[ansible-project] anyone know how to pass extra_vars in tower callback via curl?
Anybody any idea how to pass in extra_vars when doing a callback request to tower? https://docs.ansible.com/ansible-tower/2.2.0/html/userguide/job_templates.html#ug-provisioning-callbacks I cant see how you can combine json blob with name=value fields in a single curl request. The response i have had from ansible support is this gist https://gist.github.com/michelleperz/fcca30f11bcaa2d1c52f which i cant see as solving the problem. -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9b51fcc4-6c20-4411-a395-61cec143c60f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Help with callback to tower from AWS auto scaling script
Actually seemed to be not related to the use of ip. In fact changing it to use domain didnt execute the callback as the new calling machine wasnt in the inventory (we set tower to use to use private ips of AWS instances for inventory) It was proot settings in the ansible tower settings file we had to change to be false Here is Ansibles response to my email. This is a local action on the Tower host, yes? Tower is constricted with proot from executing outside a narrow range of directories. /tmp wouldn't be available. Tower also executes as the awx user locally and out of the box does not have sudo access at all. So two things are preventing this playbook from running on your Tower host: 1) sudo to root on a local run and proot prevents execution outside the playbook directory locally. I don't advise giving the awx user the ability to become root locally on Tower: that could lead to users running playbooks against localhost that could essentially do anything. Since you don't need root access to modify things in temp directories, I'd remove the "sudo: true line from your playbook. As for the inability to execute outside your playbook directories (ie: manipulate files in /tmp) Tower is designed to control other hosts, but sometimes needs to access directories outside that playbook, so you can loosen these security restraints by changing the PROOT setting in /etc/tower/settings.py to "False" and restarting the Tower service: vi /etc/tower/settings.py change: AWX_PROOT_ENABLED = True to: AWX_PROOT_ENABLED = False then issue this command to restart the service (as root): ansible-tower-service restart Let us know if you have any questions. On Monday, 30 November 2015 14:15:40 UTC, Adrian Black wrote: > > Thanks Brian > I have sent them an email however i think the issue was i was using the > private aws ip of the box rather than domain name. I changed that and now > its not erroring but also doesnt seem to be executing the callback script > as that job no longer shows up, however it does seem to be calling the > inventory script. So that's a new issue. > > > On Friday, 27 November 2015 21:36:09 UTC, Brian Coca wrote: >> >> for tower related issues please go to http://support.ansible.com or >> email sup...@ansible.com. >> -- >> Brian Coca >> > -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3bc4c901-df4e-4423-8f20-9bc2374ec5f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Help with callback to tower from AWS auto scaling script
Thanks Brian I have sent them an email however i think the issue was i was using the private aws ip of the box rather than domain name. I changed that and now its not erroring but also doesnt seem to be executing the callback script as that job no longer shows up, however it does seem to be calling the inventory script. So that's a new issue. On Friday, 27 November 2015 21:36:09 UTC, Brian Coca wrote: > > for tower related issues please go to http://support.ansible.com or email > sup...@ansible.com . > -- > Brian Coca > -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9570bcee-5aa0-4955-9c0d-e1717729b5a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] "sudo: effective uid is not 0" for callback script from tower on AWS?
