Re: [ansible-project] continual deployment with ansible... and managing SSH keys?

[Kevin Burton]

The SSH issue is still an issue if I"m letting this daemon run as root on 
tower, because anyone can just inject code if they can break into this 
box... 

On Monday, September 22, 2014 5:31:09 PM UTC-7, Michael DeHaan wrote:
>
> So a very good option for key management would be ansible tower - 
> http://ansible.com/tower
>
> Let Tower hold on to your key, and nobody will see it.  It will use 
> ssh-agent behind the scenes (your key may be locked with a password or not) 
> and only allow that key to be used for running Ansible playbooks.
>
> (The key is saved encrypted in the database)
>
> I'd also consider setting things up so something like an "ansible" user 
> can sudo.  It isn't strictly required, but might help a little bit with 
> tracking who does what.
>
> (Tower also keeps good logs of this)
>
>
>
> On Mon, Sep 22, 2014 at 8:23 PM, Kevin Burton  > wrote:
>
>> Right now I just manually SSH into a box in our cluster and run ansible.
>>
>> But I want to automate this... Ideally I could just bump the version 
>> number in my code when I want it released... and 2 minutes later it would 
>> be staged, tested, and deployed.
>>
>> But the issue is SSH auth.. many of my daemons need root.  I don't 
>> necessarily want to have keys just sitting there giving anyone full access 
>> to my cluster.  
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/57b954e7-48a8-491a-8e64-7d7168c1b534%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0b684ce8-dea1-4edc-b698-1cc07d0b8afe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Passing variables as arguments to module from Ansible Playbook

[Joseph Jenkins]

That's what I was missing.  Thanks for that.

On Monday, September 22, 2014 6:17:40 PM UTC-7, Matt Martz wrote:
>
> I may be missing something here, but in your example you did not seem to 
> be passing anything to your module in your playbook.  You mention that the 
> vars are in vars/main.yml, however you still need to pass those vars to 
> your module.  I imagine something like the following based on your output 
> of vars/main.yml:
>
> ---
>
> - name: Run the Command on the switch
>
>   ans_check_dis.py: user="{{item.user}}" password="{{item.password}}" 
> host="{{item.host}}"
>
>   with_items: routers
>
>
>
> On Mon, Sep 22, 2014 at 8:04 PM, Joseph Jenkins  > wrote:
>
>> Here is the output from ansible-playbook command:
>>
>> jjenkins@CAARPWATCH:~/ANSIBLE/TEST$ ansible-playbook site.yml -k
>>>
>>> SSH password: 
>>> PLAY [Lookup information on the Switch] 
>>> *** 
>>> GATHERING FACTS 
>>> *** 
>>> ok: [localhost]
>>> TASK: [router | Run the Command on the switch] 
>>>  
>>> fatal: [localhost] => failed to parse: Traceback (most recent call last):
>>>   File 
>>> "/home/jjenkins/.ansible/tmp/ansible-tmp-1411433982.14-168150244858379/ans_check_dis.py",
>>>  
>>> line 38, in 
>>> remote_conn_pre.connect(dest, username=userid, password=passw, 
>>> allow_agent=False,look_for_keys=False)
>>> NameError: name 'dest' is not defined
>>> FATAL: all hosts have already failed -- aborting
>>> PLAY RECAP 
>>>  
>>>to retry, use: --limit @/home/jjenkins/site.retry
>>> localhost  : ok=1changed=0unreachable=1
>>> failed=0   
>>>
>>> When I the arguments file under: 
>> /home/jjenkins/.ansible/tmp/ansible-tmp-1411433982.14-168150244858379/arguments
>> it's empty, its like it didn't grab the vars out of the vars/main.yml
>>  
>> ---
>>
>> routers:
>>
>>  - { user: somepass, host: somehost, password: somepass }
>> Is this the correct place to be putting these variables to get passed as 
>> arguments?  That is my first problem is that I am not sure I have the 
>> values in the right place to get treated as arguments to be passed to the 
>> module.
>>
>>  
>>
>>> On Monday, September 22, 2014 5:47:47 PM UTC-7, Michael DeHaan wrote:
>>>
>>> "however nothing was working and it's complaining about the variables 
>>> being empty"
>>>
>>> Can you paste the specific output and the rest of your ansible playbook 
>>> you are using to test this?
>>>
>>> Also, the /usr/share/ansible directory *may* expect your module to be in 
>>> a category subdirectory, it's been so long that we've had categories, I 
>>> don't know if that's true without spelunking through the source.  The 
>>> subdirectory name would not be important.
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Sep 22, 2014 at 8:43 PM, Joseph Jenkins  
>>> wrote:
>>>
 The module is sitting in /usr/share/ansible in the root and it does 
 have a .py.  The module is ans_check_dis.py.   

 The playbook calls the module just fine, however nothing was working 
 and it's complaining about the variables being empty.  So I put a 30 
 second 
 wait into the module so that I could check the arguments file and I found 
 that it's empty.  

 Here is the main.yml from my tasks folder:

 ---

 - name: Run the Command on the switch

   ans_check_dis.py: 

 On Monday, September 22, 2014 4:43:43 PM UTC-7, Michael DeHaan wrote:
>
> Hi Joseph,
>
> It won't matter, but typical convention is to not have modules end in 
> ".py", but it seems like your problem may be that it's not in the module 
> path.
>
> This is configured in Ansible.cfg, or you can just drop the module 
> into a "./library" directory alongside your playbook.
>
> I'd have to see the line from the playbook to see if you were having a 
> specific problem with the invocation, but my guess is that's the problem.
>
> If that's not it, I'd need more information about what "doesn't work" 
> means in your case.
>
> Thanks!
>
> On Mon, Sep 22, 2014 at 5:15 PM, Joseph Jenkins  
> wrote:
>
>> I created an Ansible module in python that works correctly when I 
>> call it from the command line with:
>>
>> ansible routers -m ans_check_dis.py -a 'user=someuser host=somehost 
>> password=somepassword' -k
>>
>> Now I am trying to build this into a playbook to be called and have 
>> the variables used as the arguments for the module.  I have tried a 
>> bunch 
>> of different iterations and tried searching for it and can't seem to 
>> find 
>> how to make this work.  Any recommendations or guidance would be greatly 
>> appreciated.
>>
>> -- 
>> You received this message because you are subscribed to the Google 
>

Re: [ansible-project] Upload SSL Certificate to AWS (for aws_elb_lb module to use)

[James Cammarata]

Hi Sankalp,

The certificate needs to be loaded into AWS IAM first - the ec2_elb_lb
module does not do this. To reference the cert from ec2_elb_lb, the
certificate ID is referenced in the list of listeners (see the first
example here: http://docs.ansible.com/ec2_elb_lb_module.html).

Thanks!

