Re: [ansible-project] dynamic inventory script doesnt run under ansible, but a script that cats its output works just fine.

[Brian Coca]

so ansible uses python2 which would require yaml to work and seems to
be installed correctly, but your script uses python3, did you install
yaml for python 3?


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8kJC_%2BBvHYhRv8zScSAnCRmSatXGNmMPa%3DJpFOidy_-ow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] dynamic inventory script doesnt run under ansible, but a script that cats its output works just fine.

[pixel fairy]

wrote a dynamic inventory for ansible, which seems to run fine on its own, 
but when run in ansible, it complains that it cant import yaml. 

a script that just cats out the output (cut and paste) of the first script 
works just fine. the parts that actually make and configure the virtual 
machines and networks works fine, so thats stripped out. 

im on os x 10.10.4, running ansible 1.9.2 from homebrew

pixel$ ./pransible-stripped.py --list
{
  "fileserver": {
...

pixel$ ansible -i ./pransible-stripped.py all --list-hosts
ERROR: Inventory script (./pransible-stripped.py) had an execution error: 
Traceback (most recent call last):
  File "/Users/pixel/pransible-stripped.py", line 4, in 
import yaml
  File 
"/usr/local/Cellar/ansible/1.9.2/libexec/vendor/lib/python2.7/site-packages/yaml/__init__.py",
 
line 2, in 
from error import *
ImportError: No module named 'error'

pixel$ cat pransible-stripped.sh 
#!/bin/sh
cat

[ansible-project] inventory script doesnt work as dynamic inventory, but its output does.

[pixel fairy]

wrote a dynamic inventory in python3 for proxmox. it makes virtual 
machines, sets up their network config, and dns and dhcp in dnsmasq

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c4283834-e052-4096-b74c-a5e5d9e0eef1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Using dynamic inventory, access other hosts' variable where "other hosts" are list of hosts

[boyang]

Please refer to the closed issue on Ansible repo: 
https://github.com/ansible/ansible/issues/11583

So, is the thing I'm trying to achieve impossible? Any suggestion would be 
most appreciated.

I'm running Ubuntu 15.04, Ansible 2.0.0


Regards,
Boyang

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/af8b67bd-f9c0-448f-a7bc-680b2e588e2b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Using dynamic inventory, access other hosts' variable where "other hosts" are list of hosts

[boyang]

Please see this closed issue on Ansible repo: 
https://github.com/ansible/ansible/issues/11583

Any suggestions would be most welcomed. Thanks!


Regards,
Boyang

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/05e6f4d7-03f7-4c23-9bbf-11c153c2c661%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Docker and Ansible Vault: An insecure match?

[Mahmoud Saada]

Ansible Vault requires to prompt the user for a password or a file 
containing the password. But if I'm running Ansible inside of a container 
, I cannot 
prompt the user for a password.

How can I run a playbook using vars encrypted by Vault during a Docker 
build?
How can I do it without exposing a password file?
Is there a best practice?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d89ed1ef-5970-4bda-bd12-34c283b49cbe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible ec2_facts returns false data (if there is NAT on the system level; This is ok if You use AWS router interface gateway)

[Igor Cicimov]

Have to correct myself, you do provide the subnet information. So in answer 
to you questions/conclusions they way I do it is:

- Use private routing table for the private subnets pointing to the NAT as 
IGW
- Use 2 x NAT instances and NAT takeover script that modifies the the 
private subnets routing table and points the IGW to itself in case the 
other NAT instance has failed

