[ansible-project] What is the correct format to use filters parameter in Ansible ad-hoc mode

[Henry Huang]

I am trying to test the filter result using the ansible command in ad-hoc 
mode for ec2_vpc_subnet_facts module. I can't seem to get the "filters" 
parameter to work in the ad-hoc mode somehow. It keeps giving me back key 
value error or "unable to evaluate dictionary for filters" kind of error no 
matter how I put those things together. 

Here's is how my command looks like:

ansible localhost -i ./local -m ec2_vpc_subnet_facts -a "profile=my-profile 
region=us-east-1 filters="{ 'vpc-id': vpc-x }" -

And here's the error message:

localhost | FAILED >> {
"failed": true,
"msg": "this module requires key=value arguments (['filters={', 
'vpc-id:', 'vpc-x', '}'])"
}

I have played with many different formatting but I just can't get it to 
work. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/76d97a1a-7c20-418c-a1cb-c2a7554c0176%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Using win_regedit to harden Windows server ciphers

[Matt Davis]

Yep, doesn't look like there's any documented way to get the Powershell 
registry provider to work right with this. Even if we could get it to work 
right with the creation, it'd still break on all the Test-Path and other 
calls. Only way to handle this "right" would be a complete rewrite of 
win_regedit to directly use the .NET Registry classes instead (probably not 
happening anytime soon).

On Monday, July 11, 2016 at 1:11:59 PM UTC-7, Matt Betts wrote:
>
> Hi, I'm trying to create a playbook that I can use to bring a windows 
> server up to the latest secure hardening standards and I'm stuck with 
> configuring Ciphers. An example is as follows:
>
>  ansible {HOST} -m win_regedit -a 
> "key='HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2
>  
> 128/128' value=Enabled data= datatype=dword state=present" -vvv
>
> As you can see the Key name is "RC2 128/128" and the issue I'm 
> encountering is Powershell interprets the / as a new key, irrespective of 
> the direction. 
>
> Has anyone managed to create a playbook to do this? I've got some 
> alternatives (merging a registry file etc) but they aren't as clean. From 
> the research I've done it looks like i'm going to need to user the 
> powershell CreateSubKey function.
>
> Thanks,
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e6573522-33de-4d5f-bca4-af1996ceddd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Using win_regedit to harden Windows server ciphers

[Matt Betts]

Hi, I'm trying to create a playbook that I can use to bring a windows 
server up to the latest secure hardening standards and I'm stuck with 
configuring Ciphers. An example is as follows:

 ansible {HOST} -m win_regedit -a 
"key='HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2
 
128/128' value=Enabled data= datatype=dword state=present" -vvv

As you can see the Key name is "RC2 128/128" and the issue I'm encountering 
is Powershell interprets the / as a new key, irrespective of the direction. 

Has anyone managed to create a playbook to do this? I've got some 
alternatives (merging a registry file etc) but they aren't as clean. From 
the research I've done it looks like i'm going to need to user the 
powershell CreateSubKey function.

Thanks,


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/86819205-740e-4abd-889c-6f1bb5c0bf4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] parsing a nested json file

[Kai Stian Olstad]

On 11. juli 2016 19:16, Dader Grund wrote:

Thanks alot dude. It did work ^^
i have recently got it working using lookup('file', '/etc/foo.txt') |
from_json).get('fw2').get('ipv4').get('rtr').get('ip') # haha though
it didn't look quit  pretty
i noticed if i am using an attribute with a minus sign i.e "fw2-m" the dot
notation wouldn't work.
Just curious how could one overcome this issue?


Python identifiers is not allowed to have dash in them(because dash is a 
subtraction), so only way around it in Ansible, is to use the square 
brackets notation.


--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5783DC34.1060802%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: on/off playooks for lots of resources w/o repeating them (minimal redundancy)

[Frank Thommen]

Thanks a lot.  I'll give these a try.
frank

On 07/11/2016 11:42 AM, 'J Hawkesworth' via Ansible Project wrote:

I can think of a couple of ways - there are probably more

One way would be by having both playbooks include a vars file which has
the list of mounts in it:

http://docs.ansible.com/ansible/include_vars_module.html

or you could add the list of mounts to a group variable and have it
apply to both playbooks by having both playbooks work against that group
of hosts

See 
http://docs.ansible.com/ansible/playbooks_best_practices.html#group-and-host-variables
for more about group vars.

