[ansible-project] New 'bigip_user' module -- testers needed

[Matt Hite]

Would love to get a few more eyes from F5 BIG-IP on a new module I just
submitted for managing users.

Here's the pull request:

https://github.com/ansible/ansible-modules-extras/pull/1370

Thanks,

-M

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFOdRHJUFc22zSk6W3w-PLP5DjZ8JG9qMDDmTbikza-dw%3DQ6NQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Can't Ping - Failed to transfer file to...

[Ivan Ferrera]

Awesome, I checked for, and only displayed on interactive session and works 
now; thanks!





On Monday, December 14, 2015 at 6:02:18 PM UTC-5, Matt Martz wrote:
>
> You could either add redirection to send output to /Dev/null or do 
> something like checking whether it is an interactive session before running 
> some commands:
>
> http://tldp.org/LDP/abs/html/intandnonint.html 
>
>
>
> On Monday, December 14, 2015, Ivan Ferrera  
> wrote:
>
>> Hi, I have something echoing in /etc/bashrc; need some guidance here.
>>
>> absible.cfg:
>> scp_if_ssh = True
>>
>> hosts:
>> [myhosts]
>> host.mydomain.com ansible_connection=ssh ansible_ssh_user=ec2-user 
>> ansible_ssh_private_key_file=/home/ec2-user/.ssh/id_rsa
>>
>> Output of ansible -i hosts myhosts -m ping -:
>> ---
>>  ESTABLISH CONNECTION FOR USER: ec2-user
>>  REMOTE_MODULE ping
>>  EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
>> ControlPersist=60s -o 
>> ControlPath="/home/ec2-user/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
>> IdentityFile="/home/ec2-user/.ssh/id_rsa" -o 
>> KbdInteractiveAuthentication=no -o 
>> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
>> -o PasswordAuthentication=no -o ConnectTimeout=10 host.mydomain.com 
>> /bin/sh -c 'mkdir -p 
>> $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005 && chmod a+rx 
>> $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005 && echo 
>> $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005'
>>  PUT /tmp/tmpQ6fYEm TO 
>> /home/ec2-user/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005/ping
>> host.mydomain.com | FAILED => failed to transfer file to 
>> /home/ec2-user/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005/ping:
>>
>> Agent pid 8554
>> ---
>> Applicable section of /etc/bashrc:
>>
>> SSHAGENT=/usr/bin/ssh-agent
>> SSHAGENTARGS="-s"
>> if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
>> eval `$SSHAGENT $SSHAGENTARGS`
>> trap "kill $SSH_AGENT_PID" 0
>> fi
>>
>> Is there a workaround for ssh that echos something after login?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/43f96a64-27f2-433a-930b-6446569b9c67%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/22594bd9-aced-48ce-9423-3079e73e753b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Using ec2_facts inside a playbook syntax

[Vasiliy Boulytchev]

Folks, consider the following playbook:

##
- name: Gather facts
  action: ec2_facts

- debug: msg="{{ ec2_facts }}"
##

Produces a fatal error: `fatal: [10.1.15.119] => One or more undefined 
variables: 'ec2_facts' is undefined`

However, It does seem to be pulling in the ec2 metadata:

ok: [10.1.15.119] => {"ansible_facts": {"ansible_ec2_ami_id": "ami-f0091d...


How does one access this metadata instance a playbook?  I guess I need help 
with correct syntax.

Is this correct?  {{ ansible_facts.ansible_ec2_ami_id }} ?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c78a0570-a7de-4bbb-995a-1f6b48aafd52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: [ansible-devel] New 'bigip_user' module -- testers needed

[Tim]

Hi Matt,

Thanks for the new PR. I was going to wait for 2.0 to be released to send
these remaining PRs in for new F5 modules, but since I saw this thread,
figured I'd speak up sooner rather than later.

I maintain the f5network's modules here

https://github.com/F5Networks/f5-ansible/tree/master/library

and would be interested in working together with you on this one if you're
open to that.

Lemme know.

Thanks!
tim

On Mon, Dec 14, 2015 at 4:06 PM, Matt Hite  wrote:

> Would love to get a few more eyes from F5 BIG-IP on a new module I just
> submitted for managing users.
>
> Here's the pull request:
>
> https://github.com/ansible/ansible-modules-extras/pull/1370
>
> Thanks,
>
> -M
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-devel+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAB0Zv8jjzuyivu1i59w-aHPR5XYJtNuVWnDzbmzXHc7tt%3DzvZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: git pull failing without error

[Scot Hacker]

Still not sure what was going on with this or why I couldn't get useful 
debug info on the problem, but finally rewrote the task as a simple 
command: block rather than a git: block:

- name: "Update code from git repo"
  command: "git pull chdir={{ project_root }}"
  tags:
- "git"
- "simple"


which works fine. Odd.

./s



On Wednesday, December 9, 2015 at 5:56:52 AM UTC-8, Scot Hacker wrote:
>
> Using ansible 1.9.4, the git checkout task below was working for me up 
> until a few days ago:
>
> - name: "Update from git repo"
>   git:
> repo: "g...@github.com:mine/foo.git"
> dest: "/some/path"
> version: "dev"
> accept_hostkey: yes
> key_file: "/some/path/.ssh/id_rsa"
>
>
> Now, all of a sudden it is failing:
>
> failed: [domain.edu] => {"failed": true}
>
> msg: Failed to checkout branch dev
>
>
> FATAL: all hosts have already failed -- aborting
>
>
> Clearly something has changed but I'm not sure what. However, the error is 
> so vague I've got no clue how to debug. And when I run my playbook with 
> - I still don't get anything useful.
>
>
> The branch name has not changed, and as root on the host, I can "git pull" 
> just fine. And if I do update it manually, ansible still can't get past 
> this task. I do notice that verbose output seems to report the repo var as 
> empty:
>
>
> REMOTE_MODULE git version=dev key_file=/var/www/.ssh/id_rsa 
> dest=/opt/portal repo=
>
>
> Even though it's not. Is there any other way to get useful troubleshooting 
> info here? Clues?
>
>
> Thanks.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/04aac586-4691-401b-8be5-484846b46261%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] nested variables - again

[mtovey]

I see a lot of discussion about nested variables in Ansible, but I have not 
yet been able to find a solution to my problem.  So yet again another 
question about nested variables (pease forgive me if this has been answered 
before, just point me at the previous discussions).

I want to do define a structure like the following:

STRUCTURE:
list1:
  - {var1: val1, var2, val2, var3, val3}

list2:
  - {var1: val1, var2, val2, var3, val3}

list3:
  - {var1: val1, var2, val2, var3, val3}

Then is a playbook I want to be able to use the value in a variable to 
select one of the lists:


  vars:
  list: list1

  - debug: msg="var1={{item.var1}}, var2={{item.var2}}, var3={{item.var3}}"
with_(items,subelements,nested,dict,?)
- STRUCTURE
- list

Essentially, I need to have a list of dictionaries, I need to select one of 
those dictionaries with a key, and then I need to pull the values out of 
the selected dictionary.  What is the best way to do this?
Thanks,
-Mark

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/53dd7196-e345-44da-8746-f52356543e97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Unable to Authenticate to Satellite Datacenters Using Kerberos

[Trond Hindenes]

I agree with what Jon said.

Though, the multi-domain thing with krb5 is interesting and something that 
I haven't actually tested. However, if this truly is a single-forest model 
(or you have two-way trusts between your domains) there should be nothing 
stopping you from using kinit to grab a kerb ticket from the "DC0" domain 
and using that to control your "satelite" nodes - of course given that the 
"root domain identity" which the kerb ticket represents actually have 
(admin) rights on that node.

I'll try and do some testing on this and get back to you. 

Either this is a __very_ strange design or you might be mixing domain names 
with domain controller names in your writeup. Either way, it makes it a 
little hard to keep track of how stuff is organized.

