date:20150716

Re: [ansible-project] debconf with variable is not really idempotent?

2015-07-16 Thread Phyks

Ok, I did not know about it. I confirm I only have this behavior with
password fields.

Thanks

Le 16/07/2015 20:20, Brian Coca a écrit :
 passwords cannot be read, so they always appear as changed, this is a
 limitation of debconf itself.
 
 all other field types should work as you expect
 
 
 -- 
 Brian Coca
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Ansible Project group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3Dj2AQN%2B1Uj%2B7y3ZwrgP6r1YUHhVmNx7Ctg0aFH0LB3mQ%40mail.gmail.com.
 For more options, visit https://groups.google.com/d/optout.
 

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/55A81723.2060703%40phyks.me.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Error with playbook, which should create user accounts and set authorized public keys

2015-07-16 Thread Dimitar Hristov

Hi Brian,

here's the info you asked for:

TASK: [debug var=users] 
*** 
testvm1 ESTABLISH CONNECTION FOR USER: dimitar
testvm2 ESTABLISH CONNECTION FOR USER: dimitar
ok: [testvm1] = {
var: {
users: users
}
}
ok: [testvm2] = {
var: {
users: users
}
}


TASK: [create new users] 
** 
fatal: [testvm2] = with_items expects a list or a set
fatal: [testvm1] = with_items expects a list or a set

FATAL: all hosts have already failed -- aborting

Hope it helps :)

Regards,
Dimitar


On Wednesday, July 15, 2015 at 6:59:46 PM UTC+3, Brian Coca wrote:

 that looks correct, very similar to what i was doing. 

 can you run with - and also - debug: var=users ? 



 -- 
 Brian Coca 


-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c0a38d7e-c9d1-4833-be0c-8e61539b17fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Importing custom python library from ansible custom module

2015-07-16 Thread Olivier Lauret

Hello all,

Is there a way to import a custom python library from an ansible custom 
module?

I am trying to create a custom module and need a specific python library. I 
have put my inifile.py file in the library folder of my playbook. My 
ansible custom module is in the same folder. However, when using the import 
command (from inifile import IniFile) in the custom module, it cannot find 
the pyhton library:

invalid output was: Traceback (most recent call last):
  File 
/home/olivier/.ansible/tmp/ansible-tmp-1437029018.2-53200658786921/file_ini_correct_options,
 
line 92, in module
from inifile import IniFile
ImportError: No module named inifile

Any way to do that?

Regards,
Olivier

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f62e78a7-97e4-40df-94b6-87accc4014be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: win_unzip hanging

2015-07-16 Thread Guillaume Querso

hi jon,

unfortunately, nothing works to solve the problem... is there anything new
on the domain access? because it would make things a lot easier for me
(and the windows community)!!!

Thanks

Le mercredi 15 juillet 2015 14:53:36 UTC+1, J Hawkesworth a écrit :

Hi Guillaume,

A few things you could try.

Run with -v to see if the module is being run.

2/ set
ANSIBLE_KEEP_REMOTE_FILES=1 on your controller before running your
playbook.

This will then not delete the powershell scripts so you can log into the
affected machine and run them directly in powershell

3/ check event log for errors.

Hopefully you can find out what the problem is using the above.

Jon

On Wednesday, July 15, 2015 at 12:24:53 PM UTC+1, Guillaume Querso wrote:

hi all,

I am using ansible to unzip files on a windows 2008 R2 server. My
playbook was working fine but for an unknown reason, the win_unzip module
is now never ending. i am running ansible 1.9.2.
Thank you for your help!!

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/624c0525-8486-48d4-af6b-7592515eeb54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible copy module hangs on CentOS 7

2015-07-16 Thread Martin Ilchev

Hi Guys,

I have a playbook to copy DNS zone files from local directory to a remote 
one and restart the named service. The playbook is as follows:
---
# This playbook upgrades zone data files from the control machine to all 
DNS servers 1 machine at a time

- name: Upgrade zone data files. Reload named-chroot if required
  hosts: dnsservers
  gather_facts: no
  sudo: yes
  serial: 1
  tasks:

- name: copy dns zone files from control machine to DNS servers
  copy: src=zones/ dest=/var/named owner=root group=named mode=0440
  register: namedzones

- name: restart dns service if required
  service: name=named-chroot state=restarted
  when: namedzones.changed

I test run the playbook as follows:

ansible-playbook -vv dns-copy-zones.yml --ask-become-pass --check

The output is:
SUDO password: 

PLAY [Upgrade zone data files. Reload named-chroot if required] *** 

TASK: [copy dns zone files from control machine to DNS servers] ***
fatal: [192.168.16.195] = ssh connection error while waiting for sudo 
password prompt

FATAL: all hosts have already failed -- aborting   



PLAY RECAP 
 
   to retry, use: --limit @/home/martin/dns-copy-zones.retry

192.168.16.195 : ok=0changed=0unreachable=1failed=0

When I increase the verbosity I can see 5-6 files are copied then copy 
hangs locally on transferring the next file and eventually times out.

On the remote machine if I tail /var/log/secure I can see all the files up 
to the last one going through.

The machine I run the playbook from and the destination machine are both 
CentOS 7. The version is ansible 1.9.2.

