playbooks | Phantom Community Playbooks | Security library

I'm trying to use my Ansible playbook to call upon a site YAML reference to create a filename that increment for multiple switches. What am I doing wrong? I believe the playbook is pulling from the host YAML?

Format: --.txt

e.g.: with two switches:

• swi-lon-101.txt
• swi-lon-202.txt

host_vars/host.yaml

Here's the scenario:

• a playbook that calls a role to create users in multiple servers, including a VM Scale Set (where ansible_hostnames can't be predicted) - inventory is already being dynamically generated and works fine and not the issue
• a users dict variable will provide the user list as well as a series of attributes for each
• one of these attributes is a server list named target_servers - this variable's attribute is the actual issue
• target_servers is used by the playbook to decide if the user will be present/absent on that particular server - it complements ansible's inventory
• target_servers might include only the starting name of a particular target host, a sub-string, like "vmss" as a "vmss*" wildcard, but also fixed hostnames server12345, server12346, etc.
• so, dynamic inventory tells ansible which servers to connect to, but the variable tells it whether the user should be created or removed from that particular servers (i.e. servers have different users)

Objective(s):

Have a conditional that checks if a target_server list element content matches the ansible_hostname (i.e. if the substring found in the target_servers list (from the users dict) matches, then we provision the user; additionally, off course, if the list provides the entire hostname, it should match and the users also be provisioned)

Here's the code:

Based on ansible documentation for roles I can make multiple role entry points by creating files:

Below is my JSON file:

Below is my JSON file

I am having a hard time getting to know how to create Ansible roles that are following the best practices according to documentation. The following use-case which I am looking at is e.g. enabling Filebeat on host. Filebeat can be configured by placing a module definition in /etc/filebeat/modules.d folder.

It works fine when I am adding modules. Idempotence is working, everytime, on each run of the role (playbook), a given set of modules is enabled.

But what I should do when I decide that a given module is not longer needed? I remove it from role, rerun a playbook, so that all other modules are enabled. But: the previous run enabled a module that I am not installing directly with role after changes. So my server state is still altered in a way that is different than the role is imposing itself.

My question is: should I take care of removing modules before I apply them so I always start from, let's say, fresh state?

E.g.:

I am moving a lot of old scripts used to configure a computer room into ansible, and it really has improved the workflow. Currently, there I have several playbooks, and I need to share a common config among them. But in one task I have faced a problem: I need a hostname/ip to be a variable in the inventory. I have read a lot of tutorials and docs and maybe I am dumb or very tired, but I have not found yet a solution after many hours, it seems that it is not possible. Dynamics inventories, group_vars and so on look similar but actually are different from what I require here. I have created a mwe to easy showing the case. This mwe is a subset but the main idea remains: vars inside vars/main.yml are going to be shared among various playbooks (easy) and inventories (the question here). Thanks in advance.

• ansible.cfg:

Let say, I have this directory structure:

According to the Ansible documentation, the setup module is

This module is automatically called by playbooks to gather useful variables about remote hosts that can be used in playbooks. It can also be executed directly by /usr/bin/ansible to check what variables are available to a host. Ansible provides many facts about the system, automatically.

And there are some parameters which include gather_subset.

If supplied, restrict the additional facts collected to the given subset. Possible values: all, min, hardware, network, virtual, ohai, and facter. Can specify a list of values to specify a larger subset. Values can also be used with an initial ! to specify that that specific subset should not be collected. For instance: !hardware,!network,!virtual,!ohai,!facter. If !all is specified then only the min subset is collected. To avoid collecting even the min subset, specify !all,!min. To collect only specific facts, use !all,!min, and specify the particular fact subsets. Use the filter parameter if you do not want to display some collected facts.

I want to know the exact list of fact that min subset would collect.

Thanks