Re: [ansible-devel] host unreachable

2018-11-14 Thread flowerysong 
On Wednesday, November 14, 2018 at 11:19:55 AM UTC-5, Bob Harold wrote:
>
>
> On Tue, Nov 13, 2018 at 5:37 PM Brian Coca > 
> wrote:
>
>> 1 play before your normal play:
>>
>>
>> hosts: hosta,hostb
>> gather_facts: False
>> tasks:
>>- ping:
>>- group_by: key=rechable
>>
>> hosts: reachable
>> 
>>
>
> Thanks for mentioning the 'ping' module - that is new to me.  (It checks 
> ssh connection and python, not an icmp ping)
> But I don't see "reachable" as a return value in the docs.
>
> Looks like that will run it for both hosts, which is not what the 
> requestor wanted.  More like:
>
> hosts: hosta
> gather_facts: False
> tasks:
>- ping:
>  register: pingtest
>- hosts: hostb
>  when: pingtest.failed
>
> But so far I cannot get it to work.
>
> I am looking to use the same logic to connect to the internal or external 
> IP of an AWS server depending on where I happen to be running Ansible at 
> that moment.
>

You might be interested in a proof of concept inventory plugin I wrote a 
few months back: https://github.com/flowerysong/ansible/commit/900b3001

A better implementation would be to do this at the connection layer so that 
the checking is done on demand instead of serially for every host in the 
inventory, but the inventory plugin approach works and isn't unbearably 
slow for small inventories.

We don't actually use this in production; for AWS our team uses Amazon's 
DNS resolution, so the hostnames resolve to the internal IPs from within 
the VPC or the external IPs from outside:

ezekielh@ego ~ $ dig +short just-gofannon.ctools-mx.a.mail.umich.edu
ec2-52-15-122-141.us-east-2.compute.amazonaws.com.
10.0.74.217

zeke@ironbull ~ $ dig +short just-gofannon.ctools-mx.a.mail.umich.edu
ec2-52-15-122-141.us-east-2.compute.amazonaws.com.
52.15.122.141

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-devel] Re: RFC: New parameters/modules for compliance/idempotentcy for Win

2019-01-15 Thread flowerysong 
On Tuesday, January 15, 2019 at 3:27:55 PM UTC-5, goforawalktwice wrote:
>
> - win_get_url
>   - creates or creates_path
>   - creates_filehash (as above)
>   the idea here is not to download large installers (e.g. Ora 12c client 
> at 1.2GB) given already installed
>

creates or creates_path would be redundant, since you're already specifying 
a dest. The interface would preferably match get_url: checksum specifies 
the expected checksum and algorithm, the file isn't downloaded if dest 
already exists and has that checksum unless force is specified, if the 
downloaded file has a different checksum the module errors.
 

> *New modules*
> - win_filehash
>   - path - path to file for Get-FileHash
>   - algorithm - as per Get-FileHash - default to MD5
>

This is unnecessary; win_stat already supports getting the file hash.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-devel] Ansible 2.10 and Project Restructuring

2020-07-07 Thread flowerysong 
On Tuesday, July 7, 2020 at 2:58:34 PM UTC-4 arom...@redhat.com wrote:

>
> cd ~/.ansible/collections/ansible_collections/community/aws/
>
> ansible-test sanity
>
> However, that still winds me up with
>
> > AttributeError: 'TypeError' object has no attribute 'errors'
>
> Maybe I still need to upgrade something. This does work for other 
> collections, so it might be something specific to this content.
>
>
That's not the full error (or the most relevant part of the error), but it 
matches what I saw without 
https://github.com/ansible-collections/community.aws/pull/128


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-devel/d7b421a8-8c62-4098-8095-5e4774beddecn%40googlegroups.com.

Re: [ansible-devel] Bug? package, yum and dnf modules apparently ignore localpkg_gpgcheck on CentOS 8

2021-11-18 Thread flowerysong 
package by design only supports very basic options that are available on 
all package managers. If you want to do non-generic things like disabling 
GPG checks you should use the underlying modules directly.

On Thursday, November 18, 2021 at 8:45:22 PM UTC-5 j.darby@gmail.com 
wrote:

> Okay, but the package module doesn't have a disable_gpg_check setting.  
> So, previously (CentOS 7), you could install an unsigned package from a 
> file with the package module.  Now, you can't.  You have to use either the 
> dnf module or the yum module on CentOS 8/RHEL 8 to install an unsigned 
> package from a file, so you can disable GPG verification.
>
> Here's my use case: There are several unsigned packages we need to 
> install.  Even in 2021, not every organization signs the packages they 
> provide.  We wrote a role a few years ago that downloads and installs an 
> arbitrary list of packages.  When we use this role, we have previously 
> downloaded and inspected the packages to confirm they are genuine, and 
> we've cached the SHA256 sums, which we can use to verify the integrity of 
> the packages downloaded by the role.  The list includes the URL and the 
> SHA256 sum of each package like so:
> - package_name: some-package-1.0-1.el8.noarch.rpm
> *  package_url: 
> https://some-company.com/path/to/some-package-1.0-1.el8.noarch.rpm 
> *
>   package_sum: 
> sha256:c3dd60d3ab4f1d56bb69fe3c644c2858d723331345a52453905257720cb2a155
>
> The way the role was originally written (using the package module) was 
> intended to work for RHEL/CentOS as well as other Linux distributions that 
> are not yum/dnf-based.
>
> Maybe the package module needs a disable_gpg_check that passes 
> --nogpgcheck to yum/dnf and --allow-unauthenticated to apt-get?  I'm less 
> familiar with apt-based systems, but I think that does the same thing as 
> nogpgcheck on yum.
> On Thursday, November 18, 2021 at 5:09:09 PM UTC-5 ma...@sivel.net wrote:
>
>> That is correct. The module explicitly only evaluates whether 
>> `disable_gpg_check` is set or not. It does not respect the system 
>> configuration.
>>
>> On Thu, Nov 18, 2021 at 3:36 PM Darby Mitchell  
>> wrote:
>>
>>> I ran into a problem that I think is a bug, but I saw that I should 
>>> bring it up as a question on the mailing list first.  So, my question is, 
>>> is it expected behavior for ansible.builtin.package, ansible.builtin.yum 
>>> and ansible.builtin.dnf to ignore the localpkg_gpgcheck setting in 
>>> /etc/dnf/dnf.conf?
>>>
>>> On CentOS 7, the package module and the yum module both honor the 
>>> localpkg_gpgcheck setting in /etc/yum.conf.  If you set it to 0, you can 
>>> install unsigned packages from a file using the package module (which 
>>> doesn't have a disable_gpg_check option).
>>>
>>> On CentOS 8, these modules appear to ignore the localpkg_gpgcheck 
>>> setting in /etc/dnf/dnf.conf (which is soft linked to /etc/yum.conf).
>>>
>>> Attached is a minimal example of the behavior...
>>> If I just dnf install the RPM, it works like a charm.
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Development" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible-deve...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-devel/2f7007e4-9554-4255-be38-f5bd668b48cfn%40googlegroups.com
>>>  
>>> 
>>> .
>>>
>>
>>
>> -- 
>> Matt Martz
>> @sivel
>> sivel.net
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-devel/29cfc7ed-8f93-42b6-811a-8b13c4879199n%40googlegroups.com.