[ansible-project] Wacky SSH timeout bug with Ansible
tl;dr; Seeing an Ansible bug where commands take lots of time to start, and then complete quickly; seems to affect Ubuntu VMs. Full description: I’m using Ansible to orchestrate code deployments. These deployments frequently take _much_ longer than expected, because individual steps that should take only a few seconds to run (like copying a small file or getting facts) take up to 4 minutes, where the time is in SSH waits. The Ansible profiler output shows that commands almost always take some exact multiple of 60 seconds, plus a small, reasonable, expected delta. Here’s an example: Monday 08 August 2016 11:26:18 -0700 (0:00:00.650) 0:13:51.907 * === TASK: appserver : Copy web jar file from local 242.42s TASK: setup -- 242.21s TASK: localhost_keystore : Create the forward directory --- 181.18s TASK: appserver : Copy web dependencies jar file from local 66.84s TASK: localhost_keystore : Copy the keystore file -- 60.84s TASK: Wait for app server to accept incoming HTTPS connections -- 9.74s This problem occurs across playbooks, servers, and tasks - pretty much everywhere. All are Ubuntu 14.04 server instances. [I’ve seen a possibly related problem locally on my Mac laptop, when using a script to create a Docker image. When Ansible would connect right after the docker image had started up, there was a race condition where the connection could occur as the SSH server was starting up, and I would often see a similar added 60 second delay. This problem went away by delaying the initial connection attempt by 5 seconds to give enough time for the SSH server to fully start up. ] There’s one 60 second default delay in the source, which is related to these delays: ansible/constants.py:ANSIBLE_SSH_ARGS = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', '-o ControlMaster=auto -o ControlPersist=60s ’) The man page for this param: ControlPersist When used in conjunction with ControlMaster, specifies that the master connection should remain open in the background (waiting for future client connections) after the initial client connection has been closed. If set to ``no'', then the master connection will not be placed into the background, and will close as soon as the initial client connection is closed. If set to ``yes'', then the master connection will remain in the background indefinitely (until killed or closed via a mechanism such as the ssh(1) ``-O exit'' option). If set to a time in seconds, or a time in any of the formats documented in sshd_config(5), then the backgrounded master connection will automatically terminate after it has remained idle (with no client connections) for the specified time. Looking in the SSH logs for a machine where this was occurring (with 60s value), I see examples like the below where the session is immediately closed, but then later opened, potentially multiple times, even for simple things like setup (getting facts for a playbook). Aug 8 13:35:19 lohika-linux-2 sudo: pam_unix(sudo:session): session opened for user root by forward(uid=0) Aug 8 13:35:19 lohika-linux-2 sudo: pam_unix(sudo:session): session closed for user root Aug 8 13:36:20 lohika-linux-2 sshd[2265]: Received disconnect from 10.128.0.116: 11: disconnected by user Aug 8 13:36:20 lohika-linux-2 sshd[2216]: pam_unix(sshd:session): session closed for user forward Aug 8 13:36:21 lohika-linux-2 sshd[2361]: Accepted publickey for forward from 10.128.0.116 port 40208 ssh2: RS Other times, you just see a ‘session opened’ message but no immediate 'session closed’. Here’s an example of Ansible’s output with full verbosity when the delay occurred (set to 25s); 3 out of 4 targets saw the delay but I’m showing one fast (lohika-linux-4) example and one slow example (lohika-linux-3) in the hopes that something pops out. TASK [setup] *** Monday 08 August 2016 15:05:59 -0700 (0:00:00.190) 0:01:46.080 * ESTABLISH SSH CONNECTION FOR USER: forward SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=25s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/jenkins/.ssh/id_rsa_fwd_ansible_dev.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=forward -o ConnectTimeout=600 -o ControlPath=/home/jenkins/.ansible/cp/ansible-ssh-%h-%p-%r -tt lohika-linux-4 ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1470693959.32-112350956649507 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1470693959.32-112350956649507 )" ) ESTABLISH SSH CONNECTION FOR USER: forward SSH: EXEC ssh -C -vvv -o C
[ansible-project] scp files with copy
I'm attempting to copy a large file to a remote SCP server(Cisco Nexus Switch).
I verified I can copy it using SCP but I have a large number of server to
copy the files too. The server also happens to be a switch that accepts will
receive packages via SCP. Reading the Ansible Docs it looks like the copy
command should work but it's not from what I can tell.
- copy: src:/my/local/path/file dest:/remote/path
This should work but I'm seeing Ansible attempt to copy it to the local file
system and not the remote filesystem. How do I force it to send the file to
the remote server?
