[ansible-project] Simple ansible command told invalid output was

[linbo liao]

Hi,

My server configure no pass ssh login, today when execute ansible command 
it failed stranged. But I manually execute ssh comand it works, how can I 
check this issue?

Server:  Ubuntu 12.04.4 LTS x86
Python:  2.7.3
Ansible: 1.7.1

$ ansible remote-host -i inventory -m shell -a "pwd" 
remote-host | FAILED >> {
"failed": true, 
"msg": "  File 
\"/home/icc/.ansible/tmp/ansible-tmp-1421217087.5-245102095938646/command\", 
line 117\r\n\r\n ^\r\nIndentationError: 
expected an indented block\r\n", 
"parsed": false
}


enable debug info, show


GATHERING FACTS 
***
 ESTABLISH CONNECTION FOR USER: icc
 REMOTE_MODULE setup
 EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 
'StrictHostKeyChecking=no', '-o', 'PasswordAuthentication=yes', '-o',   
'KbdInteractiveAuthentication=no', '-o', 
'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', 
'-o',   'PasswordAuthentication=no', '-o', 
'ConnectTimeout=10', 'remote-host', "/bin/sh -c 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1421218002.78-57926925100892 && 
chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1421218002.78-57926925100892 && 
echo $HOME/.ansible/tmp/ansible-tmp-1421218002.78-57926925100892'"]
 PUT /tmp/tmpPIExuz TO /home/icc/.ansible/tmp/ansible-tmp-
1421218002.78-57926925100892/setup
 EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 
'StrictHostKeyChecking=no', '-o', 'PasswordAuthentication=yes', '-o',   
'KbdInteractiveAuthentication=no', '-o', 
'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', 
'-o',   'PasswordAuthentication=no', '-o', 
'ConnectTimeout=10', 'remote-host', u"/bin/sh -c 'LANG=en_US.UTF-8 
LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/ 
icc/.ansible/tmp/ansible-tmp-1421218002.78-57926925100892/setup; rm -rf 
/home/icc/.ansible/tmp/ansible-tmp-1421218002.78-57926925100892/ >/dev/ 
  null 2>&1'"]
failed: [remote-host] => {"failed": true, "parsed": false}
invalid output was:   File 
"/home/icc/.ansible/tmp/ansible-tmp-1421218002.78-57926925100892/setup", 
line 107^M
^M
  ^^M
IndentationError: expected an indented block^M
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config^M
debug1: /etc/ssh/ssh_config line 19: Applying options for *^M


Thanks,
Linbo

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/56042de3-b8dd-44a5-aa52-84796437e82c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Conditionals in sudo

[Greg Andrews]

I wonder if inventory variables might do what you need.  Have a look at the
Ansible docs page for them here
, especially the part of the
page starting with "Host Variables", but also the descriptions of files in
host_vars and group_vars directories starting with "Splitting Out Host and
Group Specific Data".  One thing that's not mentioned in the page is that
the "host_vars/all" file will set variables for all hosts.

I haven't checked to see if the "sudo: yes" flag can be controlled in these
ways.  If it can, then this approach could be better than running tasks
twice.

  -Greg


On Sat, Jan 10, 2015 at 7:33 PM, Rajagopal V  wrote:

> Hi,
> (Originally posted to Ansible Dev by mistake)
>
> Im a newbie trying to automate a few commands across boxes using Ansible.
>
> I would like the sudo command on certain tasks to be conditional, so
> depending on the node, I'd like to turn on sudo or not. For e.g.  I have a
> development machine (my laptop) and a stage server where I need certain
> sets of commands to be run. On the dev machine, I dont need any of the
> commands to be run as sudo but need them to run as sudo on the stage
> server.
>
> I thought something like
>
> - hosts: all
>   tasks:
>   - name: Execute Command X
> command: Command X
> sudo: inventory_hostname != 'localhost'
>
> My Hosts file contains entries like
> localhost
> demo7  ansible_ssh_host=... ansible_ssh_port=..
>
> would make the task not run as sudo on "localhost" (my dev machine) but
> would run with sudo on the other nodes. Unfortunately, this doesnt happen
> and it always treats this as sudo: False.
>
> Is it possible to have conditionals in sudo ?
>
> UPDATE: Looking through the source, this doesn't seem to be the case. The
> Expression doesnt seem to be evaluated and sent directly to utils.boolean.
> Is there any other way of achieving this goal other than running every
> task twice -- once with sudo and once without.
>
>
> Thanks
> Raja
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/cd3109da-57f5-4c0a-9812-29742c81726b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAPdwyX78p9ApNr63VfOaai08de0cYx63eN%2BKfmN6A6x2KK-%2BfQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Having issues using a variable in a playbook

[Tom Bamford]

Hi Benjamin

Look at specifying variables using group_vars or host_vars (see
http://docs.ansible.com/intro_inventory.html#splitting-out-host-and-group-specific-data
)

There is a special group 'all' of which all hosts are automatically a
member.

Regards
Tom


On 14 January 2015 at 02:15, Benjamin Arntzen  wrote:

> Hi there,
>
> I'm trying to build python 3.4.2 in a semi-idempotent way. I see
> mpdehaan's comments on it and didn't have any issues following those.
>
> The issue I'm having is that the variables defined in common.yml aren't
> being carried through to the second play (python-app-server). I would like
> to simply define vars_files in the first play and have it carry forward. Am
> I just thinking about it wrong?
>
> Here's my playbook's site.yml file, as I would like it to look:
> ---
> # file: site.yml
> - hosts: all
>   user: '{{ deploy_user }}'
>   sudo: yes
>   vars_files:
> - vars/common.yml
> - [ "vars/{{ ansible_os_family }}.yml", "vars/os_defaults.yml" ]
>
>
>   roles:
> - base
> - redacted-base
>
>
> - hosts: python-app-server
>   user: '{{ deploy_user }}'
>   roles:
> - python-app-server
>
> And here's how it has to look in order to work at the moment:
>
> ---
> # file: site.yml
> - hosts: all
>   user: '{{ deploy_user }}'
>   sudo: yes
>   vars_files:
> - vars/common.yml
> - [ "vars/{{ ansible_os_family }}.yml", "vars/os_defaults.yml" ]
>
>
>   roles:
> - base
> - redacted-base
>
>
> - hosts: python-app-server
>   user: '{{ deploy_user }}'
>   vars_files:
> - vars/common.yml
>   roles:
> - python-app-server
>
> I'm totally unconcerned about adding two lines, I just want a much cleaner
> way to express this. Thoughts?
>
> Thanks,
> ~ B
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b015d643-17f6-4298-8c5e-64a5e32804d9%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAnNz0NAaA4iX7mjya8Qit-2-uVWHZU%3D325Rn%3DSVYj%2Bo95qSMA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] no_log: True being ignored

[Tom Bamford]

Hi

Running Ansible 1.8.2 and I am trying to prevent sensitive information for
a task from reaching the log at ANSIBLE_LOG_PATH or the console where
ansible-playbook is running.

My task:

- name: Dump database
  command: pg_dump -with -some -params
  environment:
PGPASSWORD: mysecret
  no_log: True

When running with ANSIBLE_LOG_PATH=notsosecret.log ansible-playbook
mybook.yml -vvv this is my console output:

TASK: [Dump database] **
 ESTABLISH CONNECTION FOR
USER: ubuntu
 REMOTE_MODULE command
pg_dump -with -some -params NO_LOG=True
 EXEC ssh -C -q -o
ControlMaster=auto -o ControlPersist=4h -o
ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o
StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10
ec2-x-x-x-x.us-west-2.compute.amazonaws.com /bin/sh -c 'LANG=C
PGPASSWORD=mysecret LC_CTYPE=C /usr/bin/python'

And my log file:

2015-01-14 02:40:45,102 p=3055 u=ubuntu |  TASK: [Dump database]
**
2015-01-14 02:40:45,108 p=3055 u=ubuntu |
 ESTABLISH CONNECTION FOR
USER: ubuntu
2015-01-14 02:40:45,110 p=3055 u=ubuntu |
 REMOTE_MODULE command
pg_dump -with -some -params NO_LOG=True
2015-01-14 02:40:45,121 p=3055 u=ubuntu |
 EXEC ssh -C -q -o
ControlMaster=auto -o ControlPersist=4h -o
ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o
StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10
ec2-x-x-x-x.us-west-2.compute.amazonaws.com /bin/sh -c 'LANG=C
PGPASSWORD=mysecret LC_CTYPE=C /usr/bin/python'

Is this a bug/regression? I read
https://github.com/ansible/ansible/issues/8647 which seems related and
should be included in 1.8.2 if I’m not mistaken.

Regards
Tom
​

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAnNz0PufY-50A2ao3ThUa9evDfmr%2B32v9ZKJaCQ0YWE5aJ_kg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Having issues using a variable in a playbook

[Benjamin Arntzen]

Hi there,

I'm trying to build python 3.4.2 in a semi-idempotent way. I see mpdehaan's 
comments on it and didn't have any issues following those.

The issue I'm having is that the variables defined in common.yml aren't 
being carried through to the second play (python-app-server). I would like 
to simply define vars_files in the first play and have it carry forward. Am 
I just thinking about it wrong?

Here's my playbook's site.yml file, as I would like it to look:
---
# file: site.yml
- hosts: all
  user: '{{ deploy_user }}'
  sudo: yes
  vars_files:
- vars/common.yml
- [ "vars/{{ ansible_os_family }}.yml", "vars/os_defaults.yml" ]


  roles:
- base
- redacted-base


- hosts: python-app-server
  user: '{{ deploy_user }}'
  roles:
- python-app-server

And here's how it has to look in order to work at the moment:

---
# file: site.yml
- hosts: all
  user: '{{ deploy_user }}'
  sudo: yes
  vars_files:
- vars/common.yml
- [ "vars/{{ ansible_os_family }}.yml", "vars/os_defaults.yml" ]


  roles:
- base
- redacted-base


- hosts: python-app-server
  user: '{{ deploy_user }}'
  vars_files:
- vars/common.yml
  roles:
- python-app-server

I'm totally unconcerned about adding two lines, I just want a much cleaner 
way to express this. Thoughts?