On Sunday, December 13, 2015 at 10:21:46 PM UTC+1, Corwin Brown wrote:
>
> Jon,
>
> As far as my current organization of things, yeah I'm starting to see 
> that, which is a bummer. The intent was to place all the Ansible commands 
> behind a button in Rundeck , so we could safely 
> start handing out access to the less-operational focused people in the 
> company, and centralizing it does make life easier. From previous 
> experience I've been able to get away with this this at a way larger scale 
> for Linux machines, but this is the first time I've had Windows in the mix 
> and it seems to be fighting this architecture. *sigh* oh well, it was cool, 
> but perhaps not as practical as I wanted. I do already have control 
> machines in each datacenter, so I guess I'll have Rundeck SSH between them 
> and kick off the command -- that'll let me do each datacenter in parallel 
> so the extra complexity gives me a little bit of a win either way.
>
> This comparison between SSH keys and Kerb tickets is actually incredibly 
> helpful. I kind of assumed they were more or less the same thing, which is 
> why the networking limitation seemed so painful. 
>
> Well, looks like the answer to my original question may just be "Stop 
> wanting to do that." Thankfully with the holiday slowdown I can take some 
> time and try and re-organize it into something more distributed.
>
>
>
> On Sun, Dec 13, 2015 at 10:34 AM, J Hawkesworth  > wrote:
>
>> Hey,
>>
>> I'm not sure I fully understand all the domains you have set up in your 
>> organisation, but...
>>
>> You can definitely configure multiple realms in your /etc/krb5.conf and 
>> use kinit to acquire tickets for more than one domain at a time.  I've done 
>> this enough to be confident in saying it works, provided you have network 
>> connectivity.
>>
>> The other thing I'll add here is... you might want, or in the end need, 
>> to organise things differently, for two reasons.
>>
>> Ansible definitely works best when it is close, in networking terms, to 
>> the machines you want to control.  I have managed to set up machines in a 
>> remote data center using ansible, but it was slow and I was at the mercy of 
>> other network traffic as to whether things would time out.  This is going 
>> back a little while, and Ansible 2.0 transfers files to windows much more 
>> quickly, so perhaps less of a problem now, but I wound up having an ansible 
>> controller in each remote datacenter and have no intention of changing 
>> things.  
>>
>> In the end I had to arrange things this way as the network team had to 
>> say to no to my request to open up connections to certain data centers, 
>> even though they understood why I wanted to do so.  Since my ansible 
>> configuration is available from source control, and source control is 
>> available to all data centers, once the ansible controllers were set up it 
>> was pretty straightforward to shift to connecting to a remote ansible for 
>> each data center.
>>
>> To get a bit philosophical for a minute, ssh keys and kerberos tickets 
>> are different in their intents.  An ssh key lets you in to a given machine, 
>> but the kerb ticket tries to say 'I am this identity, let me do whatever I 
>> am allowed to on any machine that belongs to this domain'.  So its can be a 
>> powerful thing and therefore those who administer domains have to be 
>> perhaps more wary about what's allowed than in the ssh key world, where a 
>> key is (I think) only good for one host.
>>
>> Hope this helps,
>>
>> Jon
>>
>>
>>
>>
>>
>>
>> On Sunday, December 13, 2015 at 4:07:14 PM UTC, Corwin Brown wrote:
>>>
>>> Sorry for the delay, I've been out on vacation all last week.
>>>
>>> First off, Trond, your blog post on Kerberos was what enabled me to get 
>>> as far as I did, so thanks! When it comes to Windows + Ansible, you and 
>>> Jhawksworth are my heros.
>>>
>>> Here's the hierarchy as I understand it, I'll obfuscate way less this 
>>> time. COMPANY is the only part that's changed:
>>>
>>> We have a primary domain controller that contains all of our users. That 
>>> is:
>>>  
>>>
>>> PROD.COMPANY.MGT
>>>
>>>
>>> We have 5 Datacenters, each 

Re: [ansible-project] Re: Ansible installation from source (git clone) gives "ImportError: No module named ansible.runner"

[P]

This morning have discovered something: when I run "ansible --version" just 
after "source ./hacking/env-setup" command, it works well (I have the 
correct output).
But when I copy the new PATH, PYTHONPATH and MANPATH to a profile and 
re-login it doesn't work.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fb9665e1-8318-4aa2-bd4c-d463c3e99b6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Using ec2_facts inside a playbook syntax

[Alexey Vazhnov]

ec2_facts return variables with name ansible_ec2*.
If you want to see all variables, try to 
use https://github.com/f500/ansible-dumpall
«{{ ansible_facts.ansible_ec2_ami_id }}» is wrong, use «{{ 
ansible_ec2_ami_id }}».

On Tuesday, December 15, 2015 at 6:39:19 AM UTC+5, Vasiliy Boulytchev wrote:
>
> Folks, consider the following playbook:
>
> ##
> - name: Gather facts
>   action: ec2_facts
>
> - debug: msg="{{ ec2_facts }}"
> ##
>
> Produces a fatal error: `fatal: [10.1.15.119] => One or more undefined 
> variables: 'ec2_facts' is undefined`
>
> However, It does seem to be pulling in the ec2 metadata:
>
> ok: [10.1.15.119] => {"ansible_facts": {"ansible_ec2_ami_id": 
> "ami-f0091d...
>
>
> How does one access this metadata instance a playbook?  I guess I need 
> help with correct syntax.
>
> Is this correct?  {{ ansible_facts.ansible_ec2_ami_id }} ?
>
> Thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d014440b-eae6-46cc-8fbf-ffbbaca3d582%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible or Salt?

[Fff Fff]

I am leaning Ansible but it's close.  

Looking for peoples opinions.

So far I prefer Ansible's serverless design doing everything over ssh with 
keys.  I tries salt-ssh but it's quite rudimentary in comparison.  If 
salt-ssh let me use pillars data instead of a roster file  to access 
servers it would be a lot more useful.  Having to create a separate roster 
file which is no where near as full featured as Ansibles inventory file 
makes salt-ssh a non-starter.

Ansible is slower than using a salt minion agent but I don't think that 
will be an issue for me.

I have a problem with Ansibles messy directory/file structure though. 
 Stuff is kind of all over the place.  Seems like a lot of things have been 
bolted on and it shows.  Salt seems more streamlined in that respect.  Also 
appears that Salt has a more logical and consistent syntax for sls files. 
 I think it is more powerful how it uses Jinja and the ability to write 
more programming oriented scripts although not sure if I will every need 
that. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9fbd1f3a-4267-4782-941e-591e75ae2f48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Iterating over a list in a dictionary within a Jinja2 template

[cmacrae]

So, I solved what I wanted to do :)  
For anyone interested, here's how I got it working:

Bot definition looks like this:
hubot_bots:
  testbot:
owner: 'Bot Wrangler '
name: Hubot
descr: Delightfully aware robutt
adapter: rocketchat
environment:
  rocketchat_room: GENERAL
  rocketchat_user: Hubot
  rocketchat_password: Hubot


Task that deploys the template which reads the above values, looks like 
this:
  - name: Deploy service files for each Hubot
template:
  src: hubot.service.j2
  dest: /usr/lib/systemd/system/hubot-{{ item.key }}.service
  owner: root
  group: root
  mode: 0644
with_dict: hubot_bots


And finally, the Jinja2 code that does what I need (the significant part 
being the for loops):
[Unit]
Description=Hubot-{{ item.key }}
Requires=network.target
After=network.target

[Service]
Type=simple
WorkingDirectory={{ hubot_village_path }}/{{ item.key }}
User={{ hubot_admin_user }}

Restart=always
RestartSec=10

{% for env in item.value.environment %}
{% for k, v in env.items() %}
Environment={{ k |upper }}={{ v }}
{% endfor %}
{% endfor %}  
 

ExecStart={{ hubot_village_path }}/{{ item.key }}/bin/hubot --adapter {{ 
item.value.adapter }}