Hope this helps,

Jon




On Monday, July 11, 2016 at 8:21:12 AM UTC+1, Frank Thommen wrote:

Hi,

I'm currently evaluating ansible as a candidate for our future CM tool.
   I'm stuck with the issue, that we have "blocks" of resources (e.g. a
list of around 30 NFS mounts) which we'd like to be able to switch on
and off w/o repeating the complete resources in two playbooks.  How can
we have two playbooks, one mounting the mounts, the other unmounting
them w/o having to duplicate the whole list in both playbooks?

I'm sure there is a way, I just dont seem to be able to find the
appropriate documentation page.

Any pointer is appreciated
frank


--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to ansible-project+unsubscr...@googlegroups.com
.
To post to this group, send email to ansible-project@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d22afed3-6f07-412e-9cc5-03dd5c019c5d%40googlegroups.com
.
For more options, visit https://groups.google.com/d/optout.



--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5783DA50.4080308%40drosera.ch.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: launch executable on remote node

[skinnedknuckles]

I tried converting my password to a secureString by using 
"ConvertTo-SecureString" commandlet of powershell like this.


  - name Convert password to secure string
raw: ConvertTo-SecureString "password" -AsPlainTest -Force
register: result
  - set_fact: ssPassword={{result.stdout_lines.0}}
  - name Setup Auto Reboot
script: Set-SecureAutoLogon.ps1 "{{userName}}" "{{ssPassword}}" "acme" 
"1" "true"


Then when I run it I get "Cannot process argument transformation non 
parameter "Password" Cannot convert the System.SecuritySecureString value 
of type System.String to type System.Security.SecureString"




On Wednesday, May 11, 2016 at 10:01:52 AM UTC-5, skinnedknuckles wrote:
>
> Management Node:
> CentOs 7.1
> Ansible 2.1
> Remote Node:
> Windows 7
> Powershell 3.0
>
> How do I launch an executable on a remote node running Windows 7?  As I 
> understand win_scheduled_task only works with Windows Server 2012 and 
> win_nssm is only for startup services.  Is there any other way do do this? 
>  If not, is there any way to access the Invoke-Command option of 
> Powershell?  I suppose a module could be written to do that but I'm new to 
> python and doubt I could pull it off.
>
> Thanks,
>
> Jonathan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f3cebf19-61c4-4c14-9be1-2d1359d56ee9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] parsing a nested json file

[Dader Grund]

Thanks alot dude. It did work ^^
i have recently got it working using lookup('file', '/etc/foo.txt') | 
from_json).get('fw2').get('ipv4').get('rtr').get('ip') # haha though  
it didn't look quit  pretty
i noticed if i am using an attribute with a minus sign i.e "fw2-m" the dot 
notation wouldn't work.
Just curious how could one overcome this issue?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/939d1cc5-60d4-42b3-ba12-91894e574ffd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: launch executable on remote node

[skinnedknuckles]

Is your role on Ansible Galaxy?  I searched for your name but came up with 
nothing.  Do you use another name for your Galaxy contributions or where 
can I find the role you mentioned?

On Wednesday, May 11, 2016 at 10:01:52 AM UTC-5, skinnedknuckles wrote:
>
> Management Node:
> CentOs 7.1
> Ansible 2.1
> Remote Node:
> Windows 7
> Powershell 3.0
>
> How do I launch an executable on a remote node running Windows 7?  As I 
> understand win_scheduled_task only works with Windows Server 2012 and 
> win_nssm is only for startup services.  Is there any other way do do this? 
>  If not, is there any way to access the Invoke-Command option of 
> Powershell?  I suppose a module could be written to do that but I'm new to 
> python and doubt I could pull it off.
>
> Thanks,
>
> Jonathan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/0bb0ef20-88a0-42cf-a454-1d3063816b59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Error while deploying open source bitcoin exchange platform that uses ansimble

[Kai Stian Olstad]

On 11. juli 2016 17:37, Oleg Belousov wrote:

up (

On Sunday, 10 July 2016 21:02:00 UTC+2, Oleg Belousov wrote:

# for webservers
frontend_fqdn: {{root_domain}}
 ^
This one looks easy to fix.  YAML thought it was looking for the start of
a
hash/dictionary and was confused to see a second "{".  Most likely this was
meant to be an ansible template evaluation instead, so we have to give the
parser a small hint that we wanted a string instead. The solution here is
to
just quote the entire value.