copy.yml
- name: copy firmware
hosts: all
remote_user: admin
gather_facts: no
connection: local
roles:
- copyfirmware
roles/copyfirmware/
└── tasks
└── main.yml
- copy: src=/srv/tftpboot/n3000-uk9.6.0.2.U6.6.bin
dest=/n3000-uk9.6.0.2.U6.6.bin
Ansible/cisco/nexus$ ansible-playbook copyfirmware.yml --limit 3132hl-3-2a
-
Using Ansible/cisco/nexus/ansible.cfg as config file
Loaded callback default of type stdout, v2.0
PLAYBOOK: copyfirmware.yml *
1 plays in copyfirmware.yml
PLAY [copy firmware] ***
TASK [copyfirmware : copy firmware to switch scp server] ***
task path:
/home/test/Solutions.Network.Automation/MAS/Ansible/cisco/nexus/roles/copyfirmware/tasks/main.yml:3
<2001:4898:5808:ff94::3> ESTABLISH LOCAL CONNECTION FOR USER: test
<2001:4898:5808:ff94::3> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo
$HOME/.ansible/tmp/ansible-tmp-1470702388.81-164755256977347 `" && echo
ansible-tmp-1470702388.81-164755256977347="` echo
$HOME/.ansible/tmp/ansible-tmp-1470702388.81-164755256977347 `" ) && sleep 0'
<2001:4898:5808:ff94::3> PUT /tmp/tmpKR6wkE TO
/home/test/.ansible/tmp/ansible-tmp-1470702388.81-164755256977347/stat
<2001:4898:5808:ff94::3> EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8
LC_MESSAGES=en_US.UTF-8 /usr/bin/python
/home/test/.ansible/tmp/ansible-tmp-1470702388.81-164755256977347/stat; rm -rf
"/home/test/.ansible/tmp/ansible-tmp-1470702388.81-164755256977347/" >
/dev/null 2>&1 && sleep 0'
<2001:4898:5808:ff94::3> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo
$HOME/.ansible/tmp/ansible-tmp-1470702388.93-56507575004650 `" && echo
ansible-tmp-1470702388.93-56507575004650="` echo
$HOME/.ansible/tmp/ansible-tmp-1470702388.93-56507575004650 `" ) && sleep 0'
<2001:4898:5808:ff94::3> PUT /srv/tftpboot/n3000-uk9-kickstart.6.0.2.U6.6.bin
TO /home/test/.ansible/tmp/ansible-tmp-1470702388.93-56507575004650/source
<2001:4898:5808:ff94::3> PUT /tmp/tmpTFBEdq TO
/home/test/.ansible/tmp/ansible-tmp-1470702388.93-56507575004650/copy
<2001:4898:5808:ff94::3> EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8
LC_MESSAGES=en_US.UTF-8 /usr/bin/python
/home/test/.ansible/tmp/ansible-tmp-1470702388.93-56507575004650/copy; rm -rf
"/home/test/.ansible/tmp/ansible-tmp-1470702388.93-56507575004650/" > /dev/null
2>&1 && sleep 0'
fatal: [3132hl-3-2a]: FAILED! => {"changed": false, "checksum":
"c86f4bee0935fa724f8ab93d76c950fe7ef3a5cb", "failed": true, "invocation":
{"module_args": {"backup": false, "content": null, "delimiter": null, "dest":
"/n3000-uk9-kickstart.6.0.2.U6.6.bin", "directory_mode": null, "follow": false,
"force": true, "group": null, "mode": null, "original_basename":
"n3000-uk9-kickstart.6.0.2.U6.6.bin", "owner": null, "regexp": null,
"remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser":
null, "src":
"/home/test/.ansible/tmp/ansible-tmp-1470702388.93-56507575004650/source",
"validate": null}}, "msg": "Destination / not writable"}
NO MORE HOSTS LEFT *
[WARNING]: Could not create retry file 'copyfirmware.retry'. [Errno 2]
No such file or directory: ''
PLAY RECAP *
3132hl-3-2a: ok=0changed=0unreachable=0failed=1
SCP from Ansible server using the CLI:
scp /srv/tftpboot/n3000-uk9-kickstart.6.0.2.U6.6.bin
admin@x.x.x.59:/n3000-uk9-kickstart.6.0.2.U6.6.bin
The authenticity of host 'x.x.x.59 (x.x.x.59)' can't be established.
RSA key fingerprint is SHA256:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'x.x.x.59' (RSA) to the list of known hosts.
3000-uk9-kickstart.6.0.2.U6.6.bin
100% 36MB 269.9KB/s 02:17
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://gr
Re: [ansible-project] ipaddr - python netaddr missing or not
On 08. aug. 2016 18:56, ptsai via Ansible Project wrote:
error:
FAILED! => {"failed": true, "msg": "The ipaddr filter requires
python-netaddr be installed on the ansible controller"}
Installed python-netaddr-0.5.2-1.el5 but error persists:
And where did you install pyton-netaddr?
It must be installed on the machine you run the ansible commands from.
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/cdea1f43-9dbd-1468-746a-75138a38fefd%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Copy Module doesnt override destination file
On 08. aug. 2016 18:56, Anushri Mishra wrote:
so this is what I have in my yml file:
- name: Copy War File
copy: src=externaluserwebapi.war dest=/usr/share/tomcat7/webapps
become: True
become_method: sudo
and this is what I get when I run playbook:
ok: [10.1.33.227] => {"changed": false, "checksum":
"c93572d33bd0555a87341380ac389382c225a92d", "dest":
"/usr/share/tomcat7/webapps/externaluserwebapi.war", "gid": 0, "group":
"root", "invocation": {"module_args": {"backup": false, "content": null,
"delimiter": null, "dest":
"/usr/share/tomcat7/webapps/externaluserwebapi.war", "directory_mode":
null, "follow": false, "force": true, "group": null, "mode": null,
"original_basename": "externaluserwebapi.war", "owner": null, "regexp":
null, "remote_src": null, "selevel": null, "serole": null, "setype": null,
"seuser": null, "src":
"/home/ec2-user/.ansible/tmp/ansible-tmp-1470673998.42-1732776252/source",
"validate": null}}, "md5sum": "ba5224fb84a5f82d5fa7b8a8f83c4b2e", "mode":
"0644", "owner": "root", "size": 17027813, "src":
"/home/ec2-user/.ansible/tmp/ansible-tmp-1470673998.42-1732776252/source",
"state": "file", "uid": 0}
Not sure why but copy module is not overriding the script in destination
directory.I read that by default it is force=yes.Please help.
The reason is because the files is identical.
To debug you could add this tasks.
Add this two task before "Copy War File"
- stat:
path=externaluserwebapi.war
delegate_to: localhost
register: result
- debug: var=result
and add this two task after "Copy War File"
- stat:
path=/usr/share/tomcat7/webapps
register: result
- debug: var=result
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/171a9eea-5630-02f4-930f-337ce3359109%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Fact gathering when ansible run inside docker container
Those facts are gathered using standard tools for the OS detected, some of the containers are stripped/do not ship with these tools. -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7f5h85BjL2o-puYWXaFZ5Te4%3D-hPtVYG%3DqMEi5f927NHQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Variable (for Windows/Powershell) that contains a character which must by escaped?
Tried the stop-parsing symbol ( --% )?
https://technet.microsoft.com/en-us/library/hh847892.aspx
On Sunday, August 7, 2016 at 5:38:47 PM UTC-7, Matt Gagliardi wrote:
>
> I searched around but didn't see anything that appeared to apply to the
> Windows/Powershell application I need advice on. I've got a playbook that
> works 100% fine *as long as a certain variable doesn't contain a "$"
> character*. I realize the issue is that Powershell is interpreting that
> and dropping the "$" and everything after it. Is there any way to escape a
> variable such that it'll be interpreted simply as a string? Right now what
> I'm doing is using the raw module and the command looks like this:
>
> raw: 'echo some information here: {{ variable1 }} \\ {{ variable2 }} {{
> variable3 }} > C:\test.txt'
>
> Let's say it's the second variable that should be Test$123...what I'm
> getting output to that file is simply Test. I've tried adjusting quote
> position and type (single vs. double, etc.) and I'm guessing I just haven't
> hit on the right combination...but I'd really appreciate any help.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0e27d29a-f09c-4e24-9715-0f0c969da3ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Best method of storing shell output to variable to use on other hosts?
