Re: [ansible-project] Re: Error provisioning RDS instance

[Guy Knights]

Ahhh.thank you! That was the issue after all. I changed the instance
name and it fixed the problem. I was confused because it was talking about
parameter filters.

Thanks again,
Guy

On Wed, Jul 15, 2015 at 10:15 AM, Baraa Basata  wrote:

> The error message here is the RDS API, and it suggests to me that the
> instance_name contains invalid characters. The API response says that RDS
> instance identifiers must have "only ASCII letters, digits, and hyphens;
> and must not end with a hyphen or contain two consecutive hyphens".
>
> The underscore character that you have in the instance_name is not in that
> list of valid characters.
>
> -Baraa
>
>
> On Tuesday, July 14, 2015 at 6:23:45 PM UTC-4, Guy Knights wrote:
>>
>> I'm getting the following error when I use the rds module:
>>
>> failed: [localhost] => {"failed": true, "parsed": false}
>> Traceback (most recent call last):
>>   File
>> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds",
>> line 2822, in 
>> main()
>>   File
>> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds",
>> line 1012, in main
>> invocations[module.params.get('command')](module, conn)
>>   File
>> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds",
>> line 645, in create_db_instance
>> result = conn.get_db_instance(instance_name)
>>   File
>> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds",
>> line 415, in get_db_instance
>> raise e
>> boto.exception.JSONResponseError: JSONResponseError: 400 Bad Request
>> {'RequestId': '673d1f59-2a74-11e5-af29-2dbda5511805', 'Error':
>> {'Message': 'The parameter Filter: db-instance-id is not a valid
>> identifier. Identifiers must begin with a letter; must contain only ASCII
>> letters, digits, and hyphens; and must not end with a hyphen or contain two
>> consecutive hyphens.', 'Code': 'InvalidParameterValue', 'Type': 'Sender'}}
>>
>>
>> FATAL: all hosts have already failed -- aborting
>>
>> The task config is as follows:
>>
>> - name: provision rds master
>>   rds:
>> command: create
>> instance_name: "{{ wl_name }}_db_master"
>> db_engine: MySQL
>> db_name: "{{ db_name }}"
>> instance_type: db.m3.large
>> username: "{{ db_username }}"
>> password: "{{ wl_name}}_db_password"
>> size: 50
>> wait: yes
>> wait_timeout: 600
>> multi_zone: no
>> subnet: "{{ wl_name }}-rds-sg"
>> tags:
>>   Application: "{{ wl_name }}"
>>   Environment: prod
>> region: us-west-1
>>
>> I guess it's a problem with the lookup to check if the instance already
>> exists, but I'm not sure what it's supposed to be using as the lookup
>> parameter. Does anyone know why it's wrong, and how to fix it?
>>
>> Thanks,
>> Guy
>>
>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/xT1lOWalxYs/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3386be62-9541-4003-889b-02fee49e8826%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mtWmUpgyjS%2B%2B3PzYekLdz110SZAWL0zK9mig6Fak-czSw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How do I know pipelining is turned on?

[Yuri Niyazov]

thanks!

On Wed, Jul 15, 2015 at 2:19 PM, Brian Coca  wrote:
> wrong, -e is 'extra vars', it does not override configurations, it
> overrides variable values, pipelining is not a variable value.
>
>
>
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to a topic in the Google 
> Groups "Ansible Project" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/ansible-project/Jb36ftBqPmg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/CAJ5XC8m4GtqiOVWLUkv6yAv3Pet8ZfMY6RjO6SRZz5kJpciZ-A%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACbjG0sVENVEctkk4kLpEW_G0FPS9BnV5_zGc1kBNBQmdZwcoQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How do I know pipelining is turned on?

[Brian Coca]

wrong, -e is 'extra vars', it does not override configurations, it
overrides variable values, pipelining is not a variable value.



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8m4GtqiOVWLUkv6yAv3Pet8ZfMY6RjO6SRZz5kJpciZ-A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How do I know pipelining is turned on?

[Yuri Niyazov]

I created a github gist: https://gist.github.com/yn/4efebad9d72835318ab1

In it, you will see the results of executing two ansible-playbook commands:

ansible-playbook --user=ubuntu --connection=ssh --limit='p2' 
--inventory-file=/Users/yn/code/mine/provisioner/.vagrant/provisioners/ansible/inventory
 
- -e pipelining=False playbook.yml

and 

ansible-playbook --user=ubuntu --connection=ssh --limit='p2' 
--inventory-file=/Users/yn/code/mine/provisioner/.vagrant/provisioners/ansible/inventory
 
- -e pipelining=True playbook.yml

If I understand the documentation correctly, the -e option allows one to 
override the configuration variables from ansible.cfg on the command line. 

The outputs look identical except for various IDs that are generated 
randomly. How does one know if ansible is using the streaming pipe or not? 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/250c1cb7-c625-468c-b6d2-3232c1ad6d5c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] dynamic inventory script doesnt run under ansible, but a script that cats its output works just fine.

[Brian Coca]

This is one reason we removed homebrew from our instructions on how to
install ansible.