Thanks,
~ B

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b015d643-17f6-4298-8c5e-64a5e32804d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Possible bug with 1.8.x : Loading environment specific variable files via vars_files no longer working for - [] syntax

[Aliaksei Ilkiu]

I have a variable ourenv that defines specific environment. This variable 
is defined in inventory file a used to load environment specific values via 
vars_files as demonstrated in https://gist.github.com/marktheunissen/2979474
After upgrade to 1.8.0 I'm facing problem with loading environment specific 
properties via - [] syntax

*Sample site.yml*

---
- name: CheckIt
  hosts: all
  sudo: yes
  gather_facts: yes
  vars_files:
  - ['vars/env_{{ourenv}}.yml', vars/env_defaults.yml]
  tasks:
  - name: debug
debug: msg="ourenv {{ ourenv }} pg_wal_buffers {{ pg_wal_buffers }}"


*Sample inventory file*

[singlebox]
localbox ourenv=dev_single host=devsrv ansible_ssh_host=192.168.18.129 alias=dev


*Sample vars/env_dev_single.yml*

pg_wal_buffers: 4MB


*Sample vars/env_defaults.yml*

pg_wal_buffers: value


*Output in 1.8.X/1.9 (UNEXPECTED)*

PLAY [CheckIt]  

GATHERING FACTS *** 
ok: [localbox]

TASK: [debug] * 
ok: [localbox] => {
"msg": "ourenv dev_single pg_wal_buffers value"
}


*Output in 1.4.X/.../1.7.2 (CORRECT)*

PLAY [CheckIt]  

GATHERING FACTS *** 
ok: [localbox]
localbox: importing /bla-bla-bla/vars/env_dev_single.yml

TASK: [debug] * 
ok: [localbox] => {
"msg": "ourenv dev_single pg_wal_buffers 4MB"
}


It seams to me that no issues with loading these variables directly if I 
replace - ['vars/env_{{ourenv}}.yml', vars/env_defaults.yml] with - 
'vars/env_{{ourenv}}.yml' but I want to have 'failback to defaults' option. 
Also if I pass ourenv via command line (-e "ourenv=dev_single") it works as 
expected but I think it's bad practice (splitting environment knowledge 
between inventory file and command line arguments).

Can somebody point me to the right direction?

I also opened ticket https://github.com/ansible/ansible/issues/1 but 
hope to get faster response here.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d95a3378-f46a-47ff-b922-f5c99b41b507%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How does Ansible determine that a file has changed ?

[Micky Kerai]

Hi,

A rather basic query. How does Ansible determine that a file has changed on 
the target ? The copy module's 'force' option documentations reads as 
follows :-

*"default is yes, which will replace the remote file when contents are 
different than the source"*

How does Ansible determine that the file contents are different ?

_Micky

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b4345c9d-e42f-4c3e-b400-d8e28503dc45%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: apt: upgrade=dist play hangs

[Bob Tanner]

Have this play hang now too.

- name: package update (apt)
  apt: update_cache=yes cache_valid_time=3600
  sudo: yes
  always_run: yes

Verbose run shows this on multiple hosts:

 ESTABLISH CONNECTION FOR USER: ansible-user on PORT 22 TO 
host.domain.com

 REMOTE_MODULE apt update_cache=yes cache_valid_time=3600

 EXEC /bin/sh -c 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1421180023.91-7480599726320 && chmod a+rx 
$HOME/.ansible/tmp/ansible-tmp-1421180023.91-7480599726320 && echo 
$HOME/.ansible/tmp/ansible-tmp-1421180023.91-7480599726320'

 PUT 
/var/folders/d_/bm7rvz154jb_2djkqybb503hgn/T/tmpGH6ekd TO 
/home/ansible-user/.ansible/tmp/ansible-tmp-1421180023.91-7480599726320/apt

 EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via 
ansible, key=X] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-X; 
LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python 
/home/ansible-user/.ansible/tmp/ansible-tmp-1421180023.91-7480599726320/apt; 
rm -rf 
/home/ansible-user/.ansible/tmp/ansible-tmp-1421180023.91-7480599726320/ 
>/dev/null 2>&1'"'"''


Then is just hangs. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5e1085fc-9c88-491c-9912-f17b99b7dd39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Immutable servers using rax module

[Chris Krough]

that should have read

- wait for the new nodes to be ENABLED in the LB (this ensures that their 
LB healthcheck is passing)
- drain traffic from the OLD nodes
- disable the OLD nodes but dont terminate them or their AS groups in case 
we want to roll back

On Tuesday, January 13, 2015 at 10:46:45 AM UTC-6, Chris Krough wrote:
>
>
> I'm currently working on doing this as well. The process I am deploying 
> uses autoscaling groups behind a common CLB. Basically, what we are doing 
> is:
>
> - create the CLB if it doesnt already exist. The clb is identified by a 
> specific naming pattern.
> - create a group containing the IDs of all pre-existing servers attached 
> to the CLB
> - create a new autoscaling group with the new code version, registering 
> them with the CLB and waiting until min_entities are active
> - create a group containing the IDs off all of the NEW servers we just 
> created which are attached to the CLB
> - wait for the new nodes to be ENABLED in the LB (this ensures that their 
> LB healthcheck is passing)
> - drain traffic from the new nodes
> - disable the new nodes but dont terminate them or their AS groups in case 
> we want to roll back
>
>
> This is working fine in test but hasn't been rolled out to the real world 
> yet. My next step is to identify the autoscaling groups containing the old 
> servers so I can automate terminating them after the service is healthy for 
> a week or so. 
>
> I'll share what I can in a blog post once it's working and rolled out.
>
>
>
>
>
>
>
> The load balancer for the service, which the autoscaling groups will be 
> placed behind, is managed as it's own entity, meaning, it is not created 
> and destroyed as a normal part of upgrading the service.
>
>
>
>
>
>
> On Wednesday, September 17, 2014 at 8:02:19 AM UTC-5, Graham Hay wrote:
>>
>> Sorry, I forgot to tick the box that notifies me of a reply.
>>
>> Yes, thanks, we're already doing the zero downtime bit and removing 
>> servers from the LB before updating them. Your point #10 is the interesting 
>> bit, the fact that the module removes the oldest servers first is the piece 
>> of information I needed. I'd probably start by adding one new server with 
>> the new code, and keep an eye out for errors. Then, if all was well, I'd 
>> add the rest and remove the old ones. Or if there were problems, bin the 
>> new one.
>>
>> It certainly sounds like it would be possible, hopefully I'll get a 
>> chance to give it a try. If I have any more specific questions, I'll get 
>> back to you. Thanks!
>>
>> On Tuesday, 16 September 2014 15:51:12 UTC+1, Matt Martz wrote:
>>>
>>> I believe this to be possible.  I don't think I can architect you a full 
>>> solution via email and what not, but we can go over some key points.  There 
>>> are likely to be a number of "moving" parts here.
>>>
>>> It sounds like you are roughly wanting to perform something similar to a 
>>> Blue-Green deployment, while maintaining the original LB.
>>>
>>> Here are some of my thoughts.
>>>
>>> 1. Run a task using rax_clb and register the results.  This will contain 
>>> a list of current nodes
>>> 2. Run your provisioning task using the rax module with exact_count, 
>>> however you should have a way to double the exact_count (e.g. 20 instead of 
>>> the normal 10), so that you can provision new servers, register this result 
>>> too
>>> 3. The rax module returns some top level keys of importance, in this 
>>> case 'success' will hold a list of all of the machines that were just 
>>> created.
>>> a. You could also run the rax module with an existing exact_count 
>>> which would return something like rax.instance_ids.instances
>>> 4. add these new servers to a hostgroup using add_host
>>> 5. configure the new servers
>>> 6. run rax_clb_nodes to add in the new servers
>>> 7. Test somehow
>>> 8. using the node information provided in #1, use rax_clb_nodes to mark 
>>> as draining
>>> 9. Same as #8 but now remove
>>> 10. Run a rax module task again, and drop the exact_count to what you 
>>> expect (e.g. 10 instead of 20).  The way that the rax module works is it 
>>> deletes the oldest servers in this scenario, which should delete the ones 
>>> you expect
>>> a. If you did 3a, you could use a rax task with state=absent and 
>>> pass in rax.instance_ids.instances to the 'instance_ids' attribute, to 
>>> delete the old servers
>>>
>>> Without having tried it, those are roughly the steps I would try to 
>>> perform.
>>>
>>> You might also want to look at 
>>> https://developer.rackspace.com/blog/rolling-deployments-with-ansible-and-cloud-load-balancers/
>>>
>>> -- 
>>> Matt Martz
>>> sivel.net
>>> @sivel
>>>
>>> On Tue, Sep 16, 2014 at 9:05 AM, Graham Hay  wrote:
>>>
 Hi,

 We were considering taking an "immutable server" approach to 
 deployments (we may not be able to due to 3rd party restrictions 
 whitelisting IPs), is that something that would be possible using the rax 
 module? So, a deployment would consis

[ansible-project] Service Module Timeout?

[Nick Fraker]

Hi all,

I'm trying to automate standing up a JBoss instance and keep running into 
periodic timeouts from the ansible service module. I've seen a lot of 
information around what to do if you're running into this as part of a 
tasklist ("use wait_for"), but the problem I'm having doesn't really apply 
to that; I'm calling a jboss restart through notify, and at the end of my 
play it's restarting the service and timing out waiting for JBoss to 
respond with "OK".

