Re: [ansible-project] Re: eos_command module waitfor - IP address in json structure

[Peter Sprygada]

(ansible)[ansible-eos]$ cat route.yaml
---
- hosts: veos01
  gather_facts: no

  vars:
route: 1.1.1.1/32

  tasks:
- eos_command:
commands:
  - show ip route | json
waitfor:
  - "result[0].vrfs.default.routes[{{ route }}].hardwareProgrammed
eq true"
provider: "{{ cli }}"


(ansible)[ansible-eos]$ ansible-playbook route.yaml

PLAY [veos01]
**

TASK [eos_command]
*
ok: [veos01]

PLAY RECAP
*
veos01 : ok=1changed=0unreachable=0failed=0

On Wed, Mar 23, 2016 at 2:39 AM, Peter Sprygada 
wrote:

> Ignore the request for filing an issue, I committed a change that should
> fix this problem. The fix is available for testing in ansible/ansible devel
>
> On Tue, Mar 22, 2016 at 4:25 PM, Peter Sprygada 
> wrote:
>
>> Thats a bug... could you file an issue at
>> github.com/ansible/ansible-modules-core please?
>>
>> On Tue, Mar 22, 2016 at 2:17 PM, Martin Baro 
>> wrote:
>>
>>> Hi Uditha,
>>>
>>> Thanks for the reply.
>>> I've simplified the problem a bit (just removed the variable) and with
>>> removing the "" around the whole statement I managed to preserve the quotes.
>>> Unfortunately it didn't solve the problem:
>>>
>>> waitfor:
>>>- result[0].vrfs.default.routes[\'
>>> 1.2.3.4/30\'].hardwareProgrammed
>>>  eq true
>>>
>>> The error was: ValueError: result[0].vrfs.default.routes['
>>> 1.2.3.4/30'].hardwareProgrammed
>>> 
>>>
>>> The issue is the same with double quotes around the IP address.
>>>
>>>
>>>
>>>
>>> On Tuesday, March 22, 2016 at 2:50:05 PM UTC+1, Uditha Desilva wrote:

 It may need more protection for those quotes -- perhaps this?

- "result[0].vrfs.default.routes[\'{{ route }}\'].hardwareProgrammed
 eq true"

>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansible-project@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/7f5a3e93-84cc-43c7-b11f-50ccb849971a%40googlegroups.com
>>> 
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEkdrMjeNF_BG%2BHdMtr-rXX3EscTtEFkUr-wgEjuOE75WrBTRQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: eos_command module waitfor - IP address in json structure

[Peter Sprygada]

Ignore the request for filing an issue, I committed a change that should
fix this problem. The fix is available for testing in ansible/ansible devel

On Tue, Mar 22, 2016 at 4:25 PM, Peter Sprygada 
wrote:

> Thats a bug... could you file an issue at
> github.com/ansible/ansible-modules-core please?
>
> On Tue, Mar 22, 2016 at 2:17 PM, Martin Baro 
> wrote:
>
>> Hi Uditha,
>>
>> Thanks for the reply.
>> I've simplified the problem a bit (just removed the variable) and with
>> removing the "" around the whole statement I managed to preserve the quotes.
>> Unfortunately it didn't solve the problem:
>>
>> waitfor:
>>- result[0].vrfs.default.routes[\'1.2.3.4/30\'].hardwareProgrammed
>>  eq true
>>
>> The error was: ValueError: result[0].vrfs.default.routes['
>> 1.2.3.4/30'].hardwareProgrammed
>> 
>>
>> The issue is the same with double quotes around the IP address.
>>
>>
>>
>>
>> On Tuesday, March 22, 2016 at 2:50:05 PM UTC+1, Uditha Desilva wrote:
>>>
>>> It may need more protection for those quotes -- perhaps this?
>>>
>>>- "result[0].vrfs.default.routes[\'{{ route }}\'].hardwareProgrammed
>>> eq true"
>>>

>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/7f5a3e93-84cc-43c7-b11f-50ccb849971a%40googlegroups.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEkdrMi%2BY8sJjFmWF%3DosrHAkCCRwOB0s9ex%3D2qwyg9A52-odBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible become option with passwordless

[selvam vasu]

Hi Uditha,
I can use "command" module to accomplish my "sudo apt-get install nginx" 
task, But I want to schedule my play-book to run on every half hour to 
maintain configuration in my client. In this case, it always will try to 
install nginx every time. But if I use apt module, it will install the 
nginx package if it is not installed or doesn't have latest only. How can 
we get the same using command module. But a/w it is not a straight method. 

On Wednesday, 23 March 2016 00:19:25 UTC+5:30, Uditha Desilva wrote:
>
> If that's all you really need, invoke it via a "command" stanza with a 
> passwordless sudo. Problem solved.
>
> On Tuesday, 22 March 2016 18:46:35 UTC, Matt Calhoun wrote:
>>
>> Sure, except that I am running ansible on an unattended deployment box 
>> (Jenkins) in this case vs real humans running interactively in the case of 
>> my admins.
>>
>> I'm trying to follow a policy of least privilege and grant the user only 
>> the rights to restart the nginx server as root (needs it to access port 
>> 443) since that's the only thing the user needs to do that requires 
>> privledge escalation. 
>>
>> I'm wondering why this can't be accomplished with ansible? It seems like 
>> having to allow the deploy user to run any command (rather than just the 
>> one needed to restart the service) creates a potential security hole if 
>> that user's key is compromised. Am I missing something here?
>>
>> On Tue, Mar 22, 2016 at 2:37 PM, Brian Coca  wrote:
>>
>>> you can use ansible + sudo + sudo password, you end up with exact same 
>>> security.
>>>
>>>
>>> --
>>> Brian Coca
>>>
>>> -- 
>>> You received this message because you are subscribed to a topic in the 
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit 
>>> https://groups.google.com/d/topic/ansible-project/sOysHHs0kYU/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to 
>>> ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com
>>>  
>>> 
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/424507e8-4797-47d8-a8db-3c072737fe91%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Local_action module failed.

[Yuri]

Thank you for reply.

> What's wrong with doing it via inventory?

Installed OS in a host varies by timing, so I'm trying to prepare the 
following two playbooks.
playbook_windows.yml : "ansible_connection: winrm" in vars section 
playbook_linux.yml : "ansible_connection: ssh" in vars section
This is why I don't want to doing it via inventory.

> I suppose you could try explicitly setting 
> hostvars.['localhost'].ansible_connection_method="local"
> as a workaround.

I tried the following playbook, but  invalid variable name error occuerd.
---
- name: test
  hosts: remote_windows_host
  vars:
ansible_ssh_user: XXX
ansible_ssh_pass: XXX
ansible_ssh_port: 
ansible_connection: winrm
hostvars['localhost'].ansible_connection: local  <-- added
  tasks:
- name: setup(remote windows host)
  setup:
- name: sleep(local linux host)
  local_action: command sleep 5
---

---
ERROR! Invalid variable name in vars specified for Play: 
hostvars['localhost'].ansible_connection is not a valid variable name
---

Could you tell me what is wrong?


2016年3月23日水曜日 1時28分21秒 UTC+9 Uditha Desilva:

> What's wrong with doing it via inventory?
>
> I suppose you could try explicitly setting 
>
> hostvars.['localhost'].ansible_connection_method="local"
>
> as a workaround.
>
> Uditha.
>
> On Tuesday, 22 March 2016 15:06:09 UTC, Yuri wrote:
>>
>> Hello,
>>
>> (Ansible version:2.0.0)
>>
>> I tried to execute the following playbook.
>>
>> ---
>> - name: test
>>   hosts: remote_windows_host
>>   vars:
>> ansible_ssh_user: XXX
>> ansible_ssh_pass: XXX
>> ansible_ssh_port: 
>> ansible_connection: winrm
>>   tasks:
>> - name: setup(remote windows host)
>>   setup:
>> - name: sleep(local linux host)
>>   local_action: command sleep 5
>> ---
>>
>> Then, the task "sleep(local linux host)" was failed.
>> The results in debug mode is as follows.
>>
>> --
>> TASK [sleep(local linux host)] 
>> *
>> task path: XX.yml:12
>>  ESTABLISH WINRM CONNECTION FOR USER: XXX on PORT  TO 
>> localhost
>> fatal: [XX.XX.XXX.XXX]: FAILED! => {"failed": true, "msg": "ERROR! ssl: 
>> 500 WinRMTransport. Tunnel connection failed: 403 Forbidden"} 
>> --
>>
>> Even though using local_action module, why does it try to connect to 
>> localhost with winrm?
>> How can I do so that LOCAL CONNECTION is used? (And not defining vars in 
>> inventory file.)
>>
>>
>> Thanks a lot for any help.
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cbfd1407-c4d7-4019-a274-08c84e722d89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Introducing debug strategy plugin

[Brian Coca]

Just a pull request is all that is needed.