On Mon, Sep 22, 2014 at 4:05 PM, Sankalp Khare 
wrote:

> Hi,
>
> Does ansible support uploading of .crt, .key (and optionally .chain) files
> into AWS? I would like to complete the whole cycle, i.e. upload a cert, and
> then refer to it in aws_elb_lb
>  listeners.
>
> Thanks,
> Sankalp
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d01ad9da-9969-40c7-94d4-48c5da66d913%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAMFyvFg-NP3v5TqLXq81%2BFtz4M-%2BiFJ--Ke19JemK7xZv1ynzw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Passing variables as arguments to module from Ansible Playbook

[Matt Martz]

I may be missing something here, but in your example you did not seem to be
passing anything to your module in your playbook.  You mention that the
vars are in vars/main.yml, however you still need to pass those vars to
your module.  I imagine something like the following based on your output
of vars/main.yml:

---

- name: Run the Command on the switch

  ans_check_dis.py: user="{{item.user}}" password="{{item.password}}"
host="{{item.host}}"

  with_items: routers



On Mon, Sep 22, 2014 at 8:04 PM, Joseph Jenkins 
wrote:

> Here is the output from ansible-playbook command:
>
> jjenkins@CAARPWATCH:~/ANSIBLE/TEST$ ansible-playbook site.yml -k
>>
>> SSH password:
>> PLAY [Lookup information on the Switch]
>> ***
>> GATHERING FACTS
>> ***
>> ok: [localhost]
>> TASK: [router | Run the Command on the switch]
>> 
>> fatal: [localhost] => failed to parse: Traceback (most recent call last):
>>   File
>> "/home/jjenkins/.ansible/tmp/ansible-tmp-1411433982.14-168150244858379/ans_check_dis.py",
>> line 38, in 
>> remote_conn_pre.connect(dest, username=userid, password=passw,
>> allow_agent=False,look_for_keys=False)
>> NameError: name 'dest' is not defined
>> FATAL: all hosts have already failed -- aborting
>> PLAY RECAP
>> 
>>to retry, use: --limit @/home/jjenkins/site.retry
>> localhost  : ok=1changed=0unreachable=1
>> failed=0
>>
>> When I the arguments file under:
> /home/jjenkins/.ansible/tmp/ansible-tmp-1411433982.14-168150244858379/arguments
> it's empty, its like it didn't grab the vars out of the vars/main.yml
>
> ---
>
> routers:
>
>  - { user: somepass, host: somehost, password: somepass }
> Is this the correct place to be putting these variables to get passed as
> arguments?  That is my first problem is that I am not sure I have the
> values in the right place to get treated as arguments to be passed to the
> module.
>
>
>
>> On Monday, September 22, 2014 5:47:47 PM UTC-7, Michael DeHaan wrote:
>>
>> "however nothing was working and it's complaining about the variables
>> being empty"
>>
>> Can you paste the specific output and the rest of your ansible playbook
>> you are using to test this?
>>
>> Also, the /usr/share/ansible directory *may* expect your module to be in
>> a category subdirectory, it's been so long that we've had categories, I
>> don't know if that's true without spelunking through the source.  The
>> subdirectory name would not be important.
>>
>>
>>
>>
>>
>> On Mon, Sep 22, 2014 at 8:43 PM, Joseph Jenkins 
>> wrote:
>>
>>> The module is sitting in /usr/share/ansible in the root and it does have
>>> a .py.  The module is ans_check_dis.py.
>>>
>>> The playbook calls the module just fine, however nothing was working and
>>> it's complaining about the variables being empty.  So I put a 30 second
>>> wait into the module so that I could check the arguments file and I found
>>> that it's empty.
>>>
>>> Here is the main.yml from my tasks folder:
>>>
>>> ---
>>>
>>> - name: Run the Command on the switch
>>>
>>>   ans_check_dis.py:
>>>
>>> On Monday, September 22, 2014 4:43:43 PM UTC-7, Michael DeHaan wrote:

 Hi Joseph,

 It won't matter, but typical convention is to not have modules end in
 ".py", but it seems like your problem may be that it's not in the module
 path.

 This is configured in Ansible.cfg, or you can just drop the module into
 a "./library" directory alongside your playbook.

 I'd have to see the line from the playbook to see if you were having a
 specific problem with the invocation, but my guess is that's the problem.

 If that's not it, I'd need more information about what "doesn't work"
 means in your case.

 Thanks!

 On Mon, Sep 22, 2014 at 5:15 PM, Joseph Jenkins 
 wrote:

> I created an Ansible module in python that works correctly when I call
> it from the command line with:
>
> ansible routers -m ans_check_dis.py -a 'user=someuser host=somehost
> password=somepassword' -k
>
> Now I am trying to build this into a playbook to be called and have
> the variables used as the arguments for the module.  I have tried a bunch
> of different iterations and tried searching for it and can't seem to find
> how to make this work.  Any recommendations or guidance would be greatly
> appreciated.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/60e7e7

Re: [ansible-project] Passing variables as arguments to module from Ansible Playbook

[Joseph Jenkins]

Here is the output from ansible-playbook command:

jjenkins@CAARPWATCH:~/ANSIBLE/TEST$ ansible-playbook site.yml -k
>
> SSH password: 
> PLAY [Lookup information on the Switch] 
> *** 
> GATHERING FACTS 
> *** 
> ok: [localhost]
> TASK: [router | Run the Command on the switch] 
>  
> fatal: [localhost] => failed to parse: Traceback (most recent call last):
>   File 
> "/home/jjenkins/.ansible/tmp/ansible-tmp-1411433982.14-168150244858379/ans_check_dis.py",
>  
> line 38, in 
> remote_conn_pre.connect(dest, username=userid, password=passw, 
> allow_agent=False,look_for_keys=False)
> NameError: name 'dest' is not defined
> FATAL: all hosts have already failed -- aborting
> PLAY RECAP 
>  
>to retry, use: --limit @/home/jjenkins/site.retry
> localhost  : ok=1changed=0unreachable=1
> failed=0   
>
> When I the arguments file under: 
/home/jjenkins/.ansible/tmp/ansible-tmp-1411433982.14-168150244858379/arguments
it's empty, its like it didn't grab the vars out of the vars/main.yml
 
---

routers:

 - { user: somepass, host: somehost, password: somepass }
Is this the correct place to be putting these variables to get passed as 
arguments?  That is my first problem is that I am not sure I have the 
values in the right place to get treated as arguments to be passed to the 
module.

 

> On Monday, September 22, 2014 5:47:47 PM UTC-7, Michael DeHaan wrote:
>
> "however nothing was working and it's complaining about the variables 
> being empty"
>
> Can you paste the specific output and the rest of your ansible playbook 
> you are using to test this?
>
> Also, the /usr/share/ansible directory *may* expect your module to be in a 
> category subdirectory, it's been so long that we've had categories, I don't 
> know if that's true without spelunking through the source.  The 
> subdirectory name would not be important.
>
>
>
>
>
> On Mon, Sep 22, 2014 at 8:43 PM, Joseph Jenkins  > wrote:
>
>> The module is sitting in /usr/share/ansible in the root and it does have 
>> a .py.  The module is ans_check_dis.py.   
>>
>> The playbook calls the module just fine, however nothing was working and 
>> it's complaining about the variables being empty.  So I put a 30 second 
>> wait into the module so that I could check the arguments file and I found 
>> that it's empty.  
>>
>> Here is the main.yml from my tasks folder:
>>
>> ---
>>
>> - name: Run the Command on the switch
>>
>>   ans_check_dis.py: 
>>
>> On Monday, September 22, 2014 4:43:43 PM UTC-7, Michael DeHaan wrote:
>>>
>>> Hi Joseph,
>>>
>>> It won't matter, but typical convention is to not have modules end in 
>>> ".py", but it seems like your problem may be that it's not in the module 
>>> path.
>>>
>>> This is configured in Ansible.cfg, or you can just drop the module into 
>>> a "./library" directory alongside your playbook.
>>>
>>> I'd have to see the line from the playbook to see if you were having a 
>>> specific problem with the invocation, but my guess is that's the problem.
>>>
>>> If that's not it, I'd need more information about what "doesn't work" 
>>> means in your case.
>>>
>>> Thanks!
>>>
>>> On Mon, Sep 22, 2014 at 5:15 PM, Joseph Jenkins  
>>> wrote:
>>>
 I created an Ansible module in python that works correctly when I call 
 it from the command line with:

 ansible routers -m ans_check_dis.py -a 'user=someuser host=somehost 
 password=somepassword' -k

 Now I am trying to build this into a playbook to be called and have the 
 variables used as the arguments for the module.  I have tried a bunch of 
 different iterations and tried searching for it and can't seem to find how 
 to make this work.  Any recommendations or guidance would be greatly 
 appreciated.