Below is the more verbose output I have highlighted what I think are the 
important messages. I am only including the last file to go through 
successfully and the next one to hang (let me know if you require the full 
output):
ON CONTROL MACHINE:
192.168.16.195 EXEC ssh -C -tt -v -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath=/home/martin/.ansible/cp/ansible-ssh-%h-%p-%r -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 192.168.16.195 /bin/sh -c 
'sudo -k  sudo -H -S -p [sudo via ansible, 
key=zasgrvyvetzjqebxkfgjmaeohbealypu] password:  -u root /bin/sh -c 
'''echo BECOME-SUCCESS-zasgrvyvetzjqebxkfgjmaeohbealypu; rc=flag; [ -r 
/var/named/named.empty ] || rc=2; [ -f /var/named/named.empty ] || rc=1; [ 
-d /var/named/named.empty ]  rc=3; python -V 2/dev/null || rc=4; [ 
x$rc != xflag ]  echo ${rc} /var/named/named.empty  exit 0; 
(python -c 'import hashlib; BLOCKSIZE = 65536; hasher = 
hashlib.sha1(); afile = 
open('/var/named/named.empty', rb) buf 
= afile.read(BLOCKSIZE) while len(buf)  0: hasher.update(buf) buf = 
afile.read(BLOCKSIZE) afile.close() 
print(hasher.hexdigest())' 2/dev/null) || (python -c 
'import sha; BLOCKSIZE = 65536; hasher = sha.sha(); afile = 
open('/var/named/named.empty', rb) buf 
= afile.read(BLOCKSIZE) while len(buf)  0: hasher.update(buf) buf = 
afile.read(BLOCKSIZE) afile.close() 
print(hasher.hexdigest())' 2/dev/null) || (echo 
'0 '/var/named/named.empty)
192.168.16.195 EXEC ssh -C -tt -v -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath=/home/martin/.ansible/cp/ansible-ssh-%h-%p-%r -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 192.168.16.195 /bin/sh -c 
'sudo -k  sudo -H -S -p [sudo via ansible, 
key=bnbotucjqsepetntcsddztjuluwdvzam] password:  -u root /bin/sh -c 
'''echo BECOME-SUCCESS-bnbotucjqsepetntcsddztjuluwdvzam; rc=flag; [ -r 
/var/named/named.localhost ] || rc=2; [ -f /var/named/named.localhost ] || 
rc=1; [ -d /var/named/named.localhost ]  rc=3; python -V 2/dev/null || 
rc=4; [ x$rc != xflag ]  echo ${rc} /var/named/named.localhost  
exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; 
hasher = hashlib.sha1(); afile = 
open('/var/named/named.localhost', rb) 
buf = afile.read(BLOCKSIZE) while len(buf)  0: hasher.update(buf) buf = 
afile.read(BLOCKSIZE) afile.close() 
print(hasher.hexdigest())' 2/dev/null) || (python -c 
'import sha; BLOCKSIZE = 65536; hasher = sha.sha(); afile = 
open('/var/named/named.localhost', rb) 
buf = afile.read(BLOCKSIZE) while len(buf)  0: hasher.update(buf) buf = 
afile.read(BLOCKSIZE) afile.close() 
print(hasher.hexdigest())' 2/dev/null) || (echo 
'0 '/var/named/named.localhost)

ON THE DESTINATION MACHINE (output in /var/log/secure):
Jul 16 12:48:00 dominus sudo: martin : TTY=pts/2 ; PWD=/home/martin ;

[ansible-project] tags with roles

2015-07-16 Thread Vladimir Ondrus

Hi All,

I want to use tags inside the roles, here is my usecase:

I want to execute tasks marked with  from testrole:

[root@wildfly ~/ansible]$ cat test.yml
---
- hosts: local
  roles:
- {role: testrole, tags: ['']}


here is the role:

[root@wildfly ~/ansible]$ cat roles/testrole/tasks/main.yml
---
- name:  tag
  local_action: command echo
  tags:
- 

- name:  tag
  local_action: command echo
  tags:
- 


but both tasks are executed:

[root@wildfly ~/ansible]$ ansible-playbook -i inventory.ini test.yml

PLAY [local] 
**

GATHERING FACTS 
***
ok: [localhost]

TASK: [testrole |  tag] 
***
changed: [localhost - 127.0.0.1]

TASK: [testrole |  tag] 
***
changed: [localhost - 127.0.0.1]

PLAY RECAP 

localhost  : ok=3changed=2unreachable=0failed=0


Is this OK, or bug?


Regards,
Vlado

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0a285795-8acd-40a6-bb6b-1f0f4ccdcbb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ec2_vpc route_tables tags not created

2015-07-16 Thread Erik Steffl

Creating VPC using ec2_vpc module. Have a public net so adding a routing 
table:

route_tables: [
  {
subnets: [10.0.0.0/24],
routes: [ { dest: 0.0.0.0/0, gw: igw } ],
resource_tags: { Name: way_out }
  }
],

The route is created but it does not have any tags (it has empty Name tag 
which is always created by Amazon). There are no error messages. Similar 
resource_tags work fine for the vpc and subnets. Also tried to add another 
tag (in additon to Name) but that one didn't show up in the created route 
table either.

Going by the docs at http://docs.ansible.com/ec2_vpc_module.html which say: 
A dictionary array of route tables to add of the form: { subnets: 
[172.22.2.0/24, 172.22.3.0/24,], routes: [{ dest: 0.0.0.0/0, gw: igw},], 
resource_tags: ... }.

Any ideas what's going on?

Thanks!

erik

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a4805f9e-f695-4b5e-9cd4-0d6ddde26a00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Importing custom python library from ansible custom module

2015-07-16 Thread Timothy Appnel

In a previous life I've had to do what you are attempting. Ansible will not
automatically know to install dependencies like your custom library for
you.That is up to you to handle. There are two ways I've gone about it
resolving this:

1) Install said libraries in your default python library path on each
remote box.
2) Copy/install your libraries to an alternate path location (could be one
time could be an earlier task of the play) and use the environment argument
on the task that uses your custom module to append said library path to
PYTHONPATH.