-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mkCCFsh7CwrrEoueME8D-n_xjoam2XiTXSqjUH%2BPkbZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] dynamic inventory script doesnt run under ansible, but a script that cats its output works just fine.

[pixel fairy]

turns out homebrew set that python path. running from git works as it 
should.

pixel$ cat `which ansible`
#!/bin/bash
PYTHONPATH="/usr/local/Cellar/ansible/1.9.2/libexec/lib/python2.7/site-packages:/usr/local/Cellar/ansible/1.9.2/libexec/vendor/lib/python2.7/site-packages"
 
exec "/usr/local/Cellar/ansible/1.9.2/libexec/bin/ansible" "$@"

On Wednesday, July 15, 2015 at 10:35:42 AM UTC-7, Brian Coca wrote:
>
> ansible is not responsible for the yaml version in this case, that 
> depens on your script, ansible just executes invenory scripts, it does 
> not even know if it is python, ruby or C, just that it is executable. 
>
> are you setting PYTHONPATH for ansible? in that case the env variable 
> would get inherited by the subprocess. 
>
>
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9976a12a-35ad-48fe-ab9b-978628120314%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How do I know pipelining is turned on?

[Brian Coca]

No idea what ansible.raw_arguments = ['-e pipelining=True'] does, but
setting pipeline to true in the ansible.cfg enables it ONLY for
connection plugins that support it.

This setting is not intended to have ansible execute less operations,
just allows it to use a streaming pipe instead of having to scp/sftp
everything over.

-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8khhC2dm-o3MQoG7By%2BpvOxqpxCW7PfMPeQ62wV9czMMQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How do I know pipelining is turned on?

[Yuri Niyazov]

I am trying to provision a machine on EC2 (I am provisioning it to be a 
management node for a larger fleet of machines, this is why it has Vagrant 
and Ansible installed on it) 

https://github.com/yn/provisioner


If I understand correctly, then the following line:

ansible.raw_arguments = ['-e pipelining=True']

should reduce the number of operations that ansible performs.

AFAICT the number of operations is the same with that line and without, and 
the output log between the two provisions looks identical, except for 
different temporary filenames and time-date differences. 

I double checked, and the machine that I am provisioning doesn't have 
"requiretty" in the /etc/sudoers file. You can test it yourself, the AMI is 
public. 

Any help is appreciated!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bbff9aa2-cda6-4ba1-a922-221d26d52041%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible OSError: [Errno 17] File exists: ...

[knacktus]

Hi guys,

I'm trying to build a directory structure on a *mounted nfs share*.

# delete existing redis_host_base_dir
- file: path=/mounted_nfs_share/redis/run{{ inventory_hostname }} state=
absent

# create redis_host_base_dir
- file: path=/mounted_nfs_share/redis/run{{ inventory_hostname }} state=
directory

These task are performed by several hosts, of course.

I'm getting the following error from the second run (the second host, I 
just renamed it here host2):

BECOME-SUCCESS-lyoxtbysjakpxkzrxiupq
Traceback (most recent call last):
  File "/tmp/ansible-tmp-1436984756.54-63840630166614/file", line 2005, in 

main()
  File "/tmp/ansible-tmp-1436984756.54-63840630166614/file", line 279, in 
main
os.mkdir(curpath)
OSError: [Errno 17] File exists: '/mounted_nfs_share/redis/run'
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to host2 closed.

Now, I've found some infos on the internet, but I'm not sure what's the 
real problem. Seems to be related to a race condition. 

I'm on Python 2.6.6 (quite restricted RHEL 6, so building a local Python 
didn't work out so far). Is this issue solved with later versions or 
unrelated to the Python version?

Might the network storage be the culprit?

Any thoughts or clues how to work around are highly appreciated.

Cheers,

Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/30e5fd68-0437-435d-8db3-ae5173f4d254%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to propagate changes to previously-applied tasks (e.g removing files, changing crons, etc)

[Brian Coca]

not really, since you could have 10 diff plays for adding cron,
ansible won't know about the other 9 when running 1, it is up to you
too keep track. I just normally create 1 off plays and put them in a
cleanup/ dir that i can rerun in case i suspect something was missed
or someone reran an old version.


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DvVsi_QjOE6GOF1uJD-9BYRZM%3DDRvHGV_eChT5AMHVdQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How to propagate changes to previously-applied tasks (e.g removing files, changing crons, etc)

[Andrew Martin]

Hello,

I have really enjoyed using Ansible to be able to completely template new 
servers that I set up, but one thing I have not yet figured out how to do 
in my workflow is deal with changes that occur after a playbook has been 
run on a server. For example, let's say that I have a cron task that 
creates a cron:

>  - name: create my cron
>cron: name="My Cron version 1.0" job=/usr/local/bin/cron.sh minute=1


I run the playbook on my servers and this cron is added to the crontab, 
good. However, later I decide to change the name, the job, or some other 
attribute. If I do that, Ansible will add a new entry to the crontab but 
leave this old one around. One solution would be to add a state=absent 
task, but that involves duplicating or adding some legacy code to my 
playbook:

>  - name: create my cron (old)
>cron: name="My Cron version 1.0" job=/usr/local/bin/cron.sh minute=1 
> state=absent
>
 

 - name: create my cron
>cron: name="My Cron version 1.1" job=/usr/local/bin/cron.sh minute=1


The best way to handle this that I can think of is:
1. review changes made to playbook, determine if they change any 
pre-existing files, crons, etc
2. if changes to pre-existing files are made, duplicate corresponding tasks 
and add a state=absent entry with the old names, run playbook to remove old 
data
3. remove duplicate tasks, commit changes to playbooks repository

Is there a better way for ansible to handle removing old data from a 
previous version of a playbook?