It's definitely got to do with the amount of time Ansible is waiting for a 
response, because it's an intermittent issue and about 2/3rds of the time 
it restarts fine. However, in that 1/3rd of failures any handlers that are 
scheduled to run AFTER the JBoss one will be skipped, and the tasks which 
notified them haven't changed so they aren't *re*notified on successive 
plays, and I'm forced to manually go run the task via SSH.

Since I can't use "wait_for" in a handler (and besides, the timeout is 
occurring within the service module itself, not errors caused in steps 
later on), is there any way to increase the timeout of a task using the 
service module? This is a JBoss instance with nothing on it at the moment 
and can take upwards of 20 seconds to respond; A fully-loaded JBoss 
instance in my OLTP stack can sometimes take 70 seconds just to start, let 
alone the time it takes to complete current transactions and transfer 
queued ones to other nodes whenever it's stopped.

And hey if I were automating management of my Atlassian services, those 
take 3 - 5 minutes for their Tomcat to start!

I'd really like to not be forced to use "ignore_errors: yes" for this, 
since it gives false-positives for monitoring ansible performance later on.

Thanks,

-Nick F.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0719264b-14fd-437b-816d-402d9ad646e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Immutable servers using rax module

[Chris Krough]

I'm currently working on doing this as well. The process I am deploying 
uses autoscaling groups behind a common CLB. Basically, what we are doing 
is:

- create the CLB if it doesnt already exist. The clb is identified by a 
specific naming pattern.
- create a group containing the IDs of all pre-existing servers attached to 
the CLB
- create a new autoscaling group with the new code version, registering 
them with the CLB and waiting until min_entities are active
- create a group containing the IDs off all of the NEW servers we just 
created which are attached to the CLB
- wait for the new nodes to be ENABLED in the LB (this ensures that their 
LB healthcheck is passing)
- drain traffic from the new nodes
- disable the new nodes but dont terminate them or their AS groups in case 
we want to roll back


This is working fine in test but hasn't been rolled out to the real world 
yet. My next step is to identify the autoscaling groups containing the old 
servers so I can automate terminating them after the service is healthy for 
a week or so. 

I'll share what I can in a blog post once it's working and rolled out.







The load balancer for the service, which the autoscaling groups will be 
placed behind, is managed as it's own entity, meaning, it is not created 
and destroyed as a normal part of upgrading the service.






On Wednesday, September 17, 2014 at 8:02:19 AM UTC-5, Graham Hay wrote:
>
> Sorry, I forgot to tick the box that notifies me of a reply.
>
> Yes, thanks, we're already doing the zero downtime bit and removing 
> servers from the LB before updating them. Your point #10 is the interesting 
> bit, the fact that the module removes the oldest servers first is the piece 
> of information I needed. I'd probably start by adding one new server with 
> the new code, and keep an eye out for errors. Then, if all was well, I'd 
> add the rest and remove the old ones. Or if there were problems, bin the 
> new one.
>
> It certainly sounds like it would be possible, hopefully I'll get a chance 
> to give it a try. If I have any more specific questions, I'll get back to 
> you. Thanks!
>
> On Tuesday, 16 September 2014 15:51:12 UTC+1, Matt Martz wrote:
>>
>> I believe this to be possible.  I don't think I can architect you a full 
>> solution via email and what not, but we can go over some key points.  There 
>> are likely to be a number of "moving" parts here.
>>
>> It sounds like you are roughly wanting to perform something similar to a 
>> Blue-Green deployment, while maintaining the original LB.
>>
>> Here are some of my thoughts.
>>
>> 1. Run a task using rax_clb and register the results.  This will contain 
>> a list of current nodes
>> 2. Run your provisioning task using the rax module with exact_count, 
>> however you should have a way to double the exact_count (e.g. 20 instead of 
>> the normal 10), so that you can provision new servers, register this result 
>> too
>> 3. The rax module returns some top level keys of importance, in this case 
>> 'success' will hold a list of all of the machines that were just created.
>> a. You could also run the rax module with an existing exact_count 
>> which would return something like rax.instance_ids.instances
>> 4. add these new servers to a hostgroup using add_host
>> 5. configure the new servers
>> 6. run rax_clb_nodes to add in the new servers
>> 7. Test somehow
>> 8. using the node information provided in #1, use rax_clb_nodes to mark 
>> as draining
>> 9. Same as #8 but now remove
>> 10. Run a rax module task again, and drop the exact_count to what you 
>> expect (e.g. 10 instead of 20).  The way that the rax module works is it 
>> deletes the oldest servers in this scenario, which should delete the ones 
>> you expect
>> a. If you did 3a, you could use a rax task with state=absent and pass 
>> in rax.instance_ids.instances to the 'instance_ids' attribute, to delete 
>> the old servers
>>
>> Without having tried it, those are roughly the steps I would try to 
>> perform.
>>
>> You might also want to look at 
>> https://developer.rackspace.com/blog/rolling-deployments-with-ansible-and-cloud-load-balancers/
>>
>> -- 
>> Matt Martz
>> sivel.net
>> @sivel
>>
>> On Tue, Sep 16, 2014 at 9:05 AM, Graham Hay  wrote:
>>
>>> Hi,
>>>
>>> We were considering taking an "immutable server" approach to deployments 
>>> (we may not be able to due to 3rd party restrictions whitelisting IPs), is 
>>> that something that would be possible using the rax module? So, a 
>>> deployment would consist of spinning up and provisioning x new servers, 
>>> adding them to the LB, waiting to check for errors, and then removing the 
>>> old servers. I couldn't think of a way to do so while using the name & 
>>> exact_count approach.
>>>
>>> Thanks,
>>>
>>> Graham
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to 

Re: [ansible-project] role dependencies and variables

[Tom Bamford]

Add the following to roles/php-fpm/meta/main.yml and that role will be
invoked for each dependency

allow_duplicates: yes

​

On 13 January 2015 at 20:54, vadimv Vatlin  wrote:

> Hello
>
> I want to create meta role to setup web site configuration nginx + php-fpm
>
>
> playbook client.yml:
>
> - roles:
>
>   - { role: web-site, sites: 'domain.com, domain1.com’, fpm_pool:
> ‘domain’ }
>
>   - { role: web-site, sites: 'site.com, site1.com', fpm_pool: ‘site’,
> www_dir: 'web', memory_limit: '128MB' }
>
>
> role/web-site/meta/main.yml:
>
> allow_duplicates: yes
>
> dependencies:
>
>   - { role: php-fpm, pool: "{{ fpm_pool }}" }
>
>
> role/php-fpm/
>
>
> I include web-site role twice but role php-fpm invoked only once . Why ?
> and how can i invoke php-fpm role twice ?
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/6a8b0d67-15d1-4064-a00a-142f2f3054c7%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAnNz0MUrfjNVQPwjGAjY%3DTzkqSPBtvroDrQRF%3DhnRjqqf%2B-dg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Variables in "when" statement

[Dan Vaida]

The inclusion of tagged tasks doesn't work like you're expecting in your 
example. That will simply tag all tasks in the included file. It won't 
include the tasks that are tagged like that. You want something like:
cat hosts
[localhost]
127.0.0.1

cat playbook.yml
---
- hosts: localhost
  connection: local
  gather_facts: false
  tasks:
- include: yes.yml tags=yes
  when: answer == "yes"
- include: no.yml tags=no
  when: answer == "no"


cat yes.yml
---

- name: this is the yes task
  command: pwd


cat no.yml
---

- name: this is the no task
  command: pwd
and eventually run it with 
ansible-playbook -i hosts playbook.yml --extra-vars="answer=yes"

Cheers.


On Tuesday, 13 January 2015 17:07:50 UTC+1, Wojciech Korzenny wrote:
>
> Thanks Tom. It worked pefrect. 
>
> But I faced another issue with including tasks. 
> I have the file tasks.yml with two tasks, I tagged them as below: 
>
> - name: Perform action - FULL 
>   shell: run_script_full.py 
>   tags:
>   - full
> - name: Perform action - BASIC
>   shell: run_script_basic.py 
>   tags:
>   - basic
>
> In my main playbook I want to inlcude them like below: 
>
> - hosts: controller
>   user: ansuser
>   tasks:
>   - include: tasks.yml tags=full
> when: "'{{ LEVEL }}' == 'full'"
>   - include: tasks.yml tags=basic
> when: "'{{ LEVEL }}' == 'basic'"
>
> I run ansible with command: 
>
> ansible-playbook main_playbook.yml --extra-vars="LEVEL=basic". My point is 
> to execute only task with tagged as "basic" so I'd like main script to: 
> 1) skip first include statement 
> 2) execute tasks.yml in second include statement but only second one 
> (first is tagged as full so requirenments are not met). 
>
> Is it possible to achive this way? 
>
> Regards, 
> Wojtek
>
>
>
>
>
> W dniu wtorek, 13 stycznia 2015 09:29:08 UTC+1 użytkownik Wojciech 
> Korzenny napisał:
>>
>> Hi, 
>>
>> I want to use variable in when statement, for example: 
>>
>> - include: some_playbook.yml
>>   when: "{{ SOME_VARIABLE }}" == "true"
>>
>> where: 
>> SOME_VARIABLE - is given as false/true via --extra-vars
>>
>> Unfortunately I get error: 
>>
>> ERROR: Syntax Error while loading YAML script, run_soak_test.yaml
>> Note: The error may actually appear before this position: line 3, column 
>> 26
>>
>> - include: some_playbook.yml
>>   when: "{{ SOME_VARIABLE }}" == "true"
>>  ^
>> We could be wrong, but this one looks like it might be an issue with
>> missing quotes.  Always quote template expression brackets when they
>> start a value. For instance:
>>
>> with_items:
>>   - {{ foo }}
>>
>> Should be written as:
>>
>> with_items:
>>   - "{{ foo }}"
>>
>>
>> Do you know what's the reason and what's the workaround? 
>>
>> Thanks in advance, 
>> Wojtek 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8096635e-7765-4afe-b92b-8f71839cb62b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Iterate over inventory group

