Re: [ansible-project] Using raw passwords with ansible_password directly in playbooks deprecated?
On Fri, Oct 30, 2020, at 12:14 PM, Matt Miller wrote: > The reasoning behind not revealing username/passwords directly in > playbooks is obvious and speaks for itself. > > However, I am calling playbooks from an application that includes > credential security/management, and provides credentials at runtime. > > For this reason, including ansible_user/ansible_password directly in > our playbook invocations works well. > > My question ... > > I seem to recall seeing something about this method of providing > credentials has been tagged as deprecated, but now I can't find where > it says so. Is this method being deprecated, or am i mis-recollecting? > You're doing it properly. There is also ansible_ssh_pass, but that's been emphasized less in favor of the ansible_password transport-agnostic version. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a31f3c58-c912-4273-80ed-0a4caed0482a%40www.fastmail.com.
Re: [ansible-project] CIS Bencjmarks - Rhel 7
The galaxy releases are lagging behind, but this probably is what you want: https://github.com/ansible-lockdown/RHEL7-CIS V/r, James Cassell On Thu, Sep 10, 2020, at 4:26 AM, Josephsimon Arokiaraj wrote: > Hi All, > > How you doing? > > Do we have any playbooks/roles for doing audit and remediation on CIS > benchmarks for Rhel 7? > > Cheers, > Joseph > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/72c806a4-56dd-408b-8cc2-58669eca7d28%40www.fastmail.com.
Re: [ansible-project] sudo(become) difference between "copy" module and "command" module
> On Mon, 8 Jun, 2020, 10:54 pm James Cassell,
> wrote:
> >
> > On Mon, Jun 8, 2020, at 11:25 AM, Mukuntha rajaa wrote:
> > > Hello,
> > >
> > > "become" works perfectly fine with "command" module. But not with
> > > "copy" module. Am I doing something wrong here.
> > >
> > > *_Working playbook:_*
> > > - name: demo
> > > hosts: localhost
> > > tasks:
> > > - name: copy
> > > command: cp /etc/ssh/sshd_config /tmp/sshd_config
> > > become: yes
> > > - name: edit
> > > lineinfile:
> > > path: /tmp/sshd_config
> > > regexp: '^PermitRootLogin'
> > > line: "PermitRootLogin yes"
> > > become: yes
> > >
> > > working logs:
> > > $ ap lineinfile.yml
> > > [WARNING]: provided hosts list is empty, only localhost is available.
> > > Note that the implicit localhost does not match 'all'
> > >
> > > PLAY [demo]
> > >
> >
> > >
> > > TASK [Gathering Facts]
> > >
> > *
> > > ok: [localhost]
> > >
> > > TASK [copy]
> > >
> >
> > > changed: [localhost]
> > >
> > > TASK [edit]
> > >
> >
> > > changed: [localhost]
> > >
> > > PLAY RECAP
> > >
> > *
> > > localhost : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0
> > > ignored=0
> > >
> > >
> > > *_Problematic playbook:_*
> > > - name: demo
> > > hosts: localhost
> > > tasks:
> > > - name: copy
> > > copy:
> > > src: /etc/ssh/sshd_config
> > > dest: /tmp/sshd_config
> > > become: yes
> > > - name: edit
> > > lineinfile:
> > > path: /tmp/sshd_config
> > > regexp: '^PermitRootLogin'
> > > line: "PermitRootLogin yes"
> > > become: yes
> > >
> > > Logs for problematic playbook:
> > > $ap zz.yml
> > > [WARNING]: provided hosts list is empty, only localhost is available.
> > > Note that the implicit localhost does not match 'all'
> > >
> > > PLAY [demo]
> > >
> >
> > >
> > > TASK [Gathering Facts]
> > >
> > *
> > > ok: [localhost]
> > >
> > > TASK [copy]
> > >
> >
> > > fatal: [localhost]: FAILED! => {"msg": "an error occurred while trying
> > > to read the file '/etc/ssh/sshd_config': [Errno 13] Permission denied:
> > > b'/etc/ssh/sshd_config'"}
> > >
> >
> > You want `remote_src: yes`... otherwise it's trying to read the file from
> > the controller.
On Mon, Jun 8, 2020, at 8:27 PM, Mukuntha rajaa wrote:
> Thanks for your email. This playbook is for testing purpose. I wanted
> src to be from controller only.
>
In that case, you'll need to make sure the src file can be read by the user
running ansible. sshd_config is not world readable by default.
V/r,
James Cassell
> >
> > V/r,
> > James Cassell
> >
> >
> > > PLAY RECAP
> > >
> > *
> > > localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0
> > > ignored=0
> > >
> >
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f927-d1df-491f-b0fd-08b92b5dad93%40www.fastmail.com.
Re: [ansible-project] sudo(become) difference between "copy" module and "command" module
On Mon, Jun 8, 2020, at 11:25 AM, Mukuntha rajaa wrote:
> Hello,
>
> "become" works perfectly fine with "command" module. But not with
> "copy" module. Am I doing something wrong here.
>
> *_Working playbook:_*
> - name: demo
> hosts: localhost
> tasks:
> - name: copy
> command: cp /etc/ssh/sshd_config /tmp/sshd_config
> become: yes
> - name: edit
> lineinfile:
> path: /tmp/sshd_config
> regexp: '^PermitRootLogin'
> line: "PermitRootLogin yes"
> become: yes
>
> working logs:
> $ ap lineinfile.yml
> [WARNING]: provided hosts list is empty, only localhost is available.
> Note that the implicit localhost does not match 'all'
>
> PLAY [demo]
>
>
> TASK [Gathering Facts]
> *
> ok: [localhost]
>
> TASK [copy]
>
> changed: [localhost]
>
> TASK [edit]
>
> changed: [localhost]
>
> PLAY RECAP
> *
> localhost : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0
> ignored=0
>
>
> *_Problematic playbook:_*
> - name: demo
> hosts: localhost
> tasks:
> - name: copy
> copy:
> src: /etc/ssh/sshd_config
> dest: /tmp/sshd_config
> become: yes
> - name: edit
> lineinfile:
> path: /tmp/sshd_config
> regexp: '^PermitRootLogin'
> line: "PermitRootLogin yes"
> become: yes
>
> Logs for problematic playbook:
> $ap zz.yml
> [WARNING]: provided hosts list is empty, only localhost is available.
> Note that the implicit localhost does not match 'all'
>
> PLAY [demo]
>
>
> TASK [Gathering Facts]
> *
> ok: [localhost]
>
> TASK [copy]
>
> fatal: [localhost]: FAILED! => {"msg": "an error occurred while trying
> to read the file '/etc/ssh/sshd_config': [Errno 13] Permission denied:
> b'/etc/ssh/sshd_config'"}
>
You want `remote_src: yes`... otherwise it's trying to read the file from the
controller.
V/r,
James Cassell
> PLAY RECAP
> *
> localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0
> ignored=0
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d437a90c-b2d0-4973-a5f2-701e301d8ac4%40www.fastmail.com.
Re: [ansible-project] aws community edition and collection
On Thu, Jun 4, 2020, at 8:37 PM, Sydo Luciani wrote: > The only option that I can think of: > pip install https://github.com/ansible/ansible/archive/devel.tar.gz > git clone https://github.com/ansible-collections/community.aws.git > cp community.aws/plugins/modules/my_module.py ~/.ansible/plugins/modules/ > > edit ~/.ansible/plugins/modules/my_module.py and then copy it back to > git repository to commit and push. > > Any elegant solution ? > How you guys at ansible have setup the development environment to > develop amazon.aws ? > You've identified one of the many annoying parts of collections. You need a special directory structure and you can't install from git in an editable manner. There's no equivalent to `ansible-galaxy install -gr requirements.yml` that gives you a git repo you can edit and push and pull. You'll further find it difficult to type `ansible -m community.general.my_module ...` using the very long name versus the short name you've always used before. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b7a7db11-1c36-475d-a834-ac12a58a5bf1%40www.fastmail.com.
Re: [ansible-project] Setting Variable across multiple hosts blocks
On Mon, Jun 1, 2020, at 11:49 AM, Brian Coca wrote: > The 'implicit localhost' is not part of ALL: > https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html > Documentation gold! Thanks! V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e49f6b44-18bf-4ac8-b373-59f70f5d34e3%40www.fastmail.com.
Re: [ansible-project] [WARNING]: provided hosts list is empty, only localhost is available
> On Sun, May 24, 2020 at 4:08 PM James Cassell
> wrote:
> >
> > On Sun, May 24, 2020, at 6:56 PM, Tony Wong wrote:
> > > ---
> > > - name: get info vm
> > > hosts: localhost
> > > connection: local
> > > gather_facts: false
> > > vars:
> > > vm_list:
> > > - dr-reb
> > > - dr-wac
> > > tasks:
> > > - name: get info about the virtual machine
> > > vmware_guest_info:
> > > hostname: vcenter
> > > username: administrator@vsphere.local
> > > password: Password123@
> > > datacenter: RW-VA
> > > validate_certs: False
> > > name: "{{ item }}"
> > > schema: "vsphere"
> > > properties: ["config.hardware.memoryMB", "config.hardware.numCPU",
> > > "guest.disk", "overallStatus"]
> > > delegate_to: localhost
> > > register: vm_info
> > > with_items: "{{ vm_list }}"
> > > - debug:
> > > msg: "{{ vm_list }}"
> > >
> > >
> > > tony@ubuntu:~/ansiblework$
> > > tony@ubuntu:~/ansiblework$
> > > tony@ubuntu:~/ansiblework$
> > > tony@ubuntu:~/ansiblework$
> > > tony@ubuntu:~/ansiblework$ ansible-playbook vmware_tools.yml
> > >
> > >
> > >
> > >
> > >
> > > why is it when i run this pb
> > >
> > > I get nothing but this
> > >
> > > [WARNING]: provided hosts list is empty, only localhost is available.
> > > Note that the implicit localhost does not match 'all'
> > >
> > > [WARNING]: Found variable using reserved name: tasks
> > >
> >
> > Delete 2 spaces from the tasks line.
> >
> > V/r,
> > James Cassell
> >
On Sun, May 24, 2020, at 7:13 PM, Tony Wong wrote:
> Thanks!
>
> but I dont see any output running it
>
>
> [WARNING]: provided hosts list is empty, only localhost is available.
> Note that the implicit localhost does not match 'all'
>
>
> PLAY [get info vm]
> **
>
> TASK [get info about the virtual machine]
> ***
> ok: [localhost -> localhost] => (item=dr-reb)
> ok: [localhost -> localhost] => (item=dr-wac)
>
> TASK [debug]
>
> ok: [localhost] => {
> "msg": [
> "dr-reb",
> "dr-wac"
> ]
> }
>
> PLAY RECAP
> **
> localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0
> ignored=0
>
Run with -vvv to see all the details of each task.
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b61aadf7-e8a3-45b2-b0ea-af40408cd781%40www.fastmail.com.
Re: [ansible-project] [WARNING]: provided hosts list is empty, only localhost is available
On Sun, May 24, 2020, at 6:56 PM, Tony Wong wrote:
> ---
> - name: get info vm
> hosts: localhost
> connection: local
> gather_facts: false
> vars:
> vm_list:
> - dr-reb
> - dr-wac
> tasks:
> - name: get info about the virtual machine
> vmware_guest_info:
> hostname: vcenter
> username: administrator@vsphere.local
> password: Password123@
> datacenter: RW-VA
> validate_certs: False
> name: "{{ item }}"
> schema: "vsphere"
> properties: ["config.hardware.memoryMB", "config.hardware.numCPU",
> "guest.disk", "overallStatus"]
> delegate_to: localhost
> register: vm_info
> with_items: "{{ vm_list }}"
> - debug:
> msg: "{{ vm_list }}"
>
>
> tony@ubuntu:~/ansiblework$
> tony@ubuntu:~/ansiblework$
> tony@ubuntu:~/ansiblework$
> tony@ubuntu:~/ansiblework$
> tony@ubuntu:~/ansiblework$ ansible-playbook vmware_tools.yml
>
>
>
>
>
> why is it when i run this pb
>
> I get nothing but this
>
> [WARNING]: provided hosts list is empty, only localhost is available.