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7e%2BPLSiukKMC4FhPp0a5CMweXct8M0YD6mASk2UbfApAw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] problems with add_host

[Glyn Davies]

Hi Guys,

I am having some issues getting add_host to create a dynamic inventory 
correctly.

Here is the relevant section from my playbook:


tasks:
- name: Connect to Cloud
  # assume RC file has already been sourced
  os_auth:

- name: launch web instances
  os_server:
name=web0{{ item }}
flavor={{ flavor }}
image={{ image }}
key_name={{ key_name }}
state=present
wait=true
network={{ network }}
security_groups={{ security_groups }}
auto_ip=true
  register: newnodes
  with_sequence:
count={{ count }}

# - debug:
# var: newnodes

- name: add nodes to runtime inventory
  add_host:
name={{ item.name }}
# group=workers
# ansible_host={{ item.public_v4 }}
  with_items:
- "{{ newnodes.results.server }}"



The tasks 'Connect to Cloud' and 'launch web servers' work fine.

I also ran debug on the newnodes variable and it is returning the correct 
data. The problem is that when I try to run the 'add nodes to runtime 
inventory' task I get the following:

[DEPRECATION WARNING]: Skipping task due to undefined Error, in the future 
this will be a fatal error.. This feature will be removed in a future 
release. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

If I run the playbook with - I get no further information. I have also 
tried various combinations of the variable name 'newnodes.results.server' in 
the with_items section but no joy.

Anyone able to see what I have missed here?

Cheers,
Glyn




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/294027a4-7f9c-4fae-9510-09173efe77ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Introducing debug strategy plugin

[yagami kishin]

Definitely. It would be great if I can contribute it.

What should I do first? Open an issue or pull request?

On Wednesday, March 23, 2016 at 12:52:08 AM UTC+9, Brian Coca wrote:
>
> Nice,
>
> Do you want to contribute it to ansible/ansible?
>
>
> --
> Brian Coca
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a84901b4-2cae-44cb-8797-719ae865a1fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible forces me break PEP8 when writing modules

[Toshio Kuratomi]

Update on ziploader:

After going down a rabbit hole of related bugs, I've had some time to
work on jimi-c's initial branch.  The branch I have now[1]_ is passing
unittests and integration tests (at least through mysql... I have an
issue on my system that's preventing mysql from passing and I've been
too busy coding to address that).

.. [1]_: 
https://github.com/ansible/ansible/compare/devel...abadger:ziploader?expand=1

There's further feature work to do on this so don't take it as
finalized.  Feel free to complain about things that don't work ;-)
The very best way to reach me is to find me on irc.freenode.net
abadger1999 in #ansible-devel.

Things that are working now:

* Modules tested via the integration test suite seem to be working.
Other modules (including user's custom modules) are probably working
but I did have to make some changes to the module_utils code that some
of those rely on so there could be problems.  Please let me know.
* Non-wildcard imports are currently working although no official
modules have been ported over yet.  I'd like to do that so that we can
start checking the modules for things like undefined variables but
there's some objections to doing that for 2.1.0.  We'll have t ohave a
discussion and make a decision once the ziploading code is basically
feature complete.
* Tracebacks from modules should take a step forward with this code.
Before, by convention, modules had their module_utils imports at the
bottom of the file.  This allowed line numbers in tracebacks to match
with the line numbers inside of the module file but tracebacks
generated from module_utils code would have line numbers that didn't
equate to anything on the controller (only in the generated module).
The new ziploader code preserves the separation of files so the line
numbers should be correct.

Next things on my list:

* Ability to specify the compression method for ziploader modules.
python's zipfile module supports no compression and zip-compatible
deflate when python is compiled against the zlib library is  [Update:
Done]
* "recursive imports" -- this is to allow imports from module_utils to
trigger importing other module_utils code.  Currently this is working
for current ansible modules in a very hacky manner.  the current
modules import all of the module_utils code that they use so ziploader
knows to include both modules' code.  What I want to achieve is
module_utils code that doesn't depend on anything special in the
module to trigger including its module_utils dependencies.
* Other valid python imports.  Current code looks for "from
ansible.module_utils.foo import bar" in order to trigger inclusion of
a module.  I want to also include things like import
ansible.module_utils.foo, from ansible.module_utils.foo.bar import
baz, from ansible.module_utils import foo, bar and maybe even from
ansible.module_utils import foo ; from ansible.module_utils import
bar.  I'm not yet sure that I'll be able to do this (The big question
is how big a speed hit we take from all of this when combined with
recursive imports) but it would be nice to support the full range of
things that python understands as an import with the ziploader code.

-Toshio

On Wed, Mar 9, 2016 at 12:56 PM, David Barroso  wrote:
> Ok, let me know if I can help testing or providing feedback. I am really
> interesting on this as I have a lot of modules that I wrote with duplicated
> code. Being able to share code amongst them is going to be a huge win.
>
> On Wed, 9 Mar 2016 at 17:36 Toshio Kuratomi  wrote:
>>
>> We're hoping to have 2.1 out in late April or May (3-4 months from
>> 2.0's release).
>>
>> I hope to land code in a publically available branch by next week.
>> There are some things about it after that I think we (core committers)
>> will need to discuss and come to a consensus on before it gets merged
>> into devel.
>>
>> -Toshio
>>
>> On Wed, Mar 9, 2016 at 12:53 AM, David Barroso 
>> wrote:
>> > Hello Toshio,
>> > thanks for the detailed explanation. Is there any ETA for the ziploader?
>> >
>> > Thanks!
>> > David
>> >
>> > On Mon, 7 Mar 2016 at 18:54 Toshio Kuratomi 
>> > wrote:
>> >>
>> >> On Mon, Mar 7, 2016 at 12:02 AM,   wrote:
>> >>
>> >> >> 2nd it is not a real import and is already confusing
>> >> >
>> >> > I know it's not a real import but ansible made it look like a real
>> >> > import so
>> >> > coding styles should apply.
>> >> >
>> >>
>> >> Like you I really hate wildcard imports.  They make static analysis of
>> >> the code harder and pollute the namespace.  However...
>> >>
>> >> >> Your change makes it even more misleading as it implies a restricted
>> >> >> import which is not true
>> >> >
>> >> > My change only makes a completely arbitrary line that we are forced
>> >> > to
>> >> > add
>> >> > to comply to coding standards. The misleading part comes from making
>> >> > a
>> >> > line
>> >> > that looks like an import to do something that is definitively not an
>> >> > import
>> >> > : ) (I wonder how many people cont

[ansible-project] Re: My first "role" isn't running

[Gilberto Valentin]

Mike,

Thanks for your patience and assistance. I wanted to do it the way you 
suggested so that I get in the habit of crafting my roles that can be 
useful in other ways later. With that said, I think I am getting the hang 
of what you are saying. I started completely over and separated my roles. I 
also changed my naming convention on everything so that things don't get 
lost in translation here. So, this is what I have so far:

This is what my directory structure now looks like. If you notice, I 
created a directory called *powerbroker,* which is essentially my project. 
Then, I created a sub-dir in there called *powerbroker_install *because 
I'll eventually create another called *powerbroker_uninstall *later. Within 
*powerbroker_install *I created three roles with *ansible-galaxy init *
*role_name* for dev|prod|test. Then, I have my host file, called 
*powerbroker_hosts *and my *site.yml* right under the parent directory 
*powerbroker_install*. 

