Starting: 1st of Every Month 
+91 8409492687 
Contact@DevOpsSchool.com
Lets understand about Lookup Plugins
- Lookup plugins allow Ansible to access data from outside sources. This can include reading the filesystem in addition to contacting external datastores and services.
- Like all templating, these plugins are evaluated on the Ansible control machine, not on the target/remote i.e Lookups occur on the local computer, not on the remote computer.
- The data returned by a lookup plugin is made available using the standard templating system in Ansible, and are typically used to load variables or templates with information from those systems.
- Lookups are an Ansible-specific extension to the Jinja2 templating language.
- They are executed within the directory containing the role or play, as opposed to local tasks which are executed with the directory of the executed script.
- You can pass wantlist=True to lookups to use in jinja2 template βforβ loops.
These are used mainly by the template engine inside Ansible. Theyβre used in two ways.
First, in a function syntax to load external information:
{{lookup(pipeβ,/usr/bin/whoamiβ)}}
{{lookup(etcdβ,somekeyβ)}} β this allows you to fetch a key out of an NCD store.
Second, lookup plugins are also the source of with loops (with_items loads the items.py lookup plugin). Furthermore, they are always expected to return a list of items, because of their potential use with loops.
Purpose of Ansible Lookups
When it comes to automation, we handle different types of data and files such as csv, txt and sometimes we might even need to read data from a key-value store such as etcd or redis. That where the ansible lookup plugins are useful.
Location of lookup plugins directory
- Default location: ~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup
- Another Location: ansible/plugins/lookup directory inside current ansible python package
- Or with ANSIBLE_LOOKUP_PLUGINS environment variable
Enabling Custom Lookup Plugins
You can activate a custom lookup by either dropping it intoβ¦
- A lookup_plugins directory adjacent to your play
- inside a role, or
- By putting it in one of the lookup directory sources configured in ansible.cfg.
How to Using Lookup Plugins?
Lookup plugins can be used anywhere you can use templating in Ansible:
- in a play,
- in variables file, or
- in a Jinja2 template for the template module.
Command line to see Plugin List?
To see the list of available plugins.
$ ansible-doc -t lookup -l
To see specific documents and examples
$ ansible-doc -t lookup <plugin name>List of Lookup Plugins List
- aws_account_attribute β Look up AWS account attributes.
- aws_service_ip_ranges β Look up the IP ranges for services provided in AWS such as EC2 and S3.
- aws_ssm β Get the value for a SSM parameter or all parameters under a path.
- cartesian β returns the cartesian product of lists
- chef_databag β fetches data from a Chef Databag
- config β Lookup current Ansible configuration values
- conjur_variable β Fetch credentials from CyberArk Conjur.
- consul_kv β Fetch metadata from a Consul key value store.
- credstash β retrieve secrets from Credstash on AWS
- csvfile β read data from a TSV or CSV file
- cyberarkpassword β get secrets from CyberArk AIM
- dict β returns key/value pair items from dictionaries
- dig β query DNS using the dnspython library
- dnstxt β query a domain(s)βs DNS txt fields
- env β read the value of environment variables
- etcd β get info from etcd server
- file β read file contents
- fileglob β list files matching a pattern
- filetree β recursively match all files in a directory tree
- first_found β return first file found from list
- flattened β return single list completely flattened
- hashi_vault β retrieve secrets from HashiCorpβs vault
- hiera β get info from hiera data
- indexed_items β rewrites lists to return βindexed itemsβ
- ini β read data from a ini file
- inventory_hostnames β list of inventory hosts matching a host pattern
- items β list of items
- k8s β Query the K8s API
- keyring β grab secrets from the OS keyring
- lastpass β fetch data from lastpass
- lines β read lines from command
- list β simply returns what it is given.
- mongodb β lookup info from MongoDB
- nested β composes a list with nested elements of other lists
- nios β Query Infoblox NIOS objects
- nios_next_ip β Return the next available IP address for a network
- openshift β Query the OpenShift API
- password β retrieve or generate a random password, stored in a file
- passwordstore β manage passwords with passwordstore.orgβs pass utility
- pipe β read output from a command
- random_choice β return random element from list
- redis β fetch data from Redis
- redis_kv β fetch data from Redis
- sequence β generate a list based on a number sequence
- shelvefile β read keys from Python shelve file
- subelements β traverse nested key from a list of dictionaries
- template β retrieve contents of file after templating with Jinja2
- together β merges lists into syncronized list
- url β return contents from URL
- vars β Lookup templated value of variables
Method to invoke lookup plugins
- Method 1 β using lookup
- Method 2 β Using query
In Ansible 2.5, a new jinja2 function called query was added for invoking lookup plugins. The difference between lookup and query is largely that query will always return a list. The default behavior of lookup is to return a string of comma separated values. lookup can be explicitly configured to return a list using wantlist=True.