Have you actually read the error message?
It clearly says whats wrong.

More info
https://docs.ansible.com/ansible/YAMLSyntax.html#gotchas

--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5783C3E6.8000104%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] parsing a nested json file

[Kai Stian Olstad]

On 11. juli 2016 15:07, Dader Grund wrote:

i have a  nested json file like :
{
 "fw1": {
 "ipv4": {
 "rtr": {
 "ip": "1.2.3.4",
 "net": "1.2.3.4",

 }
 }
 },
 "fw2": {
 "ipv4": {
 "rtr": {
 "ip": "4.3.2.1",
 "net": "4.3.2.1",

 }
 }
 }
}


How could i parse in this case only the "ip" value of "fw2" ?
for a non nested json dictionary this phrase has worked for me

{{ (lookup('file', '/etc/foo.txt') | from_json).get('ip') }}.


{{ (lookup('file', '/etc/foo.txt') | 
from_json)['fw2']['ipv4']['rtr']['ip'] }}


or

{{ (lookup('file', '/etc/foo.txt') | from_json).fw2.ipv4.rtr.ip }}

--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5783BE2A.9090108%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Error while deploying open source bitcoin exchange platform that uses ansimble

[Oleg Belousov]

up (

On Sunday, 10 July 2016 21:02:00 UTC+2, Oleg Belousov wrote:
>
> This is the line with the error:
>
> https://github.com/txbits/TxBitsDeployer/blob/master/playbook/group_vars/staging_testnet#L5
>
> This is how the error looks like in the console:
>
> fatal: [longcat.staging-testnet-txbits.com] => Syntax Error while loading 
> YAML script, 
> /home/user/dev/TxBitsDeployer/playbook/group_vars/staging_testnet
> Note: The error may actually appear before this position: line 5, column 29
>
> # for webservers
> frontend_fqdn: {{root_domain}}
> ^
> This one looks easy to fix.  YAML thought it was looking for the start of 
> a 
> hash/dictionary and was confused to see a second "{".  Most likely this was
> meant to be an ansible template evaluation instead, so we have to give the 
> parser a small hint that we wanted a string instead. The solution here is 
> to 
> just quote the entire value.
>
> For instance, if the original line was:
>
> app_path: {{ base_path }}/foo
>
> It should be written as:
>
> app_path: "{{ base_path }}/foo"
>
> We could be wrong, but this one looks like it might be an issue with
> missing quotes.  Always quote template expression brackets when they 
> start a value. For instance:
>
> with_items:
>   - {{ foo }}
>
> Should be written as:
>
> with_items:
>   - "{{ foo }}"  
>
>
>
>
> What I was trying to do is 
> ./initial_deploy.sh staging_testnet
>
> In order to test the pipeline.
>
> Thanks in advance.
> O.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/17281242-2aeb-439d-bad6-e467b3d99ff0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] mysql_user errors when using with_items

[Jeff Sault]

Hi All,

Does anyone know why the below ansible code is failing?

 - name: Add permissions to heeservers to connect to SQL
   mysql_user: name={{ mu_db_user }} password={{ mu_db_pass }} host="{{ 
item }}"  priv={{ mu_db_name }}.*:ALL state=present
   with_items: '{{groups.heeservers}}' 

The error reported is..

failed: [mu.vagrant] (item=hee.vagrant) => {"failed": true, "item": 
"hee.vagrant", "msg": "(1396, \"Operation CREATE USER failed for 
'root'@'hee.vagrant'\")"}

If I change the host from "{{ item }}" to a fixed string it works as 
expected but I dont understand why.

Thanks!
Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1809bd75-fec3-46f3-b5bf-a2aefa1333bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Server date in Ansible/J2?