 -- 
 You received this message because you are subscribed to the Google 
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to ansible-proje...@googlegroups.com.
 To post to this group, send email to ansible...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/
 msgid/ansible-project/60e7e71f-705a-44e3-af22-
 498259cb7ef8%40googlegroups.com 
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> 

Re: [ansible-project] Passing variables as arguments to module from Ansible Playbook

[Michael DeHaan]

"however nothing was working and it's complaining about the variables being
empty"

Can you paste the specific output and the rest of your ansible playbook you
are using to test this?

Also, the /usr/share/ansible directory *may* expect your module to be in a
category subdirectory, it's been so long that we've had categories, I don't
know if that's true without spelunking through the source.  The
subdirectory name would not be important.





On Mon, Sep 22, 2014 at 8:43 PM, Joseph Jenkins 
wrote:

> The module is sitting in /usr/share/ansible in the root and it does have a
> .py.  The module is ans_check_dis.py.
>
> The playbook calls the module just fine, however nothing was working and
> it's complaining about the variables being empty.  So I put a 30 second
> wait into the module so that I could check the arguments file and I found
> that it's empty.
>
> Here is the main.yml from my tasks folder:
>
> ---
>
> - name: Run the Command on the switch
>
>   ans_check_dis.py:
>
> On Monday, September 22, 2014 4:43:43 PM UTC-7, Michael DeHaan wrote:
>>
>> Hi Joseph,
>>
>> It won't matter, but typical convention is to not have modules end in
>> ".py", but it seems like your problem may be that it's not in the module
>> path.
>>
>> This is configured in Ansible.cfg, or you can just drop the module into a
>> "./library" directory alongside your playbook.
>>
>> I'd have to see the line from the playbook to see if you were having a
>> specific problem with the invocation, but my guess is that's the problem.
>>
>> If that's not it, I'd need more information about what "doesn't work"
>> means in your case.
>>
>> Thanks!
>>
>> On Mon, Sep 22, 2014 at 5:15 PM, Joseph Jenkins 
>> wrote:
>>
>>> I created an Ansible module in python that works correctly when I call
>>> it from the command line with:
>>>
>>> ansible routers -m ans_check_dis.py -a 'user=someuser host=somehost
>>> password=somepassword' -k
>>>
>>> Now I am trying to build this into a playbook to be called and have the
>>> variables used as the arguments for the module.  I have tried a bunch of
>>> different iterations and tried searching for it and can't seem to find how
>>> to make this work.  Any recommendations or guidance would be greatly
>>> appreciated.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/ansible-project/60e7e71f-705a-44e3-af22-
>>> 498259cb7ef8%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/94c64e96-9054-419e-bf8e-5852402b65ea%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgw%2BrVFniksg%2Bok9ogeOVrzieLFEPiZdWfSDL5Th32v5ZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Passing variables as arguments to module from Ansible Playbook

[Joseph Jenkins]

The module is sitting in /usr/share/ansible in the root and it does have a 
.py.  The module is ans_check_dis.py.   

The playbook calls the module just fine, however nothing was working and 
it's complaining about the variables being empty.  So I put a 30 second 
wait into the module so that I could check the arguments file and I found 
that it's empty.  

Here is the main.yml from my tasks folder:

---

- name: Run the Command on the switch

  ans_check_dis.py: 

On Monday, September 22, 2014 4:43:43 PM UTC-7, Michael DeHaan wrote:
>
> Hi Joseph,
>
> It won't matter, but typical convention is to not have modules end in 
> ".py", but it seems like your problem may be that it's not in the module 
> path.
>
> This is configured in Ansible.cfg, or you can just drop the module into a 
> "./library" directory alongside your playbook.
>
> I'd have to see the line from the playbook to see if you were having a 
> specific problem with the invocation, but my guess is that's the problem.
>
> If that's not it, I'd need more information about what "doesn't work" 
> means in your case.
>
> Thanks!
>
> On Mon, Sep 22, 2014 at 5:15 PM, Joseph Jenkins  > wrote:
>
>> I created an Ansible module in python that works correctly when I call it 
>> from the command line with:
>>
>> ansible routers -m ans_check_dis.py -a 'user=someuser host=somehost 
>> password=somepassword' -k
>>
>> Now I am trying to build this into a playbook to be called and have the 
>> variables used as the arguments for the module.  I have tried a bunch of 
>> different iterations and tried searching for it and can't seem to find how 
>> to make this work.  Any recommendations or guidance would be greatly 
>> appreciated.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/60e7e71f-705a-44e3-af22-498259cb7ef8%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/94c64e96-9054-419e-bf8e-5852402b65ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] continual deployment with ansible... and managing SSH keys?

[Michael DeHaan]

So a very good option for key management would be ansible tower -
http://ansible.com/tower

Let Tower hold on to your key, and nobody will see it.  It will use
ssh-agent behind the scenes (your key may be locked with a password or not)
and only allow that key to be used for running Ansible playbooks.

(The key is saved encrypted in the database)

I'd also consider setting things up so something like an "ansible" user can
sudo.  It isn't strictly required, but might help a little bit with
tracking who does what.

(Tower also keeps good logs of this)



On Mon, Sep 22, 2014 at 8:23 PM, Kevin Burton  wrote:

> Right now I just manually SSH into a box in our cluster and run ansible.
>
> But I want to automate this... Ideally I could just bump the version
> number in my code when I want it released... and 2 minutes later it would
> be staged, tested, and deployed.
>
> But the issue is SSH auth.. many of my daemons need root.  I don't
> necessarily want to have keys just sitting there giving anyone full access
> to my cluster.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/57b954e7-48a8-491a-8e64-7d7168c1b534%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzAi9BnUsciPT1KFF-TRArB97854Skg9zKm2q2K-yLmTQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] continual deployment with ansible... and managing SSH keys?

[Kevin Burton]

Right now I just manually SSH into a box in our cluster and run ansible.

But I want to automate this... Ideally I could just bump the version number 
in my code when I want it released... and 2 minutes later it would be 
staged, tested, and deployed.

But the issue is SSH auth.. many of my daemons need root.  I don't 
necessarily want to have keys just sitting there giving anyone full access 
to my cluster.  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/57b954e7-48a8-491a-8e64-7d7168c1b534%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Passing variables as arguments to module from Ansible Playbook

[Michael DeHaan]

Hi Joseph,

It won't matter, but typical convention is to not have modules end in
".py", but it seems like your problem may be that it's not in the module
path.

This is configured in Ansible.cfg, or you can just drop the module into a
"./library" directory alongside your playbook.

I'd have to see the line from the playbook to see if you were having a
specific problem with the invocation, but my guess is that's the problem.

If that's not it, I'd need more information about what "doesn't work" means
in your case.

Thanks!

