Re: [ansible-project] Re: callback plugin log_plays double output in logs

[Ansible Krazy]

Is it also work if I use custom ansible.cfg file ... how to call callback
plugins in custom ansible.cfg

On Fri, Jan 12, 2018 at 2:27 PM, Kai Stian Olstad <
ansible-project+l...@olstad.com> wrote:

> On 09.01.2018 22:00, ansiblekr...@gmail.com wrote:
>
>> So I defined it under /usr/share/ansible/plugins/callback ansible one.
>>
>
> What do you mean with defined?
>
> log_plays is bundled with Ansible 2.4 so you only need to set
> "stdout_callback = log_plays" in ansible.cfg or set the environment
> variable ANSIBLE_STDOUT_CALLBACK=log_plays
>
>
> --
> Kai Stian Olstad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/ansible-project/f6de30bb598b696c28fb45b0c120810d%40olstad.com.
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPWPJXZt67NJQJJWqyebmwQ-E_sLv6DVMOAVUzZ%3DXf1z9e88iQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Simple cisco IOS show version

[Surjeet Singh]

Hi,

I would like to share that i managed to collect inventory information with
only minor changes in ansible playbook.

sharing just to help other people who new learner like me.

# write facts in inventory
- name: write the inventory in into file
  copy:
content: |
  MGMT_IP;HOSTNAME;MODEL;VERSION;IMAGE;
  {% for host in ansible_play_hosts %}
  {{ hostvars[host].inventory_hostname}};{{
hostvars[host].facts_output.ansible_facts.ansible_net_hostname }};{{
hostvars[host].facts_output.ansible_facts.ansible_net_model }};{{
hostvars[host].facts_output.ansible_facts.ansible_net_version }};{{
hostvars[host].facts_output.ansible_facts.ansible_net_image }}
  {% endfor %}

dest: /etc/ansible/facts/systems.csv
backup: yes

output will look like below after minor changes in excel.

MGMT_IP HOSTNAME MODEL VERSION IMAGE
1.1.1.1 R1 3725 (R7000) processor 12.4(15)T14 tftp://255.255.255.255/unknown
2.2.2.2 R2 3725 (R7000) processor 12.4(15)T14 tftp://255.255.255.255/unknown
3.3.3.3 R3 3725 (R7000) processor 12.4(15)T14 tftp://255.255.255.255/unknown
4.4.4.4 R4 3725 (R7000) processor 12.4(15)T14 tftp://255.255.255.255/unknown
5.5.5.5 router_r5 3725 (R7000) processor 12.4(15)T14 tftp://
255.255.255.255/unknown
6.6.6.6 R6 3725 (R7000) processor 12.4(15)T14 tftp://255.255.255.255/unknown
7.7.7.7 R7 3725 (R7000) processor 12.4(15)T14 tftp://255.255.255.255/unknown
8.8.8.8 router_r8 3725 (R7000) processor 12.4(15)T14 tftp://
255.255.255.255/unknown

Regards,
*Surjeet Singh*
Technical Specialist – Networks DATA
CCNA, CCNP(R)
Cell : +917838707047

To become bigger person,need to walk with bigger Vision 

On Mon, Jan 29, 2018 at 10:16 AM, Surjeet Singh  wrote:

> Thank you for your response.
>
> I also managed to fix this by modifying my code little bit
> .I will share my updated code with you..
>
> Regards/Surjeet
>
> On 29-Jan-2018 2:51 AM, "Claudia de Luna"  wrote:
>
>> Hi Surjeet,
>>
>> I have a script that is very similar to yours.  I pass it either a file
>> or a path to a directory full of individual files per device with all the
>> show command output.
>>
>> I take the output of each file and append it to a list, fsm_all_results.
>> Once done processing either one file or a directory full of files, i save
>> fsm_all_results to a CSV file.
>>
>> Hope this helps!
>>
>> Good luck.
>>
>> # Make sure we have files to process (at least 1)
>> if len(file_list) > 0:
>>
>> # Open the CSV file to store results
>> csv_results_fh = open_file(results_dir, 'wb')
>> csv_writer = csv.writer(csv_results_fh, quoting=csv.QUOTE_MINIMAL)
>>
>> # Iterate through the valid file list. If the script was passed a 
>> filename it will be a file_list of 1
>> # If the script was passed a directory it will be a list of files with a 
>> valid extension
>> for fil in file_list:
>>
>> print("Processing device file: " + fil)
>>
>> # open_file function returns a file handle
>> fh = open_file(fil, 'r')
>>
>> # Read the file contents into a variable for parsing
>> file_contents = fh.read()
>> # Close file
>> fh.close()
>>
>> # Send TextFSM Template name and data to parse to text_fsm_parsing 
>> function
>> # file_results returns the parsed results and table returns the 
>> header
>> fil_results, table = text_fsm_parse(textfsm_template, file_contents)
>> print("file results of lenght {} from 
>> text_fsm_parse:\n{}".format(str(len(fil_results)),fil_results[1]))
>>
>> # Append fil_results list of results to list of all results
>> fsm_all_results.append(fil_results)
>>
>> # Keep track of files without parser output in the no_output list so 
>> it can be printed later
>> if len(fil_results) == 0:
>> no_output.append(fil)
>>
>>
>>
>> # Write the header row in the CSV file
>> if table:
>> csv_writer.writerow(table.header)
>> else:
>> sys.exit("Parsing Error. Execution aborted.")
>>
>> # Write each row in the fsm_all_results list to the CSV file
>> for re_row in fsm_all_results:
>> for single_row in re_row:
>> csv_writer.writerow(single_row)
>> # print(single_row)
>>
>>
>>
>>
>>
>>
>>
>>
>> On Saturday, January 27, 2018 at 6:29:25 AM UTC-8, Surjeet Singh wrote:
>>>
>>> Hi Claudia,
>>>
>>> i am strugling with with issue in putting textfsm in loop. i can read
>>> all my file end with .txt but i have issue in moving for loop so i can run
>>> textfsml on all files instead of last file.
>>>
>>> can you please help me with that.
>>>
>>> import jtextfsm as textfsm
>>> import glob, os
>>>
>>> os.chdir("/etc/ansible/facts/")
>>> for file in glob.glob("*_iosfacts.txt"):
>>> input_file = open(file)
>>> raw_text_data = input_file.read()
>>> input_file.close()
>>>
>>> # Run the text through the FSM.
>>> # The argument 