On 08. aug. 2016 02:51, Tony Owens wrote:
I actually got this to work by change key variable to:
1. key: "{{ hostvars[groups['swarm-init'][0]]['worker'] | replace('[u',
'') | replace(']', '')}}"
What a pia! Surely i am doing something early in the play that is causing
me to have to replace those characters.
Your worker is a list so maybe something like this
hostvars[groups['swarm-init'][0]]['worker'][0]
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/78ca2789-db2f-5d48-44d8-923326387f95%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: cant find /opt/bin/python even though the environment path is specified
The following helped
ansible-galaxy install defunctzombie.coreos-bootstrap
from
https://github.com/defunctzombie/ansible-coreos-bootstrap
with a slight difference:
#ansible_python_interpreter=/home/core/bin/python
ansible_python_interpreter=/root/bin/python
I have also installed pip with toolbox. getting a new error:
TASK [defunctzombie.coreos-bootstrap : Install docker-py]
**
fatal: [x.x.x.x]: FAILED! => {"changed": false, "cmd": "/opt/bin/pip
install docker-py", "failed": true, "msg": "[Errno 8] Exec format error",
"rc": 8}
even though i can run it on the system itself:
localhost bin # /opt/bin/pip -V
pip 8.1.2 from /usr/lib/python2.7/site-packages (python 2.7)
But thats a different thread. Thanks all
On Monday, August 8, 2016 at 8:54:35 AM UTC-4, Gallo wrote:
>
> Hey guys, i have a coreOS system running python and pip with toolbox
>
> localhost ~ # cat /etc/*rele* |grep DISTRIB_RELEASE ; which python ;which
> pip
> DISTRIB_RELEASE=1068.8.0
> /opt/bin/python
> /opt/bin/pip
>
> $ ls -l
> total 16
> -rwxr-xr-x. 1 root root 64 Aug 6 01:05 pip
> -rwxr-xr-x. 1 root root 67 Aug 6 01:04 python
>
> however when i try to run my playbook as follow. it tells me:
>
> No such file or directory\r\n/opt/bin/python
>
> This is how I am running the playbook:
>
> ansible-playbook kubctl.yml -i hosts --ask-pass
> -e 'ansible_python_interpreter="/opt/bin/python"'
>
> Any help would be appreciated. Thanks in advance...
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e9b47b08-be45-4236-8d36-7dcd833c6b28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] ipaddr - python netaddr missing or not
error:
FAILED! => {"failed": true, "msg": "The ipaddr filter requires
python-netaddr be installed on the ansible controller"}
Installed python-netaddr-0.5.2-1.el5 but error persists:
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/98a1dbd4-ee84-44da-8553-e7254333af55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] python-netaddr issue
Hello,
I have been getting this error:
FAILED! => {"failed": true, "msg": "The ipaddr filter requires
python-netaddr be installed on the ansible controller"}
After installing python-netaddr-0.5.2-1.el5 , the error still persists.
Please advise
Thanks
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/632acbc9-b23b-4760-92bc-15724a6adc18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Copy Module doesnt override destination file
hi,
so this is what I have in my yml file:
- name: Copy War File
copy: src=externaluserwebapi.war dest=/usr/share/tomcat7/webapps
become: True
become_method: sudo
and this is what I get when I run playbook:
ok: [10.1.33.227] => {"changed": false, "checksum":
"c93572d33bd0555a87341380ac389382c225a92d", "dest":
"/usr/share/tomcat7/webapps/externaluserwebapi.war", "gid": 0, "group":
"root", "invocation": {"module_args": {"backup": false, "content": null,
"delimiter": null, "dest":
"/usr/share/tomcat7/webapps/externaluserwebapi.war", "directory_mode":
null, "follow": false, "force": true, "group": null, "mode": null,
"original_basename": "externaluserwebapi.war", "owner": null, "regexp":
null, "remote_src": null, "selevel": null, "serole": null, "setype": null,
"seuser": null, "src":
"/home/ec2-user/.ansible/tmp/ansible-tmp-1470673998.42-1732776252/source",
"validate": null}}, "md5sum": "ba5224fb84a5f82d5fa7b8a8f83c4b2e", "mode":
"0644", "owner": "root", "size": 17027813, "src":
"/home/ec2-user/.ansible/tmp/ansible-tmp-1470673998.42-1732776252/source",
"state": "file", "uid": 0}
Not sure why but copy module is not overriding the script in destination
directory.I read that by default it is force=yes.Please help.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/af2867ca-5264-4d03-b73a-3e77656d3334%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Re: ansible 2.0.1.0 run show version with Cisco ASA-55x0
OK, any other ideas? I cloned the repository. I edited ansible.cfg. I
also tried the --module-path command line parameter. But all I get is this
error about not being able to find the asa_command module:
TASK [asa_command]
*
fatal: [asa5505]: FAILED! => {"failed": true, "msg": "Could not find
imported module support code for asa_command. Looked for either * or asa"}
On Sun, Aug 7, 2016 at 9:38 AM, jean-christophe manciot <
actionmysti...@gmail.com> wrote:
> The asa_* commands are not part of latest Ansible version (2.1.1.0) yet.
>>
> You need to clone the repository https://github.com/ansible/
> ansible-modules-extras and modify ansible's configuration to point to
> your local folder in /etc/ansible/ansible.cfg with "library= ..."
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/ansible-project/QWMQJCUavV0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/c80fd3d5-634e-4bfe-ad4d-17d116f95a15%40googlegroups.
> com
>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAM8dj%3D1UdM1-aCppUhiojwsEsut7pyBRAzWyE%3Di5PoLBYFX_%3Dg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] cant find /opt/bin/python even though the environment path is specified
You can also set ansible_python_interpreter as an inventory var, if you don't want to pass it on the command line. -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7e2%2Bqh%3D5t%2BV5gPmNniPTK3R4L9PeWGg9Gwjcx7nzxvEGg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Windows playbooks causes cryptographic, windows remote management services to crash
Since upgrading to 0.2.0, it hasn't occurred but this issue has been fairly
hard to reproduce consistently outside of our production environment.
Michael
On Tuesday, August 2, 2016 at 2:51:48 AM UTC-5, J Hawkesworth wrote:
>
> Reading this again I realise that running multiple playbooks against my
> windows hosts simultaneously is something I do not do very often, so my
> experience may not apply.