Not knowing what is in your infile.py, you may want to consider embedding
that library in the module if it's a single library file that's not too
complex. I didn't personally use this approach, though I considered it, in
my own because the library files had other usage outside of my custom
Ansible module and I didn't want to play around keeping the code in sync.

Hope that helps.

tim/

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOMCme63ZpWdD9nOzgBZvNKpW29zkAQUYwG8t8oSnMXYUb%3DOuw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Importing custom python library from ansible custom module

2015-07-16 Thread Timothy Appnel

I didn't give up at all. Far from it! I started working for Ansible.

Last I spoke to my former co-workers they are still using options 2 that I
setup because they do not have the ability to install python libraries in
the default library path.

tim/

On Thu, Jul 16, 2015 at 10:14 AM, Martin mar...@marcher.name wrote:

Hi,

On Thu, Jul 16, 2015 at 4:05 PM Timothy Appnel t...@ansible.com wrote:

In a previous life I've had to do what you are attempting.

So what do you do now? It sound like you went on and are using a
completely different approach to achieve what the op wants to do (load
custom code)

I'm not asking about options but rather what you actually ended up with
doing (give up and/or stopped using the tool are viable answers to me)

/Martin

--
--
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
Mobil: +43 / 660 / 62 45 103
UID: ATU68801424

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an
email to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAK1mKEQxjUW0kB9Yb426THm8HZCMOy%3DbdbCzztjARScFrYsKzQ%40mail.gmail.com
https://groups.google.com/d/msgid/ansible-project/CAK1mKEQxjUW0kB9Yb426THm8HZCMOy%3DbdbCzztjARScFrYsKzQ%40mail.gmail.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOMCme7JjHtUYE%3D4DRSyCd1tsEL19w0-1BRSnunD9xHbfc-8EQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Importing custom python library from ansible custom module

2015-07-16 Thread Martin

Hi,

On Thu, Jul 16, 2015 at 4:05 PM Timothy Appnel t...@ansible.com wrote:

 In a previous life I've had to do what you are attempting.


So what do you do now? It sound like you went on and are using a completely
different approach to achieve what the op wants to do (load custom code)

I'm not asking about options but rather what you actually ended up with
doing (give up and/or stopped using the tool are viable answers to me)

/Martin

-- 
-- 
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
Mobil: +43 / 660 / 62 45 103
UID: ATU68801424

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK1mKEQxjUW0kB9Yb426THm8HZCMOy%3DbdbCzztjARScFrYsKzQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] how to set up kerberos

2015-07-16 Thread Guillaume Querso

hi all!

I am currently using ansible 1.9.2 on a RHEL 6 server. what I would like is 
to connect to a windows 2008 R2 server via kerberos to be able to use 
domain accounts.

   - What i did: creating a ticket on the linux server for the concerned 
   domain account. Synchronized the clocks.
   - What it is not working: i have a: 401 unauthorized access when i try 
   to run a playbook. 

Do you know what i am missing? 
Thanks for your help on this!

Guillaume Q

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/38f7125f-0d55-42be-b964-03b948075e4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error creating RDS instance

2015-07-16 Thread Guy Knights

I'm getting the following in a playbook a task to create an RDS instance 
runs:

msg: failed to create instance: null

This task worked fine yesterday, today I made a minor change to the VPC 
task (below) by adding another app subnet and specifying availability zones 
for the 2 app subnets, but this should have no effect on the RDS task. The 
RDS task itself hasn't been changed.

- name: provision white label vpc
  ec2_vpc:
state: present
cidr_block: 10.{{ wl_vpc_prefix }}.0.0/16
resource_tags: { Name: {{ wl_name }}-bbe-vpc }
region: us-west-1
subnets:
  - cidr: 10.{{ wl_vpc_prefix }}.1.0/24
resource_tags: { Name: {{ wl_name }}-bbe-public }
  - cidr: 10.{{ wl_vpc_prefix }}.2.0/24
az: us-west-1a
resource_tags: { Name: {{ wl_name }}-bbe-app }
  - cidr: 10.{{ wl_vpc_prefix }}.3.0/24
az: us-west-1b
resource_tags: { Name: {{ wl_name }}-bbe-app }
  - cidr: 10.{{ wl_vpc_prefix }}.4.0/24
resource_tags: { Name: {{ wl_name }}-bbe-mgmt }
  - cidr: 10.{{ wl_vpc_prefix }}.5.0/24
az: us-west-1a
resource_tags: { Name: {{ wl_name }}-bbe-db }
  - cidr: 10.{{ wl_vpc_prefix }}.6.0/24
az: us-west-1b
resource_tags: { Name: {{ wl_name }}-bbe-db }
internet_gateway: True
route_tables:
  - subnets:
  - 10.{{ wl_vpc_prefix }}.1.0/24
routes:
  - dest: 0.0.0.0/0
gw: igw
  register: vpc

Does anyone have any idea what the problem is here?

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8777df80-2b42-4d7f-826d-b90f5b06366c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] debconf with variable is not really idempotent?

2015-07-16 Thread Phyks

Hi,

I am using the following line in an Ansible playbook:

```
debconf: name={{ item.name }} question={{ item.question }} vtype={{
item.vtype }} value={{ item.value }}
with_items:
  - { name: mariadb-server-10.0, question:
mysql-server/root_password, vtype: password, value:
{{mysql_root_password}}}
  - { name: mariadb-server-10.0, question:
mysql-server/root_password_again, vtype: password, value:
{{mysql_root_password}}}
```

But the task is marked as changed at every execution. I would expect
it to be changed only if the values are different than the previous ones
and skipped otherwise.