[Dan Vaida]

to iterate over a hosts group you need with_items: groups['mysql'] instead 
of with_dict

On Tuesday, 13 January 2015 09:41:07 UTC+1, Laurent Goussard wrote:
>
> Hello,
>
> I try to setup a cron task using ansible (indeed) on my db slave pool.
> This cron task is supposed to stop the replication process, dump the 
> database and restart replication.
> Because the backup takes a little time, I don't want to init the cron task 
> at the same time on all the db slaves and I don't want to stop all the 
> slaves at the same times either.
>
> My first idea was to set a different time while looping on the group.
> But it's definitely not as trivial as it seems :
>
> - name: database backup cron task
>   cron: name="database backup" hour={{ item.key }} user="root" job=
> "backup_db.sh" cron_file=database_backup
>   with_dict: groups.mysql
>
> The point is an inventory group is a list, not a dictionnary and I cannot 
> find any simple way to convert a list to a dict (whereas it's easy to 
> convert a dict as a list)
> I also tried to use the group list instead, but I cannot figure out how I 
> can get an iterator key.
>
> Did I miss something ? Do you have any clue regarding my (not so complex 
> imho) problem ?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/884b96af-215c-4861-8520-738d5daaa840%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ec2 elb set subnets from vpc return value

[Dan Vaida]

Try with csds_vpc.subnets[0].id

On Monday, 12 January 2015 01:05:22 UTC+1, Stefan Nietert wrote:
>
> When doing this I get:
>
> "One or more undefined variables: 'item' is undefined"
>
> It did work for you?
>
> On Thursday, September 25, 2014 at 4:34:25 AM UTC+2, Steven Ringo wrote:
>>
>> Hi,
>>
>> Try this:
>>
>> - ec2_elb_lb:
>>   name: csds-elb-sydney-dev
>>   foo: bar
>>   subnets:
>> - "{{ item.id }}"
>>   with_items:
>> - "{{ csds_vpc.subnets }}"
>>   when: item.resource_tags['Tier'] == 'elb' and
>> item.resource_tags['Application'] == 'MyApp'
>>
>>
>> It works, but feels hacky, alas.
>>
>> Steve
>>
>>
>> On Saturday, 6 September 2014 13:27:37 UTC+10, itarchmerc wrote:
>>>
>>> Rather than trying to do this with a one line jinja2 statement, could I 
>>> use with_items and when?  I tried this, but it generates an error.
>>>
>>> - name: create elb
>>>   local_action:
>>> module: ec2_elb_lb
>>> name: "elb1"
>>> scheme: internet-facing
>>> state: present
>>> subnets: "{{ item.id }}"
>>> security_group_ids: "{{ elb_sg.group_id }}"
>>> region: us-east-1
>>> listeners:
>>>   - protocol: http
>>> load_balancer_port: 80
>>> instance_port: 80
>>>   with_items: vpc.subnets
>>>   when: vpc.subnets.resource_tags.tier == 'elb'
>>>   register: elb
>>>
>>> I get this error:
>>>
>>> error while evaluating conditional: vpc.subnets.resource_tags.tier == 
>>> 'elb'
>>>
>>> I'm hoping this method can be used, but I'm not sure of the format for 
>>> the conditional.
>>>
>>> On Friday, September 5, 2014 5:34:18 PM UTC-4, itarchmerc wrote:

 OKgetting closer.  I had to upgrade Jinja2 to version 2.8-dev in 
 order to get the equalto test.  Now the debug statement executes without 
 error; however, this doesn't return the information I need.  The statement 
 below gives me all resource_tags if the tier key equals "elb".  What I 
 really need is the subnet id value if the resource_tag has the tier key 
 equal to "elb".  I feel like another level of nesting is required.  Any 
 ideas on how to get the subnet id?  Thank you James for all your help so 
 far!

 "vpc": {
 "changed": false,
 "invocation": {
 "module_args": "",
 "module_name": "ec2_vpc"
 },
 "subnets": [
 {
 "az": "us-east-1c",
 "cidr": "10.0.0.x/26",
 "id": "subnet-123456789", -> I need this value
 "resource_tags": {
 "Name": "elb1",
 "tier": "elb"
 }
 },
 {
 "az": "us-east-1a",
 "cidr": "10.0.0.x/26",
 "id": "subnet-abcdefgh",  > and this
 "resource_tags": {
 "Name": "elb2",
 "tier": "elb"
  }
   }

 On Friday, September 5, 2014 4:07:04 PM UTC-4, James Cammarata wrote:
>
> You could use the selectattr() filter, however it looks like the 
> 'equalto' test is new (it doesn't work in my version of jinja2, which is 
> 2.7.x). But it would looks something like this:
>
>- debug: msg="{{vpc.subnets | map(attribute='resource_tags') | 
> selectattr('tier', 'equalto', 'elb') | list}}"
>
>
>
> On Fri, Sep 5, 2014 at 9:45 AM, itarchmerc  
> wrote:
>
>> I got one step further.  Using this debug statement, I was able to 
>> get the list of resource_tags:
>>
>> debug: msg="{{vpc.subnets | map(attribute='resource_tags') | 
>> map(attribute='tier') | list}}"
>>
>> I'm not sure if this is the right way to go about getting this 
>> information, so please let me know if there is a better way.
>>
>> Unfortunately, I'm still having difficulty having the task only pull 
>> the subnet id for the subnets tagged as tier=elb.  Can I use something 
>> after the pipe instead of list to limit the results, or do I need to use 
>> with_items, with_dict?  Thanks.
>>
>> On Friday, September 5, 2014 8:32:02 AM UTC-4, itarchmerc wrote:
>>>
>>> That worked perfectly to get the list of subnets.  Thank you!
>>>
>>> The only issue I have now is limiting the returned values.  The 
>>> syntax below is returning all 6 subnets in my vpc, but I only want the 
>>> 2 
>>> subnets that I gave a resource tag of tier=elb.  I'm trying to use the 
>>> when 
>>> clause with the ec2_elb_lb module, but I can't get the syntax right 
>>> there. 
>>>  I tried:
>>>
>>> when: {{ vpc.subnets | map(attribute='tier') | list }} == 'elb'
>>>
>>> This generates a syntax error each time.  What should the format be 
>>> in a when clause and/or is this

[ansible-project] Re: apt: upgrade=dist play hangs

[Bob Tanner]

> Here is what I see on the ansible host for a process list
>
>  501 82141 31032   0 12:05PM ttys0040:00.80 python ansible-playbook 
> --ask-pass --ask-sudo -i customers/.com linux-servers.yml --tags apt
>  501 82151 82141   0 12:06PM ttys0040:00.04 python ansible-playbook 
> --ask-pass --ask-sudo -i customers/.com linux-servers.yml --tags apt
> * 501 82154 82141   0 12:06PM ttys0040:09.39 python ansible-playbook 
> --ask-pass --ask-sudo -i customers/.com linux-servers.yml --tags apt*
>  501 82155 82141   0 12:06PM ttys0040:00.00 (python)
>  501 82156 82141   0 12:06PM ttys0040:00.00 (python)
>
> PID *82154* continues to tick CPU time so I do not think it's hung.
>
>
If I kill 82154 the ansible control computer moves past the "hung" 
www.X.com host and continues with the rest of the plays in the playbook. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/67a47d83-31e4-4f6b-a435-f85a42216629%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] apt: upgrade=dist play hangs

[Bob Tanner]

git pulled the latest code 

$ git rev-parse HEAD
f1fdddb640e1dfcd8fdc930031db267947d8cb70

and now the following play hangs

- name: package upgrade (apt)
  apt: upgrade=dist
  sudo: yes

All computers have minimal load. Logs on the remote computer show:

ansible-apt: Invoked with dpkg_options=force-confdef,force-confold 
upgrade=None force=False package=None purge=False state=present 
update_cache=True default_release=None cache_valid_time=3600 deb=None 
install_recommends=True

The computer running ansible shows:

 ESTABLISH CONNECTION FOR USER: ansible-user on PORT 22 TO 
www.X.com
 REMOTE_MODULE apt upgrade=dist
 EXEC /bin/sh -c 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1421171817.66-121308835316644 && chmod a+rx 
$HOME/.ansible/tmp/ansible-tmp-1421171817.66-121308835316644 && echo 
$HOME/.ansible/tmp/ansible-tmp-1421171817.66-121308835316644'
 PUT /var/folders/d_/bm7rvz154jb_2djkqybb503hgn/T/tmpgwRxMi 
TO 
/home/ansible-user/.ansible/tmp/ansible-tmp-1421171817.66-121308835316644/apt
 EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, 
key=XX] password: " -u root /bin/sh -c '"'"'echo SUDO-SUCCESS-XXX; 
LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python 
/home/ansible-user/.ansible/tmp/ansible-tmp-1421171817.66-121308835316644/apt; 
rm -rf /home/rte/.ansible/tmp/ansible-tmp-1421171817.66-121308835316644/ 
>/dev/null 2>&1'"'"''

What is odd is the remote computer does not show python running or ssh 
connections so I think the command had completed on the remote host and 
it's ansible computer that is hung or slow waiting to process things. 

Here is what I see on the ansible host for a process list

 501 82141 31032   0 12:05PM ttys0040:00.80 python ansible-playbook 
--ask-pass --ask-sudo -i customers/.com linux-servers.yml --tags apt
 501 82151 82141   0 12:06PM ttys0040:00.04 python ansible-playbook 
--ask-pass --ask-sudo -i customers/.com linux-servers.yml --tags apt
* 501 82154 82141   0 12:06PM ttys0040:09.39 python ansible-playbook 
--ask-pass --ask-sudo -i customers/.com linux-servers.yml --tags apt*
 501 82155 82141   0 12:06PM ttys0040:00.00 (python)
 501 82156 82141   0 12:06PM ttys0040:00.00 (python)

PID *82154* continues to tick CPU time so I do not think it's hung.