> Note that the implicit localhost does not match 'all'
>
> [WARNING]: Found variable using reserved name: tasks
>
Delete 2 spaces from the tasks line.
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e3016f38-6094-4de7-9c52-ececd1b3ac05%40www.fastmail.com.
Re: [ansible-project] Forced --limit
On Wed, May 6, 2020, at 4:35 PM, Julien Seknazi wrote:
> Hi!
>
> I hope everything it's ok for you.
>
>
> I would like to know if it's possible to use mandatory "--limit" when you run
> :
> "ansible-playbook site.yml --limit DEVICE_1"
>
> I explain, if i don't use --limit, my playbook will deploy on all my
> devices.
> Me, I want my playbook don't run if --limit is not defined on my run
> ansible-playbook command
>
I use
- hosts: "{{ ansible_limit }}"
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8be851af-9bf9-4d93-b1ed-ff422d0c59e4%40www.fastmail.com.
Re: [ansible-project] Ansible-playbook
On Sat, Apr 18, 2020, at 6:13 PM, Orkhan Mammadov wrote:
> Hi guys,
>
> I have created file under /etc/sudoers.d/ directory with this entry:
> ansible ALL=(ALL) NOPASSWD:ALL and copied to managed hosts in order to
> install some service such as vsftpd on those hosts.
>
> I can ssh and install any service with root user, but not with ansible
> user. It gives the following error while installing service via
> ansible-playbook command:
>
> TASK [install vsftpd]
> **
> fatal: [ansible1]: FAILED! => {"changed": false, "msg": "This command
> has to be run under the root user.", "results": []}
>
>
> Can you please tell me which configs should be made in order to install
> services on ansible user?
>
Pass `-b` to your ansible command or add `become: yes` to your playbook.
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6c8126ac-ac88-4e98-bce4-a88408260edb%40www.fastmail.com.
Re: [ansible-project] OS support contribution guidelines
On Tue, Mar 17, 2020, at 4:03 PM, Nick Venenga wrote: > What host operating systems does Ansible accept PRs for? I got hit with > a hard no here > https://github.com/ansible/ansible/pull/65381#issuecomment-600250171 > that sounds like anything Windows related it out of the question. I see > various vague references to reserving the right to only support Linux > but then I see other places referencing MacOS and *BSD. I tried to find > development guidelines to no avail. Is there an official policy or does > it just depend on maintainers mood? > I was disappointed to see that decision. I know lots of folks would like to run ansible on a Windows controller and it's unfortunate that RH is forcing it to be done in a fork, but as they say [1], "it's not a democracy," and they're pushing it to be more of a RH-only project. (IIUC, it's no longer possible to add non-namespaced modules or plugins, and best you can do is community.general.my_module.) V/r, James Cassell [1] https://meetbot.fedoraproject.org/ansible-meeting/2020-03-17/ansible_core_public_irc_meeting_https:github.comansiblecommunityissues528.2020-03-17-19.01.log.html#l-60 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/06bdb1c5-8aaf-4f70-bcc3-a64e255dfd2c%40www.fastmail.com.
Re: [ansible-project] rescue block does not print message despite being invoked
On Thu, Mar 12, 2020, at 10:12 PM, Shifa Shaikh wrote:
> Hi,
>
> I have a playbook with a task that greps for a string in a file. If the
> string is found the block should fail which is the case. However, in
> the fail module it fails to print the message.
>
> Here is my playbook:
>
> Here is my playbook:
>
> `
> ---
> - name: "Play 1"
> hosts: localhost
> tasks:
> - block:
> - name: "Search for IP"
> command: "grep -w {{ source_host }} {{ playbook_dir }}/allhost.hosts"
> register: command_result
> failed_when: command_result.rc == 0 and action == "onboard"
>
>
> rescue:
> - name: Print custom conditional debug message
> fail:
> msg: >-
> {{
> command_result.rc == 0 |
You're missing parenthesis around the condition.
V/r,
James Cassell
> ternary(
> "This IP is already On-Boarded.",
> "The Database is not reachable."
> )
> }}
>
> `
>
>
> Considering command_result.rc = 0; I was expecting "This IP is already
> On-Boarded." to be printed however it does not. Can you please tell me
> why.
>
> Output:
>
> `
> TASK [Search for IP] *
> [1;30mtask path: /tmp/filegaurd.yml:20[0m
> [0;34mUsing module file
> /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py[0m
> [0;34mPipelining is enabled.[0m
> [0;34m<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: user1[0m
> [0;34m<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python2 && sleep 0'[0m
> [0;31mfatal: [localhost]: FAILED! => {[0m
> [0;31m "changed": true, [0m
> [0;31m "cmd": [[0m
> [0;31m "grep", [0m
> [0;31m "-w", [0m
> [0;31m "10.9.9.91", [0m
> [0;31m "/tmp/allhost.hosts"[0m
> [0;31m ], [0m
> [0;31m "delta": "0:00:00.096103", [0m
> [0;31m "end": "2020-03-13 07:25:43.705938", [0m
> [0;31m "failed_when_result": true, [0m
> [0;31m "invocation": {[0m
> [0;31m "module_args": {[0m
> [0;31m "_raw_params": "grep -w 10.9.9.91 /tmp/allhost.hosts", [0m
> [0;31m "_uses_shell": false, [0m
> [0;31m "argv": null, [0m
> [0;31m "chdir": null, [0m
> [0;31m "creates": null, [0m
> [0;31m "executable": null, [0m
> [0;31m "removes": null, [0m
> [0;31m "stdin": null, [0m
> [0;31m "stdin_add_newline": true, [0m
> [0;31m "strip_empty_ends": true, [0m
> [0;31m "warn": true[0m
> [0;31m }[0m
> [0;31m }, [0m
> [0;31m "rc": 0, [0m
> [0;31m "start": "2020-03-13 07:25:43.609835", [0m
> [0;31m "stderr": "", [0m
> [0;31m "stderr_lines": [], [0m
> [0;31m "stdout": "10.9.9.91 USERID=user1
> files_list=/tmp/winstone4603745991442278706.jar,/tmp/winstone5835113081224811756.jar",
> [0m
> [0;31m "stdout_lines": [[0m
> [0;31m "10.9.9.91 USERID=user1
> files_list=/tmp/winstone4603745991442278706.jar,/tmp/winstone5835113081224811756.jar"[0m
> [0;31m ][0m
> [0;31m}[0m
>
>
> TASK [Print custom conditional debug message]
> **
> [1;30mtask path: /tmp/filegaurd.yml:28[0m
> [0;31mfatal: [localhost]: FAILED! => {[0m
> [0;31m "changed": false, [0m
> [0;31m "msg": "False "[0m
> [0;31m}[0m
>
>
> PLAY RECAP
> *
> [0;31mlocalhost[0m : [0;32mok=1 [0m changed=0 unreachable=0
> [0;31mfailed=1 [0m skipped=0 [0;32mrescued=1 [0m ignored=0
> `
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/53303de2-c158-4f30-b968-44d4b9be9d36%40www.fastmail.com.
Re: [ansible-project] Every SSH connection logs mux_client_read_packet: read header failed: Broken pipe
On Mon, Feb 24, 2020, at 9:01 PM, John Bateman wrote: > Each SSH connection throughout every playbook execution ends with > Broken Pipe error message `mux_client_read_packet: read header failed: > Broken pipe`, seen with verbose logging enabled. This doesn't cause the > failure of a task and the connection can still be seen to return a 0 > exit code and the playbook executes successfully. I'm not getting any > performance improvements with pipelining enabled and I am curious if > this would have a performance impact on ControlPersist and pipelining > if connections are terminating like this? > > > > Full debug output here: > https://gist.github.com/johnbateman/c2257c750798d1f48adc95deb66e3b61#file-gistfile1-txt > > Maybe try just 3 v's... I got lost in the output. V/r James Cassell > > ` > `ansible 2.9.4 > config file = /etc/ansible/ansible.cfg > configured module search path = > [u'/home/vagrant/.ansible/plugins/modules', > u'/usr/share/ansible/plugins/modules'] > ansible python module location = > /usr/lib/python2.7/site-packages/ansible > executable location = /usr/bin/ansible > python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 > 20150623 (Red Hat 4.8.5-39)]` > ` > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/827a556f-3264-4a21-93f1-5df56ac4cc5b%40www.fastmail.com.
Re: [ansible-project] Ansible delegate to another host
On Fri, Feb 21, 2020, at 1:33 PM, Amit Juneja wrote: > Hi everyone, > > I would appreciate if you could please look at my issue below and > provide your suggestions - > > GOAL - Identify if the data in lower environment is scrambled. > > Steps - > 1. Identify all lower environment and form sql query of random records > to run in PROD > 2. Dynamically identify the prod server IP address > 3. Run the sql query from lower environment task on PROD server > > Steps 1 and 2 are working fine, but in the playbook if I use > "delegate_to" with prod server ip (identified as part of step 2), it > fails. > Make sure the host is in your inventory, or try add_host to get it there. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5373ed9f-6fe5-4906-858f-4d1f591a4ba4%40www.fastmail.com.
Re: [ansible-project] nmcli module seems broken. Documention mentions old libraries for CentOS8/RHEL8
On Fri, Feb 7, 2020, at 7:34 AM, Vladimir Botka wrote: > On Fri, 7 Feb 2020 02:32:12 -0800 (PST) > matzuba wrote: > > > [...] > > NM seems to be the recommended way and where things are going so i would > > like to get this to work but obviously, i cant use the nmcli module to do > > so. > > NM will still read the interface scripts and i have also tested > > /etc/networkmanager/conf.d configuration. > > [...] > > Let me share couple of thoughts that might help you to make your choice. > > The problem is the complexity. Both vertical and horizontal. Horizontal > across the distributions and vertical across the layers "User_land <-> D-Bus > <-> System_configuration <-> Device_drivers". A nightmare for any maintainer. > > With Ansible, you connect to the remote host and escalate to root. Then you > use nmcli, which is user-land tool, and go through D-Bus to configure the > system. It's an overkill. > > It's not a core module. The nmcli module is maintained by community and is in > preview. > This is true of the vast majority of ansible modules. The core team has no interest in taking on more modules. Even the very useful ini_file module is community and preview. For the topic at hand, check out the linux-system-roles project, which is shipped and supported in RHEL as rhel-system-roles. [1] V/r, James Cassell [1] https://github.com/linux-system-roles/network -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/af6466aa-5870-4b6e-871d-8250b5c50cf9%40www.fastmail.com.
Re: [ansible-project] Switch to root user using dzdo
On Fri, Feb 7, 2020, at 5:45 AM, Poemy wrote: > I have an ansible playblook running some tasks for my user, which I log > in through ssh. > > The user has root privileges by running following command in the terminal: > ` > dzdo su - > ` > > It's actually the only way (no sudo, no root password) to get root access. > > Now, what I want to do is to switch my user to root at a certain point > in my ansible-playbook, using this *dzdo su -* behavior. > > How to do this? > Use become_method=dzdo If they literally require you to type "dzdo su -", then you should talk to your security folks to get a saner policy. (There's likely hacks that can be done, but "hacks") V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/31470180-4452-4920-b29a-eb82f4b6215c%40www.fastmail.com.