[Install]
WantedBy=multi-user.target


Hope this helps anyone that stumbles upon it!
On Tuesday, 8 December 2015 10:57:23 UTC, cmacrae wrote:
>
> Hi guys,
>
> I've got something I'd really like some help on, not just the solution, 
> but the understanding and perhaps any related documentation/articles.
>
> I'm writing a role for deployment of Hubot.
> To define bots to be deployed, I'm using a dictionary, like so:
> hubot_bots:
>   testbot:
> owner: 'Bot Wrangler '
> name: Hubot
> descr: Delightfully aware robutt
> adapter: rocketchat
> environment:
>   - rocketchat_room: GENERAL
>   - rocketchat_user: Hubot
>   - rocketchat_password: Hubot
>
> Using 'with_items' I can iterate over items in 'hubot_bots', like 'testbot' 
> here, and create resources, such as directories named after the key '
> testbot' and then run commands accessing the values using '
> item.value.owner' and 'item.value.adapter', etc.
>
> Now, for each of these bot definitions, I want to deploy a Systemd service 
> file, for management of each bot process.
> Within this template, I want to refer to some of the values as defined 
> above, including iterating over each key/value in the 'environment' list.
>
> I tried my best the other evening with a few combinations of 'with_dict' 
> and 'with_nested' and felt I was making some progress, but definitely not 
> getting the desired results, nor understanding how it was working.
>
> Here's the task I'm deploying the template with:
>   - name: Deploy service files for each Hubot
> template:
>   src: hubot.service.j2
>   dest: /usr/lib/systemd/system/hubot-{{ item.key }}.service
>   owner: root
>   group: root
>   mode: 0644
> with_dict: hubot_bots
>
>
> And here's the template I'm using:
> [Unit]
> Description=Hubot-{{ item }}
> Requires=network.target
> After=network.target
>
> [Service]
> Type=simple
> WorkingDirectory={{ hubot_village_path }}/{{ item }}
> User={{ hubot_admin_user }}
>
> Restart=always
> RestartSec=10
>
> {% for env in item.value.environment %}
> Environment={{ env|upper}}={{ env.value }}
> {% endfor %}
>
> ExecStart={{ hubot_village_path }}/{{ item }}/bin/hubot --adapter {{ item.
> value.adapter }}
>
> [Install]
> WantedBy=multi-user.target
>
>
> As you can see, I want to refer to each bot defined under 'hubot_bots' 
> and then some other values.
>
> Would anyone be able to point me in the right direction on how to get the 
> desired outcome, and understand how this works.
> Any documentation or articles would be great. I'm still grasping concepts 
> with YAML structures and the Jinja2 template engine - I'd love to learn as 
> much as I can about it, as I can see it can be very powerful.
>
> So, thank you so much in advance if anyone can help me on this!
>
> Kind Regards,
> Calum
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9acfbf06-8046-4053-9adf-5187a6419a2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Selecting a variable from register

[Kjartan Clausen]

I'm trying to automate creating an AWS VPC with routes, subnets, instances, 
RDS, etc.
so I created the following yml:

---

-   hosts: local
connection: local
#gather_facts: False
tags: provisioning
# Which region and AZ's should this VPC be in?
vars:
  region: us-west-1
  Azone1: us-west-1c
  primary: 1c
  Azone2: us-west-1b
  secondary: 1b
  vpc_name: "Test"
  cidr: "94"

tasks:
- name: Create VPC
  ec2_vpc:
state: present
cidr_block: 10.{{ cidr }}.0.0/16
resource_tags:
  Name: "{{ vpc_name }}"
subnets:
  - cidr: 10.{{ cidr }}.220.0/24
az: "{{ Azone1 }}"
resource_tags:
  Name: "{{ vpc_name }}_NAT_{{ primary }}"
  - cidr: 10.{{ cidr }}.221.0/24
az: "{{ Azone2 }}"
resource_tags:
  Name: "{{ vpc_name }}_NAT_{{ secondary }}"
internet_gateway: True
route_tables:
  - subnets:
  - 10.{{ cidr }}.220.0/24
  - 10.{{ cidr }}.221.0/24
routes:
  - dest: 0.0.0.0/0
gw: igw
region: "{{ region }}"
  register: vpc

- debug: var=vpc.subnets

# Problem statement
- debug: var=vpc.subnets.id
  when: vpc.subnets.az == "{{Azone1}}"

In order to create an instance on a given subnet I need to be able to 
select that subnet, but my selection statement doesn't work.
Output is:
PLAY [local] 
**

GATHERING FACTS 
***
ok: [10.10.20.10]

TASK: [Create VPC] 

changed: [10.10.20.10]

TASK: [debug var=vpc.subnets] 
*
ok: [10.10.20.10] => {
"var": {
"vpc.subnets": [
{
"az": "us-west-1c",
"cidr": "10.94.220.0/24",
"id": "subnet-6555e73c",
"resource_tags": {
"Name": "Test_NAT_1c"
}
},
{
"az": "us-west-1b",
"cidr": "10.94.221.0/24",
"id": "subnet-3983fe5c",
"resource_tags": {
"Name": "Test_NAT_1b"
}
}
]
}
}

TASK: [debug var=vpc.subnets.id] 
**
fatal: [10.100.200.10] => error while evaluating conditional: 
vpc.subnets.az == "us-west-1c"

FATAL: all hosts have already failed -- aborting

What do I need to do in order to get the us-west-1c subnet id as output?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/35955ab4-6259-4916-a423-e1a138792823%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] sExperiencing error in path with white spaces

[omar gourari]

Hi,
I'm having a problem similar 
to https://github.com/ansible/ansible/issues/8555
Everytime I run the vagrant up I catch an error due to a white space 
present in the project path
I'm working with the following project  
but I've experienced the same issue in the same path even with an other 
package 

*Setup*:
Ansible 2.0.0 (installed with brew)
Trellis (https://github.com/roots/trellis)



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/66155b63-cb93-4874-ae3a-4816f14ba356%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Iterating over a list in a dictionary within a Jinja2 template

[cmacrae]

So, I solved what I wanted to do :)  
For anyone interested, here's how I got it working:

Bot definition looks like this:
hubot_bots:
  testbot:
owner: 'Bot Wrangler '
name: Hubot
descr: Delightfully aware robutt
adapter: rocketchat
environment:
  - rocketchat_room: GENERAL
  - rocketchat_user: Hubot
  - rocketchat_password: Hubot


Task that deploys the template which reads the above values, looks like 
this:
  - name: Deploy service files for each Hubot
template:
  src: hubot.service.j2
  dest: /usr/lib/systemd/system/hubot-{{ item.key }}.service
  owner: root
  group: root
  mode: 0644
with_dict: hubot_bots


And finally, the Jinja2 code that does what I need (the significant part 
being the for loops):
[Unit]
Description=Hubot-{{ item.key }}
Requires=network.target
After=network.target

[Service]
Type=simple
WorkingDirectory={{ hubot_village_path }}/{{ item.key }}
User={{ hubot_admin_user }}

Restart=always
RestartSec=10

{% for env in item.value.environment %}
{% for k, v in env.items() %}
Environment={{ k |upper }}={{ v }}
{% endfor %}
{% endfor %}  
 

ExecStart={{ hubot_village_path }}/{{ item.key }}/bin/hubot --adapter {{ 
item.value.adapter }}

[Install]
WantedBy=multi-user.target


Hope this helps anyone that stumbles upon it!