I've rebooted the www.X.com host and still the ansible control computer 
hangs on this play.

I'm looking for tips on how to debug this problem.

Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5b1f6ea6-acac-47e0-9b60-7e56289dd71e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] role dependencies and variables

[vadimv Vatlin]

Hello

I want to create meta role to setup web site configuration nginx + php-fpm 


playbook client.yml:

- roles:

  - { role: web-site, sites: 'domain.com, domain1.com’, fpm_pool: ‘domain’ }

  - { role: web-site, sites: 'site.com, site1.com', fpm_pool: ‘site’, 
www_dir: 'web', memory_limit: '128MB' }


role/web-site/meta/main.yml:

allow_duplicates: yes

dependencies:

  - { role: php-fpm, pool: "{{ fpm_pool }}" }


role/php-fpm/


I include web-site role twice but role php-fpm invoked only once . Why ? 
and how can i invoke php-fpm role twice ?  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6a8b0d67-15d1-4064-a00a-142f2f3054c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Feature: User-defined modules as yaml task lists?

[Tom Bamford]

If you want greater control of when your common tasks get executed, I would
be more inclined to use rules and have verbose playbooks with the execution
order explicitly specified.

Perhaps if you could give a better idea of what your common tasks are and
the context in which you want to run them?

Regards
Tom
 On 13 Jan 2015 16:26,  wrote:

> On Tue, 13 Jan 2015, Brian Coca wrote:
>
> > no, you need to use role dependencies for that case
> >
> > http://docs.ansible.com/playbooks_roles.html#role-dependencies
>
> Ah. But tasks for role dependencies are all fired off in advance, right?
>
> I'm talking about having a common "subroutine" task, commonly provided
> through a central point, that can be called like any other module might be
> called, from an arbitrary point within a playbook.
>
> (The point of this is to provide some abstraction, so that client
> playbooks can be written in terms of higher-level operations than the
> concrete modules typically provided. Is that just a misplaced desire to
> "do ansible wrong"? :-) )
>
> --
> j...@ioctl.org  http://ioctl.org/jan/ Short, dark, ugly: pick any three
> Don't annihilate, assimilate: MacDonalds, not missiles.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAnNz0PbhCbgUJ7dq-KvXrpt7RDW3unmctLBgqLOg63KxqU9GQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Conditionals in sudo

[Tom Bamford]

Hi Raja

I struggled with this, and the approach I settled with is to duplicate the
task, having one with the 'sudo:' parameter and one without, and each
having a 'when:' conditional.

- command: something
  sudo: yes
  when: env == 'development'

- command: something
  when: env != 'development'

Hope this helps

Tom
On 13 Jan 2015 14:49, "Rajagopal V"  wrote:

> Hi,
> (Originally posted to Ansible Dev by mistake)
>
> Im a newbie trying to automate a few commands across boxes using Ansible.
>
> I would like the sudo command on certain tasks to be conditional, so
> depending on the node, I'd like to turn on sudo or not. For e.g.  I have a
> development machine (my laptop) and a stage server where I need certain
> sets of commands to be run. On the dev machine, I dont need any of the
> commands to be run as sudo but need them to run as sudo on the stage
> server.
>
> I thought something like
>
> - hosts: all
>   tasks:
>   - name: Execute Command X
> command: Command X
> sudo: inventory_hostname != 'localhost'
>
> My Hosts file contains entries like
> localhost
> demo7  ansible_ssh_host=... ansible_ssh_port=..
>
> would make the task not run as sudo on "localhost" (my dev machine) but
> would run with sudo on the other nodes. Unfortunately, this doesnt happen
> and it always treats this as sudo: False.
>
> Is it possible to have conditionals in sudo ?
>
> UPDATE: Looking through the source, this doesn't seem to be the case. The
> Expression doesnt seem to be evaluated and sent directly to utils.boolean.
> Is there any other way of achieving this goal other than running every
> task twice -- once with sudo and once without.
>
>
> Thanks
> Raja
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/cd3109da-57f5-4c0a-9812-29742c81726b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAnNz0MC_3SRPsS1tvbJyV%2Bja6Da6-NirR04-WEMKy_Grc6SLw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Conditionally upgrade container (specific version)

[Peter Mooshammer]

Yeah - that would be a nice feature :-)

A pull only option in the docker module, that lets you know if you have to 
restart the service or not. And restarts AFTER the pull is complete.

Peter

On Monday, January 12, 2015 at 8:45:53 AM UTC-8, Gary Malouf wrote:
>
> I'm trying to achieve the following behavior via the Ansible-Docker module
>
>
>1. Check if currently deployed container image is of desired version; 
>if so, exit else proceed
>2. Pull updated image
>3. Stop/remove currently deployed container image
>4. Start new container image
>
>
> I know using 'latest' would give this type of behavior, but we really want 
> to be able to specify the specific version to check for.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/97bb9092-7d30-47a1-81b7-f44b50ebe40c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible Hardening Guide

[Philippe Eveque]

Hi,

Among eferences mentionned in this group here lokk at
https://github.com/major/cis-rhel-ansible
for the OS (RHEL/CentOS) in that case

doing similar things based on our own needs and beyond the OS.
HTH

Phil

2015-01-13 15:01 GMT+01:00 Brian Dunbar :

> My boss's boss emailed us this link and suggested we could adapt the
> puppet / chef scripts to our own needs, for Ansible.
>
> https://telekomlabs.github.io/
>
> Before we embark on _that_ project .. is there anything similar that has
> been done for Ansible, so that I can shamelessly borrow it and save myself
> a lot of work?
>
> Brian Dunbar
> Reliam
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8d528620-6885-4495-b0d7-daa24b43c224%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAB1FMuTGdXomP-7OUMs0SBKNXWNrDGp_3u0t0samaAajsvJ%2BrQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Nested variables and "with_items: groups"

[David Goodall]

OK, figured it out finally:

with_items: "{{ groups[project_name + '-masters'] }}"

{% for host in groups[project_name + '-masters'] %}


On Tuesday, January 13, 2015 at 3:28:08 PM UTC, David Goodall wrote:
>
> Hi,
>
> I used to have this:
> with_items: groups['masters']
>
> I have now changed the group name to reflect the project name, which is 
> entered into the "project_name" variable when the playbook is run.
> e.g. if the project is "test", the group will be "test-masters"
>
> In the "with_items:" statement, I would like to be able to replace 
> "masters" with something like {{ project_name }}-masters.
>
> The latest attempt is:
> with_items: groups['"ansible_" + project_name + "-masters"']
>
> I have been trawling this group and have tried various incantations, all 
> to no avail so far.
>
> For bonus points, I also have this in a jinja2 template:
> {% for host in groups['masters'] %}
>  - which will need the same treatment...
>
> Any help appreciated!
> Best regards,
> David
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/206a18ce-c2db-4405-8a53-176cf28ca372%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Variables in "when" statement

[Wojciech Korzenny]

Thanks Tom. It worked pefrect. 

But I faced another issue with including tasks. 
I have the file tasks.yml with two tasks, I tagged them as below: 

- name: Perform action - FULL 
  shell: run_script_full.py 
  tags:
  - full
- name: Perform action - BASIC
  shell: run_script_basic.py 
  tags:
  - basic

In my main playbook I want to inlcude them like below: 

- hosts: controller
  user: ansuser
  tasks:
  - include: tasks.yml tags=full
when: "'{{ LEVEL }}' == 'full'"
  - include: tasks.yml tags=basic
when: "'{{ LEVEL }}' == 'basic'"

I run ansible with command: 

ansible-playbook main_playbook.yml --extra-vars="LEVEL=basic". My point is 
to execute only task with tagged as "basic" so I'd like main script to: 
1) skip first include statement 
2) execute tasks.yml in second include statement but only second one (first 
is tagged as full so requirenments are not met). 

Is it possible to achive this way? 

Regards, 
Wojtek





W dniu wtorek, 13 stycznia 2015 09:29:08 UTC+1 użytkownik Wojciech Korzenny 
napisał:
>
> Hi, 
>
> I want to use variable in when statement, for example: 
>
> - include: some_playbook.yml
>   when: "{{ SOME_VARIABLE }}" == "true"
>
> where: 
> SOME_VARIABLE - is given as false/true via --extra-vars
>
> Unfortunately I get error: 
>
> ERROR: Syntax Error while loading YAML script, run_soak_test.yaml
> Note: The error may actually appear before this position: line 3, column 26
>
> - include: some_playbook.yml
>   when: "{{ SOME_VARIABLE }}" == "true"
>  ^
> We could be wrong, but this one looks like it might be an issue with
> missing quotes.  Always quote template expression brackets when they
> start a value. For instance:
>
> with_items:
>   - {{ foo }}
>
> Should be written as:
>
> with_items:
>   - "{{ foo }}"
>
>
> Do you know what's the reason and what's the workaround? 
>
> Thanks in advance, 
> Wojtek 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8d4e1e93-c4f1-48ea-af38-41664642b68e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Nested variables and "with_items: groups"

[David Goodall]

Hi,

I used to have this:
with_items: groups['masters']

I have now changed the group name to reflect the project name, which is 
entered into the "project_name" variable when the playbook is run.
e.g. if the project is "test", the group will be "test-masters"

In the "with_items:" statement, I would like to be able to replace 
"masters" with something like {{ project_name }}-masters.

The latest attempt is:
with_items: groups['"ansible_" + project_name + "-masters"']

I have been trawling this group and have tried various incantations, all to 
no avail so far.

For bonus points, I also have this in a jinja2 template:
{% for host in groups['masters'] %}
 - which will need the same treatment...

Any help appreciated!
Best regards,
David

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/04ebdda6-8878-4b3c-940a-e6230f591ec6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Feature: User-defined modules as yaml task lists?