>
> I hope pywinrm 0.2.0 turns out to fix this for you.
>
> Jon
>
> On Monday, August 1, 2016 at 9:01:27 PM UTC+1, Matt Davis wrote:
>>
>> I've heard one other report of this happening a few weeks ago (but was
>> via Ansible support and I didn't know who the customer was- maybe it was
>> also you?)
>>
>> The services in question share the winrm host process, so not surprising
>> that they're the ones going down.
>>
>> pywinrm 0.2.0 could definitely help some with this, as the HTTP(S)
>> connections are reused for the various winrm calls within a task, where
>> 0.1.1 and lower get a new connection for every winrm operation.
>>
>> Let us know if it keeps up- it'd definitely be a Microsoft issue (winrm
>> service shouldn't crash. Ever.), but we might be able to short-circuit the
>> official support loop and get you in touch with the right folks directly.
>>
>> -Matt
>>
>> On Thursday, July 28, 2016 at 7:17:03 AM UTC-7, Michael Perzel wrote:
>>>
>>> Since upgrading to ansible 2.0 my windows playbooks have been failing
>>> with the following error. This error has been seen when running setup,
>>> win_template, script tasks. The easiest way to repeat it is to have
>>> multiple simultaneous runs of ansible affecting the same host. If we re-run
>>> the exact same playbook after a failure they almost always succeed.
>>>
>>> Traceback (most recent call last):
>>> File
>>> "/usr/lib/python2.6/site-packages/ansible/plugins/connection/winrm.py",
>>> line 240, in exec_command
>>> result = self._winrm_exec(cmd_parts[0], cmd_parts[1:],
>>> from_exec=True)
>>> File
>>> "/usr/lib/python2.6/site-packages/ansible/plugins/connection/winrm.py",
>>> line 208, in _winrm_exec
>>> self.protocol.cleanup_command(self.shell_id, command_id)
>>> File
>>> "/usr/lib/python2.6/site-packages/awx/lib/site-packages/winrm/protocol.py",
>>> line 290, in cleanup_command
>>> rs = self.send_message(xmltodict.unparse(rq))
>>> File
>>> "/usr/lib/python2.6/site-packages/awx/lib/site-packages/winrm/protocol.py",
>>> line 193, in send_message
>>> return self.transport.send_message(message)
>>> File
>>> "/usr/lib/python2.6/site-packages/awx/lib/site-packages/winrm/transport.py",
>>>
>>> line 136, in send_message
>>> raise WinRMTransportError('http', error_message)
>>> WinRMTransportError: 500 WinRMTransport. Bad HTTP response returned from
>>> server. Code 500
>>> fatal: [hostname]: FAILED! => {"failed": true, "msg": "failed to exec
>>> cmd PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted
>>> -EncodedCommand reallylongencodedcommand=="}
>>>
>>> If we capture the tcp traffic on the windows side we see the SYN packets
>>> arriving so we know the issue isn't at the network level. The packets are
>>> reaching the windows box. If we run a netstat while the playbook is
>>> running we notice there are a bunch of connections then all of a sudden
>>> there are none for a bit and then we are back listening. Using the windows
>>> event log if you compare the timeline of when netstat shows no listeners
>>> and cryptographic services, dns client services, workstation service,
>>> network location service, windows remote management crash they match up
>>> perfectly. After the services crash, windows restarts them automatically
>>> and the ansible playbooks start working again. We've been having this
>>> issue on windows server 2012 boxes with 8gb ram and 4 cpus. We've been able
>>> to reproduce it with a completely vanilla server 2012 box (no antivirus or
>>> other 3rd party software installed on it). I'm at a complete loss on how to
>>> fix this.
>>>
>>> Has anyone else seen this behavior? I haven't found anything similar in
>>> the issue tracker or in google searches.
>>>
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c94580c6-b3ad-43f2-ad36-f23283b7b639%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Learning Ansible
Hi guys I need some help about learning Ansible and Vagrant. I am totally clueless Here are the files I have configures ** ansible.cfg *[defaults]hostfile = ./Playbooks/inventoryremore_user = vagrantprivate_key = /home/user/Vagrant_hosts/.vagrant/machines/default/virtualbox/private_key* ** ./Playbooks/inventory *testserver ansible_ssh_host=127.0.0.1 ansible_ssh_port=* ** The result I get sudo ansible testserver -m ping -i inventory * [WARNING]: Host file not found: inventory [WARNING]: provided hosts list is empty, only localhost is available* ** However if I do this it works fine *ssh vagrant@127.0.0.1 -p -i /home/user/Vagrant_hosts/.vagrant/machines/default/virtualbox/private_key*Thanks for your help *Perry* -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/40186b93-2458-4722-b354-619d899ceb85%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: 2.1 upgrade gather_subset error
After struggling for two days, I finally understand why it was failing.
The reason was that I had a default configuration setting in ansible.cfg
that was making ansible pick up system ansible libraries from
/usr/share/ansible instead of virtualenv where we were installing the
libraries. The system ansible libraries were outdated on the host we were
running the playbook on, thus causing failure. I removed the setting to
ensure ansible picks up latest modules installed in venv only.
On Saturday, May 28, 2016 at 11:33:47 PM UTC-4, Barry Kaplan wrote:
>
> We are trying to upgrade from 1.9 to 2.1. With no changes to so far we get:
>
> FAILED! => {"changed": false, "failed": true, "msg": "unsupported
> parameter for module: gather_subset"}
>
> I cannot find any use of gather_subset in our playbooks or configuration.
> I also cannot find any notes on this being an issue for upgrading. I see
> the docs for gathering (
> https://docs.ansible.com/ansible/intro_configuration.html#gathering), but
> why would a default value be invalid?
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f8052082-f107-4e61-8261-55d38af6f19e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] [WARNING]: Host file not found: inventory
Hi guys I need so help on using Ansible and Vagrant. I am trying to learn Ansible an vagrant and I am following the instructions on the book Ansible Up and Running and I get stuck at page 16. Any help would be appreciated, Here are the files I have configured *** ansible.cfg [defaults] hostfile = inventory remore_user = vagrant private_key = /home/ssantos/Vagrant_hosts/.vagrant/machines/default/virtualbox/private_key *** ./Playbooks/inventory testserver ansible_ssh_host=127.0.0.1 ansible_ssh_port= ** The result I get sudo ansible testserver -m ping -i inventory [WARNING]: Host file not found: inventory [WARNING]: provided hosts list is empty, only localhost is available *** However this works fine ssh vagrant@127.0.0.1 -p -i /home/ssantos/Vagrant_hosts/.vagrant/machines/default/virtualbox/private_key Thanks again Perry -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4bebd9a6-8e4c-4fad-89a4-2a4cefbec7b3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: WinRM timeout for VMWare Tools Install
Unfortunately the only switches I could find with VMWare tools was to
exclude modules entirely, not to postpone a delayed install until reboot.