On Wednesday, July 15, 2015 at 10:21:38 AM UTC+10, Igor Cicimov wrote:
>
> I'm using Ansible with AWS VPC's, where most of them have public and 
> private subnets, and have never had the problem you are seeing. This is 
> definitely a misconfiguration on your side and nothing to do with Ansible. 
> The ec2_facts is doing the right thing, there is no other way of collecting 
> data except querying the meta-data repository which is what the AWS CLI 
> tools do anyway. Meaning you will get wrong data using AWS CLI as well. 
> Don't forget you are in the cloud and your networking is configured in the 
> hypervisor/SDN level and NOT on instance level. Meaning you can create as 
> many network interfaces as you want on instance level and set IP's on those 
> but none of them will work since you have bypassed the SDN and there is no 
> record of those in the meta-data repository. Which finally means that 
> collecting facts on the instance locally really means nothing if those 
> values don't match what is in the meta-data repository.
>
> Now that we have that cleared, lets move to your problem, which looks to 
> me is AWS routing tables. Or more specific the lack of those. For an 
> instance to be in a private subnet it needs separate routing table from the 
> VPC's default one (which has IGW created for you when the VPC was created) 
> that has the NAT instance as IGW (internet gateway). And that is all you 
> need, you don't have to set any routing tables on the system level, the SDN 
> will route the traffic for you.
>  
> Hope this makes sense. Since you haven't provided any info about your 
> subnets, routing tables, ACL's etc. this is more of a guess what's going on 
> so please correct my assumptions if needed.
>
> Thanks,
> Igor
>
> On Tuesday, July 14, 2015 at 10:16:49 PM UTC+10, sirkubax wrote:
>>
>> *THE PROBLEM:*
>> I've just realised why sometimes my playbook fills the template with 
>> false data
>>
>> This happens, when the instance is in my VPC subnet (with internet 
>> gateway), while in configuration there is *NAT route table on the system 
>> level*, then *reguest to the internet goes through NAT instance *and the 
>> AWS response is *covered.*
>> Then the* NAT_instance facts *are *returned*, NOT the current_instance 
>> facts about.
>>
>>
>> *THE DEBUGGING:*
>>
>> If You look into the code, the ec2_facts fetch a bunch of requests to
>>
>> 'http://169.254.169.254/latest/meta-data'
>>
>>
>> in Example:
>>
>> curl http://169.254.169.254/latest/meta-data/local-ipv4
>> *172.16.0.200*
>>
>>
>> while* real data* is
>>
>> eth0: ***
>> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>>
>>
>> THE INSTANCE CONFIGURATION:
>>
>> $ ip r
>> default via 172.16.0.200 dev eth0 
>> 172.16.0.0/24 dev eth0  proto kernel  scope link  src 172.16.0.110 
>> 172.16.0.0/16 via 172.16.0.1 dev eth0 
>>
>>$ ip a 
>>
>> eth0: ***
>> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>>
>>
>>
>> If You keep remote files, You can check it Yourself
>>
>> export ANSIBLE_KEEP_REMOTE_FILES=1
>>
>> and then 
>>
>> python 
>> /home/ubuntu/.ansible/tmp/ansible-tmp-1436872330.49-72199016469620/ec2_facts
>>
>> will return as one of the facts:
>> "ansible_ec2_local_ipv4": "172.16.0.200",
>> (or run a curl)
>>
>> curl http://169.254.169.254/latest/meta-data/local-ipv4
>>
>>
>> *THE CURRENT WORKAROUND:*
>>
>>1. do NOT use (in *roles *nor *tasks*)
>>   1. - action: ec2_facts
>>   2. DRAWBACKS:
>>  1. You will not have some variables available (*ansible_ec2_* 
>>  will be unavailable)*
>>  2. You will have only *ec2_* facts *from you LOCAL* inventory 
>>  cache (ec2.py* if I'm correct now)
>>  3. If You add in playbook ("gather_facts: True") then You can 
>>  also use *ansible_* facts *gathered by *setup.py* module
>> 1. so instead of *ansible_ec2_local_ipv4* You can use 
>> *ansible_eth0['ipv4]['address']*
>>  4. *BUT* this can bring some problems when You have a role, 
>>  that expects some vatiable (example: ansible_hostname), but in the 
>> playbook 
>>  You have disabled system fact gathering  ("gather_facts: 
>>  False") - You will have to be carefull
>>  5. *OR* You would like to access some AWS variable, independent 
>>  form Your LOCAL cache
>>   2. configure you VPC routing tables so it will point to 
>>NAT-instance-interface, rather than IP address
>>   1. 0.0.0.0/0  eni-xxx / i-xxx
>>   1. instead of:
>>  1. 0.0.0.0/0  igw-z  + system routing tabl

[ansible-project] Re: ansible ec2_facts returns false data (if there is NAT on the system level; This is ok if You use AWS router interface gateway)

[Igor Cicimov]

I'm using Ansible with AWS VPC's, where most of them have public and 
private subnets, and have never had the problem you are seeing. This is 
definitely a misconfiguration on your side and nothing to do with Ansible. 
The ec2_facts is doing the right thing, there is no other way of collecting 
data except querying the meta-data repository which is what the AWS CLI 
tools do anyway. Meaning you will get wrong data using AWS CLI as well. 
Don't forget you are in the cloud and your networking is configured in the 
hypervisor/SDN level and NOT on instance level. Meaning you can create as 
many network interfaces as you want on instance level and set IP's on those 
but none of them will work since you have bypassed the SDN and there is no 
record of those in the meta-data repository. Which finally means that 
collecting facts on the instance locally really means nothing if those 
values don't match what is in the meta-data repository.

Now that we have that cleared, lets move to your problem, which looks to me 
is AWS routing tables. Or more specific the lack of those. For an instance 
to be in a private subnet it needs separate routing table from the VPC's 
default one (which has IGW created for you when the VPC was created) that 
has the NAT instance as IGW (internet gateway). And that is all you need, 
you don't have to set any routing tables on the system level, the SDN will 
route the traffic for you.
 
Hope this makes sense. Since you haven't provided any info about your 
subnets, routing tables, ACL's etc. this is more of a guess what's going on 
so please correct my assumptions if needed.