[jang]

On Tue, 13 Jan 2015, Brian Coca wrote:

> no, you need to use role dependencies for that case
> 
> http://docs.ansible.com/playbooks_roles.html#role-dependencies

Ah. But tasks for role dependencies are all fired off in advance, right?

I'm talking about having a common "subroutine" task, commonly provided 
through a central point, that can be called like any other module might be 
called, from an arbitrary point within a playbook.

(The point of this is to provide some abstraction, so that client 
playbooks can be written in terms of higher-level operations than the 
concrete modules typically provided. Is that just a misplaced desire to 
"do ansible wrong"? :-) )

-- 
j...@ioctl.org  http://ioctl.org/jan/ Short, dark, ugly: pick any three
Don't annihilate, assimilate: MacDonalds, not missiles.

Re: [ansible-project] Feature: User-defined modules as yaml task lists?

[Brian Coca]

no, you need to use role dependencies for that case

http://docs.ansible.com/playbooks_roles.html#role-dependencies

-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8ng%2B8LU-4ya%2BCN%2BPW%2BTSHXH_a-G9Bs1ocbD5JBJEPubKw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Feature: User-defined modules as yaml task lists?

[jang]

On Tue, 13 Jan 2015, Brian Coca wrote:

> then use roles, they offer a bit more than simple task lists but you
> can set the search paths.

Are you saying that if I have a "common" role with a "tasks/do-foo.yml" 
and some other role that has

- include: do-foo.yml

it'll DTRT? I couldn't make that work in testing.



-- 
j...@ioctl.org  http://ioctl.org/jan/ Short, dark, ugly: pick any three
Leverage that synergy! Ooh yeah, looking good! Now stretch - and relax.

Re: [ansible-project] Feature: User-defined modules as yaml task lists?

[Brian Coca]

then use roles, they offer a bit more than simple task lists but you
can set the search paths.



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DjsvoWoVgnTe_KHqnb7WC-Squ76hrzpSk2tX2H%3DbGcsA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Feature: User-defined modules as yaml task lists?

[jang]

On Tue, 13 Jan 2015, Brian Coca wrote:

> I'm not sure I'm reading this right, would you just want?:
> 
> - include: tasklist.yml

The problem's when it's:

- include: ../../common/tasks/tasklist.yml param1=...

which is klunky to read, error-prone to write, and makes refactoring the 
common tasks tricky (particularly if the common tasks and their consumers 
live in separately-gated repositories).

As far as I can tell* ansible avoids having sprawling search paths for 
task includes (presumably so that it's easy to tell what's going on 
without too much external context); but used judiciously, something like 
this would let me introduce a smidgen of useful abstraction into my 
playbooks.

* if that's not right, please correct me!



-- 
j...@ioctl.org  http://ioctl.org/jan/ Short, dark, ugly: pick any three
Donate a signature: http://ioctl.org/jan/sig-submit

Re: [ansible-project] Feature: User-defined modules as yaml task lists?

[Brian Coca]

I'm not sure I'm reading this right, would you just want?:

- include: tasklist.yml



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nS%2B0F-cWJHxKzT_uXxSBDyUnr5p08iyVzrEvQv73Z2wQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible Hardening Guide

[Brian Dunbar]

My boss's boss emailed us this link and suggested we could adapt the puppet 
/ chef scripts to our own needs, for Ansible.

https://telekomlabs.github.io/

Before we embark on _that_ project .. is there anything similar that has 
been done for Ansible, so that I can shamelessly borrow it and save myself 
a lot of work?

Brian Dunbar
Reliam

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8d528620-6885-4495-b0d7-daa24b43c224%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Prevent variable overwrite in skipped tasks

[Brian Coca]

ansible sets registered variables on skipped tasks so you can query
them for setvar|skipped, I suggest you name the vars differently and
set a 'x' var depending on the value of those 2.


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DxbpXX3e8zzwr1mxrFYgKFd4ckA32%3D6V_foPP9keTOqQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Feature: User-defined modules as yaml task lists?

[jang]

Writing my own modules in, say, Python feels like overkill. I can't find a 
feature at the moment that would let me give a name to a yaml file 
(containing task definitions) and then invoke that name as though it were 
any other module.

Is anything like this already possible? Is it on a roadmap? (Would patches 
to do this be accepted?)

Cheers,
jan

-- 
j...@ioctl.org  http://ioctl.org/jan/ Short, dark, ugly: pick any three
OORDBMSs make me feel old; I remember when this was all fields.

Re: [ansible-project] Hosts with multiple roles

[Brian Coca]

 --limit does a intersection with existing - hosts: clauses, it looks like

play1: - hosts: customer1
play2: - hosts: customer2
play3: - hosts: http-servers
play4: - hosts: samba-servers

when you do --limit customer1 you should get play1, 3 and 4, as the
intersection of customer1 and customer1 is 1 host, customer2 and
customer1 is 0 hosts, http-servers and customer1 is 1 host, etc.


If you want to ONLY run specific plays I suggest you look at tags.
-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8kieBUaefjTVzf9AFND0Zchz8zWg547ZLeuD%3Dw9EAYB%3Dw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Problem with ansible variables

[Brian Coca]

it is substituting but I'm guessing more than you want.

try:

environment:
  MODULE: "{{MODULE.stdout}}"

also "shell: echo" will not display any output to your screen, you
might want to register it and use debug module to display.


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8kzM4fro4A58AsU4bPObNAf_D8z3TD980daQd373oo9zA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Iterate over inventory group

[Laurent Goussard]

Hello,

I try to setup a cron task using ansible (indeed) on my db slave pool.
This cron task is supposed to stop the replication process, dump the 
database and restart replication.
Because the backup takes a little time, I don't want to init the cron task 
at the same time on all the db slaves and I don't want to stop all the 
slaves at the same times either.

My first idea was to set a different time while looping on the group.
But it's definitely not as trivial as it seems :

- name: database backup cron task
  cron: name="database backup" hour={{ item.key }} user="root" job=
"backup_db.sh" cron_file=database_backup
  with_dict: groups.mysql

The point is an inventory group is a list, not a dictionnary and I cannot 
find any simple way to convert a list to a dict (whereas it's easy to 
convert a dict as a list)
I also tried to use the group list instead, but I cannot figure out how I 
can get an iterator key.

Did I miss something ? Do you have any clue regarding my (not so complex 
imho) problem ?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2c7a35b1-7a32-4422-a131-9cece1014e16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: roles variable inheritance / override bug in 1.8.2

[Tristan Bessoussa]

I got the exact same problem on 1.8.2.



Le mercredi 17 décembre 2014 05:57:52 UTC+1, Steve Kieu a écrit :
>
> Hi,
>
> Not sure if this is known, with ansible 1.8.2 I found:
>
> role B depend on role A
>
> In role A vars/main.yml set variable like TEST: 'a'
> In role B vars/main.yml set variable like TEST: 'b'
>
> Playbook using role B and debug print that the variable has the value: 'a'
>
> I have to downgrade to 1.7.2 which has correct behaviour.
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/01f2e8c6-57ef-4719-9ef2-5618a9b6bafb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Prevent variable overwrite in skipped tasks

[Bill Rosenburg]

This is the first time I hit wall with ansible after thousands lines of 
yaml so maybe I'm missing something. 

I have a main playbook a.yml:

- include b.yml
- include c.yml
  when: 0 == 1

- debug: var=x

where both b.yml and c.yml set value of 'x' variable. I understand that 
this is by design yet if I have a single role with two separate flows 
setting same variables I found no way to work around this and skip c.yml 
entirely. 

Did anyone try do hack this directly in ansible source? I need to comment 
out portion where ansible assigns {'skipped': True} to my variable.

Thanks,
Bill


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8cb95e9e-72fd-40f7-b1e3-22691d9d3a5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Hosts with multiple roles

[Dirk Olmes]

Hi,

I'm having problems with the ansible inventory, filters and hosts in 
multiple roles. Let's assume I have two customers, each with a machine that 
can be a http server and/or a samba server.This is my inventory:

[customer1]
host1.customer1.com

[customer2]
host1.customer2.com
host2.customer2.com

[http-servers]
host1.customer1.com
host1.customer2.com

[samba-servers]
host1.customer1.com
host2.customer1.com

As you can see, customer1 only has a single machine that fulfills both 
roles and customer2 has a separate machine for each role.

Now I'm trying to run the playbook with filters:

% ansible-playbook -i ./hosts --list-hosts --limit customer1 ./site.yml

playbook: ./site.yml

  play #1 (customer1): host count=1
host1.customer1.com

  play #3 (http-servers): host count=1
host1.customer1.com

  play #4 (samba-servers): host count=1
host1.customer1.com

Why on earth do I get play #3 and #4? I specifically asked for customer1 
which only has one entry.

The same goes for role-based groups:

% ansible-playbook -i ./hosts --limit http-servers --list-hosts ./site.yml

playbook: ./site.yml

  play #1 (customer1): host count=1
host1.customer1.com

  play #2 (customer2): host count=1
host1.customer2.com

  play #3 (http-servers): host count=2
host1.customer1.com
host1.customer2.com

  play #4 (samba-servers): host count=1
host1.customer1.com

What's going on here?

I did read the documentation on inventory, groups and patterns but that 
page only has examples for hosts in single roles. What am I doing wrong?

-dirk

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a2ca3d3c-9ea0-4cde-ac5e-5881af4cd4fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible's autoscaling group for EC2

[biswajit . banerjee]

Hi All,

I am getting below error while running my playbook for autoscaling group.

the snippet for autoscaling group is...