[ansible-project] Re: Ansible zabbix module issues

[Andrew Morgan]

thank you for "Ansible is hard coded to /usr/bin/python"..resolved

On Wednesday, January 24, 2018 at 1:52:57 AM UTC-5, Andrew Morgan wrote:
>
> Hello All, 
>
> My ansible module is 
>
> ansible 2.4.2.0
>   config file = /ansible/ansible.cfg
>   configured module search path = [u'/root/.ansible/plugins/modules', u
> '/usr/share/ansible/plugins/modules']
>   ansible python module location = /usr/lib/python2.6/site-packages/
> ansible
>   executable location = /usr/bin/ansible
>   python version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 
> 20120313 (Red Hat 4.4.7-17)]
>
>
> my play is 
>
> - hosts: zabbix
>
>   tasks:
>   - name: This is installation
> zabbix_maintenance:
>  name: Zabbix123
>  host_groups: Discovered host,Linux servers
>  state: present
>  minutes: 90
>  server_url: http://zabbix.socialpatrol.net
>  login_user: Admin
>  login_password: yORKKEI1!
>  desc: Setting up maintenance window for builds
>
>
> my issue is that when I try to run ansible-playbook playbook.yaml
>
> I keep getting the error:
>
> TASK [This is installation] 
> **
> fatal: [zabbix_server]: FAILED! => {"changed": false, "msg": "Missing 
> required zabbix-api module (check docs or install with: pip install 
> zabbix-api)"}
> to retry, use: --limit @/ansible/playbook.retry
>
>
> I have installed pip zabbix-api , zabbix_api, pyzabbix and neither works. 
> I have even tried installing them to the targe directory ansible has as 
> python module location /usr/lib/python2.6/site-packages/ansible
>  but I still get that error.Can someone please help.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4703f4f3-a5aa-4403-813c-beea893e338c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Cygwin breaking ansible

[lpescatore via Ansible Project]

Hi folks, I have a WEIRD problem. 
After running cygwin ssh-host-config on my PC, which starts sshd and rsync 
services, suddenly I can no longer run ansible. 
I get this error:

root@Raspi_Ctrl:/ansible/playbook/nuc# ansible -i /ansible/hosts nuc -m 
win_ping

* [WARNING]: FATAL ERROR DURING FILE TRANSFER: Traceback (most recent call 
last):   File*

*"/usr/local/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", 
line 276, in _winrm_exec*

*self._winrm_send_input(self.protocol, self.shell_id, command_id, data, 
eof=is_last)   File*

*"/usr/local/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", 
line 256, in _winrm_send_input*

*protocol.send_message(xmltodict.unparse(rq))   File 
"/usr/local/lib/python2.7/dist-*

*packages/winrm/protocol.py", line 207, in send_message return 
self.transport.send_message(message)   File*

*"/usr/local/lib/python2.7/dist-packages/winrm/transport.py", line 202, in 
send_message raise*

*WinRMTransportError('http', error_message) WinRMTransportError: (u'http', 
u'Bad HTTP response returned from*

*server. Code 500')*


100.126.255.201 | FAILED! => {

"msg": "winrm send_input failed"

}

root@Raspi_Ctrl:/ansible/playbook/nuc# ansible -i /ansible/hosts nuc -m 
win_ping

*100.126.255.201 | UNREACHABLE! => {*

*"changed": false, *

*"msg": "basic: HTTPSConnectionPool(host='100.126.255.201', port=5986): 
Max retries exceeded with url: /wsman (Caused by 
ConnectTimeoutError(, 'Connection to 100.126.255.201 timed out. (connect 
timeout=30)'))", *

*"unreachable": true*

*}*




*When I run system restore to before this ssd-host-config, I can reach it 
again. *

*rsync uses port 873, sshd uses 22, and I believe ansible uses 5986 so 
there should be no conflict. *


*Has anyone else had this issue?*


*By the way, this is the script that does the config. I do have this set to 
become: so i dont think it's a privelege thing.*


#!/bin/bash


#::Configure sshd service

if ! ssh-host-config --yes --pwd "foo"; then

echo "ERROR: Failed to configure sshd"

exit 1

fi

#echo db_home: /cygdrive/c/home/YRunner > C:\cygwin\etc\nsswitch.conf || 
exit /b 1


if ! net start sshd; then

echo "ERROR: Failed to start sshd service."

exit 1

fi


#configure the rsyncd service

cat < /etc/rsyncd.conf

use chroot = yes


[yrunner_rsyncer]