Thanks,
Igor

On Tuesday, July 14, 2015 at 10:16:49 PM UTC+10, sirkubax wrote:
>
> *THE PROBLEM:*
> I've just realised why sometimes my playbook fills the template with false 
> data
>
> This happens, when the instance is in my VPC subnet (with internet 
> gateway), while in configuration there is *NAT route table on the system 
> level*, then *reguest to the internet goes through NAT instance *and the 
> AWS response is *covered.*
> Then the* NAT_instance facts *are *returned*, NOT the current_instance 
> facts about.
>
>
> *THE DEBUGGING:*
>
> If You look into the code, the ec2_facts fetch a bunch of requests to
>
> 'http://169.254.169.254/latest/meta-data'
>
>
> in Example:
>
> curl http://169.254.169.254/latest/meta-data/local-ipv4
> *172.16.0.200*
>
>
> while* real data* is
>
> eth0: ***
> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>
>
> THE INSTANCE CONFIGURATION:
>
> $ ip r
> default via 172.16.0.200 dev eth0 
> 172.16.0.0/24 dev eth0  proto kernel  scope link  src 172.16.0.110 
> 172.16.0.0/16 via 172.16.0.1 dev eth0 
>
>$ ip a 
>
> eth0: ***
> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>
>
>
> If You keep remote files, You can check it Yourself
>
> export ANSIBLE_KEEP_REMOTE_FILES=1
>
> and then 
>
> python 
> /home/ubuntu/.ansible/tmp/ansible-tmp-1436872330.49-72199016469620/ec2_facts
>
> will return as one of the facts:
> "ansible_ec2_local_ipv4": "172.16.0.200",
> (or run a curl)
>
> curl http://169.254.169.254/latest/meta-data/local-ipv4
>
>
> *THE CURRENT WORKAROUND:*
>
>1. do NOT use (in *roles *nor *tasks*)
>   1. - action: ec2_facts
>   2. DRAWBACKS:
>  1. You will not have some variables available (*ansible_ec2_* 
>  will be unavailable)*
>  2. You will have only *ec2_* facts *from you LOCAL* inventory 
>  cache (ec2.py* if I'm correct now)
>  3. If You add in playbook ("gather_facts: True") then You can 
>  also use *ansible_* facts *gathered by *setup.py* module
> 1. so instead of *ansible_ec2_local_ipv4* You can use 
> *ansible_eth0['ipv4]['address']*
>  4. *BUT* this can bring some problems when You have a role, that 
>  expects some vatiable (example: ansible_hostname), but in the 
> playbook You 
>  have disabled system fact gathering  ("gather_facts: False") - 
>  You will have to be carefull
>  5. *OR* You would like to access some AWS variable, independent 
>  form Your LOCAL cache
>   2. configure you VPC routing tables so it will point to 
>NAT-instance-interface, rather than IP address
>   1. 0.0.0.0/0  eni-xxx / i-xxx
>   1. instead of:
>  1. 0.0.0.0/0  igw-z  + system routing tables
>   2. Then You do not have to override the routing table on the system 
>   level
>   3. You rely on AWS Router
>   4. DRAWBACKS
>  1. You will have to change the routing table in the VPC, 
>  pointing to other phisical interface, when Your NAT instance will 
> shut down
> 1. vs
>  2. If kept with system routing table, You will lunch new 
>  NAT-instance with "old IP address" attached
>   
> *QUESTIONS / CONCLUSION:*
>
>1. Be aware about ec2_facts limitation
>2. If possible - rely on Amazon Routing Table
>1. How Y

[ansible-project] Run Docker container as ordinary user

[Igor Cicimov]

sudo: false

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fc109657-9e33-4fa5-aaf3-62391cc96db5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error provisioning RDS instance

[Guy Knights]

I'm getting the following error when I use the rds module:

failed: [localhost] => {"failed": true, "parsed": false}
Traceback (most recent call last):
  File 
"/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
line 2822, in 
main()
  File 
"/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
line 1012, in main
invocations[module.params.get('command')](module, conn)
  File 
"/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
line 645, in create_db_instance
result = conn.get_db_instance(instance_name)
  File 
"/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
line 415, in get_db_instance
raise e
boto.exception.JSONResponseError: JSONResponseError: 400 Bad Request
{'RequestId': '673d1f59-2a74-11e5-af29-2dbda5511805', 'Error': {'Message': 
'The parameter Filter: db-instance-id is not a valid identifier. 
Identifiers must begin with a letter; must contain only ASCII letters, 
digits, and hyphens; and must not end with a hyphen or contain two 
consecutive hyphens.', 'Code': 'InvalidParameterValue', 'Type': 'Sender'}}


FATAL: all hosts have already failed -- aborting

The task config is as follows:

- name: provision rds master
  rds:
command: create
instance_name: "{{ wl_name }}_db_master"
db_engine: MySQL
db_name: "{{ db_name }}"
instance_type: db.m3.large
username: "{{ db_username }}"
password: "{{ wl_name}}_db_password"
size: 50
wait: yes
wait_timeout: 600
multi_zone: no
subnet: "{{ wl_name }}-rds-sg"
tags:
  Application: "{{ wl_name }}"
  Environment: prod
region: us-west-1

I guess it's a problem with the lookup to check if the instance already 
exists, but I'm not sure what it's supposed to be using as the lookup 
parameter. Does anyone know why it's wrong, and how to fix it?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e53b3903-c082-4fd2-8336-cd2a7a89e09d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Reset vars between plays on same host

[Nick Tkach]

Is there a way to somehow "reset" variables in-between plays?  What I'm 
trying to do is make a playbook that creates my standard tomcat instance 
layout.

So given the setup below, as I understand it you'd have "app" files 
group_vars where you could set whatever things specific to that app 
instance like port.  Then you'd have in the 
roles/tomcat-7/defaults/main.yml some default values for everything with 
the idea you'd set what you actually care about in the top level 
group_vars/app1.yml and app2.yml such as port number for that specific 
app.  Then you use an inventory file for a given environment (such as 
dev.hosts) to "hook" together a given app with a given group of host(s).  
Then you call ansible-playbook passing in the inventory file you care about 
right now (such as dev.hosts), the top level playbook (such as 
tomcat7servers.yml),  Then Ansible would iterate through the playbook ( 
tomcat7servers.yml in this case), taking the group_vars/myapp1 and run the 
tomcat-7 role on the myapp1 group of hosts.  Then the same for myapp2.