I'm just going to keep VMware tools on my templates along with the Windows
Update until the async feature becomes available for Windows.
Regards,
Matt
On Monday, August 1, 2016 at 4:06:48 PM UTC-4, Matt Davis wrote:
>
> Ansible 2.2 is scheduled to ship with async support for Windows (I'm
> putting the finishing touches on it now), which would be the right solution
> to this if you're unable to otherwise defer the NIC bounce.
>
> -Matt
>
> On Friday, July 29, 2016 at 4:10:03 PM UTC-7, Matt Betts wrote:
>>
>> I've got a basic task to install VMWare tools on a Windows VM and when it
>> installs it looks to cause a temporary network disconnection whilst it
>> updates the NIC drivers. During this time WinRM looks to be timing out and
>> throwing an error. VMWare tools is successfully installing though. Is
>> anyone else using Ansible to install VMWare tools on Windows?
>>
>> Traceback (most recent call last):
>> File
>> "/usr/lib/python2.7/site-packages/ansible-2.2.0-py2.7.egg/ansible/plugins/connection/winrm.py",
>>
>> line 270, in exec_command
>> result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True)
>> File
>> "/usr/lib/python2.7/site-packages/ansible-2.2.0-py2.7.egg/ansible/plugins/connection/winrm.py",
>>
>> line 215, in _winrm_exec
>> response = Response(self.protocol.get_command_output(self.shell_id,
>> command_id))
>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 333, in
>> get_command_output
>> self._raw_get_command_output(shell_id, command_id)
>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 352, in
>> _raw_get_command_output
>> res = self.send_message(xmltodict.unparse(req))
>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in
>> send_message
>> return self.transport.send_message(message)
>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173,
>> in send_message
>> response = self.session.send(prepared_request,
>> timeout=self.read_timeout_sec)
>> File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 585,
>> in send
>> r = adapter.send(request, **kwargs)
>> File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 479,
>> in send
>> raise ReadTimeout(e, request=request)
>> ReadTimeout: HTTPSConnectionPool(host='LABSTC2WINVT675.labs.corp',
>> port=5986): Read timed out. (read timeout=30)
>> fatal: [LABSTC2WINVT675.labs.corp]: UNREACHABLE! => {"changed": false,
>> "msg": "failed to exec cmd PowerShell -NoProfile -NonInteractive
>> -ExecutionPolicy Unrestricted -EncodedCommand
>> UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBUAHIAeQAKAHsACgAmACAAJwBDADoAXABVAHMAZQByAHMAXABhAF8AdQBzAGUAcgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADYAOQA4ADMAMwA1ADQANAAuADAAMQAtADIANgA0ADEANAA4ADEAOQAwADQAOAAzADIAOABcAHcAaQBuAF8AcABhAGMAawBhAGcAZQAuAHAAcwAxACcACgB9AAoAQwBhAHQAYwBoAAoAewAKACQAXwBvAGIAagAgAD0AIABAAHsAIABmAGEAaQBsAGUAZAAgAD0AIAAkAHQAcgB1AGUAIAB9AAoASQBmACAAKAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAEcAZQB0AFQAeQBwAGUAKQAKAHsACgAkAF8AbwBiAGoALgBBAGQAZAAoACcAbQBzAGcAJwAsACAAJABfAC4ARQB4AGMAZQBwAHQAaQBvAG4ALgBNAGUAcwBzAGEAZwBlACkACgB9AAoARQBsAHMAZQAKAHsACgAkAF8AbwBiAGoALgBBAGQAZAAoACcAbQBzAGcAJwAsACAAJABfAC4AVABvAFMAdAByAGkAbgBnACgAKQApAAoAfQAKAEkAZgAgACgAJABfAC4ASQBuAHYAbwBjAGEAdABpAG8AbgBJAG4AZgBvAC4AUABvAHMAaQB0AGkAbwBuAE0AZQBzAHMAYQBnAGUAKQAKAHsACgAkAF8AbwBiAGoALgBBAGQAZAAoACcAZQB4AGMAZQBwAHQAaQBvAG4AJwAsACAAJABfAC4ASQBuAHYAbwBjAGEAdABpAG8AbgBJAG4AZgBvAC4AUABvAHMAaQB0AGkAbwBuAE0AZQBzAHMAYQBnAGUAKQAKAH0ACgBFAGwAcwBlAEkAZgAgACgAJABfAC4AUwBjAHIAaQBwAHQAUwB0AGEAYwBrAFQAcgBhAGMAZQApAAoAewAKACQAXwBvAGIAagAuAEEAZABkACgAJwBlAHgAYwBlAHAAdABpAG8AbgAnACwAIAAkAF8ALgBTAGMAcgBpAHAAdABTAHQAYQBjAGsAVAByAGEAYwBlACkACgB9AAoAVAByAHkACgB7AAoAJABfAG8AYgBqAC4AQQBkAGQAKAAnAGUAcgByAG8AcgBfAHIAZQBjAG8AcgBkACcALAAgACgAJABfACAAfAAgAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuACkAKQAKAH0ACgBDAGEAdABjAGgACgB7AAoAfQAKAEUAYwBoAG8AIAAkAF8AbwBiAGoAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuACAALQBDAG8AbQBwAHIAZQBzAHMAIAAtAEQAZQBwAHQAaAAgADkAOQAKAEUAeABpAHQAIAAxAAoAfQAKAEYAaQBuAGEAbABsAHkAIAB7ACAAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAIgBDADoAXABVAHMAZQByAHMAXABhAF8AdQBzAGUAcgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADYAOQA4ADMAMwA1ADQANAAuADAAMQAtADIANgA0ADEANAA4ADEAOQAwADQAOAAzADIAOAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIAB9AA==",
>>
>> "unreachable": true}
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-pr
[ansible-project] Best way to handle nginx config/vhosts
So I'm trying to find a role/create a role for my Ansible config to
configure nginx.