#path = /cygdrive/c/home/YRunner

comment = YRunner Rsyncer

auth users = YRunner

secrets file = /etc/rsyncd.secrets

write only = false

read only = false

list = true

strict modes = false

hosts allow = *

EOF



/usr/bin/cygrunsrv.exe --install "rsyncd" --path /usr/bin/rsync --args 
"--daemon --no-detach" -f "Rsync daemon service"

if [[ "$?" -ne 0 ]]; then

echo "ERROR: Failed to install rsyncd service"

exit 1

fi


net start rsyncd

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3902d288-fb78-4635-a734-ea40319ff606%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Linux Compare Two hosts operating system versions and applications versions

[srikanthgali187]

This is to check Disaster recovery hosts are having same configuration/OS 
levels/application versions as DC hosts. Any idea how to auto mate this 
with ansible?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/12b07948-4752-4c1d-8d2a-bc1ff3562059%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible & Jenkins integration issue

[Malcolm Hussain-Gambles]

Are you using the ansible plugin within Jenkins?
Or running it as a cli within jenkins?
I've had no issues (yet) using the ansible plugin.

On Tuesday, 30 January 2018 09:12:33 UTC, GornerM wrote:
>
> Ansible playbooks passes without any issues, when I run it directly from 
> cli (also inside of Jenkins workspace)
> But I receives the following error 
> "FAILED! => {"failed": true, "msg": "ERROR! the handler 
> 'juniper_junos_facts' was not found" 
> when ansible runs by execution of Jenkins job.
>
> juniper_junos_facts is the task of Juniper.junos role.
>
> I have specifide library path in ansible configuration and exported 
> ANSIBLE_LIBRARY variable.
>
> Do you have any ideas, why ansible can not find tasks iside of Jenkins?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ddb04bae-dac9-4ff8-81b1-18dcd33a13fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Azure Auth using 'az login' like Terraform does

[Jordan Borean]

This was added with https://github.com/ansible/ansible/pull/35213 and will 
be available in the 2.5 release. You can checkout the latest devel branch 
if you wanted to try it out today.

Thanks

Jordan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c8e1e0b4-5cc1-4b7d-8347-bda8d347218d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Loops in Ansible

[Kai Stian Olstad]

On Tuesday, 30 January 2018 20.25.19 CET ZillaYT wrote:
> I was looking 
> here http://ansible-manual.readthedocs.io/en/latest/acl_module.html

I would suggest to use the official documentation and not some random site on 
the Internet.

-- 
Kai Stian Olstad

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6052238.RVMXYRXb1n%40x1.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Loops in Ansible

[Kai Stian Olstad]

On Tuesday, 30 January 2018 20.16.29 CET ZillaYT wrote:
> I'm trying to do the same thing. What version of Ansible are you using? I 
> use v2.4.2.0 and the acl module does NOT have a recursive parameter, but I 
> see you use it?

Where to you get that from?
>From the docs https://docs.ansible.com/ansible/latest/acl_module.html#options

recursive (added in 2.0) - Recursively sets the specified ACL (added in Ansible 
2.0). Incompatible with state=query.


-- 
Kai Stian Olstad

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9431530.pEz0vq47VI%40x1.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Loops in Ansible

[ZillaYT]

I'm trying to do the same thing. What version of Ansible are you using? I 
use v2.4.2.0 and the acl module does NOT have a recursive parameter, but I 
see you use it?

On Wednesday, March 15, 2017 at 9:50:31 AM UTC-4, Андрей Климентьев wrote:
>
> Hi, everyone.
>
> Would it be possible to somehow merge those two tasks in one? As you can 
> see, the only difference is in *default: [yes|no] *key.
> I have to install both default and non-default ACL on a filesystem object, 
> but I am am stuck with (perceived) deficiencies of Ansible loops. Can I 
> somehow alternate between those two boolean values, whilst also being able 
> to loop *with_subelements*?
>
>   vars:
> deploy_username: deploy-a
> directories:
> - path: /var/www
>   owner: www-data
>   group: www-data
>   permissions: "0770"
>   recursive_perms: yes
>   acl:
>   - etype: user
> permissions: rwX
> entity: www-data
>   - etype: user
> permissions: rwX
> entity: "{{ deploy_username }}"
>
>   - name: Set ACL on directories
> acl:
>   path: "{{ item.0.path }}"
>   entity: "{{ item.1.entity }}"
>   etype: "{{ item.1.etype }}"
>   permissions: "{{ item.1.permissions }}"
>   state: present
>   default: no
>   recursive: "{{ item.0.recursive_perms }}"
> with_subelements:
> - "{{ directories }}"
> - acl
>
>
>   - name: Set default ACL on directories
> acl:
>   path: "{{ item.0.path }}"
>   entity: "{{ item.1.entity }}"
>   etype: "{{ item.1.etype }}"
>   permissions: "{{ item.1.permissions }}"
>   state: present
>   default: yes
>   recursive: "{{ item.0.recursive_perms }}"
> with_subelements:
> - "{{ directories }}"
> - acl
>
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6fe0d64e-e00d-4b0a-941b-5dc115ea0bbd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Getting latest version in `.galaxy_install_info`

[jjelinek]

Hi,

If I have a requirements.yml like this:

```
---
- name: abc
  src: g...@github.com:my-super-repo/ansible-abc.git
  scm: git
```

it will pull in the role and inside `meta/.galaxy_install_info` the 
contents will look like this:
```
{install_date: 'Tue Jan 30 16:59:06 2018', version: ''}
```