That much seems like it works, but the problem I get is that there doesn't 
seem to be a way to say ok, this time around I don't want to do both myapp1 
and myapp2.  I want to limit to just myapp2.  I've tried doing something 
like

ansible-playbook -i dev.hosts tomcat7servers.yml --limit=myapp2

but it picks up both.  Not only that but unless I re-define values from the 
myapp1 "run" it keeps the values from myapp1 when it hits myapp2.  This 
usually suggests I'm not "getting" something about how Ansible models 
things.  What am I "missing" about this picture?  I want to be able to run 
something like I gave above there and have a tomcat 7 on appsvr1.internal 
created that has totally default except for the values explicitly set in 
group_vars/myapp1 and another tomcat 7 on that same box that has totally 
default values except for what's explcitly set in group_vars/myapp2.

/usr/local/apache-tomcat-7.0.51   (where this is just a totally plain tar 
xzf of a tarball off Apache's site extracted as root so it's *NOT* writable)

Then the tomcat instances (owned by app user such as tcadm):
/appl/app1/
then under that
/bin
/conf/
/webapps
and so on


/appl/appt2/
same setup as app1 here, but different ports, different instance name


So, trying to extrapolate from Ansible best practices in the documentation 
the local "repo" is something like this

roles/tomcat-7/defaults/main.yml (where you'd set things you don't normally 
care about overriding like maxAjpThreads but you *could* override what's in 
the group_vars top level)
roles/tomcat-7/tasks
roles/tomcat-7/templates
and so on

group_vars/ (where you'd have yml files with the values for a given 
app-such as myapp1.yml, myapp2.yml)
(example myapp1.yml)
ajpPort: 8109
httpPort: 8180
instanceName: myapp1
(example myapp2.yml)
ajpPort: 8209
httpPort: 8280
instanceName: myapp2



dev.hosts (which would match up group_names (such as myapp1 and myapp2) to 
actual hosts in dev environment)
(example dev.hosts)
[myapp1]
appsvr1.dev

[myapp2]
appsvr1.dev

tomcat7servers.yml ("matching" groups for the inventory to actual roles)
- hosts: myapp1
  become_user: tomcat
  roles:
  - tomcat-7
  tasks:
  - include_vars: group_vars/myapp1.yml

- host: myapp2
  become_user: tomcat
  roles:
  - tomcat-7
  tasks:
  - include_vars: group_vars/myapp2.yml



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fb7f72cc-5e29-4164-8bfd-121f49aabaeb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Trouble with Windows modules

[anthony pangan]

I ended up downgrading to 1.9.1 via yum and all is well in the world.
Thanks all.

On Mon, Jul 13, 2015 at 3:11 AM, Guillaume Querso 
wrote:

> have you tried to downgrade to stable version 1.9.2? i also had troubles
> with ansible's modules on version 2.0
>
>
> Le samedi 11 juillet 2015 01:39:27 UTC+1, anthony pangan a écrit :
>>
>> Hi all,
>>
>> I'm a complete no0b with Ansible, so sorry if I'm overlooking anything
>> obvious. It seems that arguments I'm sending to Windows modules are not
>> being acknowledged. With win_chocolatey, I'm getting a "missing required
>> arguments: name" error. Similarly this occurs with win_msi, but with the
>> path argument. Running win_ping returns successfully, so I am able to
>> execute remote commands on the client via Ansible.
>>
>> $ ansible windows - -i production -m win_chocolatey -a name=atom
>>> Using  as config file
>>>  ESTABLISH WINRM CONNECTION FOR USER: win_user on PORT 5986
>>> TO win_client
>>>  EXEC (New-Item -Type Directory -Path $env:temp -Name
>>> "ansible-tmp-1436569974.94-109882179190252").FullName | Write-Host
>>> -Separator '';
>>>  PUT /tmp/tmp0a8PHo TO
>>> C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436569974.94-109882179190252\\win_chocolatey
>>>  EXEC PowerShell -NoProfile -NonInteractive -ExecutionPolicy
>>> Unrestricted -File
>>> "C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436569974.94-109882179190252\\win_chocolatey.ps1";
>>> Remove-Item
>>> "C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436569974.94-109882179190252\"
>>> -Force -Recurse;
>>> win_client | FAILED! => {u'msg': u'missing required argument: name',
>>> u'failed': True, u'changed': False, u'invocation': {u'module_name':
>>> u'win_chocolatey', u'module_args': {u'name': u'atom'}}}
>>
>>
>>> $ ansible windows -vvv -i production -m win_msi -a
>>> path=C:\\Temp\\some_msi.msi
>>> Using  as config file
>>>  ESTABLISH WINRM CONNECTION FOR USER: win_user on PORT 5986
>>> TO win_client
>>>  EXEC (New-Item -Type Directory -Path $env:temp -Name
>>> "ansible-tmp-1436570331.32-112559327157120").FullName | Write-Host
>>> -Separator '';
>>>  PUT /tmp/tmpypj083 TO
>>> C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436570331.32-112559327157120\\win_msi
>>>  EXEC PowerShell -NoProfile -NonInteractive -ExecutionPolicy
>>> Unrestricted -File
>>> "C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436570331.32-112559327157120\\win_msi.ps1";
>>> Remove-Item
>>> "C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436570331.32-112559327157120\"
>>> -Force -Recurse;
>>> win_client | FAILED! => {u'msg': u'missing required arguments: path',
>>> u'failed': True, u'changed': False, u'invocation': {u'module_name':
>>> u'win_msi', u'module_args': {u'path': u'C:\\Temp\\some_msi.msi'}}}
>>>
>>> ansible windows -vvv -i production -m win_ping
>>> Using  as config file
>>>  ESTABLISH WINRM CONNECTION FOR USER: win_user on PORT 5986
>>> TO win_client
>>>  EXEC (New-Item -Type Directory -Path $env:temp -Name
>>> "ansible-tmp-1436570360.66-113839788381177").FullName | Write-Host
>>> -Separator '';
>>>  PUT /tmp/tmp73P19o TO
>>> C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436570360.66-113839788381177\\win_ping
>>>  EXEC PowerShell -NoProfile -NonInteractive -ExecutionPolicy
>>> Unrestricted -File
>>> "C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436570360.66-113839788381177\\win_ping.ps1";
>>> Remove-Item
>>> "C:\Users\win_user\AppData\Local\Temp\ansible-tmp-1436570360.66-113839788381177\"
>>> -Force -Recurse;
>>> win_client | SUCCESS => {
>>> "invocation": {
>>> "module_name": "win_ping",
>>> "module_args": {}
>>> },
>>> "changed": false,
>>> "ping": "pong"
>>> }
>>
>>
>> ansible --version
>> ansible 2.0.0 (devel a9712bb0fb) last updated 2015/07/09 15:18:10 (GMT
>> -700)
>>   lib/ansible/modules/core: (detached HEAD 8257053756) last updated
>> 2015/07/09 15:18:15 (GMT -700)
>>   lib/ansible/modules/extras: (detached HEAD 639902ff20) last updated
>> 2015/07/09 15:18:20 (GMT -700)
>>   v1/ansible/modules/core: (detached HEAD f8d8af17cd) last updated
>> 2015/07/09 15:18:24 (GMT -700)
>>   v1/ansible/modules/extras: (detached HEAD 495ad450e5) last updated
>> 2015/07/09 15:18:29 (GMT -700)
>>   configured module search path = None
>>
>> Controller: CentOS 6.6
>> Windows Host: Windows 7 SP1
>>
>> Thanks in advanced!
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/28ca6902-30f3-45ff-951d-94f1e43ab3a0%40googlegroups.com
> 
> .
>
> For more options, visit https://group

[ansible-project] Re: Secret hostvars... how to deal with them?

[Jaime Bermudez]

We've had success storing secret variables in s3 YAML files and using 
include_vars to process them where needed.

- Jaime

On Tuesday, July 14, 2015 at 7:12:50 AM UTC-4, Adam Flinton wrote:
>
> Dear All,
>
> At the moment we are encrypting all of our host vars with git-crypt as a 
> few contain secret information.
>
> This is a pain as only a few people need the encrypted parts of the few 
> encrypted files but it means all people who use ansible etc have to have 
> git-crypt set up & working etc.etc.
>
> So I would like to find out some way in which just the values which need 
> to be encrypted can be pulled out into separate files & encrypted.
>
> I see from:
>
> http://docs.ansible.com/intro_inventory.html
>
> That a host/group var file can be replaced with a folder & then 
>
> "As an advanced use-case, you can create directories named after your 
> groups or hosts, and Ansible will read all the files in these directories"
>
> Such that I could have a file called notsecret & another called secret.key 
> & tell git-crypt just to encrypt "*.key" files.
>
> That way people using instances/roles etc with no secret info could still 
> use host/group vars  w/o gitcrypt
>
> At the moment this seems like the best plan.but any other suggestions 
> would be welcome.
>
> For example can a hostvar file perform an inclusion along the lines of 
> including something akin to
>
> vars_files:
>   - [ 'files/vars/{{ inventory_host }}.yml','files/vars/default.yml' ]
>
> ?
>
> TIA
>
> Adam
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c9831fc9-25ee-42f8-9d47-204c77931801%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: dynamic json syntax issue

[Phill Pafford]

Hardcoding this works:

{
  "text": "my value here"
}

On Tuesday, July 14, 2015 at 12:32:25 PM UTC-4, Phill Pafford wrote:
>
> I'm trying to dynamically create the JSON response needed for my REST 
> request, I can hard code the JSON var and it works but when I add a 
> variable it fails.
>
>
> - name: add ssh key to stash via api
>   uri:
> url: "{{stash_api_url}}"
> user: "{{stash_username}}"
> password: "{{stash_password}}"
> force_basic_auth: yes
> method: POST
> body: '''{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}'''
> body_format: json
> status_code: 201,409
> HEADER_Content-Type: "application/json"
> register: ssh_key_added_to_stash
> when: stash_ansible_ssh_key_contents.stdout != -1
>
>
> tried:
>
> - body: '{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}'
>
> - body: ''{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}''
>
> - body: '''{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}'''
>
>
> if I reverse the single and double quotes there is still an issue
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/06295d5d-4ca1-410b-90cc-fd1a7c30a6cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] dynamic json syntax issue

[Phill Pafford]

I'm trying to dynamically create the JSON response needed for my REST 
request, I can hard code the JSON var and it works but when I add a 
variable it fails.