On Mon, Sep 22, 2014 at 5:15 PM, Joseph Jenkins 
wrote:

> I created an Ansible module in python that works correctly when I call it
> from the command line with:
>
> ansible routers -m ans_check_dis.py -a 'user=someuser host=somehost
> password=somepassword' -k
>
> Now I am trying to build this into a playbook to be called and have the
> variables used as the arguments for the module.  I have tried a bunch of
> different iterations and tried searching for it and can't seem to find how
> to make this work.  Any recommendations or guidance would be greatly
> appreciated.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/60e7e71f-705a-44e3-af22-498259cb7ef8%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyOQYLXUaBesnhvdQuwfJo%3DxPA0-6tzeiwXgXZdPohNjg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Tagging EC2 VPC route tables and gateways

[Steven Ringo]

Hi,


> (A)   So I infer that you are asking for a way to set automatically applied 
> tags for instances added to a VPC.   Do you know if this is ordinarily 
> possible in AWS?

When you create a VPC using `ec2_vpc` it creates the VPC as well as some other 
AWS objects -- subnets, route tables and internet gateways respectively, as 
specified when calling the module.

The module returns the vpc id as well as the subnet ids. However it does not 
return the gateway nor the route table id values.

I would like to tag these if possible. The tagging doesn't need to be automatic 
though. Can use ec2_tag, however I am unable to obtain these ids which leads me 
to the next question...

> (B)  When you say "there is no way to get this data out of the system", which 
> is this data specifically?

Both the returned value from the ec2_vpc and using the ec2 inventory module 
don't enumerate the route tables and gateways (and some other aws objects). I 
realise this is EC2 inventory, and not AWS inventory, so if there's another 
inventory module or similar way to get this, that would be great.

> (C)  With regard to the ec2_facts module, this module returns variables about 
> an instance obtained by the instance querying the metadata service.   Do you 
> want to see what variables it returns or are you looking for more information 
> about how to invoke it?

I just realised that you need to be running ec2_facts on the ec2 machine 
itself, and it returns that machine's metadata. Have added some additional 
information to the docs -- PR #9102.

Thanks so much.

Steve

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/49E4A48E-AD41-45F0-81F5-3831FD6F3015%40stevenringo.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] get_url newbie question

[Daniel Laird]

All,

New to ansible and struggling a bit.

I want to use get_url on a list of files.  But also due to issues with the 
server I am downloading from I want to retry the download on failure.
I have something like this:

- name: Download the packages
  get_url: url=pkg_name.tar.bz2 dest=/opt/DIR_NAME force=yes 
url_password={{ svn_password }} url_username={{ svn_username }} use_proxy=no
  register: get_url_result
  until: get_url_result.rc == 0
  retries: 5
  delay: 10
  with_items: pkg_list

Is this possible?
I cant seem to get the logic right or find out what the get_url returns in 
the failure case.
I just want to try no more than 5 times for each pkg in the package list.

Cheers
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1587e35f-0a54-4f72-8383-e0e86850d324%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Passing variables as arguments to module from Ansible Playbook

[Joseph Jenkins]

I created an Ansible module in python that works correctly when I call it 
from the command line with:

ansible routers -m ans_check_dis.py -a 'user=someuser host=somehost 
password=somepassword' -k

Now I am trying to build this into a playbook to be called and have the 
variables used as the arguments for the module.  I have tried a bunch of 
different iterations and tried searching for it and can't seem to find how 
to make this work.  Any recommendations or guidance would be greatly 
appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/60e7e71f-705a-44e3-af22-498259cb7ef8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Upload SSL Certificate to AWS (for aws_elb_lb module to use)

[Sankalp Khare]

Hi,

Does ansible support uploading of .crt, .key (and optionally .chain) files 
into AWS? I would like to complete the whole cycle, i.e. upload a cert, and 
then refer to it in aws_elb_lb 
 listeners.

Thanks,
Sankalp

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d01ad9da-9969-40c7-94d4-48c5da66d913%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Fwd: no tty

[Michael DeHaan]

Sometimes scripts will also behave better if given a --batch flag or
redirected < /dev/null for input.



On Mon, Sep 22, 2014 at 10:26 AM, Matt Martz  wrote:

> I would assume that if you specified -T in ANSIBLE_SSH_ARGS (env var) or
> in ssh_args in ansible.cfg (
> http://docs.ansible.com/intro_configuration.html#ssh-args) that it would
> disable the tty.
>
> Unfortunately this is global, and I am unsure how all of the modules would
> work with this configuration.
>
> Can you modify the script to take an argument that will also force the
> same behavior as not having a tty?  Or perhaps an environment var?
>
> On Mon, Sep 22, 2014 at 8:32 AM, Guy Matz  wrote:
>
>> I am trying to run a script using the command module . . .  when the
>> script thinks it has a tty it prompts, asking if it should overwrite
>> files.  When the script thinks there is no tty it just overwrites files,
>> which is the behavior what I want.
>>
>> Thanks!
>>
>> On Sun, Sep 21, 2014 at 3:33 PM, Michael DeHaan 
>> wrote:
>>
>>> What problems are you having?
>>>
>>>
>>>
>>> On Fri, Sep 19, 2014 at 3:14 PM, Guy Matz  wrote:
>>>
 Hello!  Anyone know if there is a way to specify 'no tty' for a play?
 I have a command that calls a script that is prompting for overwrites if it
 thinks there's a tty attached  . .. I saw on the list that someone had
 gotten around it by using screen, but I was wondering if there was a better
 way.

 Thanks!
 Guy

  --
 You received this message because you are subscribed to the Google
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/CABnTgtWyrVYwWO3%2ByAwevxcz-U4mn3q0YrvS23FYmWZZ17Cm8g%40mail.gmail.com
 
 .

 For more options, visit https://groups.google.com/d/optout.

>>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansible-project@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwNzpKvGgMWyA3f6Zg9fH_BC7DHRdopwbQpzn%3DsKraCYw%40mail.gmail.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CABnTgtXQ1X7obZ2_SSnw6vb2xJ0y3%3DDT2A%3DNT1%3D1_7erEgjM2A%40mail.gmail.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Matt Martz
> @sivel
> sivel.net
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAD8N0v9ZOtv8pHpcA-B3TzQGpWQkM1m1o1GYbh6ng5BasAXkKw%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwUKLgX54YU3ingMw_4d84pJAJ-XYgKfmCY3ECZ_YqViw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Parsing ansible_hostname

[Michael DeHaan]

I'd vote for James Martin's suggestion for selecting hosts based on the
pattern.

The other vote is good enough for getting out the string and putting it
into a conditional, but using the pattern construct is more readable and
also produces cleaner output.



On Mon, Sep 22, 2014 at 10:02 AM, Michael Peters 
wrote:

> The regex_replace filter is probably what you're looking for. Assuming
> there are only ever 3 segments separated by a hyphen, and you want the
> 2nd, something like this would work:
>
> {{ ansible_hostname | regex_replace('^[^-]+-', '') | regex_replace('-.*',
> '') }}
>
> On Mon, Sep 22, 2014 at 9:07 AM, James Martin  wrote:
> > I believe you'd want to use an inventory pattern here:
> >
> > - hosts: *-apache-*
> >   roles:
> >   - apache
> >
> > See this link for more information:
> > http://docs.ansible.com/intro_patterns.html
> >
> > - James
> >
> >
> > On Sunday, September 21, 2014 11:27:51 PM UTC-4, Matt Wells wrote:
> >>
> >> Hi all, I hope somebody can offer me a little guidance.  I've read a
> >> decent amount on jinja2 and as I'm still learning python; so with that I
> >> hoped for a little guidance.
> >> Essentially I want to apply a role based off an item in the hostname.
> >>
> >> So {{ ansible_hostname }} = las01-123-984 where 123 is the host type.
> >> That's my role that's setup.  It sets up the box as an apache system
> with
> >> new firewall and all that.
> >> I've just been unable to get the proper parser to pull the 123 from the
> >> hostname.
> >>
> >> Any guidance would be fantastic, thank you all!!
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to ansible-project+unsubscr...@googlegroups.com.
> > To post to this group, send email to ansible-project@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/ff817e01-47d8-4118-96f3-5cb3901db354%40googlegroups.com
> .
> >
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAJQqANd5gA8UoHvZ3fRG_JZhV8pkNbu%3D2g%2B4ibbgvzXcrGY80A%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwqosHPnDdRwiE9Hm3KabQOdJ2TdbgTNiXG64eaDn7X9w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Condition before lookup

[Michael DeHaan]

For some further elucidation, it should be pointed out that the "when" gets
evaluated for every step of the loop, which is why it can't be applied to
decide whether to loop in the first place.

when: foo is defined and 
with_items: foo

Will work as a looping construct, if you don't want to the default trick.