On Tuesday, 8 December 2015 10:57:23 UTC, cmacrae wrote:
>
> Hi guys,
>
> I've got something I'd really like some help on, not just the solution, 
> but the understanding and perhaps any related documentation/articles.
>
> I'm writing a role for deployment of Hubot.
> To define bots to be deployed, I'm using a dictionary, like so:
> hubot_bots:
>   testbot:
> owner: 'Bot Wrangler '
> name: Hubot
> descr: Delightfully aware robutt
> adapter: rocketchat
> environment:
>   - rocketchat_room: GENERAL
>   - rocketchat_user: Hubot
>   - rocketchat_password: Hubot
>
> Using 'with_items' I can iterate over items in 'hubot_bots', like 'testbot' 
> here, and create resources, such as directories named after the key '
> testbot' and then run commands accessing the values using '
> item.value.owner' and 'item.value.adapter', etc.
>
> Now, for each of these bot definitions, I want to deploy a Systemd service 
> file, for management of each bot process.
> Within this template, I want to refer to some of the values as defined 
> above, including iterating over each key/value in the 'environment' list.
>
> I tried my best the other evening with a few combinations of 'with_dict' 
> and 'with_nested' and felt I was making some progress, but definitely not 
> getting the desired results, nor understanding how it was working.
>
> Here's the task I'm deploying the template with:
>   - name: Deploy service files for each Hubot
> template:
>   src: hubot.service.j2
>   dest: /usr/lib/systemd/system/hubot-{{ item.key }}.service
>   owner: root
>   group: root
>   mode: 0644
> with_dict: hubot_bots
>
>
> And here's the template I'm using:
> [Unit]
> Description=Hubot-{{ item }}
> Requires=network.target
> After=network.target
>
> [Service]
> Type=simple
> WorkingDirectory={{ hubot_village_path }}/{{ item }}
> User={{ hubot_admin_user }}
>
> Restart=always
> RestartSec=10
>
> {% for env in item.value.environment %}
> Environment={{ env|upper}}={{ env.value }}
> {% endfor %}
>
> ExecStart={{ hubot_village_path }}/{{ item }}/bin/hubot --adapter {{ item.
> value.adapter }}
>
> [Install]
> WantedBy=multi-user.target
>
>
> As you can see, I want to refer to each bot defined under 'hubot_bots' 
> and then some other values.
>
> Would anyone be able to point me in the right direction on how to get the 
> desired outcome, and understand how this works.
> Any documentation or articles would be great. I'm still grasping concepts 
> with YAML structures and the Jinja2 template engine - I'd love to learn as 
> much as I can about it, as I can see it can be very powerful.
>
> So, thank you so much in advance if anyone can help me on this!
>
> Kind Regards,
> Calum
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e276ba53-ee81-48b1-a634-20fbcec7d7bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Experiencing some provisioning errors with project path with empty spaces

[omar gourari]

Hi,
I'm having a problem similar to 
https://github.com/ansible/ansible/issues/8555
Everytime I run the vagrant up I catch an error due to a white space 
present in the project path
I'm working with the following project but I've experienced the same issue 
in the same path even with an other package

*Setup:*
Ansible 2.0.0 (installed with brew)
Trellis (https://github.com/roots/trellis)



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cec76df3-1875-434d-ad65-a994faefbd2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Unable to Authenticate to Satellite Datacenters Using Kerberos

[Corwin Brown]

Sorry for the difficulty, to be clear though, I'm not mixing up domain 
names/DNS entries with domain controllers. Each datacenter really does have 
its own domain controller. It was set up this way in a misguided attempt 
for datacenter encapsulation. The person who's architected this all has 6-7 
years of experience but all at the same company where he was forced to 
build everything out, so he's never seen how other people set things up. 
This leaves me with lots of really weird setups that i have to tip-toe 
around. It's an interesting, but tiring, challenge 

On Monday, December 14, 2015 at 3:56:39 AM UTC-6, Trond Hindenes wrote:
>
> I agree with what Jon said.
>
> Though, the multi-domain thing with krb5 is interesting and something that 
> I haven't actually tested. However, if this truly is a single-forest model 
> (or you have two-way trusts between your domains) there should be nothing 
> stopping you from using kinit to grab a kerb ticket from the "DC0" domain 
> and using that to control your "satelite" nodes - of course given that the 
> "root domain identity" which the kerb ticket represents actually have 
> (admin) rights on that node.
>
> I'll try and do some testing on this and get back to you. 
>
> Either this is a __very_ strange design or you might be mixing domain 
> names with domain controller names in your writeup. Either way, it makes it 
> a little hard to keep track of how stuff is organized.
>
> On Sunday, December 13, 2015 at 10:21:46 PM UTC+1, Corwin Brown wrote:
>>
>> Jon,
>>
>> As far as my current organization of things, yeah I'm starting to see 
>> that, which is a bummer. The intent was to place all the Ansible commands 
>> behind a button in Rundeck , so we could safely 
>> start handing out access to the less-operational focused people in the 
>> company, and centralizing it does make life easier. From previous 
>> experience I've been able to get away with this this at a way larger scale 
>> for Linux machines, but this is the first time I've had Windows in the mix 
>> and it seems to be fighting this architecture. *sigh* oh well, it was cool, 
>> but perhaps not as practical as I wanted. I do already have control 
>> machines in each datacenter, so I guess I'll have Rundeck SSH between them 
>> and kick off the command -- that'll let me do each datacenter in parallel 
>> so the extra complexity gives me a little bit of a win either way.
>>
>> This comparison between SSH keys and Kerb tickets is actually incredibly 
>> helpful. I kind of assumed they were more or less the same thing, which is 
>> why the networking limitation seemed so painful. 
>>
>> Well, looks like the answer to my original question may just be "Stop 
>> wanting to do that." Thankfully with the holiday slowdown I can take some 
>> time and try and re-organize it into something more distributed.
>>
>>
>>
>> On Sun, Dec 13, 2015 at 10:34 AM, J Hawkesworth <
>> j.r.haw...@googlemail.com> wrote:
>>
>>> Hey,
>>>
>>> I'm not sure I fully understand all the domains you have set up in your 
>>> organisation, but...
>>>
>>> You can definitely configure multiple realms in your /etc/krb5.conf and 
>>> use kinit to acquire tickets for more than one domain at a time.  I've done 
>>> this enough to be confident in saying it works, provided you have network 
>>> connectivity.
>>>
>>> The other thing I'll add here is... you might want, or in the end need, 
>>> to organise things differently, for two reasons.
>>>
>>> Ansible definitely works best when it is close, in networking terms, to 
>>> the machines you want to control.  I have managed to set up machines in a 
>>> remote data center using ansible, but it was slow and I was at the mercy of 
>>> other network traffic as to whether things would time out.  This is going 
>>> back a little while, and Ansible 2.0 transfers files to windows much more 
>>> quickly, so perhaps less of a problem now, but I wound up having an ansible 
>>> controller in each remote datacenter and have no intention of changing 
>>> things.  
>>>
>>> In the end I had to arrange things this way as the network team had to 
>>> say to no to my request to open up connections to certain data centers, 
>>> even though they understood why I wanted to do so.  Since my ansible 
>>> configuration is available from source control, and source control is 
>>> available to all data centers, once the ansible controllers were set up it 
>>> was pretty straightforward to shift to connecting to a remote ansible for 
>>> each data center.
>>>
>>> To get a bit philosophical for a minute, ssh keys and kerberos tickets 
>>> are different in their intents.  An ssh key lets you in to a given machine, 
>>> but the kerb ticket tries to say 'I am this identity, let me do whatever I 
>>> am allowed to on any machine that belongs to this domain'.  So its can be a 
>>> powerful thing and therefore those who administer domains have to be 
>>> perhaps more wary about what's allowed than in the ssh 

[ansible-project] Synchronize between Remote hosts

[sveera]

I am trying to synchronize data between remote hosts using the synchroni 
module. 

HOST A-- Ansible Control Node
HOST B-  Host with Data or Source of the data that needs to be copied
HOST C- Destination host where data needs to be copied


I can run the command below on HOSTB and execute it succesfully
 rsync -avz --perms --chmod=777 -e "ssh -i privatekey.pem" Table 
ubuntu@HOSTC:/tmp


I have the following setup in a playbook and it gives me the error below 
when I am running the following playbook
 msg: unsupported parameter for module: ' -avz --perms --chmod




- hosts: HOSTB
  user: ubuntu
  sudo: true
  vars_files:
 - vars/vars.yml
  tasks:
   - name: Synchronize files from Source to dest
 synchronize: src={{ export_directory }} dest={{ upload_directory }} 
mode=push rsync_opts= '-avz --perms --chmod=777 -e "ssh -i {{ key_directory 
}}/{{ key }}"'
 delegate_to: HOSTB

How Can i make this work

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e39f160d-d25d-43ec-9ee6-ea3bbad3ee20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Synchronize between Remote hosts

[Paul Markham]

>
> According to the documentation, rsync_opts needs to be an array, not a 
> string. The last example in the documentation shows this:
>

synchronize:
src: /tmp/helloworld
dest: /var/www/helloword
rsync_opts:
  - "--no-motd"  - "--exclude=.git" 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b91ba364-b074-4347-8ed6-b1d08ff07f27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How to match regex tab?