Moreover, when the value is explicitly given (instead of referencing a
variable), the behaviour is as expected and the task is skipped if it
was already set.

Is it a bug or an expected feature?

Thanks!
-- 
Phyks

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/55A7F339.2090400%40phyks.me.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Error with playbook, which should create user accounts and set authorized public keys

2015-07-16 Thread Brian Coca

your debug is indicative that 'users' is undefined, that is why it is
failing (we made the message much clearer in 2.0)


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8ntzCSOrg--yrqfJ%3DbMThT-peL10X9OpePGFb8Zz48ieQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Importing custom python library from ansible custom module

2015-07-16 Thread Olivier Lauret

Hi Tim,

Thank you very much for the update. It helps a lot, thank you very much.
Indeed, I have chosen your second option as it is easier to maintain and
avoid any conflict with other systems. The inifile.py is too big to be
included in the custom module but I would not do this as I wouldn't be able
to re-utilise it.

Here is how I did it:

In my playbook or role:
tasks:
- name: Upload python module
copy: src=library/inifile.py dest=/tmp/inifile.py
In my custom module:
import sys
sys.path.append('/tmp')
from inifile import IniFile

And to answer your question, what I am trying to achieve here is an
extension to the ini_file module in Ansible. The current module doesn't
answer my needs such as:

- setting easily a continious list of options such as:
- whitelist.0 = item1
- whitelist.1 = item2
- whitelist.2 = item3
- checking and replacing a list of options (such as [ower, owne]) by
one option name (owner)
- Dealing with options that doesn't have section (generally mean that
this is default to all sections)
- Dealing with empty name section ([]) and comments - this one I am less
sure about but I know that the ConfigParser cannot handle this.

Thank you again for your precious help.

Regards,

Olivier

On Thursday, 16 July 2015 15:20:03 UTC+1, Timothy Appnel wrote:

I didn't give up at all. Far from it! I started working for Ansible.

Last I spoke to my former co-workers they are still using options 2 that I
setup because they do not have the ability to install python libraries in
the default library path.

tim/

On Thu, Jul 16, 2015 at 10:14 AM, Martin mar...@marcher.name
javascript: wrote:

Hi,

On Thu, Jul 16, 2015 at 4:05 PM Timothy Appnel ti...@ansible.com
javascript: wrote:

In a previous life I've had to do what you are attempting.

So what do you do now? It sound like you went on and are using a
completely different approach to achieve what the op wants to do (load
custom code)

I'm not asking about options but rather what you actually ended up with
doing (give up and/or stopped using the tool are viable answers to me)

/Martin

--
--
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
Mobil: +43 / 660 / 62 45 103
UID: ATU68801424

https://groups.google.com/d/msgid/ansible-project/CAK1mKEQxjUW0kB9Yb426THm8HZCMOy%3DbdbCzztjARScFrYsKzQ%40mail.gmail.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a7ac54d2-e808-4c46-855e-5f3326b5b069%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] debconf with variable is not really idempotent?

2015-07-16 Thread Mischa ter Smitten

Is there any way to work around that?

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5d0ad0ce-5504-4b1a-a68a-ce3f077228ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Importing custom python library from ansible custom module

2015-07-16 Thread Timothy Appnel

I'm glad you were able to work something out and I was helpful. A couple of
quick added thoughts on this.

I wouldn't recommend just dropping your library in to just /tmp to avoid a
potential conflict with another job or process. Perhaps create a separate
directory like the name of your project or playbook under tmp and store it
there? I think create a specific directory helps avoid this.

I also wouldn't recommend embedding a library path in your custom module
for maintainability. It's working for you now, but the thought of having to
have that path line up in two different places make me uneasy. I used the
environment arg and appended the path to our libraries to PYTHONPATH.
Everything is in one place: the playbook. A var to hold the path (you can
use Ansible facts to really create a unique path that won't get tread on),
the path create, the copy, the environment setting. Change it in one place
and the change probates thru.

Just some food for thought.

tim/

On Thu, Jul 16, 2015 at 3:30 PM, Olivier Lauret
olivier.lau...@googlemail.com wrote:

Hi Tim,

Here is how I did it:

In my playbook or role:
tasks:
- name: Upload python module
copy: src=library/inifile.py dest=/tmp/inifile.py
In my custom module:
import sys
sys.path.append('/tmp')
from inifile import IniFile

And to answer your question, what I am trying to achieve here is an
extension to the ini_file module in Ansible. The current module doesn't
answer my needs such as:

- setting easily a continious list of options such as:
- whitelist.0 = item1
- whitelist.1 = item2
- whitelist.2 = item3
- checking and replacing a list of options (such as [ower, owne])
by one option name (owner)
- Dealing with options that doesn't have section (generally mean that
this is default to all sections)
- Dealing with empty name section ([]) and comments - this one I am
less sure about but I know that the ConfigParser cannot handle this.

Thank you again for your precious help.

Regards,

Olivier

On Thursday, 16 July 2015 15:20:03 UTC+1, Timothy Appnel wrote:

I didn't give up at all. Far from it! I started working for Ansible.

Last I spoke to my former co-workers they are still using options 2 that
I setup because they do not have the ability to install python libraries in
the default library path.

tim/

On Thu, Jul 16, 2015 at 10:14 AM, Martin mar...@marcher.name wrote:

Hi,

On Thu, Jul 16, 2015 at 4:05 PM Timothy Appnel ti...@ansible.com
wrote:

In a previous life I've had to do what you are attempting.