Re: [ansible-project] start servers using ansible playbook
On Tue, Feb 4, 2020, at 12:03 AM, James Cassell wrote:
> On Mon, Feb 3, 2020, at 8:56 PM, Cloud09 wrote:
> > Hello Team,
> >
> > I am writing a playbook to start weblogic servers, could anyone help me
> > any syntax errors, I could not make item/item display as it should be,
> > or please feel free to correct me here if any incorrect syntax and
> > would not work as expected.
> >
> > ---
> > - hosts: appservers
> > become: yes
> > become_user: cloud9
> > vars:
> > filepath:
> > - "nohup /opt/jpmc/cloud9/stat/wl12213/cloud9/bin"
> > stopservers:
> > - "/stop-caServer01.sh"
> > - "/stop-nyServer01.sh"
> > - "/stop-ohServer01.sh"
> > tasks:
> > - name: Start the admin server
> > command: "{{item}}/startManagedWebLogic.sh"
> > loop:
> > - filepath
> > - name: Start the managed server(s)
> > command: "{{item}}/{{item}}"
> > loop:
> > - filepath
> > - stopservers
>
> Instead of loop, I'd recommend with_together.
>
> - name: Start the managed server(s)
> command: "{{item.0}}/{{item.1}}"
> with_together:
> - "{{filepath}}"
> - "{{stopservers}}"
>
Actually it's much simpler for your example:
- name: Start the managed server(s)
command: "{{filepath}}/{{item}}"
loop: "{{stopservers}}"
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ebfb0e3c-b7e5-42c7-a4a4-aaa20c9c85ff%40www.fastmail.com.
Re: [ansible-project] start servers using ansible playbook
On Mon, Feb 3, 2020, at 8:56 PM, Cloud09 wrote:
> Hello Team,
>
> I am writing a playbook to start weblogic servers, could anyone help me
> any syntax errors, I could not make item/item display as it should be,
> or please feel free to correct me here if any incorrect syntax and
> would not work as expected.
>
> ---
> - hosts: appservers
> become: yes
> become_user: cloud9
> vars:
> filepath:
> - "nohup /opt/jpmc/cloud9/stat/wl12213/cloud9/bin"
> stopservers:
> - "/stop-caServer01.sh"
> - "/stop-nyServer01.sh"
> - "/stop-ohServer01.sh"
> tasks:
> - name: Start the admin server
> command: "{{item}}/startManagedWebLogic.sh"
> loop:
> - filepath
> - name: Start the managed server(s)
> command: "{{item}}/{{item}}"
> loop:
> - filepath
> - stopservers
Instead of loop, I'd recommend with_together.
- name: Start the managed server(s)
command: "{{item.0}}/{{item.1}}"
with_together:
- "{{filepath}}"
- "{{stopservers}}"
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/80545ac9-2517-41d8-a9cf-96339c5ff105%40www.fastmail.com.
Re: [ansible-project] Need Help in Ansible regex
On Fri, Jan 24, 2020, at 1:09 AM, Rakesh Parida wrote:
> Hi all,
>
> I have a rpm whcich i have added in a list. I want to make it dynamic
> i.e when the version of rpm changes playbook should handle it.
> I have build a logic but the playbook skips the task where i have
> mentioned the regex. Kindly help me .
>
>
> - hosts: localhost
> tasks:
> - name: Create a list
> set_fact:
> some_value:
> - dp-steps-common-3.0.12.rpm
>
> - debug:
> msg: "{{ some_value }}"
>
> - name: Print DP steps records
> set_fact:
> dp_record: "{{ item }}"
> when: item is defined and item == 'regexp
> (dp-steps-common-[0-9./]+[0-9./]+[0-9][0-9./]rpm$)'
In the first part, item will always be defined or the task won't run at all, so
no need to test it.
In the second part, you're comparing two static strings here that will never
match. You probably meant to do something like
when: item is regex('your regex')
See for examples:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#testing-strings
V/r,
James Cassell
> with_items: "{{ some_value }}"
>
> - name: Create an empty list variable
> set_fact:
> nodes1: []
>
> - name: Append string to ECE node list
> set_fact:
> nodes1: "{{ ece_nodes + [ item ] }}"
> with_items:
> - "{{ dp_record | default(None) }}"
> when: item is defined and item != None and item != ""
>
> - name: Display Lists
> debug:
> msg:
> - "{{ nodes1 }}"
>
> OUTput:
> PLAY [localhost]
>
>
> TASK [Gathering Facts]
> **
> ok: [localhost]
>
> TASK [Create a list]
>
> ok: [localhost]
>
> TASK [debug]
>
> ok: [localhost] => {
> "msg": [
> "dp-steps-common-3.0.12.rpm"
> ]
> }
>
> TASK [Print DP steps records]
> ***
> skipping: [localhost] => (item=dp-steps-common-3.0.12.rpm)
>
> TASK [Create an empty list variable]
>
> ok: [localhost]
>
> TASK [Append string to ECE node list]
> ***
> skipping: [localhost] => (item=)
>
> TASK [Display Lists]
>
> ok: [localhost] => {
> "msg": [
> []
> ]
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1b7264fb-2e7f-4b8e-9baa-b7d4e4372e7b%40www.fastmail.com.
Re: [ansible-project] debug msg ignore other results.
On Tue, Jan 14, 2020, at 12:48 AM, Jegan A wrote:
> Hello Team,
>
> I am iterating register result using debug and loop but it prints
> other variable result as well how to ignore that one while printing
> value which I want Below is the sample results. Cloud you please help
> me on this issues. I just want to print value of
> "item.invocation.module_args.volume_id" and ignore other results.
>
>
>
> - debug:
> msg: "{{ item.invocation.module_args.volume_id }}"
> register: unused_block
> with_items: "{{result_1.results}}"
> when: item.volume_attachments | length == 0
>
>
> debug result
>
> TASK [debug]
> *
> skipping: [localhost] => (item={'failed': False, 'ansible_loop_var':
> u'item', u'volume_attachments': [{u'chap_username': None,
> u'time_created': u'2019-12-26T09:38:51.785000+00:00', u'is_read_only':
> False, u'volume_id': u'', u'device': None, u'xxx',
> u'lifecycle_state': u'ATTACHED', u'availability_domain': u'xx',
> u'display_name': u'volumeattachment20191226093851', u'compartment_id':
> u'', u'port': 3260, u'instance_id':
> u'x', u'iqn': u'x',
> u'is_pv_encryption_in_transit_enabled': False, u'attachment_type':
> u'iscsi', u'chap_secret': None, u'ipv4': u'169.254.2.2'}], 'item':
> u'xxx', u'invocation': {u'module_args':
> {u'auth_type': u'api_key', u'api_user_key_pass_phrase': None,
> u'availability_domain': None, u'display_name': None,
> u'config_profile_name': u'root', u'compartment_id': u'xxx',
> u'region': None, u'volume_id': u'xxx',
> u'instance_id': None, u'tenancy': None, u'api_user_key_file': None,
> u'api_user_fingerprint': None, u'api_user': None,
> u'config_file_location': u'~/.oci/config', u'volume_attachment_id':
> None}}, 'changed': False, 'ansible_facts':
> {u'discovered_interpreter_python': u'/usr/bin/python'}})
>
> ok: [localhost] => (item={'failed': False, 'ansible_loop_var': u'item',
> u'volume_attachments': [], 'item': u'',
> u'invocation': {u'module_args': {u'auth_type': u'api_key',
> u'api_user_key_pass_phrase': None, u'availability_domain': None,
> u'display_name': None, u'config_profile_name': u'root',
> u'compartment_id': u'xx', u'region': None,
> u'volume_id': u'xxx', u'instance_id':
> None, u'tenancy': None, u'api_user_key_file': None,
> u'api_user_fingerprint': None, u'api_user': None,
> u'config_file_location': u'~/.oci/config', u'volume_attachment_id':
> None}}, 'changed': False}) => {
> "msg": "xx"
> }
>
>
loop_control:
label: "{{ item.invocation.module_args.volume_id }}"
Or similar.
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6f8a4a0c-df9d-4b31-88e4-cf26b18c5a24%40www.fastmail.com.
Re: [ansible-project] specifying both inventory-file & group from that file
On Tue, Jan 14, 2020, at 1:16 AM, Sd Neil wrote:
> I work with a legacy 2.1 Ansible (mid-migration to 2.9).
>
> I have had success specifying my own private hosts (ini) file that
> contains 2 Groups ( ' -i ' ). But I cannot find the 2.1 argument to
> running a playbook (that has no hosts directive) against both,
> custom-inventory file and single-group in that inventory-file.
>
> I tried:
> 1) -i /path/to/file:
> 2) -i /path/to/file --extra-vars "hosts="
> 3) -i /path/to/file --extra-vars "variable_host="
> 4) -i /path/to/file -l
>
> ...all result "ERROR! the field 'hosts' is required but was not set"
>
> So I have two questions:
> a) is it possible to specify both custom inventory file and individual
> group from that file in Ansible 2.1 ?
> b) does anyone do this in Ansible 2.9 and if yes, would they share an
> newb-friendly example ?
>
> For the time-being, I am splitting out my groups into distinct host
> files. For what its worth, the intent is to keep a hosts directive out
> of playbooks.
>
`hosts` directive is required in playbooks.
I often use
`hosts: "{{ ansible_limit }}"`
So the playbook runs against the hosts passed to the -l cli option. I've also
seen folks swap ansible_limit for target, then force playbook operators to
specify -e target=mygroup
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/33599202-1776-4dbb-892e-04b5538cd374%40www.fastmail.com.
Re: [ansible-project] Issue with redhat_subscription module
On Mon, Jan 13, 2020, at 2:18 PM, Adam Morris wrote: > I suspect that nobody else has run across this particular issue yet. > The redhat_subscription module has an error in it. If you are using > pool_ids then you can either provide a list of ids, or a list of ids > with quantities. Behind the scenes the module translates the former > into the latter with a quantity of "1". > > > ` > > - name: Register and subscribe to multiple pools. > > redhat_subscription: > > state: present > > username: joe_user > > password: somepass > > pool_ids: > > - 0123456789abcdef0123456789abcdef > > - 1123456789abcdef0123456789abcdef > > - name: Same as above but consume multiple entitlements. > > redhat_subscription: > > state: present > > username: joe_user > > password: somepass > > pool_ids: > > - 0123456789abcdef0123456789abcdef: 2 > > - 1123456789abcdef0123456789abcdef: 4 > ` > > > However a quantity of 1 is not valid for a physical machine with 2 > sockets (it should be 2) and so subscription_manager returns a warning > on stdout and a return code of 1 (it does the right thing though) this > causes Ansible to flag it as having failed. > > Given that the module itself uses this piece of code... > ` > def subscribe_by_pool_ids(self, pool_ids): """ Try to subscribe to the > list of pool IDs """ available_pools = RhsmPools(self.module) > available_pool_ids = [p.get_pool_id() for p in available_pools] > for pool_id, quantity in sorted(pool_ids.items()): if pool_id in > available_pool_ids: args = [SUBMAN_CMD, 'attach', '--pool', pool_id, > '--quantity', quantity] rc, stderr, stdout = > self.module.run_command(args, check_rc=True) else: > self.module.fail_json(msg='Pool ID: %s not in list of available pools' > % pool_id) return pool_ids > ` > > I was wondering if it should be patched to default quantity to 0 and > include a check, if quantity is set to 0 then skip the --quantity > argument. Any thoughts? > Sounds like a good change to me. Probably fastest solution is to send a PR. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9fa69a2a-4f95-489f-97fb-81fb9538325f%40www.fastmail.com.