[jp]

On Sunday, July 10, 2016 at 3:41:55 PM UTC-4, Kai Stian Olstad wrote:
>
> On 09. juli 2016 04:03, j...@jpsdomain.org  wrote: 
> > > I have what seems to be a simple question that I can't find on the 
> web.  How do I get the current date from the Ansible server into a J2 
> variable?  I know how to do it with {{ ansible_date_time.date }} but that's 
> from the remote node at the time Ansible collected facts (which could be 
> cached), NOT "now" on the server I'm running on...right? 
> >
> > Check out lookups 
> > https://docs.ansible.com/ansible/playbooks_lookups.html 
>  
> >
> > {{ lookup('pipe','date') }} 
>
> Thanks.  I should have mentioned I considered that, but it seems crazy and 
> inefficient to have to shell out and run the `date` command when Python, 
> Ansible and J2 already know what date and time it is...I just need a way to 
> make one of them tell me in a playbook.  Is there really no way to do 
> something like {{ now.strftime('%Y-%m-%d') }}?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/be7f2ec0-8265-4ef2-acd2-bfaba230d8de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Recommendations for use of "become" with roles

[Paul Mackay]

Is there any best practice around the use and/or documentation of 
sudo/become with roles? These are the questions I'm unsure about and have 
not seen any related guidelines:

- If a role requires sudo priviledges for one or more tasks, should it 
apply it just for those tasks? Or not use "become" at all and let the 
playbook calling the role apply it? 

- If priviledges are required but not applied in the role, would it be good 
practice to document the need as part of the role docs?

thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/da775e89-74a2-473a-b00b-ab6630e5c5f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Pass complex variables into roles

[Eric Bruno]

Hi folks,

I'm facing an issue with roles call in plays when passing complex var. I 
want to find a way to pass variable by reference like so:

#group_vars/python-app/fooapi.yml

fooapi:
  uno: 1
  dos: 2


#group_vars/python-app/barapi.yml

fooapi:
  uno: 1000
  dos: 2000

#play.yml

- hosts: python-app
  roles:
- { role: python, app: fooapi}
- { role: python, app: barapi}

#roles/python/tasks/main.yml

- debug: var=app

This is maybe a bad practice but if we found a solution, this is a very 
usefull and nice way to do what I want to do.

Thank you for your help :)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e54ca0e8-9052-42d6-af42-d4e5f2c45f6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Mark playbook execution as complete when certain file is present in remote system

[Kai Stian Olstad]

On 09. juli 2016 17:40, Zeal Vora wrote:

We are planning to run our infrastructure on Ansible Pull Mode so all the
host machines will keep on polling every few minutes.

In a single outside.yml file, we will have around 8 playbooks.

I want to mark a specific whole playbook as completed if there is certain
file present in a remote system.

What is the most ideal way to achieve this ?


It's not possible to mark the execution as complete, but you could skip 
a role.


Put the playbook in its own file, lets say play1.yml

In outside.yml use stat module to check if the file exist and register 
the result in a variable e.g. result and then you can include the role 
like this


- include: play.yml
  when: result.stat.exists == false

--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5783A5EC.5050203%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] handler invoked from role is not called

[Kai Stian Olstad]

On 10. juli 2016 00:11, Szabolcs Szallár wrote:

Logical structure:

site.yml
└── roles
   └── base
   └── tasks
  └── main.yml

Example line in main.yml:

  - name: configure iptables rules
template: src=iptables_config.j2 dest=/etc/sysconfig/iptables owner=root
group=root mode=0600
notify:
 - iptables restart

In roles directory I have a task with main.yml, and from that main.yml I
add package configuration with template.
When the template is updated, I have a handler called, but for some reason
it's not executed.

Handlers are in same level as site.yml:

└── handlers
 └── main.yml


Try moving your handlers folder into the role, same level as your tasks 
under base.


 roles
  └── base
   ├── tasks
   │└── main.yml
   └── handlers
└── main.yml


--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5783A14F.6090606%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] parsing a nested json file

[Dader Grund]

hallo,

i have a  nested json file like :
{
"fw1": {
"ipv4": {
"rtr": {
"ip": "1.2.3.4",
"net": "1.2.3.4",
 
}
}
},
"fw2": {
"ipv4": {
"rtr": {
"ip": "4.3.2.1",
"net": "4.3.2.1",

}
}
}
}


How could i parse in this case only the "ip" value of "fw2" ?
for a non nested json dictionary this phrase has worked for me