On Mon, Sep 22, 2014 at 9:42 AM, Brian Coca  wrote:

> "with_" fields are 'auto templated', you can use jinja2 in all fields
> that are so
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CADn%2BHsygQOxL%3DPqZtijgJCkSPkSGcxWtBM0_UDj%2BFheW88tNJQ%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy%2BnkDOvmxE4cHLX-A33HXmc5Rkk5DcCV7xNWLW9r-6Ag%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Tagging EC2 VPC route tables and gateways

[Michael DeHaan]

A few questions:

(A)   So I infer that you are asking for a way to set automatically applied
tags for instances added to a VPC.   Do you know if this is ordinarily
possible in AWS?

(B)  When you say "there is no way to get this data out of the system",
which is this data specifically?

(C)  With regard to the ec2_facts module, this module returns variables
about an instance obtained by the instance querying the metadata service.
Do you want to see what variables it returns or are you looking for more
information about how to invoke it?

Thanks!



On Mon, Sep 22, 2014 at 1:06 AM, Steven Ringo 
wrote:

> Hi,
>
> We are looking at having a policy that all resources on AWS have tags.
>
> I would like to add tags to route tables and gateways. It doesn't seem to
> be available using `ec2_vpc`, where these are initially defined. There also
> seems to be no way to get this data out of the system, either with a
> registered variable (when a new VPC is created), or with the ec2 inventory
> module. I also can't seem to work out how to use `ec2_facts` module.
>
> If anyone knows if this possible or how I may go about doing this, that
> would be great.
>
> Thanks,
>
> Steve
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/364d2e33-4361-46df-8820-d15fce8c488d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxWUGSO%3DFxnmizUNhibfkQOVB2JCR3%2Bt2mq%3Dju6xqGVkA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] msg: Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!

[Michael DeHaan]

The copy module uses the exact same functions for this as other modules.

Could this be a machine where the bindings are yet not installed?



On Sun, Sep 21, 2014 at 10:15 PM, Zhenkai Jiang  wrote:

> I was checking on the node. and yes, i have tried run playbook like
> this... But it's still complaining same error while using copy module.
>
> On Saturday, September 20, 2014 12:12:45 AM UTC+8, Dick Davies wrote:
>>
>> Are you checking on the nodes you're trying to manage, or on the machine
>> that has ansible installed?
>>
>> My guess is you need it on the nodes, so a task above the copy like
>>
>> - name: install selinux bindings
>>   yum: name=libselinux-python state=present
>>
>> will push it out before you need to use it.
>>
>> On 19 September 2014 13:36, Zhenkai Jiang  wrote:
>> >
>> >
>> > I was trying to use copy module which rely on  libselinux-python when
>> > selinux is enabled i think.
>> >
>> > The weird thing is I have checked every single environment, they have
>> > already have latest libselinux-python installed.
>> >
>> > What can I do now?
>> >
>> > Much appreciated.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> > email to ansible-proje...@googlegroups.com.
>> > To post to this group, send email to ansible...@googlegroups.com.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/ansible-project/
>> 9d47e86d-9213-4d5c-ab42-22f458e00bd5%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/af2a7311-590f-4411-9ba0-e2aa1d5d16d7%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgw1nX8XaZL8V8MuMQUPf%2BiFoRNqvijzzAXjrdBhgdetKQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Role and playbook versioning

[Ivaylo Bratoev]

>
> My question is whether the dict equivalent example I gave that you quote 
> below should also work - but then there might be confusion between which 
> parameters are role runtime variables and which are installationtime 
> variables  (although using a prefix like role_install_ should reduce the 
> likelihood of clashes)
>

I think that it should work. As I posted earlier I am trying to manage 
internal roles that are not shared through Ansible Galaxy and I need to be 
able to specify internal role dependencies. BTW, currently, there is a 
*hack* that I found but I would prefer to not use:

dependencies:
  - src: https://git.example.com/repos/horrible-role-name.git
scm: git
name: role-friendly-name
role: role-friendly-name
this-is-a-variable: x

On Monday, August 18, 2014 3:49:06 PM UTC+3, Will Thames wrote:

> I’m not sure pip has the same problem, which is effectively that 
> dependency declarations are useful at both install time and at run time
>
> In the below example ‘this_is_a_role_variable’ is a variable that gets 
> passed to the role when it is run (and dependencies are run before the role 
> itself is run, as explained in the Roles Dependencies section in the docs) 
> rather than a variable used at installation time. The other parameters are 
> all used for installation only.
>
> Currently dependencies are installed through a similar installation 
> mechanism as the roles file - so if when installing a role from the roles 
> file, it comes across a dependency, it can install that too. So a 
> non-galaxy role dependency can be specified using:
>
> dependencies:
>   - role: “git+http://git.example.com/reponame.git,v1.0,friendlyname”
>
> My question is whether the dict equivalent example I gave that you quote 
> below should also work - but then there might be confusion between which 
> parameters are role runtime variables and which are installationtime 
> variables  (although using a prefix like role_install_ should reduce the 
> likelihood of clashes)
>
> But if you’re saying that users have to manage their own dependencies when 
> using non galaxy roles, then perhaps I need do no more - hopefully my 
> solution works for installing non galaxy dependencies through the roles 
> dependencies mechanism.
>
> Apologies if it’s still no clearer.
>
> Will
>
>
>
> On 18 Aug 2014, at 22:35, Michael DeHaan > 
> wrote:
>
> I'd follow pip's example here, PyPi understands dependencies, which is the 
> galaxy analog.
>
> Outside of that, there are no deps (right?)
>
> "dependencies:
> - { role: friendly_role_name,
>  this_is_a_role_variable: x,
>  role_install_src: “git+http://url”,
>  role_install_version: v1.0 }"
>
> I'm not understanding this part, currently in meta.yml it's not required 
> for anything like "this_is_a_role_variable" to be defined.I also think 
> all that would be required is whether to install dependencies, i.e. a 
> simple boolean
>
> - role: username.rolename
>   dependencies: True # can set to False for galaxy roles, non-galaxy roles 
> this is always off and cannot be controlled.
>
> etc?
>
> Then it should assume to fetch them from galaxy, because there is no other 
> index of role deps.
>
>
>
>
> On Mon, Aug 18, 2014 at 7:35 AM, Will Thames  > wrote:
>
>> This is now working for the roles file in YAML format.
>>
>> It doesn’t work so well for role dependencies - we’d probably need to 
>> declare some special variables for that. 
>>
>> At the moment the YAML file format is
>>
>> - src: “git+http://git.example.com/repos/horrible-role-name”
>>   name: “nice-role-name”
>>   version: v1.0
>>
>> You can also use scm: git (or hg) instead of the git+ / hg+ - the end 
>> result is the same. 
>>
>> For this to work with role dependencies it would need to be obvious what 
>> are role_vars and what are settings for installing dependencies (perhaps 
>> prepend role_install to distinguish the two? - I haven’t implemented this 
>> at all, figure I should gather thoughts on requirements first. 
>>
>> Something like 
>>
>> dependencies:
>> - { role: friendly_role_name,
>>  this_is_a_role_variable: x,
>>  role_install_src: “git+http://url”,
>>  role_install_version: v1.0 }
>>
>> On 17 Aug 2014, at 23:00, Michael DeHaan > > wrote:
>>
>> "I also don’t particularly propose rewriting what I’ve done so far given 
>> that it’s backwards compatible"
>>
>> This would be fine with me.
>>
>> "I would prefer not to support a mixed format roles file - how about if 
>> the filename ends ‘.yml’ or ‘.yaml’ we treat it as yaml, otherwise use the 
>> existing format."
>>
>> +1
>>
>> This could be applied on top.
>>
>>
>>
>>
>> On Sun, Aug 17, 2014 at 3:21 AM, Will Thames > > wrote:
>>
>>> My implementation only uses three fields, in an order that is backward 
>>> compatible with the existing roles file, and I’m not sure what the other 
>>> proposed fields would be.
>>>
>>> However, I like the YAML idea if only because it would work much more 
>>> nicely with the depend