Re: [ansible-project] Zeros are truncated from strings. #10281
On Fri, Dec 13, 2019, at 8:40 AM, Dylan Humphreys wrote:
> Im getting that bug happen to me, but Im on 2.9.2
>
> `
> % dpkg -l ansible
>
> Desired=Unknown/Install/Remove/Purge/Hold
>
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>
> ||/ Name Version Architecture Description
>
> +++-=-===-===-
>
> ii ansible 2.9.2-1ppa~xenial all Ansible IT Automation
>
>
> `
>
> The code in question:
> `
> msg: "/usr/lib/postgresql-{{ postgresqlversion }}/bin/pg_dump -h
> /run/postgresql/{{ postgresqlversion }} -C --clean {{ dbname }}|
> /usr/bin/pigz > {{ dbbackuplocation }}/{{ oldversion }}_{{ dbname }}_{{
> dbbackups.matched }}.sql.gz"
> `
>
> In the above, oldscmversion is:
>
> `
> % cat vars/demo-scmversion.yml
>
> oldversion: 19.10
> `
You need to make it a string by quoting it; otherwise it's treated as a
floating point number. This is yaml behavior.
V/r,
James Cassell
>
> However the resulting filename for the above once rendered is "19.1"
> Ill confess to not know how to find out what version of ansible that
> bug was actually addressed, but given it was back in 2015, I suspect
> the fix referred to is in the version I am using. Can anyone help /
> suggest a work around?
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6eedcc2c-b1f1-4575-b56d-4a7ec4163246%40www.fastmail.com.
Re: [ansible-project] Precendence: why playbook level variables win over inventory ones?
On Fri, Oct 18, 2019, at 11:53 PM, Stanislav German-Evtushenko wrote: > Documentation > <https://docs.ansible.com/ansible/2.8/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable> > (see 4-7, 9, 10 from the list of priorities) says that playbook level > variables override an inventory ones. Can somebody explain why this is the > case? To me this is counter-intuitive and keeps leading to mistakes. > > Intuitive way would be: > > 1) role defaults (specified within the role itself) > ⇩ > 2) infrastructure defaults, e.g. datacenter level (specified in > group_vars or host_vars on the playbook level) > ⇩ > 3) inventory defaults, e.g. availability zone, or a specific project, > etc (specified in group_vars or host_vars on inventory level) > > However the fact is that 2 always overrides 3. How was it supposed to be used? > I agree that it's not intuitive... It's also backwards from what I would expect. You can override the precedence order locally: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#variable-precedence I choose not to do that, and instead forgo separating inventory from playbook group_vars. I, too, would be interested in an explanation of why the order is what it is. I've been bitten by it in the past. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20d7e94d-3d27-473b-8c1e-0af30b5d2edb%40www.fastmail.com.
Re: [ansible-project] ansible - shell module using expect
On Tue, Oct 8, 2019, at 8:58 AM, Troy Cosson wrote:
[re-ordered]
>
>
> On Monday, October 7, 2019 at 4:12:36 PM UTC-5, James Cassell wrote:On
> Mon, Oct 7, 2019, at 4:19 PM, Troy Cosson wrote:
> > > I'm trying to get a Red Hat server (RHEL7) to join a Windows Active
> > > Directory domain and I can't seem to get the expect command to send a
> > > password.
> > >
> > > The playbook asks for the username and password and should then put the
> > > username at the end of the adcl command
> > > adcli join example.com -U administratorName
> > > This returns a prompt of
> > > Password for administ...@example.com:
> > > The expect portion 'should' see this and send the password
> > > The ansible example is here
> > > https://docs.ansible.com/ansible/latest/modules/shell_module.html#shell-module
> > > (# You can use shell to run other executables to perform actions inline)
> > >
> > > I've added -v to the adcli command to try and check whats happening,
> > > but it didn't really shed any light.
> > > Neither did ansible-playbook -vvv filename.yml, but maybe I just can't
> > > read it well.
> > > The example below has example.com instead of my actual domain but
> > > otherwise is identical.
> > > Does anyone have any suggestions on why the expect/send portion isn't
> > > working?:
> > >
> > > ---
> > > - hosts: 127.0.0.1
> > > vars_prompt:
> > > - name: username
> > > prompt: "What is your Active Directory administrator username?"
> > > private: no
> > > - name: password
> > > prompt: "What is your administrator password?"
> > > private: yes
> > > tasks:
> > > - name: join the domain
> > > shell: |
> > > set timeout 300
> > > spawn /usr/sbin/adcli -v join example.com -U {{username}}
> > > expect "Password for {{usern...@example.com: "
> > > send "{{password}}\r"
> > > interact
> > > exit 0
> > > args:
> > > executable: /usr/bin/expect
> > > delegate_to: localhost
> > >
> > >
> >
> > Try \n instead of \r. This is more a question about expect than ansible.
> > You'll also have to worry about special chars in the password, as parsed by
> > TCL. (Obviously you need the expect command available on the target
> > system.)
> >
> > A better approach might be to pass the password in args: stdin and use
> > --stdin-password
> >
> I skimmed right over the --stdin-password from the man page.
> That's way simpler.
> - Thanks
>
> ---
> - hosts: 127.0.0.1
> vars_prompt:
> - name: username
> prompt: "What is your Active Directory administrator username?"
> private: no
>
> - name: password
> prompt: "What is your administrator password?"
> private: yes
>
> tasks:
> - name: join the domain
> shell: echo -n "{{password}}" | adcli join --stdin-password
> example.com.com -U {{username}}
better to avoid password being (briefly) accessible to all on the system, and
to skip escaping worries:
command: adcli join --stdin-password example.com.com -U {{username}}
args:
stdin: "{{password}}"
stdin_add_newline: no
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/651d7050-a0c5-4365-859a-db2dbb11322d%40www.fastmail.com.
Re: [ansible-project] ansible - shell module using expect
On Mon, Oct 7, 2019, at 4:19 PM, Troy Cosson wrote:
> I'm trying to get a Red Hat server (RHEL7) to join a Windows Active
> Directory domain and I can't seem to get the expect command to send a
> password.
>
> The playbook asks for the username and password and should then put the
> username at the end of the adcl command
> adcli join example.com -U administratorName
> This returns a prompt of
> Password for administratorn...@example.com:
> The expect portion 'should' see this and send the password
> The ansible example is here
> https://docs.ansible.com/ansible/latest/modules/shell_module.html#shell-module
> (# You can use shell to run other executables to perform actions inline)
>
> I've added -v to the adcli command to try and check whats happening,
> but it didn't really shed any light.
> Neither did ansible-playbook -vvv filename.yml, but maybe I just can't
> read it well.
> The example below has example.com instead of my actual domain but
> otherwise is identical.
> Does anyone have any suggestions on why the expect/send portion isn't
> working?:
>
> ---
> - hosts: 127.0.0.1
> vars_prompt:
> - name: username
> prompt: "What is your Active Directory administrator username?"
> private: no
> - name: password
> prompt: "What is your administrator password?"
> private: yes
> tasks:
> - name: join the domain
> shell: |
> set timeout 300
> spawn /usr/sbin/adcli -v join example.com -U {{username}}
> expect "Password for {{username}}@EXAMPLE.COM: "
> send "{{password}}\r"
> interact
> exit 0
> args:
> executable: /usr/bin/expect
> delegate_to: localhost
>
>
Try \n instead of \r. This is more a question about expect than ansible. You'll
also have to worry about special chars in the password, as parsed by TCL.
(Obviously you need the expect command available on the target system.)
A better approach might be to pass the password in args: stdin and use
--stdin-password
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/60beab58-4023-43d1-ae61-a6f731269ae4%40www.fastmail.com.
Re: [ansible-project] unable to Delete post in GitHub ansible community
On Sat, Sep 28, 2019, at 1:38 PM, Bairava Surya wrote: > there are some host names in that post i need to delete it soon am > unable to perform any operation on that post > Here's another example of why locking issues and PRs is annoying. (Some companies pay "security" folks to trawl the internet for "internal" information, and then take action against the person who "leaked" it. Been there, experienced that.) Hopefully the auto locking can be reconsidered. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/91fda6ce-30b5-4734-9119-30b6a8164ea8%40www.fastmail.com.
Re: [ansible-project] Connection via Citrix
On Tue, Sep 24, 2019, at 7:35 AM, Srinivas Naram wrote: > Hello Gurus, > > Few devices in my customer environment can be connected via Citrix. How > to connect to devices which are accessible only via Citrix using > Ansible ? > I'd guess this is not possible by design, though I would be interested if you found a way to do it. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/55fa842c-37cd-4dcd-bcde-d8d8a8c7092a%40www.fastmail.com.
Re: [ansible-project] More dynamic variables
On Wed, Aug 21, 2019, at 2:35 PM, 'Mark Tovey' via Ansible Project wrote:
>
> I hate having to constantly go here to solve issues like this,
> especially when the issues I keep presenting are all so similar, but
> eventually I have to just give up trying to solve this on my own and
> ask.
>
> I want to define a structure in a vars file that looks like the following:
>
> > myos: {
> > configdir: "/path/to/directory",
> > configfile: "filename"
> > }
> > my_configdir: "{{ansible_facts.distribution}}.configdir"
my_configdir: "{{ (lookup('vars' ansible_facts.distribution)).configdir }}"
And so on...
> > my_configfile: "{{ansible_facts.configfile}}.configfile"
>
>
> I want to do something similar to the following:
>
> > stat:
> > path: "{{my_configdir}}/{{my_configfile}}"
> > register: result
> Unfortunately, path is being resolved to
> "myos.configdir/myos.configfile", not the expected
> "/path/to/directory/filename". I have tried using various methods of
> concatenating variables together, including trying the 'vars' lookup
> plugin, but I have not been able to work this out after two days of
> trying. So, here I am, back at the well, looking for another answer.
> Does anyone have any advice?
>
>
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ead8c9e9-b513-4dce-a8d9-af683500a4b4%40www.fastmail.com.
Re: [ansible-project] ansible_facts['ansible_os_family'] vs. ansible_facts['os_family']
On Sun, Jul 28, 2019, at 12:18 PM, Михаил Политаев wrote:
> Hello community!
>
> To determine how to reference variable which store OS family type i ran:
> ansible node1 -m setup
>
> Which throw a lot of output but there was:
> 192.168.24.24 | SUCCESS => {
> "ansible_facts": {
> ...,
> "ansible_os_family": "RedHat",
> ...
> },
> "changed": false
> }
>
> Based on it i reference in task to family vars as follows:
> when: ansible_facts['ansible_os_family'] == 'RedHat'
>
> But ansible throw me an error:
> The conditional check 'ansible_facts['ansible_os_family'] ==
> \"RedHat\"' failed. The error was: error while evaluating conditional
> (ansible_facts['ansible_os_family'] == \"RedHat\"): *'dict object' has
> no attribute 'ansible_os_family'*
> *
> *
> And only when i changed my task to:
> when: ansible_facts['os_family'] == 'RedHat' # without "ansible_" for
> key dict
>
> It start to work. Why is it so, I am saw in output key
> "*ansible_os_family*", not "*os_family*"? Should I delete all leading
> "ansible_" from output setup module? Is it documented?
>
There is an effort to move gathered facts into their own namespace under
ansible_facts, dropping the ansible_ prefix on each fact.
>
>
> P.S. also it works even with just:
> when: ansible_os_family == 'RedHat' condition.
>
This is the "old" way of accessing the fact, though I'd expect it to remain
supported for a long time.
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f5254b17-6f67-4e4a-99d2-4d74195a44c2%40www.fastmail.com.
Re: [ansible-project] Yet another dynamic variable problem
On Tue, Jul 23, 2019, at 6:19 PM, 'Mark Tovey' via Ansible Project wrote:
>
> I am trying to generate a variable name dynamically, but so far I have
> been stymied.