Thanks,

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c012bf3e-f4e8-48af-b804-c38aac142508%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] dynamic inventory script doesnt run under ansible, but a script that cats its output works just fine.

[Brian Coca]

ansible is not responsible for the yaml version in this case, that
depens on your script, ansible just executes invenory scripts, it does
not even know if it is python, ruby or C, just that it is executable.

are you setting PYTHONPATH for ansible? in that case the env variable
would get inherited by the subprocess.



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3D-QcQ6m4sx5pwb6p-_ZQ64JYRLpSj%2BEt9N0Vf7NygHvA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Error provisioning RDS instance

[Baraa Basata]

The error message here is the RDS API, and it suggests to me that the 
instance_name contains invalid characters. The API response says that RDS 
instance identifiers must have "only ASCII letters, digits, and hyphens; 
and must not end with a hyphen or contain two consecutive hyphens".

The underscore character that you have in the instance_name is not in that 
list of valid characters.

-Baraa

On Tuesday, July 14, 2015 at 6:23:45 PM UTC-4, Guy Knights wrote:
>
> I'm getting the following error when I use the rds module:
>
> failed: [localhost] => {"failed": true, "parsed": false}
> Traceback (most recent call last):
>   File 
> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
> line 2822, in 
> main()
>   File 
> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
> line 1012, in main
> invocations[module.params.get('command')](module, conn)
>   File 
> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
> line 645, in create_db_instance
> result = conn.get_db_instance(instance_name)
>   File 
> "/Users/guy/.ansible/tmp/ansible-tmp-1436911513.8-147068920945542/rds", 
> line 415, in get_db_instance
> raise e
> boto.exception.JSONResponseError: JSONResponseError: 400 Bad Request
> {'RequestId': '673d1f59-2a74-11e5-af29-2dbda5511805', 'Error': {'Message': 
> 'The parameter Filter: db-instance-id is not a valid identifier. 
> Identifiers must begin with a letter; must contain only ASCII letters, 
> digits, and hyphens; and must not end with a hyphen or contain two 
> consecutive hyphens.', 'Code': 'InvalidParameterValue', 'Type': 'Sender'}}
>
>
> FATAL: all hosts have already failed -- aborting
>
> The task config is as follows:
>
> - name: provision rds master
>   rds:
> command: create
> instance_name: "{{ wl_name }}_db_master"
> db_engine: MySQL
> db_name: "{{ db_name }}"
> instance_type: db.m3.large
> username: "{{ db_username }}"
> password: "{{ wl_name}}_db_password"
> size: 50
> wait: yes
> wait_timeout: 600
> multi_zone: no
> subnet: "{{ wl_name }}-rds-sg"
> tags:
>   Application: "{{ wl_name }}"
>   Environment: prod
> region: us-west-1
>
> I guess it's a problem with the lookup to check if the instance already 
> exists, but I'm not sure what it's supposed to be using as the lookup 
> parameter. Does anyone know why it's wrong, and how to fix it?
>
> Thanks,
> Guy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3386be62-9541-4003-889b-02fee49e8826%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to convert a dict into key-val args to be passed to a module

[Vineet Naik]

Thanks Brian, default(omit) works for me.

On Sunday, 12 July 2015 01:27:48 UTC+5:30, Brian Coca wrote:
>
> what you want is: 
>
> - name: Install using pip 
>   pip: name="{{ item.name}}" chdir="{{item.chdir|default(omit)}}" 
> virtualenv="{{item.virtualenv|default(omit)}}" 
>   with_items: pydeps 
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ee3f31fe-3f16-4d21-9b11-5aa8a8a842c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Adding OpenStack nova rebuild functionality

[Trevor Hartman]

Hi Allison, have you thought about getting this into the existing nova 
module?

On Monday, August 4, 2014 at 7:36:41 PM UTC-6, Allison Randal wrote:
>
> I'm working on adding nova rebuild functionality to Ansible's Cloud 
> Modules. At the moment I've got it working as a separate module named 
> nova_rebuild:
>
>
> https://github.com/allisonrandal/tripleo-ansible/blob/dce23e03ba12db507909b3d897fd9e0903e55387/library/cloud/nova_rebuild
>
> Would you rather have this functionality added to the nova_compute module? 
> (For example, running _rebuild_server instead of _create_server if 
> state=present and rebuild=yes, or something like that.)
>
> Thanks,
> Allison
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cfabf298-e011-4fca-8a94-62d609b3662e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Error with playbook, which should create user accounts and set authorized public keys

[Brian Coca]

that looks correct, very similar to what i was doing.

can you run with - and also - debug: var=users ?