Here is a view:

roles
└── powerbroker
├── powerbroker_install
│   ├── pb_install_dev
│   │   ├── README.md
│   │   ├── defaults
│   │   │   └── main.yml
│   │   ├── files
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── meta
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   ├── tests
│   │   │   ├── inventory
│   │   │   └── test.yml
│   │   └── vars
│   │   └── main.yml
│   ├── pb_install_prod
│   │   ├── README.md
│   │   ├── defaults
│   │   │   └── main.yml
│   │   ├── files
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── meta
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   ├── tests
│   │   │   ├── inventory
│   │   │   └── test.yml
│   │   └── vars
│   │   └── main.yml
│   ├── pb_install_test
│   │   ├── README.md
│   │   ├── defaults
│   │   │   └── main.yml
│   │   ├── files
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── meta
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   ├── tests
│   │   │   ├── inventory
│   │   │   └── test.yml
│   │   └── vars
│   │   └── main.yml
│   ├── powerbroker_hosts
│   └── site.yml

Legend: 
blue are the project and subdir of the project
green are the roles
yellow are the files I touched

So far, I have only worked in *pb_install_test*. The only file I touched 
here is the following:

   - pb_install_test/tasks/main.yml

Here is the content of the file:

---
# tasks file for pb_install_test

- name: install required nfs packages
  yum: name={{ item }} state=present
  with_items:
- nfs-utils
- nfs-utils-lib

- name: mount nfs share
  mount: name=/tmp/pb_install src="hostname.server.com:/src/path" 
fstype=nfs opts="vers=3" state=mounted

- name: install pbis and pbul
  shell: /tmp/pb_install/pbis_install e1

- name: join systems to domain and correct ou
  shell: /opt/pbis/bin/domainjoin-cli join --notimesync --disable hostname 
--ou OU=UNIX,OU=Servers,DC=sub,DC=domain,DC=com subdomain.server.com

Then, I worked on *powerbroker_install/site.yml*. This is the content of 
the file:

---
## Test Servers ###
- name: install powerbroker (pbis and pbul) to all test servers
  hosts: e1servers
  become: yes


  roles:
  - pb_install_test


## Dev Servers ###
#- name: install powerbroker (pbis and pbul) to all dev servers
#  hosts: e2servers
#  become: yes


#  roles:
#  - pb_install_dev


## Prod Servers ###
#- name: install powerbroker (pbis and pbul) to all prod servers
#  hosts: e3servers
#  become: yes


#  roles:
#  - pb_install_prod


## Variables Prompt 
  vars_prompt:
- name: "ansible_sudo_pass"
  prompt: "SUDO password"
  private: yes

I turned off (commented out) the others because I am not ready to push to 
those yet ;)

Looks like this is going to work well. However, I am running into a snag. 
My last task needs me to provide a password. The task I am referring to is 
from this file 

   - pb_install_test/tasks/main.yml

This is the actual task I am referring to:

- name: join systems to domain and correct ou
  shell: /opt/pbis/bin/domainjoin-cli join --notimesync --disable hostname 
--ou OU=UNIX,OU=Servers,DC=sub,DC=domain,DC=com subdomain.server.com

Not long ago while starting out, I was doing something like this to pass a 
password to a command but not sure if this is the best approach for this:

- name: join systems to domain and correct ou
  expect:
command: /bin/bash -c "/opt/pbis/bin/domainjoin-cli join --
notimesync --disable hostname --ou OU=UNIX,OU=Servers,DC=sub,DC=domain,DC=com 
subdomain

Re: [ansible-project] item.key does not expand in default filter

[Brian Coca]

moustaches do not stack

  home="{{ item.value.home | default("/home/" + item.key) }}"


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7fxyDPv2DrgXoUHr966yN5KM%2BhLaYKuNgVjymzjMXHdtg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Multiple test conditions for when: not working

[Brian Coca]

seems like you wanted:

when: "(  '0 to upgrade, 0 to newly install' not in
ruby_installed_version.stdout) and ( '0 upgraded, 0 newly installed' not in
ruby_installed_version.stdout)"

making them a list ( -) is an implicit AND.

--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7dhrVFDgaBH%3Diihe-6sz9JWdtXNS-_in0Wfk1WkSZbh2Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not becoming super user

[Aaron Axisa]

Updating the ansible credentials to leave out the privelege escalation 
worked thanks

On Tuesday, March 22, 2016 at 10:15:44 PM UTC+1, Brian Coca wrote:
>
> I believe the issue is you are using become wrong, as per that sudoers 
> file you can just leave the `become_user: root` and it will work logging in 
> either as sshuser or machineadmin (also `become_method: sudo`), or just 
> don't set them as those are the defaults.
>
>
> --
> Brian Coca
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5647e0c6-534a-470d-bb6b-a5e0a9001338%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to do Ansible conditional include_vars?

[Dick Davies]

Sorry if I have this wrong - the nested YAML quote thing is hurting my
eyes - but I think you can do what you want with group_vars - have a
look at the docs for that.


On 22 March 2016 at 17:55, Roy  wrote:
> Hi,
>
>
> I am trying to use include_vars based on when condition as follows:
>
> - include_vars: clouderamanager.yml
>   when: "'{{ inventory_hostname }}' in groups['hadoop-clouderamanager']"
>
> - include_vars: hadoop-namenode.yml
>   when: "'{{ inventory_hostname }}' in groups['hadoop-namenode']"
>
> - include_vars: resourcemanager.yml
>   when: "'{{ inventory_hostname }}' in groups['hadoop-resourcemanager']"
>
> - include_vars: spark-history-server.yml
>   when: "'{{ inventory_hostname }}' in groups['spark-history-server']"
>
> I am getting ERROR! Syntax Error while loading YAML.
>
> The error appears to have been in
> '~/ansible/roles/hadoop-master/tasks/main.yml': line 4, column 36, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> - include_vars: clouderamanager.yml
>   when: '{{ inventory_hostname }}' in groups['hadoop-clouderamanager']
>^ here
>
> What I am missing here ?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/e8963782-dc02-46b5-98b2-3833312b64c2%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPTFdJUd%3DXVxeAsT7_ACx7kwL3Ky2eL2eL9Mn5LQ2SLRmw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Populate list from results (list)

[Stephen Granger]

I'm using the ec2_remote_facts module to get a list of instances based on
filters.

I want to create another list that contains the
ec2_facts.instances[0-n].private_ip

This is the logic I'm after

- name: Set server names address for webapp proxy server
  set_fact:
servers[item]: "{{ ec2_facts.instances[item].private_ip_address }}"
  with_sequence: "start=0 end={{ ec2_facts.instances|(length -1) }}"

but it doesn't work

"msg": "ERROR! 'list object' has no attribute u'0'"

I can manually set each fact

- name: Set server names address for webapp proxy server
  set_fact:
servers: ["{{ ec2_facts.instances[0].private_ip_address }}", "{{
ec2_facts.instances[1].private_ip_address }}" ]

But this is not optimal as it doesn't work for variable length lists.

-- 
Steve

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BemtqvBy93pj05M0m3g6Ozz0oC6PU3dGJsUqBS2%2BwS8nA2yow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not becoming super user

[Brian Coca]

I believe the issue is you are using become wrong, as per that sudoers file
you can just leave the `become_user: root` and it will work logging in
either as sshuser or machineadmin (also `become_method: sudo`), or just
don't set them as those are the defaults.


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7cXExSbK8HVjOEYrD95%2Boa32NEDGvph-YKPCDFakGDgXA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not becoming super user

[Aaron Axisa]

If i go into visudo (centos) I have the following

sshUser ALL=(ALL)   NOPASSWD: ALL
machineAdminALL=(ALL)   NOPASSWD: ALL

so yes?