Hi I get this as a response from tower for a callback script. Tower and provisioned machine are running on AWS. Any help appreciated. { "msg": "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\n", "failed": true, "parsed": false, "play": "callback script for setting up site on autoscaled machine", "ignore_errors": false, "status": "failed", "module_name": "setup", "module_complex_args": {}, "module_args": "", "created": "2015-11-26T16:27:22.929Z", "role": "", "host_id": null, "host_name": "localhost", "id": 2884, "parent": 2882, "event": "Host Failed" } the call back script is pretty simple. --- - name: callback script for setting up site on autoscaled machine hosts: localhost sudo: yes gather_facts: yes vars:file_name: "she-sells-sea-shells" roles: tasks: - name: delete file if present file: path=/tmp/{{ file_name }} state=absent - name: put file file: path=/tmp/{{ file_name }} state=touch -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/545f5c41-030f-463e-8daf-ac8cbe7e1456%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Help with callback to tower from AWS auto scaling script
Trying to put the bits together to get an auto scaling group in aws to come on line and create a vm that does a callback to tower for provisionment. The bit im getting stuck with is the callback part According to http://docs.ansible.com/ansible-tower/2.2.0/html/userguide/job_templates.html you use the /usr/share/awx/request_tower_configuration.sh script as a basis this script looks like it takes arguments so should be called somethig like ./scripts/request_tower_configuration.sh ansible.myco.com 84e2d9d26c5977c1b12eb353f1a97aa1 94 I have seen the launch config script snippet like - name: create launch config ec2_lc: name: "{{ site_prefix }}-lc" ... user_data: "{{ lookup('file', './scripts/request_tower_configuration.sh')}}" that takes the contents of that file as pastes it as a blob in the user_data field on a created vm but without the arguments you need its useless. i did try this too but that doesnt work user_data: "{{ lookup('file', './scripts/site_callback.sh') ansible.idg.co.uk 84e2d9d26c5977c1b12eb353f1a97aa1 94 }}" anyone got a working example of how this works? thanks -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b683524f-0ffe-4ad3-b52a-c2d66126c40a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Ansible 1.9.4, AWS Auto scaling "Launching a new EC2 instance. Status Reason: The parameter SecurityGroup is not recognized. "
I think the issue was security_groups: ['http/https'] on ec2_lc Changed to use ids though doco isnt very clear on this in either wording "A list of security groups into which instances should be found" or example ['group1', 'group2'] http://docs.ansible.com/ansible/ec2_lc_module.html -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/519ea106-3f4d-40aa-842f-aff57a800419%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Ansible 1.9.4, AWS Auto scaling "Launching a new EC2 instance. Status Reason: The parameter SecurityGroup is not recognized. "
Im trying to do an auto scaling group in AWS Below is my script. It runs and almost completes (it sets up lb, asg and lc in AWS) but times out with "msg: Waited too long for new instances to become viable. Mon Nov 16 15:35:31 2015" Under AWS "Activity History" on Auto Scaling Group i get "Launching a new EC2 instance. Status Reason: The parameter SecurityGroup is not recognized. Launching EC2 instance failed." I have tried looking for that message with only 2 hits in all of google so its not a common error. Anything im doing wrong in the below or any idea about the message? Thanks --- - name: sets up site on a vm on aws hosts: localhost connection: local gather_facts: false roles: - common - awskeys - awsvars vars: machine_type: t2.medium site_prefix: pca server_min_size: 1 server_max_size: 2 server_desired_size: 1 aws_site_security_groups: ['http/https', 'ssh' , 'smtp'] aws_elb_security_groups: ['http/https'] tasks: - debug: var="{{ aws_region }}" - name: create elastic load balancer local_action: module: ec2_elb_lb name: "{{ site_prefix }}-elb" state: present security_group_ids: 'sg-577f9933' #http/s region: "{{ aws_region }}" zones: - "{{ aws_region }}a" listeners: - protocol: http load_balancer_port: 80 instance_port: 80 health_check: ping_protocol: http # options are http, https, ssl, tcp ping_port: 80 ping_path: "/" # not required for tcp or ssl response_timeout: 5 # seconds interval: 30 # seconds unhealthy_threshold: 2 healthy_threshold: 10 - name: create launch config ec2_lc: name: "{{ site_prefix }}-lc" image_id: "{{ aws_vm_image }}" region: "{{ aws_region }}" security_groups: ['http/https'] instance_type: "{{ machine_type }}" key_name: BOB assign_public_ip: yes - name: create auto scaling group ec2_asg: name: "{{ site_prefix }}-asg" launch_config_name: "{{ site_prefix }}-lc" health_check_period: 60 health_check_type: ELB replace_all_instances: yes min_size: "{{ server_min_size }}" max_size: "{{ server_max_size }}" desired_capacity: "{{ server_desired_size }}" region: "{{ aws_region }}" load_balancers: "{{ site_prefix }}-elb" #needed if public ip is required vpc_zone_identifier: - 'subnet-1448e94d' -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/31e135c4-de1f-4226-b9c7-54519c4d89a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] issue with aws cli command to associate elastic ip to new instance