So what do you do now? It sound like you went on and are using a
completely different approach to achieve what the op wants to do (load
custom code)

I'm not asking about options but rather what you actually ended up with
doing (give up and/or stopped using the tool are viable answers to me)

/Martin

--
--
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
Mobil: +43 / 660 / 62 45 103
UID: ATU68801424

--
You received this message because you are subscribed to the Google
Groups Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send
an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAK1mKEQxjUW0kB9Yb426THm8HZCMOy%3DbdbCzztjARScFrYsKzQ%40mail.gmail.com
https://groups.google.com/d/msgid/ansible-project/CAK1mKEQxjUW0kB9Yb426THm8HZCMOy%3DbdbCzztjARScFrYsKzQ%40mail.gmail.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an
email to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a7ac54d2-e808-4c46-855e-5f3326b5b069%40googlegroups.com
https://groups.google.com/d/msgid/ansible-project/a7ac54d2-e808-4c46-855e-5f3326b5b069%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] tags with roles

2015-07-16 Thread Brian Coca

Hi Vlado,

I think you are misunderstanding the feature. There is no sub
-election with tags on role definition, when you:
 - {role: testrole, tags: ['']}

What you are doing is tagging all tasks in testrole with '' on top
of existing tags. So it would look like this once imported:

- name:  tag
  local_action: command echo
  tags:
- 

- name:  tag
  local_action: command echo
  tags:
- 
- 

You are not saying 'run only those tagged with '', that is not
possible when specifying a role to import.
I suggest making 2 roles and only importing the one with the tasks you
want to execute.


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mRn1qWaU2qf0f4NGdtt7WREqvE1aRVw6YL0xMM7gqH0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] debconf with variable is not really idempotent?

2015-07-16 Thread Brian Coca

passwords cannot be read, so they always appear as changed, this is a
limitation of debconf itself.

all other field types should work as you expect


-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3Dj2AQN%2B1Uj%2B7y3ZwrgP6r1YUHhVmNx7Ctg0aFH0LB3mQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible provisioning through bastion SSH host

2015-07-16 Thread andrew

Hi folks,

I'm encountering issues provisioning with Ansible via SSH from outside our
datacenter (well, AWS Virtual Private Cloud).

Our bastion hosts (jump boxes) are configured to accept SSH keys from
staff members. Boxes behind the bastion hosts accept only the SSH keys
created for the jumpbox user on the bastion hosts. This makes our
administration easier in the event of key compromise staff turnover (only
need to rotate out on the jumpboxes).

The ProxyCommand examples I've seen for Ansible rely on agent forwarding
and netcat. I want Ansible to SSH in to the bastion host, then run a
second SSH command with the private key of the bastion host. Thus agent
forwarding is useless here.I've tried replacing the netcat ProxyCommand
with ssh -q -t awsjumpbox1 ssh -p %p %h and I get mysterious failures
that even - doesn't provide much insight on. For instance:

fatal: [172.31.17.144] = SSH Error: -bash: line 1:
SSH-2.0-OpenSSH_6.6.1_hpn13v11: command not found
It is sometimes useful to re-run the command using -, which prints SSH
debug output to help diagnose the issue.

Our ansible.cfg looks like:

[defaults]
host_key_checking = False

[ssh_connection]
ssh_args = -o ControlPersist=15m -F ssh.config -q
scp_if_ssh = True
control_path = ~/.ssh/mux-%%r@%%h:%%p

Our ssh.config (simplified) looks like:

Host jumpbox
HostName (redacted)
User (redacted)
BatchMode yes
PasswordAuthentication no

Host *
ServerAliveInterval60
TCPKeepAlive yes
#ProxyCommand ssh -q -A -t jumpbox nc %h %p # have tried
this one too
ProxyCommand ssh -q -t jumpbox ssh -p %p %h
ControlMaster auto
ControlPath~/.ssh/ansible-%r@%h:%p
ControlPersist 8h
User (redacted)

Our boxes are running the standard Amazon AMI (which I am led to believe
are CentOS-based). We are open to rethinking the aforementioned strategy
re: the keys if that's the only way.

I'll be interested in anyone's thoughts on the matter. Thank you.

Best regards,

Andrew Merenbach
Senior DevOps Engineer at Edlio Inc

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c5fcf811-fed6-493e-8f4f-1fe818d7824b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Importing custom python library from ansible custom module

2015-07-16 Thread Olivier Lauret

Hi Tim,

Very good point. I will definitely change it accordingly. Thank you again.

Regards,
Olivier

On Thursday, 16 July 2015 20:53:15 UTC+1, Timothy Appnel wrote:

I'm glad you were able to work something out and I was helpful. A couple
of quick added thoughts on this.

Just some food for thought.

tim/

On Thu, Jul 16, 2015 at 3:30 PM, Olivier Lauret olivier...@googlemail.com
javascript: wrote:

Hi Tim,

Here is how I did it:

In my playbook or role:
tasks:
- name: Upload python module
copy: src=library/inifile.py dest=/tmp/inifile.py
In my custom module:
import sys
sys.path.append('/tmp')
from inifile import IniFile

And to answer your question, what I am trying to achieve here is an
extension to the ini_file module in Ansible. The current module doesn't
answer my needs such as:

- setting easily a continious list of options such as:
- whitelist.0 = item1
- whitelist.1 = item2
- whitelist.2 = item3
- checking and replacing a list of options (such as [ower, owne])
by one option name (owner)
- Dealing with options that doesn't have section (generally mean that
this is default to all sections)
- Dealing with empty name section ([]) and comments - this one I am
less sure about but I know that the ConfigParser cannot handle this.

Thank you again for your precious help.