On Tuesday, March 22, 2016 at 9:48:25 PM UTC+1, Benjamin Redling wrote:
>
> On 2016-03-22 20:25, Aaron Axisa wrote: 
> > TASK [gosa : Install EPEL Package] 
> > * task path: 
> > 
> /var/lib/awx/projects/_8__bitbucket_ldap/ansible/roles/gosa/tasks/main.yml:15<192.168.20.4>
>  
>
> > ESTABLISH SSH CONNECTION FOR USER: sshUser<192.168.20.4> SSH: 
>
> Have you setup sshUser in sudoers for password less privilege elevation? 
>
> Benjamin 
> -- 
> FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html 
> vox: +49 3641 9 44323 | fax: +49 3641 9 44321 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0373dcbb-13c8-44e5-916e-46dfd1306361%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] a few third-party modules for s3, ec2

[Ted Timmons]

I have some custom Ansible modules to scratch my own itches. Two are very
significant:
- s3enc: get/put s3 files with KMS-based client-side encryption
- s3_sync: high-speed s3 uploader

https://github.com/tedder/tedder_ansible_library/tree/master/library

Enjoy,
-ted

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK7GBH-OWC2g%3Dx-Hy5EdLJPVs2K4MHCzsEKJ%2B3Wh5PWcfNOMFg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not becoming super user

[Benjamin Redling]

On 2016-03-22 20:25, Aaron Axisa wrote:
> TASK [gosa : Install EPEL Package]
> * task path:
> /var/lib/awx/projects/_8__bitbucket_ldap/ansible/roles/gosa/tasks/main.yml:15<192.168.20.4>
> ESTABLISH SSH CONNECTION FOR USER: sshUser<192.168.20.4> SSH:

Have you setup sshUser in sudoers for password less privilege elevation?

Benjamin
-- 
FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html
vox: +49 3641 9 44323 | fax: +49 3641 9 44321

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/56F1AF90.803%40uni-jena.de.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not becoming super user

[Aaron Axisa]

If i run the yum install as the machineAdmin user it is fine on the 
machine. Ansible is somehow losing the privledges?

And it's using su machineAdmin cause ansible tower is configured that the 
sshUser's privelege escalation is of type su and with credentials for 
machineAdmin 
(In reality both machineAdmin and sshUser are sudoers and hence an execute 
the command)

On Tuesday, March 22, 2016 at 9:35:04 PM UTC+1, Brian Coca wrote:
>
> So in the first debug I see "su  machineAdmin" which might not have access 
> to the specific action if yum is giving you that message.
>
> @Brandon, this is useless:
>
>   remote_user: "{{user_to_use}}"
>   become: yes
>   become_user: "{{user_to_use}}"
>
> ^ that is the same as writing  sudo 'myself', the become_user is the user 
> you TURN INTO, the remote_user is the one you login as and that TURNS INTO 
> the become_user.
>
>
> -- 
> --
> Brian Coca
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/62f51940-ba09-4a9d-b188-02a275ba419e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

[Mike Biancaniello]

like I said, since you've put this into a role, "separating this into 
multiple plays would be more complicated", so you're better off not 
splitting it up and instead, doing what you were doing 

copied from your earlier post (with the typo pointed out by Uditha 
corrected:

In app_install_main.yml:

---

- name: install app and join systems to domain
  hosts: testservers
  become: yes

  roles:
  - app_install

  vars_prompt:
  - name: "ansible_sudo_pass"
prompt: "Sudo password"
private: yes

It is here where I am calling my hosts: testservers. Then in my 
task/main.yml, I have:

---
# tasks file for app_install

- name: Install required nfs packages
  yum: name={{ item }} state=present
  with_items:
  - nfs-utils
  - nfs-utils-lib

- name: Create a temporary mount point for the installation files
  file: path=/tmp/app_install state=directory owner=root group=root mode=
0775

- name: Mount the nfs share from nfsshare.domain.tld
  shell: mount -F -t nfs -o vers=3 -v nfsshare.domain.tld:/share/location /
tmp/app_install

- name: Install app on test systems
  command: /tmp/app_install/apptool_install arg1
  when: "'testservers'in group_names"

- name: Join test systems to test ou
  shell: /path/to/domainjoin-cli join --notimesync --disable hostname
 --ou OU=test,OU=UNIX,DC=server,DC=domain,DC=tld server.domain.tld 
join_account
  when: "'testservers' in group_names"

On Tuesday, March 22, 2016 at 4:01:55 PM UTC-4, Gilberto Valentin wrote:
>
> Hi Mike,
>
> Thanks for the suggestions. I tried to implement what you mentioned and I 
> ended up breaking everything. I am completely lost with this. I am just 
> going to have to start over at this point. Between sanitizing the data to 
> post here and then trying to translate your suggestions back to what it 
> really is on my end keeps getting more and more complicated. Somewhere 
> along the line, I've lost the translation of what you are suggestion vs how 
> I am actually writing it.
>


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20313b33-c9ff-4ae5-9d98-fca3565dc943%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not becoming super user

[Brian Coca]

So in the first debug I see "su  machineAdmin" which might not have access
to the specific action if yum is giving you that message.

@Brandon, this is useless:

  remote_user: "{{user_to_use}}"
  become: yes
  become_user: "{{user_to_use}}"

^ that is the same as writing  sudo 'myself', the become_user is the user
you TURN INTO, the remote_user is the one you login as and that TURNS INTO
the become_user.


-- 
--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7fHvVHLdBFLAyLFj4LZCFwgb6dXBjBySuNoV6jyhwQF1w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: eos_command module waitfor - IP address in json structure

[Peter Sprygada]

Thats a bug... could you file an issue at
github.com/ansible/ansible-modules-core please?

On Tue, Mar 22, 2016 at 2:17 PM, Martin Baro 
wrote:

> Hi Uditha,
>
> Thanks for the reply.
> I've simplified the problem a bit (just removed the variable) and with
> removing the "" around the whole statement I managed to preserve the quotes.
> Unfortunately it didn't solve the problem:
>
> waitfor:
>- result[0].vrfs.default.routes[\'1.2.3.4/30\'].hardwareProgrammed
>  eq true
>
> The error was: ValueError: result[0].vrfs.default.routes['
> 1.2.3.4/30'].hardwareProgrammed 
>
> The issue is the same with double quotes around the IP address.
>
>
>
>
> On Tuesday, March 22, 2016 at 2:50:05 PM UTC+1, Uditha Desilva wrote:
>>
>> It may need more protection for those quotes -- perhaps this?
>>
>>- "result[0].vrfs.default.routes[\'{{ route }}\'].hardwareProgrammed
>> eq true"
>>
>>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/7f5a3e93-84cc-43c7-b11f-50ccb849971a%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEkdrMg--AsjVUyE4sMifigAh36zfHk9qNL4gspggHULutvOSg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: My first "role" isn't running

[Gilberto Valentin]

Hi Mike,

Thanks for the suggestions. I tried to implement what you mentioned and I 
ended up breaking everything. I am completely lost with this. I am just 
going to have to start over at this point. Between sanitizing the data to 
post here and then trying to translate your suggestions back to what it 
really is on my end keeps getting more and more complicated. Somewhere 
along the line, I've lost the translation of what you are suggestion vs how 
I am actually writing it.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/16da5467-a972-479c-9d17-68b3467058ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible not becoming super user

[Aaron Axisa]