>
> I have lists whose names are based upon the OS name:
>
> > myos7:
> > - os7package1
> > - os7package2
> > - os7package3
>
> > myos8:
> > - os8package1
> > - os8package2
> > - os8package3
>
> I want to access these lists dynamically in a shell command:
>
> > - shell:
> > for pkg in "{{'myos' + ansible_facts.distribution_major_release}}"; \
> > do \
> > echo "pkg=$pkg"; \
> > done
>
You want
lookup('vars', 'myos' ~ ansible_facts.distribution_major_release)
> All I get in the output from the echo command is 'myos7' or 'myos8',
> but not the contents of those variables. If I output the variable in a
> debug task, I get the expected results, the list of packages:
>
> > - debug:
> > var: "{{item}}"
> > with_items:
> > - "{{'myos' + ansible_facts.distribution_major_release}}"
>
> So what is the difference? Why does it work as expected in the debug
> task but not in the shell task?
>
You're doing a double lookup here. Once in with_items and again by using `var`
instead of `msg`
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/134e67f3-fa65-4b14-8812-397694628c7e%40www.fastmail.com.
Re: [ansible-project] ansible playbook in json format not working
On Wed, Jun 26, 2019, at 6:08 PM, Narahari 'n' Savitha wrote:
> Hello Folkds:
>
> Thank you in advance for your time and attention.
>
> I wrote a playbook in the json format.
>
> > [
> > {
> > "name": "Test the json mode"
Missing a comma.
> > "hosts": "cool_columbus",
> > "tasks": [
> > {
> > "name": "First task"
Missing comma.
> > "shell": {
> > "chdir": "/tmp",
> > "free_form": "ls -l",
> > }
> > }
> > ]
> > }
> > ]
>
> when I run it with the command
>
> >> ansible-playbook test_playbook.jsonERROR! Syntax Error while loading
> >> YAML. expected ',' or '}', but got ''
> >> The error appears to have been in '/home/pidansible/test_playbook.json':
> >> line 4, column 5, but maybe elsewhere in the file depending on the exact
> >> syntax problem.
> >> The offending line appears to be:
>
>
> What am I doing wrong and how to run this ?
>
> Please help.
>
> -N
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/18eb0e85-792c-4a82-9c92-3a1d32848c1f%40www.fastmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Enable copr repository with dnf module
On Tue, May 28, 2019, at 4:24 PM, Marcin Zajączkowski wrote: > Hi, > > I wonder what's the recommended way to enable a COPR repository in dnf > using Ansible? > > I could just use a link to: > https://copr.fedorainfracloud.org/coprs/vondruch/doublecmd/repo/fedora-30/vondruch-doublecmd-fedora-30.repo > (probably with a guard task to prevent an unnecessary network call if > already installed) > > However, maybe there is some more dedicated way to use a dnf plugin for copr? > I don't think it is possible today. I could imagine a yum_copr/dnf_copr module to accomplish that goal, or an extra feature to yum_repository module, however. > Marcin > V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/49c1d2bb-fb1c-4d88-abbb-8f661bc73baa%40www.fastmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] How do command scp -rp in Ansible ?
On Wed, May 22, 2019, at 7:54 AM, Ryad karkar wrote: > Hey, > > I want can execut this command : scp -rp > /somerepertory/myrepertory1/ /some_repertory/myrepertory1/ > > How can i do it please ? > > I know the module copy : > > - name: "task for copy" > copy: > src: /somerepertory/myrepertory1/ > dest: /somerepertory/myrepertory1/ > Use synchronize. There's no support for recursive copy in the copy module. V/r, James Cassell > > But this module do scp -rp or not ? > > Thanks for your answer community ansible !! ;) > > Regards, > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1558526725.3575110.1669239872.134CC688%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Change current directory
On Tue, May 14, 2019, at 8:20 PM, Kevin Kwon wrote:
>
>
> Hi..
>
> I want to change the current directory in remote host by Ansible.
> so, i have created the playbook like below. but, it is not working
> correctly.
>
What problem are you actually trying to solve? Maybe try `args: chdir=/mydir`
V/r,
James Cassell
> would you please let me know how can i do change the current directory in
> the remote host?
>
> Kevin
>
>
>
> ===
>
> ---
> - name: Testing to change current direcotry
> hosts: Ansible-01
> tasks:
> - name: confirm current Directory in the switch
> become: yes
> become_method: sudo
> command: 'pwd'
> register: exec_result
> - debug: var=exec_result.stdout_lines
>
> - name: Go to "/tmp" Directory in the switch
> become: yes
> become_method: sudo
> command: ' cd /tmp '
>
> - name: confirm current Directory in the switch
> become: yes
> become_method: sudo
> command: 'pwd'
> register: exec_result
> - debug: var=exec_result.stdout_lines
>
>
> ==
>
> admin@ubuntu-Ansible:~$ ansible-playbook Change-dir.yml
>
> PLAY [Testing to change current direcotry]
> ***
>
> TASK [Gathering Facts]
> ***
> ok: [Ansible-01]
>
> TASK [confirm current Directory in the switch]
> ***
> changed: [Ansible-01]
>
> TASK [debug]
> *
> ok: [Ansible-01] => {
> "exec_result.stdout_lines": [
> *"/home/admin"*
> ]
> }
>
> TASK [Go to "/tmp" Directory in the switch]
>
> fatal: [Ansible-01]: FAILED! => {"changed": false, "cmd": "cd /tmp",
> "msg":
> "[Errno 2] No such file or directory", "rc": 2}
> to retry, use: --limit @/home/admin/Change-dir.retry
>
> PLAY RECAP
> ***
> Ansible-01 : ok=3changed=1unreachable=0failed=1
>
> admin@ubuntu-Ansible:~$
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1557879876.1209629.1669197072.58A7B777%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Rollback in Ansible ?
On Tue, May 14, 2019, at 12:08 PM, Ryad karkar wrote: > Hey, > > It is really very interesting this section rescue but if in my block I > execute for example a script sql which does a lot of actions and that there > is an error ... > This is beyond the scope of ansible. You should have the rescue block do what is necessary to recover from your SQL script, or use something like a SQL transaction, but, again, it's beyond the scope of ansible. V/r, James Cassell > So what to put in the rescue section? > > Thanks for your help ! :) > > Regards, > > > Le mardi 14 mai 2019 18:01:00 UTC+2, Eric Hymowitz a écrit : > > > > The problem you have is that ansible does not retain the old state of the > > machine when it makes changes. The fact that you executed the command > > "touch test_file.txt" does not indicate whether test_file.txt did or did > > not exist prior to running the command. So to "roll back", do you erase > > the file? Change the date-stamp back to what it was? > > > > Probably the closest thing you will find is a "block" with a "rescue" > > section attached, to specify what you want to happen in the event of an > > error. > > > > https://docs.ansible.com/ansible/latest/user_guide/playbooks_blocks.html > > > > --EbH > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1557851925.3162858.1669194328.56775790%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Rollback in Ansible ?
On Tue, May 14, 2019, at 8:04 AM, Ryad karkar wrote: > Hey stefan, > > Yes but if i want one procedure for install one application, exemple: > > - block: > > - name: task 1 > .. > . > > - name: task 2 > .. > .. > > i want that if one task fails, I want him to go back on all the tasks that > play it. > You can write rollback tasks in a `rescue` section, followed by a fail task, but there is no automatic rollback functionality unless you write it yourself. V/r, James Cassell > Do you understand what i say or no ? > > Can you help me please :) > > Regards > > Le mardi 14 mai 2019 12:20:04 UTC+2, Stefan Hornburg (Racke) a écrit : > > > > On 5/14/19 11:54 AM, Ryad karkar wrote: > > > Hey all, > > > > > > I want know when i play one task who failed if possible that ansible do > > rollback ? > > > > > > Exemple : > > > > > > - name: "create file" > > > shell: touch test_file.txt > > > > > > When i play this task, she failed so i want one task or method for > > rollback please ? > > > > Hello Ryad, > > > > what do you have in mind for the rollback for this task. Usually, if > > "touch" fails nothing changes on the target > > system. > > > > > > > > I see in documentation officielle the module *aci_config_rollback* but i > > don't konw how works this module... > > > > > > > > https://docs.ansible.com/ansible/latest/modules/aci_config_rollback_module.html > > > > > > That looks like it applies for a very specific use case. > > > > Regards > > Racke > > > > > > > > Can you help me ? > > > > > > Thanks community ansible !! :) > > > > > > Regards, > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1557836952.3071769.1669192264.7F0928F4%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] multiline jinja2 lists returned as string?
On Fri, May 3, 2019, at 4:15 PM, Adam E wrote:
> Hi there, I have some logic that I want to apply when creating assigning a
> list to a variable.
>
> See my sample playbook below, Ideally i'd like a nice clean way to have a
> logic based list. the "users" approach works, however it's always
> interpreted as a string. The only solution I can think of to fix this one
> is to store it as a string and then split it later. But I would like to
> know if it's possible to return a list somehow. Maybe there's a different
> syntax that i'm not aware of. Can anyone offer a better way to do
> something like below?
>
> - hosts: localhost
> connection: local
> vars:
> # THIS does not work as it's interpreted as a string, would have to
> split in a new var?
> # is there anything I can do here to keep a similar syntax but return a
> list?
> users: >-
> {% set cusers = ['user1', 'user2'] %}
> {% if ansible_distribution == "RedHat" %}
> {{ cusers.append('redhat_user') }}
> {% else %}
> {{ cusers.append('other_user') }}
> {% endif %}
> {{ cusers | list }}
> # THIS works but a little ugly with the newline
> users2: "{% set cusers = ['user1', 'users2'] %}\
> {% if ansible_distribution == 'RedHat' %}\
> {{ cusers.append('redhat_user') }}\
> {% else %}\
> {{ cusers.append('other_user') }}\
> {% endif %}\
> {{ cusers }}"
Another way:
users2: "{{ ['user1', 'users2'] + (ansible_distribution == 'RedHat') |
ternary(['redhat_user')], ['other_user']) }}"
V/r,
James Cassell
>
> tasks:
>
> - debug:
> msg: "user: {{ item }}"
>loop: "{{ users2 }}"
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1557352379.1591804.1669157976.5234DC88%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Ansible Replacing the existing Jar files with new Jar files with same file name is not performing any action
Please stop the spam. Your message came thru the first time. Also, please
don't spam individual members of the list with the same question you sent to
the list.
Thanks.
R,
James Cassell
On Wed, May 1, 2019, at 9:33 PM, chandrasekhar Mallishetty wrote:
>
>
> On Thursday, May 2, 2019 at 1:52:26 AM UTC+5:30, chandrasekhar Mallishetty
> wrote:
> >
> > Dear All.
> >
> > Need your help we are in the process of Automating the cognos analytics
> > servers from Linux env with ansible code .
> >
> > Requirement : we have two Jar files named local_policy.jar
> > and US_export_policy.jar in our current installation directory
> > ../ibm/jre/lib/security/ and we need to replace the new local_policy.jar
> > and US_export_policy.jar and we are writing the code as below .