What I would like is to always pull in the latest git version in my 
`requirements.yml`, but I want to capture the version as the git sha 
instead of having it empty. Is there a good way to do this?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eede2a84-0a24-4716-948f-dd071533658f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] add multiple users

[Joli Martinez]

Hello,

I am looking for a way to add multiple users to both Redhat and 
Debian/Ubuntu based systems with the following criteria
1.  With either no password and have them create one at first login, or all 
with the same password and change it at first login
2.  Be able to add them to the sudo group if needed.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/39c1ced3-6dae-4759-8863-70edb411321c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] when conditionals syntax

[John Harmon]

On Tuesday, January 30, 2018 at 9:23:29 AM UTC-7, Matt Martz wrote:
>
> Yes, you use of `| "yes"` is not proper jinja2.
>
> `|` is used to "pipe" something into a filter function, and "yes" is not a 
> filter function.
>
> Are you trying to check if it also "yes".  Look to using the bool filter 
> (also use `and` instead of `&&`):
>
> ```
> when: install|default(false)|bool and nagios_user is failed
> ```
>
> On Tue, Jan 30, 2018 at 10:16 AM, John Harmon  > wrote:
>
>> Is something wrong with the following?  It seems to get executed no 
>> matter what.  In addition, where can I find more information about this 
>> syntax?  Is this considered jinja2 syntax? or something else?
>>
>> - include_tasks: install.yml
>>   when: ( install|default(false)|lower = "true" | "yes" ) && nagios_user|
>> failed
>>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/299aec3f-6321-4839-83fb-e0ba083be6a6%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

Thanks Matt.  Works perfectly.  I will have to go and look up some jinja2 
documentation.  Thanks again! 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9b3b3477-790e-4f08-9e4b-290ca396ed61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] when conditionals syntax

[Matt Martz]

Yes, you use of `| "yes"` is not proper jinja2.

`|` is used to "pipe" something into a filter function, and "yes" is not a
filter function.

Are you trying to check if it also "yes".  Look to using the bool filter
(also use `and` instead of `&&`):

```
when: install|default(false)|bool and nagios_user is failed
```

On Tue, Jan 30, 2018 at 10:16 AM, John Harmon 
wrote:

> Is something wrong with the following?  It seems to get executed no matter
> what.  In addition, where can I find more information about this syntax?
> Is this considered jinja2 syntax? or something else?
>
> - include_tasks: install.yml
>   when: ( install|default(false)|lower = "true" | "yes" ) && nagios_user|
> failed
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/299aec3f-6321-4839-83fb-e0ba083be6a6%40googlegroups.
> com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v8CqV1Vi8uJJgyj_K9QGYkvOu_SuyjCZxfbE0ZwGYSf8g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] when conditionals syntax

[John Harmon]

Is something wrong with the following?  It seems to get executed no matter 
what.  In addition, where can I find more information about this syntax?  
Is this considered jinja2 syntax? or something else?

- include_tasks: install.yml
  when: ( install|default(false)|lower = "true" | "yes" ) && nagios_user|
failed


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/299aec3f-6321-4839-83fb-e0ba083be6a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Question on hosts and group_vars setup, and error when running playbook

[ZillaYT]

Thank you, that was the issue. Now I know that my host files MUST be in the 
same directory level as my group_vars directory.

On Tuesday, January 30, 2018 at 10:43:14 AM UTC-5, Matt Martz wrote:
>
> Your inventory (hosts) file should not be inside of group_vars.
>
> Based on what I have read, your inventory is currently 
> at: /path_to_playbooks/inventories/production/host_vars/git
> It instead needs to be located 
> at: /path_to_playbooks/inventories/production/git
>
> Leaving your host_vars and group_vars where they are
>
> On Tue, Jan 30, 2018 at 9:27 AM, ZillaYT  
> wrote:
>
>> I'm following the guidelines discussed in Laying out roles, inventories 
>> and playbooks , and I 
>> have segregated my development vs. productions files this way
>>
>> /path_to_playbooks/inventories/development/host_vars/git
>> /path_to_playbooks/inventories/development/host_vars/atlassian
>>
>> /path_to_playbooks/inventories/production/host_vars/git
>> /path_to_playbooks/inventories/production/host_vars/atlassian
>>
>>
>> I of course have a host group defined in each host file, for example, I 
>> may have this in my git host file
>>
>> [git_servers]
>> git1.domain.com
>> git2.domain.com
>>
>> Now I defined corresponding group vars this way. Is this correct?
>>
>> /path_to_playbooks/inventories/development/group_vars/git_servers
>>
>> /path_to_playbooks/inventories/production/group_vars/git_servers
>>
>>
>> In the group vars files, I have variables defined, for example:
>>
>> In /path_to_playbooks/inventories/development/group_vars/git_servers
>>
>> admin_username: git_admin
>>
>> I then have a role that simply prints out the admin_username var
>>
>> - debuyg: msg="Admin user is {{ admin_username }}"
>>
>> ...and run the playbook this way
>>
>> $ ansible-playbook -i inventories/development/host_vars/git setup-git.yml
>>
>> setup-git.yml has
>>
>> ---
>> - hosts: git_servers
>>
>> But I get an error that says
>>
>> fatal: [git1.domain.com]: FAILED! => {"msg": "'admin_username' is 
>> undefined"}
>>
>>
>> So I'm wondering why Ansible does NOT see "admin_username" defined in my 
>> group_vars file?
>>
>>
>> Thanks!
>>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/fa135ded-c9dc-4e1b-b69c-07917241a3ba%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/01a1d6c8-e4fd-41d9-84f2-1d15daa3ec23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] vmware_guest_snapshot module unable to find VM with Ansible 2.4.2

[Patrick Hunt]

I have recently updated to Ansible 2.4.2

I have plays that will remove old snapshots from specific VMs and will 
create new snapshots for those VMs.  