Here's how it currently (manually!) works:
I have numerous nginx conf files for each website that I host on this
machine.
api.p123.domain.com
webapi.p123.domain.com
webapi.p124.domain.com
etc
API is the function, what it's for etc, p123 is the 'platform' and
.domain.com is well.. the domain..
The configuration for api.p123.domain.com:
#main server block - api.p123.domain.com
server {
listen 80;
server_name api.p123.domain.com;
location / {
#deny all access to root http://api.p123.domain.com/
deny all;
}
location ~* /endpoint1 {
proxy_pass http://api.p123.domain.com;
include include/general/proxy_common.conf;
access_log /var/log/nginx/api.p123.domain.com/endpoint1.access.log main;
error_log/var/log/nginx/api.p123.domain.com/endpoint1.error.log info;
}
location ~* /endpoint2 {
proxy_pass http://api.p123.domain.com;
include include/general/proxy_common.conf;
access_log /var/log/nginx/api.p123.domain.com/endpoint2.access.log main;
error_log/var/log/nginx/api.p123.domain.com/endpoint2.error.log info;
}
access_log /var/log/nginx/api.p123.domain.com.access.log main;
error_log/var/log/nginx/api.p123.domain.com.error.log info;
}
All the conf files are very similar. I'm basically asking for help/advice
on how I can structure and achieve this using Ansible. Do I use templates
or static files, I know I can set host_vars but these nginx conf files
could in theory go to multiple servers and there could be 20-30 platforms..
etc
If you have any questions just ask. Thanks in advance!
Michael
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f85530ce-4a04-4b56-b5f9-262f9f145ac1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] How the get the output of module.log calls in a custom module?
Hello!
I am trying to write an Ansible (2.1.x) module. In the module, I make calls
to module.log("some message") (where module is an instance of
ansible.module_utils.basic.AnsibleModule).
I am not able to find any way to get the logs.
F.ex. at the very beginning of my main, just after instantiating
AnsibleModule, I have module.log("I am here!"). I expected that by creating
an ansible.cfg with
[defaults]
log_path=ansible.log
I will get this message in the log file - but I do not (though it has task
name and output logs). Perhaps that is because the module runs on another
machine?
What can I do to get logs from the module, so that I can find out what is
it having troubles with?
Thanks a lot!
Cheers, Jakub Holy
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d6e44306-d754-43a4-99d7-e0c70bd26211%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: loop over roles?
Hi, not it's not possible.
Same question on github - https://github.com/ansible/ansible/issues/12623
On Thursday, July 28, 2016 at 5:06:02 PM UTC+3, Dick Visser wrote:
>
> Hi
>
> I have a bunch of roles in my playbook:
>
>
> roles:
> - role_1
> - role_b
> - { role: install_app, install_dir=/opt/foo }
> - { role: install_app, install_dir=/opt/bar }
> - { role: install_app, install_dir=/opt/baz }
> - finalrole
>
>
> Suppose I have a var that contains
>
> apps:
> foo
> bar
> baz
>
> Would it be possible to loop over these in the roles section?
>
> Thanks
>
> Dick
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/9441d3ce-f390-4a52-bdb9-4b5c6f835b74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: yum module not updating local rpm
Check yum module documentation and take a look on state attribute.
http://docs.ansible.com/ansible/yum_module.html
You use present which mean - check if package install and install if not.
If you want to upgrade use latest.
On Sunday, July 31, 2016 at 9:14:41 PM UTC+3, Giovanni Torres wrote:
>
> Running ansible 2.1.1.0 on CentOS 6.
>
> I have a package (v5.5.0) that is installed on the remote host:
>
> [remotehost ~] $ rpm -q mypkg
> mypkg-5.5.0-1.el6.x86_64
>
> I tried to use this command on the ansible server to update the package to
> v5.5.2 on the remotehost:
>
> # ansible remotehost -m yum -a
> "name=/nfs/RPMS/mypkg-5.5.2-1.el6.x86_64.rpm state=present" -
> remotehost | SUCCESS => {
> "changed": false,
> "invocation": {
> "module_args": {
> "conf_file": null,
> "disable_gpg_check": false,
> "disablerepo": null,
> "enablerepo": null,
> "exclude": null,
> "install_repoquery": true,
> "list": null,
> "name": [
> "/nfs/RPMS/mypkg-5.5.2-1.el6.x86_64.rpm"
> ],
> "state": "present",
> "update_cache": false,
> "validate_certs": true
> },
> "module_name": "yum"
> },
> "msg": "",
> "rc": 0,
> "results": []
> }
>
> But the package doesn't update. "changed" is false. It remains at 5.5.0,
> not 5.5.2 as expected.
>
>
> If i try to change state to latest, I get the following error:
>
> remotehost | FAILED! => {
> "changed": false,
> "failed": true,
> "invocation": {
> "module_args": {
> "conf_file": null,
> "disable_gpg_check": false,
> "disablerepo": null,
> "enablerepo": null,
> "exclude": null,
> "install_repoquery": true,
> "list": null,
> "name": [
> "/nfs/RPMS/mypkg-5.5.2-1.el6.x86_64.rpm"
> ],
> "state": "latest",
> "update_cache": false,
> "validate_certs": true
> },
> "module_name": "yum"
> },
> "msg": "No Package matching '/nfs/RPMS/mypkg-5.5.2-1.el6.x86_64.rpm'
> found available, installed or updated",
> "rc": 0,
> "results": []
> }
>
>
> But both machines mount this NFS share and I can stat the file on both the
> ansible server and the remotehost.
>
> Am I missing something obvious?
>
> Thanks,
> Giovanni
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/067e141b-4dce-4d45-81bb-821d5a4b3185%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Questions regarding porting action plugin from 1.8.x to 2.x
Hi,
I've delayed porting my pre 2.0 action plugins, but now it's finally time
to attempt to upgrade to ansible 2.x, and i have a few questions.
The porting guide is rather lacking in details, especially regarding action
plugins, but i have this really simple (but incredibly stupid) plugin which
i either need to work for 2.x or someone suggest a workaround to get my
desired behaviour, which basically is:
>From a play - set a variable available on *all* hosts, across *all* plays
-- basically i need to be able to run a task anywhere - and have the
variable stay the same across all hosts for the duration of the entire
playbook.
Note i can't convert everything to `-e`/extra vars from the command line,
since a lot of the variables are dependent on other variables from
plays/tasks/whatever, during the playbook execution.