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nHjJw68-oSACz3QaQErH7DfB6KQNdGEmCKc5C48GjQ7A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Could there be a way let me include all ansible playbook?

[Brian Coca]

it won't work with include, but you can do this in shell:

ansible-playbook *.yml --syntax-check

and yes, it should work with 3rd party modules


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3D9t2Vh13mznfgDjgknWncy9c7op1LYOk4AUH4z9EVC7A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: synchronize error

[John Scancella]

For anybody who is having the same problem, I wasn't creating the group. I 
do wish the error message was more helpful.

On Wednesday, July 15, 2015 at 10:19:07 AM UTC-4, John Scancella wrote:
>
> Hello,
>
> I am having trouble executing this playbook
>
> ---
> - hosts: chronam-servers
>   vars:
> SOLR_VERSION: 4.10.4
> SOLR_HOME: "/opt/solr"
>   tasks:
>   - name: download solr {{SOLR_VERSION}}
> get_url: dest=/tmp/solr-{{SOLR_VERSION}}.tgz url=
> http://archive.apache.org/dist/lucene/solr/{{SOLR_VERSION}}/solr-{{SOLR_VERSION}}.tgz
>
>   - name: untar solr {{SOLR_VERSION}}
> unarchive: src=/tmp/solr-{{SOLR_VERSION}}.tgz dest=/tmp 
> creates=/tmp/solr-{{SOLR_VERSION}}
>
>   - name: create solr user
> user: name=solr home={{SOLR_HOME}} shell=/bin/bash append=yes 
> state=present system=yes
> become: yes 
>
>   - name: copy example directory to {{SOLR_HOME}}
> synchronize: dest={{SOLR_HOME}} 
> src=/tmp/solr-{{SOLR_VERSION}}/example/ recursive=yes owner=solr group=solr 
> mode=0775
> delegate_to: "{{inventory_hostname}}"
> become: yes 
>
>   - name: Copy chronam config files
> copy: dest={{item.dest}} src={{item.src}} 
> with_items:
>   - { src: 'conf/schema.xml', dest: 
> "{{SOLR_HOME}}/solr/collection1/conf/schema.xml" }
>   - { src: 'conf/solrconfig.xml', dest: 
> "{{SOLR_HOME}}/solr/collection1/conf/solrconfig.xml" }
> become: yes 
>
>   - name: start solr
> service: name=jetty8 state=started
> become: yes 
>
> I am getting the error:
>
> PLAY [chronam-servers] 
>  
>
> GATHERING FACTS 
> *** 
> ok: [localhost]
>
> TASK: [download solr {{SOLR_VERSION}}] 
>  
> ok: [localhost]
>
> TASK: [untar solr {{SOLR_VERSION}}] 
> *** 
> ok: [localhost]
>
> TASK: [create solr user] 
> ** 
> ok: [localhost]
>
> TASK: [copy example directory to {{SOLR_HOME}}] 
> *** 
> failed: [localhost -> localhost] => {"failed": true}
> msg: Boolean solr not in either boolean list
>
> FATAL: all hosts have already failed -- aborting
>
> PLAY RECAP 
>  
>to retry, use: --limit @/home/ubuntu/solr.retry
>
> localhost  : ok=4changed=0unreachable=0   
>  failed=1   
>
>
> What does "Boolean solr not in either boolean list" mean? How do I fix it?
>
> Thanks
> John
>
>  
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/073a8e1a-f864-4830-a53f-2e1b83bcd778%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] synchronize error

[John Scancella]

Hello,

I am having trouble executing this playbook

---
- hosts: chronam-servers
  vars:
SOLR_VERSION: 4.10.4
SOLR_HOME: "/opt/solr"
  tasks:
  - name: download solr {{SOLR_VERSION}}
get_url: dest=/tmp/solr-{{SOLR_VERSION}}.tgz 
url=http://archive.apache.org/dist/lucene/solr/{{SOLR_VERSION}}/solr-{{SOLR_VERSION}}.tgz

  - name: untar solr {{SOLR_VERSION}}
unarchive: src=/tmp/solr-{{SOLR_VERSION}}.tgz dest=/tmp 
creates=/tmp/solr-{{SOLR_VERSION}}

  - name: create solr user
user: name=solr home={{SOLR_HOME}} shell=/bin/bash append=yes 
state=present system=yes
become: yes 

  - name: copy example directory to {{SOLR_HOME}}
synchronize: dest={{SOLR_HOME}} src=/tmp/solr-{{SOLR_VERSION}}/example/ 
recursive=yes owner=solr group=solr mode=0775
delegate_to: "{{inventory_hostname}}"
become: yes 

  - name: Copy chronam config files
copy: dest={{item.dest}} src={{item.src}} 
with_items:
  - { src: 'conf/schema.xml', dest: 
"{{SOLR_HOME}}/solr/collection1/conf/schema.xml" }
  - { src: 'conf/solrconfig.xml', dest: 
"{{SOLR_HOME}}/solr/collection1/conf/solrconfig.xml" }
become: yes 

  - name: start solr
service: name=jetty8 state=started
become: yes 

I am getting the error:

PLAY [chronam-servers] 
 

GATHERING FACTS 
*** 
ok: [localhost]

TASK: [download solr {{SOLR_VERSION}}] 
 
ok: [localhost]

TASK: [untar solr {{SOLR_VERSION}}] 
*** 
ok: [localhost]

TASK: [create solr user] 
** 
ok: [localhost]

TASK: [copy example directory to {{SOLR_HOME}}] 
*** 
failed: [localhost -> localhost] => {"failed": true}
msg: Boolean solr not in either boolean list

FATAL: all hosts have already failed -- aborting

PLAY RECAP 
 
   to retry, use: --limit @/home/ubuntu/solr.retry

localhost  : ok=4changed=0unreachable=0failed=1 
  


What does "Boolean solr not in either boolean list" mean? How do I fix it?