The remove playbook is as follows:

---
- hosts: localhost
  vars_prompt:
- name: username
  prompt: "VCenter username"
  private: no


- name: password
  prompt: "VCenter password"
  private: yes


  tasks:


  - name: Remove Staging snapshots
vmware_guest_snapshot:
  validate_certs: false
  datacenter: QAE
  hostname: vcenter.host
  username: "{{ username }}"
  password: "{{ password }}"
  name: "{{ item }}"
  state: remove_all
  folder: /Staging/
delegate_to: localhost
with_items:
  - vm1.domain
  - vm2.domain
  - vm3.domain
  - vm4.domain
...

Since the update to 2.4.x these playbooks have stopped working.

Looking at the Ansible module documentation I see the following change for 
vmware_guest_snaphsot 
:


folder
no /vm 
Destination folder, absolute or relative path to find an existing guest.
This is required if name is supplied.
The folder should include the datacenter. ESX's datacenter is ha-datacenter
Examples:
folder: /ha-datacenter/vm
folder: ha-datacenter/vm
folder: /datacenter1/vm
folder: datacenter1/vm
folder: /datacenter1/vm/folder1
folder: datacenter1/vm/folder1
folder: /folder1/datacenter1/vm
folder: folder1/datacenter1/vm
folder: /folder1/datacenter1/vm/folder2
folder: vm/folder2
folder: folder2


Our datacenter is "QAE" and one of the folders I want to interact with is 
"Staging".  I have tried updating the "folder: /Staging/" to folder: 
/QAE/Staging/, QAE/Staging/, QAE/Staging, /QAE/Staging and each time this 
fails with the error:

"failed: [localhost -> localhost] (item=vm1.domain) => {"changed": false, 
"item": "vm1.domain", "msg": "Unable to manage snapshots for non-existing 
VM vm1.domain"}

This exact playbook worked in 2.3.x as shown above.  Is anyone else using 
this module and has overcome this issue?  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2f465a8f-b2ab-4904-a8fe-c2936c740c23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Question on hosts and group_vars setup, and error when running playbook

[ZillaYT]

I'm following the guidelines discussed in Laying out roles, inventories and 
playbooks , and I have 
segregated my development vs. productions files this way

/path_to_playbooks/inventories/development/host_vars/git
/path_to_playbooks/inventories/development/host_vars/atlassian

/path_to_playbooks/inventories/production/host_vars/git
/path_to_playbooks/inventories/production/host_vars/atlassian


I of course have a host group defined in each host file, for example, I may 
have this in my git host file

[git_servers]
git1.domain.com
git2.domain.com

Now I defined corresponding group vars this way. Is this correct?

/path_to_playbooks/inventories/development/group_vars/git_servers

/path_to_playbooks/inventories/production/group_vars/git_servers


In the group vars files, I have variables defined, for example:

In /path_to_playbooks/inventories/development/group_vars/git_servers

admin_username: git_admin

I then have a role that simply prints out the admin_username var

- debuyg: msg="Admin user is {{ admin_username }}"

...and run the playbook this way

$ ansible-playbook -i inventories/development/host_vars/git setup-git.yml

setup-git.yml has

---
- hosts: git_servers

But I get an error that says

fatal: [git1.domain.com]: FAILED! => {"msg": "'admin_username' is undefined"
}


So I'm wondering why Ansible does NOT see "admin_username" defined in my 
group_vars file?


Thanks!


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fa135ded-c9dc-4e1b-b69c-07917241a3ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Azure Auth using 'az login' like Terraform does

[Tim Qin]

I m trying to use ansible azure module, but the auth methods blocked me:
- Service principles:  it is no go as we are auth through enterprise AD on 
Azure portal
- AD: simply provide username and password are not working because when 
typing my corp email addresses, Azure will redirect to my corp auth page 
and I need to auth using my account-01 number and password, by trying 
different combination of the account-01 username/password or the corp email 
address, I did not get a valid username-password pair.recentl

I noticed Terraform used to rely on Service principle only, however, few 
month ago you could do 'az login' and then seems that Terraform would be 
able to pick up the granted temporary token by a successful az login.

Is there a similar mechanism behind that I could use rather than get a 
dodge account setup?

Thanks,
Tim


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/73310f56-d04a-4038-a433-2ebc33edc2af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Access Denied Error while installing SQLServer using Ansible on remote Windows host.

[suresh sargar]

I tried with Win_shell and Win_command module both are giving same error.

