1 00:00:07,310 --> 00:00:09,440 - In this video, you will learn how to use filters 2 00:00:09,440 --> 00:00:12,683 to change the way that variables are interpreted. 3 00:00:14,110 --> 00:00:17,040 So, filters allow variables to be processed 4 00:00:17,040 --> 00:00:19,017 before using them in Ansible. 5 00:00:19,017 --> 00:00:20,500 So, you have the variable, 6 00:00:20,500 --> 00:00:22,900 the variable is treated with the filter 7 00:00:22,900 --> 00:00:25,240 and after applying the filter to the variable 8 00:00:25,240 --> 00:00:27,490 that is what you are going to work with. 9 00:00:27,490 --> 00:00:31,140 And I'm explaining it that way to make sure you understand 10 00:00:31,140 --> 00:00:34,030 that filters do not change the value of a variable. 11 00:00:34,030 --> 00:00:37,510 They only change how the variable is being used. 12 00:00:37,510 --> 00:00:39,650 In order to use a filter, 13 00:00:39,650 --> 00:00:42,500 you put the variable between curly braces, it's normal. 14 00:00:42,500 --> 00:00:44,610 You use a pipe and behind the pipe 15 00:00:44,610 --> 00:00:48,253 you identify which filter is going to be used. 16 00:00:49,210 --> 00:00:52,570 I have two examples and I think we should just check out 17 00:00:52,570 --> 00:00:54,220 these examples before continuing. 18 00:00:55,830 --> 00:00:58,450 So, the examples are in the filters 19 00:00:58,450 --> 00:01:00,410 subdirectory in the Git repository. 20 00:01:00,410 --> 00:01:04,403 And to start with I will show you int-filter.yaml. 21 00:01:05,800 --> 00:01:07,650 So, what do we see? 22 00:01:07,650 --> 00:01:09,690 We see a simple playbook 23 00:01:09,690 --> 00:01:11,130 which is running a variable prompt 24 00:01:11,130 --> 00:01:16,130 and a variable prompt is prompting for a variable. 25 00:01:16,330 --> 00:01:19,890 Let me use private now so that we can actually see 26 00:01:21,217 --> 00:01:23,343 the text that the user is entering. 27 00:01:24,480 --> 00:01:28,500 Then within that playbook the assert module is used 28 00:01:28,500 --> 00:01:32,710 and the assertion is taking two assertions, 29 00:01:32,710 --> 00:01:34,610 so both of them must be true. 30 00:01:34,610 --> 00:01:38,700 And in the assertion, we have file size pipe int. 31 00:01:38,700 --> 00:01:41,720 So, file size pipe int means 32 00:01:41,720 --> 00:01:44,810 that file size is going to be interpreted as an integer. 33 00:01:44,810 --> 00:01:47,100 And here also file size pipe int 34 00:01:47,100 --> 00:01:50,890 means that file size must be interpreted as an integer. 35 00:01:50,890 --> 00:01:54,950 And you know what, let me clean this up a little bit 36 00:01:54,950 --> 00:01:59,950 and let me remove the parts about the filter 37 00:02:00,003 --> 00:02:04,180 so that you can see that there is a reason 38 00:02:04,180 --> 00:02:07,500 why this filter is actually being used. 39 00:02:07,500 --> 00:02:11,723 So, I'm going to run ansible-playbook int filter, 40 00:02:13,260 --> 00:02:17,385 and I'm providing a valid value like 50, 41 00:02:17,385 --> 00:02:19,210 and, oh, there we go. 42 00:02:19,210 --> 00:02:22,463 And I am getting unexpected templating type error, 43 00:02:23,330 --> 00:02:24,440 smaller than equals, 44 00:02:24,440 --> 00:02:27,403 not supported between instances of string and integer. 45 00:02:28,370 --> 00:02:30,440 That is why we need to filter. 46 00:02:30,440 --> 00:02:34,610 The default interpretation of this variable is wrong. 47 00:02:34,610 --> 00:02:38,993 So, I need file size pipe integer 48 00:02:40,940 --> 00:02:44,400 and just to make sure that it is behaving the right way 49 00:02:44,400 --> 00:02:49,100 in the when statement, I'm putting the variable 50 00:02:49,100 --> 00:02:53,320 including the filter all between the braces. 