> >
> > Ansible code:
> >
> >
> > - name: Put Oracle drivers in cognos directory
> > get_url: >
> > url={{ artifactory_url
> > }}/libs-ibm-lic-local/com/oracle/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.jar
> > dest={{ cognos_dir }}/drivers/ojdbc7-12.1.0.2.0.jar
> > owner='{{ cognos_user }}'
> > group='{{ cognos_group }}'
> > mode=0755
> > become: yes
> >
> > - name: Put US export policy file in cognos directory
> > get_url: >
> > url={{ artifactory_url
> > }}/libs-ibm-local/com/ibm/jce/US_export_policy/2013-02-27/US_export_policy-2013-02-27.jar
> > dest={{ cognos_dir }}/jre/lib/security/US_export_policy.jar
> > owner='{{ cognos_user }}'
> > group='{{ cognos_group }}'
> > mode=0755
> > become: yes
> >
> >
> > The above code is not taking any code or copying the new policy files
> > since the { cognos_dir }}/jre/lib/security/ has that files and if we
> > change the name to US_export_policy_1.jar we can see the file new file
> > US_export_policy_1.jar
> >
> > we modified the above code by adding force:Yes not sure if this works or
> > not
> >
> > name: Put local policy file in cognos directory
> > get_url: >
> > url={{ artifactory_url
> > }}/libs-ibm-local/com/ibm/jce/local_policy/2013-02-27/local_policy-2013-02-27.jar
> > dest={{ cognos_dir }}/jre/lib/security/local_policy.jar
> > owner='{{ cognos_user }}'
> > group='{{ cognos_group }}'
> > mode=0755
> > force: yes
> > become: yes
> >
> > Can any one suggest an exact approch to move furture
> >
> > Thanks
> > M.chandra
> >
> >
> >
> >
> >
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1278b89a-c60f-4fcd-9917-87a843d420a2%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1556762687.1833972.1669113152.575BBA83%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: How to truncate oracle table with ansible code
This is a better question for the ansible-project list. V/r, James Cassell On Wed, May 1, 2019, at 4:45 PM, chandrasekhar Mallishetty wrote: > is there any example working code that how to truncate oracle database > table with the ansible code in jinga2 template -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ab9bb049-0893-43d0-a937-5b4e35181505%40www.fastmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] how do I properly set ANSIBLE_BECOME_PASS ?
On Wed, May 1, 2019, at 4:27 PM, Guy Matz wrote:
> Thanks, but that didn't exactly help. I'm not able to figure out what I'm
> missing . . . any other thoughts? Thanks again!!!
> here's the output from '--only-changed':
>
> DEFAULT_BECOME(/Users/matz/Code/schransible/ansible.cfg) = True
> DEFAULT_VAULT_PASSWORD_FILE(/Users/matz/Code/schransible/ansible.cfg) =
> /Users/matz/.vault_pw
> HOST_KEY_CHECKING(/Users/matz/Code/schransible/ansible.cfg) = False
>
There seems to be no environment variable for the become password. You can
make your own, though:
export ANSIBLE_BECOME_PASSWORD=mypassword
then in your ansible variables, set:
ansible_become_password: "{{ lookup('env', 'ANSIBLE_BECOME_PASSWORD') }}"
V/r,
James Cassell
> On Wed, May 1, 2019 at 3:06 PM James Cassell
> wrote:
>
> > On Wed, May 1, 2019, at 2:55 PM, Guy Matz wrote:
> > > Hello! Sorry to be so lame. What combination of environment vars do I
> > > need to set in order to not get prompted for a SUDO password?!
> > >
> > > I've tried setting ANSIBLE_BECOME_PASS and ANSIBLE_ASK_BECOME_PASS=False
> > > but I still get prompted . ..
> > >
> >
> > ansible-config dump --only-changed
> >
> > > Thanks,
> > > Guy
> > >
> >
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6f32a2ce-4b3c-4179-b26d-f76720ae9d6e%40www.fastmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] how do I properly set ANSIBLE_BECOME_PASS ?
On Wed, May 1, 2019, at 2:55 PM, Guy Matz wrote: > Hello! Sorry to be so lame. What combination of environment vars do I > need to set in order to not get prompted for a SUDO password?! > > I've tried setting ANSIBLE_BECOME_PASS and ANSIBLE_ASK_BECOME_PASS=False > but I still get prompted . .. > ansible-config dump --only-changed > Thanks, > Guy > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1556737601.1685335.1669110880.74742216%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] [Ansible-project]
On Thu, Apr 18, 2019, at 9:50 AM, vikram acharya wrote:
> Hello Jonathan
>
> Thanks for support can you help with more detail If possible.. am kind of
> new ansible world .. is their any mistake in play book ?
>
>
You need 'gather_facts: yes'
V/r,
James Cassell
>
>
> On Thu, Apr 18, 2019, 19:12 Jonathan Lozada De La Matta
> wrote:
>
> >
> > https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variables-discovered-from-systems-facts
> >
> > On Thu, Apr 18, 2019 at 9:36 AM vikram acharya
> > wrote:
> >
> >> Hello team ,
> >>
> >> Am trying to install lamp i have written playbook in this manner . My
> >> system are system connected AWS i can do ssh to Redhat node from Ansible
> >> control server
> >>
> >> Need help to resolve the problem
> >>
> >>
> >> ---
> >> - hosts: all
> >> become: yes
> >> gather_facts:no
> >> tasks:
> >> - name: fail for other platform
> >> fail:
> >> msg: "this playbook is for RHEL"
> >> when: ansible_facts['os_family'] == "Redhat"
> >> - name: install httpd
> >> yum:
> >> name: httpd
> >> state: present
> >> - name: service
> >> service:
> >> name: httpd
> >> state: present
> >>
> >> - name: install php modules
> >> yum:
> >> name: "{{ item }}"
> >> state: present
> >> loop:
> >> - php
> >> - php-mysql
> >> - php-pdo
> >> - php-gd
> >> - php-mbstring
> >>
> >> ansible@ip-172-31-18-96:/etc/playbook$ ansible-playbook -i inventory
> >> lamp.yml
> >>
> >>
> >> PLAY [web]
> >> ***
> >>
> >>
> >> TASK [fail for other platforms]
> >> **fatal:
> >> [172.31.17.222]: FAILED! => {"msg": "The conditional check
> >> 'ansible_facts['os_family'] == \"Redhat\"' failed. The error was: error
> >> while evaluating conditional (ansible_facts['os_family'] == \"Redhat\"):
> >> 'dict object' has no attribute 'os_family'\n\nThe error appears to have
> >> been in '/etc/playbook/lamp.yml': line 6, column 5, but may\nbe elsewhere
> >> in the file depending on the exact syntax problem.\n\nThe offending line
> >> appears to be:\n\n tasks:\n - name: fail for other platforms\n^
> >> here\n"}
> >> fatal:
> >> [localhost]: FAILED! => {"msg": "The conditional check
> >> 'ansible_facts['os_family'] == \"Redhat\"' failed. The error was: error
> >> while evaluating conditional (ansible_facts['os_family'] == \"Redhat\"):
> >> 'dict object' has no attribute 'os_family'\n\nThe error appears to have
> >> been in '/etc/playbook/lamp.yml': line 6, column 5, but may\nbe elsewhere
> >> in the file depending on the exact syntax problem.\n\nThe offending line
> >> appears to be:\n\n tasks:\n - name: fail for other platforms\n^
> >> here\n"}
> >> [WARNING]:
> >> Could not create retry file '/etc/playbook/lamp.retry'. [Errno 13]
> >> Permission denied: u'/etc/playbook/lamp.retry'
> >>
> >>
> >>
> >>
> >>
Re: [ansible-project] var for --ask-pass ?
On Thu, Apr 4, 2019, at 2:18 AM, sergey.mihai...@gmail.com wrote:
> I start playbook : ansible-playbook win_install_ascon.yml --ask-pass
>
> define in playbook:
> ...
> ansible_become_pass: "{{ remote_pass }}"
ansible_become_password: "{{ ansible_password }}"
V/r,
James Cassell
> ...
>
> OUT:
> ...
> FAILED! => {"msg": "The field 'become_pass' has an invalid value, which
> includes an undefined variable. The error was: 'remote_pass' is undefined"}
> ...
>
> What variable is the password in?
>
> I do not want to enter the password twice when: ansible-playbook
> win_install_ascon.yml --ask-pass --ask-become-pass
> I do not want to use ansible-vault
>
> Thank.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1554384066.1162665.1668865648.1CAEA724%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] loop with dynamic item.x
On Mon, Apr 1, 2019, at 2:21 PM, Guillaume D wrote:
> Hello,
>
> I'm blocking on this all the weekend.
>
> I'm trying to build dynamically a variable with "item" for browsing in a
> list.
>
> - debug:
> msg: "{{ item.dev }} "
> loop: "{{ nginx }}"
>
>
> This is working well.
>
> But I need to have the choice of the environment.
>
> I tried this:
>
> - debug:
> msg: "{{ lookup('vars', 'item.' + environnement }} "
msg: "{{ item[environnement] }} "
V/r,
James Cassell
> loop: "{{ nginx }}"
>
>
> The output is:
>
>
> fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an
> undefined variable. The error was: 'dict object' has no attribute
> 'item.dev'\n\nThe error appears to have been in '': line 22, column 5, but
> may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe
> offending line appears to be:\n\n\n - debug:\n ^ here\n"}
>
> I tried a lot of thing, but I didn't find the right one.
>
> Any advice?
>
> Thank,
> Guillaume
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1554143818.891857.1668829440.7DA7633B%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: List of invalid character(s)
On Fri, Mar 29, 2019, at 5:26 PM, Kai Stian Olstad wrote: > On 29.03.2019 22:08, b...@tanners.org wrote: > > constants.py:122 > > > > INVALID_VARIABLE_NAMES = re.compile(r'^[\d\W]|[^\w]') > > It is document here > https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#creating-valid-variable-names > > > > Really makes it hard to do real-time.com (company domain name) > > Dash is subtraction in Jinja, so that is why you can't use that. > Period is used to access attributes in Jinja so foo.bar is the same as > foo['bar'] > > > > What is the recommendation or best practices for moving forward? > > > > > > [real_time_com]? > > What works for you is probably the best. > I use underscore since that makes is more readable that concatenate it > or camel case. > Personally I think it's a stupid limitation. I kind of hope it blows up and they revert the change. Apparently users were getting confused why they couldn't use "groups.group-name" instead of "groups['group-name']", so they banned groups with those types of characters so you can always do groups.group_name. Just don't call your group "get", "copy", "keys", "items", or a host of other special values... Using "---" as an inventory_hostname is fine, though. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1553896738.1670158.1668803592.5A5D1236%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] yum module gives "AttributeError: 'list' object has no attribute 'strip'" on list of items
On Thu, Mar 28, 2019, at 7:57 AM, Roevens Robin wrote:
> Hi Sebastian
> Merging the lists indeed did the trick. Thanks for the suggestion!
> However, I have another, related question; The next task in this
> playbook is like this:
> - name: Install extra packages required for plugins yum: name:
> "{{ item.packages }}" state: "present" with_items: - "{{
> default_plugins }}" - "{{ plugins | d(omit) }}" when:
> item.packages is defined
> And currently ansible even doesn't give a deprecation warning on this
In my opinion, the depreciation warning should have never been added, as your
task will never stop working. It was more like a feature notification that you
can install multiple packages at once, which ansible does sometimes
automatically. In your case here, ansible does not automatically install all
the packages at once, so there's no warning that ansible will stop doing so in
a future release. In any case your playbook will continue to have the same end
result as it does today, with our without changes to squash this warning.
V/r,
James Cassell
> task despite that I'm using a loop in combination with yum. And the
> only difference I see is that i'm using {{ item.packages }} instead of
> {{ item }} but I assume this will also deprecate ?How should I rewrite
> this then ?
> Thanks
> Robin
> Sebastian Meyer schreef op wo 27-03-2019 om 18:47 [+0100]:
> > Hi Robin,
> >
> > On 27.03.19 17:16, Robin Roevens wrote:
> > > Hi all
> > >
> > > I'm currently trying to get rid of all deprecation warnings as we
> > > upgraded
> > > Ansible 2.3 to 2.7.9 (CentOS 7.4)
> > > And I have this code:
> > >
> > > - name: Install required system packages
> > > yum:
> > > name: "{{ item }}"
> > > state: 'present'
> > > with_items:
> > > - "{{ base_packages }}"
> > > - "{{ additional_packages | d(omit) }}"
> >
> > Assuming base_packages and additional_packages are lists, try:
> >
> > - name: install pkgs
> > yum:
> > state: present
> > name: "{{ base_pkgs + additional_pkgs | default([]) }}"
> >
> > Ansible wants a flat list here. The suggestion in the deprecation
> > warning thinks both are just normal values and wants you to put them
> > into a list.