- name: create autoscale groups
  ec2_asg:
name: "{{ asg_group_name }}"
health_check_period: 420 
load_balancers: "{{ load_balancers }}"
health_check_type: ELB
availability_zones: "{{ availability_zones | join(',')}}"
launch_config_name: "{{ lc_name }}"
min_size: "{{ asg_min_size }}"
max_size: "{{ asg_max_size }}"
desired_capacity: "{{ asg_desired_capacity }}"
region: "{{ region }}"

replace_all_instances: yes
vpc_zone_identifier: "{{ asg_subnets | join(',') }}"

  delay: 10 
  retries: 120
  register: asg_result
  tags: autoscale_group

__

Error is :

_


TASK: [platform | launch load balancer] 
** 
ok: [localhost]

TASK: [scaling | create launch config]  
changed: [localhost]

TASK: [rolling_asg | create autoscale groups] 
* 
failed: [localhost] => {"failed": true, "parsed": false}
Traceback (most recent call last):
  File 
"/root/.ansible/tmp/ansible-tmp-1421068448.77-61261087588667/ec2_asg", line 
2355, in 
main()
  File 
"/root/.ansible/tmp/ansible-tmp-1421068448.77-61261087588667/ec2_asg", line 
2345, in main
create_changed, asg_properties=create_autoscaling_group(connection, 
module)
  File 
"/root/.ansible/tmp/ansible-tmp-1421068448.77-61261087588667/ec2_asg", line 
2072, in create_autoscaling_group
asg_properties = get_properties(ag)
  File 
"/root/.ansible/tmp/ansible-tmp-1421068448.77-61261087588667/ec2_asg", line 
2008, in get_properties
properties['tags'] = dict((t.key, t.value) for t in 
autoscaling_group.tags)
TypeError: 'NoneType' object is not iterable

___

Ansible version :1.9


Any help or pointer will be much welcome and badly in need of that. 


Regards,
Biswajit


-- 

Using a smartphone? Try our app for property search 
 and app for residential communities 
.
--
This e-mail and any files transmitted with it may contain confidential and 
privileged information are for the sole use of the intended recipient(s) . 
If you are not the intended recipient, please appraise the sender by reply 
e-mail and destroy all copies and the original message. Any unauthorized 
disclosure, dissemination, forwarding, printing or copying of this email or 
any action taken on this e-mail is strictly prohibited and may be unlawful. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/23efe8ec-789c-4a73-8926-edf074e11812%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] With ssh tunnel, can not -m ping remote host successful

[jlu . xzp]

I have to use ssh tunnel to manage my hosts.

1. create ssh tunnel   "ssh -L 8082:: 
 root@"
2. edit host cfg  
   [servers]
   server ansible_ssh_port=8082 ansible_ssh_host=127.0.0.1 
ansible_ssh_user=root ansible_ssh_pass=

then use "ansible servers -m ping"

I got "FAILED => Authentication failure."

But  if i delete ansible_ssh_user, then use "ansible severs -m ping -k" and 
use password "", i got success.

And if i use "sshpass -p  ssh -p 8082 root@127.0.0.1", i got success 
too.

I don't know why...

Can anyone help me to solve this problem?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/974d841c-7ce4-4e09-ac2a-15f02addc0b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Problem with ansible variables

[Adrian Paraschiv]

Hello,

I have this small playbook and t doesn't convert veriables:
---
- hosts: karma
  user: root
  sudo: True
  tasks:
- shell: ls /images/KBU/ | grep MODULE | awk -F- '{print $4}' | awk -F. 
'{print $1}' | tail -1
  register: MODULE
  environment:
MODULE: "{{ MODULE }}"
- shell: echo "{{ MODULE }}"

at *TASK: [shell echo "{{ MODULE_GOROCO }}"] 
***

it failes, it echoes the hole stdout of ansible: 
--
cmd:
*echo "{u'changed': True, u'end': u'2015-01-12 08:30:33.137879', u'stdout': 
u'G10R00C00', u'cmd': u"ls /images/KBU/ | grep KBUONE | awk -F- '{print 
$4}' | awk -F. '{print $1}' | tail -1", u'rc': 0, u'start': u'2015-01-12 
08:30:33.121037', u'stderr': u'', u'delta': u'0:00:00.016842', 
'invocation': {'module_name': u'shell', 'module_args': u"ls /images/KBU/ | 
grep KBUONE | awk -F- '{print $4}' | awk -F. '{print $1}' | tail -1"}, 
'stdout_lines': [u'G10R00C00'], u'warnings': []}"*
stderr: tail: option used in invalid context -- 1
tail: option used in invalid context -- 1
-
it should echo this: G10R00C00. How do I echo the content of a registered 
variable ?


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/97ca54af-5f67-4b3a-9cff-5faded9f1101%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ec2 elb set subnets from vpc return value

[Stefan Nietert]

When doing this I get:

"One or more undefined variables: 'item' is undefined"

It did work for you?

On Thursday, September 25, 2014 at 4:34:25 AM UTC+2, Steven Ringo wrote:
>
> Hi,
>
> Try this:
>
> - ec2_elb_lb:
>   name: csds-elb-sydney-dev
>   foo: bar
>   subnets:
> - "{{ item.id }}"
>   with_items:
> - "{{ csds_vpc.subnets }}"
>   when: item.resource_tags['Tier'] == 'elb' and
> item.resource_tags['Application'] == 'MyApp'
>
>
> It works, but feels hacky, alas.
>
> Steve
>
>
> On Saturday, 6 September 2014 13:27:37 UTC+10, itarchmerc wrote:
>>
>> Rather than trying to do this with a one line jinja2 statement, could I 
>> use with_items and when?  I tried this, but it generates an error.
>>
>> - name: create elb
>>   local_action:
>> module: ec2_elb_lb
>> name: "elb1"
>> scheme: internet-facing
>> state: present
>> subnets: "{{ item.id }}"
>> security_group_ids: "{{ elb_sg.group_id }}"
>> region: us-east-1
>> listeners:
>>   - protocol: http
>> load_balancer_port: 80
>> instance_port: 80
>>   with_items: vpc.subnets
>>   when: vpc.subnets.resource_tags.tier == 'elb'
>>   register: elb
>>
>> I get this error:
>>
>> error while evaluating conditional: vpc.subnets.resource_tags.tier == 
>> 'elb'
>>
>> I'm hoping this method can be used, but I'm not sure of the format for 
>> the conditional.
>>
>> On Friday, September 5, 2014 5:34:18 PM UTC-4, itarchmerc wrote:
>>>
>>> OKgetting closer.  I had to upgrade Jinja2 to version 2.8-dev in 
>>> order to get the equalto test.  Now the debug statement executes without 
>>> error; however, this doesn't return the information I need.  The statement 
>>> below gives me all resource_tags if the tier key equals "elb".  What I 
>>> really need is the subnet id value if the resource_tag has the tier key 
>>> equal to "elb".  I feel like another level of nesting is required.  Any 
>>> ideas on how to get the subnet id?  Thank you James for all your help so 
>>> far!
>>>
>>> "vpc": {
>>> "changed": false,
>>> "invocation": {
>>> "module_args": "",
>>> "module_name": "ec2_vpc"
>>> },
>>> "subnets": [
>>> {
>>> "az": "us-east-1c",
>>> "cidr": "10.0.0.x/26",
>>> "id": "subnet-123456789", -> I need this value
>>> "resource_tags": {
>>> "Name": "elb1",
>>> "tier": "elb"
>>> }
>>> },
>>> {
>>> "az": "us-east-1a",
>>> "cidr": "10.0.0.x/26",
>>> "id": "subnet-abcdefgh",  > and this
>>> "resource_tags": {
>>> "Name": "elb2",
>>> "tier": "elb"
>>>  }
>>>   }
>>>
>>> On Friday, September 5, 2014 4:07:04 PM UTC-4, James Cammarata wrote:

 You could use the selectattr() filter, however it looks like the 
 'equalto' test is new (it doesn't work in my version of jinja2, which is 
 2.7.x). But it would looks something like this:

- debug: msg="{{vpc.subnets | map(attribute='resource_tags') | 
 selectattr('tier', 'equalto', 'elb') | list}}"



 On Fri, Sep 5, 2014 at 9:45 AM, itarchmerc  
 wrote:

> I got one step further.  Using this debug statement, I was able to get 
> the list of resource_tags:
>
> debug: msg="{{vpc.subnets | map(attribute='resource_tags') | 
> map(attribute='tier') | list}}"
>
> I'm not sure if this is the right way to go about getting this 
> information, so please let me know if there is a better way.
>
> Unfortunately, I'm still having difficulty having the task only pull 
> the subnet id for the subnets tagged as tier=elb.  Can I use something 
> after the pipe instead of list to limit the results, or do I need to use 
> with_items, with_dict?  Thanks.
>
> On Friday, September 5, 2014 8:32:02 AM UTC-4, itarchmerc wrote:
>>
>> That worked perfectly to get the list of subnets.  Thank you!
>>
>> The only issue I have now is limiting the returned values.  The 
>> syntax below is returning all 6 subnets in my vpc, but I only want the 2 
>> subnets that I gave a resource tag of tier=elb.  I'm trying to use the 
>> when 
>> clause with the ec2_elb_lb module, but I can't get the syntax right 
>> there. 
>>  I tried:
>>
>> when: {{ vpc.subnets | map(attribute='tier') | list }} == 'elb'
>>
>> This generates a syntax error each time.  What should the format be 
>> in a when clause and/or is this the right way to approach limiting the 
>> results, or should I be using with_items or with_dict?  Thanks for the 
>> help!
>>
>> On Thursday, September 4, 2014 11:14:53 PM UTC-4, James Cammarata 
>> wrote:
>>>
>>> Hi. From

[ansible-project] Conditionals in sudo

[Rajagopal V]

Hi,
(Originally posted to Ansible Dev by mistake)

Im a newbie trying to automate a few commands across boxes using Ansible. 

I would like the sudo command on certain tasks to be conditional, so 
depending on the node, I'd like to turn on sudo or not. For e.g.  I have a 
development machine (my laptop) and a stage server where I need certain 
sets of commands to be run. On the dev machine, I dont need any of the 
commands to be run as sudo but need them to run as sudo on the stage 
server. 