Example usage:
- name: "Set variables"
local_action: inject_vars
args:
is_a: true
is_b: false
This is the meat of the plugin that currently works as i want it to:
class ActionModule(object):
''' Create inventory groups based on variables '''
### We need to be able to modify the inventory
BYPASS_HOST_LOOP = True
TRANSFERS_FILES = False
def run(self, conn, tmp, module_name, module_args, inject,
complex_args=None, **kwargs):
# ... irelevant handling of args
inventory = self.runner.inventory
allgroup = inventory.get_group('all')
for k, v in data.iteritems():
allgroup.set_variable(k, v)
result = {'changed': True, 'data': data}
return ReturnData(conn=conn, comm_ok=True, result=result)
Action plugins seems to have changed quite a bit in 2.x and i'm currently
unable to get anything to work, that will allow me to access the *current*
inventory. There's probably very good reasons for this (and my desired
functionality probably conflicts quite a bit with what should be allowed).
I've tried gaining access to inventory, variable manager/tqm -- no luck so
far.
So - any ideas on how i can continue progress from here?
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/112e240d-dc97-4cfe-999d-9b6603d5b6ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Ansible SSH as one user and Sudo as another
Hi guys need some help here, my config is little different , foo ALL=/bin/su - root If use as below using the above suggestion I am getting success for non root related tasks ansible client -m raw -a "touch /tmp/testfile" --ask-sudo-pass SUDO password: vm-dev3-wol01 | SUCCESS | rc=0 >> but for some activities I need root permission to copy and rename the files, I get a below error where I need root permissions ansible client1 -m raw -a "touch /opt/testfile" --ask-sudo-pass SUDO password: vm-dev3-wol01 | FAILED | rc=1 >> touch: cannot touch ‘/opt/testfile’: Permission denied Thanks Mahendra > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bf6790c2-ccd3-4889-9ac5-f602eb58b740%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Passing dynamic variable into a role
Hello,
Here you pass to Ansible that you nfs_group is 'web_mounts' (sting).
roles:
- { role: webs, nfs_group: "web_mounts" }
Pass a variable
roles:
- { role: webs, nfs_group: "{{ web_mounts }}" }
But I suggest you to change a way.
Divide you hosts on groups: Web_Hosts, Perl_Hosts and specify the same
variable name in group_vars directory on inventory file but with different
value based on you needs for specific group.
Then you can use one variable name for any number of groups.
Example:
# group_vars/WEB_Hosts
---
nfs_mounts:
- { source: "nfs.local:/nfs/web1, dest: "/web1", opts: "rw,noatime" }
# group_vars/Perl_Hosts
---
nfs_mounts:
- { source: "nfs.local:/nfs/perl, dest: "/perl", opts: "rw,noatime" }
# roles/nfs_mounts/tasks/main.yml
- name: Create fstab entries
mount: fstab=nfs state=present opts="{{ item.opts }}" src="{{ item.source }}"
name="{{ item.dest }}"
with_items: "{{ nfs_mounts }}"
In this case you can even set specific nfs_mounts variable for particular
host via host_vars
On Monday, July 25, 2016 at 11:32:00 PM UTC+3, Sam Sen wrote:
>
> For each of our servers (webs and perls), we have different mount points
> for each type of servers. So for web servers, I want to use the entries for
> "web_mounts" and perls would be "perl_mounts."
>
> If I hard code "web_mounts" into the "with_items," it works fine.
> Otherwise, it tells me "nfs_group" is undefined.
>
>
> # Top Level
>
> roles:
> - { role: webs, nfs_group: "web_mounts" }
>
>
> # roles/nfs_mounts/vars/main.yml
>
> ---
>
> web_mounts:
>
> - { source: "nfs.local:/nfs/web1, dest: "/web1", opts: "rw,noatime" }
>
> - { source: "nfs.local:/nfs/web2, dest: "/web2", opts: "rw,noatime" }
>
>
> perl_mounts:
>
> - { source: "nfs.local:/nfs/perl1, dest: "/web1", opts: "rw,noatime" }
>
> - { source: "nfs.local:/nfs/perl2, dest: "/web2", opts: "rw,noatime" }
>
> # roles/nfs_mounts/tasks/main.yml
>
> - name: Create fstab entries
> mount: fstab=nfs state=present opts="{{ item.opts }}" src="{{ item.source
> }}" name="{{ item.dest }}"
> with_items: "{{ nfs_group }}"
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5c8fccd5-a2c6-4be9-99d6-e5e599788bc4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: Insert hosts and host variables into a python script
Yes it possible. On Friday, July 29, 2016 at 2:14:05 AM UTC+3, Dana Christo wrote: > > Hello, > > Is it possible to take a hostname and other information in the hosts file > and insert each one into a python file as an ansible playbook runs the > python file for each host? > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/594ec7d0-e19e-49cc-9c20-a823658b23d8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] cant find /opt/bin/python even though the environment path is specified
Hey guys, i have a coreOS system running python and pip with toolbox localhost ~ # cat /etc/*rele* |grep DISTRIB_RELEASE ; which python ;which pip DISTRIB_RELEASE=1068.8.0 /opt/bin/python /opt/bin/pip $ ls -l total 16 -rwxr-xr-x. 1 root root 64 Aug 6 01:05 pip -rwxr-xr-x. 1 root root 67 Aug 6 01:04 python however when i try to run my playbook as follow. it tells me: No such file or directory\r\n/opt/bin/python This is how I am running the playbook: ansible-playbook kubctl.yml -i hosts --ask-pass -e 'ansible_python_interpreter="/opt/bin/python"' Any help would be appreciated. Thanks in advance... -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0d990183-c206-4110-80cb-bcba6e016ac8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: ansible_vault_password_file
I misunderstood the utility of the ansible_vaut_password_file parameter
which is to point at the file containing the vault password and not the
password to connect.
I will rewrite the host_vars and group_vars files
Le lundi 8 août 2016 10:35:29 UTC+2, fanvalt a écrit :
>
> The error does occur when running the parameter on the command line:
> ansible-playbook -i ./win.ini -v connection.yml --vault-password-file
> ~/windows_vault/host_vars/ansible.yml
>
> I am running Ansible version 2.1.