- name: add ssh key to stash via api
  uri:
url: "{{stash_api_url}}"
user: "{{stash_username}}"
password: "{{stash_password}}"
force_basic_auth: yes
method: POST
body: '''{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}'''
body_format: json
status_code: 201,409
HEADER_Content-Type: "application/json"
register: ssh_key_added_to_stash
when: stash_ansible_ssh_key_contents.stdout != -1


tried:

- body: '{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}'

- body: ''{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}''

- body: '''{"text":"{{stash_ansible_ssh_key_contents.stdout}}"}'''


if I reverse the single and double quotes there is still an issue


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/38a00239-26f8-4d65-9d65-06085f4cf59d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Inventory and group_vars layout advice

[Quentin Stafford-Fraser]

Nice concept.

If you prefer not to mix python and bash, you could create a common_vars.py 
instead. Something like:

#! /usr/bin/env python

import os, sys, yaml, json
srcfile = os.path.abspath(os.path.join(os.path.dirname(sys.argv[0]), '..', 
'common_vars.yml'))
with open(srcfile) as f:
json.dump({"all": {"vars": yaml.load(f) } }, sys.stdout, indent=4)


Remember to make it executable with chmod +x as with the bash script.

 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/396f-1fc8-4dbd-9b89-2a2e5fd746b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Run Docker container as ordinary user

[Sinead Eliade]

I would like to run a docker container from an ordinary user (not root).

  - name: Install ipython/scipyserver
remote_user marcel
docker:
  name: mycontainer
  image: ipython/scipyserver
  state: reloaded
  pull: always

But when I look the processus (ps aux) I see that the docker processus 
still belongs to root and not to marcel.

Any help is welcome.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/343e21cd-0c11-4afb-8d99-1fd1c19bf297%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Inventory and group_vars layout advice

[Hagai Kariti]

Hm, can't think of something. I think we must have ansible pass it as an
environment variable for the script to use.

On Tue, Jul 14, 2015 at 3:24 PM Tom Paine  wrote:

> This has worked incredibly well in practice. We've deduped all our
> variables and only have a handful of inventory specific vars. Perfect.
>
> Any idea how this might be extended to use ansible-vault encrypted files?
>
> Is the vault-password put into somewhere accessible, so that a modified
> script could do the same JSON-ification as it does with the clear YAML vars?
>
>
> On Monday, June 29, 2015 at 6:30:55 PM UTC+1, Hagai Kariti wrote:
>>
>> Thanks for sharing! Glad I could help. :)
>>
>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/T9RWNQbLRWs/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7491dcf2-4674-4f1b-be13-399ce4d9ca30%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmGvTzEfcrkOFa1XFBkx2ZYu_dZ-R4ZpiB%2Bt%3DrjQCjV_SQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: unabel to use pipelining on centos 6.6 -> amazon linux

[Alex Leonhardt]

So someone on irc pointed me at the Default !requiretty ... done that too - 
same problem.

Alex

On Tuesday, 14 July 2015 11:55:26 UTC+1, Alex Leonhardt wrote:
>
> Hi guys,
>
> I've been trying to use pipelining to make use of ControlPersist etc. - 
> however - ansible is failing to run the play due to asking for the sudo 
> password (?) which I already gave (I verified it works): 
>
> $ time ansible-playbook -i ./inventory --user ec2-user -b 
> --ask-become-pass play.yml -
>
> SUDO password:
>
> PLAY [*] 
> 
>
> GATHERING FACTS 
> ***
> <> ESTABLISH CONNECTION FOR USER: ec2-user
> <***hostnamegoeshere***> REMOTE_MODULE setup
> <***hostnamegoeshere***> EXEC ssh -C -vvv -F ssh_config -o 
> StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
> -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 
> ***hostnamegoeshere*** /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via 
> ansible, key=kayjxhclpvxspztayzfyvgilpiefprue] password: " -u root /bin/sh 
> -c '"'"'echo BECOME-SUCCESS-kayjxhclpvxspztayzfyvgilpiefprue; 
> LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'"'"''
> fatal: [***hostnamegoeshere***] => ssh connection error while waiting for 
> sudo password prompt
>
> TASK: [debug msg="hello there"] 
> ***
> FATAL: no hosts matched or all hosts have already failed -- aborting
>
>
> PLAY RECAP 
> 
>to retry, use: --limit @/home/vagrant/play.retry
>
> ***hostnamegoeshere*** : ok=0changed=0unreachable=1failed=0
>
>
> real 0m16.008s
> user 0m0.191s
> sys 0m0.661s
>
> $ cat ansible.cfg
> [defaults]
> host_key_checking = False
>
> [ssh_connection]
> pipelining = True
> ssh_args = -F ssh_config
> #control_path = %(directory)s/%%h-%%r
>
> $ cat ~/.ssh/config
> Host *
> ControlMaster auto
> ControlPath /tmp/.ssh-%r@%h:%p
> ControlPersist 60
>
> $ ssh -V
> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
>
> $ rpm -qa | grep openssh
> openssh-clients-5.3p1-104.el6_6.1.x86_64
> openssh-server-5.3p1-104.el6_6.1.x86_64
> openssh-5.3p1-104.el6_6.1.x86_64
>
> $cat play.yml
>
> ---
> - name: test play
>   hosts: hostnamegoeshere
>   sudo: yes
>   tasks:
> - debug: msg="hello there"
>
>
> Anyone got any ideas why this is not working ? A normal play currently 
> seems to take ~20minutes to complete -- I've also got a fabric file that 
> copys over the directory,etc. and runs ansible locally which runs in 
> ~1minute ... 
>
> All / any help would be very appreciated.
>
> Thanks!
> Alex
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/74806e4e-f6a1-43d2-8513-fb4fda337fb5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Inventory and group_vars layout advice