{{ (lookup('file', '/etc/foo.txt') | from_json).get('ip') }}.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/99e9662b-8ff6-47bf-970a-fb57559a4ef5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] docker-py` doesn't seem to be installed, but is required for the Ansible Docker module

[utp mahesh]

I already installed the docker-py module.I Dont know why it is failing to 
find this module.
Anyway this happens only for this Jenkins job.Other Jenkins jobs picks the 
docker-py module and do the docker deployment.
For understand,
Can you please tell me where is the location this docker-py is installed ? 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2db8b1b6-8f23-4c18-8abc-8473ee08f9ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Remove stderr/stdout from json output on failure as plugin handles already pretty printing

[Kamil Demecki]

Hi All,

I'm using plugin described here 

 
to display pretty printed output. It is working very well on successful 
execution. 
However on failure ansible also displays json with keys "stdout", "stderr" 
duplicating my output. 
Json is quite big and unreadable as I log hundreds lines in some places.

Is there a way to "mask" keys from json output presented when ansible 
fails? I would like to have a dict with something like replaced 
stderr="Already printed". 
I've tried to modify dictionary in callback plugin but it doesn't take 
effect. Is any good example on github 
?

I'm using Ansible 2.0.0.1.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b678185e-f66c-4155-b90e-157b577f860d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Accessing environment variables created inside shell task

[Bence Takács]

Custom module for gathering facts for the rescue!
http://docs.ansible.com/ansible/developing_modules.html#module-provided-facts
http://blog.toast38coza.me/custom-ansible-module-hello-world/
http://mcsrainbow.github.io/articles/create-an-ansible-module-and-then-use-module-provided-facts.html

2016. január 29., péntek 18:30:13 UTC+1 időpontban PixelDrift.NET Sam a 
következőt írta:
>
> To add to that, I understand I can use something similar to the following 
> to access a single value:
>
> ---
>
> - hosts: all
>
>  tasks:
>
>- name: Export environment variable
>
>  shell: /usr/local/bin/blackbox && env | grep ^ANIMAL
>
>  register: output
>
>
> But the real scenario is that I may have 5-10 environment variables 
> generated from blackbox and I am looking for a structured way to access 
> them.
>
>
> Thanks again.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/cb6296b6-0073-46e9-94a8-2a93548d9732%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible Tower Inventory: Fetching VMs from VMware

[Chethan S]

I have configured a group with source "VMware vCenter". As per the 
documentation, one can specify Source Variables to Override variables found 
in vmware.ini and used by the inventory update script. For a detailed 
description of these variables view vmware.ini in the Ansible github repo. 

 

An excerpt from the GitHub file - 
# Specify a prefix filter. Any VMs with names beginning with this string 
will not be returned. 
# prefix_filter = test_ 

In my case, I have at least three prefixes that need to be excluded. 
However, when I try to do that by specifying prefix_filter three times, 
only first one seems to work. How can I exclude VMs which start with names 
other than Te?



-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8b51953a-1719-4eb1-bca0-516644e35e13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] copy each confi file on each server

[Mark Janssen]

Something like this ? (directly copied from a play I use... not tweaked to
your settings ;) )


#!/usr/bin/env ansible-playbook
# Fetch files from remote hosts

---

- hosts: all
  gather_facts: yes
  vars:
outputdir: "data"
infofiles:
  - /etc/krb5.conf
  - /etc/resolv.conf
  - /etc/sysconfig/network-scripts/ifcfg-*
  - /etc/sysconfig/network-scripts/route-*
  - /etc/sudoers.d/*
  become: yes
  tasks:

  - name: Fetch filenames
shell: "find {{infofiles|join(' ')}} -type f"
register: filenames
ignore_errors: yes
tags:
  - filenames
  - fetch

  - name: Fetch config-files
fetch: src="{{item}}" dest="{{outputdir}}/"
with_items:
  - /etc/passwd
  - /etc/redhat-release
  - "{{filenames.stdout_lines}}"
tags:
  - fetch


On Fri, Jul 8, 2016 at 1:55 PM, alex podolin  wrote:

> Hi all. I hope anybody can help me.
> I have a few servers called SERVER-01 SERVER-02SERVER-N
> and *.conf files for this servers
> # tree roles/put_cameras/files/nginx/
> roles/put_cameras/files/nginx/
> ├──SERVER-01
> │   ├── config01.conf
> │   ├── config02.conf
>
> ├── SERVER-02
> │   ├── config01.conf
> │   ├── config02.conf
> ...
> ├── SERVER-N
> │   ├── config01.conf
> │   ├── config02.conf
>
> can you tell me, how to put files from  files/nginx/SERVER-01/{*.conf} to
> SERVER-01 /etc/nginx; files/nginx/SERVER-02/{*.conf} to SERVER-02
> /etc/nginx; files/nginx/SERVER-N/{*.conf} to SERVER-N /etc/nginx;
> I think i can do it throw loops? but i don't understand how...
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/860d76f6-59b4-43b9-9a32-d74fde8b0f3f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Mark Janssen  --  maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAKs9mshF2khoCUMgC-%2BBPXin%2BWLisD3sMPvRRagmi5fRuNO4jg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: launch executable on remote node

['J Hawkesworth' via Ansible Project]

This script can set up auto logon for a user.
http://andyarismendi.blogspot.co.uk/2011/10/powershell-set-secureautologon.html
I have a role that runs this script and then calls win_reboot to make the 
autologon happen.

Hope this helps,

Jon

On Friday, July 8, 2016 at 5:36:59 PM UTC+1, skinnedknuckles wrote:
>
> The program I'm trying to launch starts up automatically after the user 
> logs-in which could possibly be part of a solution for me.  But I can't 
> depend on any user doing that for me so I would have to automate the login 
> and I don't see how win_reboot can do that.
>
> On Wednesday, May 11, 2016 at 10:01:52 AM UTC-5, skinnedknuckles wrote:
>>
>> Management Node:
>> CentOs 7.1
>> Ansible 2.1
>> Remote Node:
>> Windows 7
>> Powershell 3.0
>>
>> How do I launch an executable on a remote node running Windows 7?  As I 
>> understand win_scheduled_task only works with Windows Server 2012 and 
>> win_nssm is only for startup services.  Is there any other way do do this? 
>>  If not, is there any way to access the Invoke-Command option of 
>> Powershell?  I suppose a module could be written to do that but I'm new to 
>> python and doubt I could pull it off.
>>
>> Thanks,
>>
>> Jonathan
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1fe8a92c-6fcd-498c-bc44-907223d6dfc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Login Credentials were rejected for Computers Attached to Active Directory

['J Hawkesworth' via Ansible Project]

So, for some reason it is trying to connect via ssl and not kerberos.

I can think of two things for you to try:

1/ ensure you have install the python kerberos library as described 
here: 
http://docs.ansible.com/ansible/intro_windows.html#installing-python-kerberos

Without this ansible will 'fall back' to attempting ssl connection, which 
will fail as you are using a domain user.  This is also needed (it is *not 
*included 
the packages listed 
here): 
http://docs.ansible.com/ansible/intro_windows.html#installing-python-kerberos-dependencies

2/ Switch to hostnames instead of ip addresses in your inventory.  Kerberos 
needs fully functioning DNS to work properly.