>
>
> Le lundi 8 août 2016 10:19:31 UTC+2, fanvalt a écrit :
>>
>> with the -v option, it shows the group_vars/windows.yml is correctly
>> read, but the ansible_vaut_password_file parameter seems to be useless:
>> TASK [setup]
>> ***
>> ESTABLISH WINRM CONNECTION FOR USER: ansible on PORT
>> 5986 TO server.fr.test
>> WINRM CONNECT: transport=ssl endpoint=
>> https://server.fr.test:5986/wsman
>> WINRM CONNECTION ERROR: auth method ssl requires a
>> password
>>
>> Here is the command to run the playbook:
>> ansible-playbook -i ./win.ini -v connection.yml --ask-vault-pass
>>
>> Le lundi 8 août 2016 10:06:01 UTC+2, fanvalt a écrit :
>>>
>>> Hello,
>>>
>>> I try to run a playbook to connect to a windows server with host
>>> external parameters set this way:
>>>
>>> In my *inventory file*, I only want to set these parameter:
>>> ansible_host and ansible_user
>>> [windows]
>>> ansible_host=server.fr.test ansible_user=ansible
>>>
>>> all parameters about connection are in the *playbook/group_vars/windows.yml
>>> *file this way:
>>> *ansible_vault_password_file: ~/host_vars/ansible.yml*
>>> ansible_connection: winrm
>>> ansible_port: 5986
>>> ansible_winrm_server_cert_validation: ignore
>>>
>>> I had the ansible_vault_password_file , so I hope when running the
>>> playbook, the password file will be found in the
>>> *playbook/host_vars/ansible.yml
>>> *encrypted file.
>>>
>>> But I receive the following error:
>>> fatal: [test1]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth
>>> method ssl requires a password", "unreachable": true}
>>>
>>> if I set the password in the inventory file, the connection is ok.
>>> Where am I wrong ?
>>>
>>> Regards
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/350b4fb9-9fa3-460e-9731-1905b81efd39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: ansible_vault_password_file
The error does occur when running the parameter on the command line:
ansible-playbook -i ./win.ini -v connection.yml --vault-password-file
~/windows_vault/host_vars/ansible.yml
I am running Ansible version 2.1.
Le lundi 8 août 2016 10:19:31 UTC+2, fanvalt a écrit :
>
> with the -v option, it shows the group_vars/windows.yml is correctly
> read, but the ansible_vaut_password_file parameter seems to be useless:
> TASK [setup]
> ***
> ESTABLISH WINRM CONNECTION FOR USER: ansible on PORT 5986
> TO server.fr.test
> WINRM CONNECT: transport=ssl endpoint=
> https://server.fr.test:5986/wsman
> WINRM CONNECTION ERROR: auth method ssl requires a
> password
>
> Here is the command to run the playbook:
> ansible-playbook -i ./win.ini -v connection.yml --ask-vault-pass
>
> Le lundi 8 août 2016 10:06:01 UTC+2, fanvalt a écrit :
>>
>> Hello,
>>
>> I try to run a playbook to connect to a windows server with host external
>> parameters set this way:
>>
>> In my *inventory file*, I only want to set these parameter: ansible_host
>> and ansible_user
>> [windows]
>> ansible_host=server.fr.test ansible_user=ansible
>>
>> all parameters about connection are in the *playbook/group_vars/windows.yml
>> *file this way:
>> *ansible_vault_password_file: ~/host_vars/ansible.yml*
>> ansible_connection: winrm
>> ansible_port: 5986
>> ansible_winrm_server_cert_validation: ignore
>>
>> I had the ansible_vault_password_file , so I hope when running the
>> playbook, the password file will be found in the
>> *playbook/host_vars/ansible.yml
>> *encrypted file.
>>
>> But I receive the following error:
>> fatal: [test1]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth
>> method ssl requires a password", "unreachable": true}
>>
>> if I set the password in the inventory file, the connection is ok.
>> Where am I wrong ?
>>
>> Regards
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/9d9322d1-e86a-4427-8e93-572eb40ae393%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Re: ansible_vault_password_file
with the -v option, it shows the group_vars/windows.yml is correctly
read, but the ansible_vaut_password_file parameter seems to be useless:
TASK [setup]
***
ESTABLISH WINRM CONNECTION FOR USER: ansible on PORT 5986
TO server.fr.test
WINRM CONNECT: transport=ssl
endpoint=https://server.fr.test:5986/wsman
WINRM CONNECTION ERROR: auth method ssl requires a password
Here is the command to run the playbook:
ansible-playbook -i ./win.ini -v connection.yml --ask-vault-pass
Le lundi 8 août 2016 10:06:01 UTC+2, fanvalt a écrit :
>
> Hello,
>
> I try to run a playbook to connect to a windows server with host external
> parameters set this way:
>
> In my *inventory file*, I only want to set these parameter: ansible_host
> and ansible_user
> [windows]
> ansible_host=server.fr.test ansible_user=ansible
>
> all parameters about connection are in the *playbook/group_vars/windows.yml
> *file this way:
> *ansible_vault_password_file: ~/host_vars/ansible.yml*
> ansible_connection: winrm
> ansible_port: 5986
> ansible_winrm_server_cert_validation: ignore
>
> I had the ansible_vault_password_file , so I hope when running the
> playbook, the password file will be found in the
> *playbook/host_vars/ansible.yml
> *encrypted file.
>
> But I receive the following error:
> fatal: [test1]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth
> method ssl requires a password", "unreachable": true}
>
> if I set the password in the inventory file, the connection is ok.
> Where am I wrong ?
>
> Regards
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5cf4ace8-caf9-416b-935e-f3c994d3976e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] ansible_vault_password_file
Hello,
I try to run a playbook to connect to a windows server with host external
parameters set this way:
In my *inventory file*, I only want to set these parameter: ansible_host
and ansible_user
[windows]
ansible_host=server.fr.test ansible_user=ansible
all parameters about connection are in the *playbook/group_vars/windows.yml
*file this way:
*ansible_vault_password_file: ~/host_vars/ansible.yml*
ansible_connection: winrm
ansible_port: 5986
ansible_winrm_server_cert_validation: ignore
I had the ansible_vault_password_file , so I hope when running the
playbook, the password file will be found in the
*playbook/host_vars/ansible.yml
*encrypted file.
But I receive the following error:
fatal: [test1]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth method
ssl requires a password", "unreachable": true}
if I set the password in the inventory file, the connection is ok.
Where am I wrong ?
Regards
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/546514de-9ba5-4109-a356-0a3015656308%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
