[ansible-project] Re: Newbie and seeing error on running yaml file to create switch config

2016-06-16 Thread Trond Hindenes 
To help get the indentation right, I rely on Visual Studio Code with the 
yaml 
extension 
https://marketplace.visualstudio.com/items?itemName=djabraham.vscode-yaml-validation



On Friday, June 17, 2016 at 7:04:33 AM UTC+2, ansnew...@gmail.com wrote:
>
> I still see the same error after correcting the indentation as shown below:
>
> more roles/tor/tasks/main.yml
> ---
> - name: Generate tor files
>   template: src=tor.j2 dest="{{ item.hostname }}.txt"
>   with_items:
> - hostname: nexus1
> - hostname: nexus2
>
> 
> ansible-playbook site.yml 
> ERROR! conflicting action statements
>
> The error appears to have been in 
> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
> 3, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ---
> - name: Generate tor files
>   ^ here
>
>
> The error appears to have been in 
> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
> 3, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ---
> - name: Generate tor files
>   ^ here
>
> Please advise
>
> Best,
> GP
>
>
> On Sunday, June 12, 2016 at 7:46:22 PM UTC-7, ansnew...@gmail.com wrote:
>>
>> Hi ,
>> I am a newbie to the ansible world and struggling with some errors  I am 
>> trying to create switch configs based on the following url:
>>
>> https://pynet.twb-tech.com/blog/ansible/ansible-cfg-template.html
>>
>> Whenever, I am running my yaml file, I see the following error:
>>
>> ERROR! conflicting action statements
>>
>> The error appears to have been in 
>> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
>> 5, but may
>> be elsewhere in the file depending on the exact syntax problem.
>>
>> The offending line appears to be:
>>
>> ---
>>   - name: Generate tor files
>> ^ here
>>
>>
>> The error appears to have been in 
>> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
>> 5, but may
>> be elsewhere in the file depending on the exact syntax problem.
>>
>> The offending line appears to be:
>>
>> ---
>>   - name: Generate tor files
>> ^ here
>>
>>
>> The file main.yml has the following contents:
>>
>> ---
>>   - name: Generate tor files
>> template: src=tor.j2 dest="{{ item.hostname }}.txt"
>> with_items:
>>  - hostname: nexus1
>>  - hostname: nexus2
>> ...
>>
>> Thanks
>> GP
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/80958f13-15c5-4c0d-923b-2518c5c15962%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Iterating over the output from vmware_guest_facts

2016-06-16 Thread Jeff Richards 
I'm trying to populate the in-memory inventory, for multiple VMs, using the 
output from vmware_guest_facts. So I have run vmware_guest_facts and 
registered the output into a var called vm_facts. I can see that the output 
contains facts for every VM, including the IP address, as expected.

I then try to add the ip address for each VM into the inventory, as follows:

- name: add the dhcp addresses to the inventory
  add_host: name="{{ hw_eth0.ipaddresses[0] }}" groups=dhcp_ips
  with_items:
- "{{ vm_facts }}"

But I only seem to be getting the IP address of the final VM in the 
inventory.

Any help on how I should be doing this would be greatly appreciated.

Jeff 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8e7b6888-6f70-4750-8fa9-6a11c971e207%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Newbie and seeing error on running yaml file to create switch config

2016-06-16 Thread ansnewbie2016 
I still see the same error after correcting the indentation as shown below:

more roles/tor/tasks/main.yml
---
- name: Generate tor files
  template: src=tor.j2 dest="{{ item.hostname }}.txt"
  with_items:
- hostname: nexus1
- hostname: nexus2


ansible-playbook site.yml 
ERROR! conflicting action statements

The error appears to have been in 
'/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---
- name: Generate tor files
  ^ here


The error appears to have been in 
'/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---
- name: Generate tor files
  ^ here

Please advise

Best,
GP


On Sunday, June 12, 2016 at 7:46:22 PM UTC-7, ansnew...@gmail.com wrote:
>
> Hi ,
> I am a newbie to the ansible world and struggling with some errors  I am 
> trying to create switch configs based on the following url:
>
> https://pynet.twb-tech.com/blog/ansible/ansible-cfg-template.html
>
> Whenever, I am running my yaml file, I see the following error:
>
> ERROR! conflicting action statements
>
> The error appears to have been in 
> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
> 5, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ---
>   - name: Generate tor files
> ^ here
>
>
> The error appears to have been in 
> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
> 5, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ---
>   - name: Generate tor files
> ^ here
>
>
> The file main.yml has the following contents:
>
> ---
>   - name: Generate tor files
> template: src=tor.j2 dest="{{ item.hostname }}.txt"
> with_items:
>  - hostname: nexus1
>  - hostname: nexus2
> ...
>
> Thanks
> GP
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/66c58ef6-7bbd-4a79-b194-5a93cd41444d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Newbie and seeing error on running yaml file to create switch config

2016-06-16 Thread ansnewbie2016 


On Sunday, June 12, 2016 at 7:46:22 PM UTC-7, ansnew...@gmail.com wrote:
>
> Hi ,
> I am a newbie to the ansible world and struggling with some errors  I am 
> trying to create switch configs based on the following url:
>
> https://pynet.twb-tech.com/blog/ansible/ansible-cfg-template.html
>
> Whenever, I am running my yaml file, I see the following error:
>
> ERROR! conflicting action statements
>
> The error appears to have been in 
> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
> 5, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ---
>   - name: Generate tor files
> ^ here
>
>
> The error appears to have been in 
> '/usr/share/ansible/NXS-TEMPLATE/roles/tor/tasks/main.yml': line 2, column 
> 5, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
> ---
>   - name: Generate tor files
> ^ here
>
>
> The file main.yml has the following contents:
>
> ---
>   - name: Generate tor files
> template: src=tor.j2 dest="{{ item.hostname }}.txt"
> with_items:
>  - hostname: nexus1
>  - hostname: nexus2
> ...
>
> Thanks
> GP
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7870799d-517d-476b-8252-08947bc236af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible support for pmrun in become_method

2016-06-16 Thread Jonathan Davila 
I've made a PR to support pmrun. Right now it is limited to pmrun 
invocation w/o password prompt.
https://github.com/ansible/ansible/pull/16336

On Friday, May 20, 2016 at 5:45:13 AM UTC-7, Taeho Kgil wrote:
>
> Hi, 
>
> Is there a plan to support pmrun options in the become_method for Ansible?
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20783709-a8ad-49ae-b93e-b495650f52b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] prompt for "SSH pasword"

2016-06-16 Thread Adam Morris 
What command are you using to run ansible?

I have a root ssh key shared out...
ssh client
works without a password, as does
ansible-playbook site.yml -l client

If one works and the other doesn't I would be curious about what your command 
is...

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c74abb96-c31b-4395-9771-d52cd80fe52f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible on 'brownfield' sites

2016-06-16 Thread Adam Morris 
I am currently concentrating on building the new systems all the same. If 
nothing else happens as the old systems are life cycled the new systems will 
take over.  

If I get to the point where I have spare time I will start slowly fixing the 
old systems.  One (or at least one batch) at a time.  I don't intend to modify 
everything but if I can take over the management of the basic infrastructure 
then at least that will be uniform across all systems.  DNS, NTP, monitoring, 
backups, SA accounts,...

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4aaa5546-c415-4d89-bccc-6a1d4865c86b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] How do I use a symbolic user for a remote ansible task?

2016-06-16 Thread Tim Daley 
I have the following snippet from my playbook. The hosts: substitutes just 
fine, but the user: gives "SSH Error: command-line line0: garbage at end of 
line; "{{ username }}". Is substitution of the user possible?

Enter code here...
- Other stuff

   - set_fact: username="user"

- name: gather facts
  hosts: "{{ aws_host_group }}"
  connections: ssh
  user: "{{ username }}"
  become: true
  vars:
- aws_host_group: "{{ aws_type + 'hosts' }}"
  pre_tasks:
- name: Yum Update
  yum: name='*' state=latest


if I delete the register and add the following to my vars: - username: user

The message changes to "SSH Error: command-line line0: garbage at end of 
line; "user".

This shows that there is at least partial substitution happening.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a9d48107-2cbb-4ef4-8ed1-b92e69066c77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Role dependencies gets skipped in ansible 2

2016-06-16 Thread amitk 
Hi,

I am also having slightly related problem.

My roles structure are as follows
 
role-main1/meta/main.yml
  ---
   dependencies:
  - { role: common }


role-main2/meta/main.yml
  ---
   dependencies:
  - { role: common }

Now I have a top level playbook which calls both these roles one after the 
another.
   main.yml
   ---
- role: role-main1
- role: role-main2
The problem is ansible is skipping common dependency in first role and 
installing in second role. Skip reason is "Conditional check failed". But I 
don't have any condition defined for this dependency. And same dependency 
gets executed in the second role.

The document says that ansible run in for the first role and skip it for 
second one. which is exactly what I want and this was working in 1.8.
Is anything changed in ansible 2.0? or it is possible some global condition 
is getting applied to this task? So far I am unable to find any global 
condition which will cause this.

On Tuesday, March 8, 2016 at 5:54:59 AM UTC-8, deep@gmail.com wrote:
>
> Hi,
>
> I was trying to upgrade from ansible 1.8.4 to ansible 2, and noticed that 
> some of my roles with meta dependencies stopped working.
>
> I have these roles
>
> role-main1/meta/main.yml
>
> ---
> dependencies:
>   - { role: role-dependency }
>
>
>
> role-main2/meta/main.yml
>
> ---
> dependencies:
>   - { role: role-dependency }
>
> role-dependency/meta/main.yml
>
> ---
>
> allow_duplicates: yes
>
>
> Now, I have a playbook which calls the roles role-main1 and role-main2 based 
> on some condition
>
> - { role: role-main1, when: (z1|bool) }
> - { role: role-main2, when: (z2|bool) }
>
>
> Everything works fine if both the conditions are met and both roles get called
>
> if z1=true z2=true 
>
> 1. role-dependency => executed
> 2. role-main1 => executed
> 3. role-dependency => executed
> 4. role-main2 => executed
>
>
> But if the first condition fails then the dependency fails to execute even 
> for the second role
>
> If z1=false z2=true
>
> 1. role-dependency => skipped
> 2. role-main1 =>  skipped
> 3. role-dependency => skipped   (We were expecting this to be executed)
> 4. role-main2 => executed
>
>
> This was working in my earlier version of ansible (1.8.4), I even tested it 
> in 1.9 version and it worked fine. It seems to be broken in ansible 2 series.
>
>
> Can someone help here.
>
>
> Thanks
>
> Deep
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4e9fba0e-4cfa-4b60-bc87-a3298343ecff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible “msg”: “Failed to find required executable pvs”

2016-06-16 Thread Tim Daley 


I'm using the following in Ansible 2.1 on OSX and getting the subject 
message:

lvg: vg=vgname pvs=pvname state=present

Bug? or what am I doing wrong.

This syntax was working OK with ansible 1.9.1

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/58f2a0dc-78cf-41f8-a7d4-6acca23a9932%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] vsphere_guest module and how to configure static IP

2016-06-16 Thread Jeff Richards 
Thanks Dann.

On Thursday, June 16, 2016 at 3:54:48 PM UTC-7, Dann Bohn wrote:
>
> while this approach probably works, i'm not sure how to help  you here. 
>
> what i typically do is use the add_host module. something like this:
>
> - name: some playbook that does things
>hosts: localhost
>connection: local
>
> ...
> ...
> ...
>
> tasks:
>   - name: add host to in memory inventory 
> add_host: hostname="new-vm{{some_var}}" ansible_ssh_host={{ 
> vmware_guest_facts['guest_primary_ipaddress']}} ansbile_ssh_port=22
>
> - name: some new playbook that does the work
>   hosts: "new-vm{{some_var}}
>   become: yes
>
>   tasks:
> - name: copy some file
>template: src={{src}} dest={{dest}}
>
>
> i typed this without checking it's yaml syntax etc, but should give you a 
> rough idea of the approach we use.
>
> Dann
>
>
>
>
>
>
> On Thu, Jun 16, 2016 at 6:34 PM, Jeff Richards  > wrote:
>
>> Hey Dann, I'm drawing a blank on the final piece in my puzzle here, maybe 
>> you can help(?). I've registered the vmware_guest_facts in a var and just 
>> want to iterate through it, for each hw_eth0.ipaddresses[0] ... e.g. this 
>> was my last (tortured) attempt:
>>
>> - name: copy new file into place
>>   delegate_to: "{{ item.[ {{ hw_eth0.ipaddresses[0] }} ] }}"
>>   template: src=xxx dest=/etc/xx 
>>   with_nested:
>>   - "{{ vmware_guest_facts }}"
>>   become: yes
>>
>> What's the best way of doing this?
>>
>> Jeff
>>
>>
>> On Wednesday, June 15, 2016 at 7:01:34 PM UTC-7, Dann Bohn wrote:
>>>
>>> Jeff,
>>> You need to send the clone operation an customization spec in order to 
>>> do guest customizations on a vSphere VM. This is not included in the 
>>> vsphere_guest module. 
>>>
>>> From what I can tell from reading the roadmap (
>>> https://github.com/ansible/ansible/blob/devel/docsite/rst/roadmap/ROADMAP_2_2.rs)
>>>  
>>> the ansible folks would like to add such features to vsphere_guest in the 
>>> 2.2 release.
>>>
>>> In the meantime, you can look at a module I wrote to accomplish this: 
>>> https://github.com/whereismyjetpack/ansible_vcenter_module. It allows 
>>> you to send specific guest customization parameters to the clone operation, 
>>> the module is not ansibly (one of the first complaints I got), and requires 
>>> pyvmomi instead of pysphere. I've been using this in production for a 
>>> little over a year.. feel free to contact me if you have any questions, and 
>>> time permitting i'll do my best to answer them. I've tested this code on 
>>> vSphere 5.5 and 6.0.
>>>
>>>
>>>
>>> Dann
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wednesday, June 15, 2016 at 4:03:11 PM UTC-4, Jeff Richards wrote:

 Brian, I already have VMware tools installed, what options does that 
 give me?

 Jeff

 On Wednesday, June 15, 2016 at 9:06:28 AM UTC-7, Brian Coca wrote:
>
> sadly vmware/vcenter gives no direct way to do this, you either need 
> to run a 'boot script' that does it or have the vmware guest tools 
> installed.
>
>
>
>
> -- 
> --
> Brian Coca
>
 -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/ansible-project/OFpCxHrmp6A/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to 
>> ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/4b863eca-8453-4f9b-bb8a-8d9d56673745%40googlegroups.com
>>  
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6cbe3032-aed8-4eb0-82ec-ec8f9bbba35c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] vsphere_guest module and how to configure static IP

2016-06-16 Thread dann bohn 
while this approach probably works, i'm not sure how to help  you here.

what i typically do is use the add_host module. something like this:

- name: some playbook that does things
   hosts: localhost
   connection: local

...
...
...

tasks:
  - name: add host to in memory inventory
add_host: hostname="new-vm{{some_var}}" ansible_ssh_host={{
vmware_guest_facts['guest_primary_ipaddress']}} ansbile_ssh_port=22

- name: some new playbook that does the work
  hosts: "new-vm{{some_var}}
  become: yes

  tasks:
- name: copy some file
   template: src={{src}} dest={{dest}}


i typed this without checking it's yaml syntax etc, but should give you a
rough idea of the approach we use.

Dann






On Thu, Jun 16, 2016 at 6:34 PM, Jeff Richards 
wrote:

> Hey Dann, I'm drawing a blank on the final piece in my puzzle here, maybe
> you can help(?). I've registered the vmware_guest_facts in a var and just
> want to iterate through it, for each hw_eth0.ipaddresses[0] ... e.g. this
> was my last (tortured) attempt:
>
> - name: copy new file into place
>   delegate_to: "{{ item.[ {{ hw_eth0.ipaddresses[0] }} ] }}"
>   template: src=xxx dest=/etc/xx
>   with_nested:
>   - "{{ vmware_guest_facts }}"
>   become: yes
>
> What's the best way of doing this?
>
> Jeff
>
>
> On Wednesday, June 15, 2016 at 7:01:34 PM UTC-7, Dann Bohn wrote:
>>
>> Jeff,
>> You need to send the clone operation an customization spec in order to do
>> guest customizations on a vSphere VM. This is not included in the
>> vsphere_guest module.
>>
>> From what I can tell from reading the roadmap (
>> https://github.com/ansible/ansible/blob/devel/docsite/rst/roadmap/ROADMAP_2_2.rs)
>> the ansible folks would like to add such features to vsphere_guest in the
>> 2.2 release.
>>
>> In the meantime, you can look at a module I wrote to accomplish this:
>> https://github.com/whereismyjetpack/ansible_vcenter_module. It allows
>> you to send specific guest customization parameters to the clone operation,
>> the module is not ansibly (one of the first complaints I got), and requires
>> pyvmomi instead of pysphere. I've been using this in production for a
>> little over a year.. feel free to contact me if you have any questions, and
>> time permitting i'll do my best to answer them. I've tested this code on
>> vSphere 5.5 and 6.0.
>>
>>
>>
>> Dann
>>
>>
>>
>>
>>
>>
>>
>> On Wednesday, June 15, 2016 at 4:03:11 PM UTC-4, Jeff Richards wrote:
>>>
>>> Brian, I already have VMware tools installed, what options does that
>>> give me?
>>>
>>> Jeff
>>>
>>> On Wednesday, June 15, 2016 at 9:06:28 AM UTC-7, Brian Coca wrote:

 sadly vmware/vcenter gives no direct way to do this, you either need to
 run a 'boot script' that does it or have the vmware guest tools installed.




 --
 --
 Brian Coca

>>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/OFpCxHrmp6A/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4b863eca-8453-4f9b-bb8a-8d9d56673745%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAB%2BbZBLDTJ1F%2Bwxu9R_HNDT_iCRmuOKoSGLqO3WD-_mDMuOsWg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] vsphere_guest module and how to configure static IP

2016-06-16 Thread Jeff Richards 
Hey Dann, I'm drawing a blank on the final piece in my puzzle here, maybe 
you can help(?). I've registered the vmware_guest_facts in a var and just 
want to iterate through it, for each hw_eth0.ipaddresses[0] ... e.g. this 
was my last (tortured) attempt:

- name: copy new file into place
  delegate_to: "{{ item.[ {{ hw_eth0.ipaddresses[0] }} ] }}"
  template: src=xxx dest=/etc/xx 
  with_nested:
  - "{{ vmware_guest_facts }}"
  become: yes

What's the best way of doing this?

Jeff


On Wednesday, June 15, 2016 at 7:01:34 PM UTC-7, Dann Bohn wrote:
>
> Jeff,
> You need to send the clone operation an customization spec in order to do 
> guest customizations on a vSphere VM. This is not included in the 
> vsphere_guest module. 
>
> From what I can tell from reading the roadmap (
> https://github.com/ansible/ansible/blob/devel/docsite/rst/roadmap/ROADMAP_2_2.rs)
>  
> the ansible folks would like to add such features to vsphere_guest in the 
> 2.2 release.
>
> In the meantime, you can look at a module I wrote to accomplish this: 
> https://github.com/whereismyjetpack/ansible_vcenter_module. It allows you 
> to send specific guest customization parameters to the clone operation, the 
> module is not ansibly (one of the first complaints I got), and requires 
> pyvmomi instead of pysphere. I've been using this in production for a 
> little over a year.. feel free to contact me if you have any questions, and 
> time permitting i'll do my best to answer them. I've tested this code on 
> vSphere 5.5 and 6.0.
>
>
>
> Dann
>
>
>
>
>
>
>
> On Wednesday, June 15, 2016 at 4:03:11 PM UTC-4, Jeff Richards wrote:
>>
>> Brian, I already have VMware tools installed, what options does that give 
>> me?
>>
>> Jeff
>>
>> On Wednesday, June 15, 2016 at 9:06:28 AM UTC-7, Brian Coca wrote:
>>>
>>> sadly vmware/vcenter gives no direct way to do this, you either need to 
>>> run a 'boot script' that does it or have the vmware guest tools installed.
>>>
>>>
>>>
>>>
>>> -- 
>>> --
>>> Brian Coca
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4b863eca-8453-4f9b-bb8a-8d9d56673745%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Weird: Passing variables to roles

2016-06-16 Thread Trond Hindenes 
I managed to at least get around the error:
The trick is to use "internal" variables inside the role which never get 
set outside the role. So if I have 2 "external" vars where the role wiill 
set some 3rd variable depending on those two, the trick is to not re-use 
the name of one of the two "external" ones. I've posted a working example 
of this here:

https://drive.google.com/file/d/0B81YECbGAyfWaW5rbVRQNlpQT2c/view?usp=sharing

It's a little bit of extra work really having to watch out for this but at 
least I got it working. I'd still consider it a bug tho.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ec45aeba-16e0-4970-83f8-6b1531072e6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Weird: Passing variables to roles

2016-06-16 Thread Trond Hindenes 
Jon (et al), I've created this playbook to distill my problem, available 
here:

https://drive.google.com/file/d/0B81YECbGAyfWaW5rbVRQNlpQT2c/view?usp=sharing

Same thing happens: Then the (previously undefined) variable "variable3" 
gets set using set_fact within a role, subsequent calls to that role is 
unable to pass another value for that var. Hopefully I'm doing something 
wrong, I really need this to work :-)

My output:

PLAY [test thing] 
**

TASK [myrole : print the thing] 

ok: [localhost] => {
"msg": "Print the var var1"
}

TASK [myrole : print the other thing (should skip)] 

skipping: [localhost]

TASK [myrole : set the other var] 
**
ok: [localhost]

TASK [myrole : print the third thing] 
**
ok: [localhost] => {
"msg": "Print the third var var3"
}

PLAY [test thing] 
**

TASK [myrole : print the thing] 

ok: [localhost] => {
"msg": "Print the var var1"
}

TASK [myrole : print the other thing (should skip)] 

skipping: [localhost]

TASK [myrole : set the other var] 
**
ok: [localhost]

TASK [myrole : print the third thing] 
**
ok: [localhost] => {
"msg": "Print the third var var3"
}

PLAY [test thing] 
**

TASK [myrole : print the thing] 

ok: [localhost] => {
"msg": "Print the var var1"
}

TASK [myrole : print the other thing (should skip)] 

skipping: [localhost]

TASK [myrole : set the other var] 
**
ok: [localhost]

TASK [myrole : print the third thing] 
**
ok: [localhost] => {
"msg": "Print the third var var3"
}

PLAY RECAP 
*
localhost  : ok=9changed=0unreachable=0failed=0 
  

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3e5cdbd9-a9bf-4d11-828c-f73fe9aa7bb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Weird: Passing variables to roles

2016-06-16 Thread Trond Hindenes 
Thanks Jon, I'll distill it a bit and see what I come up with.

On Thursday, June 16, 2016 at 9:45:43 AM UTC+2, J Hawkesworth wrote:
>
> That is very unexpected.
>
> I pass vars to the same role a lot, although in my case I am usually doing 
> it within the same play (as opposed to within a different play inside the 
> same playbook), and I almost always pass the vars in as -e (extra vars), 
> which from memory have highest precedence.
>
> Looking at your playbook I just wonder if there's something odd going on 
> to do with the type of the vars.  From memory yaml treats unquoted yes and 
> no as boolean true/false values, so it could be that the booleans aren't 
> getting passed as you'd expect but the strings are.
>
> Maybe it would be worth just experimenting and changing your role so it 
> expects a string for create_availability_set, quoting your "yes" and seeing 
> if that makes a difference.
>
> Feels like a bug to me though if that is the case.
>
> Jon
>
> On Wednesday, June 15, 2016 at 8:04:55 PM UTC+1, Trond Hindenes wrote:
>>
>> From what I can see, once a previously undefined variable has been set by 
>> a role, the calling playbook is unable to override it on subsequent calls.
>>
>> On Wednesday, June 15, 2016 at 8:29:17 PM UTC+2, Trond Hindenes wrote:
>>>
>>> Hi, 
>>> I have this weird situation where a role doesn't pick up configured 
>>> variables, hopefully someone can help me out. 
>>> This is parts of my playbook:
>>> -   name: Deploy Elasticsearch VMs
>>> hosts: localhost
>>> tags:
>>> - deploy
>>> vars:
>>> os_type: Windows
>>> public_ip: yes
>>> use_max_datadisks: True
>>> create_network_security_group: nsg_eslogging
>>> create_availability_set: yes
>>> add_to_adhoc_group: elasticsearch
>>>
>>> roles:
>>> - { role: customer_deploy_azurevm, vm_name: customer-prod-es1}
>>> - { role: customer_deploy_azurevm, vm_name: customer-prod-es2}
>>>
>>> -   name: Deploy logstash VMs
>>> hosts: localhost
>>> tags:
>>> - deploy
>>> vars:
>>> os_type: Windows
>>> public_ip: yes
>>> max_data_disk_count: 2
>>> create_network_security_group: nsg_logstash
>>> create_availability_set: yes
>>> availability_set_name: as-customer-prod-logstash
>>> add_to_adhoc_group: logstash
>>> roles:
>>> - { role: customer_deploy_azurevm, vm_name: customer-prod-ls1}
>>> - { role: customer_deploy_azurevm, vm_name: customer-prod-ls2}
>>>
>>> The weird thing that happens is that the second play's vms don't get the 
>>> correct availability set (availability_set_name), but they DO get the 
>>> correct nsg (create_network_security_group). The customer_deploy_azurevm 
>>> roles works so that if "create_availability_set" is true and 
>>> "availability_set_name" is not set, then an autogenerated availability set 
>>> name will be used. This variable seems to "linger" so that the following to 
>>> vms get the previous auto-generated availability set name (I can see this 
>>> if I dump all vars before I do anything else in the role)
>>>
>>> This seems completely weird to me. Am I doing something wrong, or is 
>>> this a bug?
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bd525900-741a-48fc-b514-26df134a0b6f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: HTTP: Disabled while configuring WinRM service

2016-06-16 Thread Trond Hindenes 
The "HTTPS Disabled" check was not written by me, that's been added later. 
It might not mean much, as it tests without explicit credentials.

The ultimate test is (still) to perform the following from another machine:

$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck 
-SkipRevocationCheck
New-PSSession -UseSSL -ComputerName  -SessionOption 
$httpsOptions -Credential (get-Credential) -Authentication Basic

And then type in the local user at the credential prompt 
(Administrator/MyPassword)

On Thursday, June 16, 2016 at 9:18:27 PM UTC+2, skinnedknuckles wrote:
>
> Control Node:
>
>- CentOS 7
>- Ansible 2.1
>- pywinrm version from May 19th, 2016
>
> Remote Node:
>
>- Windows 7
>- Powershell 3
>
> When I run Trond Hindenes powershell script 
> 
>  
> for setting up my windows remote node to connect with ansible I get the 
> following output.
>
> *VERBOSE: Verifying WinRM service.*
> *VERBOSE: Starting WinRM service.*
> *VERBOSE: PS Remoting is already enabled.*
> *VERBOSE: SSL listener is already active.*
> *VERBOSE: Basic auth is already enabled.*
> *VERBOSE: Firewall rule already exists to allow WinRM HTTPS.*
> *VERBOSE: HTTP: Enabled | HTTPS: Disabled*
> *VERBOSE: PS Remoting has been successfully configured for Ansible.*
>
> Why would HTTPS be disabled and how do I enable it?
>
> Here are my winrm service settings.
>
> PS C:\Users\ads-6999> winrm get winrm/config/service
> Service
> RootSDDL = 
> O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
> MaxConcurrentOperations = 4294967295
> MaxConcurrentOperationsPerUser = 1500
> EnumerationTimeoutms = 24
> MaxConnections = 300
> MaxPacketRetrievalTimeSeconds = 120
> AllowUnencrypted = false
> Auth
> Basic = true
> Kerberos = true
> Negotiate = true
> Certificate = true
> CredSSP = false
> CbtHardeningLevel = Relaxed
> DefaultPorts
> HTTP = 5985
> HTTPS = 5986
> IPv4Filter = *
> IPv6Filter = *
> EnableCompatibilityHttpListener = false
> EnableCompatibilityHttpsListener = false
> CertificateThumbprint
> AllowRemoteAccess = true
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/97b49edb-c96c-4603-b3c3-2a0301df718b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ec2 host variables lost with refresh_inventory

2016-06-16 Thread Jeff Hardy 
Hello all,

I have been working with a few different patterns for launching and 
configuring ec2 hosts, first with add_host, and more recently working with 
refresh_inventory.  The problem I am having is that all ec2_ host variables 
are lost with the introduction of the refresh_inventory task.  Sample 
playbook:

---
- hosts: localhost
  connection: local
  gather_facts: false
  roles:
- aws_ec2# standard ec2 deployment based on include vars
  tasks:
- meta: refresh_inventory

- hosts: tag_Name_somehosts
  tasks:
- debug: var=hostvars[inventory_hostname]
- debug: var=ec2_tag_Name

Running the playbook specifies an inventory directory, containing ec2.py, a 
static hosts laying out some groups, group_vars, etc:

ansible-playbook -i inventory ec2.yml

I can see in the debug output that the ec2 host variables are lacking, yet 
all the tag, instance, and sg-based groups exist.  This fact is also proven 
because the host declaration itself for the second play relies on one of 
those groups.  But the second task echoing out the ec2_tag_Name fails:

ok: [10.1.1.1] => {
"ec2_tag_Name": "VARIABLE IS NOT DEFINED!"
}

Of course if I leave off the refresh, the playbook will succeed and those 
variables exist, except for that very first run where the instances were 
not in inventory and the group does not exist:

PLAY [tag_Name_somehosts] **
skipping: no hosts matched

As an aside, when I introduced refresh_inventory to the typical add_host 
playbook pattern, that re-init of inventory seemed to eliminate the ad-hoc 
ec2launch group I had created (probably expected).

Ultimately, if any tasks or roles in the second post-ec2-provisioning play 
rely on ec2_* variables, I am afraid refresh_inventory is deleting them.  I 
flipped on and off gather_facts for the second play and it made no 
difference.

Has anyone else run into this or have an idea whether I should be doing 
something differently?  

-Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ebb64ed0-f8b6-4072-b8d5-3ec095620c44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] vsphere_guest module and how to configure static IP

2016-06-16 Thread Brian Coca 
We do have plans to create a new guest module that also use pyvimomi, all
modules should be using that library soon, also the inventory script, which
is in devel right now.


--
Brian Coca

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACVha7fVwO6HVLW5Q6%2B5biWhx0WwKnDjr-QiMwD%3DQvzBtOgvcA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] HTTP: Disabled while configuring WinRM service

2016-06-16 Thread skinnedknuckles 
Control Node:

   - CentOS 7
   - Ansible 2.1
   - pywinrm version from May 19th, 2016

Remote Node:

   - Windows 7
   - Powershell 3

When I run Trond Hindenes powershell script 

 
for setting up my windows remote node to connect with ansible I get the 
following output.

*VERBOSE: Verifying WinRM service.*
*VERBOSE: Starting WinRM service.*
*VERBOSE: PS Remoting is already enabled.*
*VERBOSE: SSL listener is already active.*
*VERBOSE: Basic auth is already enabled.*
*VERBOSE: Firewall rule already exists to allow WinRM HTTPS.*
*VERBOSE: HTTP: Enabled | HTTPS: Disabled*
*VERBOSE: PS Remoting has been successfully configured for Ansible.*

Why would HTTPS be disabled and how do I enable it?

Here are my winrm service settings.

PS C:\Users\ads-6999> winrm get winrm/config/service
Service
RootSDDL = 
O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 24
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8faa9110-2495-4b37-b067-64436150e293%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] vsphere_guest module and how to configure static IP

2016-06-16 Thread Jeff Richards 
Many thanks Dann, I'll take a look. Yes, looks like the Ansible guys are 
onto it. I'm just about at the end of my own hand-crafted solution right 
now. So I'll finish this off and take a look at your module afterwards.

Jeff

On Wednesday, June 15, 2016 at 7:01:34 PM UTC-7, Dann Bohn wrote:
>
> Jeff,
> You need to send the clone operation an customization spec in order to do 
> guest customizations on a vSphere VM. This is not included in the 
> vsphere_guest module. 
>
> From what I can tell from reading the roadmap (
> https://github.com/ansible/ansible/blob/devel/docsite/rst/roadmap/ROADMAP_2_2.rs
>  
> )
>  
> the ansible folks would like to add such features to vsphere_guest in the 
> 2.2 release.
>
> In the meantime, you can look at a module I wrote to accomplish this: 
> https://github.com/whereismyjetpack/ansible_vcenter_module. It allows you 
> to send specific guest customization parameters to the clone operation, the 
> module is not ansibly (one of the first complaints I got), and requires 
> pyvmomi instead of pysphere. I've been using this in production for a 
> little over a year.. feel free to contact me if you have any questions, and 
> time permitting i'll do my best to answer them. I've tested this code on 
> vSphere 5.5 and 6.0.
>
>
>
> Dann
>
>
>
>
>
>
>
> On Wednesday, June 15, 2016 at 4:03:11 PM UTC-4, Jeff Richards wrote:
>>
>> Brian, I already have VMware tools installed, what options does that give 
>> me?
>>
>> Jeff
>>
>> On Wednesday, June 15, 2016 at 9:06:28 AM UTC-7, Brian Coca wrote:
>>>
>>> sadly vmware/vcenter gives no direct way to do this, you either need to 
>>> run a 'boot script' that does it or have the vmware guest tools installed.
>>>
>>>
>>>
>>>
>>> -- 
>>> --
>>> Brian Coca
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/86b3111a-30d1-41aa-911c-1b327049babd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Parallel deployment issue

2016-06-16 Thread Alex Leonhardt 
In cloud land you could, in theory, have a lambda (or whatever comparable
GCE offers) that schedules a task/container that runs your playbook.. Fully
isolated, so one play won't kill another or prevent it from running.. That
way, you can scale it horizontally rather than vertically across many
(cheap) instances..

Just an idea..

Alex


On Thursday, 16 June 2016, oMgSufod  wrote:

> Hi,
>
> We are using Ansible to deploy a lot of differents services on a lot of
> servers.
>
> We developped a backend which is starting ansible playbook when the user
> send a rest request.
>
> In our project, we deploy entire platforms and we have a web GUI to
> monitor the deployment.
>
> As we need a "per service" or a "per host" granularity to get some
> informations during the deployment of each service ( success, failure, etc
> ), we decided to run one ansible-playbook process per inventory host, to be
> able to get the return code from each process in our manager.
>
> The problem is that when we deploy more than 20 servers, there is 20
> ansible-playbook parent processes and they are VERY resources consuming
> (load = 50) and then some processes are killed because of oom issues.
>
> So we decided to use the "strategy free" deployment to run only one
> playbook for all hosts, but then we lost the "per host" return code
> granularity and we really need this.
>
> We could add more CPU/RAM, but it doesn't seems to be a scalable solution.
>
> Our goal is to deploy 100+ hosts simultaneously in the fastest way.
>
> We don't want to wait the end of the playbook to detect errors on some
> hosts, we prefer to be able to detect errors as soon as possible to re-run
> only the failed hosts
>
> Is ansible tower solving this issue ? Else how could we solve this please
> ?
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com
> 
> .
> To post to this group, send email to ansible-project@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2a4364d0-8fcc-458b-acc2-2c3972254dd8%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACSH3Mt4cOz4jrjuVrBrW9Rh9vDZzhwz2qkL86xfE11OxHWysg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Parallel deployment issue

2016-06-16 Thread oMgSufod 
Hi,

We are using Ansible to deploy a lot of differents services on a lot of 
servers.

We developped a backend which is starting ansible playbook when the user 
send a rest request.

In our project, we deploy entire platforms and we have a web GUI to monitor 
the deployment.

As we need a "per service" or a "per host" granularity to get some 
informations during the deployment of each service ( success, failure, etc 
), we decided to run one ansible-playbook process per inventory host, to be 
able to get the return code from each process in our manager.

The problem is that when we deploy more than 20 servers, there is 20 
ansible-playbook parent processes and they are VERY resources consuming 
(load = 50) and then some processes are killed because of oom issues.

So we decided to use the "strategy free" deployment to run only one 
playbook for all hosts, but then we lost the "per host" return code 
granularity and we really need this.

We could add more CPU/RAM, but it doesn't seems to be a scalable solution.

Our goal is to deploy 100+ hosts simultaneously in the fastest way.

We don't want to wait the end of the playbook to detect errors on some 
hosts, we prefer to be able to detect errors as soon as possible to re-run 
only the failed hosts

Is ansible tower solving this issue ? Else how could we solve this please ? 

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2a4364d0-8fcc-458b-acc2-2c3972254dd8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] secrets and remote sites

2016-06-16 Thread pixel fairy 
If you want to keep secrets, and work on a mostly remote site, it seems you 
have a couple options.


   1. encrypt the vault with gpg and run from your (hopefully) safe laptop 
   and hope the connection is good
   2. run it in tmux at the remote site, but possibly expose your vault 
   credentials.


   - type a symmetric passphrase over ssh means keyboard timing attack. so 
   definitely not.
   - remote gpg management is a bit scary too. you may trust your co 
   workers, but you never know what their cats are up to.
   
keepassx can type into a window, so thats a possibility.


how do you all handle this?


For us the big problem is windows server(as usual), because they dont have 
ssh, and winrm is a mess.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cc02c69c-4060-4216-90e7-c2336bdc44ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] secrets and remote sites

2016-06-16 Thread pixel fairy 
If you want to keep secrets, and work on a mostly remote site, it seems you 
have a couple options.


   1. encrypt the vault with gpg and run from your (hopefully) safe laptop 
   and hope the connection is good
   2. run it in tmux at the remote site, but possibly expose your vault 
   credentials.


   - type the passphrase over ssh means keyboard timing attack. so 
   definitely not.
   - remote gpg management is a bit scary too. you may trust your co 
   workers, but you never know what their cat is up to.

keepassx can type into a window, so thats a possibility.


For us the big problem is windows server(as usual), because they dont have 
ssh. so cant just ssh -A and run a playbook that hits everything.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/73b83510-7451-45b1-afd4-acfa9fd63552%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible on 'brownfield' sites

2016-06-16 Thread pixel fairy 
if by nuke it from orbit you mean build a new, streamlined environment and 
wipe out the old one, thats my favorite approach.

On Thursday, June 16, 2016 at 5:15:38 AM UTC-7, Dick Davies wrote:
>
> I've had great success using Ansible to build up multiple environments 
> (devs, staging, prod) from kickstart to production, and I imagine 
> that's how most folks here would use it. 
>
> My current mission is to add some automation onto a lot of 'handbuilt' 
> environments that have grown up from scripts. As you'd expect, each 
> new environment has learned from the lessons of the previous one and 
> the scripts have evolved. 
>
> Unfortunately, that means each environment is different, sometimes 
> radically - not just in scale of a given service but often in the 
> presence or absence of it. There's a lot of commercial software 
> deployed too, which results in the inevitable "we don't have enough 
> licenses for $TECHNOLOGY to run it in all the dev. environments" and 
> more drift. 
>
> Basically "a maze of twisty environments, non alike" .. 
>
> I'm making some headway in getting inventories written up to at least 
> start to use adhoc tasks for some of the routine tasks. Next phase is 
> "roads and sewers" - fairly straightforward services that are simple 
> to setup but essential (e.g. NTP, SNMP, yum repos). 
>
> I'm hoping to tackle some of the inconsistencies with liberal use of 
> $inventory/group_vars folders to enable/disable roles based on where 
> I'm running. 
>
> I had a look around but haven't seen much discussion about 
> retrofitting Ansible to try to tame this kind of sprawl. Would be 
> interested in how others have tackled the challenge - "nuke the site 
> from orbit" and  "run away screaming" excluded. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d8cec7be-57b0-4c09-a883-7affa2f572ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: ansible on 'brownfield' sites

2016-06-16 Thread pixel fairy 
git(or vcs of choice) is your friend! now that thats out of the way,

we keep different inventory files for some stuff, and sometimes a vagrant 
file with its own inventory as "dev/test" for smaller or personal projects. 
one folder will have roles downloaded from galaxy. the others next to it 
have be for their own sections instead of one big ansible tree for 
everything. for example, all the routers and firewalls are in their own 
tree, so if you want to look at the changelog for those, its easy. so your 
tree could look like this. if you want to keep them all in one big 
repository, you'll probably want git submodules.

ansible
 |--roles
 |  |--jcarmack.doomserver
 |  |--jdoe.ircd
 |
 |--routers
 |  |--ansible.cfg
 |  |--inventory
 |  |--site.yml
 |  |--.git
 |
 |--production
 |  |--ansible.cfg
 |  |--inventory

On Thursday, June 16, 2016 at 5:15:38 AM UTC-7, Dick Davies wrote:
>
> I've had great success using Ansible to build up multiple environments 
> (devs, staging, prod) from kickstart to production, and I imagine 
> that's how most folks here would use it. 
>
> My current mission is to add some automation onto a lot of 'handbuilt' 
> environments that have grown up from scripts. As you'd expect, each 
> new environment has learned from the lessons of the previous one and 
> the scripts have evolved. 
>
> Unfortunately, that means each environment is different, sometimes 
> radically - not just in scale of a given service but often in the 
> presence or absence of it. There's a lot of commercial software 
> deployed too, which results in the inevitable "we don't have enough 
> licenses for $TECHNOLOGY to run it in all the dev. environments" and 
> more drift. 
>
> Basically "a maze of twisty environments, non alike" .. 
>
> I'm making some headway in getting inventories written up to at least 
> start to use adhoc tasks for some of the routine tasks. Next phase is 
> "roads and sewers" - fairly straightforward services that are simple 
> to setup but essential (e.g. NTP, SNMP, yum repos). 
>
> I'm hoping to tackle some of the inconsistencies with liberal use of 
> $inventory/group_vars folders to enable/disable roles based on where 
> I'm running. 
>
> I had a look around but haven't seen much discussion about 
> retrofitting Ansible to try to tame this kind of sprawl. Would be 
> interested in how others have tackled the challenge - "nuke the site 
> from orbit" and  "run away screaming" excluded. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5a75fbd3-1eaf-42d9-95ca-3f5cacb7cf60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible on 'brownfield' sites

2016-06-16 Thread Mark Janssen 
Mostly the way you seem to be doing it as well I guess... I have various
customers where I'm implementing ansible on existing infra.
I start with the basics, getting information on various systems and using
group_vars and host_vars to enable/disable bits of configuration from
ansible. Lots of running ansible with --check and --diff on small sets of
hosts and trying to minimize (functional) diffs.
Then slowly getting the systems all in line with eachother.

Greenfields would be nice but most customers aren't up for it but
it's fine either way.

On Thu, Jun 16, 2016 at 2:15 PM, Dick Davies  wrote:

> I've had great success using Ansible to build up multiple environments
> (devs, staging, prod) from kickstart to production, and I imagine
> that's how most folks here would use it.
>
> My current mission is to add some automation onto a lot of 'handbuilt'
> environments that have grown up from scripts. As you'd expect, each
> new environment has learned from the lessons of the previous one and
> the scripts have evolved.
>
> Unfortunately, that means each environment is different, sometimes
> radically - not just in scale of a given service but often in the
> presence or absence of it. There's a lot of commercial software
> deployed too, which results in the inevitable "we don't have enough
> licenses for $TECHNOLOGY to run it in all the dev. environments" and
> more drift.
>
> Basically "a maze of twisty environments, non alike" ..
>
> I'm making some headway in getting inventories written up to at least
> start to use adhoc tasks for some of the routine tasks. Next phase is
> "roads and sewers" - fairly straightforward services that are simple
> to setup but essential (e.g. NTP, SNMP, yum repos).
>
> I'm hoping to tackle some of the inconsistencies with liberal use of
> $inventory/group_vars folders to enable/disable roles based on where
> I'm running.
>
> I had a look around but haven't seen much discussion about
> retrofitting Ansible to try to tame this kind of sprawl. Would be
> interested in how others have tackled the challenge - "nuke the site
> from orbit" and  "run away screaming" excluded.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAK5eLPQao_NYjxGxU4eB0hkuGJifWSbTr7pm2HYYar9d%2BrOS1g%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Mark Janssen  --  maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKs9mshmRGOkWVjBuD4rGKNvvU4jdtGTN%3D9xn%3Dy4Q%2B32jUO4-w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Running local play with winrm config

2016-06-16 Thread Jordan Borean 
Thanks for the suggestion, the trouble I am having is that I want to create the 
instance from ec2 and all my hosts are gotten dynamically. Are you suggesting I 
split up my config so the aws variables are in one file and then my tagged 
application details are in another which contains the connection details. Is 
there a better way to do it as I feel like maintaining multiple config files 
can get difficult as it grows in the future.

Thanks

Jordan 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e18444cf-f3b4-4bf9-9e82-4b81f7faf82c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Running local play with winrm config

2016-06-16 Thread 'J Hawkesworth' via Ansible Project 
I think you should set up your inventory in a manner similar to what is 
described in the windows introduction.

http://docs.ansible.com/ansible/intro_windows.html#inventory

put the windows-specific connection vars into a group and then when you 
want to do things to a windows host, use the windows group name for the 
hosts: line in your play.

By doing

  vars_files:
- group_vars/tag_Application_alfred-linux.yml
- group_vars/tag_Environment_dev.yml

you are forcing the vars in the group_vars folder to apply to all hosts.


Hope this helps,

Jon
On Thursday, June 16, 2016 at 2:01:23 PM UTC+1, Jordan Borean wrote:
>
> Hi
>
> I am having issues trying to create a play that will setup a Windows EC2 
> instance and then install software once it is up. For linux instances I do 
> the following to create a new instance on the localhost and then run the 
> other roles on the new instance once it is ready.
>
> ---
> - name: create new aws ec2 instance
>   hosts: localhost
>   become: False
>   vars_files:
> - group_vars/tag_Application_alfred-linux.yml
> - group_vars/tag_Environment_dev.yml
>   roles:
> - common/aws-create-instance
>
>
> - name: setup newly created instances
>   hosts: "{{ hostvars['localhost']['new_ec2_hosts_string'] }}"
>   roles:
> - common/stash-user-setup
> - jdk/install-linux
> - maven/install-linux
> - alfred/linux-setup
>
> When trying the same thing for my Windows hosts Ansible fails to run a 
> play on the localhost with the following error.
>
> (py27)[appuser@jdbrd2 treasury-ansible]$ ansible-playbook test.yml --ask-
> vault-pass
> Vault password:
>
>
> PLAY [localhost] 
> ***
>
>
> TASK [setup] 
> ***
> fatal: [localhost]: UNREACHABLE! => {"changed": false, "msg": "ssl: 
> HTTPSConnectionPool(host='127.0.0.1', port=5986): Max retries exceeded with 
> url: /wsman (Caused by 
> NewConnectionError('  
> object at 0x7f6743985ad0>: Failed to establish a new connection: [Errno 
> 111] Connection refused',))", "unreachable": true}
> to retry, use: --limit @test.retry
>
>
> PLAY RECAP 
> *
> localhost  : ok=0changed=0unreachable=1failed=
> 0
>
>
> I believe it is because one of the vars_files that are being pulled in 
> contains the following variables;
> # Ansible Connection details
> ansible_user: User@domain
> ansible_password: "{{ vault_alfred_windows_account_password }}"
> ansible_port: 5986
> ansible_connection: winrm
> ansible_winrm_server_cert_validation: ignore
> ansible_winrm_transport: ntlm
>
> I cannot seem to override the ansible_connection: winrm to ssh or smart 
> when running the root play. Does anyone know of a way to run a whole roles 
> entirely on the localhost and overridin the ansible_connection: winrm just 
> for that local host. I have tried the following;
>
>- Setting ansible_connection: smart in the host_vars/localhost.yml file
>- Setting connection: smart or ssh after defining hosts: localhost in 
>the root play
>- Setting the variable ansible_connecton: ssh or ansible_connection: 
>smart in the vars: section after pulling in the vars_files
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3a6dd490-4aa8-4d0d-9139-1d9a133a7068%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Having issues with Expect: module

2016-06-16 Thread Matt Martz 
The `expect` module has the ability to respond multiple times to a single
expected string, so instead of defining the expected string 2 times, you
define it once, but give it a list of responses.  Such as:

 - expect:
 command:  /usr/local/sbin/install_blade.sh
 responses:
   '(?i)Enter choice:':
 - "2"
 - "99"
   '(?i)Enter desired hostname:': "rhel72"
   '(?i)associate hostname with:': "oambr-ext"

This will require that you are running ansible 2.1, since that is the first
version to have the multi answers per question functionality.

On Thu, Jun 16, 2016 at 12:44 AM, adhithacholan karunamurthy <
adhithachol...@gmail.com> wrote:

> Hi Matt,
>   Can you please help me here on "duplicate dict key"
>
> [kodiak@localhost 10.0.1.51]$ cat   dockerimage.yml
> ---
> - hosts: KVMGUEST
>   tasks:
>  - expect:
>  command:  /usr/local/sbin/install_blade.sh
>  responses:
>'(?i)Enter choice:': "2"
>'(?i)Enter desired hostname:': "rhel72"
>'(?i)associate hostname with:': "oambr-ext"
>'(?i)Enter choice:': "99"
> @localhost 10.0.1.51]$
>
>
> @localhost 10.0.1.51]$ ansible-playbook   --su --su-user=root
> --ask-su-pass  dockerimage.yml
> SU password:
>  [WARNING]: While constructing a mapping from /home/kodiak/
> 10.0.1.51/dockerimage.yml, line 7, column 12, found a duplicate dict key
> ((?i)Enter choice:).  Using last
> defined value only.
>
>
> PLAY [KVMGUEST]
> 
>
> TASK [setup]
> ***
> ok: [10.0.1.51]
>
> TASK [expect]
> **
> changed: [10.0.1.51]
>
> PLAY RECAP
> *
> 10.0.1.51  : ok=2changed=1unreachable=0failed=0
>
> localhost 10.0.1.51]$
>
>
>
> On Friday, 22 January 2016 05:04:38 UTC+5:30, Byron Kim wrote:
>>
>> Hi Matt - thanks for the quick response.  That seemed to have done the
>> trick.
>>
>> Thanks!
>>
>> On Thursday, January 21, 2016 at 6:23:27 PM UTC-5, Matt Martz wrote:
>>>
>>> Id recommend just starting off with using `Enter: "{{ passphrase}}"
>>>
>>> The (?i) indicates a case insensitive search, and the parents around ^
>>> are unnecessary, and the can be problematic as sometimes expect sees a \n
>>> or a space as the first char.
>>>
>>> On Thursday, January 21, 2016, Byron Kim  wrote:
>>>
 I can't seem to find much documentation or uses of this module.  I
 tried reading up on pexpect documentation however, i'm unable to find my
 answer.

 I'm having ansible run a script and then there are prompts that need to
 be answered.

 - name: GENERATE CERTIFICATE AND KEY
   expect:
 command: /home/user/script arg1
 chdir: /home/user/
 responses:
   (^)(?i)Enter: '{{ passphrase }}'
   (^)(?i)Verifying: '{{ passphrase }}'
   (^)(?i)Common: '{{ common_name }}'

 When the ./script runs, it has a series of text and the prompt finishes
 with:

 'Enter PEM pass phrase:'

 is the `(^)(?i)` the correct regex I would be using to match the text
 'Enter'?

 --
 You received this message because you are subscribed to the Google
 Groups "Ansible Project" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ansible-project+unsubscr...@googlegroups.com.
 To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ansible-project/8d042724-c9d9-4a9c-b229-543c17ce91ff%40googlegroups.com
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>> --
>>> Matt Martz
>>> @sivel
>>> sivel.net
>>>
>>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/589c82fa-246f-4616-aedf-7eb4c76702eb%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails fro

[ansible-project] prompt for "SSH pasword"

2016-06-16 Thread norricorp 
Hi,
very new to Ansible, working through books
On my ansible server (a centos 7 machine) I have added root ssh key to my 
test machine. So I can ssh root@mint-test  and that works.
When, as root, I run my playbook, I am prompted "SSH password:". At this 
point I can enter anything - just enter or the wrong password or even the 
right password. And then ansible runs the playbook and all works as 
expected.
In the ansible cfg file, ask_pass is commented out. But even if I set it to 
False, still get problem.
What am I doing wrong?
Regards,
John

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/388ff9b9-d393-4d3a-864d-455c735f3f5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Having issues with Expect: module

2016-06-16 Thread adhithacholan karunamurthy 
Hi Matt,
  Can you please help me here on "duplicate dict key"

[kodiak@localhost 10.0.1.51]$ cat   dockerimage.yml
---
- hosts: KVMGUEST
  tasks:
 - expect:
 command:  /usr/local/sbin/install_blade.sh
 responses:
   '(?i)Enter choice:': "2"
   '(?i)Enter desired hostname:': "rhel72"
   '(?i)associate hostname with:': "oambr-ext"
   '(?i)Enter choice:': "99"
@localhost 10.0.1.51]$


@localhost 10.0.1.51]$ ansible-playbook   --su --su-user=root 
--ask-su-pass  dockerimage.yml
SU password:
 [WARNING]: While constructing a mapping from 
/home/kodiak/10.0.1.51/dockerimage.yml, line 7, column 12, found a 
duplicate dict key ((?i)Enter choice:).  Using last
defined value only.


PLAY [KVMGUEST] 


TASK [setup] 
***
ok: [10.0.1.51]

TASK [expect] 
**
changed: [10.0.1.51]

PLAY RECAP 
*
10.0.1.51  : ok=2changed=1unreachable=0failed=0

localhost 10.0.1.51]$


On Friday, 22 January 2016 05:04:38 UTC+5:30, Byron Kim wrote:
>
> Hi Matt - thanks for the quick response.  That seemed to have done the 
> trick.  
>
> Thanks!
>
> On Thursday, January 21, 2016 at 6:23:27 PM UTC-5, Matt Martz wrote:
>>
>> Id recommend just starting off with using `Enter: "{{ passphrase}}"
>>
>> The (?i) indicates a case insensitive search, and the parents around ^ 
>> are unnecessary, and the can be problematic as sometimes expect sees a \n 
>> or a space as the first char.
>>
>> On Thursday, January 21, 2016, Byron Kim  wrote:
>>
>>> I can't seem to find much documentation or uses of this module.  I tried 
>>> reading up on pexpect documentation however, i'm unable to find my answer.
>>>
>>> I'm having ansible run a script and then there are prompts that need to 
>>> be answered.
>>>
>>> - name: GENERATE CERTIFICATE AND KEY
>>>   expect:
>>> command: /home/user/script arg1
>>> chdir: /home/user/
>>> responses:
>>>   (^)(?i)Enter: '{{ passphrase }}'
>>>   (^)(?i)Verifying: '{{ passphrase }}'
>>>   (^)(?i)Common: '{{ common_name }}'
>>>
>>> When the ./script runs, it has a series of text and the prompt finishes 
>>> with:
>>>
>>> 'Enter PEM pass phrase:'
>>>
>>> is the `(^)(?i)` the correct regex I would be using to match the text 
>>> 'Enter'?
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible-project+unsubscr...@googlegroups.com.
>>> To post to this group, send email to ansible-project@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/8d042724-c9d9-4a9c-b229-543c17ce91ff%40googlegroups.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> -- 
>> Matt Martz
>> @sivel
>> sivel.net
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/589c82fa-246f-4616-aedf-7eb4c76702eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Tomcat service stops fine and fails to start. Ansible shows success for both.

2016-06-16 Thread Kannan AnandaKrishnan 
Hello,

I'm using Ansible in our environment to restart glassfish applications, 
services etc.,

Currently I'm facing curious issue on restarting tomcat service in our 
servers.

Whenever I execute the stop script, the tomcat service is stopped 
successfully but while trying to start the output shows success, the 
service is still down in the server.



Commands:

[automatrix@t1cogpcop01 ~]$ ansible m10 -m shell -a 'sudo su - mstrsvc 
/app/tomcat/bin/shutdown.sh' -vvv

*m10 is the group name of the server. automatrix account has sudo access to 
> "mstrsvc" account in remote server and tomcat service should be 
> stopped/started from mstrsvc only.*


 ESTABLISH CONNECTION FOR USER: automatrix

 REMOTE_MODULE command sudo su - mstrsvc 
/app/tomcat/bin/shutdown.sh #USE_SHELL

 EXEC ssh -C -tt -v -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/automatrix/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
StrictHostKeyChecking=no -o IdentityFile="/home/automatrix/.ssh/id_rsa" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=1 ASHADOLMCR-S02 /bin/sh -c 
'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1466073513.08-167794820776673 && 
chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1466073513.08-167794820776673 && 
echo $HOME/.ansible/tmp/ansible-tmp-1466073513.08-167794820776673'

 PUT /tmp/tmpKgCn4g TO 
/home/automatrix/.ansible/tmp/ansible-tmp-1466073513.08-167794820776673/command

 EXEC ssh -C -tt -v -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/automatrix/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
StrictHostKeyChecking=no -o IdentityFile="/home/automatrix/.ssh/id_rsa" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=1 ASHADOLMCR-S02 /bin/sh -c 
'LANG=C LC_CTYPE=C /usr/bin/python 
/home/automatrix/.ansible/tmp/ansible-tmp-1466073513.08-167794820776673/command;
 
rm -rf 
/home/automatrix/.ansible/tmp/ansible-tmp-1466073513.08-167794820776673/ 
>/dev/null 2>&1'


ASHADOLMCR-S02 | success | rc=0 >>
Using CATALINA_BASE:   /app/tomcat
Using CATALINA_HOME:   /app/tomcat
Using CATALINA_TMPDIR: /app/tomcat/temp
Using JRE_HOME:/usr/jdk/jdk1.7.0_07
Using CLASSPATH:   /app/tomcat/bin/bootstrap.jar
Using CATALINA_PID:/app/tomcat/catalina.pid



Startup:

[automatrix@t1cogpjra01 ~]$ ansible m10 -m shell -a "sudo su - mstrsvc 
/app/tomcat/bin/startup.sh" -vvv

 [WARNING]: The version of gmp you have installed has a known issue 
regarding
timing vulnerabilities when used with pycrypto. If possible, you should 
update
it (i.e. yum update gmp).

 ESTABLISH CONNECTION FOR USER: automatrix

 REMOTE_MODULE command sudo su - mstrsvc 
/app/tomcat/bin/startup.sh #USE_SHELL

 EXEC ssh -C -tt -v -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/automatrix/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
StrictHostKeyChecking=no -o IdentityFile="/home/automatrix/.ssh/id_rsa" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=1 ASHADOLMCR-S02 /bin/sh -c 
'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1466073302.56-93703916239176 && 
chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1466073302.56-93703916239176 && 
echo $HOME/.ansible/tmp/ansible-tmp-1466073302.56-93703916239176'

 PUT /tmp/tmprJ4Yvq TO 
/home/automatrix/.ansible/tmp/ansible-tmp-1466073302.56-93703916239176/command

 EXEC ssh -C -tt -v -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/automatrix/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
StrictHostKeyChecking=no -o IdentityFile="/home/automatrix/.ssh/id_rsa" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=1 ASHADOLMCR-S02 /bin/sh -c 
'LANG=C LC_CTYPE=C /usr/bin/python 
/home/automatrix/.ansible/tmp/ansible-tmp-1466073302.56-93703916239176/command; 
rm -rf 
/home/automatrix/.ansible/tmp/ansible-tmp-1466073302.56-93703916239176/ 
>/dev/null 2>&1'

ASHADOLMCR-S02 | success | rc=0 >>
Using CATALINA_BASE:   /app/tomcat
Using CATALINA_HOME:   /app/tomcat
Using CATALINA_TMPDIR: /app/tomcat/temp
Using JRE_HOME:/usr/jdk/jdk1.7.0_07
Using CLASSPATH:   /app/tomcat/bin/bootstrap.jar
Using CATALINA_PID:/app/tomcat/catalina.pid
Existing PID file found during start.
Removing/clearing stale PID file.


Though it shows success, the service isn't started in the server and the 
mystery no logs found in tomcat logs when we attempt to start the service, 
whereas stop attempt are clearly captured.

If I execute the same shell arguments directly in the server, it works 
fine. What could be the issue while executing the startup script?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe

[ansible-project] Running local play with winrm config

2016-06-16 Thread Jordan Borean 
Hi

I am having issues trying to create a play that will setup a Windows EC2 
instance and then install software once it is up. For linux instances I do 
the following to create a new instance on the localhost and then run the 
other roles on the new instance once it is ready.

---
- name: create new aws ec2 instance
  hosts: localhost
  become: False
  vars_files:
- group_vars/tag_Application_alfred-linux.yml
- group_vars/tag_Environment_dev.yml
  roles:
- common/aws-create-instance


- name: setup newly created instances
  hosts: "{{ hostvars['localhost']['new_ec2_hosts_string'] }}"
  roles:
- common/stash-user-setup
- jdk/install-linux
- maven/install-linux
- alfred/linux-setup

When trying the same thing for my Windows hosts Ansible fails to run a play 
on the localhost with the following error.

(py27)[appuser@jdbrd2 treasury-ansible]$ ansible-playbook test.yml --ask-
vault-pass
Vault password:


PLAY [localhost] 
***


TASK [setup] 
***
fatal: [localhost]: UNREACHABLE! => {"changed": false, "msg": "ssl: 
HTTPSConnectionPool(host='127.0.0.1', port=5986): Max retries exceeded with 
url: /wsman (Caused by 
NewConnectionError(': Failed to establish a new connection: [Errno 
111] Connection refused',))", "unreachable": true}
to retry, use: --limit @test.retry


PLAY RECAP 
*
localhost  : ok=0changed=0unreachable=1failed=0


I believe it is because one of the vars_files that are being pulled in 
contains the following variables;
# Ansible Connection details
ansible_user: User@domain
ansible_password: "{{ vault_alfred_windows_account_password }}"
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: ntlm

I cannot seem to override the ansible_connection: winrm to ssh or smart 
when running the root play. Does anyone know of a way to run a whole roles 
entirely on the localhost and overridin the ansible_connection: winrm just 
for that local host. I have tried the following;

   - Setting ansible_connection: smart in the host_vars/localhost.yml file
   - Setting connection: smart or ssh after defining hosts: localhost in 
   the root play
   - Setting the variable ansible_connecton: ssh or ansible_connection: 
   smart in the vars: section after pulling in the vars_files

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/61ef3899-6b5b-4857-b71d-c42f708ce7ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible on 'brownfield' sites

2016-06-16 Thread Dick Davies 
I've had great success using Ansible to build up multiple environments
(devs, staging, prod) from kickstart to production, and I imagine
that's how most folks here would use it.

My current mission is to add some automation onto a lot of 'handbuilt'
environments that have grown up from scripts. As you'd expect, each
new environment has learned from the lessons of the previous one and
the scripts have evolved.

Unfortunately, that means each environment is different, sometimes
radically - not just in scale of a given service but often in the
presence or absence of it. There's a lot of commercial software
deployed too, which results in the inevitable "we don't have enough
licenses for $TECHNOLOGY to run it in all the dev. environments" and
more drift.

Basically "a maze of twisty environments, non alike" ..

I'm making some headway in getting inventories written up to at least
start to use adhoc tasks for some of the routine tasks. Next phase is
"roads and sewers" - fairly straightforward services that are simple
to setup but essential (e.g. NTP, SNMP, yum repos).

I'm hoping to tackle some of the inconsistencies with liberal use of
$inventory/group_vars folders to enable/disable roles based on where
I'm running.

I had a look around but haven't seen much discussion about
retrofitting Ansible to try to tame this kind of sprawl. Would be
interested in how others have tackled the challenge - "nuke the site
from orbit" and  "run away screaming" excluded.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQao_NYjxGxU4eB0hkuGJifWSbTr7pm2HYYar9d%2BrOS1g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Weird: Passing variables to roles

2016-06-16 Thread 'J Hawkesworth' via Ansible Project 
That is very unexpected.

I pass vars to the same role a lot, although in my case I am usually doing 
it within the same play (as opposed to within a different play inside the 
same playbook), and I almost always pass the vars in as -e (extra vars), 
which from memory have highest precedence.

Looking at your playbook I just wonder if there's something odd going on to 
do with the type of the vars.  From memory yaml treats unquoted yes and no 
as boolean true/false values, so it could be that the booleans aren't 
getting passed as you'd expect but the strings are.

Maybe it would be worth just experimenting and changing your role so it 
expects a string for create_availability_set, quoting your "yes" and seeing 
if that makes a difference.

Feels like a bug to me though if that is the case.

Jon

On Wednesday, June 15, 2016 at 8:04:55 PM UTC+1, Trond Hindenes wrote:
>
> From what I can see, once a previously undefined variable has been set by 
> a role, the calling playbook is unable to override it on subsequent calls.
>
> On Wednesday, June 15, 2016 at 8:29:17 PM UTC+2, Trond Hindenes wrote:
>>
>> Hi, 
>> I have this weird situation where a role doesn't pick up configured 
>> variables, hopefully someone can help me out. 
>> This is parts of my playbook:
>> -   name: Deploy Elasticsearch VMs
>> hosts: localhost
>> tags:
>> - deploy
>> vars:
>> os_type: Windows
>> public_ip: yes
>> use_max_datadisks: True
>> create_network_security_group: nsg_eslogging
>> create_availability_set: yes
>> add_to_adhoc_group: elasticsearch
>>
>> roles:
>> - { role: customer_deploy_azurevm, vm_name: customer-prod-es1}
>> - { role: customer_deploy_azurevm, vm_name: customer-prod-es2}
>>
>> -   name: Deploy logstash VMs
>> hosts: localhost
>> tags:
>> - deploy
>> vars:
>> os_type: Windows
>> public_ip: yes
>> max_data_disk_count: 2
>> create_network_security_group: nsg_logstash
>> create_availability_set: yes
>> availability_set_name: as-customer-prod-logstash
>> add_to_adhoc_group: logstash
>> roles:
>> - { role: customer_deploy_azurevm, vm_name: customer-prod-ls1}
>> - { role: customer_deploy_azurevm, vm_name: customer-prod-ls2}
>>
>> The weird thing that happens is that the second play's vms don't get the 
>> correct availability set (availability_set_name), but they DO get the 
>> correct nsg (create_network_security_group). The customer_deploy_azurevm 
>> roles works so that if "create_availability_set" is true and 
>> "availability_set_name" is not set, then an autogenerated availability set 
>> name will be used. This variable seems to "linger" so that the following to 
>> vms get the previous auto-generated availability set name (I can see this 
>> if I dump all vars before I do anything else in the role)
>>
>> This seems completely weird to me. Am I doing something wrong, or is this 
>> a bug?
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/45d54e65-2252-4138-96da-addacf7812f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.