Regards,

Olivier

On Thursday, 16 July 2015 15:20:03 UTC+1, Timothy Appnel wrote:

I didn't give up at all. Far from it! I started working for Ansible.

Last I spoke to my former co-workers they are still using options 2 that
I setup because they do not have the ability to install python libraries in
the default library path.

tim/

On Thu, Jul 16, 2015 at 10:14 AM, Martin mar...@marcher.name wrote:

Hi,

On Thu, Jul 16, 2015 at 4:05 PM Timothy Appnel ti...@ansible.com
wrote:

In a previous life I've had to do what you are attempting.

So what do you do now? It sound like you went on and are using a
completely different approach to achieve what the op wants to do (load
custom code)

I'm not asking about options but rather what you actually ended up with
doing (give up and/or stopped using the tool are viable answers to me)

/Martin

--
--
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
Mobil: +43 / 660 / 62 45 103
UID: ATU68801424

https://groups.google.com/d/msgid/ansible-project/a7ac54d2-e808-4c46-855e-5f3326b5b069%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed

[ansible-project] Re: Error with playbook, which should create user accounts and set authorized public keys

2015-07-16 Thread Shawn Mulford

You loop needs something to iterate over. Since ansible treats variables as 
strings, you need to make is a list. Try something like below:

# cat ./split_users.yml
---
- hosts: localhost
  connection: local
  gather_facts: no

  vars:
userList: {{ users }}

  tasks:
  - name: split the user list
debug: var=item
with_items: userList.split(',')


# ansible-playbook - split_users.yml -e 'users=moe,larry,curly'

PLAY [localhost] 
**

TASK: [split the user list] 
***
ok: [localhost] = (item=moe) = {
item: moe,
var: {
item: moe
}
}
ok: [localhost] = (item=larry) = {
item: larry,
var: {
item: larry
}
}
ok: [localhost] = (item=curly) = {
item: curly,
var: {
item: curly
}
}

PLAY RECAP 

localhost  : ok=1changed=0unreachable=0failed=0

On Wednesday, July 15, 2015 at 7:33:25 AM UTC-4, Dimitar Hristov wrote:

 Hi Guys,

 I get an error when I run a playbook, which aims to create new users and 
 set authorized keys for them. The error: 

 TASK: [create new users] 
 ** 
 fatal: [testvm1] = with_items expects a list or a set
 fatal: [testvm2] = with_items expects a list or a set


 Here's a part of the playbook (the first task fails):

 - name: create new users
   user: name={{ item.name }} group=wheel append=yes 
 password={{user_password}}
   with_items: {{users}}

 - name: set pub keys
   authorized_key: user={{ item.0.name }} key='{{ lookup('file', 
 item.1) }}'
   with_subelements:
 - users
 - authorized

 - name: set pass expiration
   command: /usr/bin/chage -d 0 {{ item.name }}
   with_items: {{users}}

 Here's the var file:

 ---
 wheelsregex: # *%wheel *ALL=\(ALL\) *ALL
 user_password: 12345678
 users:
   - name: test
 authorized:
  - /etc/ansible/add_users/files/test.pub
   - name: test1
 authorized:
  - /etc/ansible/add_users/files/test1.pub
   - name: test2
 authorized:
  - /etc/ansible/add_users/files/test2.pub

 Any idea where's my mistake? I saw that it might be related to ansible 
 version, so mine is 1.9.2.


 Regards,
 Dimitar



-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2c398bff-a7eb-4c74-ac37-e8febcdb4827%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: how to set up kerberos

2015-07-16 Thread J Hawkesworth

Have you installed pykerberos?

Also, use klist to check that the tgt ticket is for the user and domain you
expect.

be aware that the domain name seems to need to be in upper case so

kinit u...@my.domain.com
not

kinit u...@my.domain.com

Also, make sure you have patched windows server 2008 R2 - as per this
advice on http://docs.ansible.com/intro_windows.html#windows-system-prep

On Windows 7 and Server 2008 R2 machines, due to a bug in Windows
Management Framework 3.0, it may be necessary to install this hotfix
http://support.microsoft.com/kb/2842230 to avoid receiving out of memory
and stack overflow exceptions. Newly-installed Server 2008 R2 systems which
are not fully up to date with windows updates are known to have this issue.

I recommend running your ansible-playbook -v to see the connection
debugging information if it still fails.
Also running eventvwr on the windows machine and checking if there are any
logon events in Windows Logs - Security

Hope this helps.

If you discover anything that helps please reply so we can provide more
information in the documentation.

Jon

On Thursday, July 16, 2015 at 4:54:58 PM UTC+1, Guillaume Querso wrote:

hi all!

I am currently using ansible 1.9.2 on a RHEL 6 server. what I would like
is to connect to a windows 2008 R2 server via kerberos to be able to use
domain accounts.

- What i did: creating a ticket on the linux server for the concerned
domain account. Synchronized the clocks.
- What it is not working: i have a: 401 unauthorized access when i try
to run a playbook.

Do you know what i am missing?
Thanks for your help on this!

Guillaume Q

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a1001eab-2619-431e-8fef-d25f4d595476%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] tree/hierarchic structure for inventory?

2015-07-16 Thread Mischa ter Smitten

We are working on the same problem. Right know we are using a custom piece of 
python code with nested dicts to represent our group and return them as json.