Thanks
John

 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fa042113-7600-4d95-ab6e-5724620b202b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] dynamic inventory script doesnt run under ansible, but a script that cats its output works just fine.

[pixel fairy]

Yes, the rest the script (stripped out for brevity) works fine. checked for 
all  needed packages in both versions of python, but ansible insists on its 
own (python2) version of yaml. is there a way around that? like telling 
ansible not to use its own yaml?

ill probably just generate a static inventory file, but that seems silly 
when the only issue a different version of the same language.

On Tuesday, July 14, 2015 at 8:47:58 PM UTC-7, Brian Coca wrote:
>
> so ansible uses python2 which would require yaml to work and seems to 
> be installed correctly, but your script uses python3, did you install 
> yaml for python 3? 
>
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/feb55909-079b-44e1-b05f-2bb6ce4a24aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] when and with on same variable

[Brian Coca]

when gets evaluated INSIDE the with loop, so it cannot condition the
executing of with, this is done so you can do when: item == 'blah' for
example to condition each iteration in the loop.

to deal with undeinfed with_ vars, do the following:

with_ : "{{ myvar|default([])}}"

^ the empty [] will skip the task as there is nothing to loop over.

some times you need more complex conditions, ternary filter can help:

with_ : "{{ unexisting is defined|ternary( groups['unexisting'], []) }}"


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DSMroeHAGR%3DqfGq8mOK6k4Q-8a6H5phsXja%3DqDRExRPg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] when and with on same variable

[Martin]

- debug: msg="test for items"
  when: groups.unexisting  is defined
  with_items: groups.unexisting  #might work if you reference the same
variable?

On Wed, Jul 15, 2015 at 3:52 PM Alexander Popov 
wrote:

>
>
> - debug: msg="test for items"   # skip because condition is not
> fullfiled
>   when: groups.unexisting is defined
>
> - debug: msg="test for items"
>   when: groups.unexisting  is defined
>   with_items: unexisting  #failed here with with_items expects a list
> or a set
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/30e95805-0301-42aa-b7a2-5a1a3ab3b625%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
-- 
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
Mobil: +43 / 660 / 62 45 103
UID: ATU68801424

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK1mKERc0q_-7dK%2BD%3DWEzDSKORLsyrDuGSm1iVGjnbZE_rUmyg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: win_unzip hanging

[J Hawkesworth]

Hi Guillaume,

A few things you could try.

Run with -v to see if the module is being run.

2/ set 
ANSIBLE_KEEP_REMOTE_FILES=1 on your controller before running your playbook.

This will then not delete the powershell scripts so you can log into the 
affected machine and run them directly in powershell 

3/ check event log for errors.

Hopefully you can find out what the problem is using the above.

Jon

On Wednesday, July 15, 2015 at 12:24:53 PM UTC+1, Guillaume Querso wrote:
>
> hi all,
>
> I am using ansible to unzip files on a windows 2008 R2 server. My playbook 
> was working fine but for an unknown reason, the win_unzip module is now 
> never ending. i am running ansible 1.9.2. 
> Thank you for your help!!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/80dcb003-53c9-45da-84d5-25bc73b85c05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] when and with on same variable

[Alexander Popov]

- debug: msg="test for items"   # skip because condition is not 
fullfiled
  when: groups.unexisting is defined

- debug: msg="test for items"
  when: groups.unexisting  is defined  
  with_items: unexisting  #failed here with with_items expects a list 
or a set


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/30e95805-0301-42aa-b7a2-5a1a3ab3b625%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] tree/hierarchic structure for inventory?

[esco real]

Hello,

I would like to discuss the idea for a hierarchic structure for the 
inventory. Would it possible to support something like that?

For example with this structure:

| server
| -- atlanta
|`-- web
|   `--hosts:web1
| -- raleigh
|`-- web
|`-- host:web2

You would need this config:
{
  "web" : { "hosts": [ "web1", "web2" ] },
  "server" : { "hosts": [ "web1", "web2" ] },
  "atlanta" : { "hosts": [ "web1" ] },
  "raleigh" : { "hosts": [ "web2" ] }
}


To work with "children" the group names would have to be unique in the 
whole tree. So "web" would break this up.

Wouldn't it be nice to use something like that?
{
  "server" 
  { "atlanta" { "web" {"hosts": [ "web1" ] } } },
  { "raleigh" { "web" {"hosts": [ "web2" ] } } }
}

I came up with this by using a KeePass database as inventory source:
https://github.com/escoreal/ansible_kdb_inventory
Here I have to build the tree for each host and add it to all parents. But 
this doesn't scale to well.