51 00:02:53,320 --> 00:02:56,950 So there we go and if you run it again this time, 52 00:02:56,950 --> 00:03:01,950 I am typing 50, then we can see that the file size is good 53 00:03:03,060 --> 00:03:05,233 and that is working out alright. 54 00:03:06,220 --> 00:03:09,660 We don't really care too much about the error message, 55 00:03:09,660 --> 00:03:10,610 that is out of scope. 56 00:03:10,610 --> 00:03:12,700 That is not what this playbook is about, 57 00:03:12,700 --> 00:03:16,270 trying to create a file in the roots directly 58 00:03:16,270 --> 00:03:19,670 without privilege escalation, that's not working, who cares? 59 00:03:19,670 --> 00:03:22,240 It's the filter that we care about. 60 00:03:22,240 --> 00:03:26,120 I have another example which is storage filter. 61 00:03:26,120 --> 00:03:27,650 And in storage filter 62 00:03:27,650 --> 00:03:31,280 we can see it's a little bit more complex. 63 00:03:31,280 --> 00:03:34,533 The core of what it is about is right here. 64 00:03:35,420 --> 00:03:37,720 So, here in the highlighted line 65 00:03:37,720 --> 00:03:39,940 you can see that set fact is used. 66 00:03:39,940 --> 00:03:42,751 And set fact is used to define 67 00:03:42,751 --> 00:03:45,353 a new fact with the name vgsize. 68 00:03:46,390 --> 00:03:48,690 And in order to define this fact 69 00:03:48,690 --> 00:03:50,960 it is looking at the ansible fact. 70 00:03:50,960 --> 00:03:52,550 This is the ansible fact. 71 00:03:52,550 --> 00:03:54,510 The ansible fact is printing the size 72 00:03:54,510 --> 00:03:56,980 of a volume group in gigabytes, 73 00:03:56,980 --> 00:03:59,470 but unfortunately by default 74 00:03:59,470 --> 00:04:02,750 that size is printed as a string as well. 75 00:04:02,750 --> 00:04:04,360 This is a string value. 76 00:04:04,360 --> 00:04:09,360 And in order to do greater than or smaller than operations 77 00:04:09,970 --> 00:04:12,600 we need it to be an integer value. 78 00:04:12,600 --> 00:04:15,070 Notice that really it's not really necessary 79 00:04:15,070 --> 00:04:19,220 to do the pipe int here, but I like having it here 80 00:04:19,220 --> 00:04:21,830 because it makes it clear what is happening. 81 00:04:21,830 --> 00:04:25,470 It is required though, to use it in a when statement 82 00:04:25,470 --> 00:04:27,700 because there you really need vgsize 83 00:04:27,700 --> 00:04:30,150 to be interpreted the right way 84 00:04:30,150 --> 00:04:32,920 to do whatever needs to be done. 85 00:04:32,920 --> 00:04:34,160 I'm not going to run this one 86 00:04:34,160 --> 00:04:37,280 because this playbook requires a lot of dependencies. 87 00:04:37,280 --> 00:04:40,250 I just wanted to show you two use cases 88 00:04:40,250 --> 00:04:42,770 of filters in action. 89 00:04:42,770 --> 00:04:45,100 Let's go check out some more information 90 00:04:45,100 --> 00:04:46,523 about filters in the slide. 91 00:04:47,610 --> 00:04:51,090 So, here I would like to explore some common filters. 92 00:04:51,090 --> 00:04:54,520 We have mandatory, mandatory as the play fail 93 00:04:54,520 --> 00:04:56,760 if the variable does not have a value. 94 00:04:56,760 --> 00:04:58,730 So, my_var pipe mandatory, 95 00:04:58,730 --> 00:05:00,800 if you have not defined my var, 96 00:05:00,800 --> 00:05:02,633 playbook execution will fail. 97 00:05:03,930 --> 00:05:05,470 Default will set a variable 98 00:05:05,470 --> 00:05:08,050 without value to a default value. 99 00:05:08,050 --> 00:05:10,960 That's a little bit more elegant than mandatory. 