The following examples are equivalent:
lookup(βdictβ, dict_variable, wantlist=True)
query(βdictβ, dict_variable)
Example of Lookups Plugins
Example 1: Lookups and variables
vars:
motd_value: "{{ lookup('file', '/etc/motd') }}"
tasks:
- debug:
msg: "motd value is {{ motd_value }}"Example 2: Lookups and loops items
Lookups are an integral part of loops. Wherever you see with_, the part after the underscore is the name of a lookup. This is also the reason most lookups output lists and take lists as input; for example, with_items uses the items lookup:
- name: count to 3
debug: msg={{item}}
with_items: [1, 2, 3]Example 3: Lookups and file The following example, you could notice that the task1 and task2 are doing the exact same job of copying the public key from local and adding to the authorized_key on the remote server to enable SSH Key based authentication.
---
- name: Ansible Lookup examples
hosts: app
become: true
tasks:
# BOTH TASKS ARE EXACLY DOING THE SAME JOB
# IN TASK1: WE ARE KEEPING THE PUBLIC KEY AS A TEXT IN PLAYBOOK
- name: "Copy the public Key Using the Key directly within Playbook"
authorized_key:
user: vagrant
state: present
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmdlM0QV6HxZQ7iqXiboefzMHR/cKX+qlTezRiExW6jmwNaD1a9F3KlMaoi4eTKGtPbM9eTygcBjJOGZhEjZITuNat7teK/evvbiszrT3ORUvotnv8yjVC02CGFsK6fPs10J0rgITPdsnd+oq9WcJ/2rM5wHJPoSfhUzhgDB7mdOIeVM+mG89j+OPV377HRTyC5O9Ja9nX9J5ElHXFWu2CTLMjgYxZ16FLpIdlrL4I12mCucZ8jGaZp8frarwyilHsuUt2hQFi3XEmT3ACKiAtE0kBhclr2gtc2wNoVJVoWB sarav@Saravs-MacBook-Pro.local"
# IN TASK2: WE ARE READING THE PUBLIC KEY FROM THE FILE DIRECTLY USING LOOKUP
- name: "Copy the public Key using Lookup"
authorized_key:
user: vagrant
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
# ANSIBLE FILE LOOKUP PLUGIN HELPS TO READ THE FILE CONTENTS WITHIN THE ANSIBLE PLAYBOOKExample 4: Lookups and env
- debug: msg="{{ lookup('env','HOME') }} is an environment variable"Example 5: Lookups and ini The ini lookup reads the contents of a file in INI format key1=value1. This plugin retrieves the value on the right side after the equal sign '=' of a given section [section].
- debug: msg="User in integration is {{ lookup('ini', 'user section=integration file=users.ini') }}"
- debug: msg="User in production is {{ lookup('ini', 'user section=production file=users.ini') }}"**Example 6: Lookups and url ** Returns the content of the URL requested to be used as data in play.
- name: url lookup splits lines by default
debug: msg="{{item}}"
loop: "{{ lookup('url', 'https://github.com/gremlin.keys', wantlist=True) }}"**Example 7: Lookups and varnames ** Retrieves a list of matching Ansible variable names.
- name: List variables that start with qz_
debug: msg="{{ lookup('varnames', '^qz_.+')}}"
vars:
qz_1: hello
qz_2: world
qa_1: "I won't show"
qz_: "I won't show either"
- name: Show all variables
debug: msg="{{ lookup('varnames', '.+')}}"
- name: Show variables with 'hosts' in their names
debug: msg="{{ lookup('varnames', 'hosts')}}"
- name: Find several related variables that end specific way
debug: msg="{{ lookup('varnames', '.+_zone$', '.+_location$') }}"**Example 8: Lookups and vars ** Retrieves the value of an Ansible variable.
- name: Show value of 'variablename'
debug: msg="{{ lookup('vars', 'variabl' + myvar)}}"
vars:
variablename: hello
myvar: ename
- name: Show default empty since i dont have 'variablnotename'
debug: msg="{{ lookup('vars', 'variabl' + myvar, default='')}}"
vars:
variablename: hello
myvar: notename
by 
Iβm a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND
