date:20160525

I'd recommend handling it much the same way I recommend handling users.
Create a var containing the rules and state of the rule.  And have it loop
using with_items.  Something like:

ufw_rules:
- port: 22
  rule: allow
  proto: tcp
- port: 80
  delete: yes
  rule: allow
  proto: tcp

and then a task like:

ufw:
port: "{{ item.port }}"
rule: "{{ item.rule }}"
proto: "{{ item.proto }}"
delete: "{{ item.delete|default(omit) }}"
with_items: "{{ ufw_rules }}"

In the above, if delete is specified it is used, otherwise, if missing that
param is omitted.  This is effectively how we handle this today.

On Wed, May 25, 2016 at 12:49 PM, Guy Knights  wrote:

> Does anyone have a solution for dealing with changes to UFW rules in
> Ansible? The issue is that occasionally, I have to change a rule in some
> way (change IPs/networks, change port) but the old rule still remains. I
> could add a separate, special rule to delete the old version but that seems
> overly fiddly to me.
>
> When I was first playing around with this, I did have a rule at the
> beginning of my firewall playbook that reset UFW on every run before
> applying the rule tasks but I decided to remove it because it seems like
> the wrong approach.
>
> Thanks,
> Guy
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CANNH9mvSrq%3DYNnN%3DNUTb0vz3Qoadu4yQ2pSTia7Jx2Rbk2c76g%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v-fbk_hDfyyFqWVW-YSM9bgy_k4tBRDRwBG8EOA2K6tHA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Changing UFW rules

2016-05-25 Thread Guy Knights

Does anyone have a solution for dealing with changes to UFW rules in
Ansible? The issue is that occasionally, I have to change a rule in some
way (change IPs/networks, change port) but the old rule still remains. I
could add a separate, special rule to delete the old version but that seems
overly fiddly to me.

When I was first playing around with this, I did have a rule at the
beginning of my firewall playbook that reset UFW on every run before
applying the rule tasks but I decided to remove it because it seems like
the wrong approach.

Thanks,
Guy

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANNH9mvSrq%3DYNnN%3DNUTb0vz3Qoadu4yQ2pSTia7Jx2Rbk2c76g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: use item in a template

It seems as though your `with_items` on your `template` task is indented
too far.  It should be indented to the same level as the word `template`.
Just like you have it for your debug command.

On Wed, May 25, 2016 at 11:34 AM, Anoop Alias 
wrote:

> As an update the problem seem to be somewhere in the template module as it
> shows the same error even after I remove the variable item from the jinja2
> template
>
> ---
>
>
> - name: Install and setup unison in nDeploy cluster master
>   file: path=/root/.unison state=directory
>
> - name: debug this
>   debug: "{{ item }}"
>   with_items: "{{ groups['ndeployslaves'] }}"
>
> - name: create the unison preference file
>   template:
> src: default.prf.j2
> dest: "/root/.unison/{{ item }}.prf"
> with_items: "{{ groups['ndeployslaves'] }}"
>
>
> The output is as below
>
> TASK [unison_master : debug this]
> **
> task path:
> /root/nDeploy/conf/nDeploy-cluster/roles/unison_master/tasks/main.yml:8
> ok: [127.0.0.1] => (item=cpanel.sysally.net) => {
> "invocation": {
> "module_args": {},
> "module_name": "debug"
> },
> "item": "cpanel.sysally.net",
> "msg": "Hello world!"
> }
>
> TASK [unison_master : create the unison preference file]
> ***
> task path:
> /root/nDeploy/conf/nDeploy-cluster/roles/unison_master/tasks/main.yml:12
> fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "'item' is
> undefined"}
>
>
>
>
> Note that default.prf.j2 does not contain any variables now.
>
> Thanks in advance for any help on this.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a6d87a6c-9305-4cd0-87dd-10d736160d15%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v_AHCVjhAfBQuDZJ23eVMBMfbNgKUTWsB0k9g6hH9gNEA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Help test WinRM updates for NTLM, kerb delegation

2016-05-25 Thread Matt Davis

Thanks- looking forward to it getting published to PyPI for real...

Due to something strange on pypi or pip, the new version of 
requests-kerberos needed by rc4 only gets picked up automatically by 
changing the install command to the following (using the /simple endpoints 
instead of /pypi):

pip install pywinrm[kerberos]==0.2rc4 -i https://testpypi.python.org/ 
simple --extra-index-url 
https://pypi.python.org/s imple

They tell me this shouldn't be an issue once we release to real PyPI, but I 
don't have the ability to do it without making my own version of it.

On Monday, May 23, 2016 at 5:53:32 PM UTC-7, Trond Hindenes wrote:
>
> Thanks for the updated instructions Jon, 
>
> Matt: great work! It feels way faster (esp against cloud servers)
>
> On Monday, May 23, 2016 at 5:50:26 PM UTC+2, J Hawkesworth wrote:
>>
>> Looks like there is a new version available (0.2rc4) in test pypi (which 
>> depends on updated requests-kerberos)
>>
>> I had to do the following to get it to install
>>
>>  pip install requests-kerberos --upgrade
>>  pip install pywinrm[kerberos]==0.2rc4 -i 
>> https://testpypi.python.org/pypi --extra-index-url 
>> https://pypi.python.org/pypi
>>
>> Enjoying the speed boost, looking forward to pushing this out past my 
>> test box.
>>
>> Jon
>>
>> On Wednesday, May 18, 2016 at 11:29:22 PM UTC+1, Matt Davis wrote:
>>>
>>> Awesome, thanks for poking at it! 
>>>
>>> Waiting for another requests-kerberos release to include a bugfix I made 
>>> for long-running kerberos ops (should happen today or tomorrow), and 
>>> Alexey's final code review on some Unicode issues I've been cleaning up. 
>>> I'd expect sometime in the next week or so. 
>>>
>>> On Wednesday, May 18, 2016 at 1:59:48 PM UTC-7, Mike Fennemore wrote:

 Looks pretty good so far, tried a few playbooks and the ntlm auth. So 
 far no issues. Any idea when the stable release is likely to be?