[ansible-project] Re: Re: Rolling Restart an Elasticsearch Cluster with Ansible

[Sam Doran]

I've written two rolling Elasticsearch playbooks 
: one for restarting 
the cluster, the other for updating the cluster. I use the feature of 
Ansible that will intelligently take JSON output in a register variable and 
make it addressable (not sure if I'm using the right terminology). Because 
Elasticsearch returns JSON when you query the API, you can use the 
registered output of the uri module and a do-until loop 
 to wait for a 
certain condition before continuing. So instead of using result.stdout or 
result.content with a search, you can use result.json.[field] to be very 
precise.

- name: Wait for cluster health to return to yellow
  uri: url=http://localhost:{{ es_http_port }}/_cluster/health 
method=GET
  register: response
  until: "response.json.status == 'yellow'"
  retries: 5
  delay: 30

The contents of response.json are:

ok: [node01.acme.com] => {
"response": {
"changed": false,
"content_length": "227",
"content_location": "http://localhost:9500/_cluster/health";,
"content_type": "application/json; charset=UTF-8",
"invocation": {
"module_args": "url=http://localhost:9500/_cluster/health 
method=GET",
"module_name": "uri"
},
"json": {
"active_primary_shards": 405,
"active_shards": 810,
"cluster_name": "elasticsearch",
"initializing_shards": 0,
"number_of_data_nodes": 3,
"number_of_nodes": 4,
"relocating_shards": 0,
"status": "green",
"timed_out": false,
"unassigned_shards": 0
},
"redirected": false,
"status": 200
}
}

I'm not sure of the value of using pre and post tasks with a serial of one 
in my playbooks. It could all most likely be one list of tasks.

I based the playbooks on the Elasticsearch documentation for updating 1.0 
and later 

 and 
rolling restart 

.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/61c9e24a-f111-4d0d-a516-fc06c9aea2e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Fwd: no tty

[Matt Martz]

I would assume that if you specified -T in ANSIBLE_SSH_ARGS (env var) or in
ssh_args in ansible.cfg (
http://docs.ansible.com/intro_configuration.html#ssh-args) that it would
disable the tty.

Unfortunately this is global, and I am unsure how all of the modules would
work with this configuration.

Can you modify the script to take an argument that will also force the same
behavior as not having a tty?  Or perhaps an environment var?

On Mon, Sep 22, 2014 at 8:32 AM, Guy Matz  wrote:

> I am trying to run a script using the command module . . .  when the
> script thinks it has a tty it prompts, asking if it should overwrite
> files.  When the script thinks there is no tty it just overwrites files,
> which is the behavior what I want.
>
> Thanks!
>
> On Sun, Sep 21, 2014 at 3:33 PM, Michael DeHaan 
> wrote:
>
>> What problems are you having?
>>
>>
>>
>> On Fri, Sep 19, 2014 at 3:14 PM, Guy Matz  wrote:
>>
>>> Hello!  Anyone know if there is a way to specify 'no tty' for a play?  I
>>> have a command that calls a script that is prompting for overwrites if it
>>> thinks there's a tty attached  . .. I saw on the list that someone had
>>> gotten around it by using screen, but I was wondering if there was a better
>>> way.
>>>
>>> Thanks!
>>> Guy
>>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansible-project@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CABnTgtWyrVYwWO3%2ByAwevxcz-U4mn3q0YrvS23FYmWZZ17Cm8g%40mail.gmail.com
>>> 
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwNzpKvGgMWyA3f6Zg9fH_BC7DHRdopwbQpzn%3DsKraCYw%40mail.gmail.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CABnTgtXQ1X7obZ2_SSnw6vb2xJ0y3%3DDT2A%3DNT1%3D1_7erEgjM2A%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v9ZOtv8pHpcA-B3TzQGpWQkM1m1o1GYbh6ng5BasAXkKw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Parsing ansible_hostname

[Michael Peters]

The regex_replace filter is probably what you're looking for. Assuming
there are only ever 3 segments separated by a hyphen, and you want the
2nd, something like this would work:

{{ ansible_hostname | regex_replace('^[^-]+-', '') | regex_replace('-.*', '') }}

On Mon, Sep 22, 2014 at 9:07 AM, James Martin  wrote:
> I believe you'd want to use an inventory pattern here:
>
> - hosts: *-apache-*
>   roles:
>   - apache
>
> See this link for more information:
> http://docs.ansible.com/intro_patterns.html
>
> - James
>
>
> On Sunday, September 21, 2014 11:27:51 PM UTC-4, Matt Wells wrote:
>>
>> Hi all, I hope somebody can offer me a little guidance.  I've read a
>> decent amount on jinja2 and as I'm still learning python; so with that I
>> hoped for a little guidance.
>> Essentially I want to apply a role based off an item in the hostname.
>>
>> So {{ ansible_hostname }} = las01-123-984 where 123 is the host type.
>> That's my role that's setup.  It sets up the box as an apache system with
>> new firewall and all that.
>> I've just been unable to get the proper parser to pull the 123 from the
>> hostname.
>>
>> Any guidance would be fantastic, thank you all!!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ff817e01-47d8-4118-96f3-5cb3901db354%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJQqANd5gA8UoHvZ3fRG_JZhV8pkNbu%3D2g%2B4ibbgvzXcrGY80A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Condition before lookup

[Brian Coca]

"with_" fields are 'auto templated', you can use jinja2 in all fields
that are so

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CADn%2BHsygQOxL%3DPqZtijgJCkSPkSGcxWtBM0_UDj%2BFheW88tNJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Fwd: no tty

[Guy Matz]

I am trying to run a script using the command module . . .  when the script
thinks it has a tty it prompts, asking if it should overwrite files.  When
the script thinks there is no tty it just overwrites files, which is the
behavior what I want.

Thanks!