Thanks,
esco





-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b41a7c85-dff6-4b51-963d-8ebd57b239e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] expect module does not respect no_log

[Sheldon Hearn]

HI there,

I have a task in my playbook that uses the expect module to feed sensitive 
data into an interactive command on the remote host.

The module does its job, but my request for "no_log: True" is not 
respected. When changed, the task emits output like this:

{u'changed': True, u'end': u'2015-07-15 08:40:57.814994', u'stdout': u'', 
u'cmd': u'/opt/vault/bin/vault unseal -address=http://127.0.0.1:8200', 
u'start': u'2015-07-15 08:40:57.699369', u'delta': u'0:00:00.115625', 
'item': u'{{ unseal_key_3 }}', u'rc': 0, 'invocation': {'module_name': 
u'expect', 'module_args': {u'command': u'/opt/vault/bin/vault unseal 
-address=http://127.0.0.1:8200', u'responses': {u': ': u'856...503'}, 
u'timeout': 5, '_ansible_no_log': True}}, 'stdout_lines': [u'']}

Note that module_args has exposed the sensitive data (represented here as 
'856...503').

I tried marking the responses dict as no_log in the AnsibleModule 
definition in lib/ansible/modules/extras/commands/expect.py, but this 
didn't change the behaviour.

Where is the code that produces this output, so that I can dig into why it 
exposes my sensitive information and figure out how best to deal with that?

Thanks,
Sheldon.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0866e29f-3c2d-4925-b966-5a5bc13b82fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: various questions about using ansible - inventory, sharing handlers, lists and maps

[Alexander Litnitskiy]

Regarding first question I do it myself like:

[myhosts]
hostA
hostB

group_vars/all 
ansible_ssh_host: "{{inventory_hostname}}.{{domain}}"

group_vars/myhosts:
domain: example.com

In my case each group/host must define  "domain" variable.

On Monday, February 24, 2014 at 10:45:19 PM UTC+3, Mark Butler wrote:
>
> Hello team,
>
> I am getting started with ansible but I have a number of questions. 
> Apologies in advance for the rather noob questions:
>
>
> 1. In my inventory, is there anyway I can specify a single domain for all 
> the hosts e.g.
>
> [myhosts]
> hostA
> hostB
>
> rather than
>
> [myhosts]
> hostA.example.com
> hostB.example.com
>
> Given the requirement that I might be run tests from outside the domain?
>
>
> 2. Many of my roles need to call supervisor when they have finished so 
> they all use the same handler:
>
> ---
> - name: restart supervisor
>   service: name=supervisor state=restarted
>
> However at the moment I have the same duplicated handler file for each 
> role - how can I avoid this and have a single handler file?
>
>
> 3. Is it possible to create strings from list?
>
> I need to create a classpath variable - this is how I do it currently:
>
> classpath: "{{ dest }}jarA.jar:{{ dest }}jarB.jar:{{ dest }}jarC.jar:{{ 
> dest }}jarD.jar"
>
> In Python I could use a loop to do this. Is there any way to do this in 
> Ansible?
>
>
> 4. Do map style structures exist?
>
> Similarly, when I am getting these jars I use a list like this - ideally 
> it would be better to use a map, then generate the list from the map to 
> avoid configuration duplication. Is there any way to achieve this?
>
> - name: my service | Get jars
>   action: get_url url={{ build_url }}lastSuccessfulBuild/artifact/{{ item 
> }} dest={{ dest }} mode=0440
>   with_items:
> - pathA/jarA
> - pathB/jarB
> - pathC/jarC
> - pathD/jarD
>
>
> Thanks in advance,
>
> Mark
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0d296fa5-3dc9-4910-9bd3-deb0719d53d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Could there be a way let me include all ansible playbook?

[Dylan Wang]

Hi guys,
I use travis-CI for syntax checking.
Could there be a way let me include all ansible playbook in a same 
directory? (eg. - include *.yml )
That will help me a lot for maintain syntax test, otherwise when I 
modify/add a playbook, I need change it in test.yml too.

and also syntax checking seems don't work for third-party module, if I play 
it directly it works fine, but when I add `--syntax-check`, 
it just show me " not a legal parameter of an Ansible Play".
Is that a bug?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2faacdcd-3ade-4ed1-9375-5415d0641770%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error with playbook, which should create user accounts and set authorized public keys

[Dimitar Hristov]

Hi Guys,

I get an error when I run a playbook, which aims to create new users and 
set authorized keys for them. The error: 

TASK: [create new users] 
** 
fatal: [testvm1] => with_items expects a list or a set
fatal: [testvm2] => with_items expects a list or a set


Here's a part of the playbook (the first task fails):

- name: create new users
  user: name={{ item.name }} group=wheel append=yes 
password={{user_password}}
  with_items: "{{users}}"

- name: set pub keys
  authorized_key: "user={{ item.0.name }} key='{{ lookup('file', 
item.1) }}'"
  with_subelements:
- users
- authorized

- name: set pass expiration
  command: /usr/bin/chage -d 0 {{ item.name }}
  with_items: "{{users}}"

Here's the var file:

---
wheelsregex: # *%wheel *ALL=\(ALL\) *ALL
user_password: 12345678
users:
  - name: test
authorized:
 - /etc/ansible/add_users/files/test.pub
  - name: test1
authorized:
 - /etc/ansible/add_users/files/test1.pub
  - name: test2
authorized:
 - /etc/ansible/add_users/files/test2.pub

Any idea where's my mistake? I saw that it might be related to ansible 
version, so mine is 1.9.2.


