Skip to main content

Raymii.org Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Ansible - Only do something if another action changed

Published: 22-12-2013 | Last update: 15-12-2018 | Author: Remy van Elst | Text only version of this article


Table of Contents


This Ansible tutorial shows you how execute actions only if another action haschanged. For example, a playbook which downloads a remote key for packagesigning but only executes the apt-add command if the key has changed. Or aplaybook which clones a git repository and only restarts a service if the gitrepository has changed.

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

Using the register option we can, suprisingly, registers the result of aplaybook action. In another action we can access this variable and use when toonly execute an action if the previous action changed the machines state. Thebelow example downloads the NGINX debian package signing key, but only adds itif the key changed or did not exist yet:

- name: Create folder for apt keys  file:     path: /var/keys     state: directory     owner: root- name: Download nginx apt key  get_url:     url: http://nginx.org/keys/nginx_signing.key     dest: /var/keys/nginx_signing.key  register: aptkey- name: Add nginx apt key  command: "apt-key add /var/keys/nginx_signing.key"  when: aptkey.changed- name: Update apt cache  apt:     update_cache: yes  when: aptkey.changed

This is an older article, there is an ansible module to add apt-keys now.

It is part of one of my playbooks which installs and configures NGINX. I want touse the latest stable version provided by the NGINX project. They sign theirdebian packages, so I need their key otherwise I cannot install their packagesfrom their repo. They provide their key online, the get_url module downloadsthis key. If the key is not on the system or if the key has changed, the actionreports itself as changed. If the key already exists on the system and is thesame as the downloaded file, it does not report itself changed. We only want toexecute apt-key add if the key is new or changed. By using the register:aptkey option and the when: aptkey.changed options, we make sure apt onlyadds the key and updates the cache if the key was not there before. This helpswith idempotency and saves system resources.

Another example I use consists out of cloning a git repository, and based on ifthe code in that repo has changed, restarting a service. I cannot go in muchdetail because this setup runs at a client, therefore the values are stubs.However, I can tell that this example runs via ansible-pull mode and makessure one of their products is always the latest version. See it as a form ofcontinuous deployment.

- name: Clone git repository  git:     repo: https://gitlab.example.org/example-user/example-repo.git     dest: /opt/example     version: production     force: yes  register: examplesoftware- name: restart service if new version is deployed  service:     name: example     state: restarted     enabled: yes  when: examplesoftware.changed

The last example comes from my vnstat playbook. vnstat is a console basednetwork traffic analyzer and logger, it gives me nice overviews of the trafficused. The below playbook installs vnstat but only executes the vnstat initializecommand when the configuration file changes. This file never changes except atinstallation, so therefore I can be fairly sure the vnstat database is onlyinitialized once.

- name: install vnstat  apt:     name: vnstat     state: latest     update_cache: yes- name: Place vnstat config template  template:     src: vnstat.conf     dest: /etc/vnstat.conf     mode: 0644     owner: root     group: root  notify: restart vnstat  register: result- name: initialize vnstat database  command: sudo vnstat -u -i {{ interface }}  when: result.changed  notify: restart vnstat

You can also go very advanced with error handling and defining when somethingchanges or fails. The ansible documentation covers that fairly well.

Tags: ansible, apt, configuration-management, deployment, devops, nginx, packages, python, ssl, tutorials, vnstat, yum