[ju]

Hi,

I am running ansible version 1.9. I am using replace module to add 
parameters to kernel line which starting with a  in the grub.conf file

kernel /boot/vmlinuz-2.6.32-573.7.1.el6.x86_64 ro 
root=UUID=f360dd95-c0e6-49ff-b346-2dce04d6b433 rd_NO_LUKS  KEYBOARDTYPE=pc 
KEYTABLE=us elevator=noop biosdevname=0 LANG=en_AU.UTF-8 rd_NO_MD 
SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_NO_LVM rd_NO_DM 
console=ttyS0,115200n8 console=tty0 consoleblank=0 net.ifnames=0

I tried the regexp="^[\t]kernel*\n$", but ansible cannot detect the kernel 
line, the regexp="^[\t]kernel" did not work either. No luck for lineinfile 
module either. What I could be missing here? Appreciate any clues.

Thank you.

- j


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7dd32acf-c568-4768-a7a4-4cd20e508f2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: How to match regex tab?

[Tim Rupp]

Hi j,

Are you sure that that file contains a tab? Or does it just look like a 
tab, or, is your editor replacing tabs with spaces?

I tried this playbook

---

- name: ASDASD
  hosts: all
  gather_facts: false
  connection: local

  tasks:
  - lineinfile:
dest: ok.conf
regexp: "^[\t]kernel"
line: "tim"


With a file I created in nano (my vim is configured to replace tabs with 
spaces) that contained the following

kernel /boot/vmlinuz-2.6.32-573.7.1.el6.x86_

and it replaced it with "tim" as expected. The same, with tab converted to 
spaces, added the "tim" line as expected. Tested on 1.9.2 on wheezy.

-tim

On Monday, December 14, 2015 at 8:13:35 PM UTC-8, ju wrote:
>
> Hi,
>
> I am running ansible version 1.9. I am using replace module to add 
> parameters to kernel line which starting with a  in the grub.conf file
>
> kernel /boot/vmlinuz-2.6.32-573.7.1.el6.x86_64 ro 
> root=UUID=f360dd95-c0e6-49ff-b346-2dce04d6b433 rd_NO_LUKS  KEYBOARDTYPE=pc 
> KEYTABLE=us elevator=noop biosdevname=0 LANG=en_AU.UTF-8 rd_NO_MD 
> SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_NO_LVM rd_NO_DM 
> console=ttyS0,115200n8 console=tty0 consoleblank=0 net.ifnames=0
>
> I tried the regexp="^[\t]kernel*\n$", but ansible cannot detect the kernel 
> line, the regexp="^[\t]kernel" did not work either. No luck for lineinfile 
> module either. What I could be missing here? Appreciate any clues.
>
> Thank you.
>
> - j
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/fe01f8d2-666c-49c7-ba08-5fa2ef9fa095%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] galaxy 2.0 import question

[Tim Rupp]

Hey folks,

I was testing the new galaxy 2.0 import process from the p.o.v. of a github 
organization and had a question.

Right now it imports as "MyOrganization.some-twisted-rolename"

I was curious if there might be a way to make that name less...dunno how to 
phrase this other than "internal"...so that if someone were going to 
install it they would get a "nice" role name without renaming the github 
repository to something that would make all the other developers in the 
organization tilt their heads and say "what?"

For example, to make it "pretty" (using a contrived example) if I were the 
Redhat organization with a role in github called ansible-jboss, then galaxy 
would make it available as "Redhat.ansible-jboss" when I actually just want 
it to be available as "Redhat.jboss". But to rename the repo in github to 
be just "jboss" would make existing jboss developers think that the jboss 
source was in that directory instead of ansible modules.

Hope that explanation was clear.

Any help/ideas appreciated. Maybe I just missed something obvious in the UI 
or release notes.

Thanks,
tim

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ee73e9d6-91a6-4ba8-9dba-926c4a2522b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How to use external variable inside an ansible inventory file.

[anoop . kolari]

Hi,

I have an inventory file 'inventory/localhost' and contains;
[localhost]
"{{MYSITE_NAME}}-local.com"ansible_ssh_port=


Lets say 'MYSITE_NAME' is a variable defined in some file. I need to access 
this inside my inventory file. Please suggest some solution.

-- 
 =
DISCLAIMER: The information in this message is confidential and may be 
legally privileged. It is intended solely for the addressee. Access to this 
message by anyone else is unauthorized. If you are not the intended 
recipient, any disclosure, copying, or distribution of the message, or any 
action or omission taken by you in reliance on it, is prohibited and may be 
unlawful. Please immediately contact the sender if you have received this 
message in error. Further, this e-mail may contain viruses and all 
reasonable precaution to minimize the risk arising there from is taken by 
Tarams. Tarams is not liable for any damage sustained by you as a result of 
any virus in this e-mail. All applicable virus checks should be carried out 
by you before opening this e-mail or any attachment thereto.
Thank you - Tarams Software Technologies Pvt.Ltd.
=

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cee5bcee-2c51-41c2-879a-71b5d9be0c0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] help: install/upgrade a list of RPMs

[张斌]

 hi,

 i'm new to ansible. i want to install a list of RPMs, and upgrade if 
already installed, otherwise just install it.

 How to do this with ansible? 

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/790bfc64-2f53-4bdb-b671-e6f092158bd7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] handlers not being played

[Johan Söderberg]

Hi James,

I'm running 1.9.4 installed from the fedora epel repo.


/Johan


Den tisdag 8 december 2015 kl. 15:57:03 UTC+1 skrev James Cammarata:
>
> Hi Johan, with which version of Ansible are you seeing this?
>
> James Cammarata
> Director, Ansible Core Engineering
> github: jimi-c
>
> On Tue, Dec 8, 2015 at 9:42 AM, Johan Söderberg  > wrote:
>
>> Hi,
>>
>> I have a problem where handlers not being played. I've narrowed it down 
>> to the following situation:
>>
>> test.yml:
>> ---
>> - hosts: test 
>>   roles:
>>- role: common
>>  when: commonrole_has_run is not defined
>>
>> roles/common/tasks/main.yml
>> ---
>> - name: Debug common role
>>   shell: date
>>   notify:
>> - debug_handler
>>   tags: debug
>>
>> - set_fact: commonrole_has_run=true
>>   when: commonrole_has_run is not defined
>>
>> roles/common/handlers/main.yml
>> ---
>> - name: debug_handler
>>   debug: msg="debug_handler"
>>   tags: debug
>>
>> When I run the playbook test.yml:
>> PLAY [test] 
>> *** 
>>
>> GATHERING FACTS 
>> *** 
>> ok: [tst01-adm.example.com]
>>
>> TASK: [common | Debug common role] 
>>  
>> changed: [tst01-adm.example.com]
>>
>> TASK: [common | set_fact commonrole_has_run=true] 
>> * 
>> ok: [tst01-adm.example.com]
>>
>> NOTIFIED: [common | debug_handler] 
>>  
>> skipping: [tst01-adm.example.com]
>>
>> PLAY RECAP 
>>  
>> tst01-adm.example.com : ok=3changed=1unreachable=0failed=0
>>
>>
>> Now if I remove the set_fact from roles/common/tasks/main.yml the handler 
>> is run:
>>
>> PLAY [test] 
>> *** 
>>
>> GATHERING FACTS 
>> *** 
>> ok: [tst01-adm.example.com]
>>
>> TASK: [common | Debug common role] 
>>  
>> changed: [tst01-adm.example.com]
>>
>> NOTIFIED: [common | debug_handler] 
>>  
>> ok: [tst01-adm.example.com] => {
>> "msg": "debug_handler"
>> }
>>
>> PLAY RECAP 
>>  
>> tst01-adm.example.com : ok=3changed=1unreachable=0failed=0
>>
>>
>> I hope someone can shed some light why the handler is not being played? 
>> The reason for the set_fact is to avoid the common role being run more than 
>> once in a larger site with lots of roles.
>>
>> Thanks in advance,
>>
>> /Johan Söderberg
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/444545b9-0a0e-4ccd-891c-bfef2781b735%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3b01bca9-c2bf-414d-a344-6163cac801b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] hosts per role?

[silverdr]

We can do something like:

- hosts: group1
  roles:
- role1

- hosts: group1:group2
  roles:
- role2

- hosts: group2
  roles:
- role3

etc, in a playbook. Would it be somehow possible to assign hosts "per role"? 
Something like:

- hosts: group1
  roles:
- { role1, hosts: group3 }
- { role2 }
- { role3 }
- { role4, hosts: group4 }

? The above doesn't seem to work ;-)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/D01954EF-B911-4C38-A572-DDAAE6042608%40srebrnysen.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Can't ping remote server(s) from non-root user

[Matt Martz]

It looks like the SFTP to put a file onto the remote server is failing.