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2830c912-8f7e-46a1-a363-8d77e0d36866%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] delegate_to does not work for array of hosts passed in to role

2015-07-16 Thread Barry Kaplan

I see the same behavior with the moustaches:

- name: Test delegate to
  shell: echo {{ groups.consul_server[0] }}  hostname -i
  register: __hostname

  delegate_to: {{ groups.consul_server[0] }}
- debug: var=__hostname


TASK: [Test delegate to] * 
10.0.196.116 REMOTE_MODULE command echo 10.0.196.116  hostname -i 
#USE_SHELL
10.0.196.116 EXEC ['/bin/sh', '-c', 'mkdir -p 
$HOME/.ansible/tmp/ansible-tmp-1437108695.64-26819269533917  chmod a+rx 
$HOME/.ansible/tmp/ansible-tmp-1437108695.64-26819269533917  echo 
$HOME/.ansible/tmp/ansible-tmp-1437108695.64-26819269533917']
10.0.196.116 PUT /tmp/tmpDXWJFH TO /home/bkaplan/.ansible/tmp/ansible-tmp-
1437108695.64-26819269533917/command
10.0.196.116 EXEC ['/bin/sh', '-c', u'LANG=en_US.UTF-8 
LC_CTYPE=en_US.UTF-8 /usr/bin/python 
/home/bkaplan/.ansible/tmp/ansible-tmp-1437108695.64-26819269533917/command; 
rm -rf /home/bkaplan/.ansible/tmp/ansible-tmp-1437108695.64-26819269533917/ 
/dev/null 21']
changed: [localhost - 10.0.196.116] = {changed: true, cmd: echo 
\10.0.196.116\  hostname -i, delta: 0:00:00.004458, end: 2015-07-17 
10:21:35.693136, rc: 0, start: 2015-07-17 10:21:35.688678, stderr: 
, stdout: 10.0.196.116\n127.0.1.1, warnings: []}


TASK: [debug var=__hostname] 
** 
ok: [localhost] = {
var: {
__hostname: {
changed: true, 
cmd: echo \10.0.196.116\  hostname -i, 
delta: 0:00:00.004458, 
end: 2015-07-17 10:21:35.693136, 
invocation: {
module_args: echo \10.0.196.116\  hostname -i, 
module_name: shell
}, 
rc: 0, 
start: 2015-07-17 10:21:35.688678, 
stderr: , 
stdout: 10.0.196.116\n127.0.1.1, 
stdout_lines: [
10.0.196.116, 
127.0.1.1
], 
warnings: []
}
}
}

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c2e3db4a-3f70-4804-99af-cda0032e9f47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] delegate_to does not work for array of hosts passed in to role

2015-07-16 Thread Barry Kaplan

Hmm, thought I tried that, but will check. Thanks Brian.

I wonder whether it would be better for it to be error if delegate_to does 
not resolve rather than silently fall back to localhost... Depending on the 
task fallback to localhost could do some serious damage.

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/76675027-d744-47ce-b4e2-0d85c498c16d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] debconf with variable is not really idempotent?

2015-07-16 Thread Phyks

Sounds like all password fields are not treated this way.

Indeed, `debconf-get-selections` returns:
mariadb-server-10.0 mysql-server/root_password_againpassword
THE_PASSWORD

--
Phyks

Le 17/07/2015 01:22, Brian Coca a écrit :
Not that i know of, debian's debconf deals with passwords this way,
probably to prevent possible security issues.

If someone figures out a way to compare all the passwords, I'm all
open. In the mysql case we can read the /etc/my.cnf, but ... really we
should not be doing that.

--
Brian Coca

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an
email to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mHpjTuozGPL8-d_aWC5dJc0Sv806tPFHDHH_zERxFkgw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/55A83D69.6040301%40phyks.me.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible provisioning through bastion SSH host

2015-07-16 Thread andrew

Correction: the non-working command is ssh -q -t jumpbox1 ssh -p %p %h
(not awsjumpbox1)

On Thursday, July 16, 2015 at 11:33:00 AM UTC-7, and...@edlio.com wrote:

Hi folks,

I'm encountering issues provisioning with Ansible via SSH from outside our
datacenter (well, AWS Virtual Private Cloud).

Our ansible.cfg looks like:

[defaults]
host_key_checking = False

[ssh_connection]
ssh_args = -o ControlPersist=15m -F ssh.config -q
scp_if_ssh = True
control_path = ~/.ssh/mux-%%r@%%h:%%p

Our ssh.config (simplified) looks like:

Host jumpbox
HostName (redacted)
User (redacted)
BatchMode yes
PasswordAuthentication no

Our boxes are running the standard Amazon AMI (which I am led to believe
are CentOS-based). We are open to rethinking the aforementioned strategy
re: the keys if that's the only way.

I'll be interested in anyone's thoughts on the matter. Thank you.

Best regards,

Andrew Merenbach
Senior DevOps Engineer at Edlio Inc

--
You received this message because you are subscribed to the Google Groups
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/3dff42a8-a853-4cee-910b-eaa33bfd07e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Match multiple consecutive lines in lineinfile

2015-07-16 Thread Phyks

Hi,

I need to add a specific line after some lines in a config file. Due to
the structure of the file, I have to match several consecutive lines to
ensure the line will go to the right place (and I know about template
and copy, but they won't fit my needs in this case).

My problem is that is seems the regexp argument in Ansible does not
match \n, contrary to the line argument.

Is there a workaround?

Thanks!
-- 
Phyks

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/55A825BF.8060804%40phyks.me.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] debconf with variable is not really idempotent?

2015-07-16 Thread Brian Coca

Not that i know of,  debian's debconf deals with passwords this way,
probably to prevent possible security issues.

If someone figures out a way to compare all the passwords, I'm all
open. In the mysql case we can read the /etc/my.cnf, but ... really we
should not be doing that.