Hope this helps,

Jon

On Sunday, July 10, 2016 at 8:02:02 PM UTC+1, Rajagopal Subramanian wrote:
>
> I have three 3 Windows computers. One is Windows server 2012, Other two 
> are Windows 7 Desktop. Through Ansible I can individually manage all 3 
> windows machine through their local login account. Ansible Work Perfectly.
>
>
> Now I configure AD in windows server 2012 and I joined two desktop 
> computer to AD. Through Active Directory's Administrator Account I can 
> login through all 3 Windows Machines.
>
>
> To Manage AD Account in ansible I installed keberos as mentioned in this 
> documentaion. 
> 
>
>
> My Configurations are as follow:
>
>
> */etc/krb5.conf*
>
>
> [libdefaults]
>
> default_realm = NAANAL.IN
>
> [realms]
> NAANAL.IN = {
> kdc = WIN2012.naanal.in
> default_domain = naanal.in
> }
>
> [domain_realm]
>
> .naanal.in = NAANAL.IN
>
> [login]
>
> krb4_convert = true
> krb4_get_tickets = false
>
>
> *Connection and Ticket Details:*
>
>
> kinit admini...@naanal.in 
> Password for admini...@naanal.in :
>
>
>
> klist
> Ticket cache: FILE:/tmp/krb5cc_1000
> Default principal: admini...@naanal.in 
>
> Valid starting   Expires  Service principal
> 2016-07-10T20:41:25  2016-07-11T06:41:25  krbtgt/naan...@naanal.in 
> 
> renew until 2016-07-11T20:40:33
>
>
> Now I just try to ping my all windows machines through the account 
> admini...@naanal.in 
>
>
> Here is my Configuration and output :
>
>
> *hosts*
>
>
> [windows]
> 192.168.1.13  -> Windows 7 Desktop Attached to AD
> 192.168.1.23  -> Windows 7 Desktop Attached to AD
> 172.30.64.77  -> Windows 2012 with AD
>
>
> *group_vars/windows.yaml*
>
>
> ansible_user: admini...@naanal.in 
> ansible_password: p@ssw0rd1
> ansible_port: 5986
> ansible_connection: winrm
> ansible_winrm_server_cert_validation: ignore
>
>
> While I run ansible windows -i hosts -m win_ping
>
>
> 192.168.1.13 | UNREACHABLE! => {
> "changed": false,
> "msg": "ssl: the specified credentials were rejected by the server",
> "unreachable": true
> }
> 192.168.1.23 | UNREACHABLE! => {
> "changed": false,
> "msg": "ssl: the specified credentials were rejected by the server",
> "unreachable": true
> }
> 172.30.64.77 | SUCCESS => {
> "changed": false,
> "ping": "pong"
> }
>
>
> i.e In Ansible, I can't login into computers attached to AD through AD 
> user account. Where I miss things ?
>
>
> Note: I enabled Remote Connections in Desktops. Also tried with firewall 
> disabled.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9bb22809-8b78-41fd-8327-273a8b2f88c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: on/off playooks for lots of resources w/o repeating them (minimal redundancy)

['J Hawkesworth' via Ansible Project]

I can think of a couple of ways - there are probably more

One way would be by having both playbooks include a vars file which has the 
list of mounts in it:

http://docs.ansible.com/ansible/include_vars_module.html

or you could add the list of mounts to a group variable and have it apply 
to both playbooks by having both playbooks work against that group of hosts

See 
http://docs.ansible.com/ansible/playbooks_best_practices.html#group-and-host-variables
 
for more about group vars.

Hope this helps,

Jon




On Monday, July 11, 2016 at 8:21:12 AM UTC+1, Frank Thommen wrote:
>
> Hi, 
>
> I'm currently evaluating ansible as a candidate for our future CM tool. 
>   I'm stuck with the issue, that we have "blocks" of resources (e.g. a 
> list of around 30 NFS mounts) which we'd like to be able to switch on 
> and off w/o repeating the complete resources in two playbooks.  How can 
> we have two playbooks, one mounting the mounts, the other unmounting 
> them w/o having to duplicate the whole list in both playbooks? 
>
> I'm sure there is a way, I just dont seem to be able to find the 
> appropriate documentation page. 
>
> Any pointer is appreciated 
> frank 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d22afed3-6f07-412e-9cc5-03dd5c019c5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] on/off playooks for lots of resources w/o repeating them (minimal redundancy)

[Frank Thommen]

Hi,

I'm currently evaluating ansible as a candidate for our future CM tool. 
 I'm stuck with the issue, that we have "blocks" of resources (e.g. a 
list of around 30 NFS mounts) which we'd like to be able to switch on 
and off w/o repeating the complete resources in two playbooks.  How can 
we have two playbooks, one mounting the mounts, the other unmounting 
them w/o having to duplicate the whole list in both playbooks?


I'm sure there is a way, I just dont seem to be able to find the 
appropriate documentation page.


Any pointer is appreciated
frank


--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/578348C9.80107%40drosera.ch.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Nested looping with with_dict and with_file, in Ansible v 1.7.2

[Junaid Naseer]

* p.s. why ansible 1.7.2, it comes standard with Debian 8.5 (jessie)?