[Tom Paine]

This has worked incredibly well in practice. We've deduped all our 
variables and only have a handful of inventory specific vars. Perfect.

Any idea how this might be extended to use ansible-vault encrypted files?

Is the vault-password put into somewhere accessible, so that a modified 
script could do the same JSON-ification as it does with the clear YAML vars?

On Monday, June 29, 2015 at 6:30:55 PM UTC+1, Hagai Kariti wrote:
>
> Thanks for sharing! Glad I could help. :)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7491dcf2-4674-4f1b-be13-399ce4d9ca30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible ec2_facts returns false data (if there is NAT on the system level; This is ok if You use AWS router interface gateway)

[sirkubax]

*THE PROBLEM:*
I've just realised why sometimes my playbook fills the template with false 
data

This happens, when the instance is in my VPC subnet (with internet 
gateway), while in configuration there is *NAT route table on the system 
level*, then *reguest to the internet goes through NAT instance *and the 
AWS response is *covered.*
Then the* NAT_instance facts *are *returned*, NOT the current_instance 
facts about.


*THE DEBUGGING:*

If You look into the code, the ec2_facts fetch a bunch of requests to

'http://169.254.169.254/latest/meta-data'


in Example:

curl http://169.254.169.254/latest/meta-data/local-ipv4
*172.16.0.200*


while* real data* is

eth0: ***
inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0


THE INSTANCE CONFIGURATION:

$ ip r
default via 172.16.0.200 dev eth0 
172.16.0.0/24 dev eth0  proto kernel  scope link  src 172.16.0.110 
172.16.0.0/16 via 172.16.0.1 dev eth0 

   $ ip a 

eth0: ***
inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0



If You keep remote files, You can check it Yourself

export ANSIBLE_KEEP_REMOTE_FILES=1

and then 

python 
/home/ubuntu/.ansible/tmp/ansible-tmp-1436872330.49-72199016469620/ec2_facts

will return as one of the facts:
"ansible_ec2_local_ipv4": "172.16.0.200",
(or run a curl)

curl http://169.254.169.254/latest/meta-data/local-ipv4


*THE CURRENT WORKAROUND:*

   1. do NOT use (in *roles *nor *tasks*)
  1. - action: ec2_facts
  2. DRAWBACKS:
 1. You will not have some variables available (*ansible_ec2_* will 
 be unavailable)*
 2. You will have only *ec2_* facts *from you LOCAL* inventory 
 cache (ec2.py* if I'm correct now)
 3. If You add in playbook ("gather_facts: True") then You can also 
 use *ansible_* facts *gathered by *setup.py* module
1. so instead of *ansible_ec2_local_ipv4* You can use 
*ansible_eth0['ipv4]['address']*
 4. *BUT* this can bring some problems when You have a role, that 
 expects some vatiable (example: ansible_hostname), but in the playbook 
You 
 have disabled system fact gathering  ("gather_facts: False") - You 
 will have to be carefull
 5. *OR* You would like to access some AWS variable, independent 
 form Your LOCAL cache
  2. configure you VPC routing tables so it will point to 
   NAT-instance-interface, rather than IP address
  1. 0.0.0.0/0  eni-xxx / i-xxx
  1. instead of:
 1. 0.0.0.0/0  igw-z  + system routing tables
  2. Then You do not have to override the routing table on the system 
  level
  3. You rely on AWS Router
  4. DRAWBACKS
 1. You will have to change the routing table in the VPC, pointing 
 to other phisical interface, when Your NAT instance will shut down
1. vs
 2. If kept with system routing table, You will lunch new 
 NAT-instance with "old IP address" attached
  
*QUESTIONS / CONCLUSION:*

   1. Be aware about ec2_facts limitation
   2. If possible - rely on Amazon Routing Table
   1. How You prevent SPOF in Your VPC subnets?
  2. What is Your best-practise to configure VPC subnet (private and 
  public), so they have internet outside access (for github, apt), and are 
  still safe without SPOF that is NAT-instance?
   



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e901c654-1d06-46c2-8c7b-09253c96d235%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] URL module can not use body from role task

[Phill Pafford]

DOH! Thanks that helped! still doesn't solve my issue but at least it does 
solve it executing

On Monday, July 13, 2015 at 7:27:07 PM UTC-4, Brian Coca wrote:
>
> indent everything after uri, up to register (non inclusive). 
>
>
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/500589fc-a39c-4a13-9636-4765426cb1db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Create directories based on inventory_hostname with with_items

[Brian Coca]

bad mustache handling

 with_items: "{{enabled_sites[inventory_hostname]}}"



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mv9RH%3DBRLvRuNEmJHOxPy3NkQrob04tPnFQPVYBRe3zA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Secret hostvars... how to deal with them?