Do you have anything in your profile on the remote side that may be echoing
on login?  I believe SFTP will have issues if that is the case.

Another option is to try setting `scp_if_ssh = True` in your ansible.cfg
under the `[ssh_connection]` section.

On Sun, Dec 13, 2015 at 2:18 PM, Colin Byrne  wrote:

> Hey,
>
> So I am just getting started with Ansible, and have been able to ping a
> remote server with root access, but I am having trouble doing the same
> without root access. Running with verbose output I get:
>
> ansible all --check -m ping - -i
> /usr/local/bin/ansible_comp/hosts_next_version
>
>  ESTABLISH CONNECTION FOR USER: joe
>
>  REMOTE_MODULE ping CHECKMODE=True
>
>  EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> ControlPersist=60s -o
> ControlPath="/Users/joe/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o ConnectTimeout=10 server-1 /bin/sh -c
> 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037 &&
> chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037 &&
> echo $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037'
>
>  PUT /var/folders/pt/ld9k57zd2qz4yf6h_7k3c24mgp/T/tmpSCboHh
> TO /home/deploy/.ansible/tmp/ansible-tmp-1450036006.88-248428083902840/ping
>
> server-1 | FAILED => failed to transfer file to
> /home/deploy/.ansible/tmp/ansible-tmp-1450036006.88-227828078688673/ping:
>
>
> Connection closed
>
>
> If it was any command other than ping it seems obvious enough how to run
> as the sudo user, which I assume would fix the issue. With ping, I am not
> sure where to specify that i'd like to run as sudo. Or maybe the issue has
> nothing to do with sudo access?
>
> Sincere thanks for any help!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/17d24715-43e4-4408-8033-eeb41d91ec46%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v83_6GEvXvVVw4v_FdCd8jmiqEfnuybANn%2B5vyneeNF2Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Can't ping remote server(s) from non-root user

[Colin Byrne]

Hey, 

So I am just getting started with Ansible, and have been able to ping a 
remote server with root access, but I am having trouble doing the same 
without root access. Running with verbose output I get:

ansible all --check -m ping - -i 
/usr/local/bin/ansible_comp/hosts_next_version 

 ESTABLISH CONNECTION FOR USER: joe

 REMOTE_MODULE ping CHECKMODE=True

 EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s 
-o ControlPath="/Users/joe/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 server-1 /bin/sh -c 
'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037 && 
chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037 && 
echo $HOME/.ansible/tmp/ansible-tmp-1450036007.2-120481441078037'

 PUT /var/folders/pt/ld9k57zd2qz4yf6h_7k3c24mgp/T/tmpSCboHh 
TO /home/deploy/.ansible/tmp/ansible-tmp-1450036006.88-248428083902840/ping

server-1 | FAILED => failed to transfer file to 
/home/deploy/.ansible/tmp/ansible-tmp-1450036006.88-227828078688673/ping:


Connection closed


If it was any command other than ping it seems obvious enough how to run as 
the sudo user, which I assume would fix the issue. With ping, I am not sure 
where to specify that i'd like to run as sudo. Or maybe the issue has 
nothing to do with sudo access? 

Sincere thanks for any help!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/17d24715-43e4-4408-8033-eeb41d91ec46%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Selecting a variable from register

[Arbab Nazar]

Can you please try this:

- debug: var="{{ item.id  }}"
  when: vpc.subnets.az == "{{Azone1}}"
  with_items: vpc.subnets
for individual you can get like this but I am not sure:
- debug: var=vpc.subnets[0].id 
  when: vpc.subnets.az == "{{Azone1}}"

For complete example, please refer this:
https://github.com/arbabnazar/ansible-aws-vpc-ha-wordpress/blob/master/aws/tasks/vpc.yml
Thanks,

On Monday, December 14, 2015 at 8:54:23 PM UTC+5, Kjartan Clausen wrote:
>
> I'm trying to automate creating an AWS VPC with routes, subnets, 
> instances, RDS, etc.
> so I created the following yml:
>
> ---
>
> -   hosts: local
> connection: local
> #gather_facts: False
> tags: provisioning
> # Which region and AZ's should this VPC be in?
> vars:
>   region: us-west-1
>   Azone1: us-west-1c
>   primary: 1c
>   Azone2: us-west-1b
>   secondary: 1b
>   vpc_name: "Test"
>   cidr: "94"
>
> tasks:
> - name: Create VPC
>   ec2_vpc:
> state: present
> cidr_block: 10.{{ cidr }}.0.0/16
> resource_tags:
>   Name: "{{ vpc_name }}"
> subnets:
>   - cidr: 10.{{ cidr }}.220.0/24
> az: "{{ Azone1 }}"
> resource_tags:
>   Name: "{{ vpc_name }}_NAT_{{ primary }}"
>   - cidr: 10.{{ cidr }}.221.0/24
> az: "{{ Azone2 }}"
> resource_tags:
>   Name: "{{ vpc_name }}_NAT_{{ secondary }}"
> internet_gateway: True
> route_tables:
>   - subnets:
>   - 10.{{ cidr }}.220.0/24
>   - 10.{{ cidr }}.221.0/24
> routes:
>   - dest: 0.0.0.0/0
> gw: igw
> region: "{{ region }}"
>   register: vpc
>
> - debug: var=vpc.subnets
>
> # Problem statement
> - debug: var=vpc.subnets.id
>   when: vpc.subnets.az == "{{Azone1}}"
>
> In order to create an instance on a given subnet I need to be able to 
> select that subnet, but my selection statement doesn't work.
> Output is:
> PLAY [local] 
> **
>
> GATHERING FACTS 
> ***
> ok: [10.10.20.10]
>
> TASK: [Create VPC] 
> 
> changed: [10.10.20.10]
>
> TASK: [debug var=vpc.subnets] 
> *
> ok: [10.10.20.10] => {
> "var": {
> "vpc.subnets": [
> {
> "az": "us-west-1c",
> "cidr": "10.94.220.0/24",
> "id": "subnet-6555e73c",
> "resource_tags": {
> "Name": "Test_NAT_1c"
> }
> },
> {
> "az": "us-west-1b",
> "cidr": "10.94.221.0/24",
> "id": "subnet-3983fe5c",
> "resource_tags": {
> "Name": "Test_NAT_1b"
> }
> }
> ]
> }
> }
>
> TASK: [debug var=vpc.subnets.id] 
> **
> fatal: [10.100.200.10] => error while evaluating conditional: 
> vpc.subnets.az == "us-west-1c"
>
> FATAL: all hosts have already failed -- aborting
>
> What do I need to do in order to get the us-west-1c subnet id as output?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6e83fc28-2ef8-4c4f-bf6d-1e843a0c1d24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: core.cloud.openstack Error Fetching Image List

[Hugh Ma]

>>> glanceclient.__version__
'1.2.0'
>>> print requests.__version__
2.2.1


On Friday, December 11, 2015 at 9:08:53 AM UTC-8, David Shrewsbury wrote:
>
> What version of python-glanceclient and requests do you have installed?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f195b7c4-cd67-4399-a60e-37c90c7e1d4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible or Salt?

[Hugh Ma]

I actually just transitioned from saltstack to ansible a few weeks ago. 
For me ansible's playbook structure is much easier to grasp than salt. 
Everything is clearly defined, you know exactly what hosts, perform what 
roles, and which variables are associated. 
Speed wise, ansible's transportation method of ssh is very efficient and 
scalable. 

I haven't used Jinja too much yet in ansible, so I don't have a direct 
comparison, although I do know what you mean, being able to write full 
blown jinja-based sls files is very nice.
But I've yet to need it yet, since converting all my SLS files to Ansible, 
so that may speak to the wide array of modules available to you in ansible 
that was missing in salt.  