Err, :O I wanted to explain, why am I using, Ansible 1.7.2. and not 
something new, since it comes standard with the Debian 8.5 distribution. I 
know it is old. But that is not in my hand. Anyways.


On Thursday, July 7, 2016 at 7:08:11 PM UTC+2, Junaid Naseer wrote:
>
>
>-  I am almost certain this is not possible in *Ansible* (at least not 
>in version* 1.7.2*), but just to be thorough in my investigation, 
>after exhausting all lookups on *google*, *stackoverflow*, 
>*serverfault*, etc. I am posting it now here.
>
>
>-  I have a list of usernames in a dictionary, something like this:
>
>
> keymap:
>userx:
>   property1: xyz
>   property2: abc
>
>usery:
>   property1: xyz
>   property2: abc
>
>
>- And then I have a set of files, essentially named like this in a 
>folder:
>
>
> *$ /tmp/pub_keys/username_hostname*
>
>
>- I need to merge *all the keys for one user* from all the hosts into 
>one authorized key. 
>   - So all keys from *userx* in one file, and all keys from *usery* 
>   in one file and so on.
>   - To grab the keys from the files over all hosts, I tried with the 
>following just to test, and it works fine. 
>lookup('file', '/tmp/pub_keys/username_'+ansible_hostname+'.pub' )
>Next Step, was to try the following,
>- lookup('fileglob', '/tmp/pub_keys/username_'+'*'+'.pub').split(',')
>which also worked fine. So I can merge the keys, using the 
>*authorized_keys* module, for ONE user.
>   - This make my problem quite similar to this one: 
>   
> https://serverfault.com/questions/649721/how-can-i-have-a-nested-loop-with-a-fileglob-pattern
>   
>
>- To get the list of all users, I need to use the *with_dict* module 
>to get the usernames from the dictionary *keymap,* as named above.
>- But it seems there is no way to make *with_dict* and *with_file* 
>work together.
>- I tried a number of permutations with *with_nested* and using *lookup 
>with fileglob*, but to no avail. The entire list of all permutations 
>tried is maybe too much to copy paste here.
>- I tried setting variables using *set_facts* and *vars* to avoid 
>using the *with_dict* in the same play, but I could not get the vars 
>defined in one play to be visible in a different play (my bad, I am an 
>ansible n00b).
>- The only thing that I did not try is *with_subelements*. And 
>anyways, I think it is not usable in my case, since I do not know 
>beforehand 'the list of hosts for a given user', in the dictionary.
>
>
>
>- To expand on, what* *not working** means, (before I get burnt at the 
>stake for saying, those words ), I explain below:
>- When I use a construct like the one listed here: 
>https://docs.ansible.com/ansible/playbooks_loops.html#nested-loops, 
>which in my case then becomes,
>- 
>
>- name: give users access to multiple databases
>  authorized_key: user="{{item.0}}" key="{{lookup('file', item.1)}}"
>  with_nested:
>- {{users}}
>- key: "{{ lookup('fileglob', 
> '/tmp/public_keys/'+item.key+'_'+ansible_hostname+'.pub').splitlines() }}"
>
>- The key returned in the above case, does not grab the list of files, 
>but instead starts returning, the literal string  *"{{ 
>lookup('fileglob',* ... and so on till the end of the string.
>- Replacing *fileglob* with *pipe* or *file*, did not get rid of the 
>problem. It seems the problem stems from my (right or wrong) use of 
>*with_nested*
>
>
>
>- Things  that I avoided using, but will most certainly work: are 
>using *python* and/or the *shell* to do delegate this work from 
>ansible to bash or python. I was trying to solve this problem natively 
>using ansible and ansible alone.
>   - 
>   
> https://stackoverflow.com/questions/24250418/finding-file-name-in-files-section-of-current-ansible-role
>   
>
> *tl,dr*
>
>
> Is it possible to use, *with_dict *together with *with_file* to achieve a 
> nested-loop construct in *ansible 1.7.2*? It seems not.
> And especially so after reading the 2nd answer to this question: 
> https://stackoverflow.com/questions/31566568/double-loop-ansible 
>
>
>
> p.s. why ansible 1.7.2, it comes standard with Debian 8.5 (jessie)?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e5e303bf-8c4c-4d22-81a7-26c027189b1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.