100 00:05:10,960 --> 00:05:14,370 You can add the optional True to also set the variable 101 00:05:14,370 --> 00:05:18,420 if it has an empty string or a boolean False as its value. 102 00:05:18,420 --> 00:05:23,420 So, we have my_var pipe default, myValue, True. 103 00:05:23,630 --> 00:05:25,100 So, that is how you can make sure 104 00:05:25,100 --> 00:05:27,630 that default values are signed. 105 00:05:27,630 --> 00:05:30,730 Capitalize is what you can use to capitalize a string. 106 00:05:30,730 --> 00:05:34,430 For whatever reason you need, uppercase use capitalize. 107 00:05:34,430 --> 00:05:36,090 Int is what we have seen, 108 00:05:36,090 --> 00:05:38,630 int will convert a variable to an integer. 109 00:05:38,630 --> 00:05:41,590 Float converts a variable to a float. 110 00:05:41,590 --> 00:05:43,600 And now we have the plus and the minus and the slash 111 00:05:45,261 --> 00:05:50,261 and the multiplier which performs basic calculations. 112 00:05:51,420 --> 00:05:53,320 That's an interesting one. 113 00:05:53,320 --> 00:05:57,080 Here you see any example, vgsize pipe int minus one. 114 00:05:57,080 --> 00:05:59,350 So, it takes the current value, 115 00:05:59,350 --> 00:06:02,150 the current (mumbles) value of vgsize 116 00:06:02,150 --> 00:06:05,350 and it's subtracted by one. 117 00:06:05,350 --> 00:06:07,650 Then there's union, union creates a single list 118 00:06:07,650 --> 00:06:10,600 that is based on multiple input lists. 119 00:06:10,600 --> 00:06:14,120 There is random which extracts a random element from a list. 120 00:06:14,120 --> 00:06:18,460 So, we have a, b, c, d, or a, b, c pipe random. 121 00:06:18,460 --> 00:06:21,750 You will just get either an a or a b or a c. 122 00:06:21,750 --> 00:06:26,750 Sort will sort a list in the appropriate order, 123 00:06:27,490 --> 00:06:30,800 so that would be 2, 4, 6, 8 in this case. 124 00:06:30,800 --> 00:06:32,200 And there's password_hash, 125 00:06:32,200 --> 00:06:35,640 password_hash is a little bit more of a complex filter. 126 00:06:35,640 --> 00:06:39,600 It'll generate a hashed password based on an input string. 127 00:06:39,600 --> 00:06:41,620 And that is actually pretty important 128 00:06:41,620 --> 00:06:43,160 if you want to create users 129 00:06:43,160 --> 00:06:44,830 and you want to provide these users 130 00:06:44,830 --> 00:06:46,363 with encrypted passwords. 131 00:06:47,850 --> 00:06:49,100 There is also quote. 132 00:06:49,100 --> 00:06:51,790 Quote is used to put the command output between quotes 133 00:06:51,790 --> 00:06:54,430 so that it can be sanitized. 134 00:06:54,430 --> 00:06:57,180 Let's go check out two more examples. 135 00:06:57,180 --> 00:07:00,240 The examples are in a search filter and in password_hash. 136 00:07:00,240 --> 00:07:01,073 Let me show you. 137 00:07:02,720 --> 00:07:04,590 So, here we have a search filter. 138 00:07:04,590 --> 00:07:06,290 So, what is a search filter doing? 139 00:07:07,150 --> 00:07:10,100 This is doing an assertion, 140 00:07:10,100 --> 00:07:14,140 the string that we've got is 2, 3, 1, 2, 4, 2. 141 00:07:14,140 --> 00:07:15,460 First, we are doing a sort. 142 00:07:15,460 --> 00:07:18,340 Then we are doing a unique, and then we make it a list 143 00:07:18,340 --> 00:07:22,643 and we check that it is equal to the string 1, 2, 3, 4. 144 00:07:22,643 --> 00:07:26,630 It's a little bit of a complex use of filters 145 00:07:26,630 --> 00:07:28,570 as multiple filters are applied 146 00:07:28,570 --> 00:07:31,130 and that's actually what I like about it. 147 00:07:31,130 --> 00:07:33,990 So, ansible-playbook on assertfilter.yaml 148 00:07:35,222 --> 00:07:39,150 and there we go, and yay, all assertions have passed. 