Regards,
Dimitar

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/76803881-f19a-4f47-a9bc-374a62a39672%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] win_unzip hanging

[Guillaume Querso]

hi all,

I am using ansible to unzip files on a windows 2008 R2 server. My playbook 
was working fine but for an unknown reason, the win_unzip module is now 
never ending. i am running ansible 1.9.2. 
Thank you for your help!!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9ae9e225-dabd-41ed-87d8-70e36ddacbfe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: ansible ec2_facts returns false data (if there is NAT on the system level; This is ok if You use AWS router interface gateway)

['Jakub Muszynski' via Ansible Project]

Thanks Igor.

You are right, it is not ansible "bug", but an configuration-feature, tough
it is the "bad one" since it silently provides the false data. I had to dig
into the source code to track it down.
There could be some warning in ec2_facts detecting default route, but it
would be some work :/

-
To sum up mine state - I've worked out the solution that is almost the same
You have provided :)
I will describe it in my words:

I did not provide enough data about my subnets
I have public subnet, and a private one. Faulty instances were in the
public subnet with their system-local-routeing table containing "default
via 172.16.0.200 dev eth0"). I have moved that instances to private subnet,
and set its routing table in the way, that the default traffic goes via
NAT-instance in public subnet:

Destination

Target

Status

Propagated

172.16.0.0/16

local

Active

No

0.0.0.0/0

eni-eb / i-2

Active

No


So that's exactly what You did stated :)

To fix the issue in the public subnet (with "default via 172.16.0.200 dev
eth0"), it would be enough to add

ip r a 169.254.169.254 via 172.16.0.1

verification:

curl http://169.254.169.254/latest/meta-data/local-ipv4


since the

modules/core/cloud/amazon/ec2_facts.py

defines the querry parameter as:

ec2_metadata_uri = 'http://169.254.169.254/latest/meta-data/'



So I'll have to add 2xNAT and I'll be happy :)




On Wed, Jul 15, 2015 at 2:52 AM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:

> Have to correct myself, you do provide the subnet information. So in
> answer to you questions/conclusions they way I do it is:
>
> - Use private routing table for the private subnets pointing to the NAT as
> IGW
> - Use 2 x NAT instances and NAT takeover script that modifies the the
> private subnets routing table and points the IGW to itself in case the
> other NAT instance has failed
>
>
> On Wednesday, July 15, 2015 at 10:21:38 AM UTC+10, Igor Cicimov wrote:
>>
>> I'm using Ansible with AWS VPC's, where most of them have public and
>> private subnets, and have never had the problem you are seeing. This is
>> definitely a misconfiguration on your side and nothing to do with Ansible.
>> The ec2_facts is doing the right thing, there is no other way of collecting
>> data except querying the meta-data repository which is what the AWS CLI
>> tools do anyway. Meaning you will get wrong data using AWS CLI as well.
>> Don't forget you are in the cloud and your networking is configured in the
>> hypervisor/SDN level and NOT on instance level. Meaning you can create as
>> many network interfaces as you want on instance level and set IP's on those
>> but none of them will work since you have bypassed the SDN and there is no
>> record of those in the meta-data repository. Which finally means that
>> collecting facts on the instance locally really means nothing if those
>> values don't match what is in the meta-data repository.
>>
>> Now that we have that cleared, lets move to your problem, which looks to
>> me is AWS routing tables. Or more specific the lack of those. For an
>> instance to be in a private subnet it needs separate routing table from the
>> VPC's default one (which has IGW created for you when the VPC was created)
>> that has the NAT instance as IGW (internet gateway). And that is all you
>> need, you don't have to set any routing tables on the system level, the SDN
>> will route the traffic for you.
>>
>> Hope this makes sense. Since you haven't provided any info about your
>> subnets, routing tables, ACL's etc. this is more of a guess what's going on
>> so please correct my assumptions if needed.
>>
>> Thanks,
>> Igor
>>
>> On Tuesday, July 14, 2015 at 10:16:49 PM UTC+10, sirkubax wrote:
>>>
>>> *THE PROBLEM:*
>>> I've just realised why sometimes my playbook fills the template with
>>> false data
>>>
>>> This happens, when the instance is in my VPC subnet (with internet
>>> gateway), while in configuration there is *NAT route table on the
>>> system level*, then *reguest to the internet goes through NAT instance *and
>>> the AWS response is *covered.*
>>> Then the* NAT_instance facts *are *returned*, NOT the current_instance
>>> facts about.
>>>
>>>
>>> *THE DEBUGGING:*
>>>
>>> If You look into the code, the ec2_facts fetch a bunch of requests to
>>>
>>> 'http://169.254.169.254/latest/meta-data'
>>>
>>>
>>> in Example:
>>>
>>> curl http://169.254.169.254/latest/meta-data/local-ipv4
>>> *172.16.0.200*
>>>
>>>
>>> while* real data* is
>>>
>>> eth0: ***
>>> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>>>
>>>
>>> THE INSTANCE CONFIGURATION:
>>>
>>> $ ip r
>>> default via 172.16.0.200 dev eth0
>>> 172.16.0.0/24 dev eth0  proto kernel  scope link  src 172.16.0.110
>>> 172.16.0.0/16 via 172.16.0.1 dev eth0
>>>
>>>$ ip a
>>>
>>> eth0: ***
>>> inet *172.16.0.110*/24 brd 172.16.0.255 scope global eth0
>>>
>>>
>>>
>>> If You keep remote files, You can check it Yourself
>>>
>>> export ANSIBLE_KEEP_REMOTE_FIL