On Sun, Sep 21, 2014 at 3:33 PM, Michael DeHaan  wrote:

> What problems are you having?
>
>
>
> On Fri, Sep 19, 2014 at 3:14 PM, Guy Matz  wrote:
>
>> Hello!  Anyone know if there is a way to specify 'no tty' for a play?  I
>> have a command that calls a script that is prompting for overwrites if it
>> thinks there's a tty attached  . .. I saw on the list that someone had
>> gotten around it by using screen, but I was wondering if there was a better
>> way.
>>
>> Thanks!
>> Guy
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CABnTgtWyrVYwWO3%2ByAwevxcz-U4mn3q0YrvS23FYmWZZ17Cm8g%40mail.gmail.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwNzpKvGgMWyA3f6Zg9fH_BC7DHRdopwbQpzn%3DsKraCYw%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CABnTgtXQ1X7obZ2_SSnw6vb2xJ0y3%3DDT2A%3DNT1%3D1_7erEgjM2A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Condition before lookup

[Daniel Schroeder]

Ah, great, didn't know you can use *default* in the yml itself. Only had 
been using it in jinja templates. Thanks, that works and is more elegant 
that creating the additional defaults file.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1df69464-b5d1-4fc5-8abf-dd5edfcd295a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Parsing ansible_hostname

[James Martin]

I believe you'd want to use an inventory pattern here:

- hosts: *-apache-*
  roles:
  - apache

See this link for more information: 
 http://docs.ansible.com/intro_patterns.html

- James


On Sunday, September 21, 2014 11:27:51 PM UTC-4, Matt Wells wrote:
>
> Hi all, I hope somebody can offer me a little guidance.  I've read a 
> decent amount on jinja2 and as I'm still learning python; so with that I 
> hoped for a little guidance. 
> Essentially I want to apply a role based off an item in the hostname.
>
> So {{ ansible_hostname }} = las01-123-984 where 123 is the host type. 
>  That's my role that's setup.  It sets up the box as an apache system with 
> new firewall and all that.  
> I've just been unable to get the proper parser to pull the 123 from the 
> hostname.  
>
> Any guidance would be fantastic, thank you all!!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ff817e01-47d8-4118-96f3-5cb3901db354%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Condition before lookup

[Brian Coca]

actually the solution is what you already used or

with_dict: some_dict|default({})

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CADn%2BHsxM6ES%3DGo6gK5CH%3D5YE7jAcrxXS3L_NCyxPQM3GOpVPZw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Condition before lookup

[Daniel Schroeder]

Not really a solution for the problem, is it? ;)

Am Montag, 22. September 2014 12:44:54 UTC+2 schrieb Daniel Schroeder:
>
> Hello list,
>
> I'm having a problem with adding a condition before a lookup plugin.
>
> A simplified example that everyone can reproduce is this:
>
> - debug: msg="This debug message should not be triggerd since some_dict 
> is not defined"
>   when: some_dict is defined
>   with_dict: some_dict
>
> That doesn't work because *with_dict* is processed before the condition 
> is checked. That's not wrong, that's a good feature, because it enables you 
> to do things like this:
>
> - debug: msg="Only process item a"
>   when: item == "a"
>   with_items:
> - a
> - b
>
> How could I solve my problem with having a condition before the task 
> fails, because some_dict is not defined in my first example?
>
> Not even an *ignore_errors: yes* helps in this case. I guess because it 
> is a fatal error raised by the plugin and not simply a failed task.
>
> TASK: [debug msg="This debug message should not be triggerd since 
> some_dict is not defined"] *** 
> fatal: [test1.local] => with_dict expects a dict
>
>
> FATAL: all hosts have already failed -- aborting
>
>
> Thanks,
> Daniel
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3085251a-6304-4820-9dd5-1bb531ecf477%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Push a file to a windows host

[Matt Martz]

There is currently not a win_copy (although there is a pull request)

You could use something like win_get_url to retrieve the file from an http
location.

On Sunday, September 21, 2014, jimr6007  wrote:

> I'd like to push an msi file to my windows hosts and then install using
> the win_msi module. How to get the file to the windows hosts? Sorry for not
> asking a more detailed question, I'm pretty much stumped...
>
> Can someone point me in the right direction?
>
> Thanks !
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com
> 
> .
> To post to this group, send email to ansible-project@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/726dc1cd-1bef-45d9-9371-4ce1bf00d35a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v9CgkrpoqTS8nRtwV5OBS7no3e4mP%2BZna1p_LZxQdxjtw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Parsing ansible_hostname

[Matt Wells]

Hi all, I hope somebody can offer me a little guidance.  I've read a decent 
amount on jinja2 and as I'm still learning python; so with that I hoped for 
a little guidance. 
Essentially I want to apply a role based off an item in the hostname.

So {{ ansible_hostname }} = las01-123-984 where 123 is the host type. 
 That's my role that's setup.  It sets up the box as an apache system with 
new firewall and all that.  
I've just been unable to get the proper parser to pull the 123 from the 
hostname.  

Any guidance would be fantastic, thank you all!!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7628a3e3-9bde-4e3f-bb74-b524b7758070%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Push a file to a windows host

[jimr6007]

I'd like to push an msi file to my windows hosts and then install using the 
win_msi module. How to get the file to the windows hosts? Sorry for not 
asking a more detailed question, I'm pretty much stumped...

Can someone point me in the right direction?

Thanks !

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/726dc1cd-1bef-45d9-9371-4ce1bf00d35a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Running ansible from jenkins execute shell

[Baraa Basata]

I use ansible-playbook within "Execute shell" steps and I have had no 
issues. Here's what I have in the "Execute shell" step:

ansible-playbook -i inventory playbook.yml --extra-vars="var1=${VALUE1} 
var2=${VALUE2}"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/62b1d581-e0f5-4063-b4f7-ae2b22d5ec50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Running ansible from jenkins execute shell

[Damir Suleymanov]

You can put all your variables in a YAML file and pass it as 
--extra-vars="@my_vars.yml"

Given your example, your command will look like this:
ansible-playbook -i $inventory-file $role-name --extra-vars="@my_vars.yml"

and my_vars.yml should contain:

---
# NOTE: "=" is replaced by ':'

var1: $var1-value
var2: $var2-value


I hope this helps.

On Saturday, September 20, 2014 4:40:46 AM UTC-4, Naween Ghimire wrote:
>
> Hi All,
>
> I am trying to run an ansible playbook from jenkins build to have jenkins 
> trigger my ansible execution.
>
> As part of my ansible-playbook run i need to pass extra-vars to the 
> playbook during execution.
>
> eg:
>
> ansible-playbook -i $inventory-file $role-name 
> --extra-vars"var1=$var1-value, var2=$var2-value"
>
> when i put this line in the execute shell of jenkins the double quotes are 
> evaluated and so aren't available to the ansible-playbook command, so i 
> escaped them as follows:
>
> ansible-playbook -i $inventory-file $role-name 
> --extra-vars\"var1=$var1-value, var2=$var2-value\"
>
> But if i do this, 
>
> shell adds extra quotes around it as below:
>
> ansible-playbook -i   --extra-vars ' 
> "var1=var1-value,' var2=var2-value, 'var3=var3-value " '
>
> And ansible give the following error:
>
>
> Traceback (most recent call last):
>
>   File "/usr/local/bin/ansible-playbook", line 317, in 
>
> sys.exit(main(sys.argv[1:]))
>
>   File "/usr/local/bin/ansible-playbook", line 148, in main
>
> extra_vars = utils.combine_vars(extra_vars, 
> utils.parse_kv(extra_vars_opt))
>
>   File "/Library/Python/2.7/site-packages/ansible/utils/__init__.py", line 
> 621, in parse_kv
>
> vargs = split_args(args)
>
>   File "/Library/Python/2.7/site-packages/ansible/utils/splitter.py", line 
> 148, in split_args
>
> raise Exception("error while splitting arguments, either an unbalanced 
> jinja2 block or quotes")
>
> Exception: error while splitting arguments, either an unbalanced jinja2 
> block or quotes
>
>
> Has anyone come across such a situation before ?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/709a4477-de4c-42ad-887c-f075f0f5a503%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Condition before lookup

[Brian Coca]

conditionals are for tasks, not for lookups, these always get executed

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CADn%2BHszncwHD-3CFVAeqHb%3DLN59Pqs4JsgCpKEUsFTM52bT7xQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Condition before lookup

[Daniel Schroeder]

OK, I found a workaround. My task actually is inside a role. Therefore I 
was able to define a default value for *some_dict*.

myRole/defaults/main.yml:

some_dict: {}

The condition still is ignored, but with no elements nothing is processed, 
obviously.