> >
> > But if you already have lists, merge them with + as in the above
> > code.
> >
> > HTH,
> > Sebastian
> >
> > --
> > Sebastian Meyer
> > Linux Consultant & Trainer
> > Mail: me...@b1-systems.de
> >
> > B1 Systems GmbH
> > Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> > GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB
> > 3537
> >
> --
> Dit bericht is gescanned op virussen en andere gevaarlijke
> inhoud door MailScanner en lijkt schoon te zijn.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1553774236.2809.132.camel%40gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1553774839.249222.1668783704.6402E373%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Do the target systems need to have pre-requisites installed for Ansible to work?
On Wed, Mar 20, 2019, at 5:44 PM, gigit1...@gmail.com wrote: > > > Hello, > > I’m a little confused about how Ansible works: Since its “clientless” it > makes it sound like you don’t need to install software on the target hosts > in order to run playbooks to configure them. From the documentation: > > “Ansible works by connecting to your nodes and pushing out small programs, > called "Ansible modules" to them. Ansible then executes these modules (over > SSH by default), and removes them when finished.” > > This sounds like the only place you would need to install prerequisite > software would be on the “control host” where Ansible is installed, not on > the remote hosts you want to configure. However, When looking at the > documentation for the modules, I see things like this: > > > “The below requirements are needed on the host that executes this module.” > boto > boto3 > botocore > python >= 2.6 > > > What is “the host that executes this module”? Is this the control host > where you installed Ansible or the remote host that you want to change with > the playbook? > These are required on the host you want to change. V/r, James Cassell > Thank You > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1553126415.1203682.1668696712.3A3EA0B4%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] how to prevent Ansible to change ansible_python_interpreter after execution
On Mon, Mar 18, 2019, at 2:13 AM, Chris Duong wrote: > Hi, > > I'm using Zsh and PyEnv. I Pip install the Ansible > > I had set ansible_python_interpreter to my own PYTHON, in the Inventory > file. > ansible_playbook_python is the path to the python executable used to invoke the Ansible command line tool https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html V/r, James Cassell > ```yaml > [default] > localhost ansible_python_interpreter=/Users/cduong/.pyenv/shims/python > ``` > > However, after the execution, Ansible updated it to default Python of macOS > - /opt/local/Library/Frameworks/Python.framework/Versions/2.7/bin/python > > How can we prevent this from happen, because I don't not install Ansible > with default Python. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1552908236.1076091.1668656720.54A726F7%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Skip import playbook using when condition.
On Wed, Feb 27, 2019, at 1:43 PM, Pandu jh wrote:
>
> If there are no hosts added to add host, subsequent plays should be
> skipped. Please let me know how to provide when condition for this
>
with import_*, the import happens unconditionally and the specified conditions
on the import are applied to each task imported.
V/r,
James Cassell
> - name:
> hosts: rchadm01
> vars_files:
> - var.yml
> tasks:
> - name:
> add_host:
> name: "{{ decom_host }}"
> groups: decom_host_group
>
> - import_playbook: sub_plays/play2.yml
> when: '"decom_host_group" not in group_names'
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/cc530246-ad74-40fa-ada7-b6647d8040de%40www.fastmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] with blockinfile module, I'm looking for option to check the entries whether its present or not! if not then entries have to be added by play.
On Mon, Feb 25, 2019, at 8:08 AM, Deepan M wrote:
>
>
>
>
> Hello,
>
> Can someone please help to solve my request?
>
> with blockinfile module, I'm looking for option to check the entries
> whether its present or not! if not then entries have to be added by play.
>
> As per below my playbook, its working partially, like its appending even if
> the entries are already present but actually i'm looking that play should
> ignore if already entries are exists and incase not present then it should
> added.
>
My guess is that it is finding the empty string marker at BOF and finding
nothing between the zero length marker and itself, this adding the block
unconditionally. You will have more luck with a non empty marker.
V/r,
James Cassell
>
>
> *Playbook:-*
> cat resolv_add.yml
> ---
> - hosts: resolv
> become: yes
> tasks:
> - name: check the presence of lines
> shell: cat /tmp/resolv.conf |egrep "Hello the world|i'm here|is it
> working"
> register: result
> ignore_errors: yes
> - debug: msg="{{result.stdout}}"
> - name: add lines below lines if not exists
> blockinfile:
> marker: ""
> block: |
> Hello the world
> i'm here
> is it working
> path: /tmp/resolv.conf
> state: present
> changed_when: result.stdout.find('exists') == -1
>
>
> *Execution Output:-*
>
> ansible-playbook resolv_add.yml
> SUDO password:
>
> PLAY [resolv]
>
>
> TASK [Gathering Facts]
> ***
> ok: [usa7061lv1771]
>
> TASK [check the presence of lines]
> ***
> changed: [usa7061lv1771]
>
> TASK [debug]
> *
> ok: [usa7061lv1771] => {
> "msg": "Hello the world\ni'm here\nis it working"
> }
>
> TASK [add lines below lines if not exists]
> ***
> changed: [usa7061lv1771]
>
> PLAY RECAP
> ***
> usa7061lv1771 : ok=4changed=2unreachable=0
> failed=0
>
> *Remote server output:-*
> cat resolv.conf
>
> Hello the world
> i'm here
> is it working
>
> Hello the world
> i'm here
> is it working
>
> Thanks,
> Deepan M
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1551101761.238055.1663380392.35A0365A%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: blockinfile state:absent is not working, I'm trying to remove mulitple lines but not working
On Fri, Feb 15, 2019, at 8:35 AM, Deepan M wrote:
>
> Hi James,
>
> Still same problem! Can you please see below entries and correct me if
> anything wrong in that?
>
> ---
> - hosts: xerox
> become: yes
> tasks:
> - name: removelines
> blockinfile:
> marker_begin: " REQ00931296 ###"
> content: |
> User_Alias S3_OPS=pams3fedqaadmin
> S3_OPS ALL=(ALL) ALL
> marker_end: ""
Also set marker: "{mark}"
> path: /tmp/test
> state: absent
> backup: yes
>
>
> Thanks,
> Deepan M
>
> On Friday, February 15, 2019 at 5:55:48 PM UTC+5:30, Deepan M wrote:
> >
> >
> > please someone help me to get answer for my query!
> >
> > ---
> > - hosts: testuser
> > become: yes
> > tasks:
> > - name: removelines
> > blockinfile:
> > block: |
> >
> > request ###
> > User_Alias S3_OPS=pams3fedqaadmin
> > S3_OPS ALL=(ALL) ALL
> > "
> > path: /tmp/test
> > state: absent
> > backup: yes
> >
> >
> > ansible-playbook sudolineinfile.yml
> > SUDO password:
> >
> > PLAY [xerox]
> > *
> >
> > TASK [Gathering Facts]
> > ***
> > ok: [usamachine]
> >
> > TASK [removelines]
> > ***
> > ok: [usamachine]
> >
> > PLAY RECAP
> > ***
> > usamachine : ok=2changed=0unreachable=0failed=0
> >
> >
> >
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1550238431.256521.1658603976.19BD3B9B%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] blockinfile state:absent is not working, I'm trying to remove mulitple lines but not working
On Fri, Feb 15, 2019, at 7:45 AM, James Cassell wrote: > > > On Fri, Feb 15, 2019, at 7:25 AM, Deepan M wrote: > > > > please someone help me to get answer for my query! > > > > --- > > - hosts: testuser > > become: yes > > tasks: > > - name: removelines > > blockinfile: > > block: | > > > > request ### > > User_Alias S3_OPS=pams3fedqaadmin > > S3_OPS ALL=(ALL) ALL > > " > > path: /tmp/test > > state: absent > > backup: yes > > > > You'll need to move your markers from block to marker_begin and marker_end > You'll also need to set marker. > > V/r, > James Cassell > > > > > > ansible-playbook sudolineinfile.yml > > SUDO password: > > > > PLAY [xerox] > > * > > > > TASK [Gathering Facts] > > *** > > ok: [usamachine] > > > > TASK [removelines] > > *** > > ok: [usamachine] > > > > PLAY RECAP > > *** > > usamachine : ok=2changed=0unreachable=0failed=0 > > > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1550235317.1010465.1658579440.59862280%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] blockinfile state:absent is not working, I'm trying to remove mulitple lines but not working
On Fri, Feb 15, 2019, at 7:25 AM, Deepan M wrote: > > please someone help me to get answer for my query! > > --- > - hosts: testuser > become: yes > tasks: > - name: removelines > blockinfile: > block: | > > request ### > User_Alias S3_OPS=pams3fedqaadmin > S3_OPS ALL=(ALL) ALL > " > path: /tmp/test > state: absent > backup: yes > You'll need to move your markers from block to marker_begin and marker_end V/r, James Cassell > > ansible-playbook sudolineinfile.yml > SUDO password: > > PLAY [xerox] > * > > TASK [Gathering Facts] > *** > ok: [usamachine] > > TASK [removelines] > *** > ok: [usamachine] > > PLAY RECAP > *** > usamachine : ok=2changed=0unreachable=0failed=0 > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1550234704.1005617.1658575808.293A3607%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Version Control playbooks and tasks
On Tue, Feb 12, 2019, at 4:24 PM, Tuyen Nguyen wrote: > Hi > > I would like to implement version control on my playbooks and on my task > plays. What version control is recommended? I have heard of using git, > however I have never used git before. Does anyone have experience with > using version control to manage all their playbooks? > I'd hope everyone does. Git is the de facto standard, so go with that unless you have a good reason to use something else. V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1550018902.1457411.1656805560.7E9478C0%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] set_fact with_items inside var
On Sun, Feb 3, 2019, at 11:45 AM, cortado wrote:
> I need to add an item to a list. This works:
>
> - name: "Build Pool IP List"
> set_fact:
> pool_server_ips_list: "{{pool_server_ips_list}} + [{'ip': {'addr':
> item, 'type': 'V4'}}]"
> with_items: "{{pool_server_ips}}"
>
> with this list:
>
> pool_server_ips:
> - 10.8.10.4
> - 10.8.10.5
> - 10.8.10.6
> - 10.8.10.7
>
> I need to add another element to the list so I changed it to:
>
> pool_server_ips:
> - hostip: 10.8.10.4
> pool_member_enabled: true
> - hostip: 10.8.10.5
> pool_member_enabled: false
> - hostip: 10.8.10.6
> pool_member_enabled: false
> - hostip: 10.8.10.7
> pool_member_enabled: false
>
> then changed fact to:
>
> set_fact:
> pool_server_ips_list: "{{pool_server_ips_list}} + [{'ip': {'addr':
> item.hostip, 'type': 'V4'}}]"
Try:
pool_server_ips_list: "{{pool_server_ips_list | default([]) + [{'ip':
{'addr': item.hostip, 'type': 'V4'}}] }}"
> with_items: "{{pool_server_ips}}"
>
> If I debug the list i get:
>
> "servers": [
> "[] + [{'ip': {'addr': [item.hostip]",
> " 'type': 'V4'}}] + [{'ip': {'addr': [item.hostip]",
> " 'type': 'V4'}}] + [{'ip': {'addr': [item.hostip]",
> " 'type': 'V4'}}] + [{'ip': {'addr': [item.hostip]",
> " 'type': 'V4'}}]"
> ]
>
V/r,
James Cassell
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1549224212.1851201.1649939408.2EBE8EA6%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Unable to parse /etc/ansible/hosts as an inventory source
On Sun, Jan 20, 2019, at 12:56 PM, bng.ze...@gmail.com wrote: > also make sure that you are in the root directory while doing mkdir > > On Friday, June 22, 2018 at 5:34:49 AM UTC+5:30, stifan kristi wrote: > > > > is file /etc/ansible/hosts exist? perhaps you should create it first > > e.g. > > sudo mkdir /etc/ansible/ > > sudo touch /etc/ansible/hosts > > sudo chmod 777 /etc/ansible/hosts Pretty sure that making the inventory executable will cause ansible to try to run it as a script then use the output as inventory. V/r, James Cassell > > sudo echo "localhost ansible_connection=local" >> /etc/ansible/hosts > > > > best regards, > > stifan > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1548009140.3681874.1639382392.194815FB%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Beginner, can't complete this step
On Mon, Jan 14, 2019, at 5:44 PM, boncalo mihai wrote:
> Hi
> Sorry , this must be to easy for you but I can't figure it out. I was
> following some ansible video tutorials and I can't go further because
> of some errors
>
> ansible all -m user -a name=linda
> ansible3 | FAILED! => {
> "changed": false,
> "msg": "useradd: Permission denied.\nuseradd: cannot lock
> /etc/passwd; try again later.\n",
> "name": "linda",
> "rc": 1
> }
> ansible4 | FAILED! => {
> "changed": false,
> "msg": "useradd: Permission denied.\nuseradd: cannot lock
> /etc/passwd; try again later.\n",
> "name": "linda",
> "rc": 1
> }
> ansible2 | FAILED! => {
> "changed": false,
> "cmd": "/sbin/useradd -m linda",
> "msg": "[Errno 13] Permission denied",
> "rc": 13
> }
> ansible1 | FAILED! => {
> "changed": false,
> "cmd": "/sbin/useradd -m linda",
> "msg": "[Errno 13] Permission denied",
> "rc": 13
>
>
> I'm trying to add an user on 4 machines.