[ansible-project] Ansible Privilege Escalation

[Mona Gopal]

   Hello Everyone,
   
Below is a  play that i have written to execute the task as a sudo user.

  - name: Testing the sudo user concept in this play
hosts: all
#  user: ved 
   become: yes
   become_method: su
   become_pass: root_123

  tasks:
- name: edits the contents of the file this task will execute only as a 
root user
  lineinfile: dest=/root/sample.txt  state=present insertafter='EOF' 
line='GAURAV' regexp='MONA'
#become: yes
#become_method: su
#become_pass: root_123


The problem : 
   
   The "become_pass"  does not work in case of a play , but works fine in 
case of a task. 
   Could anyone help me out with this?
   Our task is to run the playbook on click of a button in GUI ,so we 
cannot go by the method of prompting for password.
   And also to mention we have multiple tasks to be executed and hence want 
to apply the become_pass for a play and just a task(like i mentioned in 
case of a task it works fine.)

Thanks in advance,
Mona G

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9c71ca9d-69cf-45e2-aa46-26fe87a3b514%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Increment - Ansible variable assigment

[Esteban Freire]

Hi all,

I have the following vars file:

student_accounts:
  user:
username: user
password: pass
accounts_to_create: 2
start_number_account: 1

And then the following task:

- name: Generate the sequence numbers
  set_fact: item.value.start_number_account={{ item.value.start_number_account 
| int + 1 }}
  register: item.value.start_number_account
  with_dict: student_accounts
  when: (item.value.start_number_account != item.value.accounts_to_create)
  tags:
- create_student_account

- name: Create an user account in ON for the users defined on users.yml file
  sudo: True
  sudo_user: oneadmin
  shell: oneuser create "{{ item.value.username }}{{ 
item.value.start_number_account }}" "{{ item.value.password 
}}{{item.value.start_number_account }}" 
  with_items: item.value.start_number_account.results
  tags:
- create_student_account

My idea is to use this task to create several accounts on OpenNebula at the 
same time, in this case, so many accounts as I have specified on "
accounts_to_create" variable. So I use the start_number_account variable to 
increment and then I would like to execute the command to create the 
account as many times as I have specified on "accounts_to_create" using the 
incremental variable and taking the advantage of it to also add the number 
to the account so it is a different account. The command would be executed 
like:

oneuser create "user1" "pass1" 
oneuser create "user2" "pass2" 
oneuser create "user3" "pass3"
[  ... ]

I tried with set fact but I think I am not understanding it well. Also, If 
you know another method to get this, please let me know and any help is 
appreciated :)

Thanks in advance,
Esteban

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/afb466d1-705c-4021-9fae-49dda9de0bdd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] May I treat playbooks similar to database migrations?

[Jan Koprowski]

Hello,

  I would like to start writing playbooks treating each playbook similar to 
*database 
migration*.
 
  Let say I'm releasing my roles/playbooks repository with version 1.0
  In version 1.1 I would like to upgrade reviewboard to version 2.5 (from 
1.5), glusterfs to version 3.6 (from 3.4) and introduce deduplication.

  Is it a good idea to write playbooks like?
  - 1_*upgrade_reviewboard_1.5_to_2.5.yml*
*  - 2_upgrade_glusterfs_3.4_to_3.6.yml*
*  - 3_turn_on_glusterfs_deduplication.yml*

  Assuming that something will know how which playbooks should be run and 
in which order is it a good direction to follow?

  The idea behind that is to be able to share infrastructure with others as 
repository.
  Treat it as a product/software where people can upgrade to higher version.

  Let say on each node we have deployed fact file returning version of 
infrastructure so we can easily determine which version is current.

Regards,

Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dc304b21-6b3e-4008-979a-3a827f9a57ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Docker and Ansible Vault: An insecure match?

[Paul Tötterman]

> How can I run a playbook using vars encrypted by Vault during a Docker 
> build?
>

Don't
 

> How can I do it without exposing a password file?
> Is there a best practice?
>

Give sensitive information to the docker container as environment values. 
See e.g.  https://registry.hub.docker.com/_/postgres/ and POSTGRES_PASSWORD

Cheers,
Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c2846578-f141-4fe1-9044-d8270742a94a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.