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/268069de-c355-410f-b64a-407501f570d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: use item in a template

2016-05-25 Thread Anoop Alias

As an update the problem seem to be somewhere in the template module as it 
shows the same error even after I remove the variable item from the jinja2 
template

---


- name: Install and setup unison in nDeploy cluster master
  file: path=/root/.unison state=directory

- name: debug this
  debug: "{{ item }}"
  with_items: "{{ groups['ndeployslaves'] }}"

- name: create the unison preference file
  template:
src: default.prf.j2
dest: "/root/.unison/{{ item }}.prf"
with_items: "{{ groups['ndeployslaves'] }}"


The output is as below

TASK [unison_master : debug this] 
**
task path: 
/root/nDeploy/conf/nDeploy-cluster/roles/unison_master/tasks/main.yml:8
ok: [127.0.0.1] => (item=cpanel.sysally.net) => {
"invocation": {
"module_args": {}, 
"module_name": "debug"
}, 
"item": "cpanel.sysally.net", 
"msg": "Hello world!"
}

TASK [unison_master : create the unison preference file] 
***
task path: 
/root/nDeploy/conf/nDeploy-cluster/roles/unison_master/tasks/main.yml:12
fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "'item' is 
undefined"}




Note that default.prf.j2 does not contain any variables now.

Thanks in advance for any help on this.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a6d87a6c-9305-4cd0-87dd-10d736160d15%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Error when using mysql_db to assign privileges in MySQL on RDS.

On 25.05.16 02:23 Daniel McQuillen wrote:

> However, when this play runs, Ansible fails with the following message:
> 
> failed: [localhost] => {"failed": true}
> 
> msg: (1045, "Access denied for user 'root'@'%' (using password: YES)")

This looks like your user root does not have the needed privileges to
grant privileges to other users.

Does this step work, if you do it manually?

Johannes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745C4DB.5070202%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[ansible-project] Re: [ansible-devel] Re: Ansible 2.1.0 RC4 is ready for testing

2016-05-25 Thread Toshio Kuratomi

Just an update for the mailing list -- we finished reviewing and merging
this too late for 2.1.0  but it is now merged into the stable-2.1 branch
for inclusion into 2.1.1.

-Toshio

On Mon, May 23, 2016 at 7:23 AM, Bernhard L.  wrote:

> Hi,
>>
>>
> It would be nice if this issue
> https://github.com/ansible/ansible-modules-extras/issues/2144 could be
> resolved before 2.1.0 gets released.
> There is already a pull request with the fix:
> https://github.com/ansible/ansible-modules-extras/pull/2149
> Otherwise the pkgutil-module would be unusable.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-devel+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAG9juEpwnP8u9sq%2Bgk1wsWWAcbO3z5KrsLCpFZixiLNLcYAeNw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible playbook help

On 24.05.16 17:33 aaron.truji...@total.care wrote:
> I am attempting to add a task within my playbook that alters a conf file. 
>  I want to add text within a selected line.  I don't want to delete the 
> line and then add the line back with the added text I need the line to 
> remain as I may add to it from other playbooks from time to time. 
>  Basically i am looking to take a line ABCDEFGH and add 123 between the D 
> and the H to become ABCD123EFGH  and then from another playbook add 456 to 
> look like ABCD123456EFGH, is this  possible?

If this does not work with the lineinfile module, there is always sed
(if the target is some kind of unix).

Johannes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745C3DD.90207%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[ansible-project] Re: Can't Use Standard become_method As Have To Use rootsh. Options?

2016-05-25 Thread Cristian Bratu

Hey Colin,

Have you had any luck with this? I'm running into some very similar issues. 

Thanks!

On Thursday, 10 March 2016 03:03:48 UTC-5, Colin Anderson wrote:
>
> Hi,
>
> The central IT function at my company allows developers root access to a 
> server for a short period of time to allow us to install any required 
> middelware and application software when we are commissioning a server. 
> I've been looking at using Ansible to automate this process to prevent user 
> errors and make the process more efficient. The problem that I've run into 
> is that they only allow root access using the following sudo call:
>
> sudo rootsh -i -u root
>
> This uses a logging shell wrapper, rootsh (man page 
> ), to log all terminal input and 
> output for audit purposes. We can't change this and it means we can't use 
> any of the standard become_methods that Ansible uses.
>
> Is there any way of adding a become_method to Ansible that would call the 
> above command instead of just sudo? Alternatively, is there anyway of 
> getting Ansible to run rootsh when it requests elevated privileges?
>
> I did try the following in the vain hope that it might work, but as I 
> feared, it failed:
>
> site.yml:
> ---
>   - hosts: vagrant-servers
> become: yes
> become_user: root
> become_method: sudo rootsh -i -u root
>
> roles:
>   - ansible-oracle-java-master
>
>
> Play output:
> vagrant@ansible-master:~$ ansible-playbook -i hosts site.yml
>
> PLAY 
> ***
>
> TASK [setup] 
> ***
> fatal: [10.10.1.4]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
> escalation method not found: sudo rootsh -i -u root"}
> fatal: [10.10.1.5]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
> escalation method not found: sudo rootsh -i -u root"}
> fatal: [10.10.1.6]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
> escalation method not found: sudo rootsh -i -u root"}
> fatal: [10.10.1.3]: FAILED! => {"failed": true, "msg": "ERROR! Privilege 
> escalation method not found: sudo rootsh -i -u root"}
>
> NO MORE HOSTS LEFT 
> *
>
> PLAY RECAP 
> *
> 10.10.1.3  : ok=0changed=0unreachable=0failed=
> 1
> 10.10.1.4  : ok=0changed=0unreachable=0failed=
> 1
> 10.10.1.5  : ok=0changed=0unreachable=0failed=
> 1
> 10.10.1.6  : ok=0changed=0unreachable=0failed=
> 1
>
> vagrant@ansible-master:~$
>
> Thanks,
> Colin.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e0bf0ff4-71a5-4fea-ba64-28da313dcf29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] role dependencies - path to parent role's templates folder

On 25.05.16 16:43 ProfHase wrote:

> Unfortunately the nginx role does not search in `templates` folder of the 
> `webapp1-role`

Maybe you can give a relative path to the template module. So from
your role nginx you need to set a path something like this:

template: src=../webapp1-role/templates/foobar

Johannes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745C349.9040601%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] Ansible 2.2 ios modules are failing with message "Failed to connect to the host via ssh."

2016-05-25 Thread Peter Sprygada


Add connection: local to your playbook

On 5/24/16 1:19 PM, davis mathew kuriakose wrote:

I'm not able to run ios_command module in Ansible 2.1 for executing
commands on my cisco routers.


I've written a playbook for testing ios_command module on cisco routers.

Following is the playbook I wrote


---
  - hosts: router2

   tasks:

 - ios_command:

username: cisco

password: cisco

# host: router2.3node.example.com

commands:

  - show version

register: output

 - debug: msg="Hello World! {{ output.stdout }}"


But the playbook fails with the following message :


*fatal: [router2.3node.example.com]: UNREACHABLE! => {"changed": false,
"msg": "Failed to connect to the host via ssh.", "unreachable": true}*


and value *unreachable=1*


Also find the output while run on debug mode




TASK [setup]
***

Using module file
/home/cisco/ansible_dev/ansible/lib/ansible/modules/core/system/setup.py

 ESTABLISH SSH CONNECTION FOR USER: None

 SSH: EXEC ssh -C -q -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10 -o
ControlPath=/home/cisco/.ansible/cp/ansible-ssh-%h-%p-%r
router2.3node.example.com '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo
$HOME/.ansible/tmp/ansible-tmp-1464109982.9-18150317646623 `" && echo
ansible-tmp-1464109982.9-18150317646623="` echo
$HOME/.ansible/tmp/ansible-tmp-1464109982.9-18150317646623 `" ) && sleep
0'"'"''



fatal: [router2.3node.example.com]: UNREACHABLE! => {"changed": false,
"msg": "Failed to connect to the host via ssh.", "unreachable": true}


Please let me know if someone has tried the same and solved this problem.

Thanks & Regards,
Davis



--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1c5d6e77-0a5c-f2ad-14d2-ebe7b57f2290%40ansible.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] append users to another group

You can retrieve members of a group using the `getent` module:
http://docs.ansible.com/ansible/getent_module.html

Such as:

- getent: database=group split=':' key=sudo
  register: sudo_users

- debug: var=sudo_users.getent_group.sudo[3]

The output should be a comma separated list.  You could make this an actual
python list using `sudo_users.getent_group.sudo[3].split(',')`


On Wed, May 25, 2016 at 5:00 AM, Marc Roelofs 
wrote:

> I am trying to figure out how to generate a list of users on a remote
> machine who are currently already a member of group A , and append them all
> to group B
> Is this possible ?
>
> Could not find a way to lookup existing users that are already a member of
> a group . I would like to be able to do this on different machines which
> have different users available , so creating a  list of users on my ansible
> management station and using it as input  is not an option
>
> Please advice
>
> Best Marc
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/30cab7f7-39ca-4591-8024-2863d59a776d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v8V68oiAwX21mt9N7VzHkuS3i-uf7SWWTTQWwLiPHJi6Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] how to use insertbefore/after correctly?

On 24.05.16 20:55 aaron.truji...@total.care wrote:
> lineinfile: dest=/etc/rsyslog.conf 
> insertafter="\*\.\*\;auth\,authpriv\.none" 
> regexp="\*\.\*\;auth\,authpriv\.none" line="Listen 8080"
> 
> The only thing that happens here is Listen 8080 replaces 
> the *.*;auth,authpriv.none line.  should it not be placing it after it???

I think you don't need the regexp, or rather the regexp should match
the line you are *inserting*. To let ansible know, if the line is
already in there.

Right now you are telling ansible to replace the line
...auth,authpriv... and insert the line after the line ...auth,authpriv...

Johannes


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745BCE3.1020607%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] .profile

On 25.05.16 16:23 fanvalt wrote:
> OK thank you but this set the environment variable on the server where the 
> playbook is run, I need the environment variables set on the target server 
> whe running shells because the .profile is not run when connected with ssh.

Oh, I did not know the environment is set on the controller. Sorry.

I think Werner's solution is pretty nice.

Johannes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745BB7D.4060200%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] Run custom lookups in a file a then copy this file to another destination

Custom lookup should still be invoked using the `lookup` function,
something like:

myproperty={{ lookup('my_custom_lookup', my_custom_var1) }}

And you would need to use the `template` module as a task to get that
templating to be run.  No need for copy, as template can handle a
destination.

On Wed, May 25, 2016 at 7:52 AM, mhh  wrote:

> Hello, is possible to run custom lookups in file and copy this file to
> another destionation just like in my example?
> Or is there any other approach to solve it?
> Thanks
>
>
> #/path/to/file.properties
>
>
> myproperty={{ my_custom_lookup('{{ my_custom_var1 }}') }}
> myproperty2={{ my_custom_lookup('{{ my_custom_var2 }}') }}
>
>
> ansible playbook play:
>
> - hosts: localhost
>   vars:
>   my_custom_var1: var1
>   my_custom_var2: var2
>
>   tasks:
> -run lookups in /path/to/file.properties and copy file to another
> destination
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/88286d38-edba-4ac0-b01d-56fc328b2a2b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v9RGc34KbVOrTbi7pT%2B68LjfdR9TXfNxqKNOJNPMOpQCQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Whitespace in comma-delimited lists

`groups` for the user module are handled differently than most other
modules allowing multiple values.  It explicitly requires a comma separated
string, and only splits on commas and doesn't strip the value.

It has been brought up before that the way it is handled is not ideal, but
never been fixed.  I'm not sure if there is a bug filed or not.

So right now, we'll just call it a "well known feature" ;)

But there are improvements that could be made.  Especially by setting that
parameter as a `list`, and not relying on a comma delimited string for
things.

On Tue, May 24, 2016 at 10:32 AM, Ricky  wrote:

> I was hunting down the cause to an error message I received when adding a
> user to some groups.
>
> - name: users | create app remote user
>>   user:
>> name: "{{ app_remote_user }}"
>> groups: adm, wheel
>> createhome: yes
>>
>>
>  The error message was:
>
> msg: Group  wheel does not exist
>
>
> This error message was not true in the sense that the target system
> definitely had a wheel group, but I noticed the extra space in the error
> message, so the fix was:
>
> - name: users | create app remote user
>>   user:
>> name: "{{ app_remote_user }}"
>> groups: adm,wheel
>> createhome: yes
>>
>>
>
> My question: Is this a bug in Ansible's interpretation of the groups
> parameter value?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/f2ecb455-7ca8-4e5e-b5af-a832c49868cb%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v9GK06k-TBFRo1OWfoSFzgquBTHNF_24V0iF%2Bn3Cuk3ew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] role dependencies - path to parent role's templates folder

2016-05-25 Thread ProfHase

I am deploying multiple web applications that all have 4 tasks in common:

- name: copy nginx conf
  template:
 src=nginx.conf
 dest=/etc/nginx/{{ inventory_hostname }}.conf

- enable nginx conf
  file:
state=link
  ...

- name: copy certs
  

- name: copy chain
  ...


To avoid this redundancy, I tried to define a meta role: `nginx` with the 
tasks above and set this role as dependency in every webapp role

# webapp1-role meta/main.yml

dependencies: {name: nginx, tags: [nginx]}

Unfortunately the nginx role does not search in `templates` folder of the 
`webapp1-role`

Does the `nginx` role somehow know about the role it is called with?
Or how would I prevent this redundancy?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/850e313f-2952-4922-b7ac-45f2f4efc729%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] use item in a template

2016-05-25 Thread Anoop Alias

cat main.yml

---

- name: Install and setup unison in nDeploy cluster master
  file: path=/root/.unison state=directory

- name: create the unison preference file
  template:
src: default.prf.j2
dest: /root/.unison/{{ item }}.prf
with_items: groups['ndeployslaves']


cat default.prf.j2
# Unison preferences file
root = /home
root = ssh://root@{{ item }}//home
ignore = Path virtfs
ignore = Path */mail



However the item does not seem to be available in the template and I am 
getting the following error
TASK [unison_master : create the unison prefrence file] 

fatal: [127.0.0.1]: FAILED! => {"failed": true, "msg": "'item' is 
undefined"}



In short:

How to get the value of item variable in the task in a jinja template 
referenced in the same task?

Thanks in advance.
Anoop


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/023bdf55-e8fd-4778-9820-7423eeafc0eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] .profile

OK thank you but this set the environment variable on the server where the 
playbook is run, I need the environment variables set on the target server 
whe running shells because the .profile is not run when connected with ssh.
So I cannot use your bypass solution

Le mercredi 25 mai 2016 15:06:40 UTC+2, Johannes Kastl a écrit :
>
> On 25.05.16 14:10 fanvalt wrote: 
> > What shall I try ? 
> > I don't understand how to add in the environment th eexecution of the 
> > .profile on the remote server ? 
>
> I would set the variables, that your .profile contains, in the 
> environment section, something like this (untested): 
>
> - hosts: all 
>   remote_user: root 
>   tasks: 
>   - name: Demarrage du server openhr 
> shell: /bin/ksh dispatcher.sh 
> environment: 
>   JAVA_HOME: /usr/bin/foobar/ 
>
> > I am a newby with ansible, I have not a clue to do so. 
>
> I also have never set the environment with ansible, so we're both 
> newbies... 
>
> Johannes 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8e971f13-bce4-4789-aa35-d236792bb584%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] how to use insertbefore/after correctly?

2016-05-25 Thread aaron . trujillo

lineinfile: dest=/etc/rsyslog.conf 
insertafter="\*\.\*\;auth\,authpriv\.none" 
regexp="\*\.\*\;auth\,authpriv\.none" line="Listen 8080"

The only thing that happens here is Listen 8080 replaces 
the *.*;auth,authpriv.none line.  should it not be placing it after it???

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7819567e-e5bc-4637-9ca7-8479029b2c0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: docker module requirements met, but ansible misses docker-py

2016-05-25 Thread Hadrien B.

Hi, 

I have the same issue. 
Any solution ?

Le vendredi 15 avril 2016 14:41:14 UTC+2, Goetz Leupold a écrit :
>
> Hello everybody,
>
> got 2 Servers with docker and ansible requirements to manipulate them. But 
> at server B , ansible doent find docker-py allthough it is installed. The 
> versions of the installed softwares differ, so i guess there is the problem.
>
> Server A(working):
> python2.7
> docker_py-1.7.2.egg-info
> Server:
>  Version:  1.10.3
>  API version:  1.22
>  Go version:   go1.5.3
>  Git commit:   20f81dd
>  Built:Thu Mar 10 15:48:06 2016
>  OS/Arch:  linux/amd64
>
> Server B(not working):
> python2.7
> docker_py-1.8.0.egg-info
> Server:
>  Version:  1.9.1
>  API version:  1.21
>  Go version:   go1.4.3
>  Git commit:   a34a1d5
>  Built:Fri Nov 20 17:56:04 UTC 2015
>  OS/Arch:  linux/amd64
>
> If i try then to start a container through ansible i got the error:
> fatal: [HOST]: FAILED! => {"changed": false, "failed": true, "msg": 
> "`docker-py` doesn't seem to be installed, but is required for the Ansible 
> Docker module."}
>
> Any ideas? If you need more specific information let me know and excuse my 
> bad english :D
>
> Greetings,
> Götz
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b57b40d5-3bcf-4fba-b9b7-f90b50facd62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Whitespace in comma-delimited lists

2016-05-25 Thread Ricky

I was hunting down the cause to an error message I received when adding a 
user to some groups.

- name: users | create app remote user
>   user:
> name: "{{ app_remote_user }}"
> groups: adm, wheel
> createhome: yes
>
>
 The error message was:

msg: Group  wheel does not exist


This error message was not true in the sense that the target system 
definitely had a wheel group, but I noticed the extra space in the error 
message, so the fix was:

- name: users | create app remote user
>   user:
> name: "{{ app_remote_user }}"
> groups: adm,wheel
> createhome: yes
>
>  

My question: Is this a bug in Ansible's interpretation of the groups 
parameter value?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f2ecb455-7ca8-4e5e-b5af-a832c49868cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Q: How to use "major" portion of {{ ansible_distribution_version }} for conditional imports?

2016-05-25 Thread einar . coutin

For anyone that sees this, I don't recommend it. There are synchronicity 
issues with installing redhat-lsb-core (for example) and actually accessing 
ansible_lsb. Unless your node ALREADY has lsb installed BEFORE you run the 
playbook you'll be risking the ansible_lsb throwing an undifined error. It 
doesn't matter whether you check if the binary is now on the node, or even 
if you use a wait_for or time command. It'll fail the playbook and only be 
available when you RErun the playbook.

On Friday, July 19, 2013 at 1:25:44 PM UTC-7, Stephen Fromm wrote:
>
> An alternative is to install lsb utility (redhat-lsb on redhat-ish 
> distros) and use {{ ansible_lsb.major_release }}.  ansible_lsb looks like:
>
> "ansible_lsb": {
> "codename": "Santiago", 
> "description": "Red Hat Enterprise Linux Server release 6.4 
> (Santiago)", 
> "id": "RedHatEnterpriseServer", 
> "major_release": "6", 
> "release": "6.4"
> }, 
>
> sf
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/63e35b62-dc62-4a33-99c5-ec1580969a11%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Get result content of ansible.playbook Playbook in python

2016-05-25 Thread evelastlast

Hello,

I have a playbook.yml which outputs password, please see this task:

tasks:

- name: get
  command: echo {{ test_password }}
  register: result

- debug: var=result.stdout_lines


I run this playbook in python script:

def run_playbook():
stats = callbacks.AggregateStats()
playbook_cb = callbacks.PlaybookCallbacks(
  verbose=ansible.utils.VERBOSITY)
runner_cb = callbacks.PlaybookRunnerCallbacks(
  stats, verbose=ansible.utils.VERBOSITY)
pb = PlayBook(playbook='playbook.yml',
  stats=stats,
  callbacks=playbook_cb,
  runner_callbacks=runner_cb,
  check=True,
  vault_password='abcd')
pb.run()

Print pb

returns an object, but I fail to figure out how to return the content of 
password so I can use it in the python script for the authentication.
Any ideas?


Thanks in advance,
Eve

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eaf47962-ac6d-45e5-9572-95b38f2cec09%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Run custom lookups in a file a then copy this file to another destination

2016-05-25 Thread mhh

Hello, is possible to run custom lookups in file and copy this file to 
another destionation just like in my example?
Or is there any other approach to solve it?
Thanks


#/path/to/file.properties


myproperty={{ my_custom_lookup('{{ my_custom_var1 }}') }}
myproperty2={{ my_custom_lookup('{{ my_custom_var2 }}') }}


ansible playbook play:

- hosts: localhost
  vars:
  my_custom_var1: var1 
  my_custom_var2: var2

  tasks:
-run lookups in /path/to/file.properties and copy file to another 
destination

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/88286d38-edba-4ac0-b01d-56fc328b2a2b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible tries to parse files in /host_vars and /host_vars even if they don't exist

2016-05-25 Thread saraiva . joao

Hi,

I'm using dynamic inventory and I pull the host list/groups from an 
external source (anonymous ldap query to freeipa). I have no host_vars 
directories but every time I run ansible it tries to read the .yml, .yaml, 
.json for each host returned from the external source. I understand that 
every file in the host_vars directories has to be parsed, it's just the way 
ansible works, but in case the host_vars directories don't exist, shouldn't 
ansible not look for any files there? Just stating all those non existent 
files makes the process very slow.

Ex:
stat("/opt/ansible/plugins/inventory", {st_mode=S_IFDIR|0755, st_size=4096, 
...}) = 0
stat("/opt/ansible/plugins/inventory", {st_mode=S_IFDIR|0755, st_size=4096, 
...}) = 0
stat("/opt/ansible/plugins/inventory/host_vars/host1.testdomain", 
0x7ffeb541cf00) = -1 ENOENT (No such file or directory)
stat("/opt/ansible/plugins/inventory/host_vars/host1.testdomain", 
0x7ffeb541cf00) = -1 ENOENT (No such file or directory)
stat("/opt/ansible/plugins/inventory/host_vars/host1.testdomain.yml", 
0x7ffeb541cf00) = -1 ENOENT (No such file or directory)
stat("/opt/ansible/plugins/inventory/host_vars/host1.testdomain.yaml", 
0x7ffeb541cf00) = -1 ENOENT (No such file or directory)
stat("/opt/ansible/plugins/inventory/host_vars/host1.testdomain.json", 
0x7ffeb541cf00) = -1 ENOENT (No such file or directory)
stat("./", {st_mode=S_IFDIR|0700, st_size=1024, ...}) = 0
getcwd("/home/ansible", 1026)   = 14
stat("/home/ansible/host_vars/host1.testdomain", 0x7ffeb541cf00) = -1 
ENOENT (No such file or directory)
stat("/home/ansible/host_vars/host1.testdomain", 0x7ffeb541cf00) = -1 
ENOENT (No such file or directory)
stat("/home/ansible/host_vars/host1.testdomain.yml", 0x7ffeb541cf00) = -1 
ENOENT (No such file or directory)
stat("/home/ansible/host_vars/host1.testdomain.yaml", 0x7ffeb541cf00) = -1 
ENOENT (No such file or directory)
stat("/home/ansible/host_vars/host1.testdomain.json", 0x7ffeb541cf00) = -1 
ENOENT (No such file or directory)

Has anyone stumbled upon this?

Tks
JS

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ec86bef3-0c55-4bcd-9b59-94aa9c71778f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Template problem with bash array length syntax

2016-05-25 Thread einar . coutin

It gets even more interesting if you get something like this:
define('AUTH_KEY', 'TccKCkdkq.}]I]I?$(.R@L)ASUysg% 
AB(a5j+`A8_ra6Vu7D*h2Q]||}.{*#*b}5Xq'*);*

Because the ; makes the engine throw this error:
expected token 'end of print statement', got ';'

On Wednesday, August 14, 2013 at 8:48:22 AM UTC-7, Brian Coca wrote:
>
> {#  #} is a jinja comment tag which is why it is gettitng confused here
> try:
> {{ '${#ArrayName[@]}' }} 
>
>
> On Wed, Aug 14, 2013 at 11:41 AM, Dmitry Horbach  > wrote:
>
>> Hi,
>>
>> Having simple template file with bash valid content like:
>>
>> ${#ArrayName[@]}
>>
>>
>> will break template module:
>>
>> - template: src=template dest=template2
>>
>> TASK: [template src=template dest=template2] 
>> ** 
>> fatal: [127.0.0.1] => {'msg': 'Missing end of comment tag', 'failed': 
>> True}
>> fatal: [127.0.0.1] => {'msg': 'Missing end of comment tag', 'failed': 
>> True}
>>
>> Is there any workaround for this?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>  
>>  
>>
>
>
>
> -- 
> Brian Coca
> Stultorum infinitus est numerus
>
> 0111011100100110010101101110001001110111011000010110011101010010011100110110110101110111001001110111
> Pedo mellon a minno
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0c9420f7-74d3-4aaf-a037-38b012001df3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Error when using mysql_db to assign privileges in MySQL on RDS.

2016-05-25 Thread Daniel McQuillen

Hi all,

I've been working with Ansible as I try to set up a specific configuration 
for Open EdX (the open source MOOC) to work with MySQL hosted by Amazon's 
RDS service.

At one point in the Open EdX ansible plays, it tries to create an "admin" 
user and assign "CREATE USER" privileges to it

mysql_user:
  name: "admin"
  password: "some password for admin user"
  priv: "*.*:CREATE USER"
  login_host: "some RDS Mysql host url"
  login_user: "some root user"
  login_password: "some root password"


However, when this play runs, Ansible fails with the following message:

failed: [localhost] => {"failed": true}

msg: (1045, "Access denied for user 'root'@'%' (using password: YES)")


FATAL: all hosts have already failed -- aborting


I then read that when using Ansible with RDS, you can't use the *.* 
selection mechanism, but rather have to use %.* ... and I've used that 
successfully in another part of the Ansible script to assign ALL privileges.

But when I update this play to have  priv: "%.*:CREATE USER" I then get the 
error

failed: [localhost] => {"failed": true}

msg: (1221, 'Incorrect usage of DB GRANT and GLOBAL PRIVILEGES')


FATAL: all hosts have already failed -- aborting


Any thoughts on assigning CREATE USER privileges to a user in RDS via 
Ansible?

Thanks.

Daniel

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2b2f7bee-4756-4c6d-97e0-2b7aab6cb52c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible 2.2 ios modules are failing with message "Failed to connect to the host via ssh."

2016-05-25 Thread davis mathew kuriakose

I'm not able to run ios_command module in Ansible 2.1 for executing 
commands on my cisco routers.


I've written a playbook for testing ios_command module on cisco routers.

Following is the playbook I wrote 


---
  - hosts: router2

   tasks:

 - ios_command:

username: cisco

password: cisco

# host: router2.3node.example.com

commands:

  - show version

register: output

 - debug: msg="Hello World! {{ output.stdout }}"


But the playbook fails with the following message :


*fatal: [router2.3node.example.com]: UNREACHABLE! => {"changed": false, 
"msg": "Failed to connect to the host via ssh.", "unreachable": true}*


and value *unreachable=1*


Also find the output while run on debug mode




TASK [setup] 
***

Using module file 
/home/cisco/ansible_dev/ansible/lib/ansible/modules/core/system/setup.py

 ESTABLISH SSH CONNECTION FOR USER: None

 SSH: EXEC ssh -C -q -o ControlMaster=auto -o 
ControlPersist=60s -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 -o 
ControlPath=/home/cisco/.ansible/cp/ansible-ssh-%h-%p-%r 
router2.3node.example.com '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo 
$HOME/.ansible/tmp/ansible-tmp-1464109982.9-18150317646623 `" && echo 
ansible-tmp-1464109982.9-18150317646623="` echo 
$HOME/.ansible/tmp/ansible-tmp-1464109982.9-18150317646623 `" ) && sleep 
0'"'"''



fatal: [router2.3node.example.com]: UNREACHABLE! => {"changed": false, 
"msg": "Failed to connect to the host via ssh.", "unreachable": true}


Please let me know if someone has tried the same and solved this problem.

Thanks & Regards,
Davis

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3ce28c51-314e-48d3-89c7-7bf3e93374b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] append users to another group

2016-05-25 Thread Marc Roelofs

I am trying to figure out how to generate a list of users on a remote 
machine who are currently already a member of group A , and append them all 
to group B 
Is this possible ? 

Could not find a way to lookup existing users that are already a member of 
a group . I would like to be able to do this on different machines which 
have different users available , so creating a  list of users on my ansible 
management station and using it as input  is not an option 

Please advice 

Best Marc 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/30cab7f7-39ca-4591-8024-2863d59a776d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] .profile

2016-05-25 Thread Werner Flamme

fanvalt [25.05.2016 14:10]:
> What shall I try ?
> I don't understand how to add in the environment th eexecution of the 
> .profile on the remote server ?
> I am a newby with ansible, I have not a clue to do so.

You can write a shell script that consists of
- the setting of the environment variable
- the desired action

For example, this script can contain three lines:

#!/bin/ksh
. /root/.profile
/usr/local/bin/dispatcher.sh

You call this script instead of dispatcher.sh directly, like

- name: Demarrage du server openhr
  shell: /bin/ksh /usr/local/bin/mynewscript.sh

Of course you should adapt all file names and paths according to your
system :)

HTH,
Werner

-- 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/33927e1e-bd3b-63be-0403-5f522f40ada8%40ufz.de.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[ansible-project] Ansible playbook help

2016-05-25 Thread aaron . trujillo

I am attempting to add a task within my playbook that alters a conf file. 
 I want to add text within a selected line.  I don't want to delete the 
line and then add the line back with the added text I need the line to 
remain as I may add to it from other playbooks from time to time. 
 Basically i am looking to take a line ABCDEFGH and add 123 between the D 
and the H to become ABCD123EFGH  and then from another playbook add 456 to 
look like ABCD123456EFGH, is this  possible?
Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f601389b-42ad-4b76-bc27-30a09c0dc49c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible 2.1.0.0-1 FINAL has been released!

On 25.05.16 15:50 James Cammarata wrote:
> Hi all, we're very happy to announce that Ansible 2.1 has been released!

Any big differences to 2.1 rc4?

And, by the way, niiice!

Johannes


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745AF26.5080205%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[ansible-project] Ansible 2.1.0.0-1 FINAL has been released!

2016-05-25 Thread James Cammarata

Hi all, we're very happy to announce that Ansible 2.1 has been released!

On the networking front, we’ve included managing networking infrastructure
as first-order feature set in Ansible--no separate download required. We
previously released the Networking tech preview in February at AnsibleFest
in London, and now it is fully integrated into Ansible as part of 2.1
Ansible’s agentless model works particularly well in the network management
space, and with a lot of help and support from the vendors, we are very
pleased to have our first major release with support for these features.
Networking now includes support for:

- Cisco
- HP Enterprise
- Juniper
- Arista Networks
- Cumulus Networks

In the Microsoft world, we significantly upped our game for both Windows
and Azure Cloud. We’re happy to take the beta tag off of our Windows
support, and make it a fully supported part of the Ansible automation
platform. As part of this effort, we’ve engaged more deeply with the
pywinrm project team and others to add support for NTLM and Kerberos
delegation. NTLM makes managing domain resources much easier, since domain
users can authenticate with just a username and password, which is enabled
by default in WinRM. Kerberos delegation allows for easy domain-based
multi-hop management (eg, accessing file shares and SQL Server databases
with domain credentials). For Azure, we’ve added a full suite of modules,
as well as an inventory script that targets the new Azure Resource Manager
API. The new modules allow first-class management of most basic resource
types (eg, virtual networks, storage accounts, NICs, virtual machines), as
well as deployment of Azure Resource Manager templates. We’ve also built a
shared framework for supporting new Azure resource types, so it’s much
easier for the Ansible community to keep up with changes to the Azure
platform, and to wrap custom resources in Ansible modules.

On the containers front, our focus for this release is to further mature
our Docker support, with a large effort in making it simple to manage and
scale Docker infrastructure--especially as it relates to your overall
infrastructure. We really focused on our core mission of “radically simple
automation,” and I think we’ve done well. Here are some basics about what’s
new in container-world:

- docker_service: Allows users to consumer Docker Compose and manage and
scale multiple services in a standalone environment or Docker Swarm.

In addition to all of these new features, many improvements have been made
to fix backwards compatibility issues with 1.9, so the transition to 2.1
should be a bit smoother for many users.

As always, this update is available via PyPi and releases.ansible.com now,
and packages for distros will be available as soon as possible.

James Cammarata

Ansible Lead/Sr. Principal Software Engineer
Ansible by Red Hat
twitter: @thejimic, github: jimi-c

--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAMFyvFhDLHDLeVj98XSDgHjz52rysSc%2B8jP_rTxJJ7Ba1vi6HA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Group vars lookup pipe

On 24.05.16 16:12 Meher Garda wrote:

> fatal: [localhost] => Failed to template {{stime}}: Failed to template 
> {{lookup('pipe','date +%Y-%m-%dT%H:%M:%SZ -d '+{{ scheduletime }}+'')}}: 
> template error while templating string: expected token ':', got '}'

Try escaping the single quotes and the colons.

Maybe run the task without using the variable, and just put a sample
value after the ...-d '+... Maybe you might need to quote that value
or escape it somehow. Finding out is easier without using a variable.

Johannes


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745ABD1.6050204%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] Re: Upgrading to Ansible 2 break EC2 inventory groups augmentation

> On Thursday, April 21, 2016 at 10:27:54 AM UTC+3, Tzach Livyatan wrote:

>> As part of it, I'm defining extra groups in file inventories/ec2/hosts, 
>> for example:
>> [us-west-2]
>> [us_west_2:children]
>> us-west-2

Is there a typo? Or are you using the group name as child element for
another group? us-west-2 vs. us_west_2

>> Look like Ansible 2 does not use the groups defined in 
>> inventories/ec2/hosts.

What are the exact error messages? Maybe include some more debug tasks
to output the values.

You had a debug task in your mail, what was the output and was did you
expect to get?

Johannes


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745AAF1.9090801%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] .profile

On 25.05.16 14:10 fanvalt wrote:
> What shall I try ?
> I don't understand how to add in the environment th eexecution of the 
> .profile on the remote server ?

I would set the variables, that your .profile contains, in the
environment section, something like this (untested):

- hosts: all
  remote_user: root
  tasks:
  - name: Demarrage du server openhr
shell: /bin/ksh dispatcher.sh
environment:
  JAVA_HOME: /usr/bin/foobar/

> I am a newby with ansible, I have not a clue to do so.

I also have never set the environment with ansible, so we're both
newbies...

Johannes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5745A356.8030504%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[ansible-project] Re: Upgrading to Ansible 2 break EC2 inventory groups augmentation

2016-05-25 Thread Tzach Livyatan

Still struggling with this issue
Any lead will be appreciated

Thanks

On Thursday, April 21, 2016 at 10:27:54 AM UTC+3, Tzach Livyatan wrote:
>
> Hi
> I have a working play book in Ansible 1.9
> As part of it, I'm defining extra groups in file inventories/ec2/hosts, 
> for example:
> [us-west-2]
> [us_west_2:children]
> us-west-2
>
> In Ansible 1.9, I used this group as follow:
> 1. run the playbook with -i inventories/ec2/ prefix
> 2. use the group as follow:
>   - debug: msg="{{ hostvars[item].ec2_private_ip_address }}"
> with_items: groups.us_west_2
>
> ec2.py did not change, and still return
> ...
>   "us-west-2": [
> "54.213.157.131", 
> "54.191.215.128", 
> "54.186.93.200", 
> "54.186.40.39"
>   ], 
> ...
>
> Look like Ansible 2 does not use the groups defined in 
> inventories/ec2/hosts.
> Is it bug or a feature?
> any idea how to bypass this issue?
>
> Thanks
> Tzach
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/439d2f43-95c7-49a4-8c0a-8c7ca006c611%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] .profile

What shall I try ?
I don't understand how to add in the environment th eexecution of the 
.profile on the remote server ?
I am a newby with ansible, I have not a clue to do so.

Thank you

Le mercredi 25 mai 2016 13:40:34 UTC+2, Johannes Kastl a écrit :
>
> On 25.05.16 13:27 fanvalt wrote: 
> > thank you but my understanding is that environment is only to set proxy. 
>
> IMHO no. Why not have a try? 
>
> Johannes 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1bb83970-1f83-4ac4-b252-31dfcbc9dd63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] turn on boto debugging in Ansible (~/.boto)

2016-05-25 Thread Cos Bug

Hi All, 

Is there any way to turn on boto debugging for Ansible playbooks?

In user home directory I created .boto file with contents:

[Boto]
debug = 2

But Ansible doesn't pick it up though the python script which invokes boto 
prints the debug messages fine.

Any ideas?

Regards,
Constantin

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6ec591c8-8129-4ef1-b6e9-b543f33dacf6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] .profile

On 25.05.16 13:27 fanvalt wrote:
> thank you but my understanding is that environment is only to set proxy.

IMHO no. Why not have a try?

Johannes


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/57458F24.2000402%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [ansible-project] .profile

thank you but my understanding is that environment is only to set proxy.

Le mercredi 25 mai 2016 13:13:33 UTC+2, Johannes Kastl a écrit :
>
> On 25.05.16 13:06 fanvalt wrote: 
> > Hello, 
> > 
> > is it possible to run the .profile on the target server to be able to 
> run a 
> > shell using these env variables ? 
>
> I think that is what setting the environment is for. Ansible uses an 
> non-interactive shell. 
>
> From the docs: 
> - hosts: all 
>   remote_user: root 
>   tasks: 
> - apt: name=cobbler state=installed 
>   environment: 
> http_proxy: http://proxy.example.com:8080 
>
> https://docs.ansible.com/ansible/playbooks_environment.html 
>
> Johannes 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f9b52676-e2f3-4076-b87b-f0577d067fdf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] .profile

On 25.05.16 13:06 fanvalt wrote:
> Hello,
> 
> is it possible to run the .profile on the target server to be able to run a 
> shell using these env variables ?

I think that is what setting the environment is for. Ansible uses an
non-interactive shell.

>From the docs:
- hosts: all
  remote_user: root
  tasks:
- apt: name=cobbler state=installed
  environment:
http_proxy: http://proxy.example.com:8080

https://docs.ansible.com/ansible/playbooks_environment.html

Johannes

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/574588CE.4010302%40ojkastl.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[ansible-project] .profile