On Tuesday, January 30, 2018 at 6:25:11 PM UTC+5:30, suresh sargar wrote:
>
> Hi All,
>
>
> i am trying to install SQLServer in silent mode on remote windows machine 
> using ansible. in middle of execution its failed with below error. my 
> target host is Azure Windows.
>
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Action: 
> Calculating default service account for AS engine Service
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Data: User Name = 
> NT AUTHORITY\SYSTEM 
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Data: Role=
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Data: Is Domain 
> Controller =False
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
> determine if the password is required for account 'NT AUTHORITY\SYSTEM'
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
> determine if the account 'NT AUTHORITY\SYSTEM' is Virtual Account
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
> get local system account name
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
> get NT account from sid S-1-5-18
> 2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
> get account from sid S-1-5-18
> 2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Sco: Attempting to 
> get account sid for user account NT AUTHORITY\SYSTEM
> 2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Sco: Attempting to 
> get sid for user account NT AUTHORITY\SYSTEM
> 2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Sco: 
> GetSidForAccount normalized accountName NT AUTHORITY\SYSTEM parameter to NT 
> AUTHORITY\SYSTEM
> 2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Data: User Name = 
> NT AUTHORITY\SYSTEM after calculating default service account.
> 2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Result: Completed 
> calculating default service account for AS engine service
> 2018-01-30 12:27:47,331 [StandardOutput] INFO PATools - Action Scenario: 
> Install, Feature Scenario: Install, Resolved Scenario Install 
> 2018-01-30 12:27:47,331 [StandardOutput] INFO PATools - Action Scenario: 
> Install, Feature Scenario: Install, Resolved Scenario Install 
> 2018-01-30 12:27:47,347 [StandardOutput] INFO PATools - SqlEngine: 
> Calculating default service account for engine service. Current value of 
> SqlAccount: NT AUTHORITY\SYSTEM
> 2018-01-30 12:27:47,347 [StandardOutput] INFO PATools - SqlEngine: 
> Completed calculating default service account for engine service. Final 
> value of SqlAccount: NT AUTHORITY\SYSTEM
> 2018-01-30 12:27:47,382 [StandardOutput] INFO PATools - Error: Action 
> "Microsoft.SqlServer.Configuration.SetupExtension.FinalCalculateSettingsAction"
>  
> threw an exception during execution.
> 2018-01-30 12:27:47,393 [StandardOutput] INFO PATools - 
> Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: There 
> was an error generating the XML document. ---> 
> Microsoft.SqlServer.Chainer.Infrastructure.ChainerInfrastructureException: 
> There was an error generating the XML document. ---> 
> System.InvalidOperationException: There was an error generating the XML 
> document. ---> System.Security.Cryptography.CryptographicException: Access 
> is denied.
> 2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
> System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] 
> optionalEntropy, DataProtectionScope scope)
> 2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
> Microsoft.SqlServer.Common.SqlSecureString.WriteXml(XmlWriter writer)
> 2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
> System.Xml.Serialization.XmlSerializationWriter.WriteSerializable(IXmlSerializable
>  
> serializable, String name, String ns, Boolean isNullable, Boolean wrapped)
> 2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
> Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterSqlEngineSetupPublic.Write7_SqlEngineSetupPublic(String
>  
> n, String ns, SqlEngineSetupPublic o, Boolean isNullable, Boolean needType)
> 2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
> Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterSqlEngineSetupPublic.Write8_SqlEngineSetupPublic(Object
>  
> o)
> 2018-01-30 12:27:47,393 [StandardOutput] INFO PATools ---- End of 
> inner exception stack trace ---
>
>
> The problem is how do i run .exe with Run as Administrator mode using 
> Ansible. the current execution user is a part of Administrative group only. 
> Please suggest how do i fix this.
>
> Please find complete installation log of SQLServer. 
>
> Thanks,
> Suresh.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an 

[ansible-project] synchronize not working between

[Gopi Krishna]

Hi all, 

synchronize command is not working.

---
- hosts: target
  tasks:
   - name: "copy between two remote hosts"
 synchronize:
   src: /root/gopi/file_149
   dest: /root/gopi/
 #delegate_to: "{{ groups['oraclesource'][0] }}"
 delegate_to: "{{ item }}"
 with_items:
#  - "{{ groups['source'][0] }}"
  - 10.210.8.149


the task is being idle .any one can help.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e908843c-52ed-4358-b67e-aa07257e7232%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Access Denied Error while installing SQLServer using Ansible on remote Windows host.

[suresh sargar]

Hi All,


i am trying to install SQLServer in silent mode on remote windows machine 
using ansible. in middle of execution its failed with below error. my 
target host is Azure Windows.

2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Action: Calculating 
default service account for AS engine Service
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Data: User Name = 
NT AUTHORITY\SYSTEM 
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Data: Role=
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Data: Is Domain 
Controller =False
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
determine if the password is required for account 'NT AUTHORITY\SYSTEM'
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
determine if the account 'NT AUTHORITY\SYSTEM' is Virtual Account
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
get local system account name
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
get NT account from sid S-1-5-18
2018-01-30 12:27:47,300 [StandardOutput] INFO PATools - Sco: Attempting to 
get account from sid S-1-5-18
2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Sco: Attempting to 
get account sid for user account NT AUTHORITY\SYSTEM
2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Sco: Attempting to 
get sid for user account NT AUTHORITY\SYSTEM
2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Sco: 
GetSidForAccount normalized accountName NT AUTHORITY\SYSTEM parameter to NT 
AUTHORITY\SYSTEM
2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Data: User Name = 
NT AUTHORITY\SYSTEM after calculating default service account.
2018-01-30 12:27:47,315 [StandardOutput] INFO PATools - Result: Completed 
calculating default service account for AS engine service
2018-01-30 12:27:47,331 [StandardOutput] INFO PATools - Action Scenario: 
Install, Feature Scenario: Install, Resolved Scenario Install 
2018-01-30 12:27:47,331 [StandardOutput] INFO PATools - Action Scenario: 
Install, Feature Scenario: Install, Resolved Scenario Install 
2018-01-30 12:27:47,347 [StandardOutput] INFO PATools - SqlEngine: 
Calculating default service account for engine service. Current value of 
SqlAccount: NT AUTHORITY\SYSTEM
2018-01-30 12:27:47,347 [StandardOutput] INFO PATools - SqlEngine: 
Completed calculating default service account for engine service. Final 
value of SqlAccount: NT AUTHORITY\SYSTEM
2018-01-30 12:27:47,382 [StandardOutput] INFO PATools - Error: Action 
"Microsoft.SqlServer.Configuration.SetupExtension.FinalCalculateSettingsAction" 
threw an exception during execution.
2018-01-30 12:27:47,393 [StandardOutput] INFO PATools - 
Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: There 
was an error generating the XML document. ---> 
Microsoft.SqlServer.Chainer.Infrastructure.ChainerInfrastructureException: 
There was an error generating the XML document. ---> 
System.InvalidOperationException: There was an error generating the XML 
document. ---> System.Security.Cryptography.CryptographicException: Access 
is denied.
2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] 
optionalEntropy, DataProtectionScope scope)
2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
Microsoft.SqlServer.Common.SqlSecureString.WriteXml(XmlWriter writer)
2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
System.Xml.Serialization.XmlSerializationWriter.WriteSerializable(IXmlSerializable
 