TASK [gosa : Install EPEL Package] 
* task path: 
/var/lib/awx/projects/_8__bitbucket_ldap/ansible/roles/gosa/tasks/main.yml:15 
<192.168.20.4> 
ESTABLISH SSH CONNECTION FOR USER: sshUser <192.168.20.4> SSH: ansible.cfg 
set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s) <192.168.20.4> 
SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: 
(-o)(StrictHostKeyChecking=no) <192.168.20.4> SSH: 
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=sshUser) 
<192.168.20.4> 
SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10) <192.168.20.4> 
SSH: PlayContext set ssh_common_args: () <192.168.20.4> SSH: PlayContext 
set ssh_extra_args: () <192.168.20.4> SSH: found only ControlPersist; added 
ControlPath: 
(-o)(ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r) 
<192.168.20.4> 
SSH: EXEC sshpass -d19 ssh -C -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o User=sshUser -o 
ConnectTimeout=10 -o 
ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r -tt 
192.168.20.4 '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo 
/tmp/ansible-tmp-1458673360.76-40131931109713 `" && echo "` echo 
/tmp/ansible-tmp-1458673360.76-40131931109713 `" )'"'"'' <192.168.20.4> PUT 
/tmp/tmp79QZ0d TO /tmp/ansible-tmp-1458673360.76-40131931109713/yum 
<192.168.20.4> 
SSH: ansible.cfg set ssh_args: 
(-o)(ControlMaster=auto)(-o)(ControlPersist=60s) <192.168.20.4> SSH: 
ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: 
(-o)(StrictHostKeyChecking=no) <192.168.20.4> SSH: 
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=sshUser) 
<192.168.20.4> 
SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10) <192.168.20.4> 
SSH: PlayContext set ssh_common_args: () <192.168.20.4> SSH: PlayContext 
set sftp_extra_args: () <192.168.20.4> SSH: found only ControlPersist; 
added ControlPath: 
(-o)(ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r) 
<192.168.20.4> 
SSH: EXEC sshpass -d19 sftp -b - -C -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o User=sshUser -o 
ConnectTimeout=10 -o 
ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r 
'[192.168.20.4]' <192.168.20.4> ESTABLISH SSH CONNECTION FOR USER: sshUser 
<192.168.20.4> 
SSH: ansible.cfg set ssh_args: 
(-o)(ControlMaster=auto)(-o)(ControlPersist=60s) <192.168.20.4> SSH: 
ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: 
(-o)(StrictHostKeyChecking=no) <192.168.20.4> SSH: 
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=sshUser) 
<192.168.20.4> 
SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10) <192.168.20.4> 
SSH: PlayContext set ssh_common_args: () <192.168.20.4> SSH: PlayContext 
set ssh_extra_args: () <192.168.20.4> SSH: found only ControlPersist; added 
ControlPath: 
(-o)(ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r) 
<192.168.20.4> 
SSH: EXEC sshpass -d19 ssh -C -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o User=sshUser -o 
ConnectTimeout=10 -o 
ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r -tt 
192.168.20.4 '/bin/sh -c '"'"'chmod a+r 
/tmp/ansible-tmp-1458673360.76-40131931109713/yum'"'"'' <192.168.20.4> 
ESTABLISH SSH CONNECTION FOR USER: sshUser <192.168.20.4> SSH: ansible.cfg 
set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s) <192.168.20.4> 
SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: 
(-o)(StrictHostKeyChecking=no) <192.168.20.4> SSH: 
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=sshUser) 
<192.168.20.4> 
SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10) <192.168.20.4> 
SSH: PlayContext set ssh_common_args: () <192.168.20.4> SSH: PlayContext 
set ssh_extra_args: () <192.168.20.4> SSH: found only ControlPersist; added 
ControlPath: 
(-o)(ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r) 
<192.168.20.4> 
SSH: EXEC sshpass -d19 ssh -C -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o User=sshUser -o 
ConnectTimeout=10 -o 
ControlPath=/tmp/ansible_tower_ujAG0E/cp/ansible-ssh-%h-%p-%r -tt 
192.168.20.4 '/bin/sh -c '"'"'su machineAdmin -c '"'"'"'"'"'"'"'"'/bin/sh 
-c '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'echo 
BECOME-SUCCESS-lfogtfnclgywxqhqkuojrrwwqbimgrad; LANG=en_US.UTF-8 
LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python -tt 
/tmp/ansible-tmp-1458673360.76-40131931109713/yum'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'"'"'"'"'"'"'"''"'"''
 <192.168.20.4> 
ESTABLISH SSH CONNECTION FOR USER: sshUser <192.168.20.4> SSH: ansible.cfg 
set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s) <192.168.20.4> 
SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: 
(-o)(StrictHostKeyChecking=no) <192.168.20.4> SSH: 
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=sshUser) 
<192.168.20.4> 
SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(Connect

Re: [ansible-project] Ansible not becoming super user

[Brian Coca]

run with - to see what ansible is doing.


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7dJPXmJssABSrF_eks-B4j86mSY_NYeuLF__oR1mXSEjA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible not becoming super user

[Aaron Axisa]

I have the following playbook

---

- name: myPlaybook
  hosts: "{{machine_to_setup}}"
  remote_user: "{{user_to_use}}"
  become: yes

  roles:
# Install Gosa - part 1
- { role: gosa, become: yes }



(I know become is duplicated.

With the following role content:


---
# Requires Ansible version 2.1 onwards
# Installing the yum EPEL repository
- name: Download rpm Package for EPEL
  get_url:
url: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
dest: /tmp/epel.rpm
mode: 0777
force: true

- name: Install EPEL Package
  yum:
name: /tmp/epel.rpm
state: present


And I am running the command from ansible tower on ansible 2.1 using the 
following parameters:

machine_to_setup: 192.168.20.4 
user_to_use: sshUser



Yet during the Install EPEL Package stage I get the following error:fatal: 
[192.168.20.4]: FAILED! => {"changed": true, "failed": true, "invocation": 
{"module_args": {"conf_file": null, "disable_gpg_check": false, "disablerepo": 
null, "enablerepo": null, "exclude": null, "install_repoquery": true, "list": 
null, "name": ["/tmp/epel.rpm"], "state": "present", "update_cache": false, 
"validate_certs": true}, "module_name": "yum"}, "msg": "You need to be root to 
perform this command.\n", "rc": 1, "results": ["Loaded plugins: 
fastestmirror\n"]}

Which is mainly : "You need to be root to perform this command" 


So why is ansible not becoming a super user even though I am clearly telling it 
to.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a9357f0f-95f0-4085-a1f4-8c3aebb5c625%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How to do Ansible conditional include_vars?

[Brian Coca]

a) you are using {{}} in when clause
b) you start a YAML value by a quote but do not end by a quote
c) you want this:

when: inventory_hostname in groups['hadoop-clouderamanager']

or

when: "'hadoop-clouderamanager' in group_names"

--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7e7RuCyN%2B2S67WNX0QNtxEo4wNTRt6UY8nPCuH4LyQL5A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible become option with passwordless

[Brian Coca]

The way ansible works is by running arbitrary scripts (modules) on the
remote machine, as such it is very hard to make sudo rules to allow this
that are virtually equivalent to ALL.

​Some modules do execute system commands, many others use syscalls
directly, so even if we introduce a way to 'delegate' the privilege
escalation to the module, it won't help you in many cases.​


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7ft6MKuiy9zGv3ENDHUwV7HXY8yuS-ycEjV2EYCtiS54Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible become option with passwordless

[Uditha Desilva]

If that's all you really need, invoke it via a "command" stanza with a 
passwordless sudo. Problem solved.

On Tuesday, 22 March 2016 18:46:35 UTC, Matt Calhoun wrote:
>
> Sure, except that I am running ansible on an unattended deployment box 
> (Jenkins) in this case vs real humans running interactively in the case of 
> my admins.
>
> I'm trying to follow a policy of least privilege and grant the user only 
> the rights to restart the nginx server as root (needs it to access port 
> 443) since that's the only thing the user needs to do that requires 
> privledge escalation. 
>
> I'm wondering why this can't be accomplished with ansible? It seems like 
> having to allow the deploy user to run any command (rather than just the 
> one needed to restart the service) creates a potential security hole if 
> that user's key is compromised. Am I missing something here?
>
> On Tue, Mar 22, 2016 at 2:37 PM, Brian Coca  > wrote:
>
>> you can use ansible + sudo + sudo password, you end up with exact same 
>> security.
>>
>>
>> --
>> Brian Coca
>>
>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/ansible-project/sOysHHs0kYU/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to 
>> ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com
>>  
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/daae1f78-adfc-4d4a-9df0-f5faedb7dfec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible become option with passwordless

[Calhoun, Matt]

Sure, except that I am running ansible on an unattended deployment box
(Jenkins) in this case vs real humans running interactively in the case of
my admins.

I'm trying to follow a policy of least privilege and grant the user only
the rights to restart the nginx server as root (needs it to access port
443) since that's the only thing the user needs to do that requires
privledge escalation.

I'm wondering why this can't be accomplished with ansible? It seems like
having to allow the deploy user to run any command (rather than just the
one needed to restart the service) creates a potential security hole if
that user's key is compromised. Am I missing something here?