Ah ok. I have changed it to shell python3 -E /usr/bin/aws ec2 associate-address --instance-id={{ item.id }} --allocation-id eipalloc-b9df00dc and get Unable to locate credentials. You can configure credentials by running "aws configure". so just need to solve that now. I configured aws for ubuntu user but i guess i need to configure for user that runs this shell command. Thanks On Friday, 25 September 2015 14:50:12 UTC+1, Brian Coca wrote: > > you are using python3 for a python2 app > > > > -- > Brian Coca > -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b1658a60-7cf3-4f69-aa13-4bc92029845a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] issue with aws cli command to associate elastic ip to new instance
Hi. We are not using v2 of ansible yet so the elastic ip association isnt available yet. I was hoping i could do this via aws cli in the short term I came across this post http://engineering.ticketbis.com/how-to-use-aws-cli-from-ansible-tower/ and added task assoicate with elastic ip below. tasks:- name: Create vm ec2:key_name: "{{ aws_key_name }}" instance_type: "{{ cms_machine_type }}"image: "{{ aws_vm_image }}" wait: yesexact_count: 1count_tag:role: cms group_id: "{{ aws_cms_security_group_id }}"region: "{{ aws_region }}"monitoring: yesassign_public_ip: yesvpc_subnet_id: "{{ aws_vpc_subnet_id }}"instance_tags: role: cms has_shared: true register: ec2- name: Add new instance to ansible in memory host group add_host: hostname={{item.public_ip}} groupname=cms with_items: ec2.instances- name: assoicate with elastic ip local_action: module: shell aws ec2 associate-address --instance-id={{ item.id }} --allocation-id eipalloc- The error i get is Traceback (most recent call last): File "/usr/bin/aws", line 15, in import awscli.clidriver File "/usr/share/awscli/awscli/clidriver.py", line 16, in import botocore.session File "/usr/lib/python3/dist-packages/botocore/session.py", line 37, in import botocore.service File "/usr/lib/python3/dist-packages/botocore/service.py", line 25, in from .endpoint import get_endpoint File "/usr/lib/python3/dist-packages/botocore/endpoint.py", line 32, in import botocore.response File "/usr/lib/python3/dist-packages/botocore/response.py", line 26, in from .hooks import first_non_none_response File "/usr/lib/python3/dist-packages/botocore/hooks.py", line 22, in import inspect File "/usr/lib/python3.4/inspect.py", line 35, in import importlib.machinery ImportError: No module named 'importlib.machinery' Anyone seen this or know the correct way to use aws cli from playbook. I can run the command on the linux command line adn that works fine. Thanks -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7c7a9510-3fca-403a-8d8e-802dd549e6e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: aws ec2 module - count_tag creating more instances than required
White space issue. count_tag: role: cms seemed to fix it. -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7de8e66f-7939-4dcc-a4c1-88741ab36ba9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] aws ec2 module - count_tag creating more instances than required
Hi Possibly im not using this correctly. Here is the playbook snippet key_name: "{{ aws_key_name }}"instance_type: "{{ cms_machine_type }}"image: "{{ aws_vm_image }}"wait: yes exact_count: 1count_tag: role:cmsgroup_id: "{{ aws_cms_security_group_id }}"region: "{{ aws_region }}" monitoring: yesassign_public_ip: yesvpc_subnet_id: "{{ aws_vpc_subnet_id }}"instance_tags: role: cms has_shared: true register: I want only a single instance create with role = cms but the above creates another instance each time its run so am i doing something wrong with this syntax? Ansible version = 1.9.3 on Trusty Ubuntu Thanks -- This message is private and confidential and for the exclusive use of the intended recipient(s). If you receive this email in error, please notify the sender immediately and delete all copies from your system. If you are not the intended recipient disclosure, distribution, copying or use of this communication is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of IDG UK. Clients and suppliers can view our full terms and conditions at www.idg.co.uk/terms-and-conditions/ IDG Communications Ltd. Company Reg No: 1197840. Registered in England and Wales. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bbdb5634-f48f-48d0-ba9e-a3e7a7bca5a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Advice on Tower with GCE and machine credential authentication
Hi I am evaluating tower on google compute engine. The dynamic inventory has been ok and that is working I managed to get it working with ansible-playbook but i cant figure out a good way to do the Machine Credentials authentication from tower for jobs. For simple ssh username and password what do i specify? Should i create a bespoke user on each machine, but then how do i do this for autoscaling - startup script, baked into snapshot disk? Just to get it working i wouldnt mind using the core user that is created when you login via the ssh option in the console but a) i dont know the password for that user or b) the private key so dont know what to put. Im new to Linux which doesnt help esp trying to understand all this authentication stuff. Anyone done this and have a best practice? Thanks -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b024481f-8663-4f99-bf05-2d62ee8bb2c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.