serializable, String name, String ns, Boolean isNullable, Boolean wrapped)
2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterSqlEngineSetupPublic.Write7_SqlEngineSetupPublic(String
 
n, String ns, SqlEngineSetupPublic o, Boolean isNullable, Boolean needType)
2018-01-30 12:27:47,393 [StandardOutput] INFO PATools -at 
Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterSqlEngineSetupPublic.Write8_SqlEngineSetupPublic(Object
 
o)
2018-01-30 12:27:47,393 [StandardOutput] INFO PATools ---- End of inner 
exception stack trace ---


The problem is how do i run .exe with Run as Administrator mode using 
Ansible. the current execution user is a part of Administrative group only. 
Please suggest how do i fix this.

Please find complete installation log of SQLServer. 

Thanks,
Suresh.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f308c642-2ab2-4bab-b789-14f7cecc90b2%40googlegroups.com.
For more options, visit 

[ansible-project] How Ansible Works?

[gracy layla]

There are many similar automation tools available like Puppet 
, Capistrano, Chef, Salt, Space Walk 
etc, but Ansible categorize into two types of server: controlling machines 
and nodes.
The controlling machine, where Ansible 
is installed and Nodes are managed 
by this controlling machine over SSH. The location of nodes are specified 
by controlling machine through its inventory.
The controlling machine (Ansible) deploys modules to nodes using SSH 
protocol and these modules are stored temporarily on remote nodes and 
communicate with the Ansible machine through a JSON connection over the 
standard output.

Ansible is agent-less, that means no need of any agent installation on 
remote nodes, so it means there are no any background daemons or programs 
are executing for Ansible, when it’s not managing any nodes.

Ansible can handle 100’s of nodes from a single system over SSH connection 
and the entire operation can be handled and executed by one single command 
‘ansible’. But, in some cases, where you required to execute multiple 
commands for a deployment, here we can build playbooks.
Playbooks are bunch of commands which can perform multiple tasks and each 
playbooks are in YAML file format.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1d26e864-b50f-4db1-a4b8-012ce8c18c16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: requests-credssp and credentials encryprion at first hop.

[Павел Полушин]

I see this topic but it not answers to my querstion. Common scenarioo when 
all servers are on windows server is covered in article.



вторник, 30 января 2018 г., 12:43:46 UTC+3 пользователь Павел Полушин 
написал:
>
> Hello. 
> I have security-related question.
> In our environment we use ansible for application deployment. Ansible 
> playbooks running by jenkins.
> Scope for deployment contains Windows-based servers (2008R2+).
> In some cases we are facing with "double-hop" problem when passing 
> credentials is needed.
> CredSSP is intended to solve problems like this but it's insecure (
> http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/
> ).
> In common cases, credentials are being sent in clear text. Here is picture 
> http://www.powershellmagazine.com/wp-content/uploads/2014/03/image001.png/
>
> I'm interested, is this problem solved in requests-credssp module? 
> (Credentials are stored from jenkins. Ansible connects to servers using 
> https.)
> Does anyone tried to investigate it?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2803dfcf-2b07-427c-b677-dddb12f43039%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: requests-credssp and credentials encryprion at first hop.

[Varun Chopra]

There was a recent post on Reddit about this...

Here it is: 
https://www.reddit.com/r/PowerShell/comments/7qra9r/double_hop_solvers_and_resourcebased_kerberos/

CredSSP isn't really the best way to go about this. And I think this post 
should go on Git as Ansible needs a better way to cover double-hops.

On Tuesday, January 30, 2018 at 3:13:46 PM UTC+5:30, Павел Полушин wrote:
>
> Hello. 
> I have security-related question.
> In our environment we use ansible for application deployment. Ansible 
> playbooks running by jenkins.
> Scope for deployment contains Windows-based servers (2008R2+).
> In some cases we are facing with "double-hop" problem when passing 
> credentials is needed.
> CredSSP is intended to solve problems like this but it's insecure (
> http://www.powershellmagazine.com/2014/03/06/accidental-sabotage-beware-of-credssp/
> ).
> In common cases, credentials are being sent in clear text. Here is picture 
> http://www.powershellmagazine.com/wp-content/uploads/2014/03/image001.png/
>
> I'm interested, is this problem solved in requests-credssp module? 
> (Credentials are stored from jenkins. Ansible connects to servers using 
> https.)
> Does anyone tried to investigate it?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/babf2969-bb33-4e49-a411-082dd4b5de17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible & Jenkins integration issue

[GornerM]

Ansible playbooks passes without any issues, when I run it directly from 
cli (also inside of Jenkins workspace)
But I receives the following error 
"FAILED! => {"failed": true, "msg": "ERROR! the handler 
'juniper_junos_facts' was not found" 
when ansible runs by execution of Jenkins job.

juniper_junos_facts is the task of Juniper.junos role.