On Tue, Mar 22, 2016 at 2:37 PM, Brian Coca  wrote:

> you can use ansible + sudo + sudo password, you end up with exact same
> security.
>
>
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/sOysHHs0kYU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEw3D2e9QY%2BNy6c-aX9E9MP8GitX%3DQrXfdRsUgvvow9Out2H1w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible become option with passwordless

[Brian Coca]

you can use ansible + sudo + sudo password, you end up with exact same
security.


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible become option with passwordless

[Matt Calhoun]

I'm not sure I agree with that. With our admins, we have ssh with key + 
sudo with a password. With this setup (running ansible as a deploy user to 
deploy a web app), the only protection I have is the ssh key.

Is there a good reason the ansible user can't be restricted to specific 
commands via sudo?

On Tuesday, March 22, 2016 at 12:51:22 PM UTC-4, Uditha Desilva wrote:
>
> It's no more a security role than allowing your sysadmins to su to root...
>
> On Monday, 21 March 2016 18:28:21 UTC, Matt Calhoun wrote:
>>
>> Is there really no way to give the ansible user specific sudo NOPASSWD 
>> privileges? This seems like a huge security hole!
>>
>> On Monday, March 21, 2016 at 9:24:31 AM UTC-4, selvam vasu wrote:
>>>
>>> Hi,
>>> I am newbie to ansible. You can find it easily through this dump 
>>> question. 
>>> I have limited access to one user(selvam) which can ran limited commands 
>>> using sudo option.
>>> My sudoers file looks like below.
>>>  
>>> selvam  ALL=(ALL) NOPASSWD: /usr/sbin/service,/usr/bin/apt-get
>>>
>>> I have tried to install apt package in remote machine using ansible 
>>> playbooks as selvam user with sudo option.
>>>
>>> Here is playbook file contents.
>>>
>>> playbook.yml
>>> ---
>>> - hosts: host1
>>>   remote_user: selvam
>>>   tasks:
>>> - name: users package
>>>   apt: name={{ item }} state=latest
>>>   become: yes
>>>   with_items:
>>> - nginx
>>>
>>> But the problem is when i run this playbook, I am getting the error as 
>>> "Missing become password". I need to install the package with passwordless.
>>>
>>> When run this below command manually from my ansible host, it is working 
>>> fine with passwordless. How can i accomplish the same through ansible 
>>> playbook.
>>>
>>> [selvam@host1] $ ssh host1 sudo -u root apt-get install nginx
>>>
>>> Ansible version:
>>> ***
>>>
>>> $ ansible-playbook --version
>>> ansible-playbook 1.9.4
>>>   configured module search path = None
>>>
>>> Let me know where I have to  modify my configs. 
>>>
>>> Thanks in Advance.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b86092aa-00c9-47f3-972c-707b7e9ac10f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: eos_command module waitfor - IP address in json structure

[Martin Baro]

Hi Uditha,

Thanks for the reply.
I've simplified the problem a bit (just removed the variable) and with 
removing the "" around the whole statement I managed to preserve the quotes.
Unfortunately it didn't solve the problem:

waitfor:
   - result[0].vrfs.default.routes[\'1.2.3.4/30\'].hardwareProgrammed 
eq true

The error was: ValueError: 
result[0].vrfs.default.routes['1.2.3.4/30'].hardwareProgrammed

The issue is the same with double quotes around the IP address.




On Tuesday, March 22, 2016 at 2:50:05 PM UTC+1, Uditha Desilva wrote:
>
> It may need more protection for those quotes -- perhaps this?
>
>- "result[0].vrfs.default.routes[\'{{ route }}\'].hardwareProgrammed 
> eq true"
>
>>


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7f5a3e93-84cc-43c7-b11f-50ccb849971a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How to do Ansible conditional include_vars?

[Roy]

Hi,


I am trying to use include_vars based on when condition as follows:

- include_vars: clouderamanager.yml
  when: "'{{ inventory_hostname }}' in groups['hadoop-clouderamanager']"

- include_vars: hadoop-namenode.yml
  when: "'{{ inventory_hostname }}' in groups['hadoop-namenode']"

- include_vars: resourcemanager.yml
  when: "'{{ inventory_hostname }}' in groups['hadoop-resourcemanager']"

- include_vars: spark-history-server.yml
  when: "'{{ inventory_hostname }}' in groups['spark-history-server']"

I am getting ERROR! Syntax Error while loading YAML.

The error appears to have been in 
'~/ansible/roles/hadoop-master/tasks/main.yml': line 4, column 36, but may be 
elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

- include_vars: clouderamanager.yml
  when: '{{ inventory_hostname }}' in groups['hadoop-clouderamanager']
   ^ here

What I am missing here ?

Thanks 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e8963782-dc02-46b5-98b2-3833312b64c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: [WARNING]: provided hosts list is empty, only localhost is available

[Leroy Walker Jr]

DOH thanks so much! that worked. 

On Tuesday, March 22, 2016 at 12:20:41 PM UTC-4, Uditha Desilva wrote:
>
> You didn't specify the inventory in the 2nd command... try
>
> *ansible -i hosts -m ping all*
>
> On Tuesday, 22 March 2016 15:06:10 UTC, Leroy Walker Jr wrote:
>>
>> I could really use some help on this issue. I have a hosts file with one 
>> server.
>> the hosts looks like
>>
>> *[vm]*
>> *172.20.20.106*
>>
>> when i run the host command, i get:
>>
>> * ansible -i hosts --list-hosts all*
>> * hosts (1):*
>> * 172.20.20.106*
>>
>> but when i run a simple ping command  
>> *ansible hosts -m ping*
>> * [WARNING]: provided hosts list is empty, only localhost is available*
>>
>> I get the following
>>
>> I have not idea whats wrong! 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/100688fe-c545-4930-b4dc-802d8e830588%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: include custom python library from custom module

[Mike Biancaniello]

You can put them in the same or sub dir as your modules. Or, you can put 
them anywhere, just append the path in the module. However, if you want 
multiple modules in multiple roles to share the same libs, then things get 
tricky. I've done that by appending '../../pylibs/' to my sys.path to get 
things up and running, but eventually just installed the libs globally on 
the system and did away with that ugliness. Of course, you could always 
just run ansible inside of a docker or python-virtualenv and then install 
the libs local to that environment.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4bfa2fe5-006f-43f1-be30-3a0ddf4403bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: include custom python library from custom module

[Uditha Desilva]

Given my understanding of the way Ansible bundles up modules, I am not sure 
that will work. You may need to install your custom python libraries on 
each of your target systems.

On Monday, 21 March 2016 18:41:07 UTC, Alexey Wasilyev wrote:
>
> Hello!
>
> I am writing a set of custom ansible modules, that uses some shared code.
> And cant find a right way how this can be organised. Where I should put my 
> custom python library under current catalog so it can be imported by my 
> modules?
>
> I don't want to makes "official" library, available via pip, and I don't 
> want to copy it manually out of current playbook tree.
>
>
> Alexey
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5007aa5a-5d53-4d05-8fd2-ae0bad6d7f0c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible become option with passwordless

[Uditha Desilva]

It's no more a security role than allowing your sysadmins to su to root...

On Monday, 21 March 2016 18:28:21 UTC, Matt Calhoun wrote:
>
> Is there really no way to give the ansible user specific sudo NOPASSWD 
> privileges? This seems like a huge security hole!
>
> On Monday, March 21, 2016 at 9:24:31 AM UTC-4, selvam vasu wrote:
>>
>> Hi,
>> I am newbie to ansible. You can find it easily through this dump 
>> question. 
>> I have limited access to one user(selvam) which can ran limited commands 
>> using sudo option.
>> My sudoers file looks like below.
>>  
>> selvam  ALL=(ALL) NOPASSWD: /usr/sbin/service,/usr/bin/apt-get
>>
>> I have tried to install apt package in remote machine using ansible 
>> playbooks as selvam user with sudo option.
>>
>> Here is playbook file contents.
>>
>> playbook.yml
>> ---
>> - hosts: host1
>>   remote_user: selvam
>>   tasks:
>> - name: users package
>>   apt: name={{ item }} state=latest
>>   become: yes
>>   with_items:
>> - nginx
>>
>> But the problem is when i run this playbook, I am getting the error as 
>> "Missing become password". I need to install the package with passwordless.
>>
>> When run this below command manually from my ansible host, it is working 
>> fine with passwordless. How can i accomplish the same through ansible 
>> playbook.
>>
>> [selvam@host1] $ ssh host1 sudo -u root apt-get install nginx
>>
>> Ansible version:
>> ***
>>
>> $ ansible-playbook --version
>> ansible-playbook 1.9.4
>>   configured module search path = None
>>
>> Let me know where I have to  modify my configs. 
>>
>> Thanks in Advance.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0248d7a5-ec0d-4ac8-927a-1a4d554b637b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Local_action module failed.