[Adam Flinton]

Dear All,

At the moment we are encrypting all of our host vars with git-crypt as a 
few contain secret information.

This is a pain as only a few people need the encrypted parts of the few 
encrypted files but it means all people who use ansible etc have to have 
git-crypt set up & working etc.etc.

So I would like to find out some way in which just the values which need to 
be encrypted can be pulled out into separate files & encrypted.

I see from:

http://docs.ansible.com/intro_inventory.html

That a host/group var file can be replaced with a folder & then 

"As an advanced use-case, you can create directories named after your 
groups or hosts, and Ansible will read all the files in these directories"

Such that I could have a file called notsecret & another called secret.key 
& tell git-crypt just to encrypt "*.key" files.

That way people using instances/roles etc with no secret info could still 
use host/group vars  w/o gitcrypt

At the moment this seems like the best plan.but any other suggestions 
would be welcome.

For example can a hostvar file perform an inclusion along the lines of 
including something akin to

vars_files:
  - [ 'files/vars/{{ inventory_host }}.yml','files/vars/default.yml' ]

?

TIA

Adam

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4dfa149c-7ccc-44ef-acc9-4ca9f8449d25%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Create directories based on inventory_hostname with with_items

[Tunghsiao Liu]

Hello,

I'm trying to creating directories based on different inventory_hostname 
with with_items but it seems doesn't work:

in hosts:

[website-static-pages]
server1
server2


in vars.yml:

enabled_sites:
  server1:
- website1.com
- website2.com
- website3.com
  server2:
- website4.com
- website5.com


in task.yml:

- name: create site public directories
  file: path=/srv/www/{{ item }}/public_html/ state=directory
  with_items: enabled_sites["{{ inventory_hostname }}"]


It seems that this syntax doesn't work with Ansible,  any idea?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bd763202-0ce1-4bf5-8a68-56ff0e7f2395%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] unabel to use pipelining on centos 6.6 -> amazon linux

[Alex Leonhardt]

Hi guys,

I've been trying to use pipelining to make use of ControlPersist etc. - 
however - ansible is failing to run the play due to asking for the sudo 
password (?) which I already gave (I verified it works): 

$ time ansible-playbook -i ./inventory --user ec2-user -b --ask-become-pass 
play.yml -

SUDO password:

PLAY [*] 


GATHERING FACTS 
***
<> ESTABLISH CONNECTION FOR USER: ec2-user
<***hostnamegoeshere***> REMOTE_MODULE setup
<***hostnamegoeshere***> EXEC ssh -C -vvv -F ssh_config -o 
StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 
***hostnamegoeshere*** /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via 
ansible, key=kayjxhclpvxspztayzfyvgilpiefprue] password: " -u root /bin/sh 
-c '"'"'echo BECOME-SUCCESS-kayjxhclpvxspztayzfyvgilpiefprue; 
LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'"'"''
fatal: [***hostnamegoeshere***] => ssh connection error while waiting for 
sudo password prompt

TASK: [debug msg="hello there"] 
***
FATAL: no hosts matched or all hosts have already failed -- aborting


PLAY RECAP 

   to retry, use: --limit @/home/vagrant/play.retry

***hostnamegoeshere*** : ok=0changed=0unreachable=1failed=0


real 0m16.008s
user 0m0.191s
sys 0m0.661s

$ cat ansible.cfg
[defaults]
host_key_checking = False

[ssh_connection]
pipelining = True
ssh_args = -F ssh_config
#control_path = %(directory)s/%%h-%%r

$ cat ~/.ssh/config
Host *
ControlMaster auto
ControlPath /tmp/.ssh-%r@%h:%p
ControlPersist 60

$ ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

$ rpm -qa | grep openssh
openssh-clients-5.3p1-104.el6_6.1.x86_64
openssh-server-5.3p1-104.el6_6.1.x86_64
openssh-5.3p1-104.el6_6.1.x86_64

$cat play.yml

---
- name: test play
  hosts: hostnamegoeshere
  sudo: yes
  tasks:
- debug: msg="hello there"


Anyone got any ideas why this is not working ? A normal play currently 
seems to take ~20minutes to complete -- I've also got a fabric file that 
copys over the directory,etc. and runs ansible locally which runs in 
~1minute ... 

All / any help would be very appreciated.

Thanks!
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/15127bd1-51d2-4d5b-b37c-218779c9d07e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] skip task check mode

[José Coelho]

Hello,

I'm trying to run a playbook in the flags --check, however I'm having an 
issue:

- name: ntp - Configure ntp
>
>   template: src=etc/ntp.conf.j2 dest=/etc/ntp.conf
>
>   notify:
>
>   - ntp - restart ntp
>
>
>> - name: ntp - Enable ntp
>
>   service: name=ntp state=running enabled=yes
>
>
If I try to register a variable, even in check mode template will report 
changed and since ntp isnt installed, service will fail:

> msg: no service or tool found for: ntp
>

ansible --version

ansible 1.9.1

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0b9aa315-6493-4bf7-9f70-1017bf36712b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.