I have specifide library path in ansible configuration and exported 
ANSIBLE_LIBRARY variable.

Do you have any ideas, why ansible can not find tasks iside of Jenkins?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0a407fe1-be5b-4e00-9d88-2b0ab80826f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: how to disable paramiko log in ansible.log

[Leon Xie]

My Linux server is RHEL6


[root@server]# rpm -qa | grep release
redhat-release-server-6Server-6.9.0.4.el6.x86_64


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bf944c09-7d5c-4b9e-bf4c-155c74232e3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] how to disable paramiko log in ansible.log

[Leon Xie]

Hi all,

I am using ansible 2.4.2 as below:
++
[root@server]# ansible-playbook --version
ansible-playbook 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.6.6 (r266:84292, Aug  9 2016, 06:11:56) [GCC 4.4.7 
20120313 (Red Hat 4.4.7-17)]
++


when I run ansible-playbook command, I got a lot of paramiko logs in 
ansible log file as below:
++
2018-01-30 23:48:38,782 paramiko.transport Authentication (publickey) 
successful!
2018-01-30 23:48:38,785 paramiko.transport [chan 1] Max packet in: 34816 
bytes
2018-01-30 23:48:38,785 paramiko.transport [chan 1] Max packet out: 32768 
bytes
2018-01-30 23:48:38,786 paramiko.transport Secsh channel 1 opened.
2018-01-30 23:48:38,788 paramiko.transport [chan 1] Sesch channel 1 request 
ok
2018-01-30 23:48:38,793 paramiko.transport [chan 1] Max packet out: 32768 
bytes
2018-01-30 23:48:38,793 paramiko.transport Secsh channel 1 opened.
2018-01-30 23:48:38,803 paramiko.transport [chan 1] Sesch channel 1 request 
ok
2018-01-30 23:48:38,817 paramiko.transport [chan 1] EOF received (1)
2018-01-30 23:48:38,818 paramiko.transport [chan 2] Max packet in: 34816 
bytes
2018-01-30 23:48:38,819 paramiko.transport [chan 1] EOF sent (1)
2018-01-30 23:48:38,820 paramiko.transport [chan 2] Max packet out: 32768 
bytes
2018-01-30 23:48:38,821 paramiko.transport Secsh channel 2 opened.
2018-01-30 23:48:38,832 paramiko.transport [chan 1] EOF received (1)
2018-01-30 23:48:38,833 paramiko.transport [chan 2] Max packet in: 34816 
bytes
2018-01-30 23:48:38,834 paramiko.transport [chan 1] EOF sent (1)
2018-01-30 23:48:38,834 paramiko.transport [chan 2] Max packet out: 32768 
bytes
2018-01-30 23:48:38,834 paramiko.transport Secsh channel 2 opened.
2018-01-30 23:48:38,862 paramiko.transport [chan 2] Sesch channel 2 request 
ok
2018-01-30 23:48:38,876 paramiko.transport [chan 2] Sesch channel 2 request 
ok
2018-01-30 23:48:38,898 paramiko.transport [chan 2] EOF received (2)
2018-01-30 23:48:38,899 paramiko.transport [chan 2] EOF sent (2)
2018-01-30 23:48:38,900 paramiko.transport [chan 3] Max packet in: 34816 
bytes
2018-01-30 23:48:38,915 paramiko.transport [chan 2] EOF received (2)
2018-01-30 23:48:38,916 paramiko.transport [chan 2] EOF sent (2)
2018-01-30 23:48:38,917 paramiko.transport [chan 3] Max packet in: 34816 
bytes
2018-01-30 23:48:38,942 paramiko.transport [chan 3] Max packet out: 32768 
bytes
2018-01-30 23:48:38,943 paramiko.transport Secsh channel 3 opened.
2018-01-30 23:48:38,957 paramiko.transport [chan 3] Max packet out: 32768 
bytes
2018-01-30 23:48:38,957 paramiko.transport Secsh channel 3 opened.
2018-01-30 23:48:38,968 paramiko.transport [chan 3] Sesch channel 3 request 
ok
2018-01-30 23:48:38,984 paramiko.transport [chan 3] Sesch channel 3 request 
ok
2018-01-30 23:48:38,999 paramiko.transport.sftp [chan 3] Opened sftp 
connection (server version 3)
2018-01-30 23:48:39,000 paramiko.transport.sftp [chan 3] 
open('/root/.ansible/tmp/ansible-tmp-1517327318.18-145745003473541/command.py', 
'wb')
2018-01-30 23:48:39,002 paramiko.transport.sftp [chan 3] 
open('/root/.ansible/tmp/ansible-tmp-1517327318.18-145745003473541/command.py', 
'wb') -> 
+


I checked ansible document, however, I couldn't find a way to disable those 
paramiko log
will somebody direct me to the right method?
thanks a million in advance.

Best,
Leon

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1b4aef54-ac6a-425f-baab-88125bb62797%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.