[Uditha Desilva]

What's wrong with doing it via inventory?

I suppose you could try explicitly setting 

hostvars.['localhost'].ansible_connection_method="local"

as a workaround.

Uditha.

On Tuesday, 22 March 2016 15:06:09 UTC, Yuri wrote:
>
> Hello,
>
> (Ansible version:2.0.0)
>
> I tried to execute the following playbook.
>
> ---
> - name: test
>   hosts: remote_windows_host
>   vars:
> ansible_ssh_user: XXX
> ansible_ssh_pass: XXX
> ansible_ssh_port: 
> ansible_connection: winrm
>   tasks:
> - name: setup(remote windows host)
>   setup:
> - name: sleep(local linux host)
>   local_action: command sleep 5
> ---
>
> Then, the task "sleep(local linux host)" was failed.
> The results in debug mode is as follows.
>
> --
> TASK [sleep(local linux host)] 
> *
> task path: XX.yml:12
>  ESTABLISH WINRM CONNECTION FOR USER: XXX on PORT  TO 
> localhost
> fatal: [XX.XX.XXX.XXX]: FAILED! => {"failed": true, "msg": "ERROR! ssl: 
> 500 WinRMTransport. Tunnel connection failed: 403 Forbidden"} 
> --
>
> Even though using local_action module, why does it try to connect to 
> localhost with winrm?
> How can I do so that LOCAL CONNECTION is used? (And not defining vars in 
> inventory file.)
>
>
> Thanks a lot for any help.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9b37f86d-1f79-48ad-a311-8a6ef1cdd35b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Local_action module failed.

[Uditha Desilva]

Looks like your  "ansible_connection: winrm" is overriding the connection 
method for localhost. Any reason why you can't define those as group 
variables via inventory? 

On Tuesday, 22 March 2016 15:06:09 UTC, Yuri wrote:
>
> Hello,
>
> (Ansible version:2.0.0)
>
> I tried to execute the following playbook.
>
> ---
> - name: test
>   hosts: remote_windows_host
>   vars:
> ansible_ssh_user: XXX
> ansible_ssh_pass: XXX
> ansible_ssh_port: 
> ansible_connection: winrm
>   tasks:
> - name: setup(remote windows host)
>   setup:
> - name: sleep(local linux host)
>   local_action: command sleep 5
> ---
>
> Then, the task "sleep(local linux host)" was failed.
> The results in debug mode is as follows.
>
> --
> TASK [sleep(local linux host)] 
> *
> task path: XX.yml:12
>  ESTABLISH WINRM CONNECTION FOR USER: XXX on PORT  TO 
> localhost
> fatal: [XX.XX.XXX.XXX]: FAILED! => {"failed": true, "msg": "ERROR! ssl: 
> 500 WinRMTransport. Tunnel connection failed: 403 Forbidden"} 
> --
>
> Even though using local_action module, why does it try to connect to 
> localhost with winrm?
> How can I do so that LOCAL CONNECTION is used? (And not defining vars in 
> inventory file.)
>
>
> Thanks a lot for any help.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6f96f2ec-bb35-46a2-86e2-ba91d308bec1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: [WARNING]: provided hosts list is empty, only localhost is available

[Uditha Desilva]

You didn't specify the inventory in the 2nd command... try

*ansible -i hosts -m ping all*

On Tuesday, 22 March 2016 15:06:10 UTC, Leroy Walker Jr wrote:
>
> I could really use some help on this issue. I have a hosts file with one 
> server.
> the hosts looks like
>
> *[vm]*
> *172.20.20.106*
>
> when i run the host command, i get:
>
> * ansible -i hosts --list-hosts all*
> * hosts (1):*
> * 172.20.20.106*
>
> but when i run a simple ping command  
> *ansible hosts -m ping*
> * [WARNING]: provided hosts list is empty, only localhost is available*
>
> I get the following
>
> I have not idea whats wrong! 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e12b86f3-2fed-4519-8bf6-a23abc34726a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] [WARNING]: provided hosts list is empty, only localhost is available

[Dick Davies]

You need a group as the second argument. try

ansible -i hosts vm -m ping

On 22 March 2016 at 14:33, Leroy Walker Jr  wrote:
> I could really use some help on this issue. I have a hosts file with one
> server.
> the hosts looks like
>
> [vm]
> 172.20.20.106
>
> when i run the host command, i get:
>
>  ansible -i hosts --list-hosts all
>  hosts (1):
>  172.20.20.106
>
> but when i run a simple ping command
> ansible hosts -m ping
>  [WARNING]: provided hosts list is empty, only localhost is available
>
> I get the following
>
> I have not idea whats wrong!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3c0373b0-2259-4023-9eb5-c9c02735ba0a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPR4nro-17p9DCzXA29XaT%2Bsu0-RTRCiZvHsAy%3DCPP8-%2BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Introducing debug strategy plugin

[Brian Coca]

Nice,

Do you want to contribute it to ansible/ansible?


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7c1PMbRCmYVGXyG6s1cqVz2gCTt%3DpTjcw2_vKvemV_sSA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Introducing debug strategy plugin

[yagami kishin]

Hi all,

When I write a playbook and run it, I often add a stupid bug and running 
the playbook fails at some point. Fixing these bugs often takes time since 
I am not sure actual values of facts, variables and so on. Then I think it 
would be nice if I have a debugger for it.

So I've created 'debug' strategy. The strategy enables you to invoke a 
debugger when a task is failed, and check several info, such as the value 
of a variable. Also, it is possible to update module arguments in the 
debugger, and run the failed task again with new arguments to consider how 
you can fix an issue.

Visit https://github.com/ks888/ansible-playbook-debugger to see an example 
and get it.

Please tell me if you have any opinions!

Thanks,
Kishin

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3eac31ac-a82a-4a80-a96f-fa51c0a891f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible 2.0.1.0 don't work --start-at-task

[Artem Feofanov]

Hi, i have a problem with --start-at-task  in ansible 2.0.1.0

*playbook front.yml*

---
- hosts: all
  become: yes
  remote_user: vagrant
  gather_facts: no

  tasks:
  - name: "one"
apt_repository: repo='ppa:nginx/development'

  - name: "two"
action: apt pkg={{ item }} state=installed
with_items:
- nginx-extras
- php5
- libapache2-mod-php5
- libapache2-mod-rpaf
- php5-cli
- php5-curl
- php5-dev
- php5-gd
- php-pear
- php5-gmp
- php5-imagick
- php5-mcrypt
- php5-memcache
- php5-memcached
- php5-mysqlnd
- php5-xcache
- php5-xmlrpc
- php5-xsl
- apache2
- memcached
- imagemagick
- luarocks


  - name: "three"
file: path=/vagrant/www state=directory

  - name: "four"
file: path=/var/www state=absent

  - name: "five"
file: src=/vagrant/www dest=/var/www state=link

  - name: "six"
file: path=/etc/nginx state=absent

  - name: "seven"
file: path=/etc/nginx state=directory

  - name: "eight"
command: luarocks install lua-cjson




*ansible-playbook -i hosts front.yml --start-at-task='two' -kK*
SSH password:
SUDO password[defaults to SSH password]:

PLAY 
***


PLAY RECAP 
*

*ansible-playbook -i hosts front.yml --start-at-task='six' -kK*

SSH password:
SUDO password[defaults to SSH password]:

PLAY 
***


PLAY RECAP 
*



But, when start play from first task all ok

 *ansible-playbook -i hosts front.yml --start-at-task='one' -kK*


SSH password:
SUDO password[defaults to SSH password]:

PLAY 
***

TASK [one] 
*
ok: [192.168.111.113]

TASK [two] 
*
ok: [192.168.111.113] => (item=[u'nginx-extras', u'php5', 
u'libapache2-mod-php5', u'libapache2-mod-rpaf', u'php5-cli', u'php5-curl', 
u'php5-dev', u'php5-gd', u'php-pear', u'php5-gmp', u'php5-imagick', 
u'php5-mcrypt', u'php5-memcache', u'php5-memcached', u'php5-mysqlnd', 
u'php5-xcache', u'php5-xmlrpc', u'php5-xsl', u'apache2', u'memcached', 
u'imagemagick', u'luarocks'])

TASK [three] 
***
ok: [192.168.111.113]

TASK [four] 

changed: [192.168.111.113]

TASK [five] 

changed: [192.168.111.113]

TASK [six] 
*
changed: [192.168.111.113]

TASK [seven] 
***
changed: [192.168.111.113]

TASK [eight] 
***
changed: [192.168.111.113]

PLAY RECAP 
*
192.168.111.113: ok=8changed=5unreachable=0failed=0


Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/efe311b6-332b-4f01-bbf8-afb262bc4115%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] [WARNING]: provided hosts list is empty, only localhost is available

[Leroy Walker Jr]

I could really use some help on this issue. I have a hosts file with one 
server.
the hosts looks like

*[vm]*
*172.20.20.106*

when i run the host command, i get:

* ansible -i hosts --list-hosts all*
* hosts (1):*
* 172.20.20.106*

but when i run a simple ping command  
*ansible hosts -m ping*
* [WARNING]: provided hosts list is empty, only localhost is available*

I get the following

I have not idea whats wrong! 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3c0373b0-2259-4023-9eb5-c9c02735ba0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Local_action module failed.

[Yuri]

Hello,

(Ansible version:2.0.0)

I tried to execute the following playbook.

---
- name: test
  hosts: remote_windows_host
  vars:
ansible_ssh_user: XXX
ansible_ssh_pass: XXX
ansible_ssh_port: 
ansible_connection: winrm
  tasks:
- name: setup(remote windows host)
  setup:
- name: sleep(local linux host)
  local_action: command sleep 5
---

Then, the task "sleep(local linux host)" was failed.
The results in debug mode is as follows.

--
TASK [sleep(local linux host)] 
*
task path: XX.yml:12
 ESTABLISH WINRM CONNECTION FOR USER: XXX on PORT  TO 
localhost
fatal: [XX.XX.XXX.XXX]: FAILED! => {"failed": true, "msg": "ERROR! ssl: 500 
WinRMTransport. Tunnel connection failed: 403 Forbidden"} 
--

Even though using local_action module, why does it try to connect to 
localhost with winrm?
How can I do so that LOCAL CONNECTION is used? (And not defining vars in 
inventory file.)


Thanks a lot for any help.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6080f427-59c9-4153-b47d-140370b99c3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible commands are not working in a fresh Ubuntu installation

[Benjamin Redling]

On 03/22/2016 01:33, Gaya wrote:
> The installation was successful (I also tried an upgrade later). However 
> for some commands I run like "ansible -v", I get the following error and it 
> displays the help.
> 
> ERROR! Missing target hosts

Maybe you missed the first line were it shows you the syntax:
$ ansible
Usage: ansible  [options]
...


> I had the same error for "ansible --list-hosts all". Then I enabled a host 
> entry in /etc/ansible/hosts, and that command is working, showing the host 
> I enabled.

Have you read the fine manual?
http://docs.ansible.com/ansible/intro_getting_started.html


> I am new to Ansible and following a guide that was based on Ansible 1.9.*. 
> I understand that the current version is 2.*. I tried to Google for a 
> solution but couldn't find anything useful.

A solution for what? It's all fine.
The only problem is: you have to create a proper inventory file.
s. link to the docs

Regards,
Benjamin
-- 
FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html
vox: +49 3641 9 44323 | fax: +49 3641 9 44321

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/56F15952.5030009%40uni-jena.de.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: eos_command module waitfor - IP address in json structure

[Uditha Desilva]

It may need more protection for those quotes -- perhaps this?

   - "result[0].vrfs.default.routes[\'{{ route }}\'].hardwareProgrammed 
eq true"

>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f0171b26-e7bc-4d3a-a890-60b7cb88dc4a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible equivalent for puppet's fqdn_rand()

[Paul Tötterman]

https://gist.github.com/ptman/9bd8223272e2c0e27b2b

Cheers,
Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/856507b2-3eb7-42c4-bf46-b000e79e61cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] How not to deploy an old version of an ansible playbook?

[Guillaume Charhon]

Thank you Michel for your suggestions.

On Mon, Mar 21, 2016 at 12:39 PM, Michel blanc 
wrote:

> Le 21/03/2016 12:30, poiuytrez a écrit :
> > Hello,
> >
> > We are a team of 10 people. Our ansible playbooks are hosted on a git
> > repository. It happens that someone deploys an outdated version of a
> > playbook on machine because he forgot to do a git pull before deploying.
> > Do you have a strategy to avoid this issue?
>
>
> Hi Guillaume,
>
> I see two quick solutions:
>
> - have people login to a bastion host which serves as a deployment
> machine (may be some 'git checkout && git pull' trick in .bashrc)
> - use tags, deploy a "version" file and do a "remote_tag |
> version_compare(current_tag, '>=')"; this woould involve some local
> tricks to get the latest tag (e.g. git describe --always --tag | cut -f
> 1 -d'-').
>
> However the latter is really workflow dependent, and requires some
> discipline setting tags (and thus might just move the problem elsewhere
> instead of fixing it).
>
> M
> --
> { :github => "@leucos", :twitter => "@b9m", :gpg => "0X24B35C22" }
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/IecbY7TS0wE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/56EFDD7A.3080600%40gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAAA%2BwSD%3DAxQ5R2EuneWFpOspqYSyjyOBqEgNPcjkkbY2k_ZWdQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: win_stat poses an error when i try to get info about a file symbolic link actively in use by a processor

[ishan jain]

I will try with the development branch and will post the results.
Do we have an official image of Ansible's latest devel branch on docker hub 
?

On Monday, 21 March 2016 19:19:11 UTC+5:30, J Hawkesworth wrote:
>
> It looks like a fix for this has already been made in latest development 
> version of ansible.
>
>
> https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/powershell.ps1#L214
>
> Are you able to try latest development version?
>
> Jon
>
>
> On Monday, 21 March 2016 05:48:53 UTC, ishan jain wrote:
>>
>> I am trying to check if some symbolic links exists or not on a windows 
>> 2012 R2 machine using win_file module. It works fine in case of directory 
>> symbolic links but poses an error when the path specified is a file 
>> symbolic link that is actively being used by a process. This link is a link 
>> to jar file and here is what i am using in ansible:
>>
>> win_stat: path=E:\folder\link2\some_dir\link3.jar
>>
>> I get the following error because the file is actively in use:
>>
>> "msg": {
>> "changed": false,
>> "exception": "At 
>> C:\\Users\\Ishan\\AppData\\Local\\Temp\\ansible-tmp-1458122016.24-112690440585191\\win_stat.ps1:231
>>  
>> char:9\r\n+ $fp = [System.IO.File]::Open($path, 
>> [System.IO.Filemode]::Open, [System. ...\r\n+ 
>> ",
>> "failed": true,
>> "msg": "Exception calling \"Open\" with \"3\" argument(s): \"The 
>> process cannot access the file 'E:\\folder\\link2\\some_dir\\link3.jar' 
>> because it is being used by another process.\""
>> }
>>
>> The script i am writing will need to check if a sym link exists and most 
>> of the time it will check that on an active jar file link. How can i make 
>> it not pose an error ?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a84427c0-5d51-468e-94aa-805a0ed7d9db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.