Ansible. Fast way to check syntax?
AnsibleAnsible PlaybookAnsible Problem Overview
Is there a way to check playbook syntax and variables?
I'm trying to dry-run(--check) but for some reasons it works really slow. It looks like it tries to perform an action instead of just check the syntax
I want to omit en errors like this:
..."msg": "AnsibleUndefinedVariable: ERROR! 'application_name' is undefined"}
Ansible Solutions
Solution 1 - Ansible
This is expected behaviour according to the documentation:
> When ansible-playbook is executed with --check it will not make any > changes on remote systems. Instead, any module instrumented to support > ‘check mode’ (which contains most of the primary core modules, but it > is not required that all modules do this) will report what changes > they would have made rather than making them. Other modules that do > not support check mode will also take no action, but just will not > report what changes they might have made.
http://docs.ansible.com/ansible/playbooks_checkmode.html
If you would like to check the YAML syntax you can use syntax-check.
ansible-playbook rds_prod.yml --syntax-check
playbook: rds_prod.yml
Solution 2 - Ansible
I was looking for the same, but was not satisfied by the --syntax-check
option, since it does not work its way down to the roles. A more complete check can be performed with ansible-lint which also includes style-checks. But if you turn off all style-checks, then you have a pretty complete syntax-check.
So do something like
ansible-lint -x $(echo $(ansible-lint -L | awk -F':' '{print $1}' | grep '^[^ ]') | tr ' ' ',') my_playbook.yml
Solution 3 - Ansible
Add a task to fail the playbook when variables aren't defined. This should be the first task run.
Another option is to ensure that all variables have a default value in the /defaults/ directory so that it never fails, but the variables can still be overwritten at other levels.
Solution 4 - Ansible
My preferd way is
pip install yamllint
yamllint -d "{extends: default, rules: {quoted-strings: enable}}" .
Since I really want to catch quote errors, e.g.
validate: bash -c ' ' \""
This is valid yaml, since yaml will just quote the string and turn it into:
validate: "bash -c ' ' \\\"\""
Whilst there was just clearly a quote missing at the beginning of the validate comand.
So a normal yaml checker will not detect this, yamllint wil not even detect this in it's default configuration, so turn on quoted-strings checker.