-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mHpjTuozGPL8-d_aWC5dJc0Sv806tPFHDHH_zERxFkgw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Adding private key to remote host

2015-07-16 Thread Eugene Romero

Hi all!

In my company, we have playbooks to set up brand new servers in different 
roles, so that we can quickly configure new servers in case of expansion, 
emergency, etc.

One of the steps involved in these setups is adding a private key to some 
of them. Now, this goes great 99% of the time, since it usually involves 
adding a .ssh/id_rsa key, and ssh will attempt to use it automatically, 
(based on its name I believe)

However, the problem  is when adding private keys with a non standard name. 
Say for example a server will hold 2 keys, one id_rsa and the other 
id_rsa_git. Normally, the second key will not work until ssh is made 
aware of it with ssh-add. However, I seem to be unable to run this command 
with ansible.

Here's what I have tried:

- command: ssh-add /home/{{ user }}/.ssh/id_rsa_git

Does not work, outputs Could not open a connection to your authentication 
agent.. Fair enough.

- shell: eval $(ssh-agent)  ssh-add /home/{{ user }}/.ssh/id_rsa_git

Seems to work, but doesn't. Here's the output I get if I run with the 
verbose flag:

changed: [REDACTED] = {changed: true, cmd: eval \$(ssh-agent)\  
ssh-add /home/johndoe/.ssh/id_rsa_git, delta: 0:00:00.006037, end: 
2015-07-16 23:23:28.667177, rc: 0, start: 2015-07-16 
23:23:28.661140, stderr: Identity added: /home/johndoe/.ssh/id_rsa_git 
(/home/johndoe/.ssh/id_rsa_git), stdout: Agent pid 28489}

Seems about right, right? That would be the output you would get if you ran 
it directly on the server. However, when I go to the server and I do 
ssh-add -l, I get The agent has no identities. Huh?

I thought maybe the user wasn't right. So I tried:

shell: eval $(ssh-agent)  ssh-add /home/{{ user }}/.ssh/id_rsa_git  
whoami
remote_user: johndoe

But this of course fails, since johndoe cannot ssh into servers (it's a 
system user).

So, my question. Is there some sane way of doing the equivalent of ssh-add 
that I am not aware of?

Thanks in advance!

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e5072e2c-4550-4723-a58d-29c82373e886%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Adding private key to remote host

2015-07-16 Thread Brian Coca

ssh-add relies on environment variables that are not available to
ansible, so when you run the ssh-agent + ssh-add you are spawning a
2nd agent, while when you login you seem to be getting the env vars
for the 1st agent, which did not get the keys added.

You'll have to do something like shell: . ssh_agent_env.sh  ssh-add 

Or you can guess and set the environment vars yourself, the socket
file is normally in /tmp and owned by your user (i,.e
/tmp/ssh-7Mk71cc78Qwb/agent.4567) where the last number is the agent's
pid before forking, normally you can add +1 to get actual agent pid
and set SSH_AGENT_PID=4568
 and SSH_AUTH_SOCK=/tmp/ssh-7Mk71cc78Qwb/agent.4567. You can also use
pgrep  to confirm.

-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DiKV2mUj7o5kCSiDfQjTA732-P2H2JQFnZAEi%3Dw%3D6jEA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] delegate_to does not work for array of hosts passed in to role

2015-07-16 Thread Brian Coca

you need moustaches:

delegate_to: {{groups.consul_server[0]}}

only conditionals (when: ) do not need templating, with_ has a
haphazard support for it which we plan to deprecate.

-- 
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
Ansible Project group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAJ5XC8m27nEjF6Jja2w%2B1biwU3HQNJJy82Nf16Sve_AcG5P5xA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] debconf with variable is not really idempotent?

Re: [ansible-project] Error with playbook, which should create user accounts and set authorized public keys

[ansible-project] Importing custom python library from ansible custom module

[ansible-project] Re: win_unzip hanging

[ansible-project] Ansible copy module hangs on CentOS 7

[ansible-project] tags with roles

[ansible-project] ec2_vpc route_tables tags not created

Re: [ansible-project] Importing custom python library from ansible custom module

Re: [ansible-project] Importing custom python library from ansible custom module

Re: [ansible-project] Importing custom python library from ansible custom module

[ansible-project] how to set up kerberos

[ansible-project] Error creating RDS instance

[ansible-project] debconf with variable is not really idempotent?

Re: [ansible-project] Re: Error with playbook, which should create user accounts and set authorized public keys

Re: [ansible-project] Importing custom python library from ansible custom module

Re: [ansible-project] debconf with variable is not really idempotent?

Re: [ansible-project] Importing custom python library from ansible custom module

Re: [ansible-project] tags with roles

Re: [ansible-project] debconf with variable is not really idempotent?

[ansible-project] Ansible provisioning through bastion SSH host

Re: [ansible-project] Importing custom python library from ansible custom module

[ansible-project] Re: Error with playbook, which should create user accounts and set authorized public keys

[ansible-project] Re: how to set up kerberos

[ansible-project] tree/hierarchic structure for inventory?

Re: [ansible-project] delegate_to does not work for array of hosts passed in to role

Re: [ansible-project] delegate_to does not work for array of hosts passed in to role

Re: [ansible-project] debconf with variable is not really idempotent?

[ansible-project] Re: Ansible provisioning through bastion SSH host

[ansible-project] Match multiple consecutive lines in lineinfile

Re: [ansible-project] debconf with variable is not really idempotent?

[ansible-project] Adding private key to remote host

Re: [ansible-project] Adding private key to remote host

Re: [ansible-project] delegate_to does not work for array of hosts passed in to role

33 matches

Site Navigation

Mail list logo

Footer information