I thought something like

- hosts: all
  tasks:
  - name: Execute Command X
command: Command X
sudo: inventory_hostname != 'localhost'

My Hosts file contains entries like
localhost
demo7  ansible_ssh_host=... ansible_ssh_port=.. 

would make the task not run as sudo on "localhost" (my dev machine) but 
would run with sudo on the other nodes. Unfortunately, this doesnt happen 
and it always treats this as sudo: False.

Is it possible to have conditionals in sudo ?

UPDATE: Looking through the source, this doesn't seem to be the case. The 
Expression doesnt seem to be evaluated and sent directly to utils.boolean.
Is there any other way of achieving this goal other than running every task 
twice -- once with sudo and once without.


Thanks
Raja

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cd3109da-57f5-4c0a-9812-29742c81726b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible multiple SSH logins

[Paul Slootman]

I have a similar situation, every ansible action causes a line to be added 
to the output of "last".
When updating multiple users this overwhelms the "normal" users. I tried 
"-" and it did show
that ControlPath etc. are being set:

... EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o 
ControlPath="/work/impulse/impulsys/.ansible/cp/ansible-ssh-%h-%p-%r" ...

(This is for an ad hoc command.)

Must ansible always invoke ssh with the -tt option? If no terminal is 
allocated then also no wtmp
entry is written.

For the time being I've patched openssh not to wtmp the ansible user (I was 
distributing an own
copy of openssh anyway as we're using RHEL5 (actually Oracle Linux 5) and 
needed some
functionality not provided with the stock openssh in addition to security 
updates.).

-- 
Paul


On Wednesday, 10 December 2014 23:51:51 UTC+1, Matt Martz wrote:
>
> I imagine what you are in need of is ControlPath, ControlMaster, 
> ControlPersist.
>
> Those should be the default if you are using the 'ssh' transport.  Using 
> the 'paramiko' transport will not invoke those options.
>
> What OS and OpenSSH client version do you have on the control machine?
>
> You should additionally be able to determine if you are using paramiko or 
> ssh using -
>
> Also, do you have any ssh_args set in ansible.cfg or via ANSIBLE_SSH_ARGS?
>
> On Wed, Dec 10, 2014 at 3:43 PM, > 
> wrote:
>
> Hi,
>
> I think I have a configuration problem, but I'm not sure what to search on 
> to find an answer. I've tried 'wtmp' or 'last' or 'lots of ssh logins', but 
> I don't find quite what I'm looking for. So I think a question and an 
> example might be easiest.
>
> We have an 'ansible' user on our Ansible clients that the server logs into 
> using SSH, and then sudos to run playbooks, etc.
>
> Whenever Ansible runs (as you can see below), that ansible user logs in 
> many, many times to run playbooks, and fills up the wtmp/lastlog so that 
> every time I log in and run 'last', I have to filter out the 'ansible' user.
>
> I'm not sure what configuration options might be influencing this, whether 
> it might be accelerate, pipelining, etc.
>
> If anyone's seen this before and has figured it out, I'd love a tip to get 
> me going in the right direction. Or, if this is normal behavior, that'd be 
> useful information, too.
>
> Thanks,
> Matt
>
> An example from one machine and one ansible run:
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:08 - 21:08  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:07 - 21:07  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:06 - 21:06  (00:00)
> ansible  pts/0 Mon Dec  1 21:05 - 21:05  (00:00)
> ansible  pts/0 Mon Dec  1 21:05 - 21:05  (00:00)
> ansible  pts/0 Mon Dec  1 21:05 - 21:05  (00:00)
> ansible  pts/0 Mon Dec  1 21:05 - 21:05  (00:00)
> ansible  pts/0 Mon Dec  1 21:05 - 21:05  (00:00)
> ansible  pts/0 Mon Dec  1 21:05 - 21:05  (00:00)
> ansible  pts/0 Mon Dec  1 21:05 - 21:05  (00:00)
> ansible  pts/0 Mon Dec  1 21:04 - 21:04  (0
>
> ...

-- 
You received this message because you are subscribed

[ansible-project] IoC in ansible roles (avoiding boilerplate) - how?

[jang]

So, a follow-on question. I've a number of roles (again, role playbooks 
are potentially developed by independent teams). Typically, the tasks any 
particular role will execute look like this:

- common preamble
- role-specific tasks
- common suffix.


I'd like to minimise (or remove) any common boilerplate from each of the 
individual roles. Typically, the way to achieve that is via some take on 
IoC. However, given that include: doesn't expand J2, I'm finding it hard 
to understand how one might best express this in ansible.

Any clues?

Cheers,
jan


-- 
j...@ioctl.org  http://ioctl.org/jan/ Short, dark, ugly: pick any three
Fate has a voracious appetite for chocolate.

[ansible-project] Re: Creating and distributing ssh keys

[Dan Vaida]

---

- hosts: all 
  sudo: yes 
  tasks:

- name: Generate root sshkey
  user: >
name=root
generate_ssh_key=yes
ssh_key_bits=4096
ssh_key_type=rsa
ssh_key_file=/root/.ssh/id_rsa_{{ ansible_hostname }}
  register: rootkeys
  tags: cephkeys

- debug: var=rootkeys
  tags: cephkeys

- name: place pubkeys in authorized_keys
  authorized_key: >
key="{{ hostvars[item].rootkeys.ssh_public_key }}" 
state=present
user=root
  with_items: groups['all']
  register: authorize
  tags: cephkeys

- debug: var=authorize
  tags: cephkeys

Sorry, I didn't know that was indeed what you were expecting.
So, I will assume based on your output, that the scope of your tasks are 
those three machines (I placed them in the 'all' group). Give that a try.


On Tuesday, 13 January 2015 07:18:15 UTC+1, Mark Maas wrote:
>
>
> On Sunday, January 11, 2015 at 12:02:10 PM UTC+1, Dan Vaida wrote:
>>
>> as I see it, based on your input, you have two problems:
>> 1. you're creating the users and generating unique keys on each of the 
>> target hosts
>>
>
> Correct, and that's what I'm trying to get.
>  
>
>> 2. you're trying to iterate through the 'rootkeys' in a way that will 
>> never work for the key parameter.
>>
>
> Ah yes, something that is re-occuring with ansible for me ;-) it's not 
> always clear how to reference variables, sometimes with value.something, 
> other times wit set.something, with_dict, with_flattened,etc not very 
> clear...
> No matter, just learing I guess but the variables with the correct data is 
> obviously there, I just need the correct syntax I would think?
>  
>
>>
>> So, I'd use 'delegate_to: localhost' on the user task, then on the 
>> authorized_keys task, in the 'with_items' you would use 
>> rootkeys.ssh_public_key 
>> to access the keys.
>>
>>>
>>>
> But then all the keys would be the same right?  Not what I would want in 
> this case.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b74be6b5-ae21-42c6-a36f-647727e5f7cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Problem with ansible 1.8.2 copy:

[Tore Lindberg Åbodsvik]

I guess you're right, thanks :) 
Embarrassing that i did not check without that file before posting.
But the same file have worked in earlier versions of ansible, so that had 
me fooled. 

-Tore

fredag 9. januar 2015 23.47.01 UTC+1 skrev Brian Coca følgende:
>
> I'm guessing there is a problem in your global_vars.yml file 
>
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/249d6ccd-7878-4a1b-9f0b-4c4c6494a2e9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Variables in "when" statement

[Tom Bamford]

Hi Wojtek

The error you are getting is due to inconsistent quoting. You may also need
to cast your variable. Try one of these:

- include: some_playbook.yml
  when: "{{ some_variable | bool }} == True"

or shorter:

- include: some_playbook.yml
  when: "{{ some_variable | bool }}"

See http://docs.ansible.com/YAMLSyntax.html#gotchas and
http://docs.ansible.com/playbooks_variables.html#other-useful-filters for
more details.

Regards
Tom


On 13 January 2015 at 10:29, Wojciech Korzenny  wrote:

Hi,
>
> I want to use variable in when statement, for example:
>
> - include: some_playbook.yml
>   when: "{{ SOME_VARIABLE }}" == "true"
>
> where:
> SOME_VARIABLE - is given as false/true via --extra-vars
>
> Unfortunately I get error:
>
> ERROR: Syntax Error while loading YAML script, run_soak_test.yaml
> Note: The error may actually appear before this position: line 3, column 26
>
> - include: some_playbook.yml
>   when: "{{ SOME_VARIABLE }}" == "true"
>  ^
> We could be wrong, but this one looks like it might be an issue with
> missing quotes.  Always quote template expression brackets when they
> start a value. For instance:
>
> with_items:
>   - {{ foo }}
>
> Should be written as:
>
> with_items:
>   - "{{ foo }}"
>
>
> Do you know what's the reason and what's the workaround?
>
> Thanks in advance,
> Wojtek
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4cb1d171-cd47-44dc-ae97-87bc7b2dc5a1%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
​

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAnNz0P%2BxYfMhPVNNNxFKd1vhLuYtrUN2i5WVudWT_%3DqqCs8Ww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Variables in "when" statement

[Wojciech Korzenny]

Hi, 

I want to use variable in when statement, for example: 

- include: some_playbook.yml
  when: "{{ SOME_VARIABLE }}" == "true"

where: 
SOME_VARIABLE - is given as false/true via --extra-vars

Unfortunately I get error: 

ERROR: Syntax Error while loading YAML script, run_soak_test.yaml
Note: The error may actually appear before this position: line 3, column 26

- include: some_playbook.yml
  when: "{{ SOME_VARIABLE }}" == "true"
 ^
We could be wrong, but this one looks like it might be an issue with
missing quotes.  Always quote template expression brackets when they
start a value. For instance:

with_items:
  - {{ foo }}

Should be written as:

with_items:
  - "{{ foo }}"


Do you know what's the reason and what's the workaround? 

Thanks in advance, 
Wojtek 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4cb1d171-cd47-44dc-ae97-87bc7b2dc5a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.