> -created project directory
> -created ansible.cfg file with this content:
> [defaults]
> remote_user = ansible
> host_key_checking = false
> inventory = inventory
>
> [priviledge_escalation]
Try priviledge_escalation -> privilege_escalation
V/r,
James Cassell
> become = True
> become_method = sudo
> become_user = root
> become_ask_pass = False
> -created inventory file:
> [all]
> ansible1
> ansible2
> ansible3
> ansible4
>
> -user ansible was created on all machines and has sudo access
> -ssh-copy-id was used for all machines
> -all machines are in /etc hosts with the name from inventory file
>
> From what I see, ansible is trying to add the user without becoming root
> Adding user or becoming root works without any issue
>
> Thank you,
> Mihai.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1547506254.3074073.1634602840.220124BD%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: Using Ansible via a bastion host
On Fri, Jan 11, 2019, at 2:15 PM, Tim Coote wrote:
> ignore the `apt` example. Running it to remove ca-certificates from Raspian
> ripped out the packages that sustained the tunnel!
>
> however, the error does still occur with the `rsync` module.
>
The synchronize module does not work with complicated connection setups, from
my experience.
V/r,
James Cassell
> On Friday, 11 January 2019 18:58:47 UTC, Tim Coote wrote:
> >
> > I've encountered a couple of modules where target hosts that are accessed
> > an intermediate host don't seem to work in a naive way. I'm wondering if
> > this is a known issue and whether there are any workarounds. The latest
> > version concerns the `apt` module. Here's a snippet from my inventory file:
> >
> > target_host ansible_host=localhost:4321 ansible_user=user
> > host_key_checking=false
> >
> > A simple stanza is:
> >
> > ```
> >
> > - name: Remove CA certificate bundle
> >
> > tags:
> >
> > - oneoff
> >
> > apt:
> >
> > name: ca-certificates
> >
> > state: absent
> > ```
> >
> > When I run this playbook, I get this error:
> > ```
> >
> > TASK [upgrade : Remove CA certificate bundle]
> > ***
> >
> > *fatal: [target_host]: UNREACHABLE! => {"changed": false, "msg": "SSH
> > Error: data could not be sent to remote host \"localhost:4321\". Make sure
> > this host can be reached over ssh", "unreachable": true}*
> > ```
> >
> > The module `rsync` has similar issues. Any thoughts on how to work around
> > this, other than just using `shell`?
> >
> > tc
> >
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1547234488.3462532.1632175072.47E5343E%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] "become" not working on centos 7 hosts
On Wed, Jan 2, 2019, at 8:57 AM, John.1209 wrote: > I've got ansible setup in a centos 6 & 7 environment. The Centos 6 hosts > all work fine. The centos 7 hosts work, but I cannot use "become" with > centos 7. It works with Centos 6, and non-root commands work with centos > 7. Here is a snippet from the debug log > [...] > [MyAccunt@util07 ~]$ ansible TargetHost -a "echo hello" -- > Received > exit status from master 1\r\nShared connection to TargetHost closed.\r > \n", >"module_stdout": "sudo: a password is required\r\n", >"msg": "MODULE FAILURE", >"rc": 1 > } It's telling you here that sudo is configured to require a password, but none is being passed. Pass -K on the ansible command line to have ansible prompt you for it. > > > Any ideas why ansible with become fails for CentOS 7 clients? > > TIA > V/r, James Cassell -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1546877234.2290547.1627811768.322E8321%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] How to use 'with_items' based on variable?
Try
files: "{{ lookup('vars', dir ~ '_files' }}"
V/r,
James Cassell
On Fri, Dec 28, 2018, at 3:03 PM, Bharath Kumar wrote:
> Hello Ansible Experts,
>
> I am creating a Role, which has a task to download multiple files from an
> URL, and, for that, I am using get_url module. Since, get_url cant download
> files recursively, I have been trying to use 'with_items'.
>
> Role Snippets Below.
>
> /defaults/main.yml
> ---
>
> files: "{{ dir }}_files"
>
>
> /vars/main.yml
> ---
> onedir_files:
> - abc1
> - abc2
> - abc3
>
>
> twodir_files:
> - xyz1
> - xyz2
>
>
> threedir_files:
> - one
> - two
> - three
>
> /tasks/main.yml
> ---
> - name: Download Properties Files!
> get_url:
> url: "{{ url }}/{{ dir }}/{{ item }}"
> dest: "{{ dest_dir }}/"
> with_items: "{{ files }}"
>
> *ansible-playbook test.yml --extra-vars "dir=one"*
>
> Running all tasks fine until the get_url, and, failing with below.
>
> failed: [target_host] (item=onedir_files) => {"changed": false, "dest":
> "/some/target/path", "gid": 0, "group": "root", "item": "onedir_files",
> "mode": "0755", "msg": "Request failed", "owner": "root", "response": "HTTP
> Error 404: org.tmatesoft.svn.core.SVNException: svn: E175007: Path
> '/some/path/", "secontext": "unconfined_u:object_r:default_t:s0", "size":
> 4096, "state": "directory", "status_code": 404, "uid": 0, "url":
> "https://someurl/one/onedir_files"}
>
> Please let me know where I have gone wrong? or, a best practice or a good
> approach for the above problem/requirement.
>
> Thanks in Advance.
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0802a1f2-169c-4695-a26a-9e6ec31a8216%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1546030060.1204343.1620217840.118606B4%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] filtering out attributes
Look at the json_query filter. You can use it with JMESPath queries to extract
what you need.
V/r,
James Cassell
On Fri, Dec 21, 2018, at 6:13 PM, Justin DynamicD wrote:
> First I apologize if this was covered elsewhere, but nothing seemed to
> match my scenario... at least not in a way I could recreate.
>
> I have a role that builds a list of dictionaries. I've found it fairly
> easy to extend this list, add attributes to individual items, etc, but I'm
> having a real problem "reducing" the output or creating a simplified
> dictionary from the complex one.
>
> The scenario:
>
> Assume I have a list that looks something like this:
>
> drives:
> - volume: 0
>size_kb: 102400
>name: drive1
>datastore: alpha
> - volume: 1
>size_gb: 50
>name: drive2
>datastore: alpha
>
>
> In this case, I discover with minor manipulation, I can drop {{ drives }}
> right into my vmware_guest module as long as I filter down to just the
> relevant attributes. If I drop it in as-is, however, it fails because it
> doesn't know what some of the attributes are. So I want to make it look
> something like this:
>
> drives:
> - size_kb: 102400
>datastore: alpha
> - size_gb: 50
>datastore: alpha
>
> I've tried using selectattr() and rejectattr(), but those seem to
> accept/reject the entire dictionary based on an attribute. I'm hoping to
> simply filter out irrelevant attributes instead. I tried just making a new
> list but then had issues with dealing with the "size_*" attributes as one
> is kb and the other is gb. Basically I would love to have some kind of
> filter where I set a new fact and simply inject every attribute that is
> relevant.
>
> - set_fact:
> new_disks: "{{ new_disks | default([]) + [ drives |
> selectonly('datastore','size_*') ] }}"
> loop: "{{ drives }}"
> loop_control:
> loop_var: loop_drives
>
> Sadly, I've been coming up empty when it comes to "trimming" an object
> down. Any ideas?
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/de5b6492-f105-49ff-a088-c25327bc4dff%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1545451906.3452513.1616002008.0A45497A%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] "omit" but for ordinary variables?
On Thu, Dec 20, 2018, at 1:17 AM, Karl Auer wrote:
> Is there anything like the "default(omit)" filter available for ordinary
> variable declarations?
>
> I am building a list of volume details, which will be passed too the ec2
> module. With module parameters, one can comvert an undefined parameter inot
> no parameter at all with the "default(omit)" filter, but I cn't find a way
> to simply leave out an undefined item from the list I m building.
>
> Say my input is a list of tables like this:
>
> alist:
>- { 'fred': value1, 'mary': value2 }
>- { 'fred: value3 }
>
> I want to process that list into another list using set_fact, so:
>
> - set_fact:
> mylist: "{{ mylist + [ {'this': item.fred, 'that': item.mary } ] }}"
> with_items: "{{ alist }}"
>
Try
- set_fact:
mylist: "{{ mylist + [ {'this': item.fred } | combine(item.mary is defined
| ternary({ 'that': item.mary }, {})] }}"
with_items: "{{ alist }}"
> ... and end up with
>
> { 'this': value1, 'that': value2}
> { 'this': value3 }
>
> But I can't figure out how to omit item.mary if it is undefined.
>
> Any clues?
>
> Regards, K.
>
> --
> Karl Auer
>
> Email : ka...@2pisoftware.com
> Website: http://2pisoftware.com
>
> GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
> Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2B%2BT08Q7kOqLoVar0J1n8tpgm%2BovauRw17m7ONhwdJgeMKvh9g%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1545366130.2300653.1615147544.549E96CE%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] how to add ssh host-keys for lots of new cloud hosts?
Set ansible_ssh_extra_args="-o StrictHostKeyChecking=no" V/r, James Cassell On Thu, Nov 22, 2018, at 6:22 AM, Mark Zhitomirski wrote: > Traditional approach is to leave it to a human operator and warn him of a > new host key. > This way is a no-go for automation and testing, a workaround is to disable > host-key checks with ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' > like here: > https://github.com/mz0/ansible-digitalocean/blob/186eb84df/launch.yml#L53 > > It seems to me that a better way would be to auto-add host-key if this is a > wholly new host (and maybe check for key uniqueness). > My understanding is that this is a job for a certain Ansible plugin, cause > host-key handling is not dependent on specific cloud/provisioning module > (digital_ocean_droplet in my case) > So far I couldn't find any plugin of this sort and kindly ask for pointers. > > Regards, > MZ > > -- > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/4adc8c21-d5ed-46d9-9f46-57bdfa77c723%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1543037440.1725941.1587192896.4EBFD6A0%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
