$inventory_hostname' == 'webmgmt'" | |
is_live: "'$inventory_hostname' == 'weblive1' or '$inventory_hostname' == 'weblive2'" |
+1
At least the Ansible people should improve the docs.
Thanks for this. The syntax is very inconsistent and horribly confusing.
Thanks! This is a great reference.
This is a 1.3 example of a very out of date syntax from early in the evolution of Ansible, please refer to docs.ansible.com for all of the latest -- which does NOT use the $foo stuff anywhere.
Conditionals are still a pain in Ansible 1.7.2. Sometimes, one uses when, other times, one has to use group_by. This is complicated by the fact there seems to be no way to see why something was skipped. For those of us who can't seem to find the documentation that tells you, "If you apply a 'when' to an include, then the conditional applies to the contents of the include... but not really, because even if they meet the condition required by the 'when' condition, they'll still be skipped," this is quite painful, and clear as mud.
Update: After a lot of searching, and clearly weak search-fu, I finally found a decent solution in the best practices documentation. include_var: {{ something }}.yml was the ticket for me.
Would someone update this? We have found the "compound conditional YAML" to be a real PITA for Ansible -- better examples (using group vars) would be cool. Ansible docs need more examples on this.
Even in Ansible 2.1.1 the compound conditions in when statement behave quite strange.
@Constantin07 It seems that I am hitting the same problem. Maybe someone from this thread could find a solution for http://stackoverflow.com/questions/39779168/how-to-use-string-concatenations-in-ansible-conditional-checks
Here we are at Ansible 2.3, and the conditionals are still incredibly hard to get right, and the documentation still seems to be completely unhelpful. If anyone would like to say the documentation is helpful, please post a link to the specific piece of documentation that explains the syntax of conditional expressions. All I can find is some vague high level comments and one or two examples. I have had to drill into the Jinja2 documentation to make any headway at all. Otherwise it is pure trial and error - like the author of this Gist clearly had to do.
To elaborate, the Ansible documentation on conditionals, here:
http://docs.ansible.com/ansible/playbooks_conditionals.html
Does not actually in any way describe or define a conditional expression. It's a list of Ansible functions which take conditional expressions as arguments. The difficulty is not (so much) in using failed_when etc. The difficulty is in predicting how a given conditional expression will evaluate, so you can reverse-engineer a conditional expression that will give as-expected behaviour. The two things that are completely missing from the Ansible documentation (referenced above), are:
- what are the syntax and semantics of permitted conditional expressions
- what are the data types permitted as operands for conditional expressions, and how does the data type affect the evaluation
Point 1 is absent from the Ansible documentation, but can be mined out of the Jinja2 documentation (and then fingers crossed that nothing significant changes between Jinja2 and Ansible's implementation).
Point 2 is just absent, and turns out being the main reason for conditional expressions not behaving as expected - as can be seen from the long list of 'unexpectedly right' and 'unexpectedly wrong' examples helpfully given above.
Furthermore, actually Ansible's conditional expression syntax is not == Jinja2's conditional expression syntax. Ansible conditional expression syntax is templated and converted/expanded into much more verbose Jinja2 conditional expressions, behind the scenes.
In conclusion, Ansible's conditional expression syntax is both precarious and undocumented. Thanks again to the author of this post for trying to remedy that.
@spikerobinson +1
I'd also like to add that the examples in the modules section are simplistic. I'm trying to abort a playbook if some of the parameters don't match up. I'm finding that the conditionals in the 'assert' and 'fail' modules evaluate differently.
If the value is empty, then how we can check conditions
@spikerobinson +1 I'd also like to add that the examples in the modules section are simplistic. I'm trying to abort a playbook if some of the parameters don't match up. I'm finding that the conditionals in the 'assert' and 'fail' modules evaluate differently.
we're 3/4 of the way through 2023 and this still seems to be an issue.
The exact same when:
condition that I can use to trigger a debug:
output, doesn't work on a fail:
task. 🤯This is egregiously bad.
What I have found after lots and lots of testing and before I found this page which works for me is setting a 'Boolean' fact for my when:
clause like the following, so I can plug all the holes in the leaky conditional logic that I wasn't able to get working for me.
- name: Set Change State Valid fact
ansible.builtin.set_fact:
change_state_valid_fact: "{{ 'false' if (change_state_fact != '-1' and change_state_fact != '-2') else 'false' if change_end_date_gmt_fact < current_date_gmt_fact else 'true' if change_end_date_gmt_fact > current_date_gmt_fact else 'true' if change_state_fact == '-1' else 'true' if change_state_fact == '-2' }}"
Then i just used a simple when:
in my fail:
task.
- name: Checking if change window has lapsed or if the change is not in an executable state
fail:
msg: "FAILED: This change cannot be executed against in its current state."
when: not change_state_valid_fact
This way I was able to be explicit about all the outcomes and control the result.
Well, it seems to be working so far at least! Please feel free to poke holes in it and point out any oversights on my part. (I'm fried). 😅
EDIT: just found some errors with my logic in my fact. Something just evaluated to false when it shouldn't have. Back to the drawing board! 😫
EDIT2: So I've reworked my code and discovered epoch time which has vastly improved the reliability of time comparisons and this seems to work. I still have to set this as a fact separately from the fail task because I can't use jinja2 in a when and unwrapping it gets different results so i'm sticking with a separate fact. Here's my updated code.
- name: Set Change State Valid fact
ansible.builtin.set_fact:
change_state_valid_fact: "{{ (change_state_fact in ['-1', '-2']) and (change_end_date_epoch_fact > current_date_epoch_fact) }}"
Hope it helps someone else. (Maybe?) If nothing else, as a cautionary tale of what not to do. 🤪
The syntax is (imho) shitty and has too many patches (in the literal sense, not in sense of code patches), or to stay in our terms, too much duct tape.
Thanks a lot for this comprehensive overview.