On Monday, December 14, 2015 at 7:32:39 AM UTC-8, Fff Fff wrote:
>
> I am leaning Ansible but it's close.  
>
> Looking for peoples opinions.
>
> So far I prefer Ansible's serverless design doing everything over ssh with 
> keys.  I tries salt-ssh but it's quite rudimentary in comparison.  If 
> salt-ssh let me use pillars data instead of a roster file  to access 
> servers it would be a lot more useful.  Having to create a separate roster 
> file which is no where near as full featured as Ansibles inventory file 
> makes salt-ssh a non-starter.
>
> Ansible is slower than using a salt minion agent but I don't think that 
> will be an issue for me.
>
> I have a problem with Ansibles messy directory/file structure though. 
>  Stuff is kind of all over the place.  Seems like a lot of things have been 
> bolted on and it shows.  Salt seems more streamlined in that respect.  Also 
> appears that Salt has a more logical and consistent syntax for sls files. 
>  I think it is more powerful how it uses Jinja and the ability to write 
> more programming oriented scripts although not sure if I will every need 
> that. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dd04406e-cbd0-4352-a119-9faaa38ce6d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: hosts per role?

[Hugh Ma]

I'm not sure I understand what it is your trying to do here...

If you are trying to have some hosts execute another group's role, you can 
use *includes*. 
Otherwise, if you can explain why you are nesting *group3/4 *under *roles* 
when you have *group1* set as *hosts*.

On Monday, December 14, 2015 at 5:36:49 AM UTC-8, silverdr wrote:
>
> We can do something like: 
>
> - hosts: group1 
>   roles: 
> - role1 
>
> - hosts: group1:group2 
>   roles: 
> - role2 
>
> - hosts: group2 
>   roles: 
> - role3 
>
> etc, in a playbook. Would it be somehow possible to assign hosts "per 
> role"? Something like: 
>
> - hosts: group1 
>   roles: 
> - { role1, hosts: group3 } 
> - { role2 } 
> - { role3 } 
> - { role4, hosts: group4 } 
>
> ? The above doesn't seem to work ;-)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/68f8f433-057e-45a1-bcc7-9fcd650ee032%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Galaxy 2.0 Beta now available

[Chris Houseknecht]

See  http://www.ansible.com/blog/galaxy-2.0-beta for details.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1069cd3e-4e3c-40a6-ab28-610c44b68fd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Extracting IP of specific EC2 instance from dynamic inventory outside of current hostvars

[Alexandr Kurilin]

Hey folks,

Ansible 1.9.3 user here. I'm trying to figure out if there's a way to 
obtain the IP of a specific instance from an ec2 dynamic inventory when 
that instance is NOT part of the current group of hosts being configured. 
I'm using ec2.py to work with AWS. The way I'm currently identifying an 
environment and a type of instance in a single AWS account is by the 
combination of the Environment and Role tags. The assumption is that I'm 
not hardcoding any of these IPs anywhere.

Let's say I'm running my applications playbook and those roles need to know 
the IP of my master database for that specific environment. Right now the 
only way I can see to obtain that IP is to write a wrapper script around 
ansible-playbook where I call `ec2.py --list` and figure out the right 
intersection of tags. I then pass that IP into ansible-playbook as a global 
variable through --extra-vars.

Is there a different and less convoluted approach to this? I would be ok 
with something like (tag_Role_db_master:_Environment_dev)[0].private_ip 
if that were at all available, but that doesn't seem to be the case.

Please advise and thank you in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5cdd9375-9a7c-4780-840e-2d62b86a0f36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: yum_repository module (has anyone thought of doing it...)

[Dan Lang]

Check out the module index, there 
is http://docs.ansible.com/ansible/yumrepo_module.html. This is an extras 
module. 

On Thursday, December 10, 2015 at 9:23:27 AM UTC-5, Cha Donghwi wrote:
>
> Is this still not implemented to ansible core? 
>
>
>
> 2014년 2월 13일 목요일 오후 10시 22분 54초 UTC+9, Johan Söderberg 님의 말:
>>
>> Hi,
>>
>> The yum_repository module sounds exactly what I've been looking for. 
>> Unfortunately the url doesn't work and I'm unable to find it anywhere. Is 
>> it still available somewhere?
>>
>> Thanks in advance,
>>
>> /Johan
>>
>> Den söndagen den 16:e juni 2013 kl. 19:56:59 UTC+2 skrev Matt S:
>>>
>>> I just happen to have created a yum_repository plugin [1] for Ansible 
>>> based on my own needs. In the environment I work with we use a continuous 
>>> integration system to generate new rpm repositories throughout the day, so 
>>> it's helpful to deal with them this way. It also greatly simplifies the 
>>> code for making changes to existing repositories.
>>>
>>> For instance, if I wanted to disable my Centos updates repository, I 
>>> could use something like:
>>>
>>> ansible all -m yum_repository -a "id=updates state=disabled"
>>>
>>> I haven't submitted a pull request yet, but will if other people find it 
>>> useful.
>>>
>>> [1] 
>>> https://github.com/mspaulding06/ansible/blob/yum_repository_plugin/library/packaging/yum_repository
>>>
>>> On Tuesday, June 4, 2013 5:43:09 PM UTC-7, Chris Bennett wrote:

 > Haven't used it myself, but have you looked at the 
 > ini_file<
 http://ansible.cc/docs/modules.html?highlight=replace#ini-file>module? 

 Hmm, no I didn't even think to consider it.  But reading the doco, it 
 may do exactly what I want.  Thanks! :) 

 Chris 

>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/64493b72-f429-41b3-94b5-2bbcd6c7fc3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Can't Ping - Failed to transfer file to...

[Ivan Ferrera]

Hi, I have something echoing in /etc/bashrc; need some guidance here.

absible.cfg:
scp_if_ssh = True

hosts:
[myhosts]
host.mydomain.com ansible_connection=ssh ansible_ssh_user=ec2-user 
ansible_ssh_private_key_file=/home/ec2-user/.ssh/id_rsa

Output of ansible -i hosts myhosts -m ping -:
---
 ESTABLISH CONNECTION FOR USER: ec2-user
 REMOTE_MODULE ping
 EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/ec2-user/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
IdentityFile="/home/ec2-user/.ssh/id_rsa" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 host.mydomain.com /bin/sh 
-c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005 && 
chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005 && 
echo $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005'
 PUT /tmp/tmpQ6fYEm TO 
/home/ec2-user/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005/ping
host.mydomain.com | FAILED => failed to transfer file to 
/home/ec2-user/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005/ping:

Agent pid 8554
---
Applicable section of /etc/bashrc:

SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
eval `$SSHAGENT $SSHAGENTARGS`
trap "kill $SSH_AGENT_PID" 0
fi

Is there a workaround for ssh that echos something after login?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/43f96a64-27f2-433a-930b-6446569b9c67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Service restart doing some strange things to bound services

[Brian Picciano]

[vagrant@brian ansible-repo]$ uname -r 
3.10.0-229.14.1.el7.x86_64 

[vagrant@brian ansible-repo]$ ansible --version 
ansible 1.9.2

I have two processes set up, one bound to the other so that if the "parent" 
one dies or is stopped it will also. They look like this:

Parent:

[Unit] 
Description=nginx - high performance web server 
After=network.target remote-fs.target nss-lookup.target 
 
[Service] 
StartLimitInterval=0 
RestartSec=1s 
Restart=on-failure 
TimeoutStartSec=5 
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf 
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf 
User=root 
PrivateTmp=true 
 
[Install] 
WantedBy=multi-user.target

Child:

[Unit] 
Description=foo 
After=nginx.service 
Requires=nginx.service 
PartOf=nginx.service 
 
[Service] 
StartLimitInterval=0 
RestartSec=1s 
User=vagrant 
Restart=on-failure 
TimeoutStartSec=5 
ExecStart=/bin/sh -c 'echo FOO STARTED; while [ 1 ]; do sleep 1; done' 
 
[Install] 
WantedBy=multi-user.target

(I'm aware of the BindTo command for systemd, it doesn't actually do what 
we want it to though. This combination of After/Requires/PartOf seems to 
behave in the way we want)

Anyway, if I restart nginx normally then foo is restarted normally as well:

[vagrant@brian ansible-repo]$ sudo systemctl restart nginx

Dec 14 22:49:16 brian systemd[1]: Stopping foo...
Dec 14 22:49:16 brian systemd[1]: Stopping nginx - high performance web 
server...
Dec 14 22:49:16 brian systemd[1]: Starting nginx - high performance web 
server...
Dec 14 22:49:16 brian nginx[14714]: nginx: the configuration file /etc/nginx
/nginx.conf syntax is ok
Dec 14 22:49:16 brian nginx[14714]: nginx: configuration file /etc/nginx/
nginx.conf test is successful
Dec 14 22:49:16 brian systemd[1]: Started nginx - high performance web 
server.
Dec 14 22:49:16 brian systemd[1]: Starting foo...
Dec 14 22:49:16 brian systemd[1]: Started foo.
Dec 14 22:49:16 brian sh[14719]: FOO STARTED

But if I use ansible to restart nginx, the following happens:

[vagrant@brian ansible-repo]$ ansible -c local -m service -a 'name=nginx 
state=restarted' vagrant 
vagrant | success >> { 
"changed": true,  
"name": "nginx",  
"state": "started" 
}
 

Dec 14 22:52:02 brian systemd[1]: Stopping foo...
Dec 14 22:52:02 brian systemd[1]: Stopped foo.
Dec 14 22:52:02 brian systemd[1]: Stopping nginx - high performance web 
server...
Dec 14 22:52:02 brian systemd[1]: Stopped nginx - high performance web 
server.
Dec 14 22:52:02 brian systemd[1]: Starting nginx - high performance web 
server...
Dec 14 22:52:02 brian nginx[15208]: nginx: the configuration file /etc/nginx
/nginx.conf syntax is ok
Dec 14 22:52:02 brian nginx[15208]: nginx: configuration file /etc/nginx/
nginx.conf test is successful
Dec 14 22:52:02 brian systemd[1]: Started nginx - high performance web 
server.

And that's it, foo is never actually started. Calling `sudo systemctl 
restart nginx` again doesn't start foo either.

Any ideas as to what I could be doing wrong? Or is this some kind of bug in 
how ansible is handling service restarts?



 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8e843996-f59f-4285-86d5-07bc5a921f6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Can't Ping - Failed to transfer file to...

[Matt Martz]

You could either add redirection to send output to /Dev/null or do
something like checking whether it is an interactive session before running
some commands:

http://tldp.org/LDP/abs/html/intandnonint.html



On Monday, December 14, 2015, Ivan Ferrera  wrote:

> Hi, I have something echoing in /etc/bashrc; need some guidance here.
>
> absible.cfg:
> scp_if_ssh = True
>
> hosts:
> [myhosts]
> host.mydomain.com ansible_connection=ssh ansible_ssh_user=ec2-user
> ansible_ssh_private_key_file=/home/ec2-user/.ssh/id_rsa
>
> Output of ansible -i hosts myhosts -m ping -:
> ---
>  ESTABLISH CONNECTION FOR USER: ec2-user
>  REMOTE_MODULE ping
>  EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> ControlPersist=60s -o
> ControlPath="/home/ec2-user/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> IdentityFile="/home/ec2-user/.ssh/id_rsa" -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o ConnectTimeout=10 host.mydomain.com
> /bin/sh -c 'mkdir -p
> $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005 && chmod a+rx
> $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005 && echo
> $HOME/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005'
>  PUT /tmp/tmpQ6fYEm TO
> /home/ec2-user/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005/ping
> host.mydomain.com | FAILED => failed to transfer file to
> /home/ec2-user/.ansible/tmp/ansible-tmp-1450128709.26-37707891136005/ping:
>
> Agent pid 8554
> ---
> Applicable section of /etc/bashrc:
>
> SSHAGENT=/usr/bin/ssh-agent
> SSHAGENTARGS="-s"
> if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
> eval `$SSHAGENT $SSHAGENTARGS`
> trap "kill $SSH_AGENT_PID" 0
> fi
>
> Is there a workaround for ssh that echos something after login?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com
> 
> .
> To post to this group, send email to ansible-project@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/43f96a64-27f2-433a-930b-6446569b9c67%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v8gYJcDGzJnmhbk9bsZDLhRJRDZN_Pn1AsX1soKzq6ekg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Service restart doing some strange things to bound services

[Brian Picciano]

To follow up, it appears that ansible is not actually calling systemctl 
restart, but is instead doing a stop then a start, which is causing this 
weirdness. The comments in the source mention that some services don't 
support restart, and that's why it's doing a stop/start. Is this actually 
true? Are there systemd services which don't support restart? I was under 
the impressions systemd could do a restart on any service which could be 
stopped then started.

On Monday, December 14, 2015 at 3:57:07 PM UTC-7, Brian Picciano wrote:
>
> [vagrant@brian ansible-repo]$ uname -r 
> 3.10.0-229.14.1.el7.x86_64 
>
> [vagrant@brian ansible-repo]$ ansible --version 
> ansible 1.9.2
>
> I have two processes set up, one bound to the other so that if the 
> "parent" one dies or is stopped it will also. They look like this:
>
> Parent:
>
> [Unit] 
> Description=nginx - high performance web server 
> After=network.target remote-fs.target nss-lookup.target 
>  
> [Service] 
> StartLimitInterval=0 
> RestartSec=1s 
> Restart=on-failure 
> TimeoutStartSec=5 
> ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf 
> ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf 
> User=root 
> PrivateTmp=true 
>  
> [Install] 
> WantedBy=multi-user.target
>
> Child:
>
> [Unit] 
> Description=foo 
> After=nginx.service 
> Requires=nginx.service 
> PartOf=nginx.service 
>  
> [Service] 
> StartLimitInterval=0 
> RestartSec=1s 
> User=vagrant 
> Restart=on-failure 
> TimeoutStartSec=5 
> ExecStart=/bin/sh -c 'echo FOO STARTED; while [ 1 ]; do sleep 1; done' 
>  
> [Install] 
> WantedBy=multi-user.target
>
> (I'm aware of the BindTo command for systemd, it doesn't actually do what 
> we want it to though. This combination of After/Requires/PartOf seems to 
> behave in the way we want)
>
> Anyway, if I restart nginx normally then foo is restarted normally as well:
>
> [vagrant@brian ansible-repo]$ sudo systemctl restart nginx
>
> Dec 14 22:49:16 brian systemd[1]: Stopping foo...
> Dec 14 22:49:16 brian systemd[1]: Stopping nginx - high performance web 
> server...
> Dec 14 22:49:16 brian systemd[1]: Starting nginx - high performance web 
> server...
> Dec 14 22:49:16 brian nginx[14714]: nginx: the configuration file /etc/
> nginx/nginx.conf syntax is ok
> Dec 14 22:49:16 brian nginx[14714]: nginx: configuration file /etc/nginx/
> nginx.conf test is successful
> Dec 14 22:49:16 brian systemd[1]: Started nginx - high performance web 
> server.
> Dec 14 22:49:16 brian systemd[1]: Starting foo...
> Dec 14 22:49:16 brian systemd[1]: Started foo.
> Dec 14 22:49:16 brian sh[14719]: FOO STARTED
>
> But if I use ansible to restart nginx, the following happens:
>
> [vagrant@brian ansible-repo]$ ansible -c local -m service -a 'name=nginx 
> state=restarted' vagrant 
> vagrant | success >> { 
> "changed": true,  
> "name": "nginx",  
> "state": "started" 
> }
>  
>
> Dec 14 22:52:02 brian systemd[1]: Stopping foo...
> Dec 14 22:52:02 brian systemd[1]: Stopped foo.
> Dec 14 22:52:02 brian systemd[1]: Stopping nginx - high performance web 
> server...
> Dec 14 22:52:02 brian systemd[1]: Stopped nginx - high performance web 
> server.
> Dec 14 22:52:02 brian systemd[1]: Starting nginx - high performance web 
> server...
> Dec 14 22:52:02 brian nginx[15208]: nginx: the configuration file /etc/
> nginx/nginx.conf syntax is ok
> Dec 14 22:52:02 brian nginx[15208]: nginx: configuration file /etc/nginx/
> nginx.conf test is successful
> Dec 14 22:52:02 brian systemd[1]:
> ...

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1c361ba0-e9b9-42ae-8afb-d672c062beee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.