149 00:07:39,150 --> 00:07:42,374 And that means that the cleanup in this assert filter 150 00:07:42,374 --> 00:07:44,840 was happening the right way. 151 00:07:44,840 --> 00:07:47,610 Another pretty common filter is password_hash. 152 00:07:47,610 --> 00:07:48,883 So, here we got it. 153 00:07:49,770 --> 00:07:51,320 What this is doing? 154 00:07:51,320 --> 00:07:55,690 This is creating a user with an encrypted password 155 00:07:56,740 --> 00:07:59,603 So, vars prompt is prompting for the password. 156 00:08:00,730 --> 00:08:02,600 And this time vars prompt, 157 00:08:02,600 --> 00:08:05,450 it's nice to have private set enabled 158 00:08:05,450 --> 00:08:10,000 so that nobody can see the password that's actually entered. 159 00:08:10,000 --> 00:08:11,540 We create user Sharon 160 00:08:11,540 --> 00:08:16,120 and then debug is using message on passw 161 00:08:17,302 --> 00:08:22,240 and passw is processed by the filter password_hash. 162 00:08:22,240 --> 00:08:25,020 And this password_hash in this case has two arguments, 163 00:08:25,020 --> 00:08:28,370 sha512, which is the password_hashing algorithm 164 00:08:28,370 --> 00:08:33,250 and myrandomsalt which actually is not so very randomsalt. 165 00:08:33,250 --> 00:08:35,630 You can omit the myrandomsalt, 166 00:08:35,630 --> 00:08:38,019 but I thought it's cool to show you myrandomsalt 167 00:08:38,019 --> 00:08:40,333 so that we can actually see it in the result. 168 00:08:41,240 --> 00:08:44,070 So, here I'm using register mypass. 169 00:08:44,070 --> 00:08:48,030 So, we register the resulting variable 170 00:08:48,030 --> 00:08:50,860 in temporary variable mypass. 171 00:08:50,860 --> 00:08:54,270 Then I'm using debug to show you what mypass is all about 172 00:08:54,270 --> 00:08:55,690 and we use create the user 173 00:08:55,690 --> 00:08:59,720 which is creating the user with mypast.msg. 174 00:08:59,720 --> 00:09:01,820 Apparently mypast.msg 175 00:09:01,820 --> 00:09:04,080 and that's what we will see when we run the debug. 176 00:09:04,080 --> 00:09:07,520 Mypass.msg contains the crypto-string. 177 00:09:07,520 --> 00:09:10,220 And the crypto-string is exactly what you need 178 00:09:10,220 --> 00:09:15,220 if you want to create users with secured passwords. 179 00:09:15,510 --> 00:09:19,437 So, let's run it, ansible-playbook on password_hash.yaml. 180 00:09:20,650 --> 00:09:23,100 And there we go, it's prompting for the password. 181 00:09:24,280 --> 00:09:28,930 And then I have a missing pseudo password. 182 00:09:28,930 --> 00:09:30,563 So, missing pseudo password, 183 00:09:31,830 --> 00:09:36,463 that means that I need to put in a minus K. 184 00:09:37,830 --> 00:09:39,250 So, we prompt for it. 185 00:09:39,250 --> 00:09:41,350 So, there we go, which password? 186 00:09:41,350 --> 00:09:42,860 Well, here is the password 187 00:09:43,780 --> 00:09:46,550 and now it is working out alright. 188 00:09:46,550 --> 00:09:48,340 So, what do we see? 189 00:09:48,340 --> 00:09:50,150 This is a crypto-string. 190 00:09:50,150 --> 00:09:54,670 The $6$ is for the encryption algorithm. 191 00:09:54,670 --> 00:09:57,065 Myrandomsalt is the randomsalt 192 00:09:57,065 --> 00:09:59,450 and the remainder of this string 193 00:09:59,450 --> 00:10:02,780 is the hash of the encrypted passwords 194 00:10:02,780 --> 00:10:06,400 and it creates the user with this encrypted passwords. 195 00:10:06,400 --> 00:10:08,100 So, this is how you can use 196 00:10:08,100 --> 00:10:11,950 a couple of pretty common filters 197 00:10:11,950 --> 00:10:14,430 to treat how your variables are dealt with.