Is there another solution to this? If this task would not be inside a role 
(yes, I know you always should work with roles ;)) I wouldn't be able to 
define a default value.

Cheers,
Daniel

Am Montag, 22. September 2014 12:44:54 UTC+2 schrieb Daniel Schroeder:
>
> Hello list,
>
> I'm having a problem with adding a condition before a lookup plugin.
>
> A simplified example that everyone can reproduce is this:
>
> - debug: msg="This debug message should not be triggerd since some_dict 
> is not defined"
>   when: some_dict is defined
>   with_dict: some_dict
>
> That doesn't work because *with_dict* is processed before the condition 
> is checked. That's not wrong, that's a good feature, because it enables you 
> to do things like this:
>
> - debug: msg="Only process item a"
>   when: item == "a"
>   with_items:
> - a
> - b
>
> How could I solve my problem with having a condition before the task 
> fails, because some_dict is not defined in my first example?
>
> Not even an *ignore_errors: yes* helps in this case. I guess because it 
> is a fatal error raised by the plugin and not simply a failed task.
>
> TASK: [debug msg="This debug message should not be triggerd since 
> some_dict is not defined"] *** 
> fatal: [test1.local] => with_dict expects a dict
>
>
> FATAL: all hosts have already failed -- aborting
>
>
> Thanks,
> Daniel
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5a05fb43-3d59-422c-8b71-209433ace700%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Condition before lookup

[Daniel Schroeder]

Hello list,

I'm having a problem with adding a condition before a lookup plugin.

A simplified example that everyone can reproduce is this:

- debug: msg="This debug message should not be triggerd since some_dict is 
not defined"
  when: some_dict is defined
  with_dict: some_dict

That doesn't work because *with_dict* is processed before the condition is 
checked. That's not wrong, that's a good feature, because it enables you to 
do things like this:

- debug: msg="Only process item a"
  when: item == "a"
  with_items:
- a
- b

How could I solve my problem with having a condition before the task fails, 
because some_dict is not defined in my first example?

Not even an *ignore_errors: yes* helps in this case. I guess because it is 
a fatal error raised by the plugin and not simply a failed task.

TASK: [debug msg="This debug message should not be triggerd since some_dict 
is not defined"] *** 
fatal: [test1.local] => with_dict expects a dict


FATAL: all hosts have already failed -- aborting


Thanks,
Daniel

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fa919484-7538-4e7c-a2d6-1539fee001ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] how to set timeout for shell command

[Karl E. Jorgensen]

Hi

On Mon, Sep 15, 2014 at 08:36:59AM -0700, Justin Jinsik Kim wrote:
> Hi,
> 
> I want to define response waiting time limit for all shell commands on
> ansible-playbook
> 
> 
> test.yml:
> 
> - name: want to quit if it doesn't get response in 5 secs
>   shell: "sleep 100"
> 
> - name: want to quit if it doesn't get response in 5 secs
>   shell: "sleep 200"
> 
> - name: want to quit if it doesn't get response in 5 secs
>   shell: "sleep 300"
> 
> 
> 
> 
> 
> I know I can use async method for each task but is there any simple way to do
> this for all shell module command?
> 
> I've tried this but it didn't work
> 
> ex> ansible-playbook test.yml  -T 50
> ex> add timeout=10 on ansible.cfg

There is also the shell command "timeout" (in Debian this is in the
coreutils package, not sure about other distros) - which can enforce a
timeout on a given shell command.

Perhaps that can help too?

-- 
Karl E. Jorgensen

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20140922085042.GA32240%40hawking.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Set variable based on group_names

[Tomasz Kontusz]

I think this would be even better:

- set_fact: address_variable={{ groups.server[0] }}
  when: "'server' not in group_names"

Looks nicer both in code and in output ;-)

Jacek  napisał:
>Ok, after a little search I've got it; for anyone interested:
>
>- set_fact: address_variable={{ item }}
>  with_items: groups.server
>  when: "'server' not in group_names"
>
>  Cheers,
>  Jacek
>
>
>W dniu piątek, 19 września 2014 14:06:25 UTC+1 użytkownik Jacek
>napisał:
>>
>> Thanks James,
>>
>> That's nice. One thing I'm not sure about is the
>'server_address_here' 
>> which you wrote. Ideally, what I need there is the name/address of
>the 
>> first (and the only) host in the inventory group 'server'.
>> Is there a way to do this?
>>
>>   Cheers,
>>   Jacek
>>
>> W dniu czwartek, 18 września 2014 01:41:55 UTC+1 użytkownik James 
>> Cammarata napisał:
>>>
>>> Hi Jacek, this should work for you:
>>>
>>> - set_fact: address_variable='localhost'
>>>   when: 'server' in group_names
>>> - set_fact: address_variable='server_address_here'
>>>   when: 'server' not in group_names
>>> - template: ...
>>>
>>> The "group_names" variable is a special variable that contains a
>list of 
>>> the groups the current host is in.
>>>
>>> On Wed, Sep 17, 2014 at 6:42 PM, Jacek  wrote:
>>>
   Hi,

 Perhaps it's an easy question but I cannot find a way to answer it 
 myself.

 More in details -- I have two groups in my inventory: clients (many
>
 hosts) and server (single host), and a template at the client which
>needs 
 to use the server address. If it happens that a client host is also
>in the 
 'server' group, I wanted to set the address in the template to
>'localhost'. 
 Otherwise, the address should point to the server address as
>specified in 
 the inventory. I guess it's quite easy to code it using jinja2
>directly in 
 the template but my template includes many places with such a
>reference, so 
 I thought about first setting the server address variable, and then
>using 
 this variable to evaluate the template. Is this correct way of
>thinking? 
 How can I set a variable in a play before template evaluation?
>Otherwise, 
 have you got any other ideas?

   Cheers,
   Jacek

  -- 
 You received this message because you are subscribed to the Google 
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it,
>send 
 an email to ansible-proje...@googlegroups.com.
 To post to this group, send email to ansible...@googlegroups.com.
 To view this discussion on the web visit 

>https://groups.google.com/d/msgid/ansible-project/b878ce70-0326-42a9-8f5a-25c3b9e3dd71%40googlegroups.com
>

>
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>
>-- 
>You received this message because you are subscribed to the Google
>Groups "Ansible Project" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to ansible-project+unsubscr...@googlegroups.com.
>To post to this group, send email to ansible-project@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/ansible-project/01419aeb-cae2-45af-a7aa-4ec6e35e8c01%40googlegroups.com.
>For more options, visit https://groups.google.com/d/optout.

-- 
Wysłane za pomocą K-9 Mail.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/067a3a93-2e2b-481b-bfc7-a1d9637dc1eb%40email.android.com.
For more options